Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

10

Static

static

1

Setup.exe

windows7-x64

10

Setup.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    94s
  • max time network
    147s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20241007-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
  • submitted
    04/01/2025, 23:49 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    Setup.exe

  • Size

    73.0MB

  • MD5

    2f84c8a115eb4fa477054b3915d6d156

  • SHA1

    0aa8a86694bf487867861c8d51919b558b62ef3c

  • SHA256

    a13eeb5717208e256a8b59d7baa24754f0b81f9fa9d7e7a0cf60b07fc0e489dd

  • SHA512

    3c2abae78db024aded2b34c4a7a1bb1ed76afd4fcafceb7948a3a08a5b08c86e84a6b1734fb367ffdcb5d408d8dad4c85e9195ce41df4ddd6525db41df7ef508

  • SSDEEP

    49152:H3UdqOr+inXPPpBs1qg5lRCT8DZ5mK5fIbgD:H8F++gfXRxDIgD

Score
10/10
lummadiscoverystealer

Malware Config

Extracted

Family

lumma

C2

https://cloudewahsj.shop/api

https://rabidcowse.shop/api

https://noisycuttej.shop/api

https://tirepublicerj.shop/api

https://framekgirus.shop/api

https://wholersorie.shop/api

https://abruptyopsn.shop/api

https://nearycrepso.shop/api

Extracted

Family

lumma

C2

https://abruptyopsn.shop/api

https://wholersorie.shop/api

https://framekgirus.shop/api

https://tirepublicerj.shop/api

https://noisycuttej.shop/api

https://rabidcowse.shop/api

https://cloudewahsj.shop/api

Signatures

  • Lumma Stealer, LummaC

    Lumma or LummaC is an infostealer written in C++ first seen in August 2022.

    stealerlumma
  • Lumma family
    lumma
  • System Location Discovery: System Language Discovery 1 TTPs 1 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

    discovery
  • Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\Setup.exe
    "C:\Users\Admin\AppData\Local\Temp\Setup.exe"
    1⤵
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    PID:4468

Network

  • flag-us
    DNS
    8.8.8.8.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    8.8.8.8.in-addr.arpa
    IN PTR
    Response
    8.8.8.8.in-addr.arpa
    IN PTR
    dnsgoogle
  • flag-us
    DNS
    228.249.119.40.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    228.249.119.40.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.214.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.214.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    73.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    73.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    95.221.229.192.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    95.221.229.192.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    sloppymisskr.click
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    sloppymisskr.click
    IN A
    Response
    sloppymisskr.click
    IN A
    172.67.199.223
    sloppymisskr.click
    IN A
    104.21.90.109
  • flag-us
    POST
    https://sloppymisskr.click/api
    Setup.exe
    Remote address:
    172.67.199.223:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: sloppymisskr.click
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:36 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=692f05deg0erjdnjqeo1nafbjb; expires=Wed, 30 Apr 2025 17:36:15 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=yT6M45ITBJDH7Tl9MpibC%2FXg368MK8XCg8tE%2BFqvAtyPNNmPLcGrke%2BukyJX%2BWxecmNBK5X6PYIRT7nUDjSNQHOErybJQuR36MDbWkXeQkeWA5JSE111vH5YCgjKZxD3SbwAn8M%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf20465fa635db-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=32629&min_rtt=26214&rtt_var=17490&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3305&recv_bytes=609&delivery_rate=125470&cwnd=253&unsent_bytes=0&cid=96dc67891df5bc43&ts=279&x=0"
  • flag-us
    DNS
    nearycrepso.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    nearycrepso.shop
    IN A
    Response
  • flag-us
    DNS
    abruptyopsn.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    abruptyopsn.shop
    IN A
    Response
    abruptyopsn.shop
    IN A
    104.21.64.1
    abruptyopsn.shop
    IN A
    104.21.80.1
    abruptyopsn.shop
    IN A
    104.21.48.1
    abruptyopsn.shop
    IN A
    104.21.96.1
    abruptyopsn.shop
    IN A
    104.21.112.1
    abruptyopsn.shop
    IN A
    104.21.16.1
    abruptyopsn.shop
    IN A
    104.21.32.1
  • flag-us
    POST
    https://abruptyopsn.shop/api
    Setup.exe
    Remote address:
    104.21.64.1:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: abruptyopsn.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:36 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=hk2vis2drnd6g781cj0ff3n3sg; expires=Wed, 30 Apr 2025 17:36:15 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ajnh9Rl3vJE40beGk8OFYC%2F6lAzTVyUL4VseNGN5q%2FM41g3O61ZQKSGWaDZGwiniRv14YnAUT3CW9RulrBJJHmbQ%2BHBGNEnO8NlcSryAyfbCOZEaHjgBJYT9X6ox%2BBjZVWRi"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf2048aa4b6554-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=29132&min_rtt=26197&rtt_var=10160&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3510&recv_bytes=605&delivery_rate=100693&cwnd=253&unsent_bytes=0&cid=50a93e1263af3a9a&ts=243&x=0"
  • flag-us
    DNS
    wholersorie.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    wholersorie.shop
    IN A
    Response
    wholersorie.shop
    IN A
    104.21.41.51
    wholersorie.shop
    IN A
    172.67.160.114
  • flag-us
    POST
    https://wholersorie.shop/api
    Setup.exe
    Remote address:
    104.21.41.51:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: wholersorie.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:37 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=pr9ut13a7o256nojfhnd9bt2vo; expires=Wed, 30 Apr 2025 17:36:16 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=hvD55lxiYR%2BGwVVsVaJ4Smou8JUUFjGDnEbTHciwtNKVOtmBhTCIsTBiMNojSnE8FsFHFeTFD42jojpmsLtmtyEc0GPzKj%2BGSPpE6Jxdq6Yk2dSzyqnWtvN9go%2FouoCchgss"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf204a9dd5e8fe-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=27922&min_rtt=26194&rtt_var=8558&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3299&recv_bytes=605&delivery_rate=126664&cwnd=204&unsent_bytes=0&cid=679ae283bf160972&ts=248&x=0"
  • flag-us
    DNS
    223.199.67.172.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    223.199.67.172.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.64.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.64.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    framekgirus.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    framekgirus.shop
    IN A
    Response
    framekgirus.shop
    IN A
    104.21.18.19
    framekgirus.shop
    IN A
    172.67.179.160
  • flag-us
    POST
    https://framekgirus.shop/api
    Setup.exe
    Remote address:
    104.21.18.19:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: framekgirus.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:37 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=spia8e54hghj73q1f33iu31iov; expires=Wed, 30 Apr 2025 17:36:16 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=pNB49Xai5FPoyjx%2FrN5JVmB5VOMsP04HXbv3WnIhpV6fUGJzBFNqOqRMVtbsqSCpFTWEbO7K%2BfZ5HK0UzI3e5HfRHXpdOks4NxxuXSZ4i1K6JXY4rj1UE5cTXO%2BcBdkyusbn"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf204cca6e6536-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=28836&min_rtt=26478&rtt_var=9439&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3295&recv_bytes=605&delivery_rate=126865&cwnd=253&unsent_bytes=0&cid=f7282ce10b9dc088&ts=240&x=0"
  • flag-us
    DNS
    tirepublicerj.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    tirepublicerj.shop
    IN A
    Response
    tirepublicerj.shop
    IN A
    104.21.96.1
    tirepublicerj.shop
    IN A
    104.21.48.1
    tirepublicerj.shop
    IN A
    104.21.80.1
    tirepublicerj.shop
    IN A
    104.21.64.1
    tirepublicerj.shop
    IN A
    104.21.16.1
    tirepublicerj.shop
    IN A
    104.21.112.1
    tirepublicerj.shop
    IN A
    104.21.32.1
  • flag-us
    POST
    https://tirepublicerj.shop/api
    Setup.exe
    Remote address:
    104.21.96.1:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: tirepublicerj.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:37 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=4e8hdcjt1bpchs7lvi31tcad5m; expires=Wed, 30 Apr 2025 17:36:16 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o8lwPEWJPh%2BigjYJVAEeHodlCx4qLet0So7YgC0%2FOT3rTnEDTYZBfjScCQBr%2BnlInchBvsfES6j6G44KB1IJrGcwpGaTWgCLC38wNiTSvVv3LoDhknjEd5LqC5Wr1JGAjagbPIo%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf204ece40becd-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=29023&min_rtt=26602&rtt_var=7896&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=609&delivery_rate=133484&cwnd=253&unsent_bytes=0&cid=ef35807d4e4caebe&ts=237&x=0"
  • flag-us
    DNS
    noisycuttej.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    noisycuttej.shop
    IN A
    Response
    noisycuttej.shop
    IN A
    104.21.71.146
    noisycuttej.shop
    IN A
    172.67.170.178
  • flag-us
    POST
    https://noisycuttej.shop/api
    Setup.exe
    Remote address:
    104.21.71.146:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: noisycuttej.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:38 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=8t0vb414ca3c0cddrg5a6l8v7v; expires=Wed, 30 Apr 2025 17:36:17 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=TIDrg0ZI4yclHwpqEZP0ocYrPqoKKgUNVvSi%2BRAZISzTZU8%2B3QIaLmPtgGdv8kTXjs8ftdqkvwM9xZt%2BCl9TlUABvgJapVb10uuByyXG8FYE9aLmLWrMWupfahfos5vbXkPe"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf2050c9be779b-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=27086&min_rtt=26417&rtt_var=6633&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3300&recv_bytes=605&delivery_rate=132450&cwnd=253&unsent_bytes=0&cid=628726b2e06392e9&ts=224&x=0"
  • flag-us
    DNS
    51.41.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    51.41.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    19.18.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    19.18.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.96.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.96.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    rabidcowse.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    rabidcowse.shop
    IN A
    Response
    rabidcowse.shop
    IN A
    104.21.7.224
    rabidcowse.shop
    IN A
    172.67.156.127
  • flag-us
    POST
    https://rabidcowse.shop/api
    Setup.exe
    Remote address:
    104.21.7.224:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: rabidcowse.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:38 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=ruh30kih05ma78hlf3m4gm8m8v; expires=Wed, 30 Apr 2025 17:36:17 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=huPiWGk2AyZZaBvc1ncwAsUgA8q36QhKy%2FO6TRpmraq5nAwy%2BziJKD0fw35GJy6LIjVKAe8X3mV8ABz3LJ%2FR6qCUcnOeHyQUeXzBxiTozshMv5Fz2ikmSdZMXNyYc2MG2oo%3D"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf2052cadab466-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=27646&min_rtt=26281&rtt_var=7878&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=603&delivery_rate=126617&cwnd=248&unsent_bytes=0&cid=01c3a18133d20179&ts=248&x=0"
  • flag-us
    DNS
    cloudewahsj.shop
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    cloudewahsj.shop
    IN A
    Response
    cloudewahsj.shop
    IN A
    104.21.32.1
    cloudewahsj.shop
    IN A
    104.21.48.1
    cloudewahsj.shop
    IN A
    104.21.16.1
    cloudewahsj.shop
    IN A
    104.21.96.1
    cloudewahsj.shop
    IN A
    104.21.80.1
    cloudewahsj.shop
    IN A
    104.21.112.1
    cloudewahsj.shop
    IN A
    104.21.64.1
  • flag-us
    POST
    https://cloudewahsj.shop/api
    Setup.exe
    Remote address:
    104.21.32.1:443
    Request
    POST /api HTTP/1.1
    Connection: Keep-Alive
    Content-Type: application/x-www-form-urlencoded
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Content-Length: 8
    Host: cloudewahsj.shop
    Response
    HTTP/1.1 200 OK
    Date: Sat, 04 Jan 2025 23:49:38 GMT
    Content-Type: text/html; charset=UTF-8
    Transfer-Encoding: chunked
    Connection: keep-alive
    Set-Cookie: PHPSESSID=gs2dsc9o4kuu1otm2qhfdcbvl5; expires=Wed, 30 Apr 2025 17:36:17 GMT; Max-Age=9999999; path=/
    Expires: Thu, 19 Nov 1981 08:52:00 GMT
    Cache-Control: no-store, no-cache, must-revalidate
    Pragma: no-cache
    X-Frame-Options: DENY
    X-Content-Type-Options: nosniff
    X-XSS-Protection: 1; mode=block
    cf-cache-status: DYNAMIC
    vary: accept-encoding
    Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=uo3SFOWf4Y9tKVfAjCS710u2muQI5QiFV3AxAbwTsNcZBUCWOkgGyWEupEoHWgbaCuvjiDJ5ILoKzUtcl39dnIfw5cMUfqcZvzq3G2NoR%2BhPEFifzijxSJTgNba67gJUUm%2B1"}],"group":"cf-nel","max_age":604800}
    NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
    Server: cloudflare
    CF-RAY: 8fcf2054ecb594d2-LHR
    alt-svc: h3=":443"; ma=86400
    server-timing: cfL4;desc="?proto=TCP&rtt=28325&min_rtt=26468&rtt_var=8348&sent=6&recv=7&lost=0&retrans=0&sent_bytes=3294&recv_bytes=605&delivery_rate=133967&cwnd=236&unsent_bytes=0&cid=a218dd06e7dfbc08&ts=251&x=0"
  • flag-us
    DNS
    steamcommunity.com
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    steamcommunity.com
    IN A
    Response
    steamcommunity.com
    IN A
    104.82.234.109
  • flag-gb
    GET
    https://steamcommunity.com/profiles/76561199724331900
    Setup.exe
    Remote address:
    104.82.234.109:443
    Request
    GET /profiles/76561199724331900 HTTP/1.1
    Connection: Keep-Alive
    User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/119.0.0.0 Safari/537.36
    Host: steamcommunity.com
    Response
    HTTP/1.1 200 OK
    Server: nginx
    Content-Type: text/html; charset=UTF-8
    Content-Security-Policy: default-src blob: data: https: 'unsafe-inline' 'unsafe-eval'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://community.cloudflare.steamstatic.com/ https://cdn.cloudflare.steamstatic.com/steamcommunity/public/assets/ https://api.steampowered.com/ https://recaptcha.net https://www.google.com/recaptcha/ https://www.gstatic.cn/recaptcha/ https://www.gstatic.com/recaptcha/ https://www.youtube.com/ https://s.ytimg.com; object-src 'none'; connect-src 'self' https://community.cloudflare.steamstatic.com/ https://store.steampowered.com/ https://checkout.steampowered.com/ wss://community.steam-api.com/websocket/ https://api.steampowered.com/ https://login.steampowered.com/ https://help.steampowered.com/ https://steam.tv/ https://steamcommunity.com/ https://*.valvesoftware.com https://*.steambeta.net https://*.discovery.beta.steamserver.net https://*.steamcontent.com https://steambroadcast.akamaized.net https://steambroadcast-test.akamaized.net https://broadcast.st.dl.eccdnx.com https://lv.queniujq.cn https://steambroadcastchat.akamaized.net http://127.0.0.1:27060 ws://127.0.0.1:27060; frame-src 'self' steam: https://store.steampowered.com/ https://help.steampowered.com/ https://login.steampowered.com/ https://checkout.steampowered.com/ https://www.youtube.com https://www.google.com https://sketchfab.com https://player.vimeo.com https://medal.tv https://www.google.com/recaptcha/ https://recaptcha.net/recaptcha/; frame-ancestors 'self' https://store.steampowered.com/;
    Expires: Mon, 26 Jul 1997 05:00:00 GMT
    Cache-Control: no-cache
    Date: Sat, 04 Jan 2025 23:49:39 GMT
    Content-Length: 35588
    Connection: keep-alive
    Set-Cookie: sessionid=297ad36b2068c7ca497f1d3c; Path=/; Secure; SameSite=None
    Set-Cookie: steamCountry=GB%7C7d625a3b038bb98f68b4e14dac147806; Path=/; Secure; HttpOnly; SameSite=None
  • flag-us
    DNS
    146.71.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    146.71.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    224.7.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    224.7.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    1.32.21.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    1.32.21.104.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    lev-tolstoi.com
    Setup.exe
    Remote address:
    8.8.8.8:53
    Request
    lev-tolstoi.com
    IN A
    Response
  • flag-us
    DNS
    109.234.82.104.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    109.234.82.104.in-addr.arpa
    IN PTR
    Response
    109.234.82.104.in-addr.arpa
    IN PTR
    a104-82-234-109deploystaticakamaitechnologiescom
  • flag-us
    DNS
    97.17.167.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    97.17.167.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    56.163.245.4.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    56.163.245.4.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    198.187.3.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    198.187.3.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    172.210.232.199.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    172.210.232.199.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    23.236.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    23.236.111.52.in-addr.arpa
    IN PTR
    Response
  • 172.67.199.223:443
    https://sloppymisskr.click/api
    tls, http
    Setup.exe
    1.0kB
     4.9kB
     9
    9

    HTTP Request

    POST https://sloppymisskr.click/api

    HTTP Response

    200
  • 104.21.64.1:443
    https://abruptyopsn.shop/api
    tls, http
    Setup.exe
    1.0kB
     5.1kB
     9
    9

    HTTP Request

    POST https://abruptyopsn.shop/api

    HTTP Response

    200
  • 104.21.41.51:443
    https://wholersorie.shop/api
    tls, http
    Setup.exe
    1.0kB
     4.9kB
     9
    9

    HTTP Request

    POST https://wholersorie.shop/api

    HTTP Response

    200
  • 104.21.18.19:443
    https://framekgirus.shop/api
    tls, http
    Setup.exe
    1.0kB
     4.9kB
     9
    9

    HTTP Request

    POST https://framekgirus.shop/api

    HTTP Response

    200
  • 104.21.96.1:443
    https://tirepublicerj.shop/api
    tls, http
    Setup.exe
    1.0kB
     4.9kB
     9
    9

    HTTP Request

    POST https://tirepublicerj.shop/api

    HTTP Response

    200
  • 104.21.71.146:443
    https://noisycuttej.shop/api
    tls, http
    Setup.exe
    1.0kB
     4.9kB
     9
    9

    HTTP Request

    POST https://noisycuttej.shop/api

    HTTP Response

    200
  • 104.21.7.224:443
    https://rabidcowse.shop/api
    tls, http
    Setup.exe
    999 B
     4.9kB
     9
    9

    HTTP Request

    POST https://rabidcowse.shop/api

    HTTP Response

    200
  • 104.21.32.1:443
    https://cloudewahsj.shop/api
    tls, http
    Setup.exe
    1.0kB
     4.9kB
     9
    9

    HTTP Request

    POST https://cloudewahsj.shop/api

    HTTP Response

    200
  • 104.82.234.109:443
    https://steamcommunity.com/profiles/76561199724331900
    tls, http
    Setup.exe
    1.5kB
     43.1kB
     21
    36

    HTTP Request

    GET https://steamcommunity.com/profiles/76561199724331900

    HTTP Response

    200
  • 8.8.8.8:53
    8.8.8.8.in-addr.arpa
    dns
    66 B
     90 B
     1
    1

    DNS Request

    8.8.8.8.in-addr.arpa

  • 8.8.8.8:53
    228.249.119.40.in-addr.arpa
    dns
    73 B
     159 B
     1
    1

    DNS Request

    228.249.119.40.in-addr.arpa

  • 8.8.8.8:53
    172.214.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.214.232.199.in-addr.arpa

  • 8.8.8.8:53
    73.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    73.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    95.221.229.192.in-addr.arpa
    dns
    73 B
     144 B
     1
    1

    DNS Request

    95.221.229.192.in-addr.arpa

  • 8.8.8.8:53
    sloppymisskr.click
    dns
    Setup.exe
    64 B
     96 B
     1
    1

    DNS Request

    sloppymisskr.click

    DNS Response

    172.67.199.223
    104.21.90.109

  • 8.8.8.8:53
    nearycrepso.shop
    dns
    Setup.exe
    62 B
     119 B
     1
    1

    DNS Request

    nearycrepso.shop

  • 8.8.8.8:53
    abruptyopsn.shop
    dns
    Setup.exe
    62 B
     174 B
     1
    1

    DNS Request

    abruptyopsn.shop

    DNS Response

    104.21.64.1
    104.21.80.1
    104.21.48.1
    104.21.96.1
    104.21.112.1
    104.21.16.1
    104.21.32.1

  • 8.8.8.8:53
    wholersorie.shop
    dns
    Setup.exe
    62 B
     94 B
     1
    1

    DNS Request

    wholersorie.shop

    DNS Response

    104.21.41.51
    172.67.160.114

  • 8.8.8.8:53
    223.199.67.172.in-addr.arpa
    dns
    73 B
     135 B
     1
    1

    DNS Request

    223.199.67.172.in-addr.arpa

  • 8.8.8.8:53
    1.64.21.104.in-addr.arpa
    dns
    70 B
     132 B
     1
    1

    DNS Request

    1.64.21.104.in-addr.arpa

  • 8.8.8.8:53
    framekgirus.shop
    dns
    Setup.exe
    62 B
     94 B
     1
    1

    DNS Request

    framekgirus.shop

    DNS Response

    104.21.18.19
    172.67.179.160

  • 8.8.8.8:53
    tirepublicerj.shop
    dns
    Setup.exe
    64 B
     176 B
     1
    1

    DNS Request

    tirepublicerj.shop

    DNS Response

    104.21.96.1
    104.21.48.1
    104.21.80.1
    104.21.64.1
    104.21.16.1
    104.21.112.1
    104.21.32.1

  • 8.8.8.8:53
    noisycuttej.shop
    dns
    Setup.exe
    62 B
     94 B
     1
    1

    DNS Request

    noisycuttej.shop

    DNS Response

    104.21.71.146
    172.67.170.178

  • 8.8.8.8:53
    51.41.21.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    51.41.21.104.in-addr.arpa

  • 8.8.8.8:53
    19.18.21.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    19.18.21.104.in-addr.arpa

  • 8.8.8.8:53
    1.96.21.104.in-addr.arpa
    dns
    70 B
     132 B
     1
    1

    DNS Request

    1.96.21.104.in-addr.arpa

  • 8.8.8.8:53
    rabidcowse.shop
    dns
    Setup.exe
    61 B
     93 B
     1
    1

    DNS Request

    rabidcowse.shop

    DNS Response

    104.21.7.224
    172.67.156.127

  • 8.8.8.8:53
    cloudewahsj.shop
    dns
    Setup.exe
    62 B
     174 B
     1
    1

    DNS Request

    cloudewahsj.shop

    DNS Response

    104.21.32.1
    104.21.48.1
    104.21.16.1
    104.21.96.1
    104.21.80.1
    104.21.112.1
    104.21.64.1

  • 8.8.8.8:53
    steamcommunity.com
    dns
    Setup.exe
    64 B
     80 B
     1
    1

    DNS Request

    steamcommunity.com

    DNS Response

    104.82.234.109

  • 8.8.8.8:53
    146.71.21.104.in-addr.arpa
    dns
    72 B
     134 B
     1
    1

    DNS Request

    146.71.21.104.in-addr.arpa

  • 8.8.8.8:53
    224.7.21.104.in-addr.arpa
    dns
    71 B
     133 B
     1
    1

    DNS Request

    224.7.21.104.in-addr.arpa

  • 8.8.8.8:53
    1.32.21.104.in-addr.arpa
    dns
    70 B
     132 B
     1
    1

    DNS Request

    1.32.21.104.in-addr.arpa

  • 8.8.8.8:53
    lev-tolstoi.com
    dns
    Setup.exe
    61 B
     134 B
     1
    1

    DNS Request

    lev-tolstoi.com

  • 8.8.8.8:53
    109.234.82.104.in-addr.arpa
    dns
    73 B
     139 B
     1
    1

    DNS Request

    109.234.82.104.in-addr.arpa

  • 8.8.8.8:53
    97.17.167.52.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    97.17.167.52.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    56.163.245.4.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    56.163.245.4.in-addr.arpa

  • 8.8.8.8:53
    198.187.3.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    198.187.3.20.in-addr.arpa

  • 8.8.8.8:53
    172.210.232.199.in-addr.arpa
    dns
    74 B
     128 B
     1
    1

    DNS Request

    172.210.232.199.in-addr.arpa

  • 8.8.8.8:53
    23.236.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    23.236.111.52.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

  • memory/4468-0-0x0000000002540000-0x0000000002595000-memory.dmp

    Filesize

    340KB

    Download

  • memory/4468-1-0x0000000002540000-0x0000000002595000-memory.dmp

    Filesize

    340KB

    Download

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.