Analysis
-
max time kernel
593s -
max time network
603s -
platform
windows10-2004_x64 -
resource
win10v2004-20230220-en -
resource tags
arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system -
submitted
25-03-2023 13:22
Static task
static1
Behavioral task
behavioral1
Sample
BruteL4 DDOS Tool.exe
Resource
win10v2004-20230220-en
General
-
Target
BruteL4 DDOS Tool.exe
-
Size
12.0MB
-
MD5
7469696e71e96dd67ce6c5f59c2e77c7
-
SHA1
a26de444a133d56eb51f5bac21fb2f925b5ee37a
-
SHA256
55c2faf7a200fe2db176dd0a7c43bd8f97d4a485814d6b105855ae7adfadcb32
-
SHA512
7702b5c08999a52816ff0176efe14f7d3c3808081337077f4fd4154cd29d3641aca5508d37c10e44d1980f835c868e9f2d3c71fda23f89c9ff80ca0f238f4c4c
-
SSDEEP
393216:J+aZeyhEOh8pJpdEYTzuaj5DDKEeuuODGfTc:MahEe8pVEY3uaJWEhuODGw
Malware Config
Signatures
-
Suspicious use of NtCreateUserProcessOtherParentProcess 3 IoCs
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription pid process target process PID 2120 created 3232 2120 BruteL4-DDOS.exe Explorer.EXE PID 1596 created 3232 1596 BruteL4-DDOS.exe Explorer.EXE PID 1356 created 3232 1356 BruteL4-DDOS.exe Explorer.EXE -
Identifies VirtualBox via ACPI registry values (likely anti-VM) 2 TTPs 3 IoCs
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ BruteL4-DDOS.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ BruteL4-DDOS.exe Key opened \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ BruteL4-DDOS.exe -
Downloads MZ/PE file
-
Checks BIOS information in registry 2 TTPs 6 IoCs
BIOS information is often read in order to detect sandboxing environments.
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription ioc process Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion BruteL4-DDOS.exe -
Checks computer location settings 2 TTPs 7 IoCs
Looks up country code configured in the registry, likely geofence.
Processes:
BruteL4-DDOS.exeBruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription ioc process Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4 DDOS Tool.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe Key value queried \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000\Control Panel\International\Geo\Nation BruteL4-DDOS.exe -
Drops startup file 2 IoCs
Processes:
crack.exedescription ioc process File created C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe crack.exe File opened for modification C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\crack.exe crack.exe -
Executes dropped EXE 16 IoCs
Processes:
crack.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exeMpDlpCmd.exepid process 3000 crack.exe 2120 BruteL4-DDOS.exe 4492 BruteL4-DDOS.exe 2916 BruteL4DDOS.exe 2152 BruteL4DDOS.exe 2800 MpDlpCmd.exe 1596 BruteL4-DDOS.exe 2112 BruteL4-DDOS.exe 4828 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 1864 MpDlpCmd.exe 1356 BruteL4-DDOS.exe 4668 BruteL4-DDOS.exe 3240 BruteL4DDOS.exe 4912 BruteL4DDOS.exe 1856 MpDlpCmd.exe -
Loads dropped DLL 18 IoCs
Processes:
BruteL4DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exepid process 2152 BruteL4DDOS.exe 2152 BruteL4DDOS.exe 2152 BruteL4DDOS.exe 2152 BruteL4DDOS.exe 2152 BruteL4DDOS.exe 2152 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 4680 BruteL4DDOS.exe 4912 BruteL4DDOS.exe 4912 BruteL4DDOS.exe 4912 BruteL4DDOS.exe 4912 BruteL4DDOS.exe 4912 BruteL4DDOS.exe 4912 BruteL4DDOS.exe -
Processes:
resource yara_rule C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida behavioral1/memory/2120-157-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida behavioral1/memory/2120-158-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida behavioral1/memory/2120-252-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida behavioral1/memory/4492-366-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida behavioral1/memory/1596-418-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida behavioral1/memory/1596-419-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida behavioral1/memory/1596-487-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmp themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida C:\Users\Admin\Desktop\BruteL4-DDOS.exe themida -
Processes:
resource yara_rule C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pyd upx behavioral1/memory/2152-288-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-289-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmp upx behavioral1/memory/2152-290-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmp upx behavioral1/memory/2152-291-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmp upx behavioral1/memory/2152-292-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmp upx behavioral1/memory/4492-293-0x0000000020140000-0x0000000020150000-memory.dmp upx behavioral1/memory/2152-367-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-375-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-381-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-387-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-393-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-399-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmp upx behavioral1/memory/2152-400-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmp upx behavioral1/memory/2152-401-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmp upx behavioral1/memory/2152-402-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmp upx behavioral1/memory/2152-403-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pyd upx behavioral1/memory/4680-523-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dll upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pyd upx C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pyd upx behavioral1/memory/4680-535-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp upx behavioral1/memory/4680-536-0x00007FFEBB4A0000-0x00007FFEBB4AF000-memory.dmp upx behavioral1/memory/4680-546-0x00007FFEB3510000-0x00007FFEB3529000-memory.dmp upx behavioral1/memory/4680-547-0x00007FFEB7140000-0x00007FFEB714D000-memory.dmp upx behavioral1/memory/4680-583-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp upx behavioral1/memory/4680-590-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp upx behavioral1/memory/4680-631-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmp upx behavioral1/memory/4680-632-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmp upx -
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription ioc process Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA BruteL4-DDOS.exe Key value queried \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA BruteL4-DDOS.exe -
Suspicious use of NtSetInformationThreadHideFromDebugger 64 IoCs
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeMpDlpCmd.exepid process 2120 BruteL4-DDOS.exe 4492 BruteL4-DDOS.exe 4492 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 4492 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 1596 BruteL4-DDOS.exe 2112 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 2112 BruteL4-DDOS.exe 1864 MpDlpCmd.exe 2800 MpDlpCmd.exe 2112 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 1356 BruteL4-DDOS.exe 4668 BruteL4-DDOS.exe 4668 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 1856 MpDlpCmd.exe 4668 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe -
Suspicious use of SetThreadContext 3 IoCs
Processes:
BruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription pid process target process PID 2120 set thread context of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 set thread context of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 set thread context of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe -
Detects Pyinstaller 8 IoCs
Processes:
resource yara_rule C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller C:\Users\Admin\Desktop\BruteL4DDOS.exe pyinstaller -
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Modifies registry class 5 IoCs
Processes:
BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4-DDOS.exedescription ioc process Key created \REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\WOW6432Node\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\Instance\ BruteL4 DDOS Tool.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ BruteL4-DDOS.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ BruteL4-DDOS.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{1f3427c8-5c10-4210-aa03-2ee45287d668}\Instance\ BruteL4-DDOS.exe Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{4336a54d-038b-4685-ab02-99bb52d3fb8b}\Instance\ BruteL4 DDOS Tool.exe -
Suspicious behavior: AddClipboardFormatListener 1 IoCs
Processes:
crack.exepid process 3000 crack.exe -
Suspicious behavior: EnumeratesProcesses 16 IoCs
Processes:
BruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exepid process 4492 BruteL4-DDOS.exe 4492 BruteL4-DDOS.exe 4492 BruteL4-DDOS.exe 4492 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 2800 MpDlpCmd.exe 2112 BruteL4-DDOS.exe 2112 BruteL4-DDOS.exe 2112 BruteL4-DDOS.exe 1864 MpDlpCmd.exe 1864 MpDlpCmd.exe 4668 BruteL4-DDOS.exe 4668 BruteL4-DDOS.exe 4668 BruteL4-DDOS.exe 1856 MpDlpCmd.exe 1856 MpDlpCmd.exe -
Suspicious use of AdjustPrivilegeToken 64 IoCs
Processes:
BruteL4-DDOS.exedescription pid process Token: SeDebugPrivilege 4492 BruteL4-DDOS.exe Token: SeIncreaseQuotaPrivilege 4492 BruteL4-DDOS.exe Token: SeSecurityPrivilege 4492 BruteL4-DDOS.exe Token: SeTakeOwnershipPrivilege 4492 BruteL4-DDOS.exe Token: SeLoadDriverPrivilege 4492 BruteL4-DDOS.exe Token: SeSystemProfilePrivilege 4492 BruteL4-DDOS.exe Token: SeSystemtimePrivilege 4492 BruteL4-DDOS.exe Token: SeProfSingleProcessPrivilege 4492 BruteL4-DDOS.exe Token: SeIncBasePriorityPrivilege 4492 BruteL4-DDOS.exe Token: SeCreatePagefilePrivilege 4492 BruteL4-DDOS.exe Token: SeBackupPrivilege 4492 BruteL4-DDOS.exe Token: SeRestorePrivilege 4492 BruteL4-DDOS.exe Token: SeShutdownPrivilege 4492 BruteL4-DDOS.exe Token: SeDebugPrivilege 4492 BruteL4-DDOS.exe Token: SeSystemEnvironmentPrivilege 4492 BruteL4-DDOS.exe Token: SeRemoteShutdownPrivilege 4492 BruteL4-DDOS.exe Token: SeUndockPrivilege 4492 BruteL4-DDOS.exe Token: SeManageVolumePrivilege 4492 BruteL4-DDOS.exe Token: 33 4492 BruteL4-DDOS.exe Token: 34 4492 BruteL4-DDOS.exe Token: 35 4492 BruteL4-DDOS.exe Token: 36 4492 BruteL4-DDOS.exe Token: SeIncreaseQuotaPrivilege 4492 BruteL4-DDOS.exe Token: SeSecurityPrivilege 4492 BruteL4-DDOS.exe Token: SeTakeOwnershipPrivilege 4492 BruteL4-DDOS.exe Token: SeLoadDriverPrivilege 4492 BruteL4-DDOS.exe Token: SeSystemProfilePrivilege 4492 BruteL4-DDOS.exe Token: SeSystemtimePrivilege 4492 BruteL4-DDOS.exe Token: SeProfSingleProcessPrivilege 4492 BruteL4-DDOS.exe Token: SeIncBasePriorityPrivilege 4492 BruteL4-DDOS.exe Token: SeCreatePagefilePrivilege 4492 BruteL4-DDOS.exe Token: SeBackupPrivilege 4492 BruteL4-DDOS.exe Token: SeRestorePrivilege 4492 BruteL4-DDOS.exe Token: SeShutdownPrivilege 4492 BruteL4-DDOS.exe Token: SeDebugPrivilege 4492 BruteL4-DDOS.exe Token: SeSystemEnvironmentPrivilege 4492 BruteL4-DDOS.exe Token: SeRemoteShutdownPrivilege 4492 BruteL4-DDOS.exe Token: SeUndockPrivilege 4492 BruteL4-DDOS.exe Token: SeManageVolumePrivilege 4492 BruteL4-DDOS.exe Token: 33 4492 BruteL4-DDOS.exe Token: 34 4492 BruteL4-DDOS.exe Token: 35 4492 BruteL4-DDOS.exe Token: 36 4492 BruteL4-DDOS.exe Token: SeIncreaseQuotaPrivilege 4492 BruteL4-DDOS.exe Token: SeSecurityPrivilege 4492 BruteL4-DDOS.exe Token: SeTakeOwnershipPrivilege 4492 BruteL4-DDOS.exe Token: SeLoadDriverPrivilege 4492 BruteL4-DDOS.exe Token: SeSystemProfilePrivilege 4492 BruteL4-DDOS.exe Token: SeSystemtimePrivilege 4492 BruteL4-DDOS.exe Token: SeProfSingleProcessPrivilege 4492 BruteL4-DDOS.exe Token: SeIncBasePriorityPrivilege 4492 BruteL4-DDOS.exe Token: SeCreatePagefilePrivilege 4492 BruteL4-DDOS.exe Token: SeBackupPrivilege 4492 BruteL4-DDOS.exe Token: SeRestorePrivilege 4492 BruteL4-DDOS.exe Token: SeShutdownPrivilege 4492 BruteL4-DDOS.exe Token: SeDebugPrivilege 4492 BruteL4-DDOS.exe Token: SeSystemEnvironmentPrivilege 4492 BruteL4-DDOS.exe Token: SeRemoteShutdownPrivilege 4492 BruteL4-DDOS.exe Token: SeUndockPrivilege 4492 BruteL4-DDOS.exe Token: SeManageVolumePrivilege 4492 BruteL4-DDOS.exe Token: 33 4492 BruteL4-DDOS.exe Token: 34 4492 BruteL4-DDOS.exe Token: 35 4492 BruteL4-DDOS.exe Token: 36 4492 BruteL4-DDOS.exe -
Suspicious use of SetWindowsHookEx 8 IoCs
Processes:
BruteL4 DDOS Tool.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exeBruteL4-DDOS.exeMpDlpCmd.exepid process 2020 BruteL4 DDOS Tool.exe 2020 BruteL4 DDOS Tool.exe 4492 BruteL4-DDOS.exe 2800 MpDlpCmd.exe 2112 BruteL4-DDOS.exe 1864 MpDlpCmd.exe 4668 BruteL4-DDOS.exe 1856 MpDlpCmd.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
BruteL4 DDOS Tool.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.execmd.exeBruteL4-DDOS.exeBruteL4-DDOS.exeBruteL4DDOS.exeBruteL4DDOS.exedescription pid process target process PID 2020 wrote to memory of 3000 2020 BruteL4 DDOS Tool.exe crack.exe PID 2020 wrote to memory of 3000 2020 BruteL4 DDOS Tool.exe crack.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 4492 2120 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 2120 wrote to memory of 2916 2120 BruteL4-DDOS.exe BruteL4DDOS.exe PID 2120 wrote to memory of 2916 2120 BruteL4-DDOS.exe BruteL4DDOS.exe PID 2916 wrote to memory of 2152 2916 BruteL4DDOS.exe BruteL4DDOS.exe PID 2916 wrote to memory of 2152 2916 BruteL4DDOS.exe BruteL4DDOS.exe PID 2152 wrote to memory of 2436 2152 BruteL4DDOS.exe cmd.exe PID 2152 wrote to memory of 2436 2152 BruteL4DDOS.exe cmd.exe PID 2152 wrote to memory of 3416 2152 BruteL4DDOS.exe cmd.exe PID 2152 wrote to memory of 3416 2152 BruteL4DDOS.exe cmd.exe PID 3416 wrote to memory of 4984 3416 cmd.exe mode.com PID 3416 wrote to memory of 4984 3416 cmd.exe mode.com PID 2152 wrote to memory of 4520 2152 BruteL4DDOS.exe cmd.exe PID 2152 wrote to memory of 4520 2152 BruteL4DDOS.exe cmd.exe PID 4492 wrote to memory of 2800 4492 BruteL4-DDOS.exe MpDlpCmd.exe PID 4492 wrote to memory of 2800 4492 BruteL4-DDOS.exe MpDlpCmd.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 2112 1596 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1596 wrote to memory of 4828 1596 BruteL4-DDOS.exe BruteL4DDOS.exe PID 1596 wrote to memory of 4828 1596 BruteL4-DDOS.exe BruteL4DDOS.exe PID 4828 wrote to memory of 4680 4828 BruteL4DDOS.exe BruteL4DDOS.exe PID 4828 wrote to memory of 4680 4828 BruteL4DDOS.exe BruteL4DDOS.exe PID 4680 wrote to memory of 2812 4680 BruteL4DDOS.exe cmd.exe PID 4680 wrote to memory of 2812 4680 BruteL4DDOS.exe cmd.exe PID 4680 wrote to memory of 788 4680 BruteL4DDOS.exe cmd.exe PID 4680 wrote to memory of 788 4680 BruteL4DDOS.exe cmd.exe PID 788 wrote to memory of 3492 788 cmd.exe mode.com PID 788 wrote to memory of 3492 788 cmd.exe mode.com PID 4680 wrote to memory of 1740 4680 BruteL4DDOS.exe cmd.exe PID 4680 wrote to memory of 1740 4680 BruteL4DDOS.exe cmd.exe PID 2112 wrote to memory of 1864 2112 BruteL4-DDOS.exe MpDlpCmd.exe PID 2112 wrote to memory of 1864 2112 BruteL4-DDOS.exe MpDlpCmd.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 4668 1356 BruteL4-DDOS.exe BruteL4-DDOS.exe PID 1356 wrote to memory of 3240 1356 BruteL4-DDOS.exe BruteL4DDOS.exe PID 1356 wrote to memory of 3240 1356 BruteL4-DDOS.exe BruteL4DDOS.exe PID 3240 wrote to memory of 4912 3240 BruteL4DDOS.exe BruteL4DDOS.exe PID 3240 wrote to memory of 4912 3240 BruteL4DDOS.exe BruteL4DDOS.exe PID 4912 wrote to memory of 2140 4912 BruteL4DDOS.exe cmd.exe PID 4912 wrote to memory of 2140 4912 BruteL4DDOS.exe cmd.exe PID 4912 wrote to memory of 2512 4912 BruteL4DDOS.exe cmd.exe
Processes
-
C:\Windows\Explorer.EXEC:\Windows\Explorer.EXE1⤵
-
C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe"C:\Users\Admin\AppData\Local\Temp\BruteL4 DDOS Tool.exe"2⤵
- Checks computer location settings
- Modifies registry class
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\crack.exe"C:\Users\Admin\Desktop\crack.exe"3⤵
- Drops startup file
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\microsoft\MpDlpCmd.exe"C:\ProgramData\microsoft\MpDlpCmd.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode 140, 405⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\mode.commode 140, 406⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Brute - by billythegoat3565⤵
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
-
C:\ProgramData\microsoft\MpDlpCmd.exe"C:\ProgramData\microsoft\MpDlpCmd.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Suspicious use of NtCreateUserProcessOtherParentProcess
- Identifies VirtualBox via ACPI registry values (likely anti-VM)
- Checks BIOS information in registry
- Checks computer location settings
- Executes dropped EXE
- Checks whether UAC is enabled
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious use of SetThreadContext
- Modifies registry class
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"3⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
-
C:\Users\Admin\Desktop\BruteL4DDOS.exe"C:\Users\Admin\Desktop\BruteL4DDOS.exe"4⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c5⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode 140, 405⤵
-
C:\Windows\system32\mode.commode 140, 406⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Brute - by billythegoat3565⤵
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exe"C:\Users\Admin\Desktop\BruteL4-DDOS.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\ProgramData\microsoft\MpDlpCmd.exe"C:\ProgramData\microsoft\MpDlpCmd.exe"3⤵
- Executes dropped EXE
- Suspicious use of NtSetInformationThreadHideFromDebugger
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
-
C:\Windows\system32\mode.commode 140, 401⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c title Brute - by billythegoat3561⤵
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c mode 140, 401⤵
- Suspicious use of WriteProcessMemory
-
C:\Windows\system32\cmd.exeC:\Windows\system32\cmd.exe /c1⤵
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\ProgramData\Microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\ProgramData\Microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\ProgramData\Microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\ProgramData\microsoft\MpDlpCmd.exeFilesize
3.3MB
MD5300668bc6b9a15cc237e63ceadfac756
SHA1c8341efe0d0b8e9f7fe4e6ff28436b873c91795a
SHA256f61131d97d797df46306bbd969043ceb702ac1d74b0486a4cbb5bacac1b6e43c
SHA512f754d6e09cc8055122333eb0137dbfbeac7900480dc38c9e1f037962d516c59f433ed682950f1fe4889043145c4ef6ac763cbb1a6edec122ac2ea57b4f4bb69e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
1KB
MD5e724c31ebc88e60f049303b0de7d974b
SHA19a312846156fd46df951e14481bf99e24745b499
SHA25656fd0a690c9e7ef773eddc340f110e64ebbfec7580f852d089188c04b9cb17f0
SHA5124557b7a7b8dc8d61429b286111c81d3671a452702c4cd9e168d83ed5d30e093238ffdaf9ff5600b378fe208a3c0ebc7cb4b399d661be0bf614f20f93f4df700e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3Filesize
472B
MD5eef4409d0ad90e2899e538028bd3fa76
SHA12d6edd13cbd2d201ef921fc33c053aec8f8b740c
SHA25661eef3a534769ac291c82d37206b392dea96af36a38e9d7da4cf0fb2d5d2342d
SHA512cc2b740eee3c85df4b617245f6b1ddebaaa32d0afc2e4a1e4c3965bf1a51c93c42016220c3aa385828020a73d4641e2a40183f37e5f2492911a0bf92ffbb623d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9Filesize
1KB
MD5d4393736ce5016daf13dc23edb4efcef
SHA1945105746f0c5eed6313c98a738b1b856aff05eb
SHA256bead23d5a68b159f8f572f1e39f3727bf693f507a35dcbc37e4766a4e1c40e8d
SHA5123648e1ffe166b2e43fc11c2445902a28878e865b221bc55f1694386302d7a7f12904c2accc0d18e90f7f7fb22d7a94c8ca91ca8f4b0c6860f168e2bc9de21ee1
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001Filesize
1KB
MD55f398de800e4b24571ef227c063d5e00
SHA1038a56494718fef2805423ccb47f977f8429dc80
SHA256fb4ae375be9cbc0d38c3871389c400ca7bd02c64879b68509a76eaa89c780a00
SHA512068ef90ba584019785de32db11b40e8b4e84db6801809e5f0e6135045642439da1e9021051029298dac40e938d3a91a1e88808f2c4f0a3b81159c0af6a5c59f4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
724B
MD5f569e1d183b84e8078dc456192127536
SHA130c537463eed902925300dd07a87d820a713753f
SHA256287bc80237497eb8681dbf136a56cc3870dd5bd12d48051525a280ae62aab413
SHA51249553b65a8e3fc0bf98c1bc02bae5b22188618d8edf8e88e4e25932105796956ae8301c63c487e0afe368ea39a4a2af07935a808f5fb53287ef9287bc73e1012
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FBFilesize
471B
MD5f0f306ea49f1bd3f358f7579513e7377
SHA1c2845c696f6685a211bc040895d28ebf23fa1bc0
SHA256cda7588d5040ef3c8e83955838618a0ed0a6ee242d24abf5af697b2289fc8bdb
SHA512203d49777b7eb2deb10c361311a9317fe9fdac905857527f587cc6a8287b7c2e56d72c0f83c822628765c800e7ea5a0d92c379e4fff2096af485af388c0a9be5
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\24BD96D5497F70B3F510A6B53CD43F3E_3A89246FB90C5EE6620004F1AE0EB0EAFilesize
410B
MD5b873e1293b87ee7b0c2003ee31283981
SHA1bc846e9abdb29bcdafef43bed603c23e05d044bd
SHA25667e044f287255f293fc06ffda5541fe15d4f0ca7e204853eacd85c988feefb1b
SHA51206627670cf1b4f7468f4db54858d1a959a381641a6f138c333ecbb8936588b4078e79b3723939536bfa1fad4d0b565111fee078209b145d7d9484077a149f17e
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\265C0DEB29181DD1891051371C5F863A_F37C217C34EC1EF3506B7799C0334AC3Filesize
402B
MD5c1b5db868d136daef7e2dc53cab383a6
SHA10ff8e03aceab0d546498e6c1d496930297af6a70
SHA256db4253fb93fd1eca4053013eb9bb0d0dd782118ed9429d5693ec756670260833
SHA51245ade6b3c79c8f69aed0b8b5ac9278fccb46ddd841ebb89dd6e68af6ace73445b425e1f0fbd36542a037fe1baa73e377636bc7db77b43c1d1fae69f1482a4327
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\45253D621EA9F2E0253B4AF8D44565CD_27557F6CDAE75AFEA9251E5A15BC51D9Filesize
520B
MD54ca998b58280cd38469172c60402460a
SHA11f8642613d2be1d1d2ed90a87d2086636ea87c14
SHA25642ec958dd582c548512de125a6e29ad215416ab2bfba79dcd4c0da4d26a90c71
SHA512441570250ef4729eb77a7034c3f78cd551e9198be2fa94b8c692eaec331a6bd02ed49b986301baa39f2d4272d789e584b7934114fd6779d6cc7d6c8b4ad048ec
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_BA1AB6C2BDFDF57799E8116E4002D001Filesize
492B
MD57d73146bf097b72f47f407e955d0a7cc
SHA17a6edc2c5b62b50c3577a6cc265712fcc45666a6
SHA256990e88ff5cdcb3119c32e16bd1fa213a9d8894a7763f5694107905b96fbcdeaa
SHA512500221e30917671790e047066664f5bca181bb376c2415fa2950afb6d140d9127e730dfe41a16fa7b309525e55d7c0eb399347b0911b998fd20a689c9b14b81d
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\CAF4703619713E3F18D8A9D5D88D6288_A7725538C46DE2D0088EE44974E2CEBAFilesize
392B
MD50571cb8a0ecc0b4ba15494ae82754feb
SHA1769d3fbc2b7715d3188bfa4800434becb63ee036
SHA2560fbc85ce60c190d0ae2955dc43c3df2a0a9c5d67183fe52fb5829ff9f7092d47
SHA5122a5c2bd8f343f2fc1aedde071cbc46af3855cdbe291720759d0cdeec79ed2ef220b8a4d46d3192b66f42beaef0853572332fb204604d9808f4e4791ac727d6ba
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\F2DDCD2B5F37625B82E81F4976CEE400_A40DDA23AC660EBD6C048B34D97187FBFilesize
406B
MD51a02a1bc830700598474d85bc0d70d59
SHA19ae83950361b11f89677a29ced912a95b6aa238c
SHA256f78f0ee95d964cc89028f8272fe3ceac93d35c9b188761574145056955fe6b75
SHA512361b5e0c91e9cfb659c63f5b32a6963d3793bc022bbd230c1fc5b101878d640da672a0d7a572fc61b519ec9ac36a3a77a3069e4511908018fdffe0407f2cb7cc
-
C:\Users\Admin\AppData\Local\Microsoft\CLR_v4.0\UsageLogs\BruteL4-DDOS.exe.logFilesize
859B
MD56e11a15fe4491ead2a94f64d3467be38
SHA19a8329fb71ddc89dae9aa174c0b44a1f646efd63
SHA256087cf6355ae9fc71eea2493b30c6b10a6775f3dd68b2cb5e07fcc13461b74248
SHA5126154e320e2556aef177fc5bfb4e5fe8fabe324af736b89db4db41e6dd51658f7f6a7d0f73c24dc6ccdc4edf14023f4a1ecd0908abac5b82cebd038a93b2fc106
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\location[1].pngFilesize
40KB
MD54db9f1f4c36b304e4ecdcff0e4b84f1e
SHA19d87524ec7ec0cc9b62e6e8612790d29ba4c4c67
SHA256ae2943dbe05d5e78e5d578824f8663e6f17d6598431b7e550a45bbddfb1c9fd4
SHA512c823a497d04b282bdbccbe53dd87202ed60eaec6c9abb5f83b4c40fbab1850fcd80311b9e42e4ba278febc3dcd69f3c544730269b7ef841f96606e64f1081985
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\logo-dark[1].pngFilesize
15KB
MD5acc5a3c827b163f9298faa9fd36c5fca
SHA1cee5d76d35ef484bb39d4c08adafb5ba593cb1e2
SHA256c432fc6fed123766b84b574465071b7df18cd111e3924d1086627ea325b01363
SHA512403ad861a206a10069879297339aeaf4673fb398f65f731b4a0914e8f3062aec2a65501ed06609f62a20964acc33140d6762ff5a0d934bbdc20613d15e5ba231
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\0P80TOLA\pay[1].jsFilesize
114KB
MD5091dc5bc60d865bbca6e39a0979f3efe
SHA10c4a078957d7c804100bdc38fb7af6c86f886423
SHA2568e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b
SHA51249c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\9YACFB9R\f[1].txtFilesize
162KB
MD5ed92fabdbdf1d9288bd357a465435f66
SHA1f235bcbb101e7dde0ac5cc079e1122da45033c20
SHA25627586fe0e637fe333c7eafb5fd183010299e846921d40e66ea95234b5bd20e79
SHA51213e4d66fffa806316eae9345177bed9b94ff05fe9b90955d984e13e6c21b468528b2002b3e1bc9d46d9a901567a6402c3c922cfd11f696c68eb92481ef437146
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\DKFP9JBL\pay[1].jsFilesize
114KB
MD5091dc5bc60d865bbca6e39a0979f3efe
SHA10c4a078957d7c804100bdc38fb7af6c86f886423
SHA2568e5a0f968f689032ca31b98b13d6e9ad1910e85669e13579c371134643bb943b
SHA51249c1b1693a897e1bfb668aec21a50a9166e12b988b279b39725806ae3db9d2588f1f69350450df8f025fc06e4408eda2f0d97c8364e98e74a311f585910686e4
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\f[1].txtFilesize
162KB
MD507fc0dc044b6e75c32b1ff0f737b552b
SHA1ccc17a09f00941cd2c369305a44b22b7132d2367
SHA256bdde2e2e906d9a9aa7fe66d3c6ef0a7b2e35d1424e0a7b95554da84788fb93c2
SHA512f0a5361012edca664a3be1d6f1c09c03f4797b36bac1775d098885f3459410423562551d14aa275dded7c27bd7138fe89ecc361f32ce4b8fc63db3f27b9d0420
-
C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\IE\G1ORIWBN\polyfill.min[1].jsFilesize
4KB
MD561fc9c0df8557a172bd200a02959e168
SHA15f2b02e1ad95b7e98e34bd28e94f9bb1a7918c87
SHA256e555151e63c492ea4f05ecedbcaf488acecfdf147d814e1920bcef9b028968ab
SHA512df5d0698fcabc6f8c7631713cbb1dd8c237b1182fda2ee0395d122bb5a0006934551c11b3df70449b43ee25641200b186f62ae2a3269bd6683c50508363e08f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\VCRUNTIME140.dllFilesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\VCRUNTIME140.dllFilesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pydFilesize
54KB
MD5e28acb3e65ad0b0f56bbfa07a5524289
SHA1a36cebfed6887d32fc005cd74da22648e7ec8e6c
SHA256269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9
SHA512527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_ctypes.pydFilesize
54KB
MD5e28acb3e65ad0b0f56bbfa07a5524289
SHA1a36cebfed6887d32fc005cd74da22648e7ec8e6c
SHA256269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9
SHA512527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pydFilesize
38KB
MD579ca909a112bf7e02eebbeb24c7fea66
SHA15c3724b1b715365b2754f91e73d044b2673f3903
SHA256f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3
SHA512227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\_socket.pydFilesize
38KB
MD579ca909a112bf7e02eebbeb24c7fea66
SHA15c3724b1b715365b2754f91e73d044b2673f3903
SHA256f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3
SHA512227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\base_library.zipFilesize
812KB
MD5eb130a9177f630bc33d7e510ed81d9d2
SHA1c33dae854285d5367e8c87899e1a168abeca8d18
SHA256987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f
SHA51217feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dllFilesize
23KB
MD5b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\libffi-7.dllFilesize
23KB
MD5b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dllFilesize
1.4MB
MD5b607df83392febab3f5745b79dc26c57
SHA158c4b08575afbca1cf21e0995ca9048290241ebd
SHA2566a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e
SHA512a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\python310.dllFilesize
1.4MB
MD5b607df83392febab3f5745b79dc26c57
SHA158c4b08575afbca1cf21e0995ca9048290241ebd
SHA2566a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e
SHA512a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pydFilesize
21KB
MD56b060423e9286414cd6529d4ae6fcda5
SHA141f0f83c395a936b313001307cbbe2f01224fa35
SHA2566ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae
SHA51204256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff
-
C:\Users\Admin\AppData\Local\Temp\_MEI29162\select.pydFilesize
21KB
MD56b060423e9286414cd6529d4ae6fcda5
SHA141f0f83c395a936b313001307cbbe2f01224fa35
SHA2566ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae
SHA51204256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\VCRUNTIME140.dllFilesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\VCRUNTIME140.dllFilesize
94KB
MD5a87575e7cf8967e481241f13940ee4f7
SHA1879098b8a353a39e16c79e6479195d43ce98629e
SHA256ded5adaa94341e6c62aea03845762591666381dca30eb7c17261dd154121b83e
SHA512e112f267ae4c9a592d0dd2a19b50187eb13e25f23ded74c2e6ccde458bcdaee99f4e3e0a00baf0e3362167ae7b7fe4f96ecbcd265cc584c1c3a4d1ac316e92f0
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pydFilesize
54KB
MD5e28acb3e65ad0b0f56bbfa07a5524289
SHA1a36cebfed6887d32fc005cd74da22648e7ec8e6c
SHA256269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9
SHA512527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_ctypes.pydFilesize
54KB
MD5e28acb3e65ad0b0f56bbfa07a5524289
SHA1a36cebfed6887d32fc005cd74da22648e7ec8e6c
SHA256269a4c6d8deeb6cf5739573c71d1cfe1398f8d1a1508d1149efa926fd49138c9
SHA512527e1ab1638090e5c5f005a319d548c9bf0a530389ab82e4fe314cc7a6ac59ba74715b6e38a90f82ad3acd32533c0285b90f8b4b3b89b55ed31a8235ee835284
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pydFilesize
38KB
MD579ca909a112bf7e02eebbeb24c7fea66
SHA15c3724b1b715365b2754f91e73d044b2673f3903
SHA256f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3
SHA512227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\_socket.pydFilesize
38KB
MD579ca909a112bf7e02eebbeb24c7fea66
SHA15c3724b1b715365b2754f91e73d044b2673f3903
SHA256f5aa56e1e206c680d02f398a9eeeb9e9986246178f616c59494c09aaf24d71d3
SHA512227fa2adcd9b9fd8058fe09c2918ef8e1ada50b5b58fc7898a0851086160f83a4fab8b934979a1e2d28449f30b0a689c2c096ea1c70779fb6b1daef564f9b980
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\base_library.zipFilesize
812KB
MD5eb130a9177f630bc33d7e510ed81d9d2
SHA1c33dae854285d5367e8c87899e1a168abeca8d18
SHA256987165c5cc33442df85d8ab8c3f66e2805070e0b526801b88434f48ed04b3a2f
SHA51217feb5a3468a4883730fb17251ac7604c9ba376ce871ebbf4a034144626a63caf415bc6bed6cfca518b37c9840231cfdfccc17ca4833b3ef23b32499444b8474
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dllFilesize
23KB
MD5b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\libffi-7.dllFilesize
23KB
MD5b5150b41ca910f212a1dd236832eb472
SHA1a17809732c562524b185953ffe60dfa91ba3ce7d
SHA2561a106569ac0ad3152f3816ff361aa227371d0d85425b357632776ac48d92ea8a
SHA5129e82b0caa3d72bb4a7ad7d66ebfb10edb778749e89280bca67c766e72dc794e99aab2bc2980d64282a384699929ce6cc996462a73584898d2df67a57bff2a9c6
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dllFilesize
1.4MB
MD5b607df83392febab3f5745b79dc26c57
SHA158c4b08575afbca1cf21e0995ca9048290241ebd
SHA2566a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e
SHA512a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\python310.dllFilesize
1.4MB
MD5b607df83392febab3f5745b79dc26c57
SHA158c4b08575afbca1cf21e0995ca9048290241ebd
SHA2566a21dc896a78c961eac3dad70a9addc289c6c8449fe5c09b37adf12310e06b0e
SHA512a341b1b1a725a6df59d3b0f8e1afd3c8d39b63d682f297321ac59418f1f8089b3caca8374dcf453a09e77c53f0f47e889b965b9f3d0ec9dd5b8cff8839838d4d
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pydFilesize
21KB
MD56b060423e9286414cd6529d4ae6fcda5
SHA141f0f83c395a936b313001307cbbe2f01224fa35
SHA2566ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae
SHA51204256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff
-
C:\Users\Admin\AppData\Local\Temp\_MEI48282\select.pydFilesize
21KB
MD56b060423e9286414cd6529d4ae6fcda5
SHA141f0f83c395a936b313001307cbbe2f01224fa35
SHA2566ee51b502c418c8a6d3e5c13f22bee6f72503043ac33b4f1ac01adf7531557ae
SHA51204256d6fb99296c6b3c29fd69b0f90ac1eb8a25c2e7750b3fda4a145d5d9bc7a6e5d5b3691c0784c810f3e7cea3f080325d6cec2901ed206b57dcf1b6777e4ff
-
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_hgcvniiz.rt4.ps1Filesize
60B
MD5d17fe0a3f47be24a6453e9ef58c94641
SHA16ab83620379fc69f80c0242105ddffd7d98d5d9d
SHA25696ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7
SHA5125b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4-DDOS.exeFilesize
11.5MB
MD5cb885b1cae29af6524d341c65e486828
SHA1ef35f45fd7378e8fd31cd60f72bde21e75d61ada
SHA256bd95ec107878109859ff396ef71c76eb801ed4b25a167b49c8f0b8e112fbe361
SHA5129086e5a01178134876311086b14798e17d57f960c280b019e8f7e33fb68cdc494eb9be32918ec10314d8b8dfe289281567c82d132f1a5cf98288b8f133df2cde
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\BruteL4DDOS.exeFilesize
5.8MB
MD5a1c68c50488809ae7db16f2eaf42cf8a
SHA1e82c90431a6865422d7d4a63488daffabe1082d6
SHA25657dc721959bfc2125061178c9f098245ef4faa49446d19af48d0b055b1524d1e
SHA5126d6e246dc8b5e545ebb5508cdb0d3ec68cb17b71b066f2cd0e80a6538e44c440a084591a726b180cace99518cfa4ad85940439b202711d1c07877cbb5cde7d9d
-
C:\Users\Admin\Desktop\crack.exeFilesize
18KB
MD5b441b71b1ce23257d6f40bd7555703ac
SHA1961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b
-
C:\Users\Admin\Desktop\crack.exeFilesize
18KB
MD5b441b71b1ce23257d6f40bd7555703ac
SHA1961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b
-
C:\Users\Admin\Desktop\crack.exeFilesize
18KB
MD5b441b71b1ce23257d6f40bd7555703ac
SHA1961d3ae7e69b7a39edda340e93986c5a7f89c097
SHA256eeaacd0b7e68cc5e5a183dc5f6e8b489cf267a73ebd772b338873f9e04e2b7a4
SHA512e4f67e81e8f83b211a8c4bbaa0ff96d02341ff3fe6a83ffac0aefb62507afb0fa823fe43e3d4e3dd0b4a680393e6980adc92cea5286998109c828faf657c4a8b
-
memory/1596-487-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/1596-420-0x000000001DB50000-0x000000001DB60000-memory.dmpFilesize
64KB
-
memory/1596-419-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/1596-418-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/1596-415-0x00007FFE80000000-0x00007FFE80002000-memory.dmpFilesize
8KB
-
memory/1596-413-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/1864-561-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/1864-562-0x00007FF430C70000-0x00007FF431041000-memory.dmpFilesize
3.8MB
-
memory/1864-564-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2112-534-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/2112-485-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/2112-549-0x000000001FF60000-0x000000001FF70000-memory.dmpFilesize
64KB
-
memory/2112-548-0x000000001FF60000-0x000000001FF70000-memory.dmpFilesize
64KB
-
memory/2112-551-0x00007FF4F51F0000-0x00007FF4F55C1000-memory.dmpFilesize
3.8MB
-
memory/2112-552-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/2112-595-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/2112-550-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/2112-533-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/2112-566-0x000000001FF60000-0x000000001FF70000-memory.dmpFilesize
64KB
-
memory/2112-488-0x00007FF4F51F0000-0x00007FF4F55C1000-memory.dmpFilesize
3.8MB
-
memory/2112-486-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/2112-592-0x000000001FF60000-0x000000001FF70000-memory.dmpFilesize
64KB
-
memory/2112-591-0x000000001FF60000-0x000000001FF70000-memory.dmpFilesize
64KB
-
memory/2120-229-0x00007FFE80010000-0x00007FFE80011000-memory.dmpFilesize
4KB
-
memory/2120-157-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/2120-158-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/2120-159-0x00007FFE80000000-0x00007FFE80002000-memory.dmpFilesize
8KB
-
memory/2120-160-0x00007FFE80030000-0x00007FFE80031000-memory.dmpFilesize
4KB
-
memory/2120-161-0x0000000000950000-0x0000000000960000-memory.dmpFilesize
64KB
-
memory/2120-252-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/2120-154-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/2152-402-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmpFilesize
100KB
-
memory/2152-401-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmpFilesize
60KB
-
memory/2152-375-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-381-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-367-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-387-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-288-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-289-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmpFilesize
144KB
-
memory/2152-290-0x00007FFEA91E0000-0x00007FFEA91EF000-memory.dmpFilesize
60KB
-
memory/2152-291-0x00007FFE9E350000-0x00007FFE9E369000-memory.dmpFilesize
100KB
-
memory/2152-292-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmpFilesize
52KB
-
memory/2152-393-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-399-0x00007FFE95EA0000-0x00007FFE96305000-memory.dmpFilesize
4.4MB
-
memory/2152-400-0x00007FFEA32C0000-0x00007FFEA32E4000-memory.dmpFilesize
144KB
-
memory/2152-403-0x00007FFEA51C0000-0x00007FFEA51CD000-memory.dmpFilesize
52KB
-
memory/2800-323-0x00007FF44E340000-0x00007FF44E711000-memory.dmpFilesize
3.8MB
-
memory/2800-322-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-404-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-398-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-405-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-320-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-373-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-406-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-372-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-317-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-392-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-324-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-374-0x00007FF44E340000-0x00007FF44E711000-memory.dmpFilesize
3.8MB
-
memory/2800-386-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/2800-380-0x00000000001F0000-0x00000000010DF000-memory.dmpFilesize
14.9MB
-
memory/3000-148-0x0000000000340000-0x000000000034C000-memory.dmpFilesize
48KB
-
memory/3000-151-0x000000001C540000-0x000000001C550000-memory.dmpFilesize
64KB
-
memory/3000-228-0x000000001C540000-0x000000001C550000-memory.dmpFilesize
64KB
-
memory/4492-362-0x0000000020140000-0x0000000020150000-memory.dmpFilesize
64KB
-
memory/4492-211-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/4492-366-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/4492-247-0x0000000021650000-0x0000000021672000-memory.dmpFilesize
136KB
-
memory/4492-235-0x00007FFEC0F60000-0x00007FFEC0F70000-memory.dmpFilesize
64KB
-
memory/4492-365-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-353-0x0000000020140000-0x0000000020150000-memory.dmpFilesize
64KB
-
memory/4492-227-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-293-0x0000000020140000-0x0000000020150000-memory.dmpFilesize
64KB
-
memory/4492-226-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-225-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-224-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-223-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-222-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-221-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-219-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-220-0x00007FF4A7920000-0x00007FF4A7CF1000-memory.dmpFilesize
3.8MB
-
memory/4492-217-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-218-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-331-0x0000000020140000-0x0000000020150000-memory.dmpFilesize
64KB
-
memory/4492-167-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-162-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-294-0x0000000020140000-0x0000000020150000-memory.dmpFilesize
64KB
-
memory/4492-321-0x00007FF4A7920000-0x00007FF4A7CF1000-memory.dmpFilesize
3.8MB
-
memory/4492-319-0x0000000140000000-0x0000000140CB4000-memory.dmpFilesize
12.7MB
-
memory/4492-295-0x0000000020140000-0x0000000020150000-memory.dmpFilesize
64KB
-
memory/4492-303-0x00007FF7A30E0000-0x00007FF7A40EC000-memory.dmpFilesize
16.0MB
-
memory/4492-311-0x0000000026FC0000-0x0000000027766000-memory.dmpFilesize
7.6MB
-
memory/4680-590-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmpFilesize
144KB
-
memory/4680-523-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmpFilesize
4.4MB
-
memory/4680-583-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmpFilesize
4.4MB
-
memory/4680-547-0x00007FFEB7140000-0x00007FFEB714D000-memory.dmpFilesize
52KB
-
memory/4680-631-0x00007FFEA3670000-0x00007FFEA3AD5000-memory.dmpFilesize
4.4MB
-
memory/4680-632-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmpFilesize
144KB
-
memory/4680-535-0x00007FFEB3C30000-0x00007FFEB3C54000-memory.dmpFilesize
144KB
-
memory/4680-536-0x00007FFEBB4A0000-0x00007FFEBB4AF000-memory.dmpFilesize
60KB
-
memory/4680-546-0x00007FFEB3510000-0x00007FFEB3529000-memory.dmpFilesize
100KB