lumma | c5a3dbeea17ddba50482e7844a817171580f977dcea9ad7b655d39a934b93b93

Analysis

max time kernel
149s
max time network
152s
platform
windows10-2004_x64
resource
win10v2004-20240426-en
resource tags

arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system
submitted
10/05/2024, 11:48 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe
Size

1.2MB
MD5

1a16ee68f1207233e67c2c808805a723
SHA1

e2867e17c5b2cf680cf121ecfd388dc4f9380035
SHA256

fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3
SHA512

7330de14cde4232c5020944b2a21f11bb9a238762b71e0947315bbb749a749c9d1b0500a03bd8722edc3f748fbf03d3045eb6e41e101e4340c207af9c24d40b0
SSDEEP

24576:7OG/5S/uUaFhBylaHU3TMzhIhH4aZGjpUwMHqsOL+QX:7OGfFhBylaHy8DsON

Score

10^/10

lumma stealer

Malware Config

Extracted

Family

lumma

https://productivelookewr.shop/api

https://tolerateilusidjukl.shop/api

https://shatterbreathepsw.shop/api

https://shortsvelventysjo.shop/api

https://incredibleextedwj.shop/api

https://alcojoldwograpciw.shop/api

https://liabilitynighstjsko.shop/api

https://demonstationfukewko.shop/api

Signatures

Lumma Stealer
An infostealer written in C++ first seen in August 2022.
stealer lumma

Suspicious use of SetThreadContext 1 IoCs

description	pid	Process	procid_target
PID 3052 set thread context of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83

Program crash 1 IoCs

pid	pid_target	Process	procid_target
4216	3052	WerFault.exe	82

Suspicious use of WriteProcessMemory 9 IoCs

description	pid	Process	procid_target
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83
PID 3052 wrote to memory of 4860	3052	fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe	83

C:\Users\Admin\AppData\Local\Temp\fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe
"C:\Users\Admin\AppData\Local\Temp\fc8b501a1823496ec4685f1c935710517b2ee5331f98bf10c5eb7b69350e59d3.exe"
1⤵
- Suspicious use of SetThreadContext
- Suspicious use of WriteProcessMemory
PID:3052
- C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe
  "C:\Windows\Microsoft.NET\Framework\v4.0.30319\RegAsm.exe"
  2⤵
  PID:4860
- C:\Windows\SysWOW64\WerFault.exe
  C:\Windows\SysWOW64\WerFault.exe -u -p 3052 -s 332
  2⤵
  - Program crash
  PID:4216

C:\Windows\SysWOW64\WerFault.exe
C:\Windows\SysWOW64\WerFault.exe -pss -s 404 -p 3052 -ip 3052
1⤵
PID:4504

Network

DNS

sideindexfollowragelrew.pw

RegAsm.exe

Remote address:

8.8.8.8:53

Request

sideindexfollowragelrew.pw

IN A

Response
DNS

productivelookewr.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

productivelookewr.shop

IN A

Response

productivelookewr.shop

IN A

104.21.11.250

productivelookewr.shop

IN A

172.67.150.207
POST

https://productivelookewr.shop/api

RegAsm.exe

Remote address:

104.21.11.250:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: productivelookewr.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=qj8l66j0celku8t2e6of0f71kn; expires=Tue, 03-Sep-2024 05:35:53 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=m9xldiRrVOYzmIG58ocPif8w3vKRVqRWLneOcZH%2BSKtAE8Q%2FSRRbYzaMno24%2F2dBAUF9vtSisKTTF0qf%2FUTS%2BrakoCOJdSkL7zQ5OqU03tg6tWeD9yc4uG661945adssFVaw9eNF%2FlVb"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b46d092e77b2-LHR
alt-svc: h3=":443"; ma=86400
DNS

133.211.185.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

133.211.185.52.in-addr.arpa

IN PTR

Response
DNS

250.11.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

250.11.21.104.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

204.79.197.237

dual-a-0034.a-msedge.net

IN A

13.107.21.237
DNS

tolerateilusidjukl.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

tolerateilusidjukl.shop

IN A

Response

tolerateilusidjukl.shop

IN A

104.21.89.202

tolerateilusidjukl.shop

IN A

172.67.147.41
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1ADEFE51ACC366340CD0EA2AAD7867F4; domain=.bing.com; expires=Wed, 04-Jun-2025 11:49:14 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: B347040CD6DE4B0498A5BAFB65AC9F37 Ref B: LON04EDGE0907 Ref C: 2024-05-10T11:49:14Z
date: Fri, 10 May 2024 11:49:14 GMT
GET

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

Remote address:

204.79.197.237:443

Request

GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6 HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1ADEFE51ACC366340CD0EA2AAD7867F4; _EDGE_S=SID=1296516EF36868421B4B4515F2C269CF

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=amFvOsvWV1vb9PWQM4-vXWXWm1QdEy7OFt7Buqakylg; domain=.bing.com; expires=Wed, 04-Jun-2025 11:49:15 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FC1D1ADDFDDD4B258C11E500101E9A32 Ref B: LON04EDGE0907 Ref C: 2024-05-10T11:49:15Z
date: Fri, 10 May 2024 11:49:14 GMT
POST

https://tolerateilusidjukl.shop/api

RegAsm.exe

Remote address:

104.21.89.202:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: tolerateilusidjukl.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:14 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=p8nrvfp6ltvo15shm0jmtdbo18; expires=Tue, 03-Sep-2024 05:35:53 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B1%2FnKYImsaiBTtOXkWKEjJC2wuF1SdM7Pk%2FvFf7cvPS7MTFzyNVg458%2FdP0JhC68XeQYLuvfhmKHW%2BclyyLu%2FWkxw9%2Bk7Xi6GiomoYr%2BdXIpEELjm2RMRFFTiV3ztOZjezhh6YqtmtBmEA%3D%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b46f7a2060e2-LHR
alt-svc: h3=":443"; ma=86400
DNS

shatterbreathepsw.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

shatterbreathepsw.shop

IN A

Response

shatterbreathepsw.shop

IN A

172.67.169.43

shatterbreathepsw.shop

IN A

104.21.95.19
GET

https://www.bing.com/aes/c.gif?RG=a28cd0b71547497588ab3f1ee8b58cfd&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134344Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984

Remote address:

23.62.61.57:443

Request

GET /aes/c.gif?RG=a28cd0b71547497588ab3f1ee8b58cfd&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134344Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984 HTTP/2.0
host: www.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1ADEFE51ACC366340CD0EA2AAD7867F4

Response

HTTP/2.0 200

cache-control: private,no-store
pragma: no-cache
vary: Origin
p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 8F601CCAE6D54691B8712E9DC38B7DB0 Ref B: DUS30EDGE0805 Ref C: 2024-05-10T11:49:15Z
content-length: 0
date: Fri, 10 May 2024 11:49:15 GMT
set-cookie: _EDGE_S=SID=1296516EF36868421B4B4515F2C269CF; path=/; httponly; domain=bing.com
set-cookie: MUIDB=1ADEFE51ACC366340CD0EA2AAD7867F4; path=/; httponly; expires=Wed, 04-Jun-2025 11:49:15 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.353d3e17.1715341755.189cd82
POST

https://shatterbreathepsw.shop/api

RegAsm.exe

Remote address:

172.67.169.43:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: shatterbreathepsw.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=a9t693i678h73sspsrhjtb4mcv; expires=Tue, 03-Sep-2024 05:35:54 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=WWz7FkNsniWpryOZVUkCLXJ1mcbP%2FEv0ep6%2Fc5%2B2IZ9lqamMZRYTGtXDYBGD1pRHKAW6HVCTQBNcj0r8vIPVXWK1Z%2B4F0O3yMZfTBqtf5fe5%2Baj4Of4cPXQAHQHBWDROSbw%2F0jZPIIkl"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b471f94a94d9-LHR
alt-svc: h3=":443"; ma=86400
DNS

shortsvelventysjo.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

shortsvelventysjo.shop

IN A

Response

shortsvelventysjo.shop

IN A

172.67.216.69

shortsvelventysjo.shop

IN A

104.21.16.225
POST

https://shortsvelventysjo.shop/api

RegAsm.exe

Remote address:

172.67.216.69:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: shortsvelventysjo.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:15 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=s2u56auq92nskco8tt1t6vupu4; expires=Tue, 03-Sep-2024 05:35:54 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2B%2ByrJmeGvN%2B%2F5eQEKuaWvFGZB%2Fq0XIUeUYygI2gUXWtbIj6UqtRI2M6CXMerbP6qrk0soMVWYSVdySy3NdLRRnydRF1PBbKA7RSWNUUpSkJr96IFpAVHo3jsUAIooVdG6Oc3VzDJpmk2"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b4743dfd23cb-LHR
alt-svc: h3=":443"; ma=86400
DNS

237.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.197.79.204.in-addr.arpa

IN PTR

Response
DNS

202.89.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

202.89.21.104.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

71.159.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

71.159.190.20.in-addr.arpa

IN PTR

Response
DNS

incredibleextedwj.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

incredibleextedwj.shop

IN A

Response

incredibleextedwj.shop

IN A

104.21.86.106

incredibleextedwj.shop

IN A

172.67.218.63
POST

https://incredibleextedwj.shop/api

RegAsm.exe

Remote address:

104.21.86.106:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: incredibleextedwj.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=0db47jspffi6kqr2hdh291upgm; expires=Tue, 03-Sep-2024 05:35:55 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=PLx7kSyo2szzIZXkD1w8Z%2FdAedauSHR3mPVLhtPchmvdibBC6Ha6JX96nzzMnS%2BjEPt%2B20bEMn1LkzyhBio3VrdCSq%2B4nCGID%2B9HY9o3NcR6MsBCHGvaS%2FfB2LLv9PddQYwl6FX9JPJ5"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b476cdd90635-LHR
alt-svc: h3=":443"; ma=86400
DNS

alcojoldwograpciw.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

alcojoldwograpciw.shop

IN A

Response

alcojoldwograpciw.shop

IN A

104.21.48.243

alcojoldwograpciw.shop

IN A

172.67.157.23
POST

https://alcojoldwograpciw.shop/api

RegAsm.exe

Remote address:

104.21.48.243:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: alcojoldwograpciw.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=kjmvv4fq9skff2sfco5egfps2c; expires=Tue, 03-Sep-2024 05:35:55 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=lMjVCrvExi1RII1VZzMuSB%2BjELCa6CjF1vWRhO1yWyGMyfYLRSKBlLSirxITZRudLLXicPPP3VYFgPSOaUIDcjuhZZz9GsL0OF86frVDNYx5YRRu%2BW9qV5ZJsjvv34Qq6rzscIQ31eBg"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b4794b806413-LHR
alt-svc: h3=":443"; ma=86400
GET

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

Remote address:

23.62.61.57:443

Request

GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
host: www.bing.com
accept: */*
cookie: MUID=1ADEFE51ACC366340CD0EA2AAD7867F4; _EDGE_S=SID=1296516EF36868421B4B4515F2C269CF; MSPTC=amFvOsvWV1vb9PWQM4-vXWXWm1QdEy7OFt7Buqakylg; MUIDB=1ADEFE51ACC366340CD0EA2AAD7867F4
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-type: image/png
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
content-length: 1107
date: Fri, 10 May 2024 11:49:16 GMT
alt-svc: h3=":443"; ma=93600
x-cdn-traceid: 0.353d3e17.1715341756.189d298
DNS

57.61.62.23.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.61.62.23.in-addr.arpa

IN PTR

Response

57.61.62.23.in-addr.arpa

IN PTR

a23-62-61-57deploystaticakamaitechnologiescom
DNS

43.169.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.169.67.172.in-addr.arpa

IN PTR

Response
DNS

69.216.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

69.216.67.172.in-addr.arpa

IN PTR

Response
DNS

106.86.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

106.86.21.104.in-addr.arpa

IN PTR

Response
DNS

liabilitynighstjsko.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

liabilitynighstjsko.shop

IN A

Response

liabilitynighstjsko.shop

IN A

104.21.44.3

liabilitynighstjsko.shop

IN A

172.67.192.138
POST

https://liabilitynighstjsko.shop/api

RegAsm.exe

Remote address:

104.21.44.3:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: liabilitynighstjsko.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:16 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=v0ssj0g9lgrletg5m0p3ff494e; expires=Tue, 03-Sep-2024 05:35:55 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZkZDh2ZqR%2FSssCrP3KTGs6S7jYPdGGdLiwjqvsKV%2BR8TP57YTnEH%2BMzcMdxPx3bQMOJHG7HzgGzYahoZRJa8o2KnZ2AiaS7Zv%2F2oZScgaBK8AskCR3skKW%2FEQ9qoI5xTDwukTw4jmLD0fVY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b47bcf917777-LHR
alt-svc: h3=":443"; ma=86400
DNS

demonstationfukewko.shop

RegAsm.exe

Remote address:

8.8.8.8:53

Request

demonstationfukewko.shop

IN A

Response

demonstationfukewko.shop

IN A

172.67.147.169

demonstationfukewko.shop

IN A

104.21.33.174
POST

https://demonstationfukewko.shop/api

RegAsm.exe

Remote address:

172.67.147.169:443

Request

POST /api HTTP/1.1
Connection: Keep-Alive
Content-Type: application/x-www-form-urlencoded
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
Content-Length: 8
Host: demonstationfukewko.shop

Response

HTTP/1.1 200 OK

Date: Fri, 10 May 2024 11:49:17 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: PHPSESSID=1r8jk4lrtqr09q5bjtidj2e2k9; expires=Tue, 03-Sep-2024 05:35:56 GMT; Max-Age=9999999; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Pragma: no-cache
CF-Cache-Status: DYNAMIC
Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=3t7YjR8NRVKeI6laljbpdXIcLE3pWu2nIE5SgsZwWRG06zF53YiCxmako8tO1Ozsyr7UhwofC7aNDriwaxRis0TjQsOgv6uL7OVh3VLXrSa4WaGIalVr8itI1NqejmTrgXaw%2B%2BnMw6VAUxY%3D"}],"group":"cf-nel","max_age":604800}
NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
Server: cloudflare
CF-RAY: 8819b47e1b9463ca-LHR
alt-svc: h3=":443"; ma=86400
DNS

243.48.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

243.48.21.104.in-addr.arpa

IN PTR

Response
DNS

3.44.21.104.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.44.21.104.in-addr.arpa

IN PTR

Response
DNS

169.147.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

169.147.67.172.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

171.39.242.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

171.39.242.20.in-addr.arpa

IN PTR

Response
DNS

142.53.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

142.53.16.96.in-addr.arpa

IN PTR

Response

142.53.16.96.in-addr.arpa

IN PTR

a96-16-53-142deploystaticakamaitechnologiescom
DNS

77.190.18.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

77.190.18.2.in-addr.arpa

IN PTR

Response

77.190.18.2.in-addr.arpa

IN PTR

a2-18-190-77deploystaticakamaitechnologiescom
DNS

88.156.103.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

88.156.103.20.in-addr.arpa

IN PTR

Response
DNS

19.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

19.229.111.52.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 499516
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 387FA224D3A94451B006B7CD6C64E62A Ref B: LON04EDGE0715 Ref C: 2024-05-10T11:50:54Z
date: Fri, 10 May 2024 11:50:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 476246
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C24274E8AA3B4ADAA12FEF45ACEFBE5F Ref B: LON04EDGE0715 Ref C: 2024-05-10T11:50:54Z
date: Fri, 10 May 2024 11:50:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 464243
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: CC84DEB8D86E4296B905414E59BF4B6F Ref B: LON04EDGE0715 Ref C: 2024-05-10T11:50:54Z
date: Fri, 10 May 2024 11:50:53 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 382817
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 4FB7BC122FF041CCB87E7B51C7B20547 Ref B: LON04EDGE0715 Ref C: 2024-05-10T11:50:54Z
date: Fri, 10 May 2024 11:50:53 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

175.117.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.117.168.52.in-addr.arpa

IN PTR

Response
DNS

175.117.168.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

175.117.168.52.in-addr.arpa

IN PTR

Response

104.21.11.250:443

https://productivelookewr.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://productivelookewr.shop/api

HTTP Response

200
204.79.197.237:443

https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

tls, http2

2.5kB
9.0kB
19
16

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8bdOclx_UH9u_S3PgBuaPSTVUCUxrrVt_rP6_j4EHKjuRX2Y1XEtXTjotKBNwty0D66ZXhrvtl85IGrrz-pE5SKwc3J7aSPHslvX5Wvz9ZdaGZLXuQW_TMgsRkrRQK7XLAabQqkPnaZOY8x3cPitx7ISIXP0coHN1B8vWN2-7_ZIXhqmC%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1070ffa8fd6b1456b8f29983521931ac&TIME=20240426T134344Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984&muid=B64DD8ED08746C05824A19614CB097A6

HTTP Response

204
104.21.89.202:443

https://tolerateilusidjukl.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://tolerateilusidjukl.shop/api

HTTP Response

200
23.62.61.57:443

https://www.bing.com/aes/c.gif?RG=a28cd0b71547497588ab3f1ee8b58cfd&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134344Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984

tls, http2

1.5kB
5.4kB
17
12

HTTP Request

GET https://www.bing.com/aes/c.gif?RG=a28cd0b71547497588ab3f1ee8b58cfd&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240426T134344Z&adUnitId=11730597&localId=w:B64DD8ED-0874-6C05-824A-19614CB097A6&deviceId=6825828828100984

HTTP Response

200
172.67.169.43:443

https://shatterbreathepsw.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://shatterbreathepsw.shop/api

HTTP Response

200
172.67.216.69:443

https://shortsvelventysjo.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://shortsvelventysjo.shop/api

HTTP Response

200
104.21.86.106:443

https://incredibleextedwj.shop/api

tls, http

RegAsm.exe

1.1kB
6.3kB
10
10

HTTP Request

POST https://incredibleextedwj.shop/api

HTTP Response

200
104.21.48.243:443

https://alcojoldwograpciw.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://alcojoldwograpciw.shop/api

HTTP Response

200
23.62.61.57:443

https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

tls, http2

1.7kB
6.4kB
18
13

HTTP Request

GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

HTTP Response

200
104.21.44.3:443

https://liabilitynighstjsko.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://liabilitynighstjsko.shop/api

HTTP Response

200
172.67.147.169:443

https://demonstationfukewko.shop/api

tls, http

RegAsm.exe

1.1kB
6.7kB
10
10

HTTP Request

POST https://demonstationfukewko.shop/api

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

66.4kB
1.9MB
1384
1380

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381702593_1BLW9LYE0FMIB48EX&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381705588_1WA9C34P2B6OXP331&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381705589_1UZ6HI7DU1RQLXLFR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239381702592_1OT5ET7HCG1M9EIRY&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.2kB
8.1kB
16
14

8.8.8.8:53

sideindexfollowragelrew.pw

dns

RegAsm.exe

72 B
137 B
1
1

DNS Request

sideindexfollowragelrew.pw
8.8.8.8:53

productivelookewr.shop

dns

RegAsm.exe

68 B
100 B
1
1

DNS Request

productivelookewr.shop

DNS Response

104.21.11.250

172.67.150.207
8.8.8.8:53

133.211.185.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

133.211.185.52.in-addr.arpa
8.8.8.8:53

250.11.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

250.11.21.104.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.237

13.107.21.237
8.8.8.8:53

tolerateilusidjukl.shop

dns

RegAsm.exe

69 B
101 B
1
1

DNS Request

tolerateilusidjukl.shop

DNS Response

104.21.89.202

172.67.147.41
8.8.8.8:53

shatterbreathepsw.shop

dns

RegAsm.exe

68 B
100 B
1
1

DNS Request

shatterbreathepsw.shop

DNS Response

172.67.169.43

104.21.95.19
8.8.8.8:53

shortsvelventysjo.shop

dns

RegAsm.exe

68 B
100 B
1
1

DNS Request

shortsvelventysjo.shop

DNS Response

172.67.216.69

104.21.16.225
8.8.8.8:53

237.197.79.204.in-addr.arpa

dns

73 B
143 B
1
1

DNS Request

237.197.79.204.in-addr.arpa
8.8.8.8:53

202.89.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

202.89.21.104.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

71.159.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

71.159.190.20.in-addr.arpa
8.8.8.8:53

incredibleextedwj.shop

dns

RegAsm.exe

68 B
100 B
1
1

DNS Request

incredibleextedwj.shop

DNS Response

104.21.86.106

172.67.218.63
8.8.8.8:53

alcojoldwograpciw.shop

dns

RegAsm.exe

68 B
100 B
1
1

DNS Request

alcojoldwograpciw.shop

DNS Response

104.21.48.243

172.67.157.23
8.8.8.8:53

57.61.62.23.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

57.61.62.23.in-addr.arpa
8.8.8.8:53

43.169.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

43.169.67.172.in-addr.arpa
8.8.8.8:53

69.216.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

69.216.67.172.in-addr.arpa
8.8.8.8:53

106.86.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

106.86.21.104.in-addr.arpa
8.8.8.8:53

liabilitynighstjsko.shop

dns

RegAsm.exe

70 B
102 B
1
1

DNS Request

liabilitynighstjsko.shop

DNS Response

104.21.44.3

172.67.192.138
8.8.8.8:53

demonstationfukewko.shop

dns

RegAsm.exe

70 B
102 B
1
1

DNS Request

demonstationfukewko.shop

DNS Response

172.67.147.169

104.21.33.174
8.8.8.8:53

243.48.21.104.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

243.48.21.104.in-addr.arpa
8.8.8.8:53

3.44.21.104.in-addr.arpa

dns

70 B
132 B
1
1

DNS Request

3.44.21.104.in-addr.arpa
8.8.8.8:53

169.147.67.172.in-addr.arpa

dns

73 B
135 B
1
1

DNS Request

169.147.67.172.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

171.39.242.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

171.39.242.20.in-addr.arpa
8.8.8.8:53

142.53.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

142.53.16.96.in-addr.arpa
8.8.8.8:53

77.190.18.2.in-addr.arpa

dns

70 B
133 B
1
1

DNS Request

77.190.18.2.in-addr.arpa
8.8.8.8:53

88.156.103.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

88.156.103.20.in-addr.arpa
8.8.8.8:53

19.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

19.229.111.52.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

146 B
212 B
2
2

DNS Request

200.197.79.204.in-addr.arpa

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

175.117.168.52.in-addr.arpa

dns

146 B
294 B
2
2

DNS Request

175.117.168.52.in-addr.arpa

DNS Request

175.117.168.52.in-addr.arpa

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

memory/3052-0-0x0000000001119000-0x000000000111A000-memory.dmp

Filesize
4KB

Download
memory/4860-1-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4860-3-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4860-4-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download
memory/4860-5-0x0000000000400000-0x000000000044E000-memory.dmp

Filesize
312KB

Download

Analysis

Sharing

General

Malware Config

Extracted

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request