Analysis
-
max time kernel
149s -
max time network
151s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-en -
resource tags
-
submitted
26-03-2024 18:34
General
-
Target
2a472151e138dfa15eac967d57cddccc060d74307b05dae9a96e45da6037472d.exe
-
Size
1.5MB
-
MD5
f29a76bc3fddea2902278a41562b450f
-
SHA1
55ada8dcf9f24b2337c6f9365dfd096779f3fe02
-
SHA256
2a472151e138dfa15eac967d57cddccc060d74307b05dae9a96e45da6037472d
-
SHA512
d033129d35f33bdcb7c54829d0b578d25f0dd422ff477b5e66cab1f902e6aca97314f2c36ff6312c49bc28fe2d8b9c62a8397705612313676b90e5e895a309f5
-
SSDEEP
24576:dbCj2sObHtqQ4QqH0XlE654b4fX3fo8wBgNcW:dbCjPKNqQqH0XSucY
Score
10/10
Malware Config
Signatures
-
Babylon RAT
Babylon RAT is remote access trojan written in C++.
-
Detects executables containing SQL queries to confidential data stores. Observed in infostealers 9 IoCs
-
UPX dump on OEP (original entry point) 11 IoCs
-
Executes dropped EXE 2 IoCs
-
UPX packed file 11 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
AutoIT Executable 1 IoCs
AutoIT scripts compiled to PE executables.
-
Suspicious use of SetThreadContext 1 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
Creates scheduled task(s) 1 TTPs 64 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Runs ping.exe 1 TTPs 6 IoCs
-
Suspicious behavior: EnumeratesProcesses 64 IoCs
-
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
-
Suspicious use of AdjustPrivilegeToken 3 IoCs
-
Suspicious use of SetWindowsHookEx 1 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Users\Admin\AppData\Local\Temp\2a472151e138dfa15eac967d57cddccc060d74307b05dae9a96e45da6037472d.exe"C:\Users\Admin\AppData\Local\Temp\2a472151e138dfa15eac967d57cddccc060d74307b05dae9a96e45da6037472d.exe"1⤵
- Suspicious use of SetThreadContext
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /c start C:\PROGRA~3\File.bat2⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\cmd.exeC:\Windows\system32\cmd.exe /K C:\PROGRA~3\File.bat3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\PING.EXEping -n 05 localhost4⤵
- Runs ping.exe
-
-
C:\Windows\SysWOW64\cscript.execscript /nologo C:\Users\Admin\AppData\Local\Temp\tmp.vbs4⤵
-
-
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "HostController" /tr "C:\ProgramData\HostController.exe" /f2⤵
-
-
C:\Users\Admin\AppData\Local\Temp\2a472151e138dfa15eac967d57cddccc060d74307b05dae9a96e45da6037472d.exe02⤵
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
- Creates scheduled task(s)
-
-
C:\Windows\SysWOW64\schtasks.exeC:\Windows\SysWOW64\schtasks.exe /create /sc minute /mo 1 /tn "winmgr329.exe" /tr "C:\ProgramData\winmgr329.exe" /f2⤵
-
-
C:\ProgramData\HostController.exeC:\ProgramData\HostController.exe1⤵
- Executes dropped EXE
-
C:\ProgramData\HostController.exeC:\ProgramData\HostController.exe1⤵
- Executes dropped EXE
Network
MITRE ATT&CK Enterprise v15
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
761B
MD5583540fd7a2b1c752b10e55c64a0cb00
SHA1f1d600b36e4c751e71817590a5f02fddc7c0dc4e
SHA256e2fb0ed137bfacc99f4f879445de3fe61ea469bf382007c8af2611c0879f1ca6
SHA512db88afc9fdfc86c6026ed0d0e445d720bc0cde682266d3edd2d083a531c5ea91a85dc3075719dd91ac485eff1ed19d3e641f4509945b5a7dd6d322ae730d7a04
-
Filesize
1.5MB
MD5168e8bff394cd2c265963deb1cab2916
SHA1851c275004933199e4f24c0e0eecb6d7277e9d0e
SHA2564ee8ee1b4324b257071e00fca85d0787a8f5e8e5d7a71acd03508bf970039b91
SHA512943a7911743001411f9d0f017250d51e8e24a7866d348c38b998d7db5e8dc290f70d6180ff9dc2bb7e4614e2385e1ded162f29bbd3e4286d5eec1def66dea37b
-
Filesize
140B
MD5a5b9abb102d92b9b384a76ba6f92844c
SHA17776eab88801c625974a699aa6719200440cba0c
SHA25676b962c2991667590055ce22e62e9b307063e486b79cf70da4f9fc90ef73b51e
SHA512589110ca2c292037fbe2780fb4870d90f3899a29bc7a9face35ae1d448a109311ab345a93527614447f61d3c957b3a4f7c0786c18d95dae0c3ddcd6dd9e16382
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB
-
Filesize
804KB