Analysis
-
max time kernel
566s -
max time network
1210s -
platform
windows10-2004_x64 -
resource
win10v2004-20230221-en -
resource tags
arch:x64arch:x86image:win10v2004-20230221-enlocale:en-usos:windows10-2004-x64system -
submitted
25-03-2023 13:50
Static task
static1
Behavioral task
behavioral1
Sample
BruteL4 DDOS Tool.exe
Resource
win10v2004-20230221-en
General
-
Target
BruteL4 DDOS Tool.exe
-
Size
12.0MB
-
MD5
7469696e71e96dd67ce6c5f59c2e77c7
-
SHA1
a26de444a133d56eb51f5bac21fb2f925b5ee37a
-
SHA256
55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
-
SHA512
7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
-
SSDEEP
393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 1 IoCs
Processes:
BruteL4-DDOS.exedescription pid process target process PID 4520 created 3144 4520 BruteL4-DDOS.exe Explorer.EXE -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 1 IoCs
Processes:
BruteL4-DDOS.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ BruteL4-DDOS.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 2 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
BruteL4-DDOS.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion BruteL4-DDOS.exe -
Checks computer location settings 2 TTPs 3 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
BruteL4-DDOS.exeBruteL4 DDOS Tool.exeBruteL4-DDOS.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation BruteL4 DDOS Tool.exe Key value queried \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe -
Drops startup file 2 IoCs
Processes:
crack.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe crack.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe crack.exe -
Executes dropped EXE 6 IoCs
Processes:
crack.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exepid process 5012 crack.exe 4520 BruteL4-DDOS.exe 1120 BruteL4-DDOS.exe 2432 BruteL4DDOS.exe 4664 BruteL4DDOS.exe 688 MpDlpCmd.exe -
Loads dropped DLL 6 IoCs
Processes:
BruteL4DDOS.exepid process 4664 BruteL4DDOS.exe 4664 BruteL4DDOS.exe 4664 BruteL4DDOS.exe 4664 BruteL4DDOS.exe 4664 BruteL4DDOS.exe 4664 BruteL4DDOS.exe -
Processes:
resource yara_rule C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida behavioral1/memory/4520-160-0x00007FF756F80000-0x00007FF757F8C000-memory.dmp themida behavioral1/memory/4520-161-0x00007FF756F80000-0x00007FF757F8C000-memory.dmp themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida behavioral1/memory/4520-233-0x00007FF756F80000-0x00007FF757F8C000-memory.dmp themida behavioral1/memory/1120-378-0x00007FF756F80000-0x00007FF757F8C000-memory.dmp themida -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI24322\python310.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\python310.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\_ctypes.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI24322\_ctypes.pyd upx behavioral1/memory/4664-271-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx behavioral1/memory/4664-272-0x00007FFE7E620000-0x00007FFE7E644000-memory.dmp upx behavioral1/memory/4664-274-0x00007FFE84E10000-0x00007FFE84E1F000-memory.dmp upx behavioral1/memory/4664-276-0x00007FFE84DD0000-0x00007FFE84DDD000-memory.dmp upx behavioral1/memory/4664-275-0x00007FFE7E5C0000-0x00007FFE7E5D9000-memory.dmp upx behavioral1/memory/4664-381-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx behavioral1/memory/4664-387-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx behavioral1/memory/4664-393-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx behavioral1/memory/4664-399-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx behavioral1/memory/4664-405-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx behavioral1/memory/4664-411-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmp upx -
Processes:
BruteL4-DDOS.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA BruteL4-DDOS.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 33 IoCs
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exepid process 4520 BruteL4-DDOS.exe 1120 BruteL4-DDOS.exe 1120 BruteL4-DDOS.exe 1120 BruteL4-DDOS.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 1120 BruteL4-DDOS.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe -
Suspicious use of SetThreadContext 1 IoCs
Processes:
BruteL4-DDOS.exedescription pid process target process PID 4520 set thread context of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe -
Detects Pyinstaller 4 IoCs
Processes:
resource yara_rule C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 3 IoCs
Processes:
BruteL4 DDOS Tool.exeBruteL4-DDOS.exedescription ioc process Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ BruteL4 DDOS Tool.exe Key created \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ BruteL4 DDOS Tool.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ BruteL4-DDOS.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
crack.exepid process 5012 crack.exe -
Suspicious behavior: EnumeratesProcesses 5 IoCs
Processes:
BruteL4-DDOS.exeMpDlpCmd.exepid process 1120 BruteL4-DDOS.exe 1120 BruteL4-DDOS.exe 1120 BruteL4-DDOS.exe 688 MpDlpCmd.exe 688 MpDlpCmd.exe -
Suspicious behavior: GetForegroundWindowSpam 1 IoCs
Processes:
BruteL4 DDOS Tool.exepid process 4084 BruteL4 DDOS Tool.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
BruteL4-DDOS.exedescription pid process Token: SeDebugPrivilege 1120 BruteL4-DDOS.exe Token: SeIncreaseQuotaPrivilege 1120 BruteL4-DDOS.exe Token: SeSecurityPrivilege 1120 BruteL4-DDOS.exe Token: SeTakeOwnershipPrivilege 1120 BruteL4-DDOS.exe Token: SeLoadDriverPrivilege 1120 BruteL4-DDOS.exe Token: SeSystemProfilePrivilege 1120 BruteL4-DDOS.exe Token: SeSystemtimePrivilege 1120 BruteL4-DDOS.exe Token: SeProfSingleProcessPrivilege 1120 BruteL4-DDOS.exe Token: SeIncBasePriorityPrivilege 1120 BruteL4-DDOS.exe Token: SeCreatePagefilePrivilege 1120 BruteL4-DDOS.exe Token: SeBackupPrivilege 1120 BruteL4-DDOS.exe Token: SeRestorePrivilege 1120 BruteL4-DDOS.exe Token: SeShutdownPrivilege 1120 BruteL4-DDOS.exe Token: SeDebugPrivilege 1120 BruteL4-DDOS.exe Token: SeSystemEnvironmentPrivilege 1120 BruteL4-DDOS.exe Token: SeRemoteShutdownPrivilege 1120 BruteL4-DDOS.exe Token: SeUndockPrivilege 1120 BruteL4-DDOS.exe Token: SeManageVolumePrivilege 1120 BruteL4-DDOS.exe Token: 33 1120 BruteL4-DDOS.exe Token: 34 1120 BruteL4-DDOS.exe Token: 35 1120 BruteL4-DDOS.exe Token: 36 1120 BruteL4-DDOS.exe Token: SeIncreaseQuotaPrivilege 1120 BruteL4-DDOS.exe Token: SeSecurityPrivilege 1120 BruteL4-DDOS.exe Token: SeTakeOwnershipPrivilege 1120 BruteL4-DDOS.exe Token: SeLoadDriverPrivilege 1120 BruteL4-DDOS.exe Token: SeSystemProfilePrivilege 1120 BruteL4-DDOS.exe Token: SeSystemtimePrivilege 1120 BruteL4-DDOS.exe Token: SeProfSingleProcessPrivilege 1120 BruteL4-DDOS.exe Token: SeIncBasePriorityPrivilege 1120 BruteL4-DDOS.exe Token: SeCreatePagefilePrivilege 1120 BruteL4-DDOS.exe Token: SeBackupPrivilege 1120 BruteL4-DDOS.exe Token: SeRestorePrivilege 1120 BruteL4-DDOS.exe Token: SeShutdownPrivilege 1120 BruteL4-DDOS.exe Token: SeDebugPrivilege 1120 BruteL4-DDOS.exe Token: SeSystemEnvironmentPrivilege 1120 BruteL4-DDOS.exe Token: SeRemoteShutdownPrivilege 1120 BruteL4-DDOS.exe Token: SeUndockPrivilege 1120 BruteL4-DDOS.exe Token: SeManageVolumePrivilege 1120 BruteL4-DDOS.exe Token: 33 1120 BruteL4-DDOS.exe Token: 34 1120 BruteL4-DDOS.exe Token: 35 1120 BruteL4-DDOS.exe Token: 36 1120 BruteL4-DDOS.exe Token: SeIncreaseQuotaPrivilege 1120 BruteL4-DDOS.exe Token: SeSecurityPrivilege 1120 BruteL4-DDOS.exe Token: SeTakeOwnershipPrivilege 1120 BruteL4-DDOS.exe Token: SeLoadDriverPrivilege 1120 BruteL4-DDOS.exe Token: SeSystemProfilePrivilege 1120 BruteL4-DDOS.exe Token: SeSystemtimePrivilege 1120 BruteL4-DDOS.exe Token: SeProfSingleProcessPrivilege 1120 BruteL4-DDOS.exe Token: SeIncBasePriorityPrivilege 1120 BruteL4-DDOS.exe Token: SeCreatePagefilePrivilege 1120 BruteL4-DDOS.exe Token: SeBackupPrivilege 1120 BruteL4-DDOS.exe Token: SeRestorePrivilege 1120 BruteL4-DDOS.exe Token: SeShutdownPrivilege 1120 BruteL4-DDOS.exe Token: SeDebugPrivilege 1120 BruteL4-DDOS.exe Token: SeSystemEnvironmentPrivilege 1120 BruteL4-DDOS.exe Token: SeRemoteShutdownPrivilege 1120 BruteL4-DDOS.exe Token: SeUndockPrivilege 1120 BruteL4-DDOS.exe Token: SeManageVolumePrivilege 1120 BruteL4-DDOS.exe Token: 33 1120 BruteL4-DDOS.exe Token: 34 1120 BruteL4-DDOS.exe Token: 35 1120 BruteL4-DDOS.exe Token: 36 1120 BruteL4-DDOS.exe -
Suspicious use of SetWindowsHookEx 4 IoCs
Processes:
BruteL4 DDOS Tool.exeBruteL4-DDOS.exeMpDlpCmd.exepid process 4084 BruteL4 DDOS Tool.exe 4084 BruteL4 DDOS Tool.exe 1120 BruteL4-DDOS.exe 688 MpDlpCmd.exe -
Suspicious use of WriteProcessMemory 25 IoCs
Processes:
BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exedescription pid process target process PID 4084 wrote to memory of 5012 4084 BruteL4 DDOS Tool.exe crack.exe PID 4084 wrote to memory of 5012 4084 BruteL4 DDOS Tool.exe crack.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 1120 4520 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 4520 wrote to memory of 2432 4520 BruteL4-DDOS.exe BruteL4DDOS.exe PID 4520 wrote to memory of 2432 4520 BruteL4-DDOS.exe BruteL4DDOS.exe PID 2432 wrote to memory of 4664 2432 BruteL4DDOS.exe BruteL4DDOS.exe PID 2432 wrote to memory of 4664 2432 BruteL4DDOS.exe BruteL4DDOS.exe PID 4664 wrote to memory of 3300 4664 BruteL4DDOS.exe cmd.exe PID 4664 wrote to memory of 3300 4664 BruteL4DDOS.exe cmd.exe PID 4664 wrote to memory of 1372 4664 BruteL4DDOS.exe cmd.exe PID 4664 wrote to memory of 1372 4664 BruteL4DDOS.exe cmd.exe PID 1372 wrote to memory of 1188 1372 cmd.exe mode.com PID 1372 wrote to memory of 1188 1372 cmd.exe mode.com PID 4664 wrote to memory of 3104 4664 BruteL4DDOS.exe cmd.exe PID 4664 wrote to memory of 3104 4664 BruteL4DDOS.exe cmd.exe PID 1120 wrote to memory of 688 1120 BruteL4-DDOS.exe MpDlpCmd.exe PID 1120 wrote to memory of 688 1120 BruteL4-DDOS.exe MpDlpCmd.exe
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe"C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe"2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious behavior: GetForegroundWindowSpam
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\crack.exe"C:\Users\Admin\Desktop\crack.exe"3⤵
- Drops startup file
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Brute - by billythegoat3565⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode 140, 405⤵
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\microsoft\MpDlpCmd.exe"C:\ProgramData\microsoft\MpDlpCmd.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\mode.commode 140, 401⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\ProgramData\Microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\ProgramData\microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BruteL4-DDOS.exe.logFilesize
859B
MD56e11a15fe4491ead2a94f64d3467be38
SHA19a8329fb71ddc89dae9aa174c0b44a1f646efd63
SHA256087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248
SHA5126154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\VCRUNTIME140.dllFilesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\VCRUNTIME140.dllFilesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\_ctypes.pydFilesize
54KB
MD5e28acb3e65ad0b0f56bbfa07a5524289
SHA1a36cebfed6887d32fc005cd74da22648e7ec8e6c
SHA256269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9
SHA512527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\_ctypes.pydFilesize
54KB
MD5e28acb3e65ad0b0f56bbfa07a5524289
SHA1a36cebfed6887d32fc005cd74da22648e7ec8e6c
SHA256269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9
SHA512527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\_socket.pydFilesize
38KB
MD579ca909a112bf7e02eebbeb24c7fea66
SHA15c3724b1b715365b2754f91e73d044b2673f3903
SHA256f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3
SHA512227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\_socket.pydFilesize
38KB
MD579ca909a112bf7e02eebbeb24c7fea66
SHA15c3724b1b715365b2754f91e73d044b2673f3903
SHA256f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3
SHA512227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\base_library.zipFilesize
812KB
MD5eb130a9177f630bc33d7e510ed81d9d2
SHA1c33dae854285d5367e8c87899e1a168abeca8d18
SHA256987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f
SHA51217feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\libffi-7.dllFilesize
23KB
MD5b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\libffi-7.dllFilesize
23KB
MD5b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\python310.dllFilesize
1.4MB
MD5b607df83392febab3f5745b79dc26c57
SHA158c4b08575afbca1cf21e0995ca9048290241ebd
SHA2566a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e
SHA512a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\python310.dllFilesize
1.4MB
MD5b607df83392febab3f5745b79dc26c57
SHA158c4b08575afbca1cf21e0995ca9048290241ebd
SHA2566a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e
SHA512a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\select.pydFilesize
21KB
MD56b060423e9286414cd6529d4ae6fcda5
SHA141f0f83c395a936b313001307cbbe2f01224fa35
SHA2566ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae
SHA51204256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff
-
C:\Users\Admin\AppData\Local\Temp\_MEI24322\select.pydFilesize
21KB
MD56b060423e9286414cd6529d4ae6fcda5
SHA141f0f83c395a936b313001307cbbe2f01224fa35
SHA2566ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae
SHA51204256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_ly45jmzg.5ag.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\crack.exeFilesize
18KB
MD5b441b71b1ce23257d6f40bd7555703ac
SHA1961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b
-
C:\Users\Admin\Desktop\crack.exeFilesize
18KB
MD5b441b71b1ce23257d6f40bd7555703ac
SHA1961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b
-
C:\Users\Admin\Desktop\crack.exeFilesize
18KB
MD5b441b71b1ce23257d6f40bd7555703ac
SHA1961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b
-
memory/688-380-0x00007FF4F1300000-0x00007FF4F16D1000-memory.dmpFilesize
3.8MB
-
memory/688-392-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-331-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-327-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-379-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-375-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-386-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-326-0x00007FF4F1300000-0x00007FF4F16D1000-memory.dmpFilesize
3.8MB
-
memory/688-398-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-404-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-410-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-325-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-329-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/688-330-0x00000000009E0000-0x00000000018CF000-memory.dmpFilesize
14.9MB
-
memory/1120-168-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-332-0x000000001F700000-0x000000001F710000-memory.dmpFilesize
64KB
-
memory/1120-273-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-270-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-277-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-337-0x000000001F700000-0x000000001F710000-memory.dmpFilesize
64KB
-
memory/1120-278-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-279-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-280-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-374-0x000000001F700000-0x000000001F710000-memory.dmpFilesize
64KB
-
memory/1120-285-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-289-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-288-0x00007FFE8C310000-0x00007FFE8C320000-memory.dmpFilesize
64KB
-
memory/1120-257-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-299-0x0000000005BE0000-0x0000000005C02000-memory.dmpFilesize
136KB
-
memory/1120-300-0x000000001F700000-0x000000001F710000-memory.dmpFilesize
64KB
-
memory/1120-301-0x000000001F700000-0x000000001F710000-memory.dmpFilesize
64KB
-
memory/1120-302-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/1120-303-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-304-0x00007FF47B950000-0x00007FF47BD21000-memory.dmpFilesize
3.8MB
-
memory/1120-231-0x00007FF47B950000-0x00007FF47BD21000-memory.dmpFilesize
3.8MB
-
memory/1120-226-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-218-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/1120-324-0x00000000263A0000-0x0000000026B46000-memory.dmpFilesize
7.6MB
-
memory/1120-163-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-377-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/1120-378-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/4520-232-0x00007FFE80010000-0x00007FFE80011000-memory.dmpFilesize
4KB
-
memory/4520-161-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/4520-155-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/4520-156-0x00007FFE80000000-0x00007FFE80002000-memory.dmpFilesize
8KB
-
memory/4520-160-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/4520-159-0x00007FFE80030000-0x00007FFE80031000-memory.dmpFilesize
4KB
-
memory/4520-233-0x00007FF756F80000-0x00007FF757F8C000-memory.dmpFilesize
16.0MB
-
memory/4520-162-0x000000001C240000-0x000000001C250000-memory.dmpFilesize
64KB
-
memory/4664-381-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/4664-393-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/4664-272-0x00007FFE7E620000-0x00007FFE7E644000-memory.dmpFilesize
144KB
-
memory/4664-275-0x00007FFE7E5C0000-0x00007FFE7E5D9000-memory.dmpFilesize
100KB
-
memory/4664-274-0x00007FFE84E10000-0x00007FFE84E1F000-memory.dmpFilesize
60KB
-
memory/4664-387-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/4664-276-0x00007FFE84DD0000-0x00007FFE84DDD000-memory.dmpFilesize
52KB
-
memory/4664-271-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/4664-411-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/4664-399-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/4664-405-0x00007FFE6F900000-0x00007FFE6FD65000-memory.dmpFilesize
4.4MB
-
memory/5012-151-0x0000000000AC0000-0x0000000000AD0000-memory.dmpFilesize
64KB
-
memory/5012-148-0x0000000000300000-0x000000000030C000-memory.dmpFilesize
48KB
-
memory/5012-152-0x0000000000AC0000-0x0000000000AD0000-memory.dmpFilesize
64KB