Analysis
-
max time kernel
164s -
max time network
168s -
platform
windows10-2004_x64 -
resource
win10v2004-20231025-en -
resource tags
-
submitted
04-11-2023 10:37
General
-
Target
NEAS.dcb7b9fe2f8cd7c6439771599a443260_JC.exe
-
Size
1.5MB
-
MD5
dcb7b9fe2f8cd7c6439771599a443260
-
SHA1
6b76a57ef5e5beb57e902daad6e687c2731f3e56
-
SHA256
314df8466f9068599de43c58490021ce0f89f12ce6dbe1b2a5cf3cbf0ec1cc44
-
SHA512
a011681765b28c2e8c6536e4d7610b20bd89212a675f402505209a08d61671ef4ca8f6225220c896e0d15fff5dae41530c03034f5e638c58189cb02bf7c06170
-
SSDEEP
24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcZ:dbCjPKNqQqH0XSucv
Score
10/10
Malware Config
Signatures
-
Babylon RAT
Babylon RAT is remote access trojan written in C++.
-
Executes dropped EXE 2 IoCs
-
UPX packed file 10 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 3 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 64 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Runs ping.exe 1 TTPs 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dcb7b9fe2f8cd7c6439771599a443260_JC.exe"C:\Users\Admin\AppData\Local\Temp\NEAS.dcb7b9fe2f8cd7c6439771599a443260_JC.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c start C:\PROGRA~3\File.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /K C:\PROGRA~3\File.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\cscript.execscript /nologo C:\Users\Admin\AppData\Local\Temp\tmp.vbs4⤵
-
-
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "HostController" /tr "C:\ProgramData\HostController.exe" /f2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\NEAS.dcb7b9fe2f8cd7c6439771599a443260_JC.exe02⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\ProgramData\HostController.exeC:\ProgramData\HostController.exe1⤵
- Executes dropped EXE
-
C:\ProgramData\HostController.exeC:\ProgramData\HostController.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
761B
MD5583540fd7a2b1c752b10e55c64a0cb00
SHA1f1d600b36e4c751e71817590a5f02fddc7c0dc4e
SHA256e2fb0ed137bfacc99f4f879445de3fe61ea469bf382007c8af2611c0879f1ca6
SHA512db88afc9fdfc86c6026ed0d0e445d720bc0cde682266d3edd2d083a531c5ea91a85dc3075719dd91ac485eff1ed19d3e641f4509945b5a7dd6d322ae730d7a04
-
Filesize
1.5MB
MD54071c99b157f660dfbdc41ea23382850
SHA1386c594068743b38b9763ffe821912ce7bd2b518
SHA256e23812c880016b18e3dc7fbc5eb503df745eb17592e60aa9270307994c564c45
SHA512543380723253a8920a2d560b5075fd71bd3ed7123995c3b92c0406333f8a10006fd33c347a111dfed26902aa7c94322fd882abcdbf989df43679ca4b9697e2ba
-
Filesize
1.5MB
MD54071c99b157f660dfbdc41ea23382850
SHA1386c594068743b38b9763ffe821912ce7bd2b518
SHA256e23812c880016b18e3dc7fbc5eb503df745eb17592e60aa9270307994c564c45
SHA512543380723253a8920a2d560b5075fd71bd3ed7123995c3b92c0406333f8a10006fd33c347a111dfed26902aa7c94322fd882abcdbf989df43679ca4b9697e2ba
-
Filesize
1.5MB
MD54071c99b157f660dfbdc41ea23382850
SHA1386c594068743b38b9763ffe821912ce7bd2b518
SHA256e23812c880016b18e3dc7fbc5eb503df745eb17592e60aa9270307994c564c45
SHA512543380723253a8920a2d560b5075fd71bd3ed7123995c3b92c0406333f8a10006fd33c347a111dfed26902aa7c94322fd882abcdbf989df43679ca4b9697e2ba
-
Filesize
140B
MD5a5b9abb102d92b9b384a76ba6f92844c
SHA17776eab88801c625974a699aa6719200440cba0c
SHA25676b962c2991667590055ce22e62e9b307063e486b79cf70da4f9fc90ef73b51e
SHA512589110ca2c292037fbe2780fb4870d90f3899a29bc7a9face35ae1d448a109311ab345a93527614447f61d3c957b3a4f7c0786c18d95dae0c3ddcd6dd9e16382
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB