85e1cf1c6821a93541d7285f84ce6ffdb99588308fe1771e329bc18fba4d3f54

Analysis

max time kernel
604s
max time network
1204s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 21:46

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BruteL4 DDOS Tool/BruteL4 DDOS Tool.exe
Size

12.0MB
MD5

7469696e71e96dd67ce6c5f59c2e77c7
SHA1

a26de444a133d56eb51f5bac21fb2f925b5ee37a
SHA256

55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
SHA512

7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
SSDEEP

393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw

Score

10^/10

evasion pyinstaller themida trojan upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	pid	process	target process
PID 840 created 3236	840	BruteL4-DDOS.exe	Explorer.EXE
PID 4252 created 3236	4252	BruteL4-DDOS.exe	Explorer.EXE
PID 1420 created 3236	1420	BruteL4-DDOS.exe	Explorer.EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4 DDOS Tool.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe

Drops startup file 2 IoCs

Processes:

crack.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe

Executes dropped EXE 16 IoCs

Processes:

crack.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exe

pid	process
4756	crack.exe
840	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
388	BruteL4DDOS.exe
2340	BruteL4DDOS.exe
4540	MpDlpCmd.exe
4252	BruteL4-DDOS.exe
2144	BruteL4-DDOS.exe
4696	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
5040	MpDlpCmd.exe
1420	BruteL4-DDOS.exe
4164	BruteL4-DDOS.exe
4084	BruteL4DDOS.exe
4144	BruteL4DDOS.exe
2692	MpDlpCmd.exe

Loads dropped DLL 18 IoCs

Processes:

BruteL4DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exe

pid	process
2340	BruteL4DDOS.exe
2340	BruteL4DDOS.exe
2340	BruteL4DDOS.exe
2340	BruteL4DDOS.exe
2340	BruteL4DDOS.exe
2340	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
1400	BruteL4DDOS.exe
4144	BruteL4DDOS.exe
4144	BruteL4DDOS.exe
4144	BruteL4DDOS.exe
4144	BruteL4DDOS.exe
4144	BruteL4DDOS.exe
4144	BruteL4DDOS.exe

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/840-157-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
behavioral1/memory/840-158-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/840-234-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
behavioral1/memory/4292-374-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/4252-460-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
behavioral1/memory/4252-461-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/4252-551-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida

UPX packed file 40 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI3882\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\python310.dll	upx
behavioral1/memory/2340-263-0x00007FFD39FF0000-0x00007FFD3A455000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_ctypes.pyd	upx
behavioral1/memory/2340-289-0x00007FFD44570000-0x00007FFD44594000-memory.dmp	upx
behavioral1/memory/2340-288-0x00007FFD39FF0000-0x00007FFD3A455000-memory.dmp	upx
behavioral1/memory/2340-291-0x00007FFD444C0000-0x00007FFD444D9000-memory.dmp	upx
behavioral1/memory/2340-290-0x00007FFD54060000-0x00007FFD5406F000-memory.dmp	upx
behavioral1/memory/2340-292-0x00007FFD53F90000-0x00007FFD53F9D000-memory.dmp	upx
behavioral1/memory/2340-448-0x00007FFD39FF0000-0x00007FFD3A455000-memory.dmp	upx
behavioral1/memory/2340-449-0x00007FFD44570000-0x00007FFD44594000-memory.dmp	upx
behavioral1/memory/2340-450-0x00007FFD54060000-0x00007FFD5406F000-memory.dmp	upx
behavioral1/memory/2340-452-0x00007FFD53F90000-0x00007FFD53F9D000-memory.dmp	upx
behavioral1/memory/2340-451-0x00007FFD444C0000-0x00007FFD444D9000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\python310.dll	upx
behavioral1/memory/1400-590-0x00007FFD43A60000-0x00007FFD43EC5000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI46962\select.pyd	upx
behavioral1/memory/1400-603-0x00007FFD58140000-0x00007FFD58159000-memory.dmp	upx
behavioral1/memory/1400-602-0x00007FFD5B1C0000-0x00007FFD5B1CF000-memory.dmp	upx
behavioral1/memory/1400-604-0x00007FFD57E10000-0x00007FFD57E1D000-memory.dmp	upx
behavioral1/memory/1400-601-0x00007FFD598E0000-0x00007FFD59904000-memory.dmp	upx
behavioral1/memory/1400-644-0x00007FFD43A60000-0x00007FFD43EC5000-memory.dmp	upx
behavioral1/memory/2144-648-0x00000000051A0000-0x00000000051B0000-memory.dmp	upx
behavioral1/memory/1400-671-0x00007FFD43A60000-0x00007FFD43EC5000-memory.dmp	upx
behavioral1/memory/1400-672-0x00007FFD598E0000-0x00007FFD59904000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
840	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4292	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4252	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
2144	BruteL4-DDOS.exe
2144	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
5040	MpDlpCmd.exe
2144	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
1420	BruteL4-DDOS.exe
4164	BruteL4-DDOS.exe
4164	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
2692	MpDlpCmd.exe
4164	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	pid	process	target process
PID 840 set thread context of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 set thread context of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 set thread context of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe

Detects Pyinstaller 9 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 5 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4 DDOS Tool.exeBruteL4-DDOS.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BruteL4 DDOS Tool.exe
Key created	\REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BruteL4 DDOS Tool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

crack.exe

pid process

4756 crack.exe

Suspicious behavior: EnumeratesProcesses 18 IoCs

Processes:

BruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exetaskmgr.exe

pid	process
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
4540	MpDlpCmd.exe
2144	BruteL4-DDOS.exe
2144	BruteL4-DDOS.exe
2144	BruteL4-DDOS.exe
5040	MpDlpCmd.exe
5040	MpDlpCmd.exe
4164	BruteL4-DDOS.exe
4164	BruteL4-DDOS.exe
4164	BruteL4-DDOS.exe
2692	MpDlpCmd.exe
2692	MpDlpCmd.exe
2100	taskmgr.exe
2100	taskmgr.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BruteL4-DDOS.exe

description	pid	process
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4292	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4292	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4292	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4292	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4292	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4292	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4292	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4292	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4292	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4292	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4292	BruteL4-DDOS.exe
Token: 33	4292	BruteL4-DDOS.exe
Token: 34	4292	BruteL4-DDOS.exe
Token: 35	4292	BruteL4-DDOS.exe
Token: 36	4292	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4292	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4292	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4292	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4292	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4292	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4292	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4292	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4292	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4292	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4292	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4292	BruteL4-DDOS.exe
Token: 33	4292	BruteL4-DDOS.exe
Token: 34	4292	BruteL4-DDOS.exe
Token: 35	4292	BruteL4-DDOS.exe
Token: 36	4292	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4292	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4292	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4292	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4292	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4292	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4292	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4292	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4292	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4292	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4292	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4292	BruteL4-DDOS.exe
Token: 33	4292	BruteL4-DDOS.exe
Token: 34	4292	BruteL4-DDOS.exe
Token: 35	4292	BruteL4-DDOS.exe
Token: 36	4292	BruteL4-DDOS.exe

Suspicious use of FindShellTrayWindow 27 IoCs

Processes:

taskmgr.exe

pid	process
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe

Suspicious use of SendNotifyMessage 27 IoCs

Processes:

taskmgr.exe

pid	process
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe
2100	taskmgr.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
524	BruteL4 DDOS Tool.exe
524	BruteL4 DDOS Tool.exe
4292	BruteL4-DDOS.exe
4540	MpDlpCmd.exe
2144	BruteL4-DDOS.exe
5040	MpDlpCmd.exe
4164	BruteL4-DDOS.exe
2692	MpDlpCmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exe

description	pid	process	target process
PID 524 wrote to memory of 4756	524	BruteL4 DDOS Tool.exe	crack.exe
PID 524 wrote to memory of 4756	524	BruteL4 DDOS Tool.exe	crack.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 4292	840	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 840 wrote to memory of 388	840	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 840 wrote to memory of 388	840	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 388 wrote to memory of 2340	388	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 388 wrote to memory of 2340	388	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2340 wrote to memory of 1352	2340	BruteL4DDOS.exe	cmd.exe
PID 2340 wrote to memory of 1352	2340	BruteL4DDOS.exe	cmd.exe
PID 2340 wrote to memory of 4332	2340	BruteL4DDOS.exe	cmd.exe
PID 2340 wrote to memory of 4332	2340	BruteL4DDOS.exe	cmd.exe
PID 4332 wrote to memory of 4144	4332	cmd.exe	mode.com
PID 4332 wrote to memory of 4144	4332	cmd.exe	mode.com
PID 2340 wrote to memory of 2652	2340	BruteL4DDOS.exe	cmd.exe
PID 2340 wrote to memory of 2652	2340	BruteL4DDOS.exe	cmd.exe
PID 4292 wrote to memory of 4540	4292	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 4292 wrote to memory of 4540	4292	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 2144	4252	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4252 wrote to memory of 4696	4252	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 4252 wrote to memory of 4696	4252	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 4696 wrote to memory of 1400	4696	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4696 wrote to memory of 1400	4696	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 1400 wrote to memory of 2584	1400	BruteL4DDOS.exe	cmd.exe
PID 1400 wrote to memory of 2584	1400	BruteL4DDOS.exe	cmd.exe
PID 1400 wrote to memory of 3264	1400	BruteL4DDOS.exe	cmd.exe
PID 1400 wrote to memory of 3264	1400	BruteL4DDOS.exe	cmd.exe
PID 3264 wrote to memory of 436	3264	cmd.exe	mode.com
PID 3264 wrote to memory of 436	3264	cmd.exe	mode.com
PID 1400 wrote to memory of 2616	1400	BruteL4DDOS.exe	cmd.exe
PID 1400 wrote to memory of 2616	1400	BruteL4DDOS.exe	cmd.exe
PID 2144 wrote to memory of 5040	2144	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 2144 wrote to memory of 5040	2144	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4164	1420	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1420 wrote to memory of 4084	1420	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 1420 wrote to memory of 4084	1420	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 4084 wrote to memory of 4144	4084	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4084 wrote to memory of 4144	4084	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4144 wrote to memory of 2232	4144	BruteL4DDOS.exe	cmd.exe
PID 4144 wrote to memory of 2232	4144	BruteL4DDOS.exe	cmd.exe
PID 4144 wrote to memory of 3936	4144	BruteL4DDOS.exe	cmd.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3236

C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool\BruteL4 DDOS Tool.exe
"C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool\BruteL4 DDOS Tool.exe"
2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:524

C:\Users\Admin\Desktop\crack.exe
"C:\Users\Admin\Desktop\crack.exe"
3⤵
- Drops startup file
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:4756

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:840

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:388

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2340

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:1352

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:2652

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
- Suspicious use of WriteProcessMemory
PID:4332

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4292

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4540

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4252

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4696

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1400

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:2584

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
- Suspicious use of WriteProcessMemory
PID:3264

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:436

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:2616

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2144

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:5040

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1420

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4084

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4144

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:2232

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
PID:3936

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:396

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:560

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4164

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2692

C:\Windows\system32\taskmgr.exe
"C:\Windows\system32\taskmgr.exe" /4
2⤵
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2100

C:\Windows\system32\mode.com
mode 140, 40
1⤵
PID:4144

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
13712a93f3af580802ba92008eeae7b2

SHA1
e72ae3f5199850caca6f341dff573132e5f42cf4

SHA256
dfbc5e3c1ac8699cbb2d29cffe8d3da05067412fbfdd341adfac4e85f8a8328e

SHA512
7cf87bd24e6317d5c281fb41eb07b0bd309b370724a58f06a66d7bc00c87d7eddcf4a77bdc0a9f3d5f301397c366c39c7d0c81cc453b8ba737e1558fc2af2c40

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3
Filesize
472B

MD5
5716bd17f0cc1d649bcba4a6400ad0fa

SHA1
752def7b1cf7d2f2e8213b28cb17f93e1015d333

SHA256
ef78bd37975cc2a43c78562c8fcd9977f92a2ef525b87cfcef89f114f28eac3b

SHA512
a6add310734f78f0590f161127a3332a7b83d74de90bb7da1d5b657a12989748f856c65d2c75bee6403422f652cd7140d4428958aeb8f7da9f47439b8fb73043

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9
Filesize
1KB

MD5
0cd47899368ab98184ac78808a796918

SHA1
24554ebba51e2ff3bbbf53d0e397fdc5266b3f32

SHA256
ffbd1dd67e6d8bc3b138ebfeb48bff098b38b01d7d2feefba1600e27d6d9e0d9

SHA512
e50de1ec7032aa554a4b8e0ba203732c2168811caf924aa908a17e6d6ac49e7ddeee72a423a4baf14c4d506d4782deda0cdfbdaf77087ca194be5446241fff2e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001
Filesize
1KB

MD5
1f8951d8c531881169e8352221934444

SHA1
787bc0003c23bffc27a8cfc3487edf0e0da20248

SHA256
c2f2379ea78e95625f63e435eeb581119c9bfe391e3d1ceafda2100d9264c188

SHA512
ba7170f0179c32f7a319f0ed49a51e082738c4c58b03b1be9c865107b2fe81b94bd9c485b17554163f7d933dc68370eda759c6b47f4f527ee0e905fb9396b6bf

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FB
Filesize
471B

MD5
7e3ff6b78faf64b75d13e5e4c390f7c5

SHA1
1ec395988633a280be5876ea74b91b994ca88bda

SHA256
470501dd8e4cb351f2b3effe7507b9582758ecf492d587545f740c13527289d4

SHA512
570617e00c8a14308af1ec4118067d4ac9dcb3c55c9d52db09e5d61780dbb0290c525b5a87bb1930b08c266189d6a63a796fd6fa128da845990542285aec90e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
fea1d21f51268f03b0f4d60a670f9359

SHA1
a9eb3c90e1c1739338647ee295493df116cd2b26

SHA256
7f4e0bb23644977fe92b29fef09fa94ef98f4fa7a27df63a66bfca4219da4220

SHA512
e170287ef898eee78928ef9502f27b693d3086b8eaec9c79397f1d26ed3c9b8159962d60706f2caec5f648c8b7143640a8c9121963aa2a9853934cd116b144f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3
Filesize
402B

MD5
88597764a82350131ac51d4556a6e999

SHA1
9a3b6ae1ab82fb9fca6381f6797cf089fe83b458

SHA256
582d8b4613358596b2c853f2780f85dfef7323ff7531006c4b41f785dbc12c28

SHA512
48a1c4bf8e3f9cc7b5e9864c315c758da9ab62583018836f54eef6e9df01a3d9fd9777183f6362b2d9b9839cc29e63643cf84b9e836a8c8649f85dd8d98452e1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9
Filesize
520B

MD5
05ea42b82f6156052da0ce2009265b43

SHA1
6a88844fc3c5f40ff018fe70067d2d091e973a59

SHA256
6d4ea5f2d34333c75392ff88ce588cddaba9531087a2ce8f71c87b23d9de7977

SHA512
06f59a5ae77d4dc9c41ed65f101a6409c2481e1505deb5bc5e12ad760f865b561da6264a9e3132c48fc953166b3a1ebe007b522ce284a3bb7c581908fa0b05d5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001
Filesize
492B

MD5
cd30ecf374e6a733c48724d2f9cb56be

SHA1
0d7840ef830336f3f763b2d5e7639d063881d227

SHA256
58e26d4dbf33bfb3ffd45b67857e03c26b8bcc8ca5e995d5626e94c19064ea65

SHA512
007ef8c46d2e4f5906adc8072a68d6fb2d2339e7b25ab88f13e2d77a7cb40f3091264dd0417818053507486de49e7eaab05bc6c7a82923557d57b8e32c6c7999

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
2a0ffde2020708198e1fe1fa363997c5

SHA1
244369080ee3f800d7227e6f32c6d5418178b7fa

SHA256
51e1ae1c30f8608c72df1dedd35add22b7262652f20fdef14678bed050172af2

SHA512
8f8c68aab387d26a2910bb5f94d08cb7dc7592bdaffe25217670d1c16098745738f6abd9787efa88e982e94394e8510e45db0ce2e6ee5c395c6bbe6451e10691

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FB
Filesize
406B

MD5
e8e1fd6f31b367ae73a042582c50d245

SHA1
d03178d5c94bea38f3a89104461d9d9c5d458f3b

SHA256
9af00c322d8d7389cf758a197bf5fff058fd76ca7ddc234f63047c1e241551a6

SHA512
ca7a511504234d680891b7939ec2e11a653a39d1fba9c6416925be5340b54c57057094954f58895a506fc1cf37045485eadc4dd2b9f46c1afe252a6b98975b86

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BruteL4-DDOS.exe.log
Filesize
859B

MD5
6e11a15fe4491ead2a94f64d3467be38

SHA1
9a8329fb71ddc89dae9aa174c0b44a1f646efd63

SHA256
087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248

SHA512
6154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\1IYUAPIF\location[1].png
Filesize
40KB

MD5
4db9f1f4c36b304e4ecdcff0e4b84f1e

SHA1
9d87524ec7ec0cc9b62e6e8612790d29ba4c4c67

SHA256
ae2943dbe05d5e78e5d578824f8663e6f17d6598431b7e550a45bbddfb1c9fd4

SHA512
c823a497d04b282bdbccbe53dd87202ed60eaec6c9abb5f83b4c40fbab1850fcd80311b9e42e4ba278febc3dcd69f3c544730269b7ef841f96606e64f1081985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\f[1].txt
Filesize
162KB

MD5
625520d0d5a4a53f9f19e5a834ac7179

SHA1
aded4f981c69703a29d51d848161aed6a987edf2

SHA256
27c08839dfeab97f1460f73928ccac012488f370eaacbfb4a8d87d1ee29ce386

SHA512
ff9fe4aa50b416c3cf6821e1be7cee76219fc6ed1dc1d5a011df685c8007b9555db197a415730a6342a86d8cf1a24d33e11293967af965cb9e196be038a1f819

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\S1Q31HZS\pay[1].js
Filesize
114KB

MD5
091dc5bc60d865bbca6e39a0979f3efe

SHA1
0c4a078957d7c804100bdc38fb7af6c86f886423

SHA256
8e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b

SHA512
49c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\f[1].txt
Filesize
162KB

MD5
e1983468ba4b836a303b4a94c91cb588

SHA1
518a3791f2ef6d5f76aa6cc012e66f7a3f07db3d

SHA256
ac97d7c5934438d66651eb6e73c4bcdf7ec522badfb4c6a08e06a451a4a22453

SHA512
5e8922f8267f0d9fd14c573b3a265fd273653764bfc22e51382f4caa433df8400d9a3e9746aac20fa5d4583a164ab9200d706b4cdeacb63f7adf82e8de9f885f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\TUIJN6ZA\polyfill.min[1].js
Filesize
4KB

MD5
61fc9c0df8557a172bd200a02959e168

SHA1
5f2b02e1ad95b7e98e34bd28e94f9bb1a7918c87

SHA256
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab

SHA512
df5d0698fcabc6f8c7631713cbb1dd8c237b1182fda2ee0395d122bb5a0006934551c11b3df70449b43ee25641200b186f62ae2a3269bd6683c50508363e08f0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\logo-dark[1].png
Filesize
15KB

MD5
acc5a3c827b163f9298faa9fd36c5fca

SHA1
cee5d76d35ef484bb39d4c08adafb5ba593cb1e2

SHA256
c432fc6fed123766b84b574465071b7df18cd111e3924d1086627ea325b01363

SHA512
403ad861a206a10069879297339aeaf4673fb398f65f731b4a0914e8f3062aec2a65501ed06609f62a20964acc33140d6762ff5a0d934bbdc20613d15e5ba231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\YYL8D8JJ\pay[1].js
Filesize
114KB

MD5
091dc5bc60d865bbca6e39a0979f3efe

SHA1
0c4a078957d7c804100bdc38fb7af6c86f886423

SHA256
8e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b

SHA512
49c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\base_library.zip
Filesize
812KB

MD5
eb130a9177f630bc33d7e510ed81d9d2

SHA1
c33dae854285d5367e8c87899e1a168abeca8d18

SHA256
987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f

SHA512
17feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI3882\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\base_library.zip
Filesize
812KB

MD5
eb130a9177f630bc33d7e510ed81d9d2

SHA1
c33dae854285d5367e8c87899e1a168abeca8d18

SHA256
987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f

SHA512
17feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI46962\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_2oj2zhyc.qit.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
memory/840-218-0x00007FFD00010000-0x00007FFD00011000-memory.dmp

Filesize
4KB

Download
memory/840-154-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/840-234-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/840-157-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/840-158-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/840-160-0x00007FFD00030000-0x00007FFD00031000-memory.dmp

Filesize
4KB

Download
memory/840-159-0x00007FFD00000000-0x00007FFD00002000-memory.dmp

Filesize
8KB

Download
memory/1400-603-0x00007FFD58140000-0x00007FFD58159000-memory.dmp

Filesize
100KB

Download
memory/1400-590-0x00007FFD43A60000-0x00007FFD43EC5000-memory.dmp

Filesize
4.4MB

Download
memory/1400-672-0x00007FFD598E0000-0x00007FFD59904000-memory.dmp

Filesize
144KB

Download
memory/1400-671-0x00007FFD43A60000-0x00007FFD43EC5000-memory.dmp

Filesize
4.4MB

Download
memory/1400-602-0x00007FFD5B1C0000-0x00007FFD5B1CF000-memory.dmp

Filesize
60KB

Download
memory/1400-604-0x00007FFD57E10000-0x00007FFD57E1D000-memory.dmp

Filesize
52KB

Download
memory/1400-601-0x00007FFD598E0000-0x00007FFD59904000-memory.dmp

Filesize
144KB

Download
memory/1400-644-0x00007FFD43A60000-0x00007FFD43EC5000-memory.dmp

Filesize
4.4MB

Download
memory/2144-620-0x00007FF47D0F0000-0x00007FF47D4C1000-memory.dmp

Filesize
3.8MB

Download
memory/2144-550-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2144-653-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2144-648-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/2144-605-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/2144-643-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/2144-647-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/2144-589-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/2144-618-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/2144-619-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2144-600-0x00000000051A0000-0x00000000051B0000-memory.dmp

Filesize
64KB

Download
memory/2144-530-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/2144-531-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2144-532-0x00007FF47D0F0000-0x00007FF47D4C1000-memory.dmp

Filesize
3.8MB

Download
memory/2144-552-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2340-290-0x00007FFD54060000-0x00007FFD5406F000-memory.dmp

Filesize
60KB

Download
memory/2340-449-0x00007FFD44570000-0x00007FFD44594000-memory.dmp

Filesize
144KB

Download
memory/2340-450-0x00007FFD54060000-0x00007FFD5406F000-memory.dmp

Filesize
60KB

Download
memory/2340-288-0x00007FFD39FF0000-0x00007FFD3A455000-memory.dmp

Filesize
4.4MB

Download
memory/2340-291-0x00007FFD444C0000-0x00007FFD444D9000-memory.dmp

Filesize
100KB

Download
memory/2340-263-0x00007FFD39FF0000-0x00007FFD3A455000-memory.dmp

Filesize
4.4MB

Download
memory/2340-452-0x00007FFD53F90000-0x00007FFD53F9D000-memory.dmp

Filesize
52KB

Download
memory/2340-289-0x00007FFD44570000-0x00007FFD44594000-memory.dmp

Filesize
144KB

Download
memory/2340-451-0x00007FFD444C0000-0x00007FFD444D9000-memory.dmp

Filesize
100KB

Download
memory/2340-292-0x00007FFD53F90000-0x00007FFD53F9D000-memory.dmp

Filesize
52KB

Download
memory/2340-448-0x00007FFD39FF0000-0x00007FFD3A455000-memory.dmp

Filesize
4.4MB

Download
memory/4252-461-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4252-460-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4252-462-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4252-474-0x000000001DF50000-0x000000001DF60000-memory.dmp

Filesize
64KB

Download
memory/4252-551-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4292-294-0x00000000201D0000-0x00000000201E0000-memory.dmp

Filesize
64KB

Download
memory/4292-167-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-295-0x00000000201D0000-0x00000000201E0000-memory.dmp

Filesize
64KB

Download
memory/4292-162-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-311-0x0000000026E70000-0x0000000027616000-memory.dmp

Filesize
7.6MB

Download
memory/4292-293-0x00007FFD60140000-0x00007FFD60150000-memory.dmp

Filesize
64KB

Download
memory/4292-313-0x00000000201C0000-0x00000000201C8000-memory.dmp

Filesize
32KB

Download
memory/4292-374-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4292-216-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4292-217-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-219-0x00007FF4F9AD0000-0x00007FF4F9EA1000-memory.dmp

Filesize
3.8MB

Download
memory/4292-220-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-232-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-235-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-233-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-360-0x00007FF7A5400000-0x00007FF7A640C000-memory.dmp

Filesize
16.0MB

Download
memory/4292-363-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-361-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-365-0x0000000026AC0000-0x0000000026B14000-memory.dmp

Filesize
336KB

Download
memory/4292-364-0x00000000201C0000-0x00000000201C8000-memory.dmp

Filesize
32KB

Download
memory/4292-255-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-259-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-287-0x0000000004340000-0x0000000004362000-memory.dmp

Filesize
136KB

Download
memory/4292-269-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-268-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-264-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-366-0x00007FF4F9AD0000-0x00007FF4F9EA1000-memory.dmp

Filesize
3.8MB

Download
memory/4540-314-0x00007FF43DDF0000-0x00007FF43E1C1000-memory.dmp

Filesize
3.8MB

Download
memory/4540-377-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-359-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-401-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-317-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-316-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-312-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-310-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-375-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-376-0x00007FF43DDF0000-0x00007FF43E1C1000-memory.dmp

Filesize
3.8MB

Download
memory/4540-389-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-395-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-383-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4540-318-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download
memory/4756-148-0x0000000000F50000-0x0000000000F5C000-memory.dmp

Filesize
48KB

Download
memory/4756-161-0x000000001D620000-0x000000001D630000-memory.dmp

Filesize
64KB

Download
memory/4756-151-0x000000001D620000-0x000000001D630000-memory.dmp

Filesize
64KB

Download
memory/5040-610-0x00007FF42FA10000-0x00007FF42FDE1000-memory.dmp

Filesize
3.8MB

Download
memory/5040-609-0x0000000001000000-0x0000000001EEF000-memory.dmp

Filesize
14.9MB

Download