Analysis

  • max time kernel
    101s
  • max time network
    101s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20250129-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20250129-enlocale:en-usos:windows10-2004-x64system
  • submitted
    05/02/2025, 16:55 UTC

General

  • Target

    d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe

  • Size

    78KB

  • MD5

    9e4738a557e8bc2bf74a9918fb0deb52

  • SHA1

    60552388e129ef942f034a7b4d12094b72a3c76d

  • SHA256

    d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e

  • SHA512

    60f8439a4bb534f78b2c495163b6fbce9593f1572cea84d7934992067f774aee0401c578c96cf3ac3957e4cab7ca4318632a19161d91f440f83b5a7edc250e7e

  • SSDEEP

    1536:52WjO8XeEXFh5P7v88wbjNrfxCXhRoKV6+V+dPICB:5Zv5PDwbjNrmAE+NICB

Malware Config

Extracted

Family

discordrat

Attributes
  • discord_token

    MTMzNDg2ODQ0OTQ4MjI0ODI1NA.Gfn3Zp.JLsMt1DJyl2BRKGnfJyJCStA144I28izJVPav8

  • server_id

    1335159502953254943

Signatures

  • Discord RAT

    A RAT written in C# using Discord as a C2.

  • Discordrat family
  • Suspicious use of AdjustPrivilegeToken 1 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe
    "C:\Users\Admin\AppData\Local\Temp\d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe"
    1⤵
    • Suspicious use of AdjustPrivilegeToken
    PID:2680

Network

  • flag-us
    DNS
    gateway.discord.gg
    d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe
    Remote address:
    8.8.8.8:53
    Request
    gateway.discord.gg
    IN A
    Response
    gateway.discord.gg
    IN A
    162.159.133.234
    gateway.discord.gg
    IN A
    162.159.130.234
    gateway.discord.gg
    IN A
    162.159.134.234
    gateway.discord.gg
    IN A
    162.159.136.234
    gateway.discord.gg
    IN A
    162.159.135.234
  • flag-us
    GET
    https://gateway.discord.gg/?v=9&encording=json
    d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe
    Remote address:
    162.159.133.234:443
    Request
    GET /?v=9&encording=json HTTP/1.1
    Connection: Upgrade,Keep-Alive
    Upgrade: websocket
    Sec-WebSocket-Key: slusQmLT1MVM1NBRTOvX7w==
    Sec-WebSocket-Version: 13
    Host: gateway.discord.gg
    Response
    HTTP/1.1 101 Switching Protocols
    Date: Wed, 05 Feb 2025 16:55:24 GMT
    Connection: upgrade
    sec-websocket-accept: C5L3KNo4d2xfAPxJj4t9oxcUI7Q=
    upgrade: websocket
    cf-cache-status: DYNAMIC
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ljl1ZtvF7b%2FzrRP%2F84Nl%2BWueGQY7XvoSoPBj7%2FegOBJ3aWPBqaO9QaKRmXGIXQijWtymNCEUgBb%2Fflly8BwGbt3rYSN%2FuQzDfqvQ0mt7l%2B%2ByFobvU43HDpfEVwVTl8Kf3O30Eg%3D%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
    X-Content-Type-Options: nosniff
    Server: cloudflare
    CF-RAY: 90d46d88ad1b3d88-LHR
  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    234.133.159.162.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    234.133.159.162.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    4.160.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    4.160.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    167.173.78.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    167.173.78.104.in-addr.arpa
    IN PTR
    Response
    167.173.78.104.in-addr.arpa
    IN PTR
    a104-78-173-167deploystaticakamaitechnologiescom
  • flag-us
    DNS
    83.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    83.210.23.2.in-addr.arpa
    IN PTR
    Response
    83.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-83deploystaticakamaitechnologiescom
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    212.20.149.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    212.20.149.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    166.190.18.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    166.190.18.2.in-addr.arpa
    IN PTR
    Response
    166.190.18.2.in-addr.arpa
    IN PTR
    a2-18-190-166deploystaticakamaitechnologiescom
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    88.210.23.2.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.210.23.2.in-addr.arpa
    IN PTR
    Response
    88.210.23.2.in-addr.arpa
    IN PTR
    a2-23-210-88deploystaticakamaitechnologiescom
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    ax-0001.ax-msedge.net
    ax-0001.ax-msedge.net
    IN A
    150.171.27.10
    ax-0001.ax-msedge.net
    IN A
    150.171.28.10
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783922_1P8P4SILGVABIECBS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340783922_1P8P4SILGVABIECBS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 520601
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 60AC68029B0A4B71BDF3F9A543B20088 Ref B: LON04EDGE1118 Ref C: 2025-02-05T16:57:03Z
    date: Wed, 05 Feb 2025 16:57:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 364778
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: EECDB80E1ED24AA28BBB3BA529F73758 Ref B: LON04EDGE1118 Ref C: 2025-02-05T16:57:03Z
    date: Wed, 05 Feb 2025 16:57:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 485173
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 4E5E26A1C45F43F0A9BDF8AA4795AFD0 Ref B: LON04EDGE1118 Ref C: 2025-02-05T16:57:03Z
    date: Wed, 05 Feb 2025 16:57:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388216_1SP7N5FKYH04QEW3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388216_1SP7N5FKYH04QEW3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 533604
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 5D3F686C1FE0468BBF2643B43348E6B6 Ref B: LON04EDGE1118 Ref C: 2025-02-05T16:57:03Z
    date: Wed, 05 Feb 2025 16:57:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783923_1O9T0OORJJUW96HF9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239340783923_1O9T0OORJJUW96HF9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 434384
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 7788DE560B3A401FA4B9AE786F924414 Ref B: LON04EDGE1118 Ref C: 2025-02-05T16:57:03Z
    date: Wed, 05 Feb 2025 16:57:02 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    150.171.27.10:443
    Request
    GET /th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 374313
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: A3894A15565A4F778C9FAC7E80037A2A Ref B: LON04EDGE1118 Ref C: 2025-02-05T16:57:04Z
    date: Wed, 05 Feb 2025 16:57:03 GMT
  • 162.159.133.234:443
    https://gateway.discord.gg/?v=9&encording=json
    tls, http
    d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe
    1.2kB
    4.5kB
    11
    14

    HTTP Request

    GET https://gateway.discord.gg/?v=9&encording=json

    HTTP Response

    101
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
    6.9kB
    15
    13
  • 150.171.27.10:443
    https://tse1.mm.bing.net/th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    115.5kB
    2.8MB
    2036
    2030

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783922_1P8P4SILGVABIECBS&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239400979857_14A87O62ZUJXBN0IX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239400979856_1C4ONTMUVBZM2U4CN&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388216_1SP7N5FKYH04QEW3Y&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783923_1O9T0OORJJUW96HF9&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239339388217_1U4N1IRR5P78Z350M&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 8.8.8.8:53
    gateway.discord.gg
    dns
    d7acea46b8e52588087f38b54d354b69d37e376c4c58c655ef6e0c2a6aaedd1e.exe
    64 B
    144 B
    1
    1

    DNS Request

    gateway.discord.gg

    DNS Response

    162.159.133.234
    162.159.130.234
    162.159.134.234
    162.159.136.234
    162.159.135.234

  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
    90 B
    1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    234.133.159.162.in-addr.arpa
    dns
    74 B
    136 B
    1
    1

    DNS Request

    234.133.159.162.in-addr.arpa

  • 8.8.8.8:53
    4.160.190.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    4.160.190.20.in-addr.arpa

  • 8.8.8.8:53
    167.173.78.104.in-addr.arpa
    dns
    73 B
    139 B
    1
    1

    DNS Request

    167.173.78.104.in-addr.arpa

  • 8.8.8.8:53
    83.210.23.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    83.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    212.20.149.52.in-addr.arpa
    dns
    72 B
    146 B
    1
    1

    DNS Request

    212.20.149.52.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
    157 B
    1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    166.190.18.2.in-addr.arpa
    dns
    71 B
    135 B
    1
    1

    DNS Request

    166.190.18.2.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
    128 B
    1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
    158 B
    1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

  • 8.8.8.8:53
    88.210.23.2.in-addr.arpa
    dns
    70 B
    133 B
    1
    1

    DNS Request

    88.210.23.2.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
    170 B
    1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    150.171.27.10
    150.171.28.10

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/2680-0-0x00007FFA8F8D3000-0x00007FFA8F8D5000-memory.dmp

    Filesize

    8KB

  • memory/2680-1-0x00000134F1E50000-0x00000134F1E68000-memory.dmp

    Filesize

    96KB

  • memory/2680-2-0x00000134F4600000-0x00000134F47C2000-memory.dmp

    Filesize

    1.8MB

  • memory/2680-3-0x00007FFA8F8D0000-0x00007FFA90391000-memory.dmp

    Filesize

    10.8MB

  • memory/2680-4-0x00000134F4D00000-0x00000134F5228000-memory.dmp

    Filesize

    5.2MB

  • memory/2680-5-0x00007FFA8F8D3000-0x00007FFA8F8D5000-memory.dmp

    Filesize

    8KB

  • memory/2680-6-0x00007FFA8F8D0000-0x00007FFA90391000-memory.dmp

    Filesize

    10.8MB

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.