Analysis Overview
SHA256
7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1
Threat Level: Known bad
The file Swiftfn.exe was found to be: Known bad.
Malicious Activity Summary
Async RAT payload
Asyncrat family
AsyncRat
Async RAT payload
Executes dropped EXE
Checks computer location settings
Enumerates physical storage devices
Unsigned PE
Suspicious behavior: EnumeratesProcesses
Delays execution with timeout.exe
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Creates scheduled task(s)
MITRE ATT&CK
Enterprise Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-04-30 21:56
Signatures
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Asyncrat family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral2
Detonation Overview
Submitted
2023-04-30 21:56
Reported
2023-04-30 22:43
Platform
win7-20230220-en
Max time kernel
1798s
Max time network
1802s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe
"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"' & exit
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"'
C:\Windows\system32\cmd.exe
cmd /c ""C:\Users\Admin\AppData\Local\Temp\tmp3554.tmp.bat""
C:\Windows\system32\timeout.exe
timeout 3
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
Files
memory/1388-54-0x0000000000100000-0x0000000000112000-memory.dmp
memory/1388-55-0x000000001AF70000-0x000000001AFF0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp3554.tmp.bat
| MD5 | 624ce4441d0ca2b99daec192a7a047d8 |
| SHA1 | 42a0eaa983ca28d5a49372e455ad8808176d7a6d |
| SHA256 | fce80830eba5ac4c20cfe6284ffd9a7842b23a0d4f807e5fe03dde09248dd78b |
| SHA512 | 4c150e28f04d5e32b7d586f974027d5e37a7c4f5524e2b7e8386e9cc4699e5354849d005d796d3fc40ee21978ba1b429e4f3b5b41c8dcb585b8e0814e09f5287 |
C:\Users\Admin\AppData\Local\Temp\tmp3554.tmp.bat
| MD5 | 624ce4441d0ca2b99daec192a7a047d8 |
| SHA1 | 42a0eaa983ca28d5a49372e455ad8808176d7a6d |
| SHA256 | fce80830eba5ac4c20cfe6284ffd9a7842b23a0d4f807e5fe03dde09248dd78b |
| SHA512 | 4c150e28f04d5e32b7d586f974027d5e37a7c4f5524e2b7e8386e9cc4699e5354849d005d796d3fc40ee21978ba1b429e4f3b5b41c8dcb585b8e0814e09f5287 |
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
| MD5 | 25d7952b3e8c9f0872ecf4f099cea1a2 |
| SHA1 | 976e307d3fc015452e70acd29ebddef0d8823fac |
| SHA256 | 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1 |
| SHA512 | f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb |
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
| MD5 | 25d7952b3e8c9f0872ecf4f099cea1a2 |
| SHA1 | 976e307d3fc015452e70acd29ebddef0d8823fac |
| SHA256 | 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1 |
| SHA512 | f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb |
memory/980-68-0x0000000000EC0000-0x0000000000ED2000-memory.dmp
memory/980-69-0x000000001B1F0000-0x000000001B270000-memory.dmp
memory/980-87-0x000000001B1F0000-0x000000001B270000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 3ac860860707baaf32469fa7cc7c0192 |
| SHA1 | c33c2acdaba0e6fa41fd2f00f186804722477639 |
| SHA256 | d015145d551ecd14916270efad773bbc9fd57fad2228d2c24559f696c961d904 |
| SHA512 | d62ad2408c969a95550fb87efda50f988770ba5e39972041bf85924275baf156b8bec309ecc6409e5acdd37ec175dea40eff921ab58933b5b5b5d35a6147567c |
C:\Users\Admin\AppData\Local\Temp\Tar9B7D.tmp
| MD5 | 4ff65ad929cd9a367680e0e5b1c08166 |
| SHA1 | c0af0d4396bd1f15c45f39d3b849ba444233b3a2 |
| SHA256 | c8733c93cc5aaf5ca206d06af22ee8dbdec764fb5085019a6a9181feb9dfdee6 |
| SHA512 | f530dc0d024a5a3b8903ffaaa41b608a5ccdd6da4ba1949f2c2e55a9fca475fec5c8d2119b5763cabe7ef1c3788fb9dcac621869db51d65b1d83cfe404fb4c27 |
Analysis: behavioral3
Detonation Overview
Submitted
2023-04-30 21:56
Reported
2023-04-30 22:43
Platform
win10v2004-20230220-en
Max time kernel
1799s
Max time network
1803s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1675742406-747946869-1029867430-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe
"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"' & exit
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmp93C9.tmp.bat""
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"'
C:\Windows\system32\timeout.exe
timeout 3
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"
Network
| Country | Destination | Domain | Proto |
| NL | 20.123.141.233:443 | tcp | |
| US | 8.8.8.8:53 | 123.108.74.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 209.205.72.20.in-addr.arpa | udp |
| US | 52.152.108.96:443 | tcp | |
| US | 8.8.8.8:53 | 177.17.30.184.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.103.197.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 20.189.173.5:443 | tcp | |
| US | 8.8.8.8:53 | 36.43.235.68.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 63.13.109.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.36.159.162.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 42.220.44.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 240.81.21.72.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 93.184.220.29:80 | tcp | |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 71.31.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 18.31.95.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 99.113.223.173.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 113.66.64.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 250.255.255.239.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 1.202.248.87.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 254.21.238.8.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 42.134.221.88.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 32.134.221.88.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 90.65.42.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| N/A | 185.161.248.73:4164 | tcp | |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 34.146.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 229.78.74.40.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 134.121.24.20.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 97.238.32.23.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
Files
memory/4644-133-0x0000000000A60000-0x0000000000A72000-memory.dmp
memory/4644-134-0x000000001B750000-0x000000001B760000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmp93C9.tmp.bat
| MD5 | 30d29a897c96ae8e74b716f338af59d3 |
| SHA1 | 90f1e28173c267a6467d6712cb27e0dfdbffbf18 |
| SHA256 | 8f66e0f5d39d0d88efbf9d3063ce2348baf9b6339fbef52be56e9601ed989051 |
| SHA512 | d8fd19b771a86b79bd86bf0bddce4387cf1ac740448bdf8d9fef8a099eb79f18c6229a4e2dc788ffe2d851c202a89338f7a7dcafcf9ce0e66c2bf6176550c332 |
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
| MD5 | 25d7952b3e8c9f0872ecf4f099cea1a2 |
| SHA1 | 976e307d3fc015452e70acd29ebddef0d8823fac |
| SHA256 | 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1 |
| SHA512 | f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb |
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
| MD5 | 25d7952b3e8c9f0872ecf4f099cea1a2 |
| SHA1 | 976e307d3fc015452e70acd29ebddef0d8823fac |
| SHA256 | 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1 |
| SHA512 | f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb |
memory/3516-143-0x000000001C6A0000-0x000000001C6B0000-memory.dmp
memory/3516-144-0x000000001C6A0000-0x000000001C6B0000-memory.dmp
Analysis: behavioral1
Detonation Overview
Submitted
2023-04-30 21:56
Reported
2023-04-30 22:43
Platform
win10-20230220-en
Max time kernel
1802s
Max time network
1808s
Command Line
Signatures
AsyncRat
Async RAT payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker.exe | N/A |
Enumerates physical storage devices
Creates scheduled task(s)
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\schtasks.exe | N/A |
Delays execution with timeout.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\timeout.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
Suspicious use of AdjustPrivilegeToken
| Description | Indicator | Process | Target |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe | N/A |
| Token: SeDebugPrivilege | N/A | C:\Users\Admin\AppData\Roaming\Runtime Broker.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe
"C:\Users\Admin\AppData\Local\Temp\Swiftfn.exe"
C:\Windows\system32\cmd.exe
C:\Windows\system32\cmd.exe /c ""C:\Users\Admin\AppData\Local\Temp\tmpCC0F.tmp.bat""
C:\Windows\System32\cmd.exe
"C:\Windows\System32\cmd.exe" /c schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"' & exit
C:\Windows\system32\timeout.exe
timeout 3
C:\Windows\system32\schtasks.exe
schtasks /create /f /sc onlogon /rl highest /tn "Runtime Broker" /tr '"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"'
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
"C:\Users\Admin\AppData\Roaming\Runtime Broker.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 36.43.235.68.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 20.189.173.6:443 | tcp | |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.247.210.254:80 | tcp | |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 44.8.109.52.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 85.65.42.20.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | 1.208.79.178.in-addr.arpa | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 8.8.8.8:53 | dom45x.duckdns.org | udp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
| US | 68.235.43.36:62180 | dom45x.duckdns.org | tcp |
Files
memory/2488-121-0x00000000000B0000-0x00000000000C2000-memory.dmp
memory/2488-122-0x000000001ACB0000-0x000000001ACC0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\tmpCC0F.tmp.bat
| MD5 | 8e322549befedb27d4334ad06fa57de7 |
| SHA1 | b5b5ba07e644a61180b845fad3dfd1cb4c689e92 |
| SHA256 | b8fa7516cec8a3a7a022663e8b67e86fa785a38abb65c3fcd60a77777783cd51 |
| SHA512 | 839d4c7727c9558fdd3be074637432602f252af7518ce5b8a396aafc0be52bc34c88f35e4b3fea68f94e9dc7d347f068acc7411ba05360dd679445336ea471bf |
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
| MD5 | 25d7952b3e8c9f0872ecf4f099cea1a2 |
| SHA1 | 976e307d3fc015452e70acd29ebddef0d8823fac |
| SHA256 | 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1 |
| SHA512 | f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb |
C:\Users\Admin\AppData\Roaming\Runtime Broker.exe
| MD5 | 25d7952b3e8c9f0872ecf4f099cea1a2 |
| SHA1 | 976e307d3fc015452e70acd29ebddef0d8823fac |
| SHA256 | 7fb468df5b46d1eb0f26e737c515a5a10794b84c9193628efb71c9c32fe8edc1 |
| SHA512 | f81102833efd450be231d238f3065cf3d5cb9ae6c60f0a4e6b057ffd4c78a2767b0fd8aff54e0bb08ebdf5b5da293f622e68c4874776f0fa25adfd639ca4f3eb |
memory/2900-131-0x000000001B5F0000-0x000000001B600000-memory.dmp
memory/2900-134-0x000000001B5F0000-0x000000001B600000-memory.dmp