rule p_bat_14335 {
	meta:
		description = "Finding bat files that is used for enumeration"
		author = "The DFIR Report"
		reference = "https://thedfirreport.com"
		date = "2022-09-12"
	strings:
		$a1 = "for /f %%i in" ascii wide nocase
		$a2 = "do ping %%i" ascii wide nocase
		$a3 = "-n 1 >>" ascii wide nocase
		$a4 = "res.txt" ascii wide nocase
	condition:
		filesize < 2000KB and all of ($a*)
}