File name:

malware_sample_bac.exe

Full analysis: https://app.any.run/tasks/b16b74c0-dbe0-4bf4-94a7-15a0445f51a5
Verdict: Malicious activity
Threats:

RisePro, an information-stealing malware, targets a wide range of sensitive data, including credit cards, passwords, and cryptocurrency wallets. By compromising infected devices, RisePro can steal valuable information and potentially cause significant financial and personal losses for victims.

Malware Trends Tracker     >>>
Analysis date: June 09, 2024, 13:17:59
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Tags:
risepro
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

4A36FA7C0CCBC6842C541A6439AB545A

SHA1:

9257009DD59AC4DB2518293BCD46BE058D937284

SHA256:

CA9B2380DF90AC17D8C042DB4AB442FFAD68CC52CD2E557D855F7D571469198F

SSDEEP:

98304:0ZQeer3wK/8sSbYg9gxhf27IeCCySnpGUjhDyAjm/3oigU0eAXX6vrcvuPUp93QT:hbYZ

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • malware_sample_bac.exe (PID: 3976)

    • RISEPRO has been detected (YARA)

      • malware_sample_bac.exe (PID: 3976)

  • SUSPICIOUS

    • Reads the BIOS version

      • malware_sample_bac.exe (PID: 3976)

    • Connects to unusual port

      • malware_sample_bac.exe (PID: 3976)

  • INFO

    • Checks supported languages

      • malware_sample_bac.exe (PID: 3976)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report

RisePro

(PID) Process(3976) malware_sample_bac.exe
C2 (1)193.233.132.253:50500
Strings (374)K-Melon
\MultiDoge
\Accounts\Account.rec0
\TotalCommander
\Jaxx Liberty
\information.txt
\launcher_msa_credentials.bin
Piw)o
\Comodo\IceDragon
\save.dat
\NVIDIA Corporation\NVIDIA GeForce Experience
ChromePlus
discord.com/api/v9/users/@me
ipinfo.io/widget/demo/
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
\MultiDoge\multidoge.wallet
C:\program files (x86)\steam
InternetCloseHandle
Vivaldi
ChromiumViewer
\discordptb
SYSTEM\CurrentControlSet\Services\VBoxGuest
Ixcoin
An uncaught exception occurred_ip1:
Steam
IEUpdater
DashCore
Citrio
An uncaught exception occurred1. The type was unknown so no information was available.
\config.json
HWID: %s
\Element\Local Storage
Pale Moon
IceDragon
\Coinomi\Coinomi\wallets
SELECT name FROM sqlite_master WHERE type='table';
\NETGATE Technologies\BlackHawk
\Torch\User Data
" /tr "
\key_datas
An uncaught exception occurred_ip4:
\Kometa\User Data
\.minecraft\launcher_accounts.json
\ElectrumLTC
\Atomic
uCozMedia
'_BBc
download_history
\ICQ\0001
Namecoin
SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
RAM: %u MB
CocCoc
An uncaught exception occurred_ip0_2. The type was unknown so no information was available.
dQw4w9WgXcQ:[^.*\['(.*)'\].*$][^"]*
WINHTTP.dll
Display Resolution: %dx%d
GoldCoin (GLD)
\config
VaultEnumerateItems
Yandex
GetObjectNameInThread
Reddcoin
\Google\Chrome\User Data
\Downloads
\.feather\accounts.json
Local Time: %d/%d/%d %d:%d:%d
\Guarda
CentBrowser
SOFTWARE\Microso
\OpenVPN Connect
\Comodo\User Data
\MapleStudio\ChromePlus\User Data
\Local Storage
An uncaught exception occurred_ip2. The type was unknown so no information was available.
DisableIOAVProtection
\Storage
SOFTWARE\Policies\Microsoft\Windows\System
*iw)o
\Ethereum\wallets
Chromodo
Version: %s
\Binance\app-store.json
\Opera Software
(CREATE TABLE
Unknown
SOFTWARE\Microsoft\Cryptography
\Bither\bither.db
\Wallets
\Moonchild Productions\Pale Moon
\Wasabi
LOCALAPPDATA
Opera GX
Display Language: %ws
\CentBrowser\User Data
\Autofill
autofill
WQqVmU
\History
VaultGetItem
\Opera Software\Opera Stable
Outlook
\CatalinaGroup\Citrio\User Data
email
\Uran\User Data
\CocCoc\Browser\User Data
\Vivaldi\User Data
Work Dir: %s
cards
\liebao\User Data
tntdll.dll
\Browsers
UserName: %s
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
ProductName
\GHISLER\wcx_ftp.ini
\Comodo\Dragon\User Data
\Telegram
DisableOnAccessProtection
\iw)o
w)oSystem\CurrentControlSet\Services\Tcpip\Parameters
\Growtopia\save.dat
tFn,v_1#
\Coowon\Coowon\User Data
Nichrome
Battle.net
\launcher_profiles.json
\Battle.net
WinHttpSetTimeouts
Florincoin
ZIP (Autofills): %s
360Browser
\Bither
\Yandex\YandexBrowser\User Data
\accounts.txt
Zcash
Brave
\Iridium\User Data
8r<f`~65k
MPGPH
api.myip.com/
Location: %s, %s
DisableBehaviorMonitoring
3b1$ i
\BraveSoftware\Brave-Browser\User Data
WARE\Classes\Foxmail\shell\open\command
DisableAntiSpyware
wb\foxmail.txt
MachineGuid
\ey_tokens.txt
\Coinomi
\.minecraft\launcher_profiles.json
\Session Storage
\Games
Keyboard Languages:
HttpSendRequestA
logins
\app-store.json
\launcher_accounts.json
ALLUSERSPROFILE
WSASend
\Electrum-LTC\wallets
CryptoTab
Epic Privacy Browser
\Ledger Live
Account
Build: %s
BlackHawk
Orbitum
EnableSmartScreen
\Microsoft\Skype for Desktop\Local Storage
\Chedot\User Data
\Maxthon3\User Data
\tdata
\Plugins
\uCozMedia\Uran\User Data
Local State
WinHttpCloseHandle
\multidoge.wallet
YACoin
\Steam
onoffalseyestruefull
IOCoin
\Telegram Desktop
\accounts.xml
InternetReadFile
\LocalPrefs.json
DisableRawWriteNotification
devcoin
IP: %s
\.lunarclient\settings\games\accounts.txt
\com.liberty.jaxx
Coowon
\Epic Privacy Browser\User Data
\Mail.Ru\Atom\User Data
\WalletWasabi\Client\Wallets
Primecoin
\FeatherClient
\Mozilla\Firefox
;ox=>/p
" /tn "
\Jaxx
\Local State
country
An uncaught exception occurred1:
NtDuplicateObject
\K-Meleon
\Growtopia
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
An uncaught exception occurred_ip0_1. The type was unknown so no information was available.
SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
\K-Melon\User Data
[Hardware]
6iw)o
\OpenVPN Connect\profiles
Token: %s
\360Browser\Browser\User Data
;SELECT * FROM
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Comodo
history
Dragon
\Elements Browser\User Data
Network
WinHttpReadData
Iridium
ntdll.dll
An uncaught exception occurred_ip1. The type was unknown so no information was available.
VideoCard #%d: %s
An uncaught exception occurred_ip2:
\.tlauncher\mcl\Minecraft\game\tlauncher_profiles.json
\Pidgin
api64.ipify.org/?format=json
GTAVI
SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
[Software]
\Sync Extension Settings\
%s [%d]
7Star
LegalHelper
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Kometa
Maxthon3
\atomic\Local Storage
MachineID: %s
WinHttpOpen
\Armory
\Exodus
\wallet.dat
/ %s
\LunarClient
\Chromodo\User Data
Torch
\.purple
demoInfo
\IndexedDB
\discorddevelopment
\Ethereum
SYSTEM\CurrentControlSet\Services\vmhgfs
\QIP Surf\User Data
\Electrum
digitalcoin
\Electrum\wallets
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CF
DisableRealtimeMonitoring
RageMP
\Jaxx\Local Storage
username
\databases
Opera
\Sputnik\Sputnik\User Data
\Element
\7Star\7Star\User Data
An uncaught exception occurred_ip0_2:
db-ip.com/demo/home.php?s=
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
K-Meleon
DisableScanOnRealtimeEnable
User Name: %s
\Microsoft\Edge\User Data
liebao
Infinitecoin
LocalPrefs.json
An uncaught exception occurred_ip4. The type was unknown so no information was available.
\Amigo\User\User Data
\TLauncher
Daedalus Mainnet
\8pecxstudios\Cyberfox
DisplayVersion
BBQCoin
svchost
\Nichrome\User Data
QIP Surf
Sputnik
OperaConnect
\Minecraft
schtasks /create /f /RU "
\Orbitum\User Data
GUID: %s
Processor: %s
\Mozilla\SeaMonkey
DisableRoutinelyTakingAction
Mincoin
ProcessorNameString
\Monero
\Binance
Freicoin
\accounts.json
DiscordDevelopment
1.1.1.1
\ElectronCash\wallets
\Chromium\User Data
Litecoin
Chrome
\ElectronCash
\Skype
www.maxmind.com/geoip/v2.1/city/me
MP.tmp
cookies
os_crypt
lsass
Path: %s
\bither.db
iw)ou
\NetboxBrowser\User Data
\tlauncher_profiles.json
\Google(x86)\Chrome\User Data
Language: Unknown
NVIDIA
Elements Browser
w)o!F
LG" /sc ONLOGON /rl HIGHEST
wb\discord.txt
\FileZilla
Iy:__
\profiles.ini
Amigo
APPDATA
\Messengers
Megacoin
\CryptoTab Browser\User Data
Chedot
An uncaught exception occurred_ip0_1:
Franko
E-MAIL: %s
DiscordPTB
[Processes]
Exclusions_Extensions
Software\Microsoft\Windows\CurrentVersion\Run
Password: %s
CPU Count: %d
HR" /sc HOURLY /rl HIGHEST
Chromium
Waterfox
wb\passwords.txt
C:\program files\steam
Dd!{zj
DisplayName
Cyberfox
Computer Name: %s [%s]
Chrome (x86)
\Signal
NetboxBrowser
gtokens
Terracoin
\wallets
\Exodus\exodus.wallet
InternetQueryOptionA
\wcx_ftp.ini
SOFTWARE\Policies\Microsoft\Windows Defender
1wsHp
\.minecraft\launcher_msa_credentials.bin
\GoogleAccounts
No Malware configuration.

TRiD

.exe | Win64 Executable (generic) (76.4)
.exe | Win32 Executable (generic) (12.4)
.exe | Generic Win/DOS Executable (5.5)
.exe | DOS Executable Generic (5.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2024:04:21 07:58:40+00:00
ImageFileCharacteristics: Executable, 32-bit
PEType: PE32
LinkerVersion: 14.39
CodeSize: 1445888
InitializedDataSize: 694784
UninitializedDataSize: -
EntryPoint: 0x594f20
OSVersion: 6
ImageVersion: -
SubsystemVersion: 6
Subsystem: Windows GUI
FileVersionNumber: 16.0.14326.21798
ProductVersionNumber: 16.0.14326.21798
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
CompanyName: Installer Corporation
FileDescription: Installer Communications
FileVersion: 16.0.14326.21798
InternalName: HxInstallerkBackground
LegalTrademarks1: Wise is a registered trademark
LegalTrademarks2: Wise is a registered trademark
OriginalFileName: HxInstallerBackground.dll
ProductName: Installer Pack
ProductVersion: 16.0.14326.21798
No data.
screenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
32
Monitored processes
1
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start #RISEPRO malware_sample_bac.exe

Process information

PID
CMD
Path
Indicators
Parent process
3976"C:\Users\admin\AppData\Local\Temp\malware_sample_bac.exe" C:\Users\admin\AppData\Local\Temp\malware_sample_bac.exe
explorer.exe
User:
admin
Company:
Installer Corporation
Integrity Level:
MEDIUM
Description:
Installer Communications
Version:
16.0.14326.21798
Modules
Images
c:\users\admin\appdata\local\temp\malware_sample_bac.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
RisePro
(PID) Process(3976) malware_sample_bac.exe
C2 (1)193.233.132.253:50500
Strings (374)K-Melon
\MultiDoge
\Accounts\Account.rec0
\TotalCommander
\Jaxx Liberty
\information.txt
\launcher_msa_credentials.bin
Piw)o
\Comodo\IceDragon
\save.dat
\NVIDIA Corporation\NVIDIA GeForce Experience
ChromePlus
discord.com/api/v9/users/@me
ipinfo.io/widget/demo/
Software\Microsoft\Office\16.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
\MultiDoge\multidoge.wallet
C:\program files (x86)\steam
InternetCloseHandle
Vivaldi
ChromiumViewer
\discordptb
SYSTEM\CurrentControlSet\Services\VBoxGuest
Ixcoin
An uncaught exception occurred_ip1:
Steam
IEUpdater
DashCore
Citrio
An uncaught exception occurred1. The type was unknown so no information was available.
\config.json
HWID: %s
\Element\Local Storage
Pale Moon
IceDragon
\Coinomi\Coinomi\wallets
SELECT name FROM sqlite_master WHERE type='table';
\NETGATE Technologies\BlackHawk
\Torch\User Data
" /tr "
\key_datas
An uncaught exception occurred_ip4:
\Kometa\User Data
\.minecraft\launcher_accounts.json
\ElectrumLTC
\Atomic
uCozMedia
'_BBc
download_history
\ICQ\0001
Namecoin
SOFTWARE\Policies\Microsoft\Windows Defender\Real-Time Protection
RAM: %u MB
CocCoc
An uncaught exception occurred_ip0_2. The type was unknown so no information was available.
dQw4w9WgXcQ:[^.*\['(.*)'\].*$][^"]*
WINHTTP.dll
Display Resolution: %dx%d
GoldCoin (GLD)
\config
VaultEnumerateItems
Yandex
GetObjectNameInThread
Reddcoin
\Google\Chrome\User Data
\Downloads
\.feather\accounts.json
Local Time: %d/%d/%d %d:%d:%d
\Guarda
CentBrowser
SOFTWARE\Microso
\OpenVPN Connect
\Comodo\User Data
\MapleStudio\ChromePlus\User Data
\Local Storage
An uncaught exception occurred_ip2. The type was unknown so no information was available.
DisableIOAVProtection
\Storage
SOFTWARE\Policies\Microsoft\Windows\System
*iw)o
\Ethereum\wallets
Chromodo
Version: %s
\Binance\app-store.json
\Opera Software
(CREATE TABLE
Unknown
SOFTWARE\Microsoft\Cryptography
\Bither\bither.db
\Wallets
\Moonchild Productions\Pale Moon
\Wasabi
LOCALAPPDATA
Opera GX
Display Language: %ws
\CentBrowser\User Data
\Autofill
autofill
WQqVmU
\History
VaultGetItem
\Opera Software\Opera Stable
Outlook
\CatalinaGroup\Citrio\User Data
email
\Uran\User Data
\CocCoc\Browser\User Data
\Vivaldi\User Data
Work Dir: %s
cards
\liebao\User Data
tntdll.dll
\Browsers
UserName: %s
Software\Microsoft\Office\15.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676
\Fenrir Inc\Sleipnir5\setting\modules\ChromiumViewer
ProductName
\GHISLER\wcx_ftp.ini
\Comodo\Dragon\User Data
\Telegram
DisableOnAccessProtection
\iw)o
w)oSystem\CurrentControlSet\Services\Tcpip\Parameters
\Growtopia\save.dat
tFn,v_1#
\Coowon\Coowon\User Data
Nichrome
Battle.net
\launcher_profiles.json
\Battle.net
WinHttpSetTimeouts
Florincoin
ZIP (Autofills): %s
360Browser
\Bither
\Yandex\YandexBrowser\User Data
\accounts.txt
Zcash
Brave
\Iridium\User Data
8r<f`~65k
MPGPH
api.myip.com/
Location: %s, %s
DisableBehaviorMonitoring
3b1$ i
\BraveSoftware\Brave-Browser\User Data
WARE\Classes\Foxmail\shell\open\command
DisableAntiSpyware
wb\foxmail.txt
MachineGuid
\ey_tokens.txt
\Coinomi
\.minecraft\launcher_profiles.json
\Session Storage
\Games
Keyboard Languages:
HttpSendRequestA
logins
\app-store.json
\launcher_accounts.json
ALLUSERSPROFILE
WSASend
\Electrum-LTC\wallets
CryptoTab
Epic Privacy Browser
\Ledger Live
Account
Build: %s
BlackHawk
Orbitum
EnableSmartScreen
\Microsoft\Skype for Desktop\Local Storage
\Chedot\User Data
\Maxthon3\User Data
\tdata
\Plugins
\uCozMedia\Uran\User Data
Local State
WinHttpCloseHandle
\multidoge.wallet
YACoin
\Steam
onoffalseyestruefull
IOCoin
\Telegram Desktop
\accounts.xml
InternetReadFile
\LocalPrefs.json
DisableRawWriteNotification
devcoin
IP: %s
\.lunarclient\settings\games\accounts.txt
\com.liberty.jaxx
Coowon
\Epic Privacy Browser\User Data
\Mail.Ru\Atom\User Data
\WalletWasabi\Client\Wallets
Primecoin
\FeatherClient
\Mozilla\Firefox
;ox=>/p
" /tn "
\Jaxx
\Local State
country
An uncaught exception occurred1:
NtDuplicateObject
\K-Meleon
\Growtopia
Software\Microsoft\Windows Messaging Subsystem\Profiles\9375CFF0413111d3B88A00104B2A6676
An uncaught exception occurred_ip0_1. The type was unknown so no information was available.
SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Extensions
\K-Melon\User Data
[Hardware]
6iw)o
\OpenVPN Connect\profiles
Token: %s
\360Browser\Browser\User Data
;SELECT * FROM
HARDWARE\DESCRIPTION\System\CentralProcessor\0
Comodo
history
Dragon
\Elements Browser\User Data
Network
WinHttpReadData
Iridium
ntdll.dll
An uncaught exception occurred_ip1. The type was unknown so no information was available.
VideoCard #%d: %s
An uncaught exception occurred_ip2:
\.tlauncher\mcl\Minecraft\game\tlauncher_profiles.json
\Pidgin
api64.ipify.org/?format=json
GTAVI
SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions
[Software]
\Sync Extension Settings\
%s [%d]
7Star
LegalHelper
SOFTWARE\Microsoft\Windows NT\CurrentVersion
Kometa
Maxthon3
\atomic\Local Storage
MachineID: %s
WinHttpOpen
\Armory
\Exodus
\wallet.dat
/ %s
\LunarClient
\Chromodo\User Data
Torch
\.purple
demoInfo
\IndexedDB
\discorddevelopment
\Ethereum
SYSTEM\CurrentControlSet\Services\vmhgfs
\QIP Surf\User Data
\Electrum
digitalcoin
\Electrum\wallets
Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CF
DisableRealtimeMonitoring
RageMP
\Jaxx\Local Storage
username
\databases
Opera
\Sputnik\Sputnik\User Data
\Element
\7Star\7Star\User Data
An uncaught exception occurred_ip0_2:
db-ip.com/demo/home.php?s=
SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
K-Meleon
DisableScanOnRealtimeEnable
User Name: %s
\Microsoft\Edge\User Data
liebao
Infinitecoin
LocalPrefs.json
An uncaught exception occurred_ip4. The type was unknown so no information was available.
\Amigo\User\User Data
\TLauncher
Daedalus Mainnet
\8pecxstudios\Cyberfox
DisplayVersion
BBQCoin
svchost
\Nichrome\User Data
QIP Surf
Sputnik
OperaConnect
\Minecraft
schtasks /create /f /RU "
\Orbitum\User Data
GUID: %s
Processor: %s
\Mozilla\SeaMonkey
DisableRoutinelyTakingAction
Mincoin
ProcessorNameString
\Monero
\Binance
Freicoin
\accounts.json
DiscordDevelopment
1.1.1.1
\ElectronCash\wallets
\Chromium\User Data
Litecoin
Chrome
\ElectronCash
\Skype
www.maxmind.com/geoip/v2.1/city/me
MP.tmp
cookies
os_crypt
lsass
Path: %s
\bither.db
iw)ou
\NetboxBrowser\User Data
\tlauncher_profiles.json
\Google(x86)\Chrome\User Data
Language: Unknown
NVIDIA
Elements Browser
w)o!F
LG" /sc ONLOGON /rl HIGHEST
wb\discord.txt
\FileZilla
Iy:__
\profiles.ini
Amigo
APPDATA
\Messengers
Megacoin
\CryptoTab Browser\User Data
Chedot
An uncaught exception occurred_ip0_1:
Franko
E-MAIL: %s
DiscordPTB
[Processes]
Exclusions_Extensions
Software\Microsoft\Windows\CurrentVersion\Run
Password: %s
CPU Count: %d
HR" /sc HOURLY /rl HIGHEST
Chromium
Waterfox
wb\passwords.txt
C:\program files\steam
Dd!{zj
DisplayName
Cyberfox
Computer Name: %s [%s]
Chrome (x86)
\Signal
NetboxBrowser
gtokens
Terracoin
\wallets
\Exodus\exodus.wallet
InternetQueryOptionA
\wcx_ftp.ini
SOFTWARE\Policies\Microsoft\Windows Defender
1wsHp
\.minecraft\launcher_msa_credentials.bin
\GoogleAccounts
Total events
454
Read events
454
Write events
0
Delete events
0

Modification events

No data
Executable files
0
Suspicious files
0
Text files
0
Unknown types
0

Dropped files

No data
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
6
DNS requests
1
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:138
whitelisted
4
System
192.168.100.255:137
whitelisted
1088
svchost.exe
224.0.0.252:5355
unknown
3976
malware_sample_bac.exe
193.233.132.253:50500
ATT-INTERNET4
US
unknown

DNS requests

Domain
IP
Reputation
dns.msftncsi.com
  • 131.107.255.255
shared

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
malware_sample_bac.exe