5fac055b77687a07804a846351674b65ac76eb0482b7e3bdbddf46f4c74f01b1

Analysis

max time kernel
43s
max time network
150s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
20/06/2024, 05:57

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

skibidsex.bat
Size

24KB
MD5

3ea66f431c5f41c7bb3ee3e732a410d9
SHA1

6e6d44ef2b25f428f011542b74fd6aa045f28ff9
SHA256

5fac055b77687a07804a846351674b65ac76eb0482b7e3bdbddf46f4c74f01b1
SHA512

332c548feba180c72c51c15ba912caf18564e0e5f8259a0a65818e489e92ff42ceed0e732c06e7c14a8192ea344cdd61e3e834b7e354fdbe91370d6f53debb77
SSDEEP

768:pQVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVR:s

Score

1^/10

Malware Config

Signatures

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1232 wrote to memory of 4392	1232	cmd.exe	83
PID 1232 wrote to memory of 4392	1232	cmd.exe	83
PID 1232 wrote to memory of 4388	1232	cmd.exe	84
PID 1232 wrote to memory of 4388	1232	cmd.exe	84
PID 1232 wrote to memory of 2600	1232	cmd.exe	85
PID 1232 wrote to memory of 2600	1232	cmd.exe	85
PID 1232 wrote to memory of 2724	1232	cmd.exe	86
PID 1232 wrote to memory of 2724	1232	cmd.exe	86
PID 1232 wrote to memory of 3096	1232	cmd.exe	87
PID 1232 wrote to memory of 3096	1232	cmd.exe	87
PID 1232 wrote to memory of 1308	1232	cmd.exe	88
PID 1232 wrote to memory of 1308	1232	cmd.exe	88
PID 1232 wrote to memory of 2656	1232	cmd.exe	89
PID 1232 wrote to memory of 2656	1232	cmd.exe	89
PID 1232 wrote to memory of 4980	1232	cmd.exe	90
PID 1232 wrote to memory of 4980	1232	cmd.exe	90
PID 1232 wrote to memory of 4092	1232	cmd.exe	91
PID 1232 wrote to memory of 4092	1232	cmd.exe	91
PID 1232 wrote to memory of 1804	1232	cmd.exe	92
PID 1232 wrote to memory of 1804	1232	cmd.exe	92
PID 2724 wrote to memory of 1708	2724	cmd.exe	103
PID 2724 wrote to memory of 1708	2724	cmd.exe	103
PID 1804 wrote to memory of 2208	1804	cmd.exe	104
PID 1804 wrote to memory of 2208	1804	cmd.exe	104
PID 3096 wrote to memory of 4668	3096	cmd.exe	105
PID 3096 wrote to memory of 4668	3096	cmd.exe	105
PID 4388 wrote to memory of 1064	4388	cmd.exe	106
PID 4388 wrote to memory of 1064	4388	cmd.exe	106
PID 2600 wrote to memory of 368	2600	cmd.exe	107
PID 2600 wrote to memory of 368	2600	cmd.exe	107
PID 2656 wrote to memory of 3880	2656	cmd.exe	109
PID 2656 wrote to memory of 3880	2656	cmd.exe	109
PID 4092 wrote to memory of 4348	4092	cmd.exe	108
PID 4092 wrote to memory of 4348	4092	cmd.exe	108
PID 4392 wrote to memory of 4008	4392	cmd.exe	110
PID 4392 wrote to memory of 4008	4392	cmd.exe	110
PID 4980 wrote to memory of 4752	4980	cmd.exe	111
PID 4980 wrote to memory of 4752	4980	cmd.exe	111
PID 1308 wrote to memory of 2856	1308	cmd.exe	112
PID 1308 wrote to memory of 2856	1308	cmd.exe	112
PID 1232 wrote to memory of 4652	1232	cmd.exe	113
PID 1232 wrote to memory of 4652	1232	cmd.exe	113
PID 1232 wrote to memory of 2332	1232	cmd.exe	114
PID 1232 wrote to memory of 2332	1232	cmd.exe	114
PID 1232 wrote to memory of 4260	1232	cmd.exe	115
PID 1232 wrote to memory of 4260	1232	cmd.exe	115
PID 1232 wrote to memory of 4284	1232	cmd.exe	118
PID 1232 wrote to memory of 4284	1232	cmd.exe	118
PID 1232 wrote to memory of 3680	1232	cmd.exe	119
PID 1232 wrote to memory of 3680	1232	cmd.exe	119
PID 1232 wrote to memory of 3208	1232	cmd.exe	122
PID 1232 wrote to memory of 3208	1232	cmd.exe	122
PID 1232 wrote to memory of 2932	1232	cmd.exe	123
PID 1232 wrote to memory of 2932	1232	cmd.exe	123
PID 1232 wrote to memory of 4352	1232	cmd.exe	125
PID 1232 wrote to memory of 4352	1232	cmd.exe	125
PID 1232 wrote to memory of 4836	1232	cmd.exe	127
PID 1232 wrote to memory of 4836	1232	cmd.exe	127
PID 1232 wrote to memory of 4276	1232	cmd.exe	129
PID 1232 wrote to memory of 4276	1232	cmd.exe	129
PID 1232 wrote to memory of 3528	1232	cmd.exe	132
PID 1232 wrote to memory of 3528	1232	cmd.exe	132
PID 2332 wrote to memory of 4416	2332	cmd.exe	134
PID 2332 wrote to memory of 4416	2332	cmd.exe	134

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\skibidsex.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1232
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4392
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4008
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4388
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1064
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:368
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2724
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1708
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:3096
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4668
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1308
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2856
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2656
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3880
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4980
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4752
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4092
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4348
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-23410"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:1804
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2208
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:4652
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:2332
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4416
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:4260
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4012
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:4284
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2560
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:3680
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4600
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:3208
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1016
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:2932
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2096
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:4352
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:756
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:4836
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:404
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:4276
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1056
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-31487"
  2⤵
  PID:3528
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1976
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:4348
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:2456
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1608
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:4584
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:404
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:2208
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4164
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:1064
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4700
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:2592
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4612
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:5040
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4408
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:2856
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4880
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:4624
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2732
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:464
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2936
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-24619"
  2⤵
  PID:1760
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2792
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:1480
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:2908
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:1608
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5160
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:1756
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:756
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2560
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:1008
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4728
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:4536
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5140
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:3060
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2292
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:1776
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4700
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:4572
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3984
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:2424
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2128
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:1920
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5188
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-26330"
  2⤵
  PID:2956
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1492
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:5592
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5604
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5128
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5612
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4412
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5620
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5208
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5628
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2128
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5636
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5172
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5644
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1492
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5672
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5240
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5696
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5192
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5712
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5224
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-27430"
  2⤵
  PID:5832
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5160
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:5584
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5668
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5380
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5732
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5500
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5792
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5460
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5948
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5580
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5968
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5384
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5336
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5544
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:6040
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5552
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5168
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5572
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:4476
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5560
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-9316"
  2⤵
  PID:5288
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5528
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:5524
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:1796
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6568
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:1384
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:5544
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6560
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:5392
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6548
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:720
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6512
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:928
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6588
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:6172
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6536
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:6204
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6620
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:6256
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6692
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:6308
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6684
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-14517"
  2⤵
  PID:6372
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6596
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:6436
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:3756
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6928
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6572
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7072
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6568
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7044
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6536
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:6620
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:6976
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6648
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7064
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6720
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7136
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6684
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7012
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6564
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5112
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6780
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7160
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-17491"
  2⤵
  PID:6824
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7112
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:3340
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:5032
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7560
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:6996
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7540
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:6588
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7848
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7224
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7760
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7264
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7880
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7284
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7812
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7304
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7868
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7336
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7804
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7344
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7840
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-28088"
  2⤵
  PID:7408
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7744
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:8020
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:4776
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8356
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:8072
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8436
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:8100
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8480
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:8128
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8448
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:8144
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8488
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:7184
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:7044
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8368
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:7332
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8496
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:7844
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8584
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:7928
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8564
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-23295"
  2⤵
  PID:8140
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8576
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:8912
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:8576
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8556
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:8956
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5440
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:8980
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7104
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:7008
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5440
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:6540
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9132
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:7140
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8880
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:9076
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8572
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:9084
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8604
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:9112
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9056
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-11319"
  2⤵
  PID:9188
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8580
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:3488
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:3324
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3388
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:1964
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5116
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:6948
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:792
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:8604
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2328
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:8864
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1976
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:8592
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1752
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:5012
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7688
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:2396
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3532
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:8572
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1520
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-11545"
  2⤵
  PID:4792
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1052
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:5404
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:5720
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9548
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:5844
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9568
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:3948
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9556
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:6140
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9688
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:1420
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9628
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:5684
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9680
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:5956
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9620
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:6052
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9608
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:8664
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9696
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-19904"
  2⤵
  PID:5184
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9636
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:10140
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:10172
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9588
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:10188
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9792
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:10212
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9676
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:6160
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9864
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:6232
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9712
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:4060
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9868
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:6344
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9844
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:6444
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9808
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:9420
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9800
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-16149"
  2⤵
  PID:9528
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9836
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:8312
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:10116
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10536
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:6324
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10392
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:7420
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10592
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:3088
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10564
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:9208
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10600
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:10004
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10580
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:7200
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10612
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:8232
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10628
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:8340
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10680
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-31151"
  2⤵
  PID:10252
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:10688
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:8740
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:3188
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:2280
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10568
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:4304
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10564
- - C:\Windows\System32\Conhost.exe
    \??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
    3⤵
    PID:8488
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:11132
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:3692
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3996
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10736
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3372
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10724
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:11172
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10728
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3524
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10756
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:3296
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10764
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:1592
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-17602"
  2⤵
  PID:10656
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7524
- C:\Windows\system32\notepad.exe
  notepad "\Users\Admin\Downloads\you are hacked-1.txt"
  2⤵
  PID:9496
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:10332
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7804
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:4220
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9440
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:7988
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:9204
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:6904
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7960
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:11260
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:5964
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:2360
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:700
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:5204
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8008
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:7072
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:7740
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:5756
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:8228
- C:\Windows\system32\cmd.exe
  cmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-16083"
  2⤵
  PID:7824
- - C:\Windows\system32\mode.com
    mode 50,5
    3⤵
    PID:792

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:2144

C:\Windows\System32\sihclient.exe
C:\Windows\System32\sihclient.exe /cv NXSL5sGu20yXccckScJUWw.0.2
1⤵
PID:7112

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /7
1⤵
PID:608

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
PID:6908
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff8b09eab58,0x7ff8b09eab68,0x7ff8b09eab78
  2⤵
  PID:6988
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:2
  2⤵
  PID:7232
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:8
  2⤵
  PID:7424
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:8
  2⤵
  PID:9612
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:1
  2⤵
  PID:1080
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:1
  2⤵
  PID:1624
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4156 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:1
  2⤵
  PID:996
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:8
  2⤵
  PID:11204
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:8
  2⤵
  PID:11212
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:8
  2⤵
  PID:7532
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4932 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:1
  2⤵
  PID:5536
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4880 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:1
  2⤵
  PID:5568
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3936 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:1
  2⤵
  PID:3276

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
PID:6680

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

Filesize
810B

MD5
2a854173dbb900e8ea2a4d3a70afd02b

SHA1
dfa313b267fcd35f4251fe49a9b059407a1ad6ed

SHA256
8d141141934b44f305706e344491960f5c5f27370e7e9ec8acda3ae22b3baa3e

SHA512
7b95fa26546df9336d604d4ab5af1c2dc44172fb72ce501042fc5bf36a53226a51ca2f732fdcb8aa30a3bfa33c637705aca408393c007efc1c7ff2d4779ff329

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

Filesize
2B

MD5
d751713988987e9331980363e24189ce

SHA1
97d170e1550eee4afc0af065b78cda302a97674c

SHA256
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945

SHA512
b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
3da8faddf307385e06850f3e893bf7cc

SHA1
66140fde6d924b795a434400319defdd94830f07

SHA256
dd24e475951919931cd9c5009452f3caced6504f1ac978de0520c194b99b3544

SHA512
51f56ab842a36b783a9c7c9b7aae08e1b4767533140bc07a90566d2c06f745f067e2e243ca734c59c273e9ef33b04e73e59812c65de9f82cf47d51002ce76f6d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
6KB

MD5
29ec488befff0f3c774fe97d485d1e0a

SHA1
9866bea453a1af602ed6545103e5ce8a5365d9b8

SHA256
f88b472d4c4df0c348df77c8741b0835639c748cd426e363e977b872edce7ba5

SHA512
5b6e617214f094b5f9c4e0c4b41c5bf4479fe0a05358fbbeac9405ff20d401da175f0918ebd0fc0296196eeb0f92344f73f17b18dafebc8d4c7490559fe6a2a7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
7691d71076aa2b51824258f5063b7d45

SHA1
e7244734def05eb6544817e2f4232e31e747c3de

SHA256
33d784759b1cc3cac2bfab6489291da3bdad044e36d524a4d613d79fa6aca732

SHA512
efcdc5aae71bb828fd390618b6f7a537b187878c7ba0a1c61dadc4dd450c3e283d40ab84b242c7e2a89919f02eee0a91a36498cbcceb64fd370960aa18bfbee8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
fde8e445969fedad591b3d5379a9f154

SHA1
5a3636cb1f4c78891fe5f50e9e5c499375ee4a0b

SHA256
85ed99965c04f6584b6b4c3336f2abdc474dee9f270a5e93bab49ab26bb665a2

SHA512
4fd71d56c80fc8352dc424c4aa0c02de4fc9f13acca2ed84bd6413821ccf789b436058af8757bc1366230b1d7522ec73ded8fddf486be6508d03bbb195061967

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
257KB

MD5
1c64a97845fd499872475bfab9e10e4a

SHA1
1c6007fe571d61d6b26445792279b7abbe0b3a92

SHA256
0071fe9b4707b80ed550418bda5ac78f03e982a05011c9a2a05ccd286ef2f9fd

SHA512
b16b78b7ad8649ea1111e462c035dfd4fa7b271b91a43ab37a069a1c0c791d5ef425493d670c9b3de25290da877092c6cb7138d4eb410ee2a08e5400229f777b

Download Submit
C:\Users\Admin\Downloads\you are hacked-5.txt

Filesize
14B

MD5
62fe8bdd171c967045ed244a3f2a58f9

SHA1
bf7c2fb3fff2ce1b674ff464537f121903a309a1

SHA256
a9109fd6420273079d5305283b0b010070b0198788ec230794a65f3993882a51

SHA512
a2b91067e32f94e09abd8f767bf9e20f0b20e95145c34e194ed3d5c9de6948c6954c71864e2bc6b02ac0f54a73d49bb61948afa5b3c236c2d5b84a77990a0f3e

Download Submit
memory/608-1171-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1166-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1167-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1168-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1169-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1170-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1165-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1158-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1159-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download
memory/608-1160-0x0000015BB7210000-0x0000015BB7211000-memory.dmp

Filesize
4KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads