Analysis

  • max time kernel
    148s
  • max time network
    152s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240709-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240709-enlocale:en-usos:windows10-2004-x64system
  • submitted
    27-07-2024 15:48

General

  • Target

    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe

  • Size

    74KB

  • MD5

    eff57bbdb0bd6825a3a3476e2fcc86be

  • SHA1

    70a1c8488735dc31f4fcc635deb8220012f50f67

  • SHA256

    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7

  • SHA512

    02b2cb1a9f65813c5ac4f3977e289413c0c0011b036e2d344a4fe7adec960c7709ac083fee9e2239a06ac9ccb6b3e8db28fe577998f861b278bac28e6817e157

  • SSDEEP

    1536:EUEkcx4VHsC0SPMV7e9VdQuDI6H1bf/Y2Qzc2LVclN:EUxcx4GfSPMV7e9VdQsH1bfnQPBY

Score
10/10

Malware Config

Extracted

Family

asyncrat

Version

Venom RAT + HVNC + Stealer + Grabber v6.0.3

Botnet

Default

C2

50.18.145.13:14445

Mutex

ixnmfejwycgpnjpuex

Attributes
  • delay

    1

  • install

    false

  • install_folder

    %AppData%

aes.plain
1
ErT5O92jH7eBiIDvK6c1VIemiD2Fz51C

Signatures

  • AsyncRat

    AsyncRAT is designed to remotely monitor and control other computers written in C#.

  • Suspicious behavior: EnumeratesProcesses 25 IoCs
  • Suspicious use of AdjustPrivilegeToken 1 IoCs
  • Suspicious use of SetWindowsHookEx 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    "C:\Users\Admin\AppData\Local\Temp\be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    • Suspicious use of SetWindowsHookEx
    PID:216

Network

  • flag-us
    DNS
    149.220.183.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    149.220.183.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    69.31.126.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    69.31.126.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    58.55.71.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    58.55.71.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    103.169.127.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    103.169.127.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    15.164.165.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    15.164.165.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    147.142.123.92.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    147.142.123.92.in-addr.arpa
    IN PTR
    Response
    147.142.123.92.in-addr.arpa
    IN PTR
    a92-123-142-147deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 931905
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: D94192D1D3384B41B0AB4789497B50D2 Ref B: LON04EDGE1114 Ref C: 2024-07-27T16:02:06Z
    date: Sat, 27 Jul 2024 16:02:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388067_10M827BSAV5684WY4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388067_10M827BSAV5684WY4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 504771
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 962E10137FBD49EEB54F2845B8B965D7 Ref B: LON04EDGE1114 Ref C: 2024-07-27T16:02:06Z
    date: Sat, 27 Jul 2024 16:02:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 746576
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 188E0270687243F888795073199A642C Ref B: LON04EDGE1114 Ref C: 2024-07-27T16:02:06Z
    date: Sat, 27 Jul 2024 16:02:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388066_1AA9APVCK1AKO8GXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239339388066_1AA9APVCK1AKO8GXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 974623
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 9C1B72333D1D48BC9587566C4BF38CD3 Ref B: LON04EDGE1114 Ref C: 2024-07-27T16:02:06Z
    date: Sat, 27 Jul 2024 16:02:06 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 462432
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: B8FDF4BD738F4A899299667AD8D1841C Ref B: LON04EDGE1114 Ref C: 2024-07-27T16:02:07Z
    date: Sat, 27 Jul 2024 16:02:07 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.28.10:443
    Request
    GET /th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 657438
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A24F5B5BD4614800BAEEE695AA9433DC Ref B: LON04EDGE1114 Ref C: 2024-07-27T16:02:08Z
    date: Sat, 27 Jul 2024 16:02:07 GMT
  • flag-us
    DNS
    13.227.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    13.227.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 150.171.28.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    152.1kB
    4.4MB
    3256
    3249

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301534_15LL3F24A66A7QZTI&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388067_10M827BSAV5684WY4&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388066_1AA9APVCK1AKO8GXG&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239317301101_17QUECVB8G2ENL5IH&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.8kB
    15
    12
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
    6.9kB
    16
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.4kB
    6.9kB
    16
    13
  • 150.171.28.10:443
    tse1.mm.bing.net
    tls, http2
    1.5kB
    6.9kB
    16
    13
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    160 B
    5
    4
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    260 B
    200 B
    5
    5
  • 50.18.145.13:14445
    be6c2a1f8bba3d691f2622d80836db706fbb747e38640cc326b797fc00e916c7.exe
    156 B
    80 B
    3
    2
  • 8.8.8.8:53
    149.220.183.52.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    149.220.183.52.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    69.31.126.40.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    69.31.126.40.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    58.55.71.13.in-addr.arpa
    dns
    70 B
    144 B
    1
    1

    DNS Request

    58.55.71.13.in-addr.arpa

  • 8.8.8.8:53
    103.169.127.40.in-addr.arpa
    dns
    73 B
    147 B
    1
    1

    DNS Request

    103.169.127.40.in-addr.arpa

  • 8.8.8.8:53
    15.164.165.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    15.164.165.52.in-addr.arpa

  • 8.8.8.8:53
    147.142.123.92.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    147.142.123.92.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.28.10
    150.171.27.10

  • 8.8.8.8:53
    13.227.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    13.227.111.52.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/216-0-0x00007FF963273000-0x00007FF963275000-memory.dmp

    Filesize

    8KB

  • memory/216-1-0x0000000000D70000-0x0000000000D88000-memory.dmp

    Filesize

    96KB

  • memory/216-3-0x00007FF963270000-0x00007FF963D31000-memory.dmp

    Filesize

    10.8MB

  • memory/216-4-0x00007FF963273000-0x00007FF963275000-memory.dmp

    Filesize

    8KB

  • memory/216-5-0x00007FF963270000-0x00007FF963D31000-memory.dmp

    Filesize

    10.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.