Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
arch:x64arch:x86image:win10v2004-20220812-enlocale:en-usos:windows10-2004-x64system -
submitted
07/01/2023, 18:07
Static task
static1
Behavioral task
behavioral1
Sample
b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe
Resource
win7-20220901-en
Behavioral task
behavioral2
Sample
b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe
Resource
win10v2004-20220812-en
General
-
Target
b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe
-
Size
2.0MB
-
MD5
339ed9f9783c32e53ddf0480befd175c
-
SHA1
5a8d93b4dd0054ea76cee969d482cdee87fb6331
-
SHA256
b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62
-
SHA512
012dd227581f749a43313fcdd9b08a1c9ad2c94412d6b32a26bc12691914e5a7fc42b09eb743c1f120ebd3b0504fe030c41a7bd38c5b26092d5362f4acacc471
-
SSDEEP
49152:phXttxgudHSNUkU6bqC753tWPgnD5ImxrHlRkN/PqP:hk/bb75dmgD5ImxZc6
Malware Config
Signatures
-
Loads dropped DLL 64 IoCs
pid Process 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4340 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe -
Runs ping.exe 1 TTPs 64 IoCs
pid Process 2392 PING.EXE 4752 PING.EXE 1924 PING.EXE 3752 PING.EXE 5092 PING.EXE 2904 PING.EXE 208 PING.EXE 2356 PING.EXE 2548 PING.EXE 4036 PING.EXE 1612 PING.EXE 624 PING.EXE 508 PING.EXE 4656 PING.EXE 2504 PING.EXE 4496 PING.EXE 4312 PING.EXE 1284 PING.EXE 2836 PING.EXE 2280 PING.EXE 864 PING.EXE 3144 PING.EXE 2800 PING.EXE 5116 PING.EXE 1352 PING.EXE 2348 PING.EXE 3036 PING.EXE 4488 PING.EXE 4456 PING.EXE 2800 PING.EXE 4596 PING.EXE 4836 PING.EXE 1120 PING.EXE 5036 PING.EXE 3160 PING.EXE 3144 PING.EXE 1400 PING.EXE 4840 PING.EXE 3508 PING.EXE 3440 PING.EXE 2592 PING.EXE 5116 PING.EXE 2756 PING.EXE 3656 PING.EXE 1532 PING.EXE 1872 PING.EXE 4840 PING.EXE 4324 PING.EXE 2724 PING.EXE 1448 PING.EXE 2360 PING.EXE 3976 PING.EXE 5068 PING.EXE 2268 PING.EXE 4672 PING.EXE 3292 PING.EXE 3320 PING.EXE 4116 PING.EXE 1612 PING.EXE 1464 PING.EXE 4888 PING.EXE 4428 PING.EXE 2252 PING.EXE 3000 PING.EXE -
Suspicious behavior: RenamesItself 64 IoCs
pid Process 1980 cmd.exe 3516 cmd.exe 4984 cmd.exe 3168 cmd.exe 856 cmd.exe 3520 cmd.exe 1120 cmd.exe 728 cmd.exe 3968 cmd.exe 4320 cmd.exe 1372 cmd.exe 740 cmd.exe 260 cmd.exe 2040 cmd.exe 2252 cmd.exe 3320 cmd.exe 4672 cmd.exe 1464 cmd.exe 4092 cmd.exe 5072 cmd.exe 3232 cmd.exe 4540 cmd.exe 1508 cmd.exe 1904 cmd.exe 308 cmd.exe 1816 cmd.exe 3272 cmd.exe 4568 cmd.exe 680 cmd.exe 4752 cmd.exe 4076 cmd.exe 4276 cmd.exe 2236 cmd.exe 4516 cmd.exe 2476 cmd.exe 4172 cmd.exe 3212 cmd.exe 1396 cmd.exe 1084 cmd.exe 1216 cmd.exe 4092 cmd.exe 1460 cmd.exe 3416 cmd.exe 460 cmd.exe 4412 cmd.exe 4424 cmd.exe 4576 cmd.exe 4172 cmd.exe 904 cmd.exe 4360 cmd.exe 1120 cmd.exe 2744 cmd.exe 4952 cmd.exe 4184 cmd.exe 1864 cmd.exe 1544 cmd.exe 4788 cmd.exe 2376 cmd.exe 4536 cmd.exe 3152 cmd.exe 3464 cmd.exe 828 cmd.exe 372 cmd.exe 872 cmd.exe -
Suspicious use of SetWindowsHookEx 64 IoCs
pid Process 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 4324 wrote to memory of 1980 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 80 PID 4324 wrote to memory of 1980 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 80 PID 4324 wrote to memory of 1980 4324 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 80 PID 1980 wrote to memory of 4312 1980 cmd.exe 82 PID 1980 wrote to memory of 4312 1980 cmd.exe 82 PID 1980 wrote to memory of 4312 1980 cmd.exe 82 PID 1980 wrote to memory of 2140 1980 cmd.exe 83 PID 1980 wrote to memory of 2140 1980 cmd.exe 83 PID 1980 wrote to memory of 2140 1980 cmd.exe 83 PID 2140 wrote to memory of 3516 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 84 PID 2140 wrote to memory of 3516 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 84 PID 2140 wrote to memory of 3516 2140 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 84 PID 3516 wrote to memory of 208 3516 cmd.exe 86 PID 3516 wrote to memory of 208 3516 cmd.exe 86 PID 3516 wrote to memory of 208 3516 cmd.exe 86 PID 3516 wrote to memory of 308 3516 cmd.exe 87 PID 3516 wrote to memory of 308 3516 cmd.exe 87 PID 3516 wrote to memory of 308 3516 cmd.exe 87 PID 308 wrote to memory of 4984 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 88 PID 308 wrote to memory of 4984 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 88 PID 308 wrote to memory of 4984 308 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 88 PID 4984 wrote to memory of 1012 4984 cmd.exe 90 PID 4984 wrote to memory of 1012 4984 cmd.exe 90 PID 4984 wrote to memory of 1012 4984 cmd.exe 90 PID 4984 wrote to memory of 4812 4984 cmd.exe 91 PID 4984 wrote to memory of 4812 4984 cmd.exe 91 PID 4984 wrote to memory of 4812 4984 cmd.exe 91 PID 4812 wrote to memory of 3168 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 92 PID 4812 wrote to memory of 3168 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 92 PID 4812 wrote to memory of 3168 4812 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 92 PID 3168 wrote to memory of 4232 3168 cmd.exe 94 PID 3168 wrote to memory of 4232 3168 cmd.exe 94 PID 3168 wrote to memory of 4232 3168 cmd.exe 94 PID 3168 wrote to memory of 3320 3168 cmd.exe 95 PID 3168 wrote to memory of 3320 3168 cmd.exe 95 PID 3168 wrote to memory of 3320 3168 cmd.exe 95 PID 3320 wrote to memory of 856 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 96 PID 3320 wrote to memory of 856 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 96 PID 3320 wrote to memory of 856 3320 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 96 PID 856 wrote to memory of 2756 856 cmd.exe 98 PID 856 wrote to memory of 2756 856 cmd.exe 98 PID 856 wrote to memory of 2756 856 cmd.exe 98 PID 856 wrote to memory of 1428 856 cmd.exe 99 PID 856 wrote to memory of 1428 856 cmd.exe 99 PID 856 wrote to memory of 1428 856 cmd.exe 99 PID 1428 wrote to memory of 3520 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 100 PID 1428 wrote to memory of 3520 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 100 PID 1428 wrote to memory of 3520 1428 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 100 PID 3520 wrote to memory of 1284 3520 cmd.exe 102 PID 3520 wrote to memory of 1284 3520 cmd.exe 102 PID 3520 wrote to memory of 1284 3520 cmd.exe 102 PID 3520 wrote to memory of 1464 3520 cmd.exe 103 PID 3520 wrote to memory of 1464 3520 cmd.exe 103 PID 3520 wrote to memory of 1464 3520 cmd.exe 103 PID 1464 wrote to memory of 1120 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 104 PID 1464 wrote to memory of 1120 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 104 PID 1464 wrote to memory of 1120 1464 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 104 PID 1120 wrote to memory of 3000 1120 cmd.exe 106 PID 1120 wrote to memory of 3000 1120 cmd.exe 106 PID 1120 wrote to memory of 3000 1120 cmd.exe 106 PID 1120 wrote to memory of 4340 1120 cmd.exe 107 PID 1120 wrote to memory of 4340 1120 cmd.exe 107 PID 1120 wrote to memory of 4340 1120 cmd.exe 107 PID 4340 wrote to memory of 728 4340 b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe 108
Processes
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe"C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe"1⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4324 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat2⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1980 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 15003⤵
- Runs ping.exe
PID:4312
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe3⤵
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2140 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat4⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3516 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 15005⤵
- Runs ping.exe
PID:208
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe5⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:308 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat6⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:4984 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 15007⤵PID:1012
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe7⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4812 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat8⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3168 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 15009⤵PID:4232
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe9⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:3320 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat10⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:856 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150011⤵
- Runs ping.exe
PID:2756
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe11⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1428 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat12⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:3520 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150013⤵
- Runs ping.exe
PID:1284
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe13⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1464 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat14⤵
- Suspicious behavior: RenamesItself
- Suspicious use of WriteProcessMemory
PID:1120 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150015⤵
- Runs ping.exe
PID:3000
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe15⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4340 -
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat16⤵
- Suspicious behavior: RenamesItself
PID:728 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150017⤵PID:3304
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe17⤵PID:4648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat18⤵
- Suspicious behavior: RenamesItself
PID:3968 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150019⤵
- Runs ping.exe
PID:2360
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe19⤵PID:1304
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat20⤵
- Suspicious behavior: RenamesItself
PID:4320 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150021⤵
- Runs ping.exe
PID:3656
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe21⤵PID:1532
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat22⤵
- Suspicious behavior: RenamesItself
PID:1372 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150023⤵
- Runs ping.exe
PID:3036
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe23⤵PID:4656
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat24⤵
- Suspicious behavior: RenamesItself
PID:740 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150025⤵
- Runs ping.exe
PID:3976
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe25⤵PID:4420
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat26⤵
- Suspicious behavior: RenamesItself
PID:260 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150027⤵PID:4488
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe27⤵PID:2872
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat28⤵
- Suspicious behavior: RenamesItself
PID:2040 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150029⤵
- Runs ping.exe
PID:4836
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe29⤵PID:4800
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat30⤵
- Suspicious behavior: RenamesItself
PID:2252 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150031⤵PID:948
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe31⤵PID:3260
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat32⤵
- Suspicious behavior: RenamesItself
PID:3320 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150033⤵PID:2304
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe33⤵PID:3492
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat34⤵
- Suspicious behavior: RenamesItself
PID:4672 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150035⤵
- Runs ping.exe
PID:1612
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe35⤵PID:1428
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat36⤵
- Suspicious behavior: RenamesItself
PID:1464 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150037⤵
- Runs ping.exe
PID:1120
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe37⤵PID:680
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat38⤵
- Suspicious behavior: RenamesItself
PID:4092 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150039⤵PID:4888
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe39⤵PID:5064
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat40⤵
- Suspicious behavior: RenamesItself
PID:5072 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150041⤵PID:4744
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe41⤵PID:3416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat42⤵
- Suspicious behavior: RenamesItself
PID:3232 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150043⤵
- Runs ping.exe
PID:1532
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe43⤵PID:460
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat44⤵
- Suspicious behavior: RenamesItself
PID:4540 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150045⤵
- Runs ping.exe
PID:1872
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe45⤵PID:2344
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat46⤵
- Suspicious behavior: RenamesItself
PID:1508 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150047⤵PID:5012
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe47⤵PID:4780
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat48⤵
- Suspicious behavior: RenamesItself
PID:1904 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150049⤵
- Runs ping.exe
PID:2356
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe49⤵PID:2268
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat50⤵
- Suspicious behavior: RenamesItself
PID:308 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150051⤵
- Runs ping.exe
PID:4036
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe51⤵PID:3876
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat52⤵
- Suspicious behavior: RenamesItself
PID:1816 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150053⤵
- Runs ping.exe
PID:4840
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe53⤵PID:4508
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat54⤵
- Suspicious behavior: RenamesItself
PID:3272 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150055⤵
- Runs ping.exe
PID:1400
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe55⤵PID:796
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat56⤵
- Suspicious behavior: RenamesItself
PID:4568 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150057⤵
- Runs ping.exe
PID:4456
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe57⤵PID:1884
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat58⤵
- Suspicious behavior: RenamesItself
PID:680 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150059⤵
- Runs ping.exe
PID:4888
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe59⤵PID:4092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat60⤵
- Suspicious behavior: RenamesItself
PID:4752 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150061⤵
- Runs ping.exe
PID:624
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe61⤵PID:3648
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat62⤵
- Suspicious behavior: RenamesItself
PID:4076 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150063⤵
- Runs ping.exe
PID:3160
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe63⤵PID:3716
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat64⤵
- Suspicious behavior: RenamesItself
PID:4276 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150065⤵
- Runs ping.exe
PID:2800
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe65⤵PID:3328
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat66⤵
- Suspicious behavior: RenamesItself
PID:2236 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150067⤵
- Runs ping.exe
PID:4488
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe67⤵PID:3996
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat68⤵
- Suspicious behavior: RenamesItself
PID:4516 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150069⤵
- Runs ping.exe
PID:3144
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe69⤵PID:3236
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat70⤵
- Suspicious behavior: RenamesItself
PID:2476 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150071⤵PID:4536
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe71⤵PID:3152
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat72⤵
- Suspicious behavior: RenamesItself
PID:4172 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150073⤵
- Runs ping.exe
PID:4428
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe73⤵PID:1340
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat74⤵
- Suspicious behavior: RenamesItself
PID:3212 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150075⤵
- Runs ping.exe
PID:4840
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe75⤵PID:1816
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat76⤵
- Suspicious behavior: RenamesItself
PID:1396 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150077⤵
- Runs ping.exe
PID:2392
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe77⤵PID:1284
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat78⤵
- Suspicious behavior: RenamesItself
PID:1084 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150079⤵
- Runs ping.exe
PID:1464
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe79⤵PID:4824
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat80⤵
- Suspicious behavior: RenamesItself
PID:1216 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150081⤵
- Runs ping.exe
PID:508
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe81⤵PID:3020
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat82⤵
- Suspicious behavior: RenamesItself
PID:4092 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150083⤵
- Runs ping.exe
PID:4752
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe83⤵PID:4208
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat84⤵
- Suspicious behavior: RenamesItself
PID:1460 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150085⤵
- Runs ping.exe
PID:4324
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe85⤵PID:4588
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat86⤵
- Suspicious behavior: RenamesItself
PID:3416 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150087⤵
- Runs ping.exe
PID:4656
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe87⤵PID:3436
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat88⤵
- Suspicious behavior: RenamesItself
PID:460 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150089⤵PID:4060
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe89⤵PID:3568
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat90⤵
- Suspicious behavior: RenamesItself
PID:4412 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150091⤵
- Runs ping.exe
PID:3144
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe91⤵PID:4516
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat92⤵
- Suspicious behavior: RenamesItself
PID:4424 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150093⤵PID:3304
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe93⤵PID:1184
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat94⤵
- Suspicious behavior: RenamesItself
PID:4576 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150095⤵
- Runs ping.exe
PID:2268
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe95⤵PID:4480
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat96⤵
- Suspicious behavior: RenamesItself
PID:4172 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150097⤵
- Runs ping.exe
PID:3508
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe97⤵PID:3440
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat98⤵
- Suspicious behavior: RenamesItself
PID:904 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 150099⤵
- Runs ping.exe
PID:1612
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe99⤵PID:1788
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat100⤵
- Suspicious behavior: RenamesItself
PID:4360 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500101⤵
- Runs ping.exe
PID:4672
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe101⤵PID:4760
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat102⤵
- Suspicious behavior: RenamesItself
PID:1120 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500103⤵
- Runs ping.exe
PID:3292
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe103⤵PID:3900
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat104⤵
- Suspicious behavior: RenamesItself
PID:2744 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500105⤵
- Runs ping.exe
PID:2724
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe105⤵PID:1848
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat106⤵
- Suspicious behavior: RenamesItself
PID:4952 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500107⤵
- Runs ping.exe
PID:1448
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe107⤵PID:5092
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat108⤵
- Suspicious behavior: RenamesItself
PID:4184 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500109⤵
- Runs ping.exe
PID:5036
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe109⤵PID:3036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat110⤵
- Suspicious behavior: RenamesItself
PID:1864 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500111⤵PID:4656
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe111⤵PID:3416
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat112⤵
- Suspicious behavior: RenamesItself
PID:1544 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500113⤵PID:2872
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe113⤵PID:4048
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat114⤵
- Suspicious behavior: RenamesItself
PID:4788 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500115⤵PID:5080
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe115⤵PID:2224
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat116⤵
- Suspicious behavior: RenamesItself
PID:2376 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500117⤵PID:1960
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe117⤵PID:3236
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat118⤵
- Suspicious behavior: RenamesItself
PID:4536 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500119⤵
- Runs ping.exe
PID:2252
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe119⤵PID:4284
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat120⤵
- Suspicious behavior: RenamesItself
PID:3152 -
C:\Windows\SysWOW64\PING.EXEping 1.1.1.1 -n 1 -w 1500121⤵
- Runs ping.exe
PID:3320
-
-
C:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exeC:\Users\Admin\AppData\Local\Temp\b73046e14e7532b7b85ad2f76e6d62beae0086133103be218975556a60d51c62.exe121⤵PID:4036
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c C:\Users\Admin\AppData\Local\Temp\update.bat122⤵
- Suspicious behavior: RenamesItself
PID:3464
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-