55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32

Analysis

max time kernel
593s
max time network
603s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
25-03-2023 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

BruteL4 DDOS Tool.exe
Size

12.0MB
MD5

7469696e71e96dd67ce6c5f59c2e77c7
SHA1

a26de444a133d56eb51f5bac21fb2f925b5ee37a
SHA256

55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
SHA512

7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
SSDEEP

393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw

Score

10^/10

evasion pyinstaller themida trojan upx

Malware Config

Signatures

Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	pid	process	target process
PID 2120 created 3232	2120	BruteL4-DDOS.exe	Explorer.EXE
PID 1596 created 3232	1596	BruteL4-DDOS.exe	Explorer.EXE
PID 1356 created 3232	1356	BruteL4-DDOS.exe	Explorer.EXE

Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs

evasion

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__	BruteL4-DDOS.exe

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 6 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	BruteL4-DDOS.exe

Checks computer location settings 2 TTPs 7 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4 DDOS Tool.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe
Key value queried	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation	BruteL4-DDOS.exe

Drops startup file 2 IoCs

Processes:

crack.exe

description	ioc	process
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe	crack.exe

Executes dropped EXE 16 IoCs

Processes:

crack.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exe

pid	process
3000	crack.exe
2120	BruteL4-DDOS.exe
4492	BruteL4-DDOS.exe
2916	BruteL4DDOS.exe
2152	BruteL4DDOS.exe
2800	MpDlpCmd.exe
1596	BruteL4-DDOS.exe
2112	BruteL4-DDOS.exe
4828	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
1864	MpDlpCmd.exe
1356	BruteL4-DDOS.exe
4668	BruteL4-DDOS.exe
3240	BruteL4DDOS.exe
4912	BruteL4DDOS.exe
1856	MpDlpCmd.exe

Loads dropped DLL 18 IoCs

Processes:

BruteL4DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exe

pid	process
2152	BruteL4DDOS.exe
2152	BruteL4DDOS.exe
2152	BruteL4DDOS.exe
2152	BruteL4DDOS.exe
2152	BruteL4DDOS.exe
2152	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
4680	BruteL4DDOS.exe
4912	BruteL4DDOS.exe
4912	BruteL4DDOS.exe
4912	BruteL4DDOS.exe
4912	BruteL4DDOS.exe
4912	BruteL4DDOS.exe
4912	BruteL4DDOS.exe

Themida packer 14 IoCs

Detects Themida, an advanced Windows software protection system.

themida

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/2120-157-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
behavioral1/memory/2120-158-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/2120-252-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
behavioral1/memory/4492-366-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/1596-418-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
behavioral1/memory/1596-419-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
behavioral1/memory/1596-487-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida
C:\Users\Admin\Desktop\BruteL4-DDOS.exe	themida

UPX packed file 45 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pyd	upx
behavioral1/memory/2152-288-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-289-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmp	upx
behavioral1/memory/2152-290-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmp	upx
behavioral1/memory/2152-291-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmp	upx
behavioral1/memory/2152-292-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmp	upx
behavioral1/memory/4492-293-0x0000000020140000-0x0000000020150000-memory.dmp	upx
behavioral1/memory/2152-367-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-375-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-381-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-387-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-393-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-399-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp	upx
behavioral1/memory/2152-400-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmp	upx
behavioral1/memory/2152-401-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmp	upx
behavioral1/memory/2152-402-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmp	upx
behavioral1/memory/2152-403-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pyd	upx
behavioral1/memory/4680-523-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dll	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pyd	upx
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pyd	upx
behavioral1/memory/4680-535-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp	upx
behavioral1/memory/4680-536-0x00007FFEBB4A0000-0x00007FFEBB4AF000-memory.dmp	upx
behavioral1/memory/4680-546-0x00007FFEB3510000-0x00007FFEB3529000-memory.dmp	upx
behavioral1/memory/4680-547-0x00007FFEB7140000-0x00007FFEB714D000-memory.dmp	upx
behavioral1/memory/4680-583-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp	upx
behavioral1/memory/4680-590-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp	upx
behavioral1/memory/4680-631-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp	upx
behavioral1/memory/4680-632-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp	upx

Checks whether UAC is enabled 1 TTPs 3 IoCs

evasion trojan

System Information Discovery

T1082

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	BruteL4-DDOS.exe

Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
2120	BruteL4-DDOS.exe
4492	BruteL4-DDOS.exe
4492	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
4492	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
1596	BruteL4-DDOS.exe
2112	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
2112	BruteL4-DDOS.exe
1864	MpDlpCmd.exe
2800	MpDlpCmd.exe
2112	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
1356	BruteL4-DDOS.exe
4668	BruteL4-DDOS.exe
4668	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
1856	MpDlpCmd.exe
4668	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe

Suspicious use of SetThreadContext 3 IoCs

Processes:

BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	pid	process	target process
PID 2120 set thread context of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 set thread context of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 set thread context of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe

Detects Pyinstaller 8 IoCs

pyinstaller

Processes:

resource	yara_rule
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller
C:\Users\Admin\Desktop\BruteL4DDOS.exe	pyinstaller

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies registry class 5 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\	BruteL4 DDOS Tool.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\	BruteL4-DDOS.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\	BruteL4 DDOS Tool.exe

Suspicious behavior: AddClipboardFormatListener 1 IoCs

Processes:

crack.exe

pid process

3000 crack.exe

Suspicious behavior: EnumeratesProcesses 16 IoCs

Processes:

BruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
4492	BruteL4-DDOS.exe
4492	BruteL4-DDOS.exe
4492	BruteL4-DDOS.exe
4492	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
2800	MpDlpCmd.exe
2112	BruteL4-DDOS.exe
2112	BruteL4-DDOS.exe
2112	BruteL4-DDOS.exe
1864	MpDlpCmd.exe
1864	MpDlpCmd.exe
4668	BruteL4-DDOS.exe
4668	BruteL4-DDOS.exe
4668	BruteL4-DDOS.exe
1856	MpDlpCmd.exe
1856	MpDlpCmd.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

BruteL4-DDOS.exe

description	pid	process
Token: SeDebugPrivilege	4492	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4492	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4492	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4492	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4492	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4492	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4492	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4492	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4492	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4492	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4492	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4492	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4492	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4492	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4492	BruteL4-DDOS.exe
Token: 33	4492	BruteL4-DDOS.exe
Token: 34	4492	BruteL4-DDOS.exe
Token: 35	4492	BruteL4-DDOS.exe
Token: 36	4492	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4492	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4492	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4492	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4492	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4492	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4492	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4492	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4492	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4492	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4492	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4492	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4492	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4492	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4492	BruteL4-DDOS.exe
Token: 33	4492	BruteL4-DDOS.exe
Token: 34	4492	BruteL4-DDOS.exe
Token: 35	4492	BruteL4-DDOS.exe
Token: 36	4492	BruteL4-DDOS.exe
Token: SeIncreaseQuotaPrivilege	4492	BruteL4-DDOS.exe
Token: SeSecurityPrivilege	4492	BruteL4-DDOS.exe
Token: SeTakeOwnershipPrivilege	4492	BruteL4-DDOS.exe
Token: SeLoadDriverPrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemProfilePrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemtimePrivilege	4492	BruteL4-DDOS.exe
Token: SeProfSingleProcessPrivilege	4492	BruteL4-DDOS.exe
Token: SeIncBasePriorityPrivilege	4492	BruteL4-DDOS.exe
Token: SeCreatePagefilePrivilege	4492	BruteL4-DDOS.exe
Token: SeBackupPrivilege	4492	BruteL4-DDOS.exe
Token: SeRestorePrivilege	4492	BruteL4-DDOS.exe
Token: SeShutdownPrivilege	4492	BruteL4-DDOS.exe
Token: SeDebugPrivilege	4492	BruteL4-DDOS.exe
Token: SeSystemEnvironmentPrivilege	4492	BruteL4-DDOS.exe
Token: SeRemoteShutdownPrivilege	4492	BruteL4-DDOS.exe
Token: SeUndockPrivilege	4492	BruteL4-DDOS.exe
Token: SeManageVolumePrivilege	4492	BruteL4-DDOS.exe
Token: 33	4492	BruteL4-DDOS.exe
Token: 34	4492	BruteL4-DDOS.exe
Token: 35	4492	BruteL4-DDOS.exe
Token: 36	4492	BruteL4-DDOS.exe

Suspicious use of SetWindowsHookEx 8 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exe

pid	process
2020	BruteL4 DDOS Tool.exe
2020	BruteL4 DDOS Tool.exe
4492	BruteL4-DDOS.exe
2800	MpDlpCmd.exe
2112	BruteL4-DDOS.exe
1864	MpDlpCmd.exe
4668	BruteL4-DDOS.exe
1856	MpDlpCmd.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exe

description	pid	process	target process
PID 2020 wrote to memory of 3000	2020	BruteL4 DDOS Tool.exe	crack.exe
PID 2020 wrote to memory of 3000	2020	BruteL4 DDOS Tool.exe	crack.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 4492	2120	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 2120 wrote to memory of 2916	2120	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 2120 wrote to memory of 2916	2120	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 2916 wrote to memory of 2152	2916	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2916 wrote to memory of 2152	2916	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 2152 wrote to memory of 2436	2152	BruteL4DDOS.exe	cmd.exe
PID 2152 wrote to memory of 2436	2152	BruteL4DDOS.exe	cmd.exe
PID 2152 wrote to memory of 3416	2152	BruteL4DDOS.exe	cmd.exe
PID 2152 wrote to memory of 3416	2152	BruteL4DDOS.exe	cmd.exe
PID 3416 wrote to memory of 4984	3416	cmd.exe	mode.com
PID 3416 wrote to memory of 4984	3416	cmd.exe	mode.com
PID 2152 wrote to memory of 4520	2152	BruteL4DDOS.exe	cmd.exe
PID 2152 wrote to memory of 4520	2152	BruteL4DDOS.exe	cmd.exe
PID 4492 wrote to memory of 2800	4492	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 4492 wrote to memory of 2800	4492	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 2112	1596	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1596 wrote to memory of 4828	1596	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 1596 wrote to memory of 4828	1596	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 4828 wrote to memory of 4680	4828	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4828 wrote to memory of 4680	4828	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4680 wrote to memory of 2812	4680	BruteL4DDOS.exe	cmd.exe
PID 4680 wrote to memory of 2812	4680	BruteL4DDOS.exe	cmd.exe
PID 4680 wrote to memory of 788	4680	BruteL4DDOS.exe	cmd.exe
PID 4680 wrote to memory of 788	4680	BruteL4DDOS.exe	cmd.exe
PID 788 wrote to memory of 3492	788	cmd.exe	mode.com
PID 788 wrote to memory of 3492	788	cmd.exe	mode.com
PID 4680 wrote to memory of 1740	4680	BruteL4DDOS.exe	cmd.exe
PID 4680 wrote to memory of 1740	4680	BruteL4DDOS.exe	cmd.exe
PID 2112 wrote to memory of 1864	2112	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 2112 wrote to memory of 1864	2112	BruteL4-DDOS.exe	MpDlpCmd.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 4668	1356	BruteL4-DDOS.exe	BruteL4-DDOS.exe
PID 1356 wrote to memory of 3240	1356	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 1356 wrote to memory of 3240	1356	BruteL4-DDOS.exe	BruteL4DDOS.exe
PID 3240 wrote to memory of 4912	3240	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 3240 wrote to memory of 4912	3240	BruteL4DDOS.exe	BruteL4DDOS.exe
PID 4912 wrote to memory of 2140	4912	BruteL4DDOS.exe	cmd.exe
PID 4912 wrote to memory of 2140	4912	BruteL4DDOS.exe	cmd.exe
PID 4912 wrote to memory of 2512	4912	BruteL4DDOS.exe	cmd.exe

C:\Windows\Explorer.EXE
C:\Windows\Explorer.EXE
1⤵
PID:3232

C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe
"C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe"
2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2020

C:\Users\Admin\Desktop\crack.exe
"C:\Users\Admin\Desktop\crack.exe"
3⤵
- Drops startup file
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
PID:3000

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:2120

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:2916

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2152

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4492

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:2800

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1596

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:4828

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4680

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:2812

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
- Suspicious use of WriteProcessMemory
PID:788

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:3492

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:1740

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2112

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1864

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
PID:1356

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:3240

C:\Users\Admin\Desktop\BruteL4DDOS.exe
"C:\Users\Admin\Desktop\BruteL4DDOS.exe"
4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:4912

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
5⤵
PID:2140

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
5⤵
PID:2512

C:\Windows\system32\mode.com
mode 140, 40
6⤵
PID:3964

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
5⤵
PID:3456

C:\Users\Admin\Desktop\BruteL4-DDOS.exe
"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:4668

C:\ProgramData\microsoft\MpDlpCmd.exe
"C:\ProgramData\microsoft\MpDlpCmd.exe"
3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
PID:1856

C:\Windows\system32\mode.com
mode 140, 40
1⤵
PID:4984

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c title Brute - by billythegoat356
1⤵
PID:4520

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c mode 140, 40
1⤵
- Suspicious use of WriteProcessMemory
PID:3416

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c
1⤵
PID:2436

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Virtualization/Sandbox Evasion

T1497

Credential Access

Discovery

Query Registry

T1012

Virtualization/Sandbox Evasion

T1497

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\Microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\ProgramData\microsoft\MpDlpCmd.exe
Filesize
3.3MB

MD5
300668bc6b9a15cc237e63ceadfac756

SHA1
c8341efe0d0b8e9f7fe4e6ff28436b873c91795a

SHA256
f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c

SHA512
f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
1KB

MD5
e724c31ebc88e60f049303b0de7d974b

SHA1
9a312846156fd46df951e14481bf99e24745b499

SHA256
56fd0a690c9e7ef773eddc340f110e64ebbfec7580f852d089188c04b9cb17f0

SHA512
4557b7a7b8dc8d61429b286111c81d3671a452702c4cd9e168d83ed5d30e093238ffdaf9ff5600b378fe208a3c0ebc7cb4b399d661be0bf614f20f93f4df700e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3
Filesize
472B

MD5
eef4409d0ad90e2899e538028bd3fa76

SHA1
2d6edd13cbd2d201ef921fc33c053aec8f8b740c

SHA256
61eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d

SHA512
cc2b740eee3c85df4b617245f6b1ddebaaa32d0afc2e4a1e4c3965bf1a51c93c42016220c3aa385828020a73d4641e2a40183f37e5f2492911a0bf92ffbb623d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9
Filesize
1KB

MD5
d4393736ce5016daf13dc23edb4efcef

SHA1
945105746f0c5eed6313c98a738b1b856aff05eb

SHA256
bead23d5a68b159f8f572f1e39f3727bf693f507a35dcbc37e4766a4e1c40e8d

SHA512
3648e1ffe166b2e43fc11c2445902a28878e865b221bc55f1694386302d7a7f12904c2accc0d18e90f7f7fb22d7a94c8ca91ca8f4b0c6860f168e2bc9de21ee1

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001
Filesize
1KB

MD5
5f398de800e4b24571ef227c063d5e00

SHA1
038a56494718fef2805423ccb47f977f8429dc80

SHA256
fb4ae375be9cbc0d38c3871389c400ca7bd02c64879b68509a76eaa89c780a00

SHA512
068ef90ba584019785de32db11b40e8b4e84db6801809e5f0e6135045642439da1e9021051029298dac40e938d3a91a1e88808f2c4f0a3b81159c0af6a5c59f4

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
724B

MD5
f569e1d183b84e8078dc456192127536

SHA1
30c537463eed902925300dd07a87d820a713753f

SHA256
287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413

SHA512
49553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FB
Filesize
471B

MD5
f0f306ea49f1bd3f358f7579513e7377

SHA1
c2845c696f6685a211bc040895d28ebf23fa1bc0

SHA256
cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb

SHA512
203d49777b7eb2deb10c361311a9317fe9fdac905857527f587cc6a8287b7c2e56d72c0f83c822628765c800e7ea5a0d92c379e4fff2096af485af388c0a9be5

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EA
Filesize
410B

MD5
b873e1293b87ee7b0c2003ee31283981

SHA1
bc846e9abdb29bcdafef43bed603c23e05d044bd

SHA256
67e044f287255f293fc06ffda5541fe15d4f0ca7e204853eacd85c988feefb1b

SHA512
06627670cf1b4f7468f4db54858d1a959a381641a6f138c333ecbb8936588b4078e79b3723939536bfa1fad4d0b565111fee078209b145d7d9484077a149f17e

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3
Filesize
402B

MD5
c1b5db868d136daef7e2dc53cab383a6

SHA1
0ff8e03aceab0d546498e6c1d496930297af6a70

SHA256
db4253fb93fd1eca4053013eb9bb0d0dd782118ed9429d5693ec756670260833

SHA512
45ade6b3c79c8f69aed0b8b5ac9278fccb46ddd841ebb89dd6e68af6ace73445b425e1f0fbd36542a037fe1baa73e377636bc7db77b43c1d1fae69f1482a4327

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9
Filesize
520B

MD5
4ca998b58280cd38469172c60402460a

SHA1
1f8642613d2be1d1d2ed90a87d2086636ea87c14

SHA256
42ec958dd582c548512de125a6e29ad215416ab2bfba79dcd4c0da4d26a90c71

SHA512
441570250ef4729eb77a7034c3f78cd551e9198be2fa94b8c692eaec331a6bd02ed49b986301baa39f2d4272d789e584b7934114fd6779d6cc7d6c8b4ad048ec

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001
Filesize
492B

MD5
7d73146bf097b72f47f407e955d0a7cc

SHA1
7a6edc2c5b62b50c3577a6cc265712fcc45666a6

SHA256
990e88ff5cdcb3119c32e16bd1fa213a9d8894a7763f5694107905b96fbcdeaa

SHA512
500221e30917671790e047066664f5bca181bb376c2415fa2950afb6d140d9127e730dfe41a16fa7b309525e55d7c0eb399347b0911b998fd20a689c9b14b81d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBA
Filesize
392B

MD5
0571cb8a0ecc0b4ba15494ae82754feb

SHA1
769d3fbc2b7715d3188bfa4800434becb63ee036

SHA256
0fbc85ce60c190d0ae2955dc43c3df2a0a9c5d67183fe52fb5829ff9f7092d47

SHA512
2a5c2bd8f343f2fc1aedde071cbc46af3855cdbe291720759d0cdeec79ed2ef220b8a4d46d3192b66f42beaef0853572332fb204604d9808f4e4791ac727d6ba

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FB
Filesize
406B

MD5
1a02a1bc830700598474d85bc0d70d59

SHA1
9ae83950361b11f89677a29ced912a95b6aa238c

SHA256
f78f0ee95d964cc89028f8272fe3ceac93d35c9b188761574145056955fe6b75

SHA512
361b5e0c91e9cfb659c63f5b32a6963d3793bc022bbd230c1fc5b101878d640da672a0d7a572fc61b519ec9ac36a3a77a3069e4511908018fdffe0407f2cb7cc

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BruteL4-DDOS.exe.log
Filesize
859B

MD5
6e11a15fe4491ead2a94f64d3467be38

SHA1
9a8329fb71ddc89dae9aa174c0b44a1f646efd63

SHA256
087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248

SHA512
6154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\location[1].png
Filesize
40KB

MD5
4db9f1f4c36b304e4ecdcff0e4b84f1e

SHA1
9d87524ec7ec0cc9b62e6e8612790d29ba4c4c67

SHA256
ae2943dbe05d5e78e5d578824f8663e6f17d6598431b7e550a45bbddfb1c9fd4

SHA512
c823a497d04b282bdbccbe53dd87202ed60eaec6c9abb5f83b4c40fbab1850fcd80311b9e42e4ba278febc3dcd69f3c544730269b7ef841f96606e64f1081985

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\logo-dark[1].png
Filesize
15KB

MD5
acc5a3c827b163f9298faa9fd36c5fca

SHA1
cee5d76d35ef484bb39d4c08adafb5ba593cb1e2

SHA256
c432fc6fed123766b84b574465071b7df18cd111e3924d1086627ea325b01363

SHA512
403ad861a206a10069879297339aeaf4673fb398f65f731b4a0914e8f3062aec2a65501ed06609f62a20964acc33140d6762ff5a0d934bbdc20613d15e5ba231

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\pay[1].js
Filesize
114KB

MD5
091dc5bc60d865bbca6e39a0979f3efe

SHA1
0c4a078957d7c804100bdc38fb7af6c86f886423

SHA256
8e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b

SHA512
49c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\f[1].txt
Filesize
162KB

MD5
ed92fabdbdf1d9288bd357a465435f66

SHA1
f235bcbb101e7dde0ac5cc079e1122da45033c20

SHA256
27586fe0e637fe333c7eafb5fd183010299e846921d40e66ea95234b5bd20e79

SHA512
13e4d66fffa806316eae9345177bed9b94ff05fe9b90955d984e13e6c21b468528b2002b3e1bc9d46d9a901567a6402c3c922cfd11f696c68eb92481ef437146

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\pay[1].js
Filesize
114KB

MD5
091dc5bc60d865bbca6e39a0979f3efe

SHA1
0c4a078957d7c804100bdc38fb7af6c86f886423

SHA256
8e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b

SHA512
49c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\f[1].txt
Filesize
162KB

MD5
07fc0dc044b6e75c32b1ff0f737b552b

SHA1
ccc17a09f00941cd2c369305a44b22b7132d2367

SHA256
bdde2e2e906d9a9aa7fe66d3c6ef0a7b2e35d1424e0a7b95554da84788fb93c2

SHA512
f0a5361012edca664a3be1d6f1c09c03f4797b36bac1775d098885f3459410423562551d14aa275dded7c27bd7138fe89ecc361f32ce4b8fc63db3f27b9d0420

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\polyfill.min[1].js
Filesize
4KB

MD5
61fc9c0df8557a172bd200a02959e168

SHA1
5f2b02e1ad95b7e98e34bd28e94f9bb1a7918c87

SHA256
e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab

SHA512
df5d0698fcabc6f8c7631713cbb1dd8c237b1182fda2ee0395d122bb5a0006934551c11b3df70449b43ee25641200b186f62ae2a3269bd6683c50508363e08f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\base_library.zip
Filesize
812KB

MD5
eb130a9177f630bc33d7e510ed81d9d2

SHA1
c33dae854285d5367e8c87899e1a168abeca8d18

SHA256
987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f

SHA512
17feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\VCRUNTIME140.dll
Filesize
94KB

MD5
a87575e7cf8967e481241f13940ee4f7

SHA1
879098b8a353a39e16c79e6479195d43ce98629e

SHA256
ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e

SHA512
e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pyd
Filesize
54KB

MD5
e28acb3e65ad0b0f56bbfa07a5524289

SHA1
a36cebfed6887d32fc005cd74da22648e7ec8e6c

SHA256
269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9

SHA512
527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pyd
Filesize
38KB

MD5
79ca909a112bf7e02eebbeb24c7fea66

SHA1
5c3724b1b715365b2754f91e73d044b2673f3903

SHA256
f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3

SHA512
227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\base_library.zip
Filesize
812KB

MD5
eb130a9177f630bc33d7e510ed81d9d2

SHA1
c33dae854285d5367e8c87899e1a168abeca8d18

SHA256
987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f

SHA512
17feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dll
Filesize
23KB

MD5
b5150b41ca910f212a1dd236832eb472

SHA1
a17809732c562524b185953ffe60dfa91ba3ce7d

SHA256
1a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a

SHA512
9e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dll
Filesize
1.4MB

MD5
b607df83392febab3f5745b79dc26c57

SHA1
58c4b08575afbca1cf21e0995ca9048290241ebd

SHA256
6a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e

SHA512
a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pyd
Filesize
21KB

MD5
6b060423e9286414cd6529d4ae6fcda5

SHA1
41f0f83c395a936b313001307cbbe2f01224fa35

SHA256
6ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae

SHA512
04256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hgcvniiz.rt4.ps1
Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4-DDOS.exe
Filesize
11.5MB

MD5
cb885b1cae29af6524d341c65e486828

SHA1
ef35f45fd7378e8fd31cd60f72bde21e75d61ada

SHA256
bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361

SHA512
9086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\BruteL4DDOS.exe
Filesize
5.8MB

MD5
a1c68c50488809ae7db16f2eaf42cf8a

SHA1
e82c90431a6865422d7d4a63488daffabe1082d6

SHA256
57dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e

SHA512
6d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
C:\Users\Admin\Desktop\crack.exe
Filesize
18KB

MD5
b441b71b1ce23257d6f40bd7555703ac

SHA1
961d3ae7e69b7a39edda340e93986c5a7f89c097

SHA256
eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4

SHA512
e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b

Download Submit
memory/1596-487-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/1596-420-0x000000001DB50000-0x000000001DB60000-memory.dmp

Filesize
64KB

Download
memory/1596-419-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/1596-418-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/1596-415-0x00007FFE80000000-0x00007FFE80002000-memory.dmp

Filesize
8KB

Download
memory/1596-413-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/1864-561-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/1864-562-0x00007FF430C70000-0x00007FF431041000-memory.dmp

Filesize
3.8MB

Download
memory/1864-564-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2112-534-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2112-485-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/2112-549-0x000000001FF60000-0x000000001FF70000-memory.dmp

Filesize
64KB

Download
memory/2112-548-0x000000001FF60000-0x000000001FF70000-memory.dmp

Filesize
64KB

Download
memory/2112-551-0x00007FF4F51F0000-0x00007FF4F55C1000-memory.dmp

Filesize
3.8MB

Download
memory/2112-552-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2112-595-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2112-550-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/2112-533-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2112-566-0x000000001FF60000-0x000000001FF70000-memory.dmp

Filesize
64KB

Download
memory/2112-488-0x00007FF4F51F0000-0x00007FF4F55C1000-memory.dmp

Filesize
3.8MB

Download
memory/2112-486-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/2112-592-0x000000001FF60000-0x000000001FF70000-memory.dmp

Filesize
64KB

Download
memory/2112-591-0x000000001FF60000-0x000000001FF70000-memory.dmp

Filesize
64KB

Download
memory/2120-229-0x00007FFE80010000-0x00007FFE80011000-memory.dmp

Filesize
4KB

Download
memory/2120-157-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/2120-158-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/2120-159-0x00007FFE80000000-0x00007FFE80002000-memory.dmp

Filesize
8KB

Download
memory/2120-160-0x00007FFE80030000-0x00007FFE80031000-memory.dmp

Filesize
4KB

Download
memory/2120-161-0x0000000000950000-0x0000000000960000-memory.dmp

Filesize
64KB

Download
memory/2120-252-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/2120-154-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/2152-402-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmp

Filesize
100KB

Download
memory/2152-401-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmp

Filesize
60KB

Download
memory/2152-375-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-381-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-367-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-387-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-288-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-289-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmp

Filesize
144KB

Download
memory/2152-290-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmp

Filesize
60KB

Download
memory/2152-291-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmp

Filesize
100KB

Download
memory/2152-292-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmp

Filesize
52KB

Download
memory/2152-393-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-399-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp

Filesize
4.4MB

Download
memory/2152-400-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmp

Filesize
144KB

Download
memory/2152-403-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmp

Filesize
52KB

Download
memory/2800-323-0x00007FF44E340000-0x00007FF44E711000-memory.dmp

Filesize
3.8MB

Download
memory/2800-322-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-404-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-398-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-405-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-320-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-373-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-406-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-372-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-317-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-392-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-324-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-374-0x00007FF44E340000-0x00007FF44E711000-memory.dmp

Filesize
3.8MB

Download
memory/2800-386-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/2800-380-0x00000000001F0000-0x00000000010DF000-memory.dmp

Filesize
14.9MB

Download
memory/3000-148-0x0000000000340000-0x000000000034C000-memory.dmp

Filesize
48KB

Download
memory/3000-151-0x000000001C540000-0x000000001C550000-memory.dmp

Filesize
64KB

Download
memory/3000-228-0x000000001C540000-0x000000001C550000-memory.dmp

Filesize
64KB

Download
memory/4492-362-0x0000000020140000-0x0000000020150000-memory.dmp

Filesize
64KB

Download
memory/4492-211-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/4492-366-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/4492-247-0x0000000021650000-0x0000000021672000-memory.dmp

Filesize
136KB

Download
memory/4492-235-0x00007FFEC0F60000-0x00007FFEC0F70000-memory.dmp

Filesize
64KB

Download
memory/4492-365-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-353-0x0000000020140000-0x0000000020150000-memory.dmp

Filesize
64KB

Download
memory/4492-227-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-293-0x0000000020140000-0x0000000020150000-memory.dmp

Filesize
64KB

Download
memory/4492-226-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-225-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-224-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-223-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-222-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-221-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-219-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-220-0x00007FF4A7920000-0x00007FF4A7CF1000-memory.dmp

Filesize
3.8MB

Download
memory/4492-217-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-218-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-331-0x0000000020140000-0x0000000020150000-memory.dmp

Filesize
64KB

Download
memory/4492-167-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-162-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-294-0x0000000020140000-0x0000000020150000-memory.dmp

Filesize
64KB

Download
memory/4492-321-0x00007FF4A7920000-0x00007FF4A7CF1000-memory.dmp

Filesize
3.8MB

Download
memory/4492-319-0x0000000140000000-0x0000000140CB4000-memory.dmp

Filesize
12.7MB

Download
memory/4492-295-0x0000000020140000-0x0000000020150000-memory.dmp

Filesize
64KB

Download
memory/4492-303-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp

Filesize
16.0MB

Download
memory/4492-311-0x0000000026FC0000-0x0000000027766000-memory.dmp

Filesize
7.6MB

Download
memory/4680-590-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp

Filesize
144KB

Download
memory/4680-523-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp

Filesize
4.4MB

Download
memory/4680-583-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp

Filesize
4.4MB

Download
memory/4680-547-0x00007FFEB7140000-0x00007FFEB714D000-memory.dmp

Filesize
52KB

Download
memory/4680-631-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp

Filesize
4.4MB

Download
memory/4680-632-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp

Filesize
144KB

Download
memory/4680-535-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp

Filesize
144KB

Download
memory/4680-536-0x00007FFEBB4A0000-0x00007FFEBB4AF000-memory.dmp

Filesize
60KB

Download
memory/4680-546-0x00007FFEB3510000-0x00007FFEB3529000-memory.dmp

Filesize
100KB

Download