hxxps://github[.]com/Lusin333/Minecraft-Server-DDoSer

Analysis

max time kernel
260s
max time network
275s
platform
windows11-21h2_x64
resource
win11-20240221-en
resource tags

arch:x64arch:x86image:win11-20240221-enlocale:en-usos:windows11-21h2-x64system
submitted
06/03/2024, 09:18

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/Lusin333/Minecraft-Server-DDoSer

Score

8^/10

Malware Config

Signatures

Downloads MZ/PE file

Executes dropped EXE 4 IoCs

pid	Process
1236	Meinkraft.Server.DDoS.er.exe
3668	Meinkraft.Server.DDoS.er.exe
4008	Meinkraft.Server.DDoS.er.exe
748	Meinkraft.Server.DDoS.er.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 3 IoCs

Web Service

T1102

flow	ioc
14	raw.githubusercontent.com
23	raw.githubusercontent.com
24	raw.githubusercontent.com

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Meinkraft.Server.DDoS.er.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Meinkraft.Server.DDoS.er.exe
Key opened	\REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0	Meinkraft.Server.DDoS.er.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	Meinkraft.Server.DDoS.er.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe

Modifies registry class 54 IoCs

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4a	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\USER\S-1-5-21-647252928-2816094679-1307623958-1000_Classes\Local Settings	msedge.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe,-202"	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4a\ = "FlashPlayer.AudioForFlashPlayer"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe,-204"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4p	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf\ = "ShockwaveFlash.ShockwaveFlash"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.f4p\ = "FlashPlayer.ProtectedMediaForFlashPlayer"	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe,-203"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo\DefaultIcon	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.swf	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe,-205"	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\DefaultIcon	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\.spl\ = "ShockwaveFlash.ShockwaveFlash"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.ProtectedMediaForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Temp\\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\\Meinkraft.Server.DDoS.er.exe,-608"	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.FlashVideo	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\ShockwaveFlash.ShockwaveFlash\shell\open	Meinkraft.Server.DDoS.er.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.VideoForFlashPlayer\shell\open	Meinkraft.Server.DDoS.er.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Classes\FlashPlayer.AudioForFlashPlayer\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Temp\\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\\Meinkraft.Server.DDoS.er.exe\" %1"	Meinkraft.Server.DDoS.er.exe

NTFS ADS 6 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 905357.crdownload:SmartScreen	msedge.exe
File opened for modification	C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe:Zone.Identifier	msedge.exe
File created	C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe\:SmartScreen:$DATA	Meinkraft.Server.DDoS.er.exe
File created	C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe\:Zone.Identifier:$DATA	Meinkraft.Server.DDoS.er.exe
File created	C:\Users\Admin\AppData\Local\Temp\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\Meinkraft.Server.DDoS.er.exe\:SmartScreen:$DATA	Meinkraft.Server.DDoS.er.exe
File created	C:\Users\Admin\AppData\Local\Temp\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\Meinkraft.Server.DDoS.er.exe\:Zone.Identifier:$DATA	Meinkraft.Server.DDoS.er.exe

Suspicious behavior: EnumeratesProcesses 14 IoCs

pid	Process
4624	msedge.exe
4624	msedge.exe
1708	msedge.exe
1708	msedge.exe
3436	msedge.exe
3436	msedge.exe
3556	identity_helper.exe
3556	identity_helper.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
4388	msedge.exe
412	msedge.exe
412	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 8 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of FindShellTrayWindow 64 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SendNotifyMessage 12 IoCs

pid	Process
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe
1708	msedge.exe

Suspicious use of SetWindowsHookEx 6 IoCs

pid	Process
1236	Meinkraft.Server.DDoS.er.exe
3668	Meinkraft.Server.DDoS.er.exe
3668	Meinkraft.Server.DDoS.er.exe
4008	Meinkraft.Server.DDoS.er.exe
748	Meinkraft.Server.DDoS.er.exe
748	Meinkraft.Server.DDoS.er.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 1708 wrote to memory of 2380	1708	msedge.exe	77
PID 1708 wrote to memory of 2380	1708	msedge.exe	77
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 2152	1708	msedge.exe	78
PID 1708 wrote to memory of 4624	1708	msedge.exe	79
PID 1708 wrote to memory of 4624	1708	msedge.exe	79
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80
PID 1708 wrote to memory of 496	1708	msedge.exe	80

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/Lusin333/Minecraft-Server-DDoSer
1⤵
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:1708
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=90.0.4430.212 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=90.0.818.66 --initial-client-data=0x100,0x104,0x108,0xdc,0x10c,0x7fff751c3cb8,0x7fff751c3cc8,0x7fff751c3cd8
  2⤵
  PID:2380
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --gpu-preferences=SAAAAAAAAADgAAAwAAAAAAAAAAAAAAAAAABgAAAAAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=1932 /prefetch:2
  2⤵
  PID:2152
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2392 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4624
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2752 /prefetch:8
  2⤵
  PID:496
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3316 /prefetch:1
  2⤵
  PID:3508
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3360 /prefetch:1
  2⤵
  PID:2276
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4576 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3436
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5204 /prefetch:1
  2⤵
  PID:1320
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5232 /prefetch:1
  2⤵
  PID:3832
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3324 /prefetch:1
  2⤵
  PID:2800
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3420 /prefetch:1
  2⤵
  PID:4728
- C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\90.0.818.66\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5764 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3556
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:1
  2⤵
  PID:2116
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5088 /prefetch:8
  2⤵
  PID:1612
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=17 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5856 /prefetch:1
  2⤵
  PID:4744
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.22000.1 --gpu-preferences=SAAAAAAAAADoAAAwAAAAAAAAAAAAAAAAAABgAAAQAAAoAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAB4AAAAAAAAAHgAAAAAAAAAKAAAAAQAAAAgAAAAAAAAACgAAAAAAAAAMAAAAAAAAAA4AAAAAAAAABAAAAAAAAAAAAAAAAUAAAAQAAAAAAAAAAAAAAAGAAAAEAAAAAAAAAABAAAABQAAABAAAAAAAAAAAQAAAAYAAAAIAAAAAAAAAAgAAAAAAAAA --mojo-platform-channel-handle=6356 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4388
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=1920,7120307267324790914,18010713174935865353,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6616 /prefetch:8
  2⤵
  - NTFS ADS
  - Suspicious behavior: EnumeratesProcesses
  PID:412
- C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe
  "C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe"
  2⤵
  - Executes dropped EXE
  - NTFS ADS
  - Suspicious use of SetWindowsHookEx
  PID:1236
- - C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe
    "C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe" -relaunched
    3⤵
    - Executes dropped EXE
    - Checks processor information in registry
    - Modifies registry class
    - Suspicious use of SetWindowsHookEx
    PID:3668

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3260

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:5040

C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
1⤵
PID:1648

C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe
"C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe"
1⤵
- Executes dropped EXE
- NTFS ADS
- Suspicious use of SetWindowsHookEx
PID:4008
- C:\Users\Admin\AppData\Local\Temp\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\Meinkraft.Server.DDoS.er.exe
  "C:\Users\Admin\AppData\Local\Temp\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\Meinkraft.Server.DDoS.er.exe" -relaunched
  2⤵
  - Executes dropped EXE
  - Checks processor information in registry
  - Modifies registry class
  - Suspicious use of SetWindowsHookEx
  PID:748

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
12b71c4e45a845b5f29a54abb695e302

SHA1
8699ca2c717839c385f13fb26d111e57a9e61d6f

SHA256
c353020621fa6cea80eaa45215934d5f44f181ffa1a673cdb7880f20a4e898e0

SHA512
09f0d1a739102816c5a29106343d3b5bb54a31d67ddbfcfa21306b1a6d87eaa35a9a2f0358e56cc0f78be15eeb481a7cc2038ce54d552b9b791e7bee78145241

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
ce319bd3ed3c89069337a6292042bbe0

SHA1
7e058bce90e1940293044abffe993adf67d8d888

SHA256
34070e3eea41c0e180cb5541de76cea15ef6f9e5c641e922d82a2d97bdce3aa3

SHA512
d42f7fc32a337ecd3a24bcbf6cd6155852646cae5fb499003356f713b791881fc2e46825c4ff61d09db2289f25c0992c10d6fadb560a9bea33284bd5acc449f7

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
1KB

MD5
01f119c0aa2914b3eccd91a47b32557b

SHA1
2dfd6f50d496c1979104e0246e591c5b607792a9

SHA256
a7909cfc929d9eba900383a14a05229490d893c980e569cb82079d31bba89636

SHA512
51183b4fb2604e9bbc2e66ef0b9f7b8e8e459f4e3f65233cfcf618a4c08bfcac8d25fb722971b1320a15c4839ce4482735fc5f37d07e9b46efe9b66a3ca0a0c2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
c48c6477b2f90effc32b563ac19b1ab9

SHA1
3807de0263f0152de004b5d3d2f4c081b05b17d4

SHA256
2df66a19f77cc45be459625f84653d55674dabb97ff90b91b7c182b8dd9f2819

SHA512
c07e9abc697c62f4036e34dcba858e9eb80b0ce21e62b0fee6ff9fce4731eec4263f7eb94055b387b778041faa158c298935d627806662316f9884fd62364cf9

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
42f12c811fd2c9641d3811884233cfaa

SHA1
1f1551462c63367755718ad0e42249f4f457e2f5

SHA256
3fd0e31bcacd76f34b8f471beeb8c37d341946df7d1b918831e5491f91f5acba

SHA512
1e17b07070dfb8758fd67e42953dd54cfd15e528f6802212c95d7afb79b401db7253bdf8205dad180af2acc77d56f3ff7ac97f7b5b12494bd35a0e830a842c04

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
422336f47680dd419938922b1bfd2258

SHA1
4a4862aa29adb2ec432cfabc3ddc4da2c4560d0d

SHA256
976b77fa7322eb6304c2803cde58f48fe480089012788571ed5850799cb03cc1

SHA512
234cb282cd0a1b39c38b2d36c698681429a31c62da702a97a11512017cb3b7e997662ff91b6da854a2a8e9393df983ed0f71577de11039a6135eaf8bcb328d1f

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
ddaded2d9f173c8b070339e62ab3ea77

SHA1
45ce80e87d6d00d15f6d1952f90fb5bfbe22b55a

SHA256
50925743ee1ec6bf69d2734993f30eb51f33f25064ef5ffcc620488e898f6214

SHA512
110c961d8a10bf391e7fd8503f8ba6e42007baab3add7aabef752d8c41a186f3be97a14fc924e5500b59c2f7642d152ec422f482acea28d63ce9c7ac7189e095

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe58076d.TMP

Filesize
1KB

MD5
ba396a01ea37ee3e9b0b1cf87bb98588

SHA1
bc65a85b0397a9c84b6473243572dc0a90bafa75

SHA256
3c85ca2309a0eafb92ad019e185a1ccd551171deb89b3c841e9cf6e196af3a04

SHA512
84635b4e3f54bd023c12de54f088e5de5c66b42d3055c8fdf8aee07241ca08a5cf2c2f1108024f26ddbce666772fcdb5397686d93de93c27ef78a477aee7fbb0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
364bbc124a03744f205dfce7de169c30

SHA1
9dd92feef2958f7e23dbf8d7609da0658e13a09b

SHA256
43abb6fc8ea9487ce553f3bd9cf02b9dceb44e78e2683f21b8977eb29b45ea7d

SHA512
581aaef5a290191eb350216b462d339352c285d209e67317022e569039d26787313b7a357c56e2eb9383947672599117a952ebf264015abbbee914af65a2ba49

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
ae60a20478ebdf50e857828fcda167c6

SHA1
30f1150082dad3d920c8eb7ff7ede3130a10d1e2

SHA256
46faeea0eb978b0536f67f441c61ad9300414f21ae159fa2c56c234a606a2507

SHA512
b4f5317467b44e5642af42e9400a1b8a697460a9c48b2d8008d7e41ec2313cc5c222e3098f093b79cadcdce7da2f6d667e59bb7fe272ec22245e71763c663c27

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
12KB

MD5
2a537b5e88cf265a3dd0622fa286ee5b

SHA1
9900e4fd2f6c195c76669046587cb18224ab7094

SHA256
b2575affde72878315ad6d7ab6c98759f06222b19862cd7ba75998b1ae8cf1f8

SHA512
34d64dfe44d5242f6958a8966ae6044162a3e7aa7ab79ec9bc27c2c181976d5f7e8e56c893ec89bb91667edefb6800759d2f68e39f817dc4c9f4fdb21c403927

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe

Filesize
16.8MB

MD5
ece2049b077ba796a3a6331982e6ef14

SHA1
4b9efe65550a4b101d421a9d44cab37983c1b38a

SHA256
0731b3e80ed063c4e01c50a0f44494c7bfa706017d5fd630244bf4059146dfc5

SHA512
f264bf18c058063d8e2f0fa2f73d951479912b362189e8d95b4dedab6e2802c4839c70850ece509cbd9ab93f94577660a167e8feb7eda30d3e5f7b0f732c7ccc

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe

Filesize
16.7MB

MD5
f02e9eabbf79d339f273472b526e850b

SHA1
0ff5befbcae4cc8fc4fc55ded70373532921e1ae

SHA256
0ba6ebc792dc7e93bb51383072eef8674bddaf22eb9fe0ff45649cfd477ee543

SHA512
d6a6ce5da152fe6d2f622ba2c1bf6ffcd46d96bb2addb4bf12926d88eb2c840a0b173177ed116ba81f05ea41331f1ca80df592635b6adaace66612b6244f9eff

Download Submit
C:\Users\Admin\AppData\Local\Temp\{7514E7FD-7215-4154-A4BC-277C2C1B9AAC}\Meinkraft.Server.DDoS.er.exe:Zone.Identifier

Filesize
684B

MD5
6d8818a670ad5a067a2477e7f3ecc8e8

SHA1
8f85f84cd3878e28b296cdafc18c5d544d95bfb1

SHA256
35edde035e5920d32f95acc029dd7d37d55c3b25993999cf58794e2d3abcb873

SHA512
6222c6a099cb96f6675a4c57928584ddfd3b97ecea430d166c2183e5ac5a409c0ee0a32b0e3dbf9d6c31bc4ed810392c5b98d4bcee04cb9e41d28d31cf2eb3e2

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\Meinkraft.Server.DDoS.er.exe

Filesize
11.3MB

MD5
e5381c6b6f551a3f4b751457617edda2

SHA1
1fba4885983a911f12ba657c4a4283509ae8d381

SHA256
0aa2abb75193155543c13a121a7c991f43d3012527f538182ad46756b98eee17

SHA512
0de50191df72e725acde717896471591a51b384c6666667ac516e4a32053663c5ca4f4bff3c4e4739747864693c3b47e0125e4c8993818a797432c19164ef258

Download Submit
C:\Users\Admin\AppData\Local\Temp\{9A9FB37E-2529-4D9F-9329-7597212EBE2D}\Meinkraft.Server.DDoS.er.exe

Filesize
13.0MB

MD5
be0d41667ee743e170dcf8c626122173

SHA1
4f15a5b7e35ca877904f5f49bd83e664a47cad13

SHA256
e8b12e9b3cf909913b792f3cd2b5cb50524b51997fb4f91fd79029082e47c794

SHA512
a93d6f8ad5af86e1f16600176001e3a18a72d91fae0642af2293153b6d35b3e17f910527cebd4b94e7c7406f417800b51779b7eda42abbd08a62ada14f65708e

Download Submit
C:\Users\Admin\AppData\Roaming\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol

Filesize
397B

MD5
18f13d5d50365841e15f38ff3b576470

SHA1
925af99273268c571faa7d8aec4ae16b3710fd28

SHA256
f5a513d977e777f36d61dbd5e2be3c737ade51f304a712f7955244264303adb4

SHA512
61f12376bcb1b41bd791f4b757a28241472e0857d6e25b2456d98b5d8511af1ee69a94a1d288799eb459aa6172ac63988af26694a1df4813e01b4ffa8ac1a326

Download Submit
C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe

Filesize
11.8MB

MD5
cf863768a278d8666c11d01709108b32

SHA1
303bb4f1f0574a3983d96b27d34f3538d6e6edff

SHA256
14a5d092cbdf613d0acaf5ccab941b12a3835066c3cb9fd80e433affa30734d2

SHA512
79802e4a464eff2ec6036f3d6c7fe727cbcf5f828b32071ad781f7e2746a72f3989ef967641fd12e001f3b2a0b2259207f0b6591b7f50d3deeb6e6204931a68f

Download Submit
C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe

Filesize
1.7MB

MD5
76bd19c66f7193ff57c9617572e3ebce

SHA1
4f9ef0166839749f593c903745c1e2d9d5b39020

SHA256
fe6d4154ef047b32ba950e7004ae041b058995d1ff4f116b59b8668448e69fe7

SHA512
fc922358756e82388413633b2bf1387be1c3b2c8b2b5fc1b206dbb2c5bac2036d9aeb3175d1400ec7224569c4818a584e4aad3fc608b49423d0a91ac5018884d

Download Submit
C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe

Filesize
27.5MB

MD5
34de70e69ee941fdd02c18cda80dbfa0

SHA1
475d9d7149ad049e9d6ab647749ee2eb975b2784

SHA256
50071fa519dcde0fb4d155579fb4e6c54b9d519ab14d12ece7a87b0f81351bf6

SHA512
72645e1ea6ae08cb26598212513f8a84055fe446ee7def8c0716e3441ce7049772a4ba8801fd1126898bef66da7ab4ed78f232f7e52cf780b51b281c55dab3ec

Download Submit
C:\Users\Admin\Downloads\Meinkraft.Server.DDoS.er.exe:Zone.Identifier

Filesize
26B

MD5
fbccf14d504b7b2dbcb5a5bda75bd93b

SHA1
d59fc84cdd5217c6cf74785703655f78da6b582b

SHA256
eacd09517ce90d34ba562171d15ac40d302f0e691b439f91be1b6406e25f5913

SHA512
aa1d2b1ea3c9de3ccadb319d4e3e3276a2f27dd1a5244fe72de2b6f94083dddc762480482c5c2e53f803cd9e3973ddefc68966f974e124307b5043e654443b98

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 905357.crdownload

Filesize
6.8MB

MD5
970823daca2555efacb9e722ddb729ea

SHA1
8dbba63eac1e5ed395a86f461d64a595c3466e84

SHA256
94e81a1d8ec4a6f69118ab2db90f599c02b79a6ccc28420c5aea934faa749707

SHA512
64c33031a2657eec36961688056653799110c51f71240c18f5ddcb09d1e8db567f96528b86689b0e1753efe814267d78668f5ad0a335ecc147a2e446b140e13c

Download Submit