| File name: | DELmE's Batch Virus Generator v 2.0.exe |
| Full analysis: | https://app.any.run/tasks/258dc14a-864a-4d25-8dfc-85e4d1819f82 |
| Verdict: | Malicious activity |
| Analysis date: | February 04, 2024, 19:26:49 |
| OS: | Windows 7 Professional Service Pack 1 (build: 7601, 32 bit) |
| Indicators: | |
| MIME: | application/x-dosexec |
| File info: | PE32 executable (GUI) Intel 80386, for MS Windows, UPX compressed |
| MD5: | 75256220B5BFC94348A32685985AF787 |
| SHA1: | A63E1EBA08E1D0B520CA5E3BA92D07D0E938F430 |
| SHA256: | D6A5B4AC0B84250C190475874969626DC170ACE6F51CCD9E5DEA2D133FC377D5 |
| SSDEEP: | 6144:ElZ/zUMu4pDSxsCMRzf7x3SfS1JAzXBtL76lZMfIGgO6v0El0oVirFA2ebhCU:EHLUMuiv9RgfSjAzRtySBgO68eKC2LU |
MALICIOUS
Drops the executable file immediately after the start
- DELmE's Batch Virus Generator v 2.0.exe (PID: 1380)
Actions looks like stealing of personal data
- cmd.exe (PID: 2436)
- cmd.exe (PID: 3920)
SUSPICIOUS
Uses REG/REGEDIT.EXE to modify registry
- cmd.exe (PID: 3584)
- cmd.exe (PID: 3728)
- cmd.exe (PID: 3920)
- cmd.exe (PID: 3708)
- cmd.exe (PID: 2920)
- cmd.exe (PID: 3228)
- cmd.exe (PID: 2848)
- cmd.exe (PID: 3944)
- cmd.exe (PID: 4004)
- cmd.exe (PID: 120)
- cmd.exe (PID: 3996)
- cmd.exe (PID: 2860)
- cmd.exe (PID: 2756)
- cmd.exe (PID: 2844)
- cmd.exe (PID: 3464)
- cmd.exe (PID: 4008)
- cmd.exe (PID: 1040)
- cmd.exe (PID: 2636)
- cmd.exe (PID: 3892)
- cmd.exe (PID: 1824)
- cmd.exe (PID: 1928)
- cmd.exe (PID: 1772)
- cmd.exe (PID: 2744)
- cmd.exe (PID: 2972)
- cmd.exe (PID: 2728)
- cmd.exe (PID: 3980)
- cmd.exe (PID: 2344)
- cmd.exe (PID: 552)
- cmd.exe (PID: 3028)
- cmd.exe (PID: 1544)
- cmd.exe (PID: 1848)
- cmd.exe (PID: 3256)
- cmd.exe (PID: 3728)
- cmd.exe (PID: 2496)
- cmd.exe (PID: 3224)
- cmd.exe (PID: 2056)
- cmd.exe (PID: 2452)
- cmd.exe (PID: 2980)
- cmd.exe (PID: 1592)
- cmd.exe (PID: 2512)
- cmd.exe (PID: 3680)
- cmd.exe (PID: 3364)
- cmd.exe (PID: 2760)
- cmd.exe (PID: 4040)
- cmd.exe (PID: 3096)
- cmd.exe (PID: 2240)
- cmd.exe (PID: 3508)
- cmd.exe (PID: 956)
- cmd.exe (PID: 2384)
- cmd.exe (PID: 2060)
- cmd.exe (PID: 3056)
- cmd.exe (PID: 2024)
- cmd.exe (PID: 2592)
- cmd.exe (PID: 4136)
- cmd.exe (PID: 2976)
- cmd.exe (PID: 3212)
- cmd.exe (PID: 3272)
- cmd.exe (PID: 3060)
- cmd.exe (PID: 3840)
- cmd.exe (PID: 4068)
- cmd.exe (PID: 2940)
- cmd.exe (PID: 2028)
- cmd.exe (PID: 3596)
- cmd.exe (PID: 2564)
- cmd.exe (PID: 2160)
- cmd.exe (PID: 2312)
- cmd.exe (PID: 3104)
- cmd.exe (PID: 2208)
- cmd.exe (PID: 3268)
- cmd.exe (PID: 3200)
- cmd.exe (PID: 3556)
- cmd.exe (PID: 2912)
- cmd.exe (PID: 372)
- cmd.exe (PID: 1780)
- cmd.exe (PID: 4012)
- cmd.exe (PID: 3320)
- cmd.exe (PID: 1864)
- cmd.exe (PID: 1624)
- cmd.exe (PID: 2052)
- cmd.exe (PID: 3784)
- cmd.exe (PID: 584)
- cmd.exe (PID: 2596)
- cmd.exe (PID: 1484)
- cmd.exe (PID: 3976)
- cmd.exe (PID: 3344)
- cmd.exe (PID: 3260)
- cmd.exe (PID: 448)
- cmd.exe (PID: 1584)
- cmd.exe (PID: 4884)
- cmd.exe (PID: 5780)
- cmd.exe (PID: 3764)
- cmd.exe (PID: 2836)
- cmd.exe (PID: 5436)
- cmd.exe (PID: 5220)
- cmd.exe (PID: 4904)
- cmd.exe (PID: 5516)
- cmd.exe (PID: 5524)
- cmd.exe (PID: 5592)
- cmd.exe (PID: 5100)
- cmd.exe (PID: 4848)
- cmd.exe (PID: 5912)
- cmd.exe (PID: 5040)
- cmd.exe (PID: 5468)
- cmd.exe (PID: 4120)
- cmd.exe (PID: 4332)
- cmd.exe (PID: 4704)
- cmd.exe (PID: 5172)
- cmd.exe (PID: 4920)
- cmd.exe (PID: 6108)
- cmd.exe (PID: 5384)
- cmd.exe (PID: 4656)
- cmd.exe (PID: 5156)
- cmd.exe (PID: 5180)
- cmd.exe (PID: 1308)
- cmd.exe (PID: 5288)
- cmd.exe (PID: 4796)
- cmd.exe (PID: 5052)
- cmd.exe (PID: 5604)
- cmd.exe (PID: 5000)
- cmd.exe (PID: 5836)
- cmd.exe (PID: 5124)
- cmd.exe (PID: 4496)
- cmd.exe (PID: 3796)
- cmd.exe (PID: 5008)
- cmd.exe (PID: 4956)
- cmd.exe (PID: 5016)
- cmd.exe (PID: 5788)
- cmd.exe (PID: 4992)
- cmd.exe (PID: 4292)
- cmd.exe (PID: 5324)
- cmd.exe (PID: 4288)
- cmd.exe (PID: 5316)
- cmd.exe (PID: 696)
- cmd.exe (PID: 5792)
- cmd.exe (PID: 4372)
- cmd.exe (PID: 5708)
- cmd.exe (PID: 4468)
- cmd.exe (PID: 2360)
- cmd.exe (PID: 4444)
- cmd.exe (PID: 6088)
- cmd.exe (PID: 4160)
- cmd.exe (PID: 4648)
- cmd.exe (PID: 5732)
- cmd.exe (PID: 4380)
- cmd.exe (PID: 5688)
- cmd.exe (PID: 5304)
- cmd.exe (PID: 2692)
- cmd.exe (PID: 4192)
- cmd.exe (PID: 6012)
- cmd.exe (PID: 5940)
- cmd.exe (PID: 4316)
- cmd.exe (PID: 6116)
- cmd.exe (PID: 5920)
- cmd.exe (PID: 5968)
- cmd.exe (PID: 3960)
- cmd.exe (PID: 5096)
- cmd.exe (PID: 4264)
- cmd.exe (PID: 5552)
- cmd.exe (PID: 5992)
- cmd.exe (PID: 2832)
- cmd.exe (PID: 4536)
- cmd.exe (PID: 5868)
- cmd.exe (PID: 5440)
- cmd.exe (PID: 4488)
- cmd.exe (PID: 5600)
- cmd.exe (PID: 3640)
- cmd.exe (PID: 6424)
- cmd.exe (PID: 2944)
- cmd.exe (PID: 4632)
- cmd.exe (PID: 6660)
- cmd.exe (PID: 3384)
- cmd.exe (PID: 4740)
- cmd.exe (PID: 6352)
- cmd.exe (PID: 4720)
- cmd.exe (PID: 1816)
- cmd.exe (PID: 5480)
- cmd.exe (PID: 6376)
- cmd.exe (PID: 5408)
- cmd.exe (PID: 5064)
- cmd.exe (PID: 5556)
- cmd.exe (PID: 796)
- cmd.exe (PID: 5056)
- cmd.exe (PID: 4128)
- cmd.exe (PID: 4696)
- cmd.exe (PID: 6228)
- cmd.exe (PID: 4856)
- cmd.exe (PID: 6192)
- cmd.exe (PID: 6152)
- cmd.exe (PID: 2876)
- cmd.exe (PID: 6552)
- cmd.exe (PID: 4428)
- cmd.exe (PID: 6616)
- cmd.exe (PID: 5696)
- cmd.exe (PID: 6292)
- cmd.exe (PID: 6648)
- cmd.exe (PID: 6260)
- cmd.exe (PID: 6344)
- cmd.exe (PID: 6584)
- cmd.exe (PID: 4896)
- cmd.exe (PID: 7148)
- cmd.exe (PID: 7156)
- cmd.exe (PID: 7488)
- cmd.exe (PID: 7180)
- cmd.exe (PID: 7244)
- cmd.exe (PID: 7172)
- cmd.exe (PID: 7684)
- cmd.exe (PID: 6560)
- cmd.exe (PID: 7500)
- cmd.exe (PID: 7544)
- cmd.exe (PID: 7552)
- cmd.exe (PID: 7860)
- cmd.exe (PID: 7852)
- cmd.exe (PID: 6224)
- cmd.exe (PID: 8104)
- cmd.exe (PID: 7920)
- cmd.exe (PID: 6120)
- cmd.exe (PID: 6332)
- cmd.exe (PID: 8048)
- cmd.exe (PID: 8056)
- cmd.exe (PID: 6248)
- cmd.exe (PID: 7988)
- cmd.exe (PID: 5676)
- cmd.exe (PID: 5636)
- cmd.exe (PID: 6976)
- cmd.exe (PID: 6628)
- cmd.exe (PID: 6372)
- cmd.exe (PID: 5628)
- cmd.exe (PID: 6132)
- cmd.exe (PID: 6452)
- cmd.exe (PID: 5540)
- cmd.exe (PID: 6216)
- cmd.exe (PID: 8152)
- cmd.exe (PID: 7900)
- cmd.exe (PID: 8076)
- cmd.exe (PID: 6404)
- cmd.exe (PID: 5804)
- cmd.exe (PID: 5952)
- cmd.exe (PID: 5588)
- cmd.exe (PID: 6984)
- cmd.exe (PID: 7008)
- cmd.exe (PID: 5568)
- cmd.exe (PID: 7476)
- cmd.exe (PID: 6516)
- cmd.exe (PID: 7480)
- cmd.exe (PID: 4964)
- cmd.exe (PID: 5748)
- cmd.exe (PID: 5512)
- cmd.exe (PID: 5980)
- cmd.exe (PID: 7368)
- cmd.exe (PID: 8280)
- cmd.exe (PID: 8540)
- cmd.exe (PID: 5380)
- cmd.exe (PID: 8528)
- cmd.exe (PID: 9360)
- cmd.exe (PID: 7932)
- cmd.exe (PID: 8312)
- cmd.exe (PID: 9156)
- cmd.exe (PID: 880)
- cmd.exe (PID: 9076)
- cmd.exe (PID: 8956)
- cmd.exe (PID: 8996)
- cmd.exe (PID: 9148)
- cmd.exe (PID: 9172)
- cmd.exe (PID: 9196)
- cmd.exe (PID: 6472)
- cmd.exe (PID: 9180)
- cmd.exe (PID: 8972)
- cmd.exe (PID: 9188)
- cmd.exe (PID: 9052)
- cmd.exe (PID: 8988)
- cmd.exe (PID: 9140)
- cmd.exe (PID: 9392)
- cmd.exe (PID: 8120)
- cmd.exe (PID: 9092)
- cmd.exe (PID: 9376)
- cmd.exe (PID: 9292)
- cmd.exe (PID: 10676)
- cmd.exe (PID: 9020)
- cmd.exe (PID: 12228)
- cmd.exe (PID: 10916)
- cmd.exe (PID: 11204)
- cmd.exe (PID: 11848)
- cmd.exe (PID: 11076)
- cmd.exe (PID: 9884)
- cmd.exe (PID: 9500)
- cmd.exe (PID: 14324)
- cmd.exe (PID: 10652)
- cmd.exe (PID: 11712)
- cmd.exe (PID: 11068)
- cmd.exe (PID: 9368)
- cmd.exe (PID: 9408)
- cmd.exe (PID: 9448)
- cmd.exe (PID: 11808)
- cmd.exe (PID: 10972)
- cmd.exe (PID: 9328)
- cmd.exe (PID: 8740)
- cmd.exe (PID: 14204)
- cmd.exe (PID: 10524)
- cmd.exe (PID: 9964)
- cmd.exe (PID: 11476)
- cmd.exe (PID: 9456)
- cmd.exe (PID: 10932)
- cmd.exe (PID: 11028)
- cmd.exe (PID: 12984)
- cmd.exe (PID: 11228)
- cmd.exe (PID: 11768)
- cmd.exe (PID: 13572)
- cmd.exe (PID: 10516)
- cmd.exe (PID: 9316)
- cmd.exe (PID: 9984)
- cmd.exe (PID: 9336)
- cmd.exe (PID: 10956)
- cmd.exe (PID: 11776)
- cmd.exe (PID: 11744)
- cmd.exe (PID: 13944)
- cmd.exe (PID: 11220)
- cmd.exe (PID: 11020)
- cmd.exe (PID: 10604)
- cmd.exe (PID: 10612)
- cmd.exe (PID: 11484)
- cmd.exe (PID: 11800)
- cmd.exe (PID: 10568)
- cmd.exe (PID: 11388)
- cmd.exe (PID: 8716)
- cmd.exe (PID: 8696)
- cmd.exe (PID: 11444)
- cmd.exe (PID: 11516)
- cmd.exe (PID: 5484)
- cmd.exe (PID: 14300)
- cmd.exe (PID: 13912)
- cmd.exe (PID: 11532)
- cmd.exe (PID: 10192)
- cmd.exe (PID: 8784)
- cmd.exe (PID: 11088)
- cmd.exe (PID: 10576)
- cmd.exe (PID: 10144)
- cmd.exe (PID: 11004)
- cmd.exe (PID: 10684)
- cmd.exe (PID: 8128)
- cmd.exe (PID: 14044)
- cmd.exe (PID: 13632)
- cmd.exe (PID: 14188)
- cmd.exe (PID: 9976)
- cmd.exe (PID: 8764)
- cmd.exe (PID: 11760)
- cmd.exe (PID: 10964)
- cmd.exe (PID: 10584)
- cmd.exe (PID: 10216)
- cmd.exe (PID: 8772)
- cmd.exe (PID: 9416)
- cmd.exe (PID: 10628)
- cmd.exe (PID: 14004)
- cmd.exe (PID: 10560)
- cmd.exe (PID: 13616)
- cmd.exe (PID: 9308)
- cmd.exe (PID: 12116)
- cmd.exe (PID: 11012)
- cmd.exe (PID: 11684)
- cmd.exe (PID: 11792)
- cmd.exe (PID: 7512)
- cmd.exe (PID: 11412)
- cmd.exe (PID: 11156)
- cmd.exe (PID: 11604)
- cmd.exe (PID: 14212)
- cmd.exe (PID: 10988)
- cmd.exe (PID: 10552)
- cmd.exe (PID: 14220)
- cmd.exe (PID: 8792)
- cmd.exe (PID: 11428)
- cmd.exe (PID: 13648)
- cmd.exe (PID: 13904)
- cmd.exe (PID: 10948)
- cmd.exe (PID: 10592)
- cmd.exe (PID: 10924)
- cmd.exe (PID: 14180)
- cmd.exe (PID: 10076)
- cmd.exe (PID: 10460)
- cmd.exe (PID: 10024)
- cmd.exe (PID: 12968)
- cmd.exe (PID: 14172)
- cmd.exe (PID: 9352)
- cmd.exe (PID: 11824)
- cmd.exe (PID: 10016)
- cmd.exe (PID: 10620)
- cmd.exe (PID: 12972)
- cmd.exe (PID: 14196)
- cmd.exe (PID: 11816)
- cmd.exe (PID: 8124)
- cmd.exe (PID: 13608)
- cmd.exe (PID: 11468)
- cmd.exe (PID: 11420)
- cmd.exe (PID: 14268)
- cmd.exe (PID: 11860)
- cmd.exe (PID: 11404)
- cmd.exe (PID: 10116)
- cmd.exe (PID: 11276)
- cmd.exe (PID: 7980)
- cmd.exe (PID: 14308)
- cmd.exe (PID: 11832)
- cmd.exe (PID: 9164)
- cmd.exe (PID: 9300)
- cmd.exe (PID: 10008)
- cmd.exe (PID: 9344)
- cmd.exe (PID: 10940)
- cmd.exe (PID: 13640)
- cmd.exe (PID: 10540)
- cmd.exe (PID: 11984)
- cmd.exe (PID: 14316)
- cmd.exe (PID: 9084)
- cmd.exe (PID: 11752)
- cmd.exe (PID: 4972)
- cmd.exe (PID: 11548)
- cmd.exe (PID: 8668)
- cmd.exe (PID: 11876)
- cmd.exe (PID: 11868)
- cmd.exe (PID: 10532)
- cmd.exe (PID: 13624)
- cmd.exe (PID: 10168)
- cmd.exe (PID: 11372)
- cmd.exe (PID: 8524)
- cmd.exe (PID: 11784)
- cmd.exe (PID: 14012)
- cmd.exe (PID: 10980)
- cmd.exe (PID: 7960)
- cmd.exe (PID: 13468)
- cmd.exe (PID: 12956)
- cmd.exe (PID: 8452)
- cmd.exe (PID: 12960)
- cmd.exe (PID: 12792)
- cmd.exe (PID: 9728)
- cmd.exe (PID: 10996)
- cmd.exe (PID: 13880)
- cmd.exe (PID: 9384)
- cmd.exe (PID: 11588)
- cmd.exe (PID: 7572)
- cmd.exe (PID: 10152)
- cmd.exe (PID: 12952)
- cmd.exe (PID: 13476)
- cmd.exe (PID: 9532)
- cmd.exe (PID: 12988)
- cmd.exe (PID: 12264)
- cmd.exe (PID: 12248)
- cmd.exe (PID: 8684)
- cmd.exe (PID: 11124)
- cmd.exe (PID: 13580)
- cmd.exe (PID: 1408)
- cmd.exe (PID: 11980)
- cmd.exe (PID: 13544)
- cmd.exe (PID: 10800)
- cmd.exe (PID: 12964)
- cmd.exe (PID: 12976)
- cmd.exe (PID: 12980)
- cmd.exe (PID: 9932)
- cmd.exe (PID: 11120)
- cmd.exe (PID: 12280)
- cmd.exe (PID: 13860)
- cmd.exe (PID: 14996)
- cmd.exe (PID: 13168)
- cmd.exe (PID: 8232)
- cmd.exe (PID: 8112)
- cmd.exe (PID: 13900)
- cmd.exe (PID: 10716)
- cmd.exe (PID: 12036)
- cmd.exe (PID: 13892)
- cmd.exe (PID: 8492)
- cmd.exe (PID: 11668)
- cmd.exe (PID: 12600)
- cmd.exe (PID: 14772)
- cmd.exe (PID: 14508)
- cmd.exe (PID: 13940)
- cmd.exe (PID: 15012)
- cmd.exe (PID: 14232)
- cmd.exe (PID: 14540)
- cmd.exe (PID: 15192)
- cmd.exe (PID: 8196)
- cmd.exe (PID: 12500)
- cmd.exe (PID: 14764)
- cmd.exe (PID: 14780)
- cmd.exe (PID: 14516)
- cmd.exe (PID: 7748)
- cmd.exe (PID: 13516)
- cmd.exe (PID: 12672)
Reads the Internet Settings
- DELmE's Batch Virus Generator v 2.0.exe (PID: 1380)
Executing commands from a ".bat" file
- cmd.exe (PID: 3920)
- cmd.exe (PID: 3916)
- cmd.exe (PID: 3464)
- cmd.exe (PID: 2848)
- cmd.exe (PID: 1040)
- cmd.exe (PID: 3880)
- cmd.exe (PID: 1588)
- cmd.exe (PID: 2844)
- cmd.exe (PID: 3944)
- cmd.exe (PID: 4004)
- cmd.exe (PID: 2636)
- cmd.exe (PID: 120)
- cmd.exe (PID: 2860)
- cmd.exe (PID: 2756)
- cmd.exe (PID: 1928)
- cmd.exe (PID: 1808)
- cmd.exe (PID: 3072)
- cmd.exe (PID: 3892)
- cmd.exe (PID: 1824)
- cmd.exe (PID: 3996)
- cmd.exe (PID: 4008)
- cmd.exe (PID: 1728)
- cmd.exe (PID: 3228)
- cmd.exe (PID: 1772)
- cmd.exe (PID: 3044)
- cmd.exe (PID: 996)
- cmd.exe (PID: 3236)
- cmd.exe (PID: 2972)
- cmd.exe (PID: 896)
- cmd.exe (PID: 2568)
- cmd.exe (PID: 2492)
- cmd.exe (PID: 1576)
- cmd.exe (PID: 4208)
- cmd.exe (PID: 4364)
- cmd.exe (PID: 3980)
- cmd.exe (PID: 4184)
- cmd.exe (PID: 6300)
- cmd.exe (PID: 6640)
- cmd.exe (PID: 2728)
- cmd.exe (PID: 6360)
- cmd.exe (PID: 2344)
- cmd.exe (PID: 7848)
- cmd.exe (PID: 552)
- cmd.exe (PID: 1544)
- cmd.exe (PID: 9544)
- cmd.exe (PID: 6580)
Starts CMD.EXE for commands execution
- cmd.exe (PID: 3920)
- cmd.exe (PID: 3916)
- cmd.exe (PID: 3708)
- cmd.exe (PID: 3228)
- cmd.exe (PID: 2848)
- cmd.exe (PID: 3464)
- cmd.exe (PID: 2844)
- cmd.exe (PID: 1928)
- cmd.exe (PID: 2860)
- cmd.exe (PID: 1040)
- cmd.exe (PID: 4004)
- cmd.exe (PID: 2636)
- cmd.exe (PID: 3944)
- cmd.exe (PID: 120)
- cmd.exe (PID: 3996)
- cmd.exe (PID: 2756)
- cmd.exe (PID: 3892)
- cmd.exe (PID: 1824)
- cmd.exe (PID: 4008)
- cmd.exe (PID: 3880)
- cmd.exe (PID: 1588)
- cmd.exe (PID: 3072)
- cmd.exe (PID: 1808)
- cmd.exe (PID: 2972)
- cmd.exe (PID: 2744)
- cmd.exe (PID: 1772)
- cmd.exe (PID: 3980)
- cmd.exe (PID: 2728)
- cmd.exe (PID: 2344)
- cmd.exe (PID: 552)
- cmd.exe (PID: 1544)
- cmd.exe (PID: 3028)
- cmd.exe (PID: 1848)
- cmd.exe (PID: 1728)
- cmd.exe (PID: 3044)
- cmd.exe (PID: 996)
- cmd.exe (PID: 896)
- cmd.exe (PID: 3236)
- cmd.exe (PID: 2492)
- cmd.exe (PID: 1576)
- cmd.exe (PID: 4364)
- cmd.exe (PID: 4208)
- cmd.exe (PID: 2568)
- cmd.exe (PID: 4184)
- cmd.exe (PID: 6300)
- cmd.exe (PID: 6640)
- cmd.exe (PID: 6360)
- cmd.exe (PID: 3224)
- cmd.exe (PID: 1592)
- cmd.exe (PID: 3728)
- cmd.exe (PID: 3256)
- cmd.exe (PID: 2452)
- cmd.exe (PID: 2980)
- cmd.exe (PID: 2496)
- cmd.exe (PID: 3364)
- cmd.exe (PID: 3056)
- cmd.exe (PID: 4040)
- cmd.exe (PID: 3508)
- cmd.exe (PID: 3060)
- cmd.exe (PID: 4136)
- cmd.exe (PID: 2760)
- cmd.exe (PID: 2208)
- cmd.exe (PID: 2512)
- cmd.exe (PID: 4012)
- cmd.exe (PID: 2940)
- cmd.exe (PID: 3212)
- cmd.exe (PID: 3764)
- cmd.exe (PID: 2912)
- cmd.exe (PID: 4068)
- cmd.exe (PID: 2052)
- cmd.exe (PID: 3272)
- cmd.exe (PID: 372)
- cmd.exe (PID: 2920)
- cmd.exe (PID: 2384)
- cmd.exe (PID: 956)
- cmd.exe (PID: 2564)
- cmd.exe (PID: 2592)
- cmd.exe (PID: 3556)
- cmd.exe (PID: 2160)
- cmd.exe (PID: 1864)
- cmd.exe (PID: 3596)
- cmd.exe (PID: 3320)
- cmd.exe (PID: 2836)
- cmd.exe (PID: 1484)
- cmd.exe (PID: 3976)
- cmd.exe (PID: 6108)
- cmd.exe (PID: 3096)
- cmd.exe (PID: 5468)
- cmd.exe (PID: 5592)
- cmd.exe (PID: 1780)
- cmd.exe (PID: 448)
- cmd.exe (PID: 3200)
- cmd.exe (PID: 3784)
- cmd.exe (PID: 5516)
- cmd.exe (PID: 3268)
- cmd.exe (PID: 3840)
- cmd.exe (PID: 3260)
- cmd.exe (PID: 2028)
- cmd.exe (PID: 3104)
- cmd.exe (PID: 2240)
- cmd.exe (PID: 2596)
- cmd.exe (PID: 3680)
- cmd.exe (PID: 1624)
- cmd.exe (PID: 2060)
- cmd.exe (PID: 2024)
- cmd.exe (PID: 2056)
- cmd.exe (PID: 1584)
- cmd.exe (PID: 5912)
- cmd.exe (PID: 5040)
- cmd.exe (PID: 5992)
- cmd.exe (PID: 584)
- cmd.exe (PID: 4332)
- cmd.exe (PID: 4848)
- cmd.exe (PID: 2976)
- cmd.exe (PID: 4920)
- cmd.exe (PID: 2312)
- cmd.exe (PID: 4444)
- cmd.exe (PID: 4904)
- cmd.exe (PID: 5552)
- cmd.exe (PID: 5440)
- cmd.exe (PID: 5288)
- cmd.exe (PID: 4740)
- cmd.exe (PID: 4372)
- cmd.exe (PID: 5436)
- cmd.exe (PID: 4496)
- cmd.exe (PID: 4720)
- cmd.exe (PID: 5220)
- cmd.exe (PID: 4288)
- cmd.exe (PID: 5324)
- cmd.exe (PID: 5920)
- cmd.exe (PID: 5008)
- cmd.exe (PID: 5780)
- cmd.exe (PID: 5604)
- cmd.exe (PID: 5000)
- cmd.exe (PID: 6088)
- cmd.exe (PID: 5100)
- cmd.exe (PID: 3344)
- cmd.exe (PID: 3796)
- cmd.exe (PID: 5180)
- cmd.exe (PID: 5172)
- cmd.exe (PID: 4656)
- cmd.exe (PID: 4648)
- cmd.exe (PID: 5480)
- cmd.exe (PID: 5732)
- cmd.exe (PID: 5316)
- cmd.exe (PID: 5792)
- cmd.exe (PID: 4796)
- cmd.exe (PID: 5600)
- cmd.exe (PID: 2692)
- cmd.exe (PID: 5708)
- cmd.exe (PID: 5096)
- cmd.exe (PID: 4292)
- cmd.exe (PID: 4632)
- cmd.exe (PID: 4160)
- cmd.exe (PID: 6260)
- cmd.exe (PID: 6560)
- cmd.exe (PID: 5384)
- cmd.exe (PID: 4956)
- cmd.exe (PID: 6012)
- cmd.exe (PID: 4884)
- cmd.exe (PID: 4468)
- cmd.exe (PID: 5524)
- cmd.exe (PID: 3384)
- cmd.exe (PID: 7156)
- cmd.exe (PID: 5056)
- cmd.exe (PID: 5124)
- cmd.exe (PID: 5016)
- cmd.exe (PID: 5696)
- cmd.exe (PID: 1816)
- cmd.exe (PID: 4128)
- cmd.exe (PID: 7148)
- cmd.exe (PID: 696)
- cmd.exe (PID: 6228)
- cmd.exe (PID: 6376)
- cmd.exe (PID: 6352)
- cmd.exe (PID: 7180)
- cmd.exe (PID: 4704)
- cmd.exe (PID: 2360)
- cmd.exe (PID: 4896)
- cmd.exe (PID: 6292)
- cmd.exe (PID: 796)
- cmd.exe (PID: 6552)
- cmd.exe (PID: 5968)
- cmd.exe (PID: 5868)
- cmd.exe (PID: 6648)
- cmd.exe (PID: 4856)
- cmd.exe (PID: 4316)
- cmd.exe (PID: 5064)
- cmd.exe (PID: 6660)
- cmd.exe (PID: 5836)
- cmd.exe (PID: 3960)
- cmd.exe (PID: 4192)
- cmd.exe (PID: 5156)
- cmd.exe (PID: 5556)
- cmd.exe (PID: 5940)
- cmd.exe (PID: 3640)
- cmd.exe (PID: 6424)
- cmd.exe (PID: 4488)
- cmd.exe (PID: 2876)
- cmd.exe (PID: 6192)
- cmd.exe (PID: 4264)
- cmd.exe (PID: 5052)
- cmd.exe (PID: 2832)
- cmd.exe (PID: 6116)
- cmd.exe (PID: 4536)
- cmd.exe (PID: 4428)
- cmd.exe (PID: 7684)
- cmd.exe (PID: 7244)
- cmd.exe (PID: 4120)
- cmd.exe (PID: 5788)
- cmd.exe (PID: 5304)
- cmd.exe (PID: 5408)
- cmd.exe (PID: 4992)
- cmd.exe (PID: 1308)
- cmd.exe (PID: 4380)
- cmd.exe (PID: 6344)
- cmd.exe (PID: 7488)
- cmd.exe (PID: 6584)
- cmd.exe (PID: 5688)
- cmd.exe (PID: 6616)
- cmd.exe (PID: 2944)
- cmd.exe (PID: 6152)
- cmd.exe (PID: 4696)
- cmd.exe (PID: 7172)
- cmd.exe (PID: 7500)
- cmd.exe (PID: 7552)
- cmd.exe (PID: 7544)
- cmd.exe (PID: 7848)
- cmd.exe (PID: 6332)
- cmd.exe (PID: 8104)
- cmd.exe (PID: 7900)
- cmd.exe (PID: 8152)
- cmd.exe (PID: 6224)
- cmd.exe (PID: 7988)
- cmd.exe (PID: 7852)
- cmd.exe (PID: 7860)
- cmd.exe (PID: 8056)
- cmd.exe (PID: 6120)
- cmd.exe (PID: 8048)
- cmd.exe (PID: 5676)
- cmd.exe (PID: 7920)
- cmd.exe (PID: 6248)
- cmd.exe (PID: 6372)
- cmd.exe (PID: 8076)
- cmd.exe (PID: 6404)
- cmd.exe (PID: 6132)
- cmd.exe (PID: 6452)
- cmd.exe (PID: 6976)
- cmd.exe (PID: 6628)
- cmd.exe (PID: 5804)
- cmd.exe (PID: 5628)
- cmd.exe (PID: 5952)
- cmd.exe (PID: 5540)
- cmd.exe (PID: 4964)
- cmd.exe (PID: 6516)
- cmd.exe (PID: 5636)
- cmd.exe (PID: 5568)
- cmd.exe (PID: 7008)
- cmd.exe (PID: 7476)
- cmd.exe (PID: 6984)
- cmd.exe (PID: 5588)
- cmd.exe (PID: 5748)
- cmd.exe (PID: 7480)
- cmd.exe (PID: 7368)
- cmd.exe (PID: 9544)
- cmd.exe (PID: 6580)
- cmd.exe (PID: 5512)
- cmd.exe (PID: 5980)
- cmd.exe (PID: 8972)
- cmd.exe (PID: 6216)
- cmd.exe (PID: 5380)
- cmd.exe (PID: 8540)
- cmd.exe (PID: 9020)
- cmd.exe (PID: 8280)
- cmd.exe (PID: 8528)
- cmd.exe (PID: 10972)
- cmd.exe (PID: 10676)
- cmd.exe (PID: 7932)
- cmd.exe (PID: 9156)
- cmd.exe (PID: 9092)
- cmd.exe (PID: 6472)
- cmd.exe (PID: 9076)
- cmd.exe (PID: 11204)
- cmd.exe (PID: 9392)
- cmd.exe (PID: 8120)
- cmd.exe (PID: 8312)
- cmd.exe (PID: 9196)
- cmd.exe (PID: 9172)
- cmd.exe (PID: 9376)
- cmd.exe (PID: 12228)
- cmd.exe (PID: 880)
- cmd.exe (PID: 9292)
- cmd.exe (PID: 9140)
- cmd.exe (PID: 9052)
- cmd.exe (PID: 9360)
- cmd.exe (PID: 9148)
- cmd.exe (PID: 9188)
- cmd.exe (PID: 10916)
- cmd.exe (PID: 9180)
- cmd.exe (PID: 8956)
- cmd.exe (PID: 8740)
- cmd.exe (PID: 14204)
- cmd.exe (PID: 10652)
- cmd.exe (PID: 9328)
- cmd.exe (PID: 11712)
Application launched itself
- cmd.exe (PID: 3916)
- cmd.exe (PID: 2848)
- cmd.exe (PID: 3708)
- cmd.exe (PID: 3228)
- cmd.exe (PID: 3920)
- cmd.exe (PID: 2844)
- cmd.exe (PID: 2636)
- cmd.exe (PID: 1040)
- cmd.exe (PID: 2860)
- cmd.exe (PID: 3944)
- cmd.exe (PID: 120)
- cmd.exe (PID: 4004)
- cmd.exe (PID: 1928)
- cmd.exe (PID: 3464)
- cmd.exe (PID: 3892)
- cmd.exe (PID: 4008)
- cmd.exe (PID: 1588)
- cmd.exe (PID: 2756)
- cmd.exe (PID: 3996)
- cmd.exe (PID: 1824)
- cmd.exe (PID: 3072)
- cmd.exe (PID: 1808)
- cmd.exe (PID: 3880)
- cmd.exe (PID: 2972)
- cmd.exe (PID: 2744)
- cmd.exe (PID: 1772)
- cmd.exe (PID: 2728)
- cmd.exe (PID: 3980)
- cmd.exe (PID: 2344)
- cmd.exe (PID: 552)
- cmd.exe (PID: 1544)
- cmd.exe (PID: 3028)
- cmd.exe (PID: 1848)
- cmd.exe (PID: 1728)
- cmd.exe (PID: 3236)
- cmd.exe (PID: 996)
- cmd.exe (PID: 3044)
- cmd.exe (PID: 896)
- cmd.exe (PID: 2492)
- cmd.exe (PID: 2568)
- cmd.exe (PID: 1576)
- cmd.exe (PID: 4208)
- cmd.exe (PID: 4364)
- cmd.exe (PID: 4184)
- cmd.exe (PID: 6640)
- cmd.exe (PID: 6300)
- cmd.exe (PID: 6360)
- cmd.exe (PID: 3364)
- cmd.exe (PID: 3224)
- cmd.exe (PID: 3056)
- cmd.exe (PID: 2980)
- cmd.exe (PID: 4040)
- cmd.exe (PID: 2496)
- cmd.exe (PID: 2512)
- cmd.exe (PID: 2452)
- cmd.exe (PID: 1592)
- cmd.exe (PID: 3256)
- cmd.exe (PID: 3728)
- cmd.exe (PID: 2760)
- cmd.exe (PID: 4136)
- cmd.exe (PID: 3060)
- cmd.exe (PID: 2208)
- cmd.exe (PID: 3272)
- cmd.exe (PID: 3508)
- cmd.exe (PID: 2052)
- cmd.exe (PID: 3212)
- cmd.exe (PID: 2940)
- cmd.exe (PID: 4068)
- cmd.exe (PID: 2160)
- cmd.exe (PID: 3764)
- cmd.exe (PID: 2912)
- cmd.exe (PID: 372)
- cmd.exe (PID: 2920)
- cmd.exe (PID: 3556)
- cmd.exe (PID: 2564)
- cmd.exe (PID: 2592)
- cmd.exe (PID: 1780)
- cmd.exe (PID: 1484)
- cmd.exe (PID: 1864)
- cmd.exe (PID: 2384)
- cmd.exe (PID: 956)
- cmd.exe (PID: 3596)
- cmd.exe (PID: 3976)
- cmd.exe (PID: 3320)
- cmd.exe (PID: 5516)
- cmd.exe (PID: 2836)
- cmd.exe (PID: 5592)
- cmd.exe (PID: 5468)
- cmd.exe (PID: 6108)
- cmd.exe (PID: 448)
- cmd.exe (PID: 3104)
- cmd.exe (PID: 3840)
- cmd.exe (PID: 3200)
- cmd.exe (PID: 2056)
- cmd.exe (PID: 2240)
- cmd.exe (PID: 2028)
- cmd.exe (PID: 3784)
- cmd.exe (PID: 1584)
- cmd.exe (PID: 3096)
- cmd.exe (PID: 3260)
- cmd.exe (PID: 3268)
- cmd.exe (PID: 4012)
- cmd.exe (PID: 1624)
- cmd.exe (PID: 2024)
- cmd.exe (PID: 3680)
- cmd.exe (PID: 2976)
- cmd.exe (PID: 2060)
- cmd.exe (PID: 2596)
- cmd.exe (PID: 5912)
- cmd.exe (PID: 2312)
- cmd.exe (PID: 5040)
- cmd.exe (PID: 5992)
- cmd.exe (PID: 584)
- cmd.exe (PID: 4848)
- cmd.exe (PID: 5436)
- cmd.exe (PID: 4920)
- cmd.exe (PID: 4496)
- cmd.exe (PID: 5552)
- cmd.exe (PID: 5440)
- cmd.exe (PID: 5288)
- cmd.exe (PID: 4720)
- cmd.exe (PID: 4372)
- cmd.exe (PID: 4740)
- cmd.exe (PID: 4332)
- cmd.exe (PID: 4904)
- cmd.exe (PID: 4444)
- cmd.exe (PID: 5220)
- cmd.exe (PID: 4288)
- cmd.exe (PID: 5000)
- cmd.exe (PID: 5324)
- cmd.exe (PID: 5008)
- cmd.exe (PID: 5920)
- cmd.exe (PID: 5780)
- cmd.exe (PID: 5604)
- cmd.exe (PID: 5316)
- cmd.exe (PID: 5732)
- cmd.exe (PID: 5180)
- cmd.exe (PID: 5792)
- cmd.exe (PID: 4656)
- cmd.exe (PID: 3796)
- cmd.exe (PID: 5100)
- cmd.exe (PID: 5480)
- cmd.exe (PID: 5172)
- cmd.exe (PID: 4648)
- cmd.exe (PID: 3344)
- cmd.exe (PID: 5600)
- cmd.exe (PID: 2692)
- cmd.exe (PID: 5708)
- cmd.exe (PID: 5096)
- cmd.exe (PID: 4292)
- cmd.exe (PID: 4632)
- cmd.exe (PID: 4796)
- cmd.exe (PID: 6088)
- cmd.exe (PID: 5524)
- cmd.exe (PID: 7156)
- cmd.exe (PID: 4160)
- cmd.exe (PID: 6260)
- cmd.exe (PID: 5384)
- cmd.exe (PID: 4884)
- cmd.exe (PID: 5696)
- cmd.exe (PID: 3384)
- cmd.exe (PID: 4468)
- cmd.exe (PID: 6560)
- cmd.exe (PID: 5056)
- cmd.exe (PID: 5016)
- cmd.exe (PID: 4956)
- cmd.exe (PID: 4896)
- cmd.exe (PID: 1816)
- cmd.exe (PID: 5124)
- cmd.exe (PID: 6012)
- cmd.exe (PID: 4128)
- cmd.exe (PID: 7148)
- cmd.exe (PID: 6352)
- cmd.exe (PID: 6376)
- cmd.exe (PID: 696)
- cmd.exe (PID: 7180)
- cmd.exe (PID: 6228)
- cmd.exe (PID: 2360)
- cmd.exe (PID: 4704)
- cmd.exe (PID: 6292)
- cmd.exe (PID: 6660)
- cmd.exe (PID: 796)
- cmd.exe (PID: 5868)
- cmd.exe (PID: 6648)
- cmd.exe (PID: 6552)
- cmd.exe (PID: 4856)
- cmd.exe (PID: 4316)
- cmd.exe (PID: 5968)
- cmd.exe (PID: 5836)
- cmd.exe (PID: 4488)
- cmd.exe (PID: 5556)
- cmd.exe (PID: 3960)
- cmd.exe (PID: 5940)
- cmd.exe (PID: 4428)
- cmd.exe (PID: 3640)
- cmd.exe (PID: 5064)
- cmd.exe (PID: 4192)
- cmd.exe (PID: 6424)
- cmd.exe (PID: 2876)
- cmd.exe (PID: 4264)
- cmd.exe (PID: 6192)
- cmd.exe (PID: 2832)
- cmd.exe (PID: 4536)
- cmd.exe (PID: 1308)
- cmd.exe (PID: 5156)
- cmd.exe (PID: 5052)
- cmd.exe (PID: 6116)
- cmd.exe (PID: 7684)
- cmd.exe (PID: 4120)
- cmd.exe (PID: 5788)
- cmd.exe (PID: 5304)
- cmd.exe (PID: 4380)
- cmd.exe (PID: 7244)
- cmd.exe (PID: 6152)
- cmd.exe (PID: 6344)
- cmd.exe (PID: 6584)
- cmd.exe (PID: 5688)
- cmd.exe (PID: 7488)
- cmd.exe (PID: 6616)
- cmd.exe (PID: 5408)
- cmd.exe (PID: 4992)
- cmd.exe (PID: 2944)
- cmd.exe (PID: 7500)
- cmd.exe (PID: 4696)
- cmd.exe (PID: 7172)
- cmd.exe (PID: 7552)
- cmd.exe (PID: 7544)
- cmd.exe (PID: 7848)
- cmd.exe (PID: 7852)
- cmd.exe (PID: 6332)
- cmd.exe (PID: 8104)
- cmd.exe (PID: 8152)
- cmd.exe (PID: 6224)
- cmd.exe (PID: 7900)
- cmd.exe (PID: 7860)
- cmd.exe (PID: 6120)
- cmd.exe (PID: 7920)
- cmd.exe (PID: 5676)
- cmd.exe (PID: 8048)
- cmd.exe (PID: 6248)
- cmd.exe (PID: 8076)
- cmd.exe (PID: 6404)
- cmd.exe (PID: 6372)
- cmd.exe (PID: 7988)
- cmd.exe (PID: 8056)
- cmd.exe (PID: 6452)
- cmd.exe (PID: 6976)
- cmd.exe (PID: 5804)
- cmd.exe (PID: 5540)
- cmd.exe (PID: 5628)
- cmd.exe (PID: 6628)
- cmd.exe (PID: 5952)
- cmd.exe (PID: 6516)
- cmd.exe (PID: 4964)
- cmd.exe (PID: 6132)
- cmd.exe (PID: 5636)
- cmd.exe (PID: 5748)
- cmd.exe (PID: 7480)
- cmd.exe (PID: 5568)
- cmd.exe (PID: 7008)
- cmd.exe (PID: 6984)
- cmd.exe (PID: 5512)
- cmd.exe (PID: 7476)
- cmd.exe (PID: 5588)
- cmd.exe (PID: 7368)
- cmd.exe (PID: 9544)
- cmd.exe (PID: 6580)
- cmd.exe (PID: 5980)
- cmd.exe (PID: 7932)
- cmd.exe (PID: 8972)
- cmd.exe (PID: 6216)
- cmd.exe (PID: 8540)
- cmd.exe (PID: 11204)
- cmd.exe (PID: 8528)
- cmd.exe (PID: 9392)
- cmd.exe (PID: 9156)
- cmd.exe (PID: 5380)
- cmd.exe (PID: 8280)
- cmd.exe (PID: 9020)
- cmd.exe (PID: 9076)
- cmd.exe (PID: 10972)
- cmd.exe (PID: 8120)
- cmd.exe (PID: 9360)
- cmd.exe (PID: 10676)
- cmd.exe (PID: 6472)
- cmd.exe (PID: 9092)
- cmd.exe (PID: 8312)
- cmd.exe (PID: 9376)
- cmd.exe (PID: 9196)
- cmd.exe (PID: 9172)
- cmd.exe (PID: 9052)
- cmd.exe (PID: 12228)
- cmd.exe (PID: 880)
- cmd.exe (PID: 9148)
- cmd.exe (PID: 10916)
- cmd.exe (PID: 9188)
- cmd.exe (PID: 9140)
- cmd.exe (PID: 9292)
- cmd.exe (PID: 9328)
- cmd.exe (PID: 14204)
- cmd.exe (PID: 8740)
- cmd.exe (PID: 9180)
- cmd.exe (PID: 10652)
- cmd.exe (PID: 8956)
- cmd.exe (PID: 11712)
Uses ATTRIB.EXE to modify file attributes
- cmd.exe (PID: 1040)
- cmd.exe (PID: 2844)
- cmd.exe (PID: 4004)
- cmd.exe (PID: 2860)
- cmd.exe (PID: 2636)
- cmd.exe (PID: 3944)
- cmd.exe (PID: 2756)
- cmd.exe (PID: 120)
- cmd.exe (PID: 1928)
- cmd.exe (PID: 3892)
- cmd.exe (PID: 1824)
- cmd.exe (PID: 4008)
- cmd.exe (PID: 3996)
INFO
Reads mouse settings
- DELmE's Batch Virus Generator v 2.0.exe (PID: 1380)
Checks supported languages
- DELmE's Batch Virus Generator v 2.0.exe (PID: 1380)
Reads the computer name
- DELmE's Batch Virus Generator v 2.0.exe (PID: 1380)
Manual execution by a user
- cmd.exe (PID: 3584)
- cmd.exe (PID: 3728)
- cmd.exe (PID: 1028)
- cmd.exe (PID: 3920)
- notepad.exe (PID: 3796)
Reads the machine GUID from the registry
- DELmE's Batch Virus Generator v 2.0.exe (PID: 1380)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
TRiD
| .exe | | | AutoIt3 compiled script executable (88.1) |
|---|---|---|
| .exe | | | UPX compressed Win32 Executable (4.6) |
| .exe | | | Win32 EXE Yoda's Crypter (4.5) |
| .dll | | | Win32 Dynamic Link Library (generic) (1.1) |
| .exe | | | Win32 Executable (generic) (0.7) |
EXIF
EXE
| MachineType: | Intel 386 or later, and compatibles |
|---|---|
| TimeStamp: | 2008:12:24 10:00:07+01:00 |
| ImageFileCharacteristics: | No relocs, Executable, Large address aware, 32-bit |
| PEType: | PE32 |
| LinkerVersion: | 9 |
| CodeSize: | 262144 |
| InitializedDataSize: | 32768 |
| UninitializedDataSize: | 454656 |
| EntryPoint: | 0xaf1e0 |
| OSVersion: | 5 |
| ImageVersion: | - |
| SubsystemVersion: | 5 |
| Subsystem: | Windows GUI |
| FileVersionNumber: | 3.3.0.0 |
| ProductVersionNumber: | 3.3.0.0 |
| FileFlagsMask: | 0x0017 |
| FileFlags: | (none) |
| FileOS: | Win32 |
| ObjectFileType: | Unknown |
| FileSubtype: | - |
| LanguageCode: | English (British) |
| CharacterSet: | Unicode |
| FileDescription: | - |
| FileVersion: | 3, 3, 0, 0 |
| CompiledScript: | AutoIt v3 Script : 3, 3, 0, 0 |
Total processes
3 502
Monitored processes
2 783
Malicious processes
202
Suspicious processes
74
Behavior graph
Click at the process to see the details
Process information
PID | CMD | Path | Indicators | Parent process | |||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| 120 | C:\Windows\system32\cmd.exe /K "C:\Users\admin\Desktop\dgfg.bat" | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 148 | C:\Windows\system32\cmd.exe /S /D /c" echo Y " | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) | |||||||||||||||
| 240 | C:\Windows\system32\cmd.exe /S /D /c" FOR /F "tokens=1,* delims=: " %j in (FIleList_png.txt) do del "%j:%k"" | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 32 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 332 | C:\Windows\system32\cmd.exe /S /D /c" echo Y " | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 372 | C:\Windows\system32\cmd.exe /K "C:\Users\admin\Desktop\dgfg.bat" | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 376 | C:\Windows\system32\cmd.exe /S /D /c" echo Y " | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 448 | C:\Windows\system32\cmd.exe /S /D /c" echo Y " | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 448 | C:\Windows\system32\cmd.exe /K "C:\Users\admin\Desktop\dgfg.bat" | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 552 | C:\Windows\system32\cmd.exe /K "C:\Users\admin\Desktop\dgfg.bat" | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
| 584 | C:\Windows\system32\cmd.exe /K "C:\Users\admin\Desktop\dgfg.bat" | C:\Windows\System32\cmd.exe | — | cmd.exe | |||||||||||
User: admin Company: Microsoft Corporation Integrity Level: MEDIUM Description: Windows Command Processor Exit code: 0 Version: 6.1.7601.17514 (win7sp1_rtm.101119-1850) Modules
| |||||||||||||||
Total events
8 585
Read events
8 462
Write events
109
Delete events
14
Modification events
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU |
| Operation: | write | Name: | NodeSlots |
Value: 0202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202020202 | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\BagMRU |
| Operation: | write | Name: | MRUListEx |
Value: 010000000200000006000000000000000B000000070000000C0000000D0000000A0000000900000008000000030000000500000004000000FFFFFFFF | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\Shell |
| Operation: | write | Name: | SniffedFolderType |
Value: Generic | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\MuiCache\182\52C64B7E |
| Operation: | write | Name: | LanguageList |
Value: en-US | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CLASSES_ROOT\Local Settings\Software\Microsoft\Windows\Shell\Bags\34\ComDlg\{5C4F28B5-F869-4E84-8E60-F11DB97C5CC7} |
| Operation: | write | Name: | Mode |
Value: 4 | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\CIDSave\Modules\GlobalSettings\ProperTreeModuleInner |
| Operation: | write | Name: | ProperTreeModuleInner |
Value: 9C000000980000003153505305D5CDD59C2E1B10939708002B2CF9AE3B0000002A000000004E0061007600500061006E0065005F004300460044005F0046006900720073007400520075006E0000000B000000000000004100000030000000004E0061007600500061006E0065005F00530068006F0077004C00690062007200610072007900500061006E00650000000B000000FFFF00000000000000000000 | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Modules\NavPane |
| Operation: | write | Name: | ExpandedState |
Value: 06000000160014001F8080A63C324DC29940B94D446DD2D7249E0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F4225481E03947BC34DB131E946B44C8DD50000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F43983FFBB4EAC18D42A78AD1F5659CBA930000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D0000000000000000002000000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F580D1A2CF021BE504388B07367FC96EF3C0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B00000000000000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000160014001F50E04FD020EA3A6910A2D808002B30309D0000010000004D0000002D00000031535053357EC777E31B5043A48C7563D727776D1100000002000000000B000000FFFF0000000000001C00000031535053A66A63283D95D211B5D600C04FD918D00000000000000000 | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\LastVisitedPidlMRU |
| Operation: | write | Name: | MRUListEx |
Value: 000000000200000001000000FFFFFFFF | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\OpenSavePidlMRU\* |
| Operation: | write | Name: | MRUListEx |
Value: 0C0000000B0000000A00000009000000080000000700000006000000050000000400000003000000020000000100000000000000FFFFFFFF | |||
| (PID) Process: | (1380) DELmE's Batch Virus Generator v 2.0.exe | Key: | HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\ComDlg32\CIDSizeMRU |
| Operation: | delete value | Name: | 4 |
Value: 440045004C006D004500270073002000420061007400630068002000560069007200750073002000470065006E0065007200610074006F00720020007600200032002E0030002E0065007800650000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100000000000000 | |||
Executable files
0
Suspicious files
0
Text files
5
Unknown types
0
Dropped files
PID | Process | Filename | Type | |
|---|---|---|---|---|
| 3920 | cmd.exe | C:\Users\admin\Desktop\crash.bat | text | |
MD5:8B64F2907B2086786891052C615A2F5C | SHA256:0354FD391B23A97A32F1C9DF93C2F15BC98A89FB38FA67C82A0ED82D8B3A4456 | |||
| 1380 | DELmE's Batch Virus Generator v 2.0.exe | C:\Users\admin\Desktop\dsfsf.bat | text | |
MD5:FDE53057B79F329441B8D4B07E48462D | SHA256:A57CA0804AC56D95BC4A3A161032712C042FE488E2A67DA4ACF80735A575D7FD | |||
| 1380 | DELmE's Batch Virus Generator v 2.0.exe | C:\Users\admin\Desktop\df.bat | text | |
MD5:00440BC7745FF7F35960F4144F6667E9 | SHA256:DB3CF875B60895CE72CDF5ED436AC40881A8D8C3B65105ACA7DC1030E89B5CC1 | |||
| 1380 | DELmE's Batch Virus Generator v 2.0.exe | C:\Users\admin\Desktop\dgfg.bat | text | |
MD5:DB0C64B2457AE013673148B7C270BA49 | SHA256:636F2B286B4AE55788D698C415E1EF10F4EFEE3E02B658113F11C0935DADAAEA | |||
| 1380 | DELmE's Batch Virus Generator v 2.0.exe | C:\Users\admin\Desktop\asdad.bat | text | |
MD5:29769CFF31A30533F36CA668693587A4 | SHA256:6A5F3F5950961A252A6CFAC2A7CCB6F379C4F9E679126CEB0B7E3764121E6F35 | |||
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0
HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
Connections
PID | Process | IP | Domain | ASN | CN | Reputation |
|---|---|---|---|---|---|---|
4 | System | 192.168.100.255:137 | — | — | — | whitelisted |
4 | System | 192.168.100.255:138 | — | — | — | whitelisted |
1080 | svchost.exe | 224.0.0.252:5355 | — | — | — | unknown |