55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32

Analysis

max time kernel
288s
max time network
303s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 12:28

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BruteL4 DDOS Tool.exe
Size

12.0MB
MD5

7469696e71e96dd67ce6c5f59c2e77c7
SHA1

a26de444a133d56eb51f5bac21fb2f925b5ee37a
SHA256

55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
SHA512

7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
SSDEEP

393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw

Score

10^/10

evasion pyinstaller themida trojan upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	pid	process	target process
PID 1332 created 3184	1332	BruteL4-DDOS.exe	Explorer.EXE
PID 4348 created 3184	4348	BruteL4-DDOS.exe	Explorer.EXE
PID 2832 created 3184	2832	BruteL4-DDOS.exe	Explorer.EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4 DDOS Tool.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe

Drops startup file 2 IoCs

Processes:

crack.exe

description	ioc	process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe

Executes dropped EXE 16 IoCs

Processes:

crack.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exe

pid	process
316	crack.exe
1332	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
2520	BruteL4DDOS.exe
1536	BruteL4DDOS.exe
3220	MpDlpCmd.exe
4348	BruteL4-DDOS.exe
2840	BruteL4-DDOS.exe
2808	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
4704	MpDlpCmd.exe
2832	BruteL4-DDOS.exe
4696	BruteL4-DDOS.exe
2012	BruteL4DDOS.exe
2632	BruteL4DDOS.exe
2868	MpDlpCmd.exe

Loads dropped DLL 18 IoCs

Processes:

BruteL4DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exe

pid	process
1536	BruteL4DDOS.exe
1536	BruteL4DDOS.exe
1536	BruteL4DDOS.exe
1536	BruteL4DDOS.exe
1536	BruteL4DDOS.exe
1536	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
4292	BruteL4DDOS.exe
2632	BruteL4DDOS.exe
2632	BruteL4DDOS.exe
2632	BruteL4DDOS.exe
2632	BruteL4DDOS.exe
2632	BruteL4DDOS.exe
2632	BruteL4DDOS.exe

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/1332-157-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
behavioral1/memory/1332-158-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/1332-238-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
behavioral1/memory/4292-373-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/4348-410-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
behavioral1/memory/4348-411-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/4348-500-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida

UPX packed file 42 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI25202\python310.dll	upx
behavioral1/memory/1536-268-0x00007FFD3F920000-0x00007FFD3FD85000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI25202\python310.dll	upx
behavioral1/memory/1536-279-0x00007FFD3F920000-0x00007FFD3FD85000-memory.dmp	upx
behavioral1/memory/1536-283-0x00007FFD487A0000-0x00007FFD487B9000-memory.dmp	upx
behavioral1/memory/1536-282-0x00007FFD58830000-0x00007FFD5883F000-memory.dmp	upx
behavioral1/memory/1536-280-0x00007FFD588A0000-0x00007FFD588C4000-memory.dmp	upx
behavioral1/memory/1536-284-0x00007FFD58430000-0x00007FFD5843D000-memory.dmp	upx
behavioral1/memory/1536-401-0x00007FFD3F920000-0x00007FFD3FD85000-memory.dmp	upx
behavioral1/memory/1536-402-0x00007FFD588A0000-0x00007FFD588C4000-memory.dmp	upx
behavioral1/memory/1536-403-0x00007FFD58830000-0x00007FFD5883F000-memory.dmp	upx
behavioral1/memory/1536-404-0x00007FFD487A0000-0x00007FFD487B9000-memory.dmp	upx
behavioral1/memory/1536-405-0x00007FFD58430000-0x00007FFD5843D000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_socket.pyd	upx
behavioral1/memory/4292-537-0x00007FFD3CC60000-0x00007FFD3D0C5000-memory.dmp	upx
behavioral1/memory/4292-539-0x00007FFD49CB0000-0x00007FFD49CD4000-memory.dmp	upx
behavioral1/memory/4292-540-0x00007FFD59960000-0x00007FFD5996F000-memory.dmp	upx
behavioral1/memory/4292-541-0x00007FFD50440000-0x00007FFD50459000-memory.dmp	upx
behavioral1/memory/4292-543-0x00007FFD59080000-0x00007FFD5908D000-memory.dmp	upx
behavioral1/memory/4292-585-0x00007FFD3CC60000-0x00007FFD3D0C5000-memory.dmp	upx
behavioral1/memory/4292-586-0x00007FFD49CB0000-0x00007FFD49CD4000-memory.dmp	upx
behavioral1/memory/4292-609-0x00007FFD3CC60000-0x00007FFD3D0C5000-memory.dmp	upx
behavioral1/memory/4292-610-0x00007FFD49CB0000-0x00007FFD49CD4000-memory.dmp	upx
behavioral1/memory/4292-611-0x00007FFD59960000-0x00007FFD5996F000-memory.dmp	upx
behavioral1/memory/4292-612-0x00007FFD50440000-0x00007FFD50459000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 36 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
1332	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
4348	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
2840	BruteL4-DDOS.exe
2840	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
4704	MpDlpCmd.exe
2840	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
2832	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
4696	BruteL4-DDOS.exe
4696	BruteL4-DDOS.exe
2868	MpDlpCmd.exe
3220	MpDlpCmd.exe
4696	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	pid	process	target process
PID 1332 set thread context of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 set thread context of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 set thread context of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe

Detects Pyinstaller 8 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 5 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BruteL4 DDOS Tool.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BruteL4 DDOS Tool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

crack.exe

pid process

316 crack.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

BruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
4292	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
3220	MpDlpCmd.exe
2840	BruteL4-DDOS.exe
2840	BruteL4-DDOS.exe
2840	BruteL4-DDOS.exe
4704	MpDlpCmd.exe
4704	MpDlpCmd.exe
4696	BruteL4-DDOS.exe
4696	BruteL4-DDOS.exe
4696	BruteL4-DDOS.exe
2868	MpDlpCmd.exe
2868	MpDlpCmd.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

Processes:

BruteL4 DDOS Tool.exe

pid process

4724 BruteL4 DDOS Tool.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BruteL4-DDOS.exe

description	pid	process
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4292	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4292	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4292	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4292	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4292	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4292	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4292	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4292	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4292	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4292	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4292	BruteL4-DDOS.exe
Token: 33	4292	BruteL4-DDOS.exe
Token: 34	4292	BruteL4-DDOS.exe
Token: 35	4292	BruteL4-DDOS.exe
Token: 36	4292	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4292	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4292	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4292	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4292	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4292	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4292	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4292	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4292	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4292	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4292	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4292	BruteL4-DDOS.exe
Token: 33	4292	BruteL4-DDOS.exe
Token: 34	4292	BruteL4-DDOS.exe
Token: 35	4292	BruteL4-DDOS.exe
Token: 36	4292	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4292	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4292	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4292	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4292	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4292	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4292	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4292	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4292	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4292	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4292	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4292	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4292	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4292	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4292	BruteL4-DDOS.exe
Token: 33	4292	BruteL4-DDOS.exe
Token: 34	4292	BruteL4-DDOS.exe
Token: 35	4292	BruteL4-DDOS.exe
Token: 36	4292	BruteL4-DDOS.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
4724	BruteL4 DDOS Tool.exe
4724	BruteL4 DDOS Tool.exe
4292	BruteL4-DDOS.exe
3220	MpDlpCmd.exe
2840	BruteL4-DDOS.exe
4704	MpDlpCmd.exe
4696	BruteL4-DDOS.exe
2868	MpDlpCmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exe

description	pid	process	target process
PID 4724 wrote to memory of 316	4724	BruteL4 DDOS Tool.exe	crack.exe
PID 4724 wrote to memory of 316	4724	BruteL4 DDOS Tool.exe	crack.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 4292	1332	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1332 wrote to memory of 2520	1332	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 1332 wrote to memory of 2520	1332	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 2520 wrote to memory of 1536	2520	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2520 wrote to memory of 1536	2520	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 1536 wrote to memory of 1948	1536	BruteL4DDOS.exe	cmd.exe
PID 1536 wrote to memory of 1948	1536	BruteL4DDOS.exe	cmd.exe
PID 1536 wrote to memory of 1404	1536	BruteL4DDOS.exe	cmd.exe
PID 1536 wrote to memory of 1404	1536	BruteL4DDOS.exe	cmd.exe
PID 1404 wrote to memory of 2004	1404	cmd.exe	mode.com
PID 1404 wrote to memory of 2004	1404	cmd.exe	mode.com
PID 1536 wrote to memory of 4160	1536	BruteL4DDOS.exe	cmd.exe
PID 1536 wrote to memory of 4160	1536	BruteL4DDOS.exe	cmd.exe
PID 4292 wrote to memory of 3220	4292	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 4292 wrote to memory of 3220	4292	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2840	4348	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 4348 wrote to memory of 2808	4348	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 4348 wrote to memory of 2808	4348	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 2808 wrote to memory of 4292	2808	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2808 wrote to memory of 4292	2808	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4292 wrote to memory of 4008	4292	BruteL4DDOS.exe	cmd.exe
PID 4292 wrote to memory of 4008	4292	BruteL4DDOS.exe	cmd.exe
PID 4292 wrote to memory of 2628	4292	BruteL4DDOS.exe	cmd.exe
PID 4292 wrote to memory of 2628	4292	BruteL4DDOS.exe	cmd.exe
PID 2628 wrote to memory of 5084	2628	cmd.exe	mode.com
PID 2628 wrote to memory of 5084	2628	cmd.exe	mode.com
PID 4292 wrote to memory of 1416	4292	BruteL4DDOS.exe	cmd.exe
PID 4292 wrote to memory of 1416	4292	BruteL4DDOS.exe	cmd.exe
PID 2840 wrote to memory of 4704	2840	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 2840 wrote to memory of 4704	2840	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 4696	2832	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2832 wrote to memory of 2012	2832	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 2832 wrote to memory of 2012	2832	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 2012 wrote to memory of 2632	2012	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2012 wrote to memory of 2632	2012	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2632 wrote to memory of 4944	2632	BruteL4DDOS.exe	cmd.exe
PID 2632 wrote to memory of 4944	2632	BruteL4DDOS.exe	cmd.exe
PID 2632 wrote to memory of 636	2632	BruteL4DDOS.exe	cmd.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3184

C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe
"C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe"
2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4724

C:\Users\Admin\Desktop\crack.exe
"C:\Users\Admin\Desktop\crack.exe"
3⤵
- Drops startup file
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:316

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1332

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2520

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:1536

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
- Suspicious use of WriteProcessMemory
PID:1404

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:2004

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:4160

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:1948

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4292

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:3220

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:4348

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2808

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4292

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
- Suspicious use of WriteProcessMemory
PID:2628

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:5084

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:4008

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:1416

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2840

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4704

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2832

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2012

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2632

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:4944

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
PID:636

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:2620

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:1064

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4696

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2868

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
e724c31ebc88e60f049303b0de7d974b

SHA1
9a312846156fd46df951e14481bf99e24745b499

SHA256
56fd0a690c9e7ef773eddc340f110e64ebbfec7580f852d089188c04b9cb17f0

SHA512
4557b7a7b8dc8d61429b286111c81d3671a452702c4cd9e168d83ed5d30e093238ffdaf9ff5600b378fe208a3c0ebc7cb4b399d661be0bf614f20f93f4df700e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3
Filesize
472B

MD5
eef4409d0ad90e2899e538028bd3fa76

SHA1
2d6edd13cbd2d201ef921fc33c053aec8f8b740c

SHA256
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d

SHA512
cc2b740eee3c85df4b617245f6b1ddebaaa32d0afc2e4a1e4c3965bf1a51c93c42016220c3aa385828020a73d4641e2a40183f37e5f2492911a0bf92ffbb623d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9
Filesize
1KB

MD5
b22cd96ebbf9486828d850073c0dac6a

SHA1
c82a0bb12cb7f6757e12d062cacfd1b5fc0cd2d6

SHA256
b563fb2557dc1c2b48fb4708b5df3b09950f6f08c39bb898119062e04df5d9f2

SHA512
a6624875f88712022564fd36ef57ab2a623004b68af81cb7947db299df2d3771a5c4a61a776642682ba9f4ecd80527ab8ced9e973fee9480d4c1f9df37cec5cb

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001
Filesize
1KB

MD5
7911153b3a6990562c4898f7319134d3

SHA1
b8b2ed40eb9e636c6a9983b4371ea54f1c7bbf18

SHA256
c4818e0eeab3d510042fc27c0fc3b872f39386e91634858871345b80c00106b8

SHA512
aae4604ae5df61604637f80bb726f536d13eee8ae9defea55ef59a6ee387135baf7f2ca05537c757d19259c71de79141f94c5aa912d03915c25833be425589ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FB
Filesize
471B

MD5
f0f306ea49f1bd3f358f7579513e7377

SHA1
c2845c696f6685a211bc040895d28ebf23fa1bc0

SHA256
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb

SHA512
203d49777b7eb2deb10c361311a9317fe9fdac905857527f587cc6a8287b7c2e56d72c0f83c822628765c800e7ea5a0d92c379e4fff2096af485af388c0a9be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
419e240a28fed5d8340bb46467a50c43

SHA1
9611b23b8144a7f7f0ca6d285e199866f7a841e0

SHA256
6dbffe472b239a218436eac5ddabe9ec8feb0f6b6934b909ac7ff762c770ec21

SHA512
9c821f948545bb14cc8b904d82dd95de241e8ceb4ab8dc412593e2dd61d76f48c04063014f3eb2f24d694391e7891ba7b50c3e06982e734e1756b17c705fdda2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3
Filesize
402B

MD5
3839ac8b6e21131bc5ab061625428f1f

SHA1
7eadc1ef639411785d116408e36b2f5296f8b596

SHA256
71eb2d30ec2ecdb41879dc6879c2d61857b33fa96697bb8a71ddb2872062d527

SHA512
f0b676d2f5486f4770494312c71a647bb3dfc0c55df81bb63212931e118cbe0aa552c7dbb838a0c542e204081fb722004339d6b41d1a5ff8d947a04ebc6e5d5e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9
Filesize
520B

MD5
3c97673c6d7da02cdd1efbffa40781b6

SHA1
8e301000008f0dd04cb03f3aaf1024082d15f250

SHA256
575e514b6521702113c40ac77e2304415cc6c470a84ae3405a1d4a0619540bc4

SHA512
d04e7d1d9ac2cd59ae8b967558a27eb2a5cf90f3d6a336c28b157318e38ac036849ce06891864098d3c57d122271010116f6c1582314d41562b3e69b594746dd

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001
Filesize
492B

MD5
4f43b22ee50ddcb96877fce0f6e65c5d

SHA1
808c5070300af45764544981659b8b56d7aa9f4f

SHA256
1f5c980adc21b0e7ddeddb03bac2aaf7a6f5aa5c3338ad84b0d9b3dee0345dda

SHA512
743e8c6edfdd924f9ad53e1a8c35195ea71b4c6b5b4ebfd7458357098779d6b911231d2c932bcd5f0045eedeef98af55ad5e304e5472c7644eef81a4b6dd498f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
5f419b34f64b0527ec006fa09977f9dd

SHA1
ee931e08348d737c7c2468f1856093f9aa13a8fb

SHA256
00c2dfeacde7bcfdbe06e4cf1d1026514a00e2ada6c96c2d05734e31f52b3a67

SHA512
61ba7a056cebe76ffe32e5b2b24bf6d78bdca4449257851d05c1e7406a4dd184068db5fa046dd58d29c1081acedcf54117111ef30d00f3c13ce3be9236f625fc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FB
Filesize
406B

MD5
66a23d06376eb58fa166a61e49f1c22d

SHA1
4266d8aec1aa13ce087a937048a510d75907d7e1

SHA256
7eb2037a25f9f9c03ebb7cfbef628db856fbcf9ce483f4f3cd16e3efe60490cd

SHA512
6d93fccd0013aad53a382c6f15aa42198ad015c65ed6d3481ac4f09eee7c5007541ea53e0d1c45a98482991dc2c9aa35a8f485a3d709cd915bca1323f59861b9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BruteL4-DDOS.exe.log
Filesize
859B

MD5
6e11a15fe4491ead2a94f64d3467be38

SHA1
9a8329fb71ddc89dae9aa174c0b44a1f646efd63

SHA256
087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248

SHA512
6154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\location[1].png
Filesize
40KB

MD5
4db9f1f4c36b304e4ecdcff0e4b84f1e

SHA1
9d87524ec7ec0cc9b62e6e8612790d29ba4c4c67

SHA256
ae2943dbe05d5e78e5d578824f8663e6f17d6598431b7e550a45bbddfb1c9fd4

SHA512
c823a497d04b282bdbccbe53dd87202ed60eaec6c9abb5f83b4c40fbab1850fcd80311b9e42e4ba278febc3dcd69f3c544730269b7ef841f96606e64f1081985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\logo-dark[1].png
Filesize
15KB

MD5
acc5a3c827b163f9298faa9fd36c5fca

SHA1
cee5d76d35ef484bb39d4c08adafb5ba593cb1e2

SHA256
c432fc6fed123766b84b574465071b7df18cd111e3924d1086627ea325b01363

SHA512
403ad861a206a10069879297339aeaf4673fb398f65f731b4a0914e8f3062aec2a65501ed06609f62a20964acc33140d6762ff5a0d934bbdc20613d15e5ba231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\f[1].txt
Filesize
162KB

MD5
40507f98323c8701bff6927eb5e14c8f

SHA1
5493a671a0bcdaeedfccacf495f1ad4cfb36f986

SHA256
59baaca89c7f5f418956208f3c2110931cb455bd354ddf87848c5916e7e2aad2

SHA512
82456ecb2008c783f8afb0ae497f9a61f190552e3009a915706d26547ff91df81af7d942264f95058c79a6121e8a5fde93ae163d6976b8d05cb70920b2b119ba

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\pay[1].js
Filesize
114KB

MD5
091dc5bc60d865bbca6e39a0979f3efe

SHA1
0c4a078957d7c804100bdc38fb7af6c86f886423

SHA256
8e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b

SHA512
49c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\pay[1].js
Filesize
114KB

MD5
091dc5bc60d865bbca6e39a0979f3efe

SHA1
0c4a078957d7c804100bdc38fb7af6c86f886423

SHA256
8e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b

SHA512
49c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\f[1].txt
Filesize
162KB

MD5
14bb500fb5a7585ed8d44ee94b89cd18

SHA1
8e454ff187a873421b78691c41e0f3d5afa48e8c

SHA256
9b3426e1dced70e92410bd298ff48f0d77f4f4a2501dd53011a525445792c2cc

SHA512
f66829b8c0c2cc748105c73cd5b98bf639875f30c4178d7c380947dc485a102b2b9c3773af36ff91c120cb982fba4bb02323a746206887f522c622a55fcf8648

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\polyfill.min[1].js
Filesize
4KB

MD5
61fc9c0df8557a172bd200a02959e168

SHA1
5f2b02e1ad95b7e98e34bd28e94f9bb1a7918c87

SHA256
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab

SHA512
df5d0698fcabc6f8c7631713cbb1dd8c237b1182fda2ee0395d122bb5a0006934551c11b3df70449b43ee25641200b186f62ae2a3269bd6683c50508363e08f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\base_library.zip
Filesize
812KB

MD5
eb130a9177f630bc33d7e510ed81d9d2

SHA1
c33dae854285d5367e8c87899e1a168abeca8d18

SHA256
987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f

SHA512
17feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI25202\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\base_library.zip
Filesize
812KB

MD5
eb130a9177f630bc33d7e510ed81d9d2

SHA1
c33dae854285d5367e8c87899e1a168abeca8d18

SHA256
987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f

SHA512
17feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI28082\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_asx2cluk.txz.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
memory/316-151-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/316-148-0x0000000000850000-0x000000000085C000-memory.dmp

Filesize
48KB

Download
memory/316-216-0x00000000029E0000-0x00000000029F0000-memory.dmp

Filesize
64KB

Download
memory/1332-238-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/1332-161-0x000000001DD90000-0x000000001DDA0000-memory.dmp

Filesize
64KB

Download
memory/1332-160-0x00007FFD00030000-0x00007FFD00031000-memory.dmp

Filesize
4KB

Download
memory/1332-159-0x00007FFD00000000-0x00007FFD00002000-memory.dmp

Filesize
8KB

Download
memory/1332-158-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/1332-229-0x00007FFD00010000-0x00007FFD00011000-memory.dmp

Filesize
4KB

Download
memory/1332-157-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/1332-154-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/1536-268-0x00007FFD3F920000-0x00007FFD3FD85000-memory.dmp

Filesize
4.4MB

Download
memory/1536-279-0x00007FFD3F920000-0x00007FFD3FD85000-memory.dmp

Filesize
4.4MB

Download
memory/1536-284-0x00007FFD58430000-0x00007FFD5843D000-memory.dmp

Filesize
52KB

Download
memory/1536-280-0x00007FFD588A0000-0x00007FFD588C4000-memory.dmp

Filesize
144KB

Download
memory/1536-282-0x00007FFD58830000-0x00007FFD5883F000-memory.dmp

Filesize
60KB

Download
memory/1536-283-0x00007FFD487A0000-0x00007FFD487B9000-memory.dmp

Filesize
100KB

Download
memory/1536-401-0x00007FFD3F920000-0x00007FFD3FD85000-memory.dmp

Filesize
4.4MB

Download
memory/1536-402-0x00007FFD588A0000-0x00007FFD588C4000-memory.dmp

Filesize
144KB

Download
memory/1536-403-0x00007FFD58830000-0x00007FFD5883F000-memory.dmp

Filesize
60KB

Download
memory/1536-404-0x00007FFD487A0000-0x00007FFD487B9000-memory.dmp

Filesize
100KB

Download
memory/1536-405-0x00007FFD58430000-0x00007FFD5843D000-memory.dmp

Filesize
52KB

Download
memory/2840-524-0x000000001FE70000-0x000000001FE80000-memory.dmp

Filesize
64KB

Download
memory/2840-538-0x000000001FE70000-0x000000001FE80000-memory.dmp

Filesize
64KB

Download
memory/2840-584-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2840-575-0x00007FF434640000-0x00007FF434A11000-memory.dmp

Filesize
3.8MB

Download
memory/2840-544-0x000000001FE70000-0x000000001FE80000-memory.dmp

Filesize
64KB

Download
memory/2840-574-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2840-573-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/2840-470-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/2840-472-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2840-474-0x00007FF434640000-0x00007FF434A11000-memory.dmp

Filesize
3.8MB

Download
memory/2840-478-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2840-479-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/3220-388-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-323-0x00007FF477CA0000-0x00007FF478071000-memory.dmp

Filesize
3.8MB

Download
memory/3220-400-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-382-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-376-0x00007FF477CA0000-0x00007FF478071000-memory.dmp

Filesize
3.8MB

Download
memory/3220-321-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-375-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-394-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-322-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-324-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-325-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-326-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-369-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/3220-412-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/4292-267-0x00007FFD66060000-0x00007FFD66070000-memory.dmp

Filesize
64KB

Download
memory/4292-162-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-370-0x0000000005DD0000-0x0000000005DE0000-memory.dmp

Filesize
64KB

Download
memory/4292-221-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-537-0x00007FFD3CC60000-0x00007FFD3D0C5000-memory.dmp

Filesize
4.4MB

Download
memory/4292-539-0x00007FFD49CB0000-0x00007FFD49CD4000-memory.dmp

Filesize
144KB

Download
memory/4292-540-0x00007FFD59960000-0x00007FFD5996F000-memory.dmp

Filesize
60KB

Download
memory/4292-231-0x00007FF4D5F30000-0x00007FF4D6301000-memory.dmp

Filesize
3.8MB

Download
memory/4292-541-0x00007FFD50440000-0x00007FFD50459000-memory.dmp

Filesize
100KB

Download
memory/4292-543-0x00007FFD59080000-0x00007FFD5908D000-memory.dmp

Filesize
52KB

Download
memory/4292-230-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-219-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-281-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-294-0x0000000005EA0000-0x0000000005EC2000-memory.dmp

Filesize
136KB

Download
memory/4292-218-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4292-217-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-220-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-363-0x0000000005DD0000-0x0000000005DE0000-memory.dmp

Filesize
64KB

Download
memory/4292-165-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-609-0x00007FFD3CC60000-0x00007FFD3D0C5000-memory.dmp

Filesize
4.4MB

Download
memory/4292-362-0x0000000005DD0000-0x0000000005DE0000-memory.dmp

Filesize
64KB

Download
memory/4292-232-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-373-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4292-237-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-374-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-239-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-295-0x0000000005DD0000-0x0000000005DE0000-memory.dmp

Filesize
64KB

Download
memory/4292-320-0x00007FF4D5F30000-0x00007FF4D6301000-memory.dmp

Filesize
3.8MB

Download
memory/4292-319-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-317-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4292-316-0x0000000026FE0000-0x0000000027786000-memory.dmp

Filesize
7.6MB

Download
memory/4292-269-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-296-0x0000000005DD0000-0x0000000005DE0000-memory.dmp

Filesize
64KB

Download
memory/4292-612-0x00007FFD50440000-0x00007FFD50459000-memory.dmp

Filesize
100KB

Download
memory/4292-371-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4292-611-0x00007FFD59960000-0x00007FFD5996F000-memory.dmp

Filesize
60KB

Download
memory/4292-610-0x00007FFD49CB0000-0x00007FFD49CD4000-memory.dmp

Filesize
144KB

Download
memory/4292-585-0x00007FFD3CC60000-0x00007FFD3D0C5000-memory.dmp

Filesize
4.4MB

Download
memory/4292-586-0x00007FFD49CB0000-0x00007FFD49CD4000-memory.dmp

Filesize
144KB

Download
memory/4348-413-0x00000000032E0000-0x00000000032F0000-memory.dmp

Filesize
64KB

Download
memory/4348-410-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4348-411-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4348-500-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4348-409-0x00007FF7A85C0000-0x00007FF7A95CC000-memory.dmp

Filesize
16.0MB

Download
memory/4704-548-0x0000000000060000-0x0000000000F4F000-memory.dmp

Filesize
14.9MB

Download
memory/4704-549-0x00007FF48C320000-0x00007FF48C6F1000-memory.dmp

Filesize
3.8MB

Download