Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

3

cryptolaemus

windows10-2004-x64

10

cryptolaemus

windows11-21h2-x64

5

Analysis

  • max time kernel
    93s
  • max time network
    97s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240704-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240704-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/07/2024, 05:54 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    c4452b42ae44c837bb125fa539edfd57241aff7f40c63365ff4cde0d9a823f44.exe

  • Size

    8.6MB

  • MD5

    0e9459f87d4d72ca3f3fb54af7432de9

  • SHA1

    8941d42eb6f891aca9652cb3cbcdefc547a0ee1c

  • SHA256

    c4452b42ae44c837bb125fa539edfd57241aff7f40c63365ff4cde0d9a823f44

  • SHA512

    4b646775910d27e0c8b410a0e7e8b5b05f63839a6c26ee25952a27740688db4029916a6fb88e70accfab239f5eab532ae169f7146cdb093f826162b46689c728

  • SSDEEP

    49152:4kmANd/Zz39voeJAg/Bst+YhOQz4W3FlFPyHF80WBh5OIm/tJe34jcH5EGgMLhZk:Uoh3FJBWz4W1lFbBnPE6wUa7nPF

Score
10/10
lummastealer

Malware Config

Extracted

Family

lumma

C2

https://stationacutwo.shop/api

https://bouncedgowp.shop/api

https://bannngwko.shop/api

https://bargainnykwo.shop/api

https://affecthorsedpo.shop/api

https://radiationnopp.shop/api

https://answerrsdo.shop/api

https://publicitttyps.shop/api

https://benchillppwo.shop/api

https://reinforcedirectorywd.shop/api

Signatures

  • Lumma Stealer

    An infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Suspicious use of SetThreadContext 1 IoCs
  • Suspicious use of WriteProcessMemory 5 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\c4452b42ae44c837bb125fa539edfd57241aff7f40c63365ff4cde0d9a823f44.exe
    "C:\Users\Admin\AppData\Local\Temp\c4452b42ae44c837bb125fa539edfd57241aff7f40c63365ff4cde0d9a823f44.exe"
    1⤵
    • Suspicious use of SetThreadContext
    • Suspicious use of WriteProcessMemory
    PID:4256
    • C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      C:\Windows\BitLockerDiscoveryVolumeContents\BitLockerToGo.exe
      2⤵
        PID:1976

    Network

    • flag-us
      DNS
      g.bing.com
      Remote address:
      8.8.8.8:53
      Request
      g.bing.com
      IN A
      Response
      g.bing.com
      IN CNAME
      g-bing-com.dual-a-0034.a-msedge.net
      g-bing-com.dual-a-0034.a-msedge.net
      IN CNAME
      dual-a-0034.a-msedge.net
      dual-a-0034.a-msedge.net
      IN A
      13.107.21.237
      dual-a-0034.a-msedge.net
      IN A
      204.79.197.237
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      Remote address:
      13.107.21.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MUID=3F2DAFE222F9692427E5BB5A2342682A; domain=.bing.com; expires=Mon, 04-Aug-2025 05:55:05 GMT; path=/; SameSite=None; Secure; Priority=High;
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 625BE005D95D465F96897F91B22BBB10 Ref B: LON04EDGE0822 Ref C: 2024-07-10T05:55:05Z
      date: Wed, 10 Jul 2024 05:55:04 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      Remote address:
      13.107.21.237:443
      Request
      GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3F2DAFE222F9692427E5BB5A2342682A
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      set-cookie: MSPTC=XfSoRS0EGsY7X1J8CK9GRgGihDSiTDq-EjmTZwVXt_c; domain=.bing.com; expires=Mon, 04-Aug-2025 05:55:05 GMT; path=/; Partitioned; secure; SameSite=None
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 9630CEC770144606AD9BEA37A94C9F8A Ref B: LON04EDGE0822 Ref C: 2024-07-10T05:55:05Z
      date: Wed, 10 Jul 2024 05:55:04 GMT
    • flag-us
      GET
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      Remote address:
      13.107.21.237:443
      Request
      GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid= HTTP/2.0
      host: g.bing.com
      accept-encoding: gzip, deflate
      user-agent: WindowsShellClient/9.0.40929.0 (Windows)
      cookie: MUID=3F2DAFE222F9692427E5BB5A2342682A; MSPTC=XfSoRS0EGsY7X1J8CK9GRgGihDSiTDq-EjmTZwVXt_c
      Response
      HTTP/2.0 204
      cache-control: no-cache, must-revalidate
      pragma: no-cache
      expires: Fri, 01 Jan 1990 00:00:00 GMT
      strict-transport-security: max-age=31536000; includeSubDomains; preload
      access-control-allow-origin: *
      x-cache: CONFIG_NOCACHE
      accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
      x-msedge-ref: Ref A: 11058A07FD13431A972F4A588EA8B103 Ref B: LON04EDGE0822 Ref C: 2024-07-10T05:55:05Z
      date: Wed, 10 Jul 2024 05:55:04 GMT
    • flag-us
      DNS
      72.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      72.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      237.21.107.13.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      237.21.107.13.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      205.47.74.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      205.47.74.20.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      stationacutwo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      stationacutwo.shop
      IN A
      Response
      stationacutwo.shop
      IN A
      104.21.30.130
      stationacutwo.shop
      IN A
      172.67.172.239
    • flag-us
      POST
      https://stationacutwo.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.30.130:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: stationacutwo.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:05 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=8jbhkcun8stj37h24rim5el5qh; expires=Sat, 02-Nov-2024 23:41:44 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=mIsoQ2kTewLANG1krv%2BoeVaaVwdHUn3bJniEohxmHSp6oHShgt2FR7V5IVNj7lkNlWTlIHf%2F%2BRHmLhGxmmoj%2FarX6XQxYpFyrVqX8qiF0KczLd7WdhGpgk31tpn2NHgWNx6rGXU%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4d848973bd7e-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      bouncedgowp.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      bouncedgowp.shop
      IN A
      Response
      bouncedgowp.shop
      IN A
      172.67.214.52
      bouncedgowp.shop
      IN A
      104.21.93.198
    • flag-us
      POST
      https://bouncedgowp.shop/api
      BitLockerToGo.exe
      Remote address:
      172.67.214.52:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: bouncedgowp.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:05 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=l8kmbobtkul1h3k2m6gs2rgu8h; expires=Sat, 02-Nov-2024 23:41:44 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pQbPRsiawWt10Kx5g4fLipjLykAd5okcXO7J6j7z2Rh6ISjJpeeVoAb3LIa3LUCI4O7%2F1XcS3utPqD%2BSZu8Ik1j1Ne22sYy9oPuqQX4GzDEZwHSefXWzcF5XP0r4VfG11l0V"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4d872d6e886e-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      130.30.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      130.30.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      bannngwko.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      bannngwko.shop
      IN A
      Response
      bannngwko.shop
      IN A
      172.67.146.61
      bannngwko.shop
      IN A
      104.21.81.196
    • flag-us
      POST
      https://bannngwko.shop/api
      BitLockerToGo.exe
      Remote address:
      172.67.146.61:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: bannngwko.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:06 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=49pdps0ovp8l516dalf8qb0gbj; expires=Sat, 02-Nov-2024 23:41:45 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=wKVR%2BxrSueViR1c%2FZCpSMwwL5PkhKndFb%2BoiezDMJzriYCAJWeVmdsX1FdXI%2BwE%2BZ3tfx1P9A2u9%2BLKwIBDZJ0pSKInWWAIHaE2%2Bg%2FcORctA%2BhdklNRkc%2F%2FCrXYWJ3n8LA%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4d89d81424da-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      bargainnykwo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      bargainnykwo.shop
      IN A
      Response
      bargainnykwo.shop
      IN A
      172.67.146.97
      bargainnykwo.shop
      IN A
      104.21.47.93
    • flag-us
      DNS
      bargainnykwo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      bargainnykwo.shop
      IN A
    • flag-us
      DNS
      bargainnykwo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      bargainnykwo.shop
      IN A
    • flag-us
      DNS
      52.214.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      52.214.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      61.146.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      61.146.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      https://bargainnykwo.shop/api
      BitLockerToGo.exe
      Remote address:
      172.67.146.97:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: bargainnykwo.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:08 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=9bjsnp7ai9khg080bfe8dfj5eu; expires=Sat, 02-Nov-2024 23:41:47 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2FKYJ93zLSo6FhfzzOC%2BWTQjOQV72ZmXHyEPgMc1u1ZSeyQZYK%2FDksC%2Bx8t5pLDhbwClXQX%2BvhqJaEFmpo5qhTtCWz8ikjq4%2BRqhg2uWByN81cVqiZujSGlAJNw8KBikbdu1v4Q%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4d991e1494c9-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      affecthorsedpo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      affecthorsedpo.shop
      IN A
      Response
      affecthorsedpo.shop
      IN A
      104.21.6.254
      affecthorsedpo.shop
      IN A
      172.67.135.137
    • flag-us
      DNS
      affecthorsedpo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      affecthorsedpo.shop
      IN A
    • flag-us
      DNS
      97.146.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.146.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      97.146.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      97.146.67.172.in-addr.arpa
      IN PTR
    • flag-us
      POST
      https://affecthorsedpo.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.6.254:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: affecthorsedpo.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:10 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=3ecgf08t3vilg32h07f2t4dukn; expires=Sat, 02-Nov-2024 23:41:49 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yZ3lf%2BqTrMrCknF6%2FTSfVDeaFKAg9JaOwhqMua3TZ1gwzWE6WeyjSAqSopfS1ArN8G91d5PHRsr1XlDYg9KWHbjAO6ATWwSmV3Pu2FMG1yGyybnO6aW%2BtoLiNGsCUfT81TRv5dGK"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4da35c749514-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      radiationnopp.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      radiationnopp.shop
      IN A
      Response
      radiationnopp.shop
      IN A
      104.21.68.158
      radiationnopp.shop
      IN A
      172.67.196.169
    • flag-us
      DNS
      radiationnopp.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      radiationnopp.shop
      IN A
    • flag-us
      POST
      https://radiationnopp.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.68.158:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: radiationnopp.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:11 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=a4ueb5egvj58cqtm5qf0tr1fti; expires=Sat, 02-Nov-2024 23:41:50 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=oadI%2Bptyw1CUc05V5%2Ba285qtXOxnVYfno%2FMQyKN%2BSL0Bg1I7jCgakCvr9xg8rkKcNKcBawSCe2PJ0X7hE4U6LBPF6SbdzdLTDf6ja8DTTFC2LjNiMJzIx0lD%2Byt6ZidoC7iBPKA%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4dadf8b09407-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      254.6.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      254.6.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      answerrsdo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      answerrsdo.shop
      IN A
      Response
      answerrsdo.shop
      IN A
      104.21.44.192
      answerrsdo.shop
      IN A
      172.67.203.63
    • flag-us
      POST
      https://answerrsdo.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.44.192:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: answerrsdo.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:12 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=ijgrgee35qp6d64h6ofl08ifag; expires=Sat, 02-Nov-2024 23:41:51 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HB8U%2BPWa32Fqq0DcnKdcuWYDLTZpFpGcAlt58dUs8gDRIrGUMFPfR9qNXl7dhB7ydSrNnYRZCJXYY%2BgY9Hnh4daCVE0WHCwGqj2qFhiiVgkfJ%2F9NJ1F%2Bc%2FaO0hrNuW6LRvQ%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4db07d859467-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      publicitttyps.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      publicitttyps.shop
      IN A
      Response
      publicitttyps.shop
      IN A
      104.21.25.154
      publicitttyps.shop
      IN A
      172.67.134.88
    • flag-us
      DNS
      publicitttyps.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      publicitttyps.shop
      IN A
    • flag-us
      DNS
      192.44.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.44.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      192.44.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.44.21.104.in-addr.arpa
      IN PTR
    • flag-us
      DNS
      158.68.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.68.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      158.68.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      158.68.21.104.in-addr.arpa
      IN PTR
    • flag-us
      POST
      https://publicitttyps.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.25.154:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: publicitttyps.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:13 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=icdoov3b24pgshf6vehl13uup7; expires=Sat, 02-Nov-2024 23:41:52 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=K0H7BrSR2Al7oVMqU30uKPeGw%2B%2F2ExS5WkAcGS%2FqUp1EU0%2BqJ0Q3zHraPz1LAA5GpWVV5zhpGvJ20D3vyi8jL7%2FfgmeUjkrQ3sNxujeZxfaqFxVrLMwyu6sdxTAex9Wl891oZ%2FQ%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4db9798393e3-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      benchillppwo.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      benchillppwo.shop
      IN A
      Response
      benchillppwo.shop
      IN A
      104.21.81.128
      benchillppwo.shop
      IN A
      172.67.160.230
    • flag-us
      POST
      https://benchillppwo.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.81.128:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: benchillppwo.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:14 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=db5i9v2dvej849sd18l3m559ld; expires=Sat, 02-Nov-2024 23:41:53 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=4Ppk%2BlafUuQzCC2UkR%2BG%2F0MHUT7KaPQGziAI39QnxV24kJIcBJ3VSjjN80eyZNBMimkLLQazv0B0%2Bwdx%2Bbw7AGbhD1Yai%2F842SnpFhedswwvsqcCP3Il0eyNMNLbnHbYrqXOTQ%3D%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4dbc8bd56408-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      steamcommunity.com
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      steamcommunity.com
      IN A
      Response
      steamcommunity.com
      IN A
      23.214.143.155
    • flag-gb
      GET
      https://steamcommunity.com/profiles/76561199724331900
      BitLockerToGo.exe
      Remote address:
      23.214.143.155:443
      Request
      GET /profiles/76561199724331900 HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Host: steamcommunity.com
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Content-Type: text/html; charset=UTF-8
      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.akamai.steamstatic.com/ https://cdn.akamai.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.akamai.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
      Expires: Mon, 26 Jul 1997 05:00:00 GMT
      Cache-Control: no-cache
      Date: Wed, 10 Jul 2024 05:55:14 GMT
      Content-Length: 34854
      Connection: keep-alive
      Set-Cookie: sessionid=dcdbbc97c69ac6e444cba99a; Path=/; Secure; SameSite=None
      Set-Cookie: steamCountry=GB%7C0cca5b35055ce513436d8b708d875660; Path=/; Secure; HttpOnly; SameSite=None
    • flag-us
      DNS
      154.25.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      154.25.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      128.81.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      128.81.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      reinforcedirectorywd.shop
      BitLockerToGo.exe
      Remote address:
      8.8.8.8:53
      Request
      reinforcedirectorywd.shop
      IN A
      Response
      reinforcedirectorywd.shop
      IN A
      104.21.83.48
      reinforcedirectorywd.shop
      IN A
      172.67.214.98
    • flag-us
      POST
      https://reinforcedirectorywd.shop/api
      BitLockerToGo.exe
      Remote address:
      104.21.83.48:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: reinforcedirectorywd.shop
      Response
      HTTP/1.1 200 OK
      Date: Wed, 10 Jul 2024 05:55:15 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=guu4v6vqdhui733809r5j2bbkc; expires=Sat, 02-Nov-2024 23:41:54 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      CF-Cache-Status: DYNAMIC
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0FHNrBAtzPmq5CLBS2qUBg0PsdfvJmbcaBS2J8a7vtKS6XN5yKxehBjuj93w3Y%2F4S0l4TNcxciVPg2uTr%2BcRymHEhecZsl07cpvtHYEI2b0TAJrdSDjyIoS3XWzGtJH3xKnMb7k874To%2BSz8"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8a0e4dc41edb06f9-LHR
      alt-svc: h3=":443"; ma=86400
    • flag-us
      DNS
      48.83.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      48.83.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      155.143.214.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      155.143.214.23.in-addr.arpa
      IN PTR
      Response
      155.143.214.23.in-addr.arpa
      IN PTR
      a23-214-143-155deploystaticakamaitechnologiescom
    • flag-us
      DNS
      157.123.68.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      157.123.68.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      68.144.22.2.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      68.144.22.2.in-addr.arpa
      IN PTR
      Response
      68.144.22.2.in-addr.arpa
      IN PTR
      a2-22-144-68deploystaticakamaitechnologiescom
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      192.142.123.92.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      192.142.123.92.in-addr.arpa
      IN PTR
      Response
      192.142.123.92.in-addr.arpa
      IN PTR
      a92-123-142-192deploystaticakamaitechnologiescom
    • flag-us
      DNS
      172.214.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.214.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      29.243.111.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      29.243.111.52.in-addr.arpa
      IN PTR
    • 13.107.21.237:443
      https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=
      tls, http2
      2.0kB
       9.3kB
       22
      19

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

      HTTP Response

      204

      HTTP Request

      GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=de9245bf86754c9e90dc37465139c805&localId=w:5BC0C033-2656-131B-E22B-41EC383E9388&deviceId=6966568097755002&anid=

      HTTP Response

      204
    • 104.21.30.130:443
      https://stationacutwo.shop/api
      tls, http
      BitLockerToGo.exe
      1.4kB
       4.9kB
       11
      10

      HTTP Request

      POST https://stationacutwo.shop/api

      HTTP Response

      200
    • 172.67.214.52:443
      https://bouncedgowp.shop/api
      tls, http
      BitLockerToGo.exe
      1.0kB
       4.6kB
       9
      9

      HTTP Request

      POST https://bouncedgowp.shop/api

      HTTP Response

      200
    • 172.67.146.61:443
      https://bannngwko.shop/api
      tls, http
      BitLockerToGo.exe
      1.0kB
       4.6kB
       10
      10

      HTTP Request

      POST https://bannngwko.shop/api

      HTTP Response

      200
    • 172.67.146.97:443
      https://bargainnykwo.shop/api
      tls, http
      BitLockerToGo.exe
      1.2kB
       6.4kB
       12
      11

      HTTP Request

      POST https://bargainnykwo.shop/api

      HTTP Response

      200
    • 104.21.6.254:443
      https://affecthorsedpo.shop/api
      tls, http
      BitLockerToGo.exe
      1.0kB
       4.6kB
       9
      9

      HTTP Request

      POST https://affecthorsedpo.shop/api

      HTTP Response

      200
    • 104.21.68.158:443
      https://radiationnopp.shop/api
      tls, http
      BitLockerToGo.exe
      1.4kB
       4.6kB
       10
      9

      HTTP Request

      POST https://radiationnopp.shop/api

      HTTP Response

      200
    • 104.21.44.192:443
      https://answerrsdo.shop/api
      tls, http
      BitLockerToGo.exe
      999 B
       4.5kB
       9
      9

      HTTP Request

      POST https://answerrsdo.shop/api

      HTTP Response

      200
    • 104.21.25.154:443
      https://publicitttyps.shop/api
      tls, http
      BitLockerToGo.exe
      1.0kB
       4.6kB
       9
      9

      HTTP Request

      POST https://publicitttyps.shop/api

      HTTP Response

      200
    • 104.21.81.128:443
      https://benchillppwo.shop/api
      tls, http
      BitLockerToGo.exe
      1.0kB
       4.6kB
       9
      9

      HTTP Request

      POST https://benchillppwo.shop/api

      HTTP Response

      200
    • 23.214.143.155:443
      https://steamcommunity.com/profiles/76561199724331900
      tls, http
      BitLockerToGo.exe
      1.7kB
       42.4kB
       22
      36

      HTTP Request

      GET https://steamcommunity.com/profiles/76561199724331900

      HTTP Response

      200
    • 104.21.83.48:443
      https://reinforcedirectorywd.shop/api
      tls, http
      BitLockerToGo.exe
      1.0kB
       4.6kB
       9
      9

      HTTP Request

      POST https://reinforcedirectorywd.shop/api

      HTTP Response

      200
    • 8.8.8.8:53
      g.bing.com
      dns
      56 B
       151 B
       1
      1

      DNS Request

      g.bing.com

      DNS Response

      13.107.21.237
      204.79.197.237

    • 8.8.8.8:53
      72.32.126.40.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      72.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      237.21.107.13.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      237.21.107.13.in-addr.arpa

    • 8.8.8.8:53
      205.47.74.20.in-addr.arpa
      dns
      213 B
       157 B
       3
      1

      DNS Request

      205.47.74.20.in-addr.arpa

      DNS Request

      205.47.74.20.in-addr.arpa

      DNS Request

      205.47.74.20.in-addr.arpa

    • 8.8.8.8:53
      stationacutwo.shop
      dns
      BitLockerToGo.exe
      64 B
       96 B
       1
      1

      DNS Request

      stationacutwo.shop

      DNS Response

      104.21.30.130
      172.67.172.239

    • 8.8.8.8:53
      bouncedgowp.shop
      dns
      BitLockerToGo.exe
      62 B
       94 B
       1
      1

      DNS Request

      bouncedgowp.shop

      DNS Response

      172.67.214.52
      104.21.93.198

    • 8.8.8.8:53
      130.30.21.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      130.30.21.104.in-addr.arpa

    • 8.8.8.8:53
      bannngwko.shop
      dns
      BitLockerToGo.exe
      60 B
       92 B
       1
      1

      DNS Request

      bannngwko.shop

      DNS Response

      172.67.146.61
      104.21.81.196

    • 8.8.8.8:53
      bargainnykwo.shop
      dns
      BitLockerToGo.exe
      189 B
       95 B
       3
      1

      DNS Request

      bargainnykwo.shop

      DNS Request

      bargainnykwo.shop

      DNS Request

      bargainnykwo.shop

      DNS Response

      172.67.146.97
      104.21.47.93

    • 8.8.8.8:53
      52.214.67.172.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      52.214.67.172.in-addr.arpa

    • 8.8.8.8:53
      61.146.67.172.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      61.146.67.172.in-addr.arpa

    • 8.8.8.8:53
      affecthorsedpo.shop
      dns
      BitLockerToGo.exe
      130 B
       97 B
       2
      1

      DNS Request

      affecthorsedpo.shop

      DNS Request

      affecthorsedpo.shop

      DNS Response

      104.21.6.254
      172.67.135.137

    • 8.8.8.8:53
      97.146.67.172.in-addr.arpa
      dns
      144 B
       134 B
       2
      1

      DNS Request

      97.146.67.172.in-addr.arpa

      DNS Request

      97.146.67.172.in-addr.arpa

    • 8.8.8.8:53
      radiationnopp.shop
      dns
      BitLockerToGo.exe
      128 B
       96 B
       2
      1

      DNS Request

      radiationnopp.shop

      DNS Request

      radiationnopp.shop

      DNS Response

      104.21.68.158
      172.67.196.169

    • 8.8.8.8:53
      254.6.21.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      254.6.21.104.in-addr.arpa

    • 8.8.8.8:53
      answerrsdo.shop
      dns
      BitLockerToGo.exe
      61 B
       93 B
       1
      1

      DNS Request

      answerrsdo.shop

      DNS Response

      104.21.44.192
      172.67.203.63

    • 8.8.8.8:53
      publicitttyps.shop
      dns
      BitLockerToGo.exe
      128 B
       96 B
       2
      1

      DNS Request

      publicitttyps.shop

      DNS Request

      publicitttyps.shop

      DNS Response

      104.21.25.154
      172.67.134.88

    • 8.8.8.8:53
      192.44.21.104.in-addr.arpa
      dns
      144 B
       134 B
       2
      1

      DNS Request

      192.44.21.104.in-addr.arpa

      DNS Request

      192.44.21.104.in-addr.arpa

    • 8.8.8.8:53
      158.68.21.104.in-addr.arpa
      dns
      144 B
       134 B
       2
      1

      DNS Request

      158.68.21.104.in-addr.arpa

      DNS Request

      158.68.21.104.in-addr.arpa

    • 8.8.8.8:53
      benchillppwo.shop
      dns
      BitLockerToGo.exe
      63 B
       95 B
       1
      1

      DNS Request

      benchillppwo.shop

      DNS Response

      104.21.81.128
      172.67.160.230

    • 8.8.8.8:53
      steamcommunity.com
      dns
      BitLockerToGo.exe
      64 B
       80 B
       1
      1

      DNS Request

      steamcommunity.com

      DNS Response

      23.214.143.155

    • 8.8.8.8:53
      154.25.21.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      154.25.21.104.in-addr.arpa

    • 8.8.8.8:53
      128.81.21.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      128.81.21.104.in-addr.arpa

    • 8.8.8.8:53
      reinforcedirectorywd.shop
      dns
      BitLockerToGo.exe
      71 B
       103 B
       1
      1

      DNS Request

      reinforcedirectorywd.shop

      DNS Response

      104.21.83.48
      172.67.214.98

    • 8.8.8.8:53
      48.83.21.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      48.83.21.104.in-addr.arpa

    • 8.8.8.8:53
      155.143.214.23.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      155.143.214.23.in-addr.arpa

    • 8.8.8.8:53
      157.123.68.40.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      157.123.68.40.in-addr.arpa

    • 8.8.8.8:53
      68.144.22.2.in-addr.arpa
      dns
      70 B
       133 B
       1
      1

      DNS Request

      68.144.22.2.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      192.142.123.92.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      192.142.123.92.in-addr.arpa

    • 8.8.8.8:53
      172.214.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.214.232.199.in-addr.arpa

    • 8.8.8.8:53
      29.243.111.52.in-addr.arpa
      dns
      144 B
       158 B
       2
      1

      DNS Request

      29.243.111.52.in-addr.arpa

      DNS Request

      29.243.111.52.in-addr.arpa

    MITRE ATT&CK Matrix

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • memory/1976-5-0x0000000001270000-0x00000000012BF000-memory.dmp

      Filesize

      316KB

      Download

    • memory/1976-8-0x0000000001270000-0x00000000012BF000-memory.dmp

      Filesize

      316KB

      Download

    • memory/1976-9-0x0000000001270000-0x00000000012BF000-memory.dmp

      Filesize

      316KB

      Download

    • memory/1976-10-0x0000000001270000-0x00000000012BF000-memory.dmp

      Filesize

      316KB

      Download

    • memory/4256-2-0x00007FF7E7B60000-0x00007FF7E8497000-memory.dmp

      Filesize

      9.2MB

      Download

    • memory/4256-6-0x00007FF7E7B60000-0x00007FF7E8497000-memory.dmp

      Filesize

      9.2MB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.