Overview
overview
10Static
static
7Ransomware...er.exe
windows10-2004-x64
8Ransomware/7ev3n.exe
windows10-2004-x64
Ransomware...le.exe
windows10-2004-x64
Ransomware...it.exe
windows10-2004-x64
10Ransomware/Birele.exe
windows10-2004-x64
10Ransomware...r5.exe
windows10-2004-x64
8Ransomware...us.exe
windows10-2004-x64
10Ransomware...er.exe
windows10-2004-x64
10Ransomware...ll.exe
windows10-2004-x64
7Ransomware...ck.exe
windows10-2004-x64
7Ransomware/Dharma.exe
windows10-2004-x64
9Ransomware/Fantom.exe
windows10-2004-x64
10Ransomware...ab.exe
windows10-2004-x64
7Ransomware...ye.exe
windows10-2004-x64
10Ransomware...Eye.js
windows10-2004-x64
10Ransomware...pt.exe
windows10-2004-x64
10Ransomware...en.exe
windows10-2004-x64
8Ransomware...AZ.dll
windows10-2004-x64
3Ransomware...om.exe
windows10-2004-x64
10Ransomware...ya.exe
windows10-2004-x64
10Ransomware...ap.exe
windows10-2004-x64
1Ransomware....A.exe
windows10-2004-x64
6Ransomware...om.exe
windows10-2004-x64
10Ransomware...nt.exe
windows10-2004-x64
Ransomware...ot.exe
windows10-2004-x64
Ransomware/RedEye.exe
windows10-2004-x64
Ransomware...re.exe
windows10-2004-x64
7Ransomware/Rokku.exe
windows10-2004-x64
10Ransomware/Satana.exe
windows10-2004-x64
5Ransomware/Seftad.exe
windows10-2004-x64
6Ransomware...re.exe
windows10-2004-x64
10Ransomware/UIWIX.dll
windows10-2004-x64
1Analysis
-
max time kernel
112s -
max time network
165s -
platform
windows10-2004_x64 -
resource
win10v2004-20240226-uk -
resource tags
arch:x64arch:x86image:win10v2004-20240226-uklocale:uk-uaos:windows10-2004-x64systemwindows -
submitted
03-03-2024 13:53
Behavioral task
behavioral1
Sample
Ransomware/$uckyLocker.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral2
Sample
Ransomware/7ev3n.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral3
Sample
Ransomware/Annabelle.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral4
Sample
Ransomware/BadRabbit.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral5
Sample
Ransomware/Birele.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral6
Sample
Ransomware/Cerber5.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral7
Sample
Ransomware/CoronaVirus.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral8
Sample
Ransomware/CryptoLocker.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral9
Sample
Ransomware/CryptoWall.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral10
Sample
Ransomware/DeriaLock.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral11
Sample
Ransomware/Dharma.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral12
Sample
Ransomware/Fantom.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral13
Sample
Ransomware/GandCrab.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral14
Sample
Ransomware/GoldenEye/GoldenEye.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral15
Sample
Ransomware/GoldenEye/GoldenEye.js
Resource
win10v2004-20240226-uk
Behavioral task
behavioral16
Sample
Ransomware/InfinityCrypt.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral17
Sample
Ransomware/Krotten.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral18
Sample
Ransomware/Locky.AZ.dll
Resource
win10v2004-20240226-uk
Behavioral task
behavioral19
Sample
Ransomware/NoMoreRansom.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral20
Sample
Ransomware/NotPetya.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral21
Sample
Ransomware/PetrWrap.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral22
Sample
Ransomware/Petya.A.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral23
Sample
Ransomware/PolyRansom.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral24
Sample
Ransomware/PowerPoint.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral25
Sample
Ransomware/RedBoot.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral26
Sample
Ransomware/RedEye.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral27
Sample
Ransomware/Rensenware.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral28
Sample
Ransomware/Rokku.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral29
Sample
Ransomware/Satana.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral30
Sample
Ransomware/Seftad.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral31
Sample
Ransomware/SporaRansomware.exe
Resource
win10v2004-20240226-uk
Behavioral task
behavioral32
Sample
Ransomware/UIWIX.dll
Resource
win10v2004-20240226-uk
General
-
Target
Ransomware/Krotten.exe
-
Size
53KB
-
MD5
87ccd6f4ec0e6b706d65550f90b0e3c7
-
SHA1
213e6624bff6064c016b9cdc15d5365823c01f5f
-
SHA256
e79f164ccc75a5d5c032b4c5a96d6ad7604faffb28afe77bc29b9173fa3543e4
-
SHA512
a72403d462e2e2e181dbdabfcc02889f001387943571391befed491aaecba830b0869bdd4d82bca137bd4061bbbfb692871b1b4622c4a7d9f16792c60999c990
-
SSDEEP
768:4yKoNLsn4Jp9ZvRInygrpMoZN+WtOl08jxBEHCDwBLpZTPCUvQK:j/sn4/OycxZN+MKxp8t9zQK
Malware Config
Signatures
-
Disables RegEdit via registry modification 2 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Krotten.exe Set value (int) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Krotten.exe -
Disables Task Manager via registry modification
-
Adds Run key to start application 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\svchost = "C:\\WINDOWS\\Web\\rundll32.exe" Krotten.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\AVPCC = "C:\\WINDOWS\\Cursors\\avp.exe" Krotten.exe -
Modifies WinLogon 2 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeCaption = "DANGER" Krotten.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\LegalNoticeText = "Для того чтобы восстановить нормальную работу своего компьютера не потеряв ВСЮ информацию! И с экономив деньги, пришли мне на e-mail wordsia@notrix.de код пополнения счета киевстар на 25 гривень. В ответ в течение двенадцати часов на свой e-mail ты получишь фаил для удаления этой программы." Krotten.exe -
Drops file in Windows directory 1 IoCs
description ioc Process File opened for modification C:\WINDOWS\Web Krotten.exe -
Modifies Control Panel 6 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\Desktop\MenuShowDelay = "9999" Krotten.exe Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International Krotten.exe Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\International\sTimeFormat = "ХУЙ" Krotten.exe Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\Desktop Krotten.exe Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\Desktop\WallpaperOriginX = "210" Krotten.exe Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Control Panel\Desktop\WallpaperOriginY = "187" Krotten.exe -
description ioc Process Key created \REGISTRY\MACHINE\Software\WOW6432Node\Microsoft\Internet Explorer\Main Krotten.exe Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: МОЙ ХУЙ ПРОТУХ А ПИЗДА ГНИЕТ ::::::::::::::::::" Krotten.exe Key created \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\Software\Microsoft\Internet Explorer\Main Krotten.exe Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Window title = ":::::::::::::::::: МОЙ ХУЙ ПРОТУХ А ПИЗДА ГНИЕТ ::::::::::::::::::" Krotten.exe -
Modifies Internet Explorer start page 1 TTPs 2 IoCs
description ioc Process Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/" Krotten.exe Set value (str) \REGISTRY\USER\S-1-5-21-1904519900-954640453-4250331663-1000\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page = "http://poetry.rotten.com/lightning/" Krotten.exe -
Modifies registry class 1 IoCs
description ioc Process Key deleted \REGISTRY\MACHINE\SOFTWARE\CLASSES\REGFILE\SHELL\OPEN\COMMAND Krotten.exe -
Suspicious use of AdjustPrivilegeToken 3 IoCs
description pid Process Token: SeSystemtimePrivilege 4516 Krotten.exe Token: SeSystemtimePrivilege 4516 Krotten.exe Token: SeSystemtimePrivilege 4516 Krotten.exe -
System policy modification 1 TTPs 37 IoCs
description ioc Process Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\NoDispCPL = "1" Krotten.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System Krotten.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyPictures = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoViewOnDrive = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoControlPanel = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{450D8FBA-AD25-11D0-98A8-0800361B1103} = "1" Krotten.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinterTabs = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoCommonGroups = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMyMusic = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMMyDocs = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives = "1044" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFavoritesMenu = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoThemesTab = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoLogOff = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSaveSettings = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum\{20D04FE0-3AEA-1069-A2D8-08002B30309D} = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMFUprogramsList = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoUserNameInStartMenu = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuPinnedList = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoPrinters = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoNetHood = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoManageMyComputerVerb = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktop = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFind = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSMHelp = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRecentDocsMenu = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Uninstall\NoAddRemovePrograms = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuSubFolders = "1" Krotten.exe Set value (int) \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoClose = "1" Krotten.exe Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\NonEnum Krotten.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\Ransomware\Krotten.exe"C:\Users\Admin\AppData\Local\Temp\Ransomware\Krotten.exe"1⤵
- Disables RegEdit via registry modification
- Adds Run key to start application
- Modifies WinLogon
- Drops file in Windows directory
- Modifies Control Panel
- Modifies Internet Explorer settings
- Modifies Internet Explorer start page
- Modifies registry class
- Suspicious use of AdjustPrivilegeToken
- System policy modification
PID:4516
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=uk --service-sandbox-type=asset_store_service --no-appcompat-clear --mojo-platform-channel-handle=3512 --field-trial-handle=2236,i,15087499320637845760,12598239521961063480,262144 --variations-seed-version /prefetch:81⤵PID:3912
Network
-
Remote address:8.8.8.8:53Request133.32.126.40.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request0.205.248.87.in-addr.arpaIN PTRResponse0.205.248.87.in-addr.arpaIN PTRhttps-87-248-205-0lgwllnwnet
-
Remote address:8.8.8.8:53Request57.169.31.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request48.229.111.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Requestwww.microsoft.comIN AResponsewww.microsoft.comIN CNAMEwww.microsoft.com-c-3.edgekey.netwww.microsoft.com-c-3.edgekey.netIN CNAMEwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netwww.microsoft.com-c-3.edgekey.net.globalredir.akadns.netIN CNAMEe13678.dscb.akamaiedge.nete13678.dscb.akamaiedge.netIN A2.17.5.133
-
Remote address:2.17.5.133:80RequestGET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: www.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
ETag: 0x8D62594BC0C84D8
x-ms-request-id: 248119ca-e01e-000c-7bd0-f8d0b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
Date: Sun, 03 Mar 2024 13:56:07 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV467ee724.0
ms-cv-esi: CASMicrosoftCV467ee724.0
X-RTag: RT
-
Remote address:2.17.5.133:80RequestGET /pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crt HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/10.0
Host: www.microsoft.com
ResponseHTTP/1.1 200 OK
Content-Type: application/octet-stream
Content-MD5: YAUaFgF7vUODUG8XQQW6BQ==
Last-Modified: Fri, 28 Sep 2018 22:50:05 GMT
ETag: 0x8D62594BC0C84D8
x-ms-request-id: 248119ca-e01e-000c-7bd0-f8d0b8000000
x-ms-version: 2009-09-19
x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
X-EdgeConnect-Origin-MEX-Latency: 105
Date: Sun, 03 Mar 2024 13:56:08 GMT
Connection: keep-alive
TLS_version: UNKNOWN
ms-cv: CASMicrosoftCV646bd519.0
ms-cv-esi: CASMicrosoftCV646bd519.0
X-RTag: RT
-
Remote address:8.8.8.8:53Request26.165.165.52.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request133.5.17.2.in-addr.arpaIN PTRResponse133.5.17.2.in-addr.arpaIN PTRa2-17-5-133deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request198.187.3.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request50.23.12.20.in-addr.arpaIN PTRResponse
-
Remote address:8.8.8.8:53Request140.71.91.104.in-addr.arpaIN PTRResponse140.71.91.104.in-addr.arpaIN PTRa104-91-71-140deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request194.178.17.96.in-addr.arpaIN PTRResponse194.178.17.96.in-addr.arpaIN PTRa96-17-178-194deploystaticakamaitechnologiescom
-
Remote address:8.8.8.8:53Request0.204.248.87.in-addr.arpaIN PTRResponse0.204.248.87.in-addr.arpaIN PTRhttps-87-248-204-0lhrllnwnet
-
2.17.5.133:80http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crthttp418 B 1.8kB 5 4
HTTP Request
GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crtHTTP Response
200 -
2.17.5.133:80http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crthttp418 B 1.8kB 5 4
HTTP Request
GET http://www.microsoft.com/pkiops/certs/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crtHTTP Response
200 -
46 B 40 B 1 1
-
72 B 158 B 1 1
DNS Request
133.32.126.40.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.205.248.87.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
57.169.31.20.in-addr.arpa
-
72 B 158 B 1 1
DNS Request
48.229.111.52.in-addr.arpa
-
63 B 230 B 1 1
DNS Request
www.microsoft.com
DNS Response
2.17.5.133
-
72 B 146 B 1 1
DNS Request
26.165.165.52.in-addr.arpa
-
69 B 131 B 1 1
DNS Request
133.5.17.2.in-addr.arpa
-
71 B 157 B 1 1
DNS Request
198.187.3.20.in-addr.arpa
-
70 B 156 B 1 1
DNS Request
50.23.12.20.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
140.71.91.104.in-addr.arpa
-
72 B 137 B 1 1
DNS Request
194.178.17.96.in-addr.arpa
-
71 B 116 B 1 1
DNS Request
0.204.248.87.in-addr.arpa