hxxps://github[.]com/kezoponk/DDoS[.]bat/blob/master/DDoS[.]bat

Analysis

max time kernel
147s
max time network
146s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
11/09/2024, 09:59

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

https://github.com/kezoponk/DDoS.bat/blob/master/DDoS.bat

Score

6^/10

discovery

Malware Config

Signatures

Legitimate hosting services abused for malware hosting/C2 1 TTPs 2 IoCs

Web Service

T1102

flow	ioc
56	raw.githubusercontent.com
57	raw.githubusercontent.com

Browser Information Discovery 1 TTPs
Enumerate browser information.
discovery

Browser Information Discovery
T1217

System Network Configuration Discovery: Internet Connection Discovery 1 TTPs 2 IoCs

Adversaries may check for Internet connectivity on compromised systems.

discovery

Internet Connection Discovery

T1016.001

pid	Process
4880	PING.EXE
760	PING.EXE

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	msedge.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	msedge.exe

NTFS ADS 1 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\Downloads\Unconfirmed 664528.crdownload:SmartScreen	msedge.exe

Runs ping.exe 1 TTPs 2 IoCs

Remote System Discovery

T1018

pid	Process
760	PING.EXE
4880	PING.EXE

Suspicious behavior: EnumeratesProcesses 12 IoCs

pid	Process
4640	msedge.exe
4640	msedge.exe
3596	msedge.exe
3596	msedge.exe
3084	identity_helper.exe
3084	identity_helper.exe
4264	msedge.exe
4264	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe
1616	msedge.exe

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of FindShellTrayWindow 35 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of SendNotifyMessage 24 IoCs

pid	Process
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe
3596	msedge.exe

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 3596 wrote to memory of 3868	3596	msedge.exe	82
PID 3596 wrote to memory of 3868	3596	msedge.exe	82
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 2264	3596	msedge.exe	83
PID 3596 wrote to memory of 4640	3596	msedge.exe	84
PID 3596 wrote to memory of 4640	3596	msedge.exe	84
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85
PID 3596 wrote to memory of 3948	3596	msedge.exe	85

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument https://github.com/kezoponk/DDoS.bat/blob/master/DDoS.bat
1⤵
- Enumerates system info in registry
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3596
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7ffab67246f8,0x7ffab6724708,0x7ffab6724718
  2⤵
  PID:3868
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2068 /prefetch:2
  2⤵
  PID:2264
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2124 /prefetch:3
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4640
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2808 /prefetch:8
  2⤵
  PID:3948
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3336 /prefetch:1
  2⤵
  PID:2520
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3356 /prefetch:1
  2⤵
  PID:2336
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  PID:4580
- C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5532 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:3084
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5528 /prefetch:1
  2⤵
  PID:1512
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5192 /prefetch:1
  2⤵
  PID:4376
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4088 /prefetch:1
  2⤵
  PID:4308
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5704 /prefetch:1
  2⤵
  PID:2544
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5192 /prefetch:8
  2⤵
  PID:2984
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5688 /prefetch:1
  2⤵
  PID:1936
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6088 /prefetch:8
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:4264
- C:\Windows\system32\cmd.exe
  C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\Downloads\DDoS.bat" "
  2⤵
  PID:4972
- - C:\Windows\system32\mode.com
    mode CON: cols=89 LINES=22
    3⤵
    PID:1008
- - C:\Windows\system32\cmd.exe
    C:\Windows\system32\cmd.exe /c "prompt #$H#$E# & echo on & for %b in (1) do rem"
    3⤵
    PID:1992
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4768
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:1900
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Home\" \..\X" nul
    3⤵
    PID:1104
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:3144
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To DDoS The Network That You're Connected To With 100Gbs \..\X" nul
    3⤵
    PID:4940
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:2912
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4516
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:2112
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"List\" \..\X" nul
    3⤵
    PID:3220
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:3384
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To See The Recent IP's You've Entered\..\X" nul
    3⤵
    PID:1900
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:1104
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:3144
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Skype\" \..\X" nul
    3⤵
    PID:4940
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:2912
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get Someone's IP With Skype \..\X" nul
    3⤵
    PID:4516
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:2112
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:3220
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:3384
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Server\..\X" nul
    3⤵
    PID:1900
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:3208
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get A Website's IP\..\X" nul
    3⤵
    PID:2484
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:2444
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4424
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Track\" \..\X" nul
    3⤵
    PID:2904
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:2124
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Track Someone's IP \..\X" nul
    3⤵
    PID:4264
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:1296
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:1412
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4940
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Help\" \..\X" nul
    3⤵
    PID:1008
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:4516
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "For Help Page \..\X" nul
    3⤵
    PID:388
- - C:\Windows\system32\findstr.exe
    findstr /p /A:e "." " Validating IP..\..\X" nul
    3⤵
    PID:4644
- - C:\Windows\system32\PING.EXE
    ping 10.31.18.16 -l 32 -t -n 1 -n 1
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:4880
- - C:\Windows\system32\find.exe
    find "Please check the name and try again." C:\Users\Admin\AppData\Local\Temp\DDoS\text.dat
    3⤵
    PID:2536
- - C:\Windows\system32\find.exe
    find "Destination host unreachable." C:\Users\Admin\AppData\Local\Temp\DDoS\text.dat
    3⤵
    PID:3604
- - C:\Windows\system32\find.exe
    find "Request timed out." C:\Users\Admin\AppData\Local\Temp\DDoS\text.dat
    3⤵
    PID:2624
- - C:\Windows\system32\findstr.exe
    findstr /p /A:c "." " - IP Does Not Exist -\..\X" nul
    3⤵
    PID:392
- - C:\Windows\system32\PING.EXE
    ping localhost -n 2
    3⤵
    - System Network Configuration Discovery: Internet Connection Discovery
    - Runs ping.exe
    PID:760
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:5116
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:3920
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Home\" \..\X" nul
    3⤵
    PID:3856
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:4592
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To DDoS The Network That You're Connected To With 100Gbs \..\X" nul
    3⤵
    PID:4160
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:928
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:2128
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4316
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"List\" \..\X" nul
    3⤵
    PID:2676
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:4936
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To See The Recent IP's You've Entered\..\X" nul
    3⤵
    PID:3688
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:2024
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4844
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Skype\" \..\X" nul
    3⤵
    PID:3036
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:4504
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get Someone's IP With Skype \..\X" nul
    3⤵
    PID:4656
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:5036
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4816
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:2228
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Server\..\X" nul
    3⤵
    PID:3000
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:2792
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get A Website's IP\..\X" nul
    3⤵
    PID:4992
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:468
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:2056
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Track\" \..\X" nul
    3⤵
    PID:2908
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:5000
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Track Someone's IP \..\X" nul
    3⤵
    PID:3064
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:3048
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:2848
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:3488
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Help\" \..\X" nul
    3⤵
    PID:412
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:4156
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "For Help Page \..\X" nul
    3⤵
    PID:3692
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \..\X" nul
    3⤵
    PID:1584
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[+]\..\X" nul
    3⤵
    PID:1664
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " How To Target An Ip\..\X" nul
    3⤵
    PID:2308
- - C:\Windows\system32\findstr.exe
    findstr /p /A:b "." " Enter The Ip You Want To DDoS In The Area\..\X" nul
    3⤵
    PID:624
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " Press \..\X" nul
    3⤵
    PID:1076
- - C:\Windows\system32\findstr.exe
    findstr /p /A:e "." "Enter\..\X" nul
    3⤵
    PID:2284
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " To Return\..\X" nul
    3⤵
    PID:4868
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4776
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4120
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Home\" \..\X" nul
    3⤵
    PID:2184
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:3164
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To DDoS The Network That You're Connected To With 100Gbs \..\X" nul
    3⤵
    PID:5088
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:1988
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4108
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4060
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"List\" \..\X" nul
    3⤵
    PID:4880
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:2604
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To See The Recent IP's You've Entered\..\X" nul
    3⤵
    PID:3152
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4800
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4840
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Skype\" \..\X" nul
    3⤵
    PID:3484
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:760
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get Someone's IP With Skype \..\X" nul
    3⤵
    PID:5116
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:3920
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:3856
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4592
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Server\..\X" nul
    3⤵
    PID:4160
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:928
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get A Website's IP\..\X" nul
    3⤵
    PID:2128
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:4316
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:2676
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Track\" \..\X" nul
    3⤵
    PID:4936
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:3688
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Track Someone's IP \..\X" nul
    3⤵
    PID:2024
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:4844
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:3036
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:4504
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Help\" \..\X" nul
    3⤵
    PID:4656
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:5036
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "For Help Page \..\X" nul
    3⤵
    PID:4816
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:2204
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:3936
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Home\" \..\X" nul
    3⤵
    PID:3480
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:3068
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To DDoS The Network That You're Connected To With 100Gbs \..\X" nul
    3⤵
    PID:4292
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:3260
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:1468
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:1572
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"List\" \..\X" nul
    3⤵
    PID:3880
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:4288
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To See The Recent IP's You've Entered\..\X" nul
    3⤵
    PID:2488
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:1928
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:1508
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Skype\" \..\X" nul
    3⤵
    PID:4864
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:4332
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get Someone's IP With Skype \..\X" nul
    3⤵
    PID:4264
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:2020
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:1552
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:1584
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Server\..\X" nul
    3⤵
    PID:1664
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:2428
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Get A Website's IP\..\X" nul
    3⤵
    PID:2308
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:1076
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:2284
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Track\" \..\X" nul
    3⤵
    PID:4868
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." "---- \..\X" nul
    3⤵
    PID:3980
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "To Track Someone's IP \..\X" nul
    3⤵
    PID:4032
- - C:\Windows\system32\findstr.exe
    findstr /p /A:cf "." "[Website]\..\X" nul
    3⤵
    PID:2784
- - C:\Windows\system32\findstr.exe
    findstr /p /A:0 "." " \..\X" nul
    3⤵
    PID:3016
- - C:\Windows\system32\findstr.exe
    findstr /p /A:2f "." "Type\..\X" nul
    3⤵
    PID:1060
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." " \"Help\" \..\X" nul
    3⤵
    PID:4408
- - C:\Windows\system32\findstr.exe
    findstr /p /A:f "." " ---- \..\X" nul
    3⤵
    PID:4644
- - C:\Windows\system32\findstr.exe
    findstr /p /A:a "." "For Help Page \..\X" nul
    3⤵
    PID:3124
- C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
  "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2040,15548676033654632647,3106993489864424694,131072 --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --gpu-preferences=UAAAAAAAAADoAAAQAAAAAAAAAAAAAAAAAABgAAAEAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=5096 /prefetch:2
  2⤵
  - Suspicious behavior: EnumeratesProcesses
  PID:1616

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:2548

C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
1⤵
PID:3528

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Browser Information Discovery

T1217

Query Registry

T1012

Remote System Discovery

T1018

System Information Discovery

T1082

System Network Configuration Discovery

T1016

Internet Connection Discovery

T1016.001

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
9e3fc58a8fb86c93d19e1500b873ef6f

SHA1
c6aae5f4e26f5570db5e14bba8d5061867a33b56

SHA256
828f4eacac1c40b790fd70dbb6fa6ba03dcc681171d9b2a6579626d27837b1c4

SHA512
e5e245b56fa82075e060f468a3224cf2ef43f1b6d87f0351a2102d85c7c897e559be4caeaecfdc4059af29fdc674681b61229319dda95cb2ee649b2eb98d313e

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat

Filesize
152B

MD5
27304926d60324abe74d7a4b571c35ea

SHA1
78b8f92fcaf4a09eaa786bbe33fd1b0222ef29c1

SHA256
7039ad5c2b40f4d97c8c2269f4942be13436d739b2e1f8feb7a0c9f9fdb931de

SHA512
f5b6181d3f432238c7365f64fc8a373299e23ba8178bcc419471916ef8b23e909787c7c0617ab22e4eb90909c02bd7b84f1386fbc61e2bdb5a0eb474175da4bd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index

Filesize
2KB

MD5
5353fb8347439c583070828b98a2bb81

SHA1
75d68eb653cd21d27ef0d02c7ebd3dc242981d6b

SHA256
e2714e6cd7344f61be1e8d42ae8dc028d17e476cb3abfc401fea45e587c85e6b

SHA512
b9ce33571b22028ade0aa3a1f05668e7f0f4599064926d38970397ca7769a77aec341c12cd0913c33387c7c9aa0b15ebeff8a03fa6cff29e569fc9bce4550a7c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
579B

MD5
b8fdc8d04b83beb089126efbce00f896

SHA1
971ff6e70884b2cdf229be5a0cad066e3bdb085b

SHA256
c3084bc354488bb98cea934da0e3d6a462b574774df7f3b4fe289688acf3ebfe

SHA512
f5f0033e6bc47a723773fb221dbb2d5b684209ffc7a8046e708df1f5cade52b05158d2fc09fdb3867ca1922734f64fc5cb3bb7224da24df348085092385a45fd

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State

Filesize
111B

MD5
807419ca9a4734feaf8d8563a003b048

SHA1
a723c7d60a65886ffa068711f1e900ccc85922a6

SHA256
aa10bf07b0d265bed28f2a475f3564d8ddb5e4d4ffee0ab6f3a0cc564907b631

SHA512
f10d496ae75db5ba412bd9f17bf0c7da7632db92a3fabf7f24071e40f5759c6a875ad8f3a72bad149da58b3da3b816077df125d0d9f3544adba68c66353d206c

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
5KB

MD5
21d3554d10b4b6e55f64d16495872ffb

SHA1
673b4dede9a8bbf12cadea7bc8f3c8ba6b948b48

SHA256
fae6dd3fbd35ac64bff60980329492b1c766ec12f2a45f8182a1e06857fab956

SHA512
b2149534e97571753bb2149e23258b1399c5f347993d5c0196b23cbb7fc7866dbf332a9cc87901ae2c05c314fda1c7865fc37fa67456e6031e4e9c310db05a1b

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
bf105bbaaa022be65613bbf046bc206e

SHA1
dc786472447fb902f23f236a9f306bb12d079f7f

SHA256
fea877155dddeef8914931d9b145b4ce93b0202833a122c75ff52649620bf33d

SHA512
c2a594d7bdfbca734beece84a9460bca96a1204160c6f313e2dbad77c54032fc74e8fc71a41eb58c7fb554d3dd2209e8a4923dbfa64be625955c5fc7cd0e09a3

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences

Filesize
6KB

MD5
36f0fa6461c8b07d5a3026d1f2b8fbab

SHA1
a215d16932ba1eab4c645214f03bf0d87295740a

SHA256
42e2538552777f7d3945d1c2a689d0b6b2ae34a879ce07736363d745cf79e9d5

SHA512
ab1fa2fd8b8627c3b741d1f1034880d7819069d8e336ace14af117b0ac32b2f292c931b71a010a4eebbdbe5b6e42989bc4acb5f3a6ba19ad46a32869db12fe23

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity

Filesize
1KB

MD5
1f92951a7b950c051ee393359f995d93

SHA1
355daebd857d09fd0eaa744e6ac8949f7c680fbc

SHA256
0707427151dcc2804b852d73c0f29266f1d0271b2ab1909080ca615c62f95915

SHA512
7f41f42aeed16786fd5d2bbf87276e187a9e2894973d8bc4a66d83fea150484c0d69232365658217e9febb74e00659d454db40f7a16d33b1889ed68eda82b2b2

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\TransportSecurity~RFe5bab9e.TMP

Filesize
874B

MD5
dedba828a161601a40bf884618e852c1

SHA1
35a97976b651830c0c1508913a949f998ee09cb8

SHA256
597889e93161a73f2c61ba8ceb38913a891221adce2efcab927eb7148c25995b

SHA512
c140739a66bd983edd97d3199c82980e21d338b7ac83fc5e616d8bddf1d146b155fd88f548ce236720614825622df8ef52158fee1ea964ac70e14c0f6f728c65

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT

Filesize
16B

MD5
6752a1d65b201c13b62ea44016eb221f

SHA1
58ecf154d01a62233ed7fb494ace3c3d4ffce08b

SHA256
0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd

SHA512
9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
11KB

MD5
8312cbc140143878d83ae7812d01654a

SHA1
4bf757ef2c3753f03e877063508ffaa6fc5a6922

SHA256
94b3f9974ed092d9422bea5202a2cc12635d5812629b51f47708fc8256c9c846

SHA512
02f47751e1778054fdfa9661909228f208bc99ce9536a7696e133fafafc36eff2862deb6f714a249c2ac44fe2a0eb2387372304013822b1cd9ed7323f3ccd0c0

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State

Filesize
10KB

MD5
662ab2ac1514f3fdaec6d8dac21130b3

SHA1
75f9bb0fb81cf02daeb755b72afdc9609a1fb3a5

SHA256
2071f84a0fdcc80fadae26be996d1af600d153c467ca4a041ff0a36b32da7df3

SHA512
8e4d0227c4538c84e6a45d8710d7a7d6eacf838c2cb23465d3f72f6172213f54b7db8bc76f123b0cf2a1591efe44460a2fef2428d79b55161d0079ff30e96604

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\eee41306-5919-4f1c-80d8-6568db10748f.tmp

Filesize
10KB

MD5
f600bdb3808fc090788d0da1dce04551

SHA1
1e83dffc47088510ba735e212f87f9751f614dd6

SHA256
438c66fce2c2d7e8ee1dcb58417d3daaa2616b887de97dfabb3ae8bc6bc78daa

SHA512
ca29728a557193c3f08c92ff999cc9af8e8bb6044197f2d453f7d8ab75914c503a64b9d92718c7dce48d1b4afb059e731fb0bd0d88711634bce64aae896c253b

Download Submit
C:\Users\Admin\AppData\Local\Temp\DDoS\X

Filesize
1B

MD5
5058f1af8388633f609cadb75a75dc9d

SHA1
3a52ce780950d4d969792a2559cd519d7ee8c727

SHA256
cdb4ee2aea69cc6a83331bbe96dc2caa9a299d21329efb0336fc02a82e1839a8

SHA512
0b61241d7c17bcbb1baee7094d14b7c451efecc7ffcbd92598a0f13d313cc9ebc2a07e61f007baf58fbf94ff9a8695bdd5cae7ce03bbf1e94e93613a00f25f21

Download Submit
C:\Users\Admin\AppData\Local\Temp\DDoS\text.dat

Filesize
162B

MD5
e2b0ae12ad87b057908c355d28286d71

SHA1
be32849dda9b71813ba3612a775aedd88ac3205e

SHA256
779228dd2c4810495d1979063292088f59b682d273c0593aa7c8129c538da3db

SHA512
edd54aaaf4e934557dcd335db101cc2f9d155b533176598703ae542a8f32beabc2969b509b218224f3b6e951c0e908d2d85af4060171d8c33bea6d835c8334c4

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 664528.crdownload

Filesize
6KB

MD5
8faaea57f91463d3aa8f2ce3336d309e

SHA1
01ce947c241ead817cdef519186e2ddf0dd934ee

SHA256
ce7c8045bec0bdb15adcb3c19d71400ed8351b02392d88b7dedc5314992c449d

SHA512
708d27b00c3b3b6a5756afd15a53e919b8d8c57fcd5700fc6cdcf9555ee5c9f693f66e0f8bc682f7f5a9d458765a9ee4accf62c72c0fe59a3390c02991eafc62

Download Submit