Analysis
-
max time kernel
150s -
max time network
148s -
platform
windows10-2004_x64 -
resource
win10v2004-20240802-en -
resource tags
-
submitted
26/09/2024, 00:29
General
-
Target
f729e704467f0588c9d8ac902ebf9bbd_JaffaCakes118.exe
-
Size
3.1MB
-
MD5
f729e704467f0588c9d8ac902ebf9bbd
-
SHA1
2a9df3cd974faef29b45d8fe8f2d5edec44d6e30
-
SHA256
c933165c9b27615ac65bc2bf18584a0b2ed29b4a701c9b456e79da34a114dee4
-
SHA512
d04193c534d9d1a6468c0f7cd36d65a5153a19f5729d297cace843f5faca3ebe5cc6c6e5757cc05fa889dd368715c499e9b92186eb69669a2cfcee2df27991e8
-
SSDEEP
49152:zhtGYWa+dRQqybaVgdpcpfmkYO3uQdEKNLlMDEgK3oBEi0wkzj4PPOhHAL1:aFa+dRRHgDHkpfEOLuPlt40PGhgL1
Score
7/10
Malware Config
Signatures
-
ACProtect 1.3x - 1.4x DLL software 1 IoCs
Detects file using ACProtect software.
-
Executes dropped EXE 64 IoCs
-
Loads dropped DLL 2 IoCs
-
Drops file in System32 directory 64 IoCs
-
UPX packed file 4 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Location Discovery: System Language Discovery 1 TTPs 64 IoCs
Attempt gather information about the system language of a victim in order to infer the geographical location of that host.
-
Suspicious use of AdjustPrivilegeToken 1 IoCs
-
Suspicious use of SetWindowsHookEx 4 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\f729e704467f0588c9d8ac902ebf9bbd_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\f729e704467f0588c9d8ac902ebf9bbd_JaffaCakes118.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\1.exeC:\1.exe2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\1.exe3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe4⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe5⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe6⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe7⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe8⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe9⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe10⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe11⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe12⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe13⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe14⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe15⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe16⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe17⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe18⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe19⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe20⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe21⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe22⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe23⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe24⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe25⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe26⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe27⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe28⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe29⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe30⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe31⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe32⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe33⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe34⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe35⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe36⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe37⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe38⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe39⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe40⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe41⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe42⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe43⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe44⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe45⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe46⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe47⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe48⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe49⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe50⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe51⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe52⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe53⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe54⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe55⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe56⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe57⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe58⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe59⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe60⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe61⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe62⤵
- Executes dropped EXE
- Drops file in System32 directory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe63⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe64⤵
- Executes dropped EXE
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe65⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe66⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe67⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe68⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe69⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe70⤵
- System Location Discovery: System Language Discovery
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe71⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe72⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe73⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe74⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe75⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe76⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe77⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe78⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe79⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe80⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe81⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe82⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe83⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe84⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe85⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe86⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe87⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe88⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe89⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe90⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe91⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe92⤵
- Drops file in System32 directory
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe93⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe94⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe95⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe96⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe97⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe98⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe99⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe100⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe101⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe102⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe103⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe104⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe105⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe106⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe107⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe108⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe109⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe110⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe111⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe112⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe113⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe114⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe115⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe116⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe117⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe118⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe119⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe120⤵
-
C:\Windows\SysWOW64\CSOnline.exe"C:\Windows\system32\CSOnline.exe" C:\Windows\SysWOW64\CSOnline.exe121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-