Analysis
-
max time kernel
622s -
max time network
617s -
platform
windows7_x64 -
resource
win7-20240903-en -
resource tags
-
submitted
17-01-2025 19:13
General
-
Target
DiscordXploit.exe
-
Size
3.3MB
-
MD5
95da0645204d22bd9daf4e337ebeeaaa
-
SHA1
58182d8cf8e83335a5b7312d0d4af79f4bd64212
-
SHA256
ae5470b407120f90cd4c830260c8e965877199368d4a2982ff1a1769a2e08682
-
SHA512
9257076c55b3cc6100f3299766bf7bf0be1e0b330c1cadca1d7ca46ff859e4afefeff3635fc15811cc2c7d6debd2fcb808cf5f96314c681b1dbc32d2a7305f9e
-
SSDEEP
49152:jv2lL26AaNeWgPhlmVqvMQ7XSK2BVOzho9vJxOoGdzTHHB72eh2NTsd:jv2L26AaNeWgPhlmVqkQ7XSKS8oond
Score
10/10
Malware Config
Extracted
Family
quasar
Version
1.4.1
Botnet
client0001
C2
hxp7-48924.portmap.host:48924
Mutex
dfda6d3b-23ed-4a2b-b0c4-4361d434ec5c
Attributes
-
encryption_key
0F17464091E1835B99CC4D3E93D8043B9AE2FAF4
-
install_name
Windows-Graphics-Loader.exe
-
log_directory
Logs
-
reconnect_delay
10000
-
startup_key
Windows Graphics Loader
-
subdirectory
SubDir
Signatures
-
Quasar RAT
Quasar is an open source Remote Access Tool.
-
Quasar family
-
Quasar payload 34 IoCs
-
Executes dropped EXE 64 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).
-
System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 64 IoCs
Adversaries may check for Internet connectivity on compromised systems.
-
Runs ping.exe 1 TTPs 64 IoCs
-
Scheduled Task/Job: Scheduled Task 1 TTPs 64 IoCs
Schtasks is often used by malware for persistence or to perform post-infection execution.
-
Suspicious use of AdjustPrivilegeToken 64 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
-
Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
Processes
-
C:\Users\Admin\AppData\Local\Temp\DiscordXploit.exe"C:\Users\Admin\AppData\Local\Temp\DiscordXploit.exe"1⤵
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f2⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"2⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f3⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\qXZ5x3G5dPoe.bat" "3⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 650014⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost4⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"4⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f5⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\OJd3QT782dTq.bat" "5⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 650016⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost6⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"6⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f7⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\vwW5IAQTJwsm.bat" "7⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 650018⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost8⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"8⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f9⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\XAwu7ZRw80Rw.bat" "9⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\chcp.comchcp 6500110⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost10⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"10⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f11⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\8W4LwA7gZcQ5.bat" "11⤵
-
C:\Windows\system32\chcp.comchcp 6500112⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost12⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"12⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f13⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\c7JoWwjFjPO4.bat" "13⤵
-
C:\Windows\system32\chcp.comchcp 6500114⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost14⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"14⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f15⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dsSJTxQVZ7WB.bat" "15⤵
-
C:\Windows\system32\chcp.comchcp 6500116⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost16⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"16⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f17⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\qsNCaJujVgnW.bat" "17⤵
-
C:\Windows\system32\chcp.comchcp 6500118⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost18⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"18⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f19⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\deZblS4ciePw.bat" "19⤵
-
C:\Windows\system32\chcp.comchcp 6500120⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost20⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"20⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f21⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\kz6c876wqnlv.bat" "21⤵
-
C:\Windows\system32\chcp.comchcp 6500122⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost22⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"22⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f23⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\GAv5PP5pq2Gm.bat" "23⤵
-
C:\Windows\system32\chcp.comchcp 6500124⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost24⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"24⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f25⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Xw4kRtyqI85l.bat" "25⤵
-
C:\Windows\system32\chcp.comchcp 6500126⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost26⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"26⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f27⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\IZhEUci5DqVm.bat" "27⤵
-
C:\Windows\system32\chcp.comchcp 6500128⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost28⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"28⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f29⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\okTPIVLHeCxv.bat" "29⤵
-
C:\Windows\system32\chcp.comchcp 6500130⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost30⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"30⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f31⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Ng6uz08dwKft.bat" "31⤵
-
C:\Windows\system32\chcp.comchcp 6500132⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost32⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"32⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f33⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\gXVSQaDclbgR.bat" "33⤵
-
C:\Windows\system32\chcp.comchcp 6500134⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost34⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"34⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f35⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\YgAhoCutALa7.bat" "35⤵
-
C:\Windows\system32\chcp.comchcp 6500136⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost36⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"36⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f37⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\jfqsLxkeJ3uI.bat" "37⤵
-
C:\Windows\system32\chcp.comchcp 6500138⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost38⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"38⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f39⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\pdyo4kglQZLr.bat" "39⤵
-
C:\Windows\system32\chcp.comchcp 6500140⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost40⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"40⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f41⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\OYUTlatW5fk0.bat" "41⤵
-
C:\Windows\system32\chcp.comchcp 6500142⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost42⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"42⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f43⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\XUfhiMkP13hy.bat" "43⤵
-
C:\Windows\system32\chcp.comchcp 6500144⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost44⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"44⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f45⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\SvmQivGvhHX7.bat" "45⤵
-
C:\Windows\system32\chcp.comchcp 6500146⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost46⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"46⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f47⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Ppshbrz0G1V9.bat" "47⤵
-
C:\Windows\system32\chcp.comchcp 6500148⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost48⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"48⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f49⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\E1puKvDvhqpW.bat" "49⤵
-
C:\Windows\system32\chcp.comchcp 6500150⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost50⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"50⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f51⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\xB4vz7z4qzJT.bat" "51⤵
-
C:\Windows\system32\chcp.comchcp 6500152⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost52⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"52⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f53⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\BuobQYq96Md6.bat" "53⤵
-
C:\Windows\system32\chcp.comchcp 6500154⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost54⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"54⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f55⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\N4Fv64T6jTDj.bat" "55⤵
-
C:\Windows\system32\chcp.comchcp 6500156⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost56⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"56⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f57⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\099SQ7EjDLba.bat" "57⤵
-
C:\Windows\system32\chcp.comchcp 6500158⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost58⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"58⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f59⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\BbBaUiRhrD7Q.bat" "59⤵
-
C:\Windows\system32\chcp.comchcp 6500160⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost60⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"60⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f61⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\1j7eGpv9SDmC.bat" "61⤵
-
C:\Windows\system32\chcp.comchcp 6500162⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost62⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"62⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f63⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\Aie7y3Wnj9DI.bat" "63⤵
-
C:\Windows\system32\chcp.comchcp 6500164⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost64⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"64⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f65⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\qSMgVIVEqFdJ.bat" "65⤵
-
C:\Windows\system32\chcp.comchcp 6500166⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost66⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"66⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f67⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\oTC2bQTpPxom.bat" "67⤵
-
C:\Windows\system32\chcp.comchcp 6500168⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost68⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"68⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f69⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\pYqbjRQwhgny.bat" "69⤵
-
C:\Windows\system32\chcp.comchcp 6500170⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost70⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"70⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f71⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\7mRltRJZEVk9.bat" "71⤵
-
C:\Windows\system32\chcp.comchcp 6500172⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost72⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"72⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f73⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dLRvZIXXnFZc.bat" "73⤵
-
C:\Windows\system32\chcp.comchcp 6500174⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost74⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"74⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f75⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\MWmci2UYUXiz.bat" "75⤵
-
C:\Windows\system32\chcp.comchcp 6500176⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost76⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"76⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f77⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\GFR4YadaffxV.bat" "77⤵
-
C:\Windows\system32\chcp.comchcp 6500178⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost78⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"78⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f79⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\CzJPytoV1m3V.bat" "79⤵
-
C:\Windows\system32\chcp.comchcp 6500180⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost80⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"80⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f81⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\J2uUPUgfJONU.bat" "81⤵
-
C:\Windows\system32\chcp.comchcp 6500182⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost82⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"82⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f83⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\om9WHIYP77fM.bat" "83⤵
-
C:\Windows\system32\chcp.comchcp 6500184⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost84⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"84⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f85⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\74K5ybMRe4xd.bat" "85⤵
-
C:\Windows\system32\chcp.comchcp 6500186⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost86⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"86⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f87⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\aZWxv4NXHW6K.bat" "87⤵
-
C:\Windows\system32\chcp.comchcp 6500188⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost88⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"88⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f89⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\5v3zMgqdPDdX.bat" "89⤵
-
C:\Windows\system32\chcp.comchcp 6500190⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost90⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"90⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f91⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\j0D4LnBiipYL.bat" "91⤵
-
C:\Windows\system32\chcp.comchcp 6500192⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost92⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"92⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f93⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\fKJ8e3wjDDyH.bat" "93⤵
-
C:\Windows\system32\chcp.comchcp 6500194⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost94⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"94⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f95⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\chYQSKguJp3c.bat" "95⤵
-
C:\Windows\system32\chcp.comchcp 6500196⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost96⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"96⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f97⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\8yvVNcEUoq0b.bat" "97⤵
-
C:\Windows\system32\chcp.comchcp 6500198⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost98⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"98⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f99⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\4SSCNednsvJ7.bat" "99⤵
-
C:\Windows\system32\chcp.comchcp 65001100⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost100⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"100⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f101⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\aR2DMQLZ0Yi4.bat" "101⤵
-
C:\Windows\system32\chcp.comchcp 65001102⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost102⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"102⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f103⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\gs68aSVNbcPF.bat" "103⤵
-
C:\Windows\system32\chcp.comchcp 65001104⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost104⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"104⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f105⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\jtnQUd2Re81Y.bat" "105⤵
-
C:\Windows\system32\chcp.comchcp 65001106⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost106⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"106⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f107⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\dRfTSOHwn3HO.bat" "107⤵
-
C:\Windows\system32\chcp.comchcp 65001108⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost108⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"108⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f109⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\XvkvR9GFlmbo.bat" "109⤵
-
C:\Windows\system32\chcp.comchcp 65001110⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost110⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"110⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f111⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\rQuuDVkrl3Vj.bat" "111⤵
-
C:\Windows\system32\chcp.comchcp 65001112⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost112⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"112⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f113⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\45FC6ZZLozMJ.bat" "113⤵
-
C:\Windows\system32\chcp.comchcp 65001114⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost114⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"114⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f115⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\TNpnvxwom5sX.bat" "115⤵
-
C:\Windows\system32\chcp.comchcp 65001116⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost116⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"116⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f117⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\zYCrQ4jNLtUA.bat" "117⤵
-
C:\Windows\system32\chcp.comchcp 65001118⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost118⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"118⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f119⤵
- Scheduled Task/Job: Scheduled Task
-
-
C:\Windows\system32\cmd.execmd /c ""C:\Users\Admin\AppData\Local\Temp\ENEDbVqEVnGr.bat" "119⤵
-
C:\Windows\system32\chcp.comchcp 65001120⤵
-
-
C:\Windows\system32\PING.EXEping -n 10 localhost120⤵
- System Network Configuration Discovery: Internet Connection Discovery
- Runs ping.exe
-
-
C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe"120⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
-
C:\Windows\system32\schtasks.exe"schtasks" /create /tn "Windows Graphics Loader" /sc ONLOGON /tr "C:\Users\Admin\AppData\Roaming\SubDir\Windows-Graphics-Loader.exe" /rl HIGHEST /f121⤵
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-