Overview

overview

10

Static

static

10

2024-02-21...ab.exe

windows7-x64

6

2024-02-21...ab.exe

windows10-2004-x64

6

Analysis

  • max time kernel
    149s
  • max time network
    150s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240220-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240220-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21/02/2024, 14:50 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-02-21_b5b014c874f83b10be43962874fb62b1_gandcrab.exe

  • Size

    73KB

  • MD5

    b5b014c874f83b10be43962874fb62b1

  • SHA1

    0ea9bd9c32cc3b62f792e2c6a5095fcd8b7d5729

  • SHA256

    ca9c072a461837822a95b59dd1080ef82da9886906614b8193f0bceb30fe7c67

  • SHA512

    fba8f63d7d0a84c2a95d0bdb021030875aa2f249046f77c046910eb914d4300acab8f58c1feeab154ed17be51120ece9912a442ba0f7241b3e404a3ecbaed7c6

  • SSDEEP

    1536:P55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:7MSjOnrmBTMqqDL2/mr3IdE8we0Avu5F

Score
6/10
persistence

Malware Config

Signatures

  • Adds Run key to start application 2 TTPs 1 IoCs
    persistence
  • Enumerates connected drives 3 TTPs 23 IoCs

    Attempts to read the root path of hard drives other than the default C: drive.

  • Checks processor information in registry 2 TTPs 3 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Suspicious behavior: EnumeratesProcesses 4 IoCs
  • Suspicious use of WriteProcessMemory 42 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-02-21_b5b014c874f83b10be43962874fb62b1_gandcrab.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-02-21_b5b014c874f83b10be43962874fb62b1_gandcrab.exe"
    1⤵
    • Adds Run key to start application
    • Enumerates connected drives
    • Checks processor information in registry
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of WriteProcessMemory
    PID:3872
    • C:\Windows\SysWOW64\nslookup.exe
      nslookup nomoreransom.bit dns1.soprodns.ru
      2⤵
        PID:2908
      • C:\Windows\SysWOW64\nslookup.exe
        nslookup emsisoft.bit dns1.soprodns.ru
        2⤵
          PID:2872
        • C:\Windows\SysWOW64\nslookup.exe
          nslookup gandcrab.bit dns1.soprodns.ru
          2⤵
            PID:4196
          • C:\Windows\SysWOW64\nslookup.exe
            nslookup nomoreransom.bit dns1.soprodns.ru
            2⤵
              PID:4420
            • C:\Windows\SysWOW64\nslookup.exe
              nslookup emsisoft.bit dns1.soprodns.ru
              2⤵
                PID:2532
              • C:\Windows\SysWOW64\nslookup.exe
                nslookup gandcrab.bit dns1.soprodns.ru
                2⤵
                  PID:3708
                • C:\Windows\SysWOW64\nslookup.exe
                  nslookup nomoreransom.bit dns1.soprodns.ru
                  2⤵
                    PID:372
                  • C:\Windows\SysWOW64\nslookup.exe
                    nslookup emsisoft.bit dns1.soprodns.ru
                    2⤵
                      PID:3612
                    • C:\Windows\SysWOW64\nslookup.exe
                      nslookup gandcrab.bit dns1.soprodns.ru
                      2⤵
                        PID:5088
                      • C:\Windows\SysWOW64\nslookup.exe
                        nslookup nomoreransom.bit dns1.soprodns.ru
                        2⤵
                          PID:1660
                        • C:\Windows\SysWOW64\nslookup.exe
                          nslookup emsisoft.bit dns1.soprodns.ru
                          2⤵
                            PID:60
                          • C:\Windows\SysWOW64\nslookup.exe
                            nslookup gandcrab.bit dns1.soprodns.ru
                            2⤵
                              PID:3820
                            • C:\Windows\SysWOW64\nslookup.exe
                              nslookup nomoreransom.bit dns1.soprodns.ru
                              2⤵
                                PID:4412
                              • C:\Windows\SysWOW64\nslookup.exe
                                nslookup emsisoft.bit dns1.soprodns.ru
                                2⤵
                                  PID:1224

                              Network

                              • flag-us
                                DNS
                                g.bing.com
                                Remote address:
                                8.8.8.8:53
                                Request
                                g.bing.com
                                IN A
                                Response
                                g.bing.com
                                IN CNAME
                                g-bing-com.a-0001.a-msedge.net
                                g-bing-com.a-0001.a-msedge.net
                                IN CNAME
                                dual-a-0001.a-msedge.net
                                dual-a-0001.a-msedge.net
                                IN A
                                204.79.197.200
                                dual-a-0001.a-msedge.net
                                IN A
                                13.107.21.200
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MUID=3A82A150017762010E01B57C005063A9; domain=.bing.com; expires=Mon, 17-Mar-2025 14:51:01 GMT; path=/; SameSite=None; Secure; Priority=High;
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: BC1C75CEC792454DBB02232FAE69FA79 Ref B: LON04EDGE0615 Ref C: 2024-02-21T14:51:01Z
                                date: Wed, 21 Feb 2024 14:51:01 GMT
                              • flag-us
                                GET
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C
                                Remote address:
                                204.79.197.200:443
                                Request
                                GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C HTTP/2.0
                                host: g.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=3A82A150017762010E01B57C005063A9; _EDGE_S=SID=16E3C8CDBC9D677439F3DCE1BDBA661E
                                Response
                                HTTP/2.0 204
                                cache-control: no-cache, must-revalidate
                                pragma: no-cache
                                expires: Fri, 01 Jan 1990 00:00:00 GMT
                                set-cookie: MSPTC=N4dzkooz-YalcF_anPFZjjtJNMKn0mJMvINPgxoHG4E; domain=.bing.com; expires=Mon, 17-Mar-2025 14:51:04 GMT; path=/; Partitioned; secure; SameSite=None
                                strict-transport-security: max-age=31536000; includeSubDomains; preload
                                access-control-allow-origin: *
                                x-cache: CONFIG_NOCACHE
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: D5161D6BEA264A95BABF9703707231B6 Ref B: LON04EDGE0615 Ref C: 2024-02-21T14:51:04Z
                                date: Wed, 21 Feb 2024 14:51:03 GMT
                              • flag-gb
                                GET
                                https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=033033678a1346088bae493e4f184c9d&tids=15000&med=10&pubId=251978541&TIME=20240220T083420Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780
                                Remote address:
                                92.123.128.186:443
                                Request
                                GET /aes/c.gif?type=mv&reqver=1.0&rg=033033678a1346088bae493e4f184c9d&tids=15000&med=10&pubId=251978541&TIME=20240220T083420Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780 HTTP/2.0
                                host: www.bing.com
                                accept-encoding: gzip, deflate
                                user-agent: WindowsShellClient/9.0.40929.0 (Windows)
                                cookie: MUID=3A82A150017762010E01B57C005063A9
                                Response
                                HTTP/2.0 200
                                cache-control: private,no-store
                                pragma: no-cache
                                vary: Origin
                                p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
                                accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
                                x-msedge-ref: Ref A: 755BFBEC1CA84ABFAA5D7E171DFD56B7 Ref B: LON04EDGE0720 Ref C: 2024-02-21T14:51:03Z
                                content-length: 0
                                date: Wed, 21 Feb 2024 14:51:04 GMT
                                set-cookie: _EDGE_S=SID=16E3C8CDBC9D677439F3DCE1BDBA661E; path=/; httponly; domain=bing.com
                                set-cookie: MUIDB=3A82A150017762010E01B57C005063A9; path=/; httponly; expires=Mon, 17-Mar-2025 14:51:03 GMT
                                alt-svc: h3=":443"; ma=93600
                                x-cdn-traceid: 0.ba777b5c.1708527063.8f52d52c
                              • flag-us
                                DNS
                                4.181.190.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                4.181.190.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                209.78.101.95.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                209.78.101.95.in-addr.arpa
                                IN PTR
                                Response
                                209.78.101.95.in-addr.arpa
                                IN PTR
                                a95-101-78-209deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                ipv4bot.whatismyipaddress.com
                                2024-02-21_b5b014c874f83b10be43962874fb62b1_gandcrab.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                ipv4bot.whatismyipaddress.com
                                IN A
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                186.128.123.92.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                186.128.123.92.in-addr.arpa
                                IN PTR
                                Response
                                186.128.123.92.in-addr.arpa
                                IN PTR
                                a92-123-128-186deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                26.35.223.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                26.35.223.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                103.169.127.40.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                103.169.127.40.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                18.31.95.13.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                18.31.95.13.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                18.134.221.88.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                18.134.221.88.in-addr.arpa
                                IN PTR
                                Response
                                18.134.221.88.in-addr.arpa
                                IN PTR
                                a88-221-134-18deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                177.178.17.96.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                177.178.17.96.in-addr.arpa
                                IN PTR
                                Response
                                177.178.17.96.in-addr.arpa
                                IN PTR
                                a96-17-178-177deploystaticakamaitechnologiescom
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                30.243.111.52.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                30.243.111.52.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                gandcrab.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                gandcrab.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                nomoreransom.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                nomoreransom.bit
                                IN AAAA
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                                Response
                              • flag-us
                                DNS
                                dns1.soprodns.ru
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                dns1.soprodns.ru
                                IN A
                              • flag-us
                                DNS
                                8.8.8.8.in-addr.arpa
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                Response
                                8.8.8.8.in-addr.arpa
                                IN PTR
                                dnsgoogle
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                4.173.189.20.in-addr.arpa
                                Remote address:
                                8.8.8.8:53
                                Request
                                4.173.189.20.in-addr.arpa
                                IN PTR
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN A
                                Response
                              • flag-us
                                DNS
                                emsisoft.bit
                                nslookup.exe
                                Remote address:
                                8.8.8.8:53
                                Request
                                emsisoft.bit
                                IN AAAA
                                Response
                              • 204.79.197.200:443
                                https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C
                                tls, http2
                                2.5kB
                                 9.0kB
                                 19
                                17

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C

                                HTTP Response

                                204

                                HTTP Request

                                GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8K615JnN3_7KyNbkag_2LZzVUCUzjDgB5UqctGZK9tSXBj1cHPPFJJAmt9lQtQmlStjd0_eHBWBw55d7puDBG6AJOUotpZCB5zAnUDWLGHl1dMNiis0WK5kNJhpLv7HRHkFSu0B3CLctjB7xYrEqbTzQz8EfMJu5UlbXWa9_Ea4WxC49M%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJRCUzZDlOUlJKTExYTTY4ViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D1a581d0709541c788d0678d36ab860f8&TIME=20240220T083420Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780&muid=20FE1886F126C67BC1F70172F6B4D54C

                                HTTP Response

                                204
                              • 92.123.128.186:443
                                https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=033033678a1346088bae493e4f184c9d&tids=15000&med=10&pubId=251978541&TIME=20240220T083420Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780
                                tls, http2
                                1.5kB
                                 5.5kB
                                 17
                                15

                                HTTP Request

                                GET https://www.bing.com/aes/c.gif?type=mv&reqver=1.0&rg=033033678a1346088bae493e4f184c9d&tids=15000&med=10&pubId=251978541&TIME=20240220T083420Z&adUnitId=11730597&localId=w:20FE1886-F126-C67B-C1F7-0172F6B4D54C&deviceId=6755460716320780

                                HTTP Response

                                200
                              • 8.8.8.8:53
                                g.bing.com
                                dns
                                56 B
                                 158 B
                                 1
                                1

                                DNS Request

                                g.bing.com

                                DNS Response

                                204.79.197.200
                                13.107.21.200

                              • 8.8.8.8:53
                                4.181.190.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                4.181.190.20.in-addr.arpa

                              • 8.8.8.8:53
                                209.78.101.95.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                209.78.101.95.in-addr.arpa

                              • 8.8.8.8:53
                                ipv4bot.whatismyipaddress.com
                                dns
                                2024-02-21_b5b014c874f83b10be43962874fb62b1_gandcrab.exe
                                75 B
                                 134 B
                                 1
                                1

                                DNS Request

                                ipv4bot.whatismyipaddress.com

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                124 B
                                 246 B
                                 2
                                2

                                DNS Request

                                dns1.soprodns.ru

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                186.128.123.92.in-addr.arpa
                                dns
                                73 B
                                 139 B
                                 1
                                1

                                DNS Request

                                186.128.123.92.in-addr.arpa

                              • 8.8.8.8:53
                                26.35.223.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                26.35.223.20.in-addr.arpa

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                103.169.127.40.in-addr.arpa
                                dns
                                73 B
                                 147 B
                                 1
                                1

                                DNS Request

                                103.169.127.40.in-addr.arpa

                              • 8.8.8.8:53
                                18.31.95.13.in-addr.arpa
                                dns
                                70 B
                                 144 B
                                 1
                                1

                                DNS Request

                                18.31.95.13.in-addr.arpa

                              • 8.8.8.8:53
                                18.134.221.88.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                18.134.221.88.in-addr.arpa

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                177.178.17.96.in-addr.arpa
                                dns
                                72 B
                                 137 B
                                 1
                                1

                                DNS Request

                                177.178.17.96.in-addr.arpa

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                124 B
                                 246 B
                                 2
                                2

                                DNS Request

                                dns1.soprodns.ru

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                30.243.111.52.in-addr.arpa
                                dns
                                72 B
                                 158 B
                                 1
                                1

                                DNS Request

                                30.243.111.52.in-addr.arpa

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                gandcrab.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                gandcrab.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                62 B
                                 123 B
                                 1
                                1

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 137 B
                                 1
                                1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                nomoreransom.bit
                                dns
                                nslookup.exe
                                62 B
                                 1

                                DNS Request

                                nomoreransom.bit

                              • 8.8.8.8:53
                                dns1.soprodns.ru
                                dns
                                nslookup.exe
                                124 B
                                 123 B
                                 2
                                1

                                DNS Request

                                dns1.soprodns.ru

                                DNS Request

                                dns1.soprodns.ru

                              • 8.8.8.8:53
                                8.8.8.8.in-addr.arpa
                                dns
                                nslookup.exe
                                66 B
                                 90 B
                                 1
                                1

                                DNS Request

                                8.8.8.8.in-addr.arpa

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                4.173.189.20.in-addr.arpa
                                dns
                                71 B
                                 157 B
                                 1
                                1

                                DNS Request

                                4.173.189.20.in-addr.arpa

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              • 8.8.8.8:53
                                emsisoft.bit
                                dns
                                nslookup.exe
                                58 B
                                 133 B
                                 1
                                1

                                DNS Request

                                emsisoft.bit

                              MITRE ATT&CK Enterprise v15

                              Replay Monitor

                              Loading Replay Monitor...

                              Downloads

                              We care about your privacy.

                              This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.