File name:

1.bat

Full analysis: https://app.any.run/tasks/0501698c-4faa-4946-b2b4-749afa208de3
Verdict: Malicious activity
Analysis date: December 14, 2018, 11:20:14
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: text/plain
File info: ASCII text, with no line terminators
MD5:

3808D82ED52876C3DDA66FBF4CB142C8

SHA1:

224DCBC79590E1D4ABFDA3D17B083B333FA00980

SHA256:

11EA65B2709BB714F059CF53767F7EE5AE6DEFE5B5D548E32375E65571B66015

SSDEEP:

3:wZw:wq

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    No malicious indicators.

  • SUSPICIOUS

    • Starts CMD.EXE for commands execution

      • cmd.exe (PID: 3620)
      • cmd.exe (PID: 3168)
      • cmd.exe (PID: 3124)
      • cmd.exe (PID: 3064)
      • cmd.exe (PID: 2448)
      • cmd.exe (PID: 2384)
      • cmd.exe (PID: 3272)
      • cmd.exe (PID: 2620)
      • cmd.exe (PID: 2996)
      • cmd.exe (PID: 2268)
      • cmd.exe (PID: 2576)
      • cmd.exe (PID: 2396)
      • cmd.exe (PID: 2688)
      • cmd.exe (PID: 2560)
      • cmd.exe (PID: 2780)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 2768)
      • cmd.exe (PID: 3952)
      • cmd.exe (PID: 2608)
      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 2684)
      • cmd.exe (PID: 3628)
      • cmd.exe (PID: 2164)
      • cmd.exe (PID: 3192)
      • cmd.exe (PID: 2120)
      • cmd.exe (PID: 2836)
      • cmd.exe (PID: 3152)
      • cmd.exe (PID: 2992)
      • cmd.exe (PID: 3092)
      • cmd.exe (PID: 4024)
      • cmd.exe (PID: 3416)
      • cmd.exe (PID: 3232)
      • cmd.exe (PID: 2800)
      • cmd.exe (PID: 3096)
      • cmd.exe (PID: 2712)
      • cmd.exe (PID: 3516)
      • cmd.exe (PID: 2356)
      • cmd.exe (PID: 2152)
      • cmd.exe (PID: 2248)
      • cmd.exe (PID: 2528)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 2724)
      • cmd.exe (PID: 2888)
      • cmd.exe (PID: 3928)
      • cmd.exe (PID: 3472)
      • cmd.exe (PID: 3188)
      • cmd.exe (PID: 3744)
      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 2820)
      • cmd.exe (PID: 2476)
      • cmd.exe (PID: 1732)
      • cmd.exe (PID: 4056)
      • cmd.exe (PID: 2960)
      • cmd.exe (PID: 3196)
      • cmd.exe (PID: 2928)
      • cmd.exe (PID: 936)
      • cmd.exe (PID: 3552)
      • cmd.exe (PID: 2216)
      • cmd.exe (PID: 3280)
      • cmd.exe (PID: 3996)
      • cmd.exe (PID: 2060)
      • cmd.exe (PID: 3132)
      • cmd.exe (PID: 1236)
      • cmd.exe (PID: 3180)
      • cmd.exe (PID: 3008)
      • cmd.exe (PID: 2492)
      • cmd.exe (PID: 3468)
      • cmd.exe (PID: 3288)
      • cmd.exe (PID: 2896)
      • cmd.exe (PID: 3080)
      • cmd.exe (PID: 3776)
      • cmd.exe (PID: 3308)
      • cmd.exe (PID: 3860)
      • cmd.exe (PID: 2640)
      • cmd.exe (PID: 3476)
      • cmd.exe (PID: 3956)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 3520)
      • cmd.exe (PID: 3488)
      • cmd.exe (PID: 3204)
      • cmd.exe (PID: 2336)
      • cmd.exe (PID: 4004)
      • cmd.exe (PID: 2512)
      • cmd.exe (PID: 1488)
      • cmd.exe (PID: 2944)
      • cmd.exe (PID: 4032)
      • cmd.exe (PID: 2752)
      • cmd.exe (PID: 2468)
      • cmd.exe (PID: 3440)
      • cmd.exe (PID: 3392)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 1432)
      • cmd.exe (PID: 3896)
      • cmd.exe (PID: 3612)
      • cmd.exe (PID: 2536)
      • cmd.exe (PID: 3364)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 2428)
      • cmd.exe (PID: 2848)
      • cmd.exe (PID: 3108)
      • cmd.exe (PID: 3328)
      • cmd.exe (PID: 3748)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 2280)
      • cmd.exe (PID: 3608)
      • cmd.exe (PID: 3300)
      • cmd.exe (PID: 2196)
      • cmd.exe (PID: 3580)
      • cmd.exe (PID: 2440)
      • cmd.exe (PID: 3084)
      • cmd.exe (PID: 3548)
      • cmd.exe (PID: 3384)
      • cmd.exe (PID: 2904)
      • cmd.exe (PID: 2948)
      • cmd.exe (PID: 4052)
      • cmd.exe (PID: 3684)
      • cmd.exe (PID: 3144)
      • cmd.exe (PID: 3660)
      • cmd.exe (PID: 3876)
      • cmd.exe (PID: 2180)
      • cmd.exe (PID: 3256)
      • cmd.exe (PID: 3292)
      • cmd.exe (PID: 3708)
      • cmd.exe (PID: 2980)
      • cmd.exe (PID: 2644)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 2592)
      • cmd.exe (PID: 1964)
      • cmd.exe (PID: 3668)
      • cmd.exe (PID: 2368)
      • cmd.exe (PID: 2600)
      • cmd.exe (PID: 3532)
      • cmd.exe (PID: 3412)
      • cmd.exe (PID: 2412)
      • cmd.exe (PID: 2092)
      • cmd.exe (PID: 2208)
      • cmd.exe (PID: 2556)
      • cmd.exe (PID: 3160)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 3360)
      • cmd.exe (PID: 5260)
      • cmd.exe (PID: 2744)
      • cmd.exe (PID: 5248)
      • cmd.exe (PID: 5696)
      • cmd.exe (PID: 2652)
      • cmd.exe (PID: 3400)
      • cmd.exe (PID: 6084)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 2312)
      • cmd.exe (PID: 5972)
      • cmd.exe (PID: 4436)
      • cmd.exe (PID: 4264)
      • cmd.exe (PID: 5184)
      • cmd.exe (PID: 5656)
      • cmd.exe (PID: 5996)
      • cmd.exe (PID: 2796)
      • cmd.exe (PID: 5176)
      • cmd.exe (PID: 5508)
      • cmd.exe (PID: 5376)
      • cmd.exe (PID: 5856)
      • cmd.exe (PID: 2808)
      • cmd.exe (PID: 5728)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 5520)
      • cmd.exe (PID: 4848)
      • cmd.exe (PID: 4784)
      • cmd.exe (PID: 5464)
      • cmd.exe (PID: 5080)
      • cmd.exe (PID: 5500)
      • cmd.exe (PID: 5336)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 4348)
      • cmd.exe (PID: 4232)
      • cmd.exe (PID: 4208)
      • cmd.exe (PID: 4164)
      • cmd.exe (PID: 4988)
      • cmd.exe (PID: 5252)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 5648)
      • cmd.exe (PID: 2144)
      • cmd.exe (PID: 4824)
      • cmd.exe (PID: 4592)
      • cmd.exe (PID: 5688)
      • cmd.exe (PID: 6024)
      • cmd.exe (PID: 5836)
      • cmd.exe (PID: 6020)
      • cmd.exe (PID: 5396)
      • cmd.exe (PID: 4716)
      • cmd.exe (PID: 4756)
      • cmd.exe (PID: 5792)
      • cmd.exe (PID: 4732)
      • cmd.exe (PID: 6008)
      • cmd.exe (PID: 4844)
      • cmd.exe (PID: 4864)
      • cmd.exe (PID: 4920)
      • cmd.exe (PID: 4540)
      • cmd.exe (PID: 5036)
      • cmd.exe (PID: 4508)
      • cmd.exe (PID: 4684)
      • cmd.exe (PID: 4940)
      • cmd.exe (PID: 4924)
      • cmd.exe (PID: 3252)
      • cmd.exe (PID: 4612)
      • cmd.exe (PID: 4300)
      • cmd.exe (PID: 5112)
      • cmd.exe (PID: 5364)
      • cmd.exe (PID: 5412)
      • cmd.exe (PID: 5156)
      • cmd.exe (PID: 4324)
      • cmd.exe (PID: 5244)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 4532)
      • cmd.exe (PID: 4984)
      • cmd.exe (PID: 5780)
      • cmd.exe (PID: 5736)
      • cmd.exe (PID: 4464)
      • cmd.exe (PID: 4424)
      • cmd.exe (PID: 4356)
      • cmd.exe (PID: 4948)
      • cmd.exe (PID: 6076)
      • cmd.exe (PID: 4552)
      • cmd.exe (PID: 4600)
      • cmd.exe (PID: 5724)
      • cmd.exe (PID: 5600)
      • cmd.exe (PID: 4712)
      • cmd.exe (PID: 4440)
      • cmd.exe (PID: 4728)
      • cmd.exe (PID: 2580)
      • cmd.exe (PID: 5796)
      • cmd.exe (PID: 5132)
      • cmd.exe (PID: 5452)
      • cmd.exe (PID: 4976)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 5064)
      • cmd.exe (PID: 3656)
      • cmd.exe (PID: 4704)
      • cmd.exe (PID: 5816)
      • cmd.exe (PID: 5488)
      • cmd.exe (PID: 4760)
      • cmd.exe (PID: 5192)
      • cmd.exe (PID: 4568)
      • cmd.exe (PID: 3260)
      • cmd.exe (PID: 4280)
      • cmd.exe (PID: 4484)
      • cmd.exe (PID: 2000)
      • cmd.exe (PID: 4772)
      • cmd.exe (PID: 6060)
      • cmd.exe (PID: 4884)
      • cmd.exe (PID: 5404)
      • cmd.exe (PID: 5016)
      • cmd.exe (PID: 4156)
      • cmd.exe (PID: 5984)
      • cmd.exe (PID: 5240)
      • cmd.exe (PID: 4580)
      • cmd.exe (PID: 5164)
      • cmd.exe (PID: 2344)
      • cmd.exe (PID: 5172)
      • cmd.exe (PID: 4980)
      • cmd.exe (PID: 4820)
      • cmd.exe (PID: 4968)
      • cmd.exe (PID: 4236)
      • cmd.exe (PID: 6056)
      • cmd.exe (PID: 4380)
      • cmd.exe (PID: 4636)
      • cmd.exe (PID: 5504)
      • cmd.exe (PID: 5704)
      • cmd.exe (PID: 4964)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5516)
      • cmd.exe (PID: 5772)
      • cmd.exe (PID: 5456)
      • cmd.exe (PID: 5368)
      • cmd.exe (PID: 4520)
      • cmd.exe (PID: 6032)
      • cmd.exe (PID: 5328)
      • cmd.exe (PID: 3012)
      • cmd.exe (PID: 4204)
      • cmd.exe (PID: 4136)
      • cmd.exe (PID: 3116)
      • cmd.exe (PID: 4100)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 3636)
      • cmd.exe (PID: 4936)
      • cmd.exe (PID: 4504)
      • cmd.exe (PID: 5644)
      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 4656)
      • cmd.exe (PID: 7944)
      • cmd.exe (PID: 7556)
      • cmd.exe (PID: 6048)
      • cmd.exe (PID: 7852)
      • cmd.exe (PID: 7204)
      • cmd.exe (PID: 7076)
      • cmd.exe (PID: 7916)
      • cmd.exe (PID: 7084)
      • cmd.exe (PID: 7620)
      • cmd.exe (PID: 6184)
      • cmd.exe (PID: 7836)
      • cmd.exe (PID: 6304)
      • cmd.exe (PID: 4720)
      • cmd.exe (PID: 7108)
      • cmd.exe (PID: 7176)
      • cmd.exe (PID: 6216)
      • cmd.exe (PID: 7064)
      • cmd.exe (PID: 7148)
      • cmd.exe (PID: 7088)
      • cmd.exe (PID: 6448)
      • cmd.exe (PID: 5040)
      • cmd.exe (PID: 7332)
      • cmd.exe (PID: 2364)
      • cmd.exe (PID: 7792)
      • cmd.exe (PID: 6488)
      • cmd.exe (PID: 7704)
      • cmd.exe (PID: 8108)
      • cmd.exe (PID: 2372)
      • cmd.exe (PID: 7744)
      • cmd.exe (PID: 5552)
      • cmd.exe (PID: 7268)
      • cmd.exe (PID: 6200)
      • cmd.exe (PID: 6688)
      • cmd.exe (PID: 6856)
      • cmd.exe (PID: 7024)
      • cmd.exe (PID: 7292)
      • cmd.exe (PID: 7964)
      • cmd.exe (PID: 5532)
      • cmd.exe (PID: 7260)
      • cmd.exe (PID: 7232)

    • Application launched itself

      • cmd.exe (PID: 2620)
      • cmd.exe (PID: 2396)
      • cmd.exe (PID: 2688)
      • cmd.exe (PID: 2996)
      • cmd.exe (PID: 2268)
      • cmd.exe (PID: 2780)
      • cmd.exe (PID: 2560)
      • cmd.exe (PID: 1748)
      • cmd.exe (PID: 2768)
      • cmd.exe (PID: 2684)
      • cmd.exe (PID: 2220)
      • cmd.exe (PID: 3192)
      • cmd.exe (PID: 2800)
      • cmd.exe (PID: 2836)
      • cmd.exe (PID: 2120)
      • cmd.exe (PID: 3092)
      • cmd.exe (PID: 4024)
      • cmd.exe (PID: 3096)
      • cmd.exe (PID: 2712)
      • cmd.exe (PID: 2992)
      • cmd.exe (PID: 3472)
      • cmd.exe (PID: 2724)
      • cmd.exe (PID: 2888)
      • cmd.exe (PID: 2528)
      • cmd.exe (PID: 3188)
      • cmd.exe (PID: 3744)
      • cmd.exe (PID: 3940)
      • cmd.exe (PID: 3984)
      • cmd.exe (PID: 3928)
      • cmd.exe (PID: 2960)
      • cmd.exe (PID: 1732)
      • cmd.exe (PID: 3552)
      • cmd.exe (PID: 2216)
      • cmd.exe (PID: 3196)
      • cmd.exe (PID: 2820)
      • cmd.exe (PID: 4056)
      • cmd.exe (PID: 2476)
      • cmd.exe (PID: 2060)
      • cmd.exe (PID: 3996)
      • cmd.exe (PID: 3280)
      • cmd.exe (PID: 2928)
      • cmd.exe (PID: 936)
      • cmd.exe (PID: 3180)
      • cmd.exe (PID: 3132)
      • cmd.exe (PID: 1236)
      • cmd.exe (PID: 3008)
      • cmd.exe (PID: 2492)
      • cmd.exe (PID: 3776)
      • cmd.exe (PID: 2896)
      • cmd.exe (PID: 3288)
      • cmd.exe (PID: 3080)
      • cmd.exe (PID: 3204)
      • cmd.exe (PID: 3308)
      • cmd.exe (PID: 3860)
      • cmd.exe (PID: 2640)
      • cmd.exe (PID: 3468)
      • cmd.exe (PID: 3476)
      • cmd.exe (PID: 2512)
      • cmd.exe (PID: 2468)
      • cmd.exe (PID: 2336)
      • cmd.exe (PID: 4004)
      • cmd.exe (PID: 3956)
      • cmd.exe (PID: 3436)
      • cmd.exe (PID: 3392)
      • cmd.exe (PID: 3520)
      • cmd.exe (PID: 956)
      • cmd.exe (PID: 4032)
      • cmd.exe (PID: 1488)
      • cmd.exe (PID: 3488)
      • cmd.exe (PID: 3440)
      • cmd.exe (PID: 2944)
      • cmd.exe (PID: 3364)
      • cmd.exe (PID: 1432)
      • cmd.exe (PID: 2244)
      • cmd.exe (PID: 2280)
      • cmd.exe (PID: 3896)
      • cmd.exe (PID: 3276)
      • cmd.exe (PID: 3608)
      • cmd.exe (PID: 2752)
      • cmd.exe (PID: 3612)
      • cmd.exe (PID: 2536)
      • cmd.exe (PID: 3108)
      • cmd.exe (PID: 3328)
      • cmd.exe (PID: 3384)
      • cmd.exe (PID: 2904)
      • cmd.exe (PID: 2948)
      • cmd.exe (PID: 2428)
      • cmd.exe (PID: 2848)
      • cmd.exe (PID: 3748)
      • cmd.exe (PID: 3580)
      • cmd.exe (PID: 3084)
      • cmd.exe (PID: 3548)
      • cmd.exe (PID: 2440)
      • cmd.exe (PID: 3300)
      • cmd.exe (PID: 2196)
      • cmd.exe (PID: 4052)
      • cmd.exe (PID: 3876)
      • cmd.exe (PID: 3256)
      • cmd.exe (PID: 3668)
      • cmd.exe (PID: 3292)
      • cmd.exe (PID: 3144)
      • cmd.exe (PID: 3684)
      • cmd.exe (PID: 3660)
      • cmd.exe (PID: 2180)
      • cmd.exe (PID: 3708)
      • cmd.exe (PID: 2592)
      • cmd.exe (PID: 3156)
      • cmd.exe (PID: 1964)
      • cmd.exe (PID: 2556)
      • cmd.exe (PID: 2368)
      • cmd.exe (PID: 2980)
      • cmd.exe (PID: 2644)
      • cmd.exe (PID: 2412)
      • cmd.exe (PID: 3532)
      • cmd.exe (PID: 2092)
      • cmd.exe (PID: 2208)
      • cmd.exe (PID: 2652)
      • cmd.exe (PID: 3160)
      • cmd.exe (PID: 2600)
      • cmd.exe (PID: 3412)
      • cmd.exe (PID: 2744)
      • cmd.exe (PID: 5260)
      • cmd.exe (PID: 5248)
      • cmd.exe (PID: 5696)
      • cmd.exe (PID: 5656)
      • cmd.exe (PID: 2328)
      • cmd.exe (PID: 3360)
      • cmd.exe (PID: 3400)
      • cmd.exe (PID: 5960)
      • cmd.exe (PID: 2312)
      • cmd.exe (PID: 5972)
      • cmd.exe (PID: 4436)
      • cmd.exe (PID: 4264)
      • cmd.exe (PID: 2796)
      • cmd.exe (PID: 5184)
      • cmd.exe (PID: 5176)
      • cmd.exe (PID: 5996)
      • cmd.exe (PID: 6084)
      • cmd.exe (PID: 5508)
      • cmd.exe (PID: 5856)
      • cmd.exe (PID: 5728)
      • cmd.exe (PID: 3296)
      • cmd.exe (PID: 5520)
      • cmd.exe (PID: 5376)
      • cmd.exe (PID: 5080)
      • cmd.exe (PID: 4232)
      • cmd.exe (PID: 5648)
      • cmd.exe (PID: 5320)
      • cmd.exe (PID: 4348)
      • cmd.exe (PID: 4848)
      • cmd.exe (PID: 2808)
      • cmd.exe (PID: 5500)
      • cmd.exe (PID: 5336)
      • cmd.exe (PID: 4988)
      • cmd.exe (PID: 5396)
      • cmd.exe (PID: 2144)
      • cmd.exe (PID: 4208)
      • cmd.exe (PID: 4164)
      • cmd.exe (PID: 5252)
      • cmd.exe (PID: 5220)
      • cmd.exe (PID: 5836)
      • cmd.exe (PID: 6024)
      • cmd.exe (PID: 6020)
      • cmd.exe (PID: 4716)
      • cmd.exe (PID: 4784)
      • cmd.exe (PID: 4824)
      • cmd.exe (PID: 5464)
      • cmd.exe (PID: 5036)
      • cmd.exe (PID: 5792)
      • cmd.exe (PID: 6008)
      • cmd.exe (PID: 4844)
      • cmd.exe (PID: 4864)
      • cmd.exe (PID: 4920)
      • cmd.exe (PID: 4540)
      • cmd.exe (PID: 4732)
      • cmd.exe (PID: 4508)
      • cmd.exe (PID: 5688)
      • cmd.exe (PID: 4756)
      • cmd.exe (PID: 4924)
      • cmd.exe (PID: 4592)
      • cmd.exe (PID: 4940)
      • cmd.exe (PID: 4612)
      • cmd.exe (PID: 4300)
      • cmd.exe (PID: 4684)
      • cmd.exe (PID: 4424)
      • cmd.exe (PID: 4180)
      • cmd.exe (PID: 5736)
      • cmd.exe (PID: 4464)
      • cmd.exe (PID: 5156)
      • cmd.exe (PID: 5724)
      • cmd.exe (PID: 5780)
      • cmd.exe (PID: 4600)
      • cmd.exe (PID: 5364)
      • cmd.exe (PID: 4776)
      • cmd.exe (PID: 4712)
      • cmd.exe (PID: 4356)
      • cmd.exe (PID: 4532)
      • cmd.exe (PID: 4948)
      • cmd.exe (PID: 5600)
      • cmd.exe (PID: 5244)
      • cmd.exe (PID: 6076)
      • cmd.exe (PID: 2580)
      • cmd.exe (PID: 5132)
      • cmd.exe (PID: 4552)
      • cmd.exe (PID: 5452)
      • cmd.exe (PID: 4984)
      • cmd.exe (PID: 4440)
      • cmd.exe (PID: 5112)
      • cmd.exe (PID: 5796)
      • cmd.exe (PID: 4324)
      • cmd.exe (PID: 3252)
      • cmd.exe (PID: 4728)
      • cmd.exe (PID: 2000)
      • cmd.exe (PID: 5816)
      • cmd.exe (PID: 4976)
      • cmd.exe (PID: 5488)
      • cmd.exe (PID: 5064)
      • cmd.exe (PID: 5412)
      • cmd.exe (PID: 4704)
      • cmd.exe (PID: 3656)
      • cmd.exe (PID: 4568)
      • cmd.exe (PID: 3260)
      • cmd.exe (PID: 6060)
      • cmd.exe (PID: 4280)
      • cmd.exe (PID: 4484)
      • cmd.exe (PID: 4580)
      • cmd.exe (PID: 4760)
      • cmd.exe (PID: 4772)
      • cmd.exe (PID: 5192)
      • cmd.exe (PID: 4156)
      • cmd.exe (PID: 5016)
      • cmd.exe (PID: 4884)
      • cmd.exe (PID: 5984)
      • cmd.exe (PID: 4980)
      • cmd.exe (PID: 4820)
      • cmd.exe (PID: 5404)
      • cmd.exe (PID: 5240)
      • cmd.exe (PID: 5172)
      • cmd.exe (PID: 5164)
      • cmd.exe (PID: 6116)
      • cmd.exe (PID: 5772)
      • cmd.exe (PID: 4964)
      • cmd.exe (PID: 4968)
      • cmd.exe (PID: 4236)
      • cmd.exe (PID: 2344)
      • cmd.exe (PID: 6056)
      • cmd.exe (PID: 4636)
      • cmd.exe (PID: 5504)
      • cmd.exe (PID: 4380)
      • cmd.exe (PID: 5704)
      • cmd.exe (PID: 5516)
      • cmd.exe (PID: 5456)
      • cmd.exe (PID: 5328)
      • cmd.exe (PID: 5368)
      • cmd.exe (PID: 3012)
      • cmd.exe (PID: 5644)
      • cmd.exe (PID: 4136)
      • cmd.exe (PID: 3116)
      • cmd.exe (PID: 4520)
      • cmd.exe (PID: 6032)
      • cmd.exe (PID: 4100)
      • cmd.exe (PID: 4192)
      • cmd.exe (PID: 4504)
      • cmd.exe (PID: 3636)
      • cmd.exe (PID: 4936)
      • cmd.exe (PID: 6048)
      • cmd.exe (PID: 4204)
      • cmd.exe (PID: 5208)
      • cmd.exe (PID: 5744)
      • cmd.exe (PID: 7204)
      • cmd.exe (PID: 7944)
      • cmd.exe (PID: 7076)
      • cmd.exe (PID: 7556)
      • cmd.exe (PID: 6184)
      • cmd.exe (PID: 7852)
      • cmd.exe (PID: 4656)
      • cmd.exe (PID: 6448)
      • cmd.exe (PID: 7064)
      • cmd.exe (PID: 7084)
      • cmd.exe (PID: 6216)
      • cmd.exe (PID: 7620)
      • cmd.exe (PID: 7836)
      • cmd.exe (PID: 6304)
      • cmd.exe (PID: 7916)
      • cmd.exe (PID: 7108)
      • cmd.exe (PID: 5040)
      • cmd.exe (PID: 7176)
      • cmd.exe (PID: 7148)
      • cmd.exe (PID: 4720)
      • cmd.exe (PID: 7088)
      • cmd.exe (PID: 6488)
      • cmd.exe (PID: 6856)
      • cmd.exe (PID: 7024)
      • cmd.exe (PID: 7704)
      • cmd.exe (PID: 8108)
      • cmd.exe (PID: 7332)
      • cmd.exe (PID: 2364)
      • cmd.exe (PID: 7792)
      • cmd.exe (PID: 6200)
      • cmd.exe (PID: 5532)
      • cmd.exe (PID: 2372)
      • cmd.exe (PID: 7744)
      • cmd.exe (PID: 5552)
      • cmd.exe (PID: 7268)
      • cmd.exe (PID: 6688)
      • cmd.exe (PID: 7964)
      • cmd.exe (PID: 5060)
      • cmd.exe (PID: 7784)
      • cmd.exe (PID: 6232)
      • cmd.exe (PID: 7208)
      • cmd.exe (PID: 7260)
      • cmd.exe (PID: 7232)
      • cmd.exe (PID: 7292)
      • cmd.exe (PID: 6744)
      • cmd.exe (PID: 7516)
      • cmd.exe (PID: 7168)

  • INFO

    No info indicators.
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.
No data.
screenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
690
Monitored processes
660
Malicious processes
163
Suspicious processes
157

Behavior graph

Click at the process to see the details
start cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs cmd.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
936C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
956C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1236C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1432C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1488C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1596C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1732C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1748C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1964C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2000C:\Windows\system32\cmd.exe /S /D /c" "C:\Users\admin\AppData\Local\Temp\1.bat""C:\Windows\system32\cmd.execmd.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Command Processor
Exit code:
0
Version:
6.1.7601.17514 (win7sp1_rtm.101119-1850)
Modules
Images
c:\windows\system32\cmd.exe
c:\systemroot\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\winbrand.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
2 412
Read events
2 412
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
0
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

No data

DNS requests

No data

Threats

No threats detected
No debug info