Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Analysis
-
max time kernel
43s -
max time network
150s -
platform
windows10-2004_x64 -
resource
win10v2004-20240508-en -
resource tags
arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system -
submitted
20/06/2024, 05:57
Static task
static1
Behavioral task
behavioral1
Sample
skibidsex.bat
Resource
win7-20240419-en
Behavioral task
behavioral2
Sample
skibidsex.bat
Resource
win10v2004-20240508-en
General
-
Target
skibidsex.bat
-
Size
24KB
-
MD5
3ea66f431c5f41c7bb3ee3e732a410d9
-
SHA1
6e6d44ef2b25f428f011542b74fd6aa045f28ff9
-
SHA256
5fac055b77687a07804a846351674b65ac76eb0482b7e3bdbddf46f4c74f01b1
-
SHA512
332c548feba180c72c51c15ba912caf18564e0e5f8259a0a65818e489e92ff42ceed0e732c06e7c14a8192ea344cdd61e3e834b7e354fdbe91370d6f53debb77
-
SSDEEP
768:pQVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVR:s
Malware Config
Signatures
-
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1232 wrote to memory of 4392 1232 cmd.exe 83 PID 1232 wrote to memory of 4392 1232 cmd.exe 83 PID 1232 wrote to memory of 4388 1232 cmd.exe 84 PID 1232 wrote to memory of 4388 1232 cmd.exe 84 PID 1232 wrote to memory of 2600 1232 cmd.exe 85 PID 1232 wrote to memory of 2600 1232 cmd.exe 85 PID 1232 wrote to memory of 2724 1232 cmd.exe 86 PID 1232 wrote to memory of 2724 1232 cmd.exe 86 PID 1232 wrote to memory of 3096 1232 cmd.exe 87 PID 1232 wrote to memory of 3096 1232 cmd.exe 87 PID 1232 wrote to memory of 1308 1232 cmd.exe 88 PID 1232 wrote to memory of 1308 1232 cmd.exe 88 PID 1232 wrote to memory of 2656 1232 cmd.exe 89 PID 1232 wrote to memory of 2656 1232 cmd.exe 89 PID 1232 wrote to memory of 4980 1232 cmd.exe 90 PID 1232 wrote to memory of 4980 1232 cmd.exe 90 PID 1232 wrote to memory of 4092 1232 cmd.exe 91 PID 1232 wrote to memory of 4092 1232 cmd.exe 91 PID 1232 wrote to memory of 1804 1232 cmd.exe 92 PID 1232 wrote to memory of 1804 1232 cmd.exe 92 PID 2724 wrote to memory of 1708 2724 cmd.exe 103 PID 2724 wrote to memory of 1708 2724 cmd.exe 103 PID 1804 wrote to memory of 2208 1804 cmd.exe 104 PID 1804 wrote to memory of 2208 1804 cmd.exe 104 PID 3096 wrote to memory of 4668 3096 cmd.exe 105 PID 3096 wrote to memory of 4668 3096 cmd.exe 105 PID 4388 wrote to memory of 1064 4388 cmd.exe 106 PID 4388 wrote to memory of 1064 4388 cmd.exe 106 PID 2600 wrote to memory of 368 2600 cmd.exe 107 PID 2600 wrote to memory of 368 2600 cmd.exe 107 PID 2656 wrote to memory of 3880 2656 cmd.exe 109 PID 2656 wrote to memory of 3880 2656 cmd.exe 109 PID 4092 wrote to memory of 4348 4092 cmd.exe 108 PID 4092 wrote to memory of 4348 4092 cmd.exe 108 PID 4392 wrote to memory of 4008 4392 cmd.exe 110 PID 4392 wrote to memory of 4008 4392 cmd.exe 110 PID 4980 wrote to memory of 4752 4980 cmd.exe 111 PID 4980 wrote to memory of 4752 4980 cmd.exe 111 PID 1308 wrote to memory of 2856 1308 cmd.exe 112 PID 1308 wrote to memory of 2856 1308 cmd.exe 112 PID 1232 wrote to memory of 4652 1232 cmd.exe 113 PID 1232 wrote to memory of 4652 1232 cmd.exe 113 PID 1232 wrote to memory of 2332 1232 cmd.exe 114 PID 1232 wrote to memory of 2332 1232 cmd.exe 114 PID 1232 wrote to memory of 4260 1232 cmd.exe 115 PID 1232 wrote to memory of 4260 1232 cmd.exe 115 PID 1232 wrote to memory of 4284 1232 cmd.exe 118 PID 1232 wrote to memory of 4284 1232 cmd.exe 118 PID 1232 wrote to memory of 3680 1232 cmd.exe 119 PID 1232 wrote to memory of 3680 1232 cmd.exe 119 PID 1232 wrote to memory of 3208 1232 cmd.exe 122 PID 1232 wrote to memory of 3208 1232 cmd.exe 122 PID 1232 wrote to memory of 2932 1232 cmd.exe 123 PID 1232 wrote to memory of 2932 1232 cmd.exe 123 PID 1232 wrote to memory of 4352 1232 cmd.exe 125 PID 1232 wrote to memory of 4352 1232 cmd.exe 125 PID 1232 wrote to memory of 4836 1232 cmd.exe 127 PID 1232 wrote to memory of 4836 1232 cmd.exe 127 PID 1232 wrote to memory of 4276 1232 cmd.exe 129 PID 1232 wrote to memory of 4276 1232 cmd.exe 129 PID 1232 wrote to memory of 3528 1232 cmd.exe 132 PID 1232 wrote to memory of 3528 1232 cmd.exe 132 PID 2332 wrote to memory of 4416 2332 cmd.exe 134 PID 2332 wrote to memory of 4416 2332 cmd.exe 134
Processes
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\skibidsex.bat"1⤵
- Suspicious use of WriteProcessMemory
PID:1232 -
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:4392 -
C:\Windows\system32\mode.commode 50,53⤵PID:4008
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:4388 -
C:\Windows\system32\mode.commode 50,53⤵PID:1064
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:2600 -
C:\Windows\system32\mode.commode 50,53⤵PID:368
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:2724 -
C:\Windows\system32\mode.commode 50,53⤵PID:1708
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:3096 -
C:\Windows\system32\mode.commode 50,53⤵PID:4668
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:1308 -
C:\Windows\system32\mode.commode 50,53⤵PID:2856
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:2656 -
C:\Windows\system32\mode.commode 50,53⤵PID:3880
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:4980 -
C:\Windows\system32\mode.commode 50,53⤵PID:4752
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:4092 -
C:\Windows\system32\mode.commode 50,53⤵PID:4348
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-23410"2⤵
- Suspicious use of WriteProcessMemory
PID:1804 -
C:\Windows\system32\mode.commode 50,53⤵PID:2208
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:4652
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵
- Suspicious use of WriteProcessMemory
PID:2332 -
C:\Windows\system32\mode.commode 50,53⤵PID:4416
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:4260
-
C:\Windows\system32\mode.commode 50,53⤵PID:4012
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:4284
-
C:\Windows\system32\mode.commode 50,53⤵PID:2560
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:3680
-
C:\Windows\system32\mode.commode 50,53⤵PID:4600
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:3208
-
C:\Windows\system32\mode.commode 50,53⤵PID:1016
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:2932
-
C:\Windows\system32\mode.commode 50,53⤵PID:2096
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:4352
-
C:\Windows\system32\mode.commode 50,53⤵PID:756
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:4836
-
C:\Windows\system32\mode.commode 50,53⤵PID:404
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:4276
-
C:\Windows\system32\mode.commode 50,53⤵PID:1056
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-31487"2⤵PID:3528
-
C:\Windows\system32\mode.commode 50,53⤵PID:1976
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:4348
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:2456
-
C:\Windows\system32\mode.commode 50,53⤵PID:1608
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:4584
-
C:\Windows\system32\mode.commode 50,53⤵PID:404
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:2208
-
C:\Windows\system32\mode.commode 50,53⤵PID:4164
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:1064
-
C:\Windows\system32\mode.commode 50,53⤵PID:4700
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:2592
-
C:\Windows\system32\mode.commode 50,53⤵PID:4612
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:5040
-
C:\Windows\system32\mode.commode 50,53⤵PID:4408
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:2856
-
C:\Windows\system32\mode.commode 50,53⤵PID:4880
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:4624
-
C:\Windows\system32\mode.commode 50,53⤵PID:2732
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:464
-
C:\Windows\system32\mode.commode 50,53⤵PID:2936
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-24619"2⤵PID:1760
-
C:\Windows\system32\mode.commode 50,53⤵PID:2792
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:1480
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:2908
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵PID:1608
-
-
C:\Windows\system32\mode.commode 50,53⤵PID:5160
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:1756
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵PID:756
-
-
C:\Windows\system32\mode.commode 50,53⤵PID:2560
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:1008
-
C:\Windows\system32\mode.commode 50,53⤵PID:4728
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:4536
-
C:\Windows\system32\mode.commode 50,53⤵PID:5140
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:3060
-
C:\Windows\system32\mode.commode 50,53⤵PID:2292
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:1776
-
C:\Windows\system32\mode.commode 50,53⤵PID:4700
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:4572
-
C:\Windows\system32\mode.commode 50,53⤵PID:3984
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:2424
-
C:\Windows\system32\mode.commode 50,53⤵PID:2128
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:1920
-
C:\Windows\system32\mode.commode 50,53⤵PID:5188
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-26330"2⤵PID:2956
-
C:\Windows\system32\mode.commode 50,53⤵PID:1492
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:5592
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5604
-
C:\Windows\system32\mode.commode 50,53⤵PID:5128
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5612
-
C:\Windows\system32\mode.commode 50,53⤵PID:4412
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5620
-
C:\Windows\system32\mode.commode 50,53⤵PID:5208
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5628
-
C:\Windows\system32\mode.commode 50,53⤵PID:2128
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5636
-
C:\Windows\system32\mode.commode 50,53⤵PID:5172
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5644
-
C:\Windows\system32\mode.commode 50,53⤵PID:1492
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5672
-
C:\Windows\system32\mode.commode 50,53⤵PID:5240
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5696
-
C:\Windows\system32\mode.commode 50,53⤵PID:5192
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5712
-
C:\Windows\system32\mode.commode 50,53⤵PID:5224
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-27430"2⤵PID:5832
-
C:\Windows\system32\mode.commode 50,53⤵PID:5160
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:5584
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5668
-
C:\Windows\system32\mode.commode 50,53⤵PID:5380
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5732
-
C:\Windows\system32\mode.commode 50,53⤵PID:5500
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5792
-
C:\Windows\system32\mode.commode 50,53⤵PID:5460
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5948
-
C:\Windows\system32\mode.commode 50,53⤵PID:5580
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5968
-
C:\Windows\system32\mode.commode 50,53⤵PID:5384
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5336
-
C:\Windows\system32\mode.commode 50,53⤵PID:5544
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:6040
-
C:\Windows\system32\mode.commode 50,53⤵PID:5552
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5168
-
C:\Windows\system32\mode.commode 50,53⤵PID:5572
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:4476
-
C:\Windows\system32\mode.commode 50,53⤵PID:5560
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-9316"2⤵PID:5288
-
C:\Windows\system32\mode.commode 50,53⤵PID:5528
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:5524
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:1796
-
C:\Windows\system32\mode.commode 50,53⤵PID:6568
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:1384
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵PID:5544
-
-
C:\Windows\system32\mode.commode 50,53⤵PID:6560
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:5392
-
C:\Windows\system32\mode.commode 50,53⤵PID:6548
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:720
-
C:\Windows\system32\mode.commode 50,53⤵PID:6512
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:928
-
C:\Windows\system32\mode.commode 50,53⤵PID:6588
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:6172
-
C:\Windows\system32\mode.commode 50,53⤵PID:6536
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:6204
-
C:\Windows\system32\mode.commode 50,53⤵PID:6620
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:6256
-
C:\Windows\system32\mode.commode 50,53⤵PID:6692
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:6308
-
C:\Windows\system32\mode.commode 50,53⤵PID:6684
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-14517"2⤵PID:6372
-
C:\Windows\system32\mode.commode 50,53⤵PID:6596
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:6436
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:3756
-
C:\Windows\system32\mode.commode 50,53⤵PID:6928
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6572
-
C:\Windows\system32\mode.commode 50,53⤵PID:7072
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6568
-
C:\Windows\system32\mode.commode 50,53⤵PID:7044
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6536
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵PID:6620
-
-
C:\Windows\system32\mode.commode 50,53⤵PID:6976
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6648
-
C:\Windows\system32\mode.commode 50,53⤵PID:7064
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6720
-
C:\Windows\system32\mode.commode 50,53⤵PID:7136
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6684
-
C:\Windows\system32\mode.commode 50,53⤵PID:7012
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6564
-
C:\Windows\system32\mode.commode 50,53⤵PID:5112
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6780
-
C:\Windows\system32\mode.commode 50,53⤵PID:7160
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-17491"2⤵PID:6824
-
C:\Windows\system32\mode.commode 50,53⤵PID:7112
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:3340
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:5032
-
C:\Windows\system32\mode.commode 50,53⤵PID:7560
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:6996
-
C:\Windows\system32\mode.commode 50,53⤵PID:7540
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:6588
-
C:\Windows\system32\mode.commode 50,53⤵PID:7848
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7224
-
C:\Windows\system32\mode.commode 50,53⤵PID:7760
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7264
-
C:\Windows\system32\mode.commode 50,53⤵PID:7880
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7284
-
C:\Windows\system32\mode.commode 50,53⤵PID:7812
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7304
-
C:\Windows\system32\mode.commode 50,53⤵PID:7868
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7336
-
C:\Windows\system32\mode.commode 50,53⤵PID:7804
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7344
-
C:\Windows\system32\mode.commode 50,53⤵PID:7840
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-28088"2⤵PID:7408
-
C:\Windows\system32\mode.commode 50,53⤵PID:7744
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:8020
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:4776
-
C:\Windows\system32\mode.commode 50,53⤵PID:8356
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:8072
-
C:\Windows\system32\mode.commode 50,53⤵PID:8436
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:8100
-
C:\Windows\system32\mode.commode 50,53⤵PID:8480
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:8128
-
C:\Windows\system32\mode.commode 50,53⤵PID:8448
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:8144
-
C:\Windows\system32\mode.commode 50,53⤵PID:8488
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:7184
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵PID:7044
-
-
C:\Windows\system32\mode.commode 50,53⤵PID:8368
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:7332
-
C:\Windows\system32\mode.commode 50,53⤵PID:8496
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:7844
-
C:\Windows\system32\mode.commode 50,53⤵PID:8584
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:7928
-
C:\Windows\system32\mode.commode 50,53⤵PID:8564
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-23295"2⤵PID:8140
-
C:\Windows\system32\mode.commode 50,53⤵PID:8576
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:8912
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:8576
-
C:\Windows\system32\mode.commode 50,53⤵PID:8556
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:8956
-
C:\Windows\system32\mode.commode 50,53⤵PID:5440
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:8980
-
C:\Windows\system32\mode.commode 50,53⤵PID:7104
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:7008
-
C:\Windows\system32\mode.commode 50,53⤵PID:5440
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:6540
-
C:\Windows\system32\mode.commode 50,53⤵PID:9132
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:7140
-
C:\Windows\system32\mode.commode 50,53⤵PID:8880
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:9076
-
C:\Windows\system32\mode.commode 50,53⤵PID:8572
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:9084
-
C:\Windows\system32\mode.commode 50,53⤵PID:8604
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:9112
-
C:\Windows\system32\mode.commode 50,53⤵PID:9056
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-11319"2⤵PID:9188
-
C:\Windows\system32\mode.commode 50,53⤵PID:8580
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:3488
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:3324
-
C:\Windows\system32\mode.commode 50,53⤵PID:3388
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:1964
-
C:\Windows\system32\mode.commode 50,53⤵PID:5116
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:6948
-
C:\Windows\system32\mode.commode 50,53⤵PID:792
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:8604
-
C:\Windows\system32\mode.commode 50,53⤵PID:2328
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:8864
-
C:\Windows\system32\mode.commode 50,53⤵PID:1976
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:8592
-
C:\Windows\system32\mode.commode 50,53⤵PID:1752
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:5012
-
C:\Windows\system32\mode.commode 50,53⤵PID:7688
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:2396
-
C:\Windows\system32\mode.commode 50,53⤵PID:3532
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:8572
-
C:\Windows\system32\mode.commode 50,53⤵PID:1520
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-11545"2⤵PID:4792
-
C:\Windows\system32\mode.commode 50,53⤵PID:1052
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:5404
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:5720
-
C:\Windows\system32\mode.commode 50,53⤵PID:9548
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:5844
-
C:\Windows\system32\mode.commode 50,53⤵PID:9568
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:3948
-
C:\Windows\system32\mode.commode 50,53⤵PID:9556
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:6140
-
C:\Windows\system32\mode.commode 50,53⤵PID:9688
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:1420
-
C:\Windows\system32\mode.commode 50,53⤵PID:9628
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:5684
-
C:\Windows\system32\mode.commode 50,53⤵PID:9680
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:5956
-
C:\Windows\system32\mode.commode 50,53⤵PID:9620
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:6052
-
C:\Windows\system32\mode.commode 50,53⤵PID:9608
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:8664
-
C:\Windows\system32\mode.commode 50,53⤵PID:9696
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-19904"2⤵PID:5184
-
C:\Windows\system32\mode.commode 50,53⤵PID:9636
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:10140
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:10172
-
C:\Windows\system32\mode.commode 50,53⤵PID:9588
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:10188
-
C:\Windows\system32\mode.commode 50,53⤵PID:9792
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:10212
-
C:\Windows\system32\mode.commode 50,53⤵PID:9676
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:6160
-
C:\Windows\system32\mode.commode 50,53⤵PID:9864
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:6232
-
C:\Windows\system32\mode.commode 50,53⤵PID:9712
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:4060
-
C:\Windows\system32\mode.commode 50,53⤵PID:9868
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:6344
-
C:\Windows\system32\mode.commode 50,53⤵PID:9844
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:6444
-
C:\Windows\system32\mode.commode 50,53⤵PID:9808
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:9420
-
C:\Windows\system32\mode.commode 50,53⤵PID:9800
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-16149"2⤵PID:9528
-
C:\Windows\system32\mode.commode 50,53⤵PID:9836
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:8312
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:10116
-
C:\Windows\system32\mode.commode 50,53⤵PID:10536
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:6324
-
C:\Windows\system32\mode.commode 50,53⤵PID:10392
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:7420
-
C:\Windows\system32\mode.commode 50,53⤵PID:10592
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:3088
-
C:\Windows\system32\mode.commode 50,53⤵PID:10564
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:9208
-
C:\Windows\system32\mode.commode 50,53⤵PID:10600
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:10004
-
C:\Windows\system32\mode.commode 50,53⤵PID:10580
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:7200
-
C:\Windows\system32\mode.commode 50,53⤵PID:10612
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:8232
-
C:\Windows\system32\mode.commode 50,53⤵PID:10628
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:8340
-
C:\Windows\system32\mode.commode 50,53⤵PID:10680
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-31151"2⤵PID:10252
-
C:\Windows\system32\mode.commode 50,53⤵PID:10688
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:8740
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:3188
-
C:\Windows\system32\mode.commode 50,53⤵PID:2280
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10568
-
C:\Windows\system32\mode.commode 50,53⤵PID:4304
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10564
-
C:\Windows\System32\Conhost.exe\??\C:\Windows\system32\conhost.exe 0xffffffff -ForceV13⤵PID:8488
-
-
C:\Windows\system32\mode.commode 50,53⤵PID:11132
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:3692
-
C:\Windows\system32\mode.commode 50,53⤵PID:3996
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10736
-
C:\Windows\system32\mode.commode 50,53⤵PID:3372
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10724
-
C:\Windows\system32\mode.commode 50,53⤵PID:11172
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10728
-
C:\Windows\system32\mode.commode 50,53⤵PID:3524
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10756
-
C:\Windows\system32\mode.commode 50,53⤵PID:3296
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10764
-
C:\Windows\system32\mode.commode 50,53⤵PID:1592
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-17602"2⤵PID:10656
-
C:\Windows\system32\mode.commode 50,53⤵PID:7524
-
-
-
C:\Windows\system32\notepad.exenotepad "\Users\Admin\Downloads\you are hacked-1.txt"2⤵PID:9496
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-1 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:10332
-
C:\Windows\system32\mode.commode 50,53⤵PID:7804
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-2 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:4220
-
C:\Windows\system32\mode.commode 50,53⤵PID:9440
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-3 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:7988
-
C:\Windows\system32\mode.commode 50,53⤵PID:9204
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-4 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:6904
-
C:\Windows\system32\mode.commode 50,53⤵PID:7960
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-5 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:11260
-
C:\Windows\system32\mode.commode 50,53⤵PID:5964
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-6 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:2360
-
C:\Windows\system32\mode.commode 50,53⤵PID:700
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-7 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:5204
-
C:\Windows\system32\mode.commode 50,53⤵PID:8008
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-8 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:7072
-
C:\Windows\system32\mode.commode 50,53⤵PID:7740
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-9 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:5756
-
C:\Windows\system32\mode.commode 50,53⤵PID:8228
-
-
-
C:\Windows\system32\cmd.execmd /k "mode 50,5 & title Window-10 & for /l %j in (1,1,10000) do @echo Random text-16083"2⤵PID:7824
-
C:\Windows\system32\mode.commode 50,53⤵PID:792
-
-
-
C:\Windows\System32\rundll32.exeC:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding1⤵PID:2144
-
C:\Windows\System32\sihclient.exeC:\Windows\System32\sihclient.exe /cv NXSL5sGu20yXccckScJUWw.0.21⤵PID:7112
-
C:\Windows\system32\taskmgr.exe"C:\Windows\system32\taskmgr.exe" /71⤵PID:608
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe"1⤵PID:6908
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=110.0.5481.104 --initial-client-data=0x120,0x124,0x128,0x11c,0xf8,0x7ff8b09eab58,0x7ff8b09eab68,0x7ff8b09eab782⤵PID:6988
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1632 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:22⤵PID:7232
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2196 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:82⤵PID:7424
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=2260 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:82⤵PID:9612
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3116 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:12⤵PID:1080
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3124 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:12⤵PID:1624
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4156 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:12⤵PID:996
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3168 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:82⤵PID:11204
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3172 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:82⤵PID:11212
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1832 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:82⤵PID:7532
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --mojo-platform-channel-handle=4932 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:12⤵PID:5536
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=4880 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:12⤵PID:5568
-
-
C:\Program Files\Google\Chrome\Application\chrome.exe"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3936 --field-trial-handle=1844,i,12537974189433041348,7947788500107061253,131072 /prefetch:12⤵PID:3276
-
-
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"1⤵PID:6680
Network
MITRE ATT&CK Matrix
Replay Monitor
Loading Replay Monitor...
Downloads
-
Filesize
810B
MD52a854173dbb900e8ea2a4d3a70afd02b
SHA1dfa313b267fcd35f4251fe49a9b059407a1ad6ed
SHA2568d141141934b44f305706e344491960f5c5f27370e7e9ec8acda3ae22b3baa3e
SHA5127b95fa26546df9336d604d4ab5af1c2dc44172fb72ce501042fc5bf36a53226a51ca2f732fdcb8aa30a3bfa33c637705aca408393c007efc1c7ff2d4779ff329
-
Filesize
2B
MD5d751713988987e9331980363e24189ce
SHA197d170e1550eee4afc0af065b78cda302a97674c
SHA2564f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af
-
Filesize
6KB
MD53da8faddf307385e06850f3e893bf7cc
SHA166140fde6d924b795a434400319defdd94830f07
SHA256dd24e475951919931cd9c5009452f3caced6504f1ac978de0520c194b99b3544
SHA51251f56ab842a36b783a9c7c9b7aae08e1b4767533140bc07a90566d2c06f745f067e2e243ca734c59c273e9ef33b04e73e59812c65de9f82cf47d51002ce76f6d
-
Filesize
6KB
MD529ec488befff0f3c774fe97d485d1e0a
SHA19866bea453a1af602ed6545103e5ce8a5365d9b8
SHA256f88b472d4c4df0c348df77c8741b0835639c748cd426e363e977b872edce7ba5
SHA5125b6e617214f094b5f9c4e0c4b41c5bf4479fe0a05358fbbeac9405ff20d401da175f0918ebd0fc0296196eeb0f92344f73f17b18dafebc8d4c7490559fe6a2a7
-
Filesize
257KB
MD57691d71076aa2b51824258f5063b7d45
SHA1e7244734def05eb6544817e2f4232e31e747c3de
SHA25633d784759b1cc3cac2bfab6489291da3bdad044e36d524a4d613d79fa6aca732
SHA512efcdc5aae71bb828fd390618b6f7a537b187878c7ba0a1c61dadc4dd450c3e283d40ab84b242c7e2a89919f02eee0a91a36498cbcceb64fd370960aa18bfbee8
-
Filesize
257KB
MD5fde8e445969fedad591b3d5379a9f154
SHA15a3636cb1f4c78891fe5f50e9e5c499375ee4a0b
SHA25685ed99965c04f6584b6b4c3336f2abdc474dee9f270a5e93bab49ab26bb665a2
SHA5124fd71d56c80fc8352dc424c4aa0c02de4fc9f13acca2ed84bd6413821ccf789b436058af8757bc1366230b1d7522ec73ded8fddf486be6508d03bbb195061967
-
Filesize
257KB
MD51c64a97845fd499872475bfab9e10e4a
SHA11c6007fe571d61d6b26445792279b7abbe0b3a92
SHA2560071fe9b4707b80ed550418bda5ac78f03e982a05011c9a2a05ccd286ef2f9fd
SHA512b16b78b7ad8649ea1111e462c035dfd4fa7b271b91a43ab37a069a1c0c791d5ef425493d670c9b3de25290da877092c6cb7138d4eb410ee2a08e5400229f777b
-
Filesize
14B
MD562fe8bdd171c967045ed244a3f2a58f9
SHA1bf7c2fb3fff2ce1b674ff464537f121903a309a1
SHA256a9109fd6420273079d5305283b0b010070b0198788ec230794a65f3993882a51
SHA512a2b91067e32f94e09abd8f767bf9e20f0b20e95145c34e194ed3d5c9de6948c6954c71864e2bc6b02ac0f54a73d49bb61948afa5b3c236c2d5b84a77990a0f3e