4003bb541fc45f13644bf52c0d94c938877c4445a6c27c8f15dd785910bdd0f9

Analysis

max time kernel
143s
max time network
151s
platform
windows10-2004_x64
resource
win10v2004-20240226-en
resource tags

arch:x64arch:x86image:win10v2004-20240226-enlocale:en-usos:windows10-2004-x64system
submitted
06/03/2024, 05:33 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
Size

73KB
MD5

1cce0adc37ad9e9fc510053ce65dec2d
SHA1

c2ea5482845bd51bcf25bd120d5e166ed8aadf83
SHA256

4003bb541fc45f13644bf52c0d94c938877c4445a6c27c8f15dd785910bdd0f9
SHA512

8189e2fd698888baa8e6deb770879666be2d7f5986b5b10a73ae483b83300ffab098d9928b853747466779af6da3eca8f0b44b0206053db702f76334a67a10ee
SSDEEP

1536:x55u555555555pmgSeGDjtQhnwmmB0ybMqqU+2bbbAV2/S2mr3IdE8mne0Avu5rJ:5MSjOnrmBTMqqDL2/mr3IdE8we0Avu5F

Score

6^/10

persistence

Malware Config

Signatures

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-275798769-4264537674-1142822080-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\vsxyviaowis = "C:\\Users\\Admin\\AppData\\Local\\Temp\\2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe"	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

Enumerates connected drives 3 TTPs 23 IoCs

Attempts to read the root path of hard drives other than the default C: drive.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
File opened (read-only)	\??\H:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\R:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\S:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\X:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\A:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\E:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\G:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\L:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\O:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\T:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\I:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\J:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\M:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\Q:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\U:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\Z:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\B:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\K:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\N:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\P:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\V:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\W:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
File opened (read-only)	\??\Y:	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

Suspicious behavior: EnumeratesProcesses 4 IoCs

pid	Process
4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

Suspicious use of WriteProcessMemory 36 IoCs

description	pid	Process	procid_target
PID 4704 wrote to memory of 1012	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	93
PID 4704 wrote to memory of 1012	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	93
PID 4704 wrote to memory of 1012	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	93
PID 4704 wrote to memory of 3324	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	100
PID 4704 wrote to memory of 3324	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	100
PID 4704 wrote to memory of 3324	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	100
PID 4704 wrote to memory of 2468	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	103
PID 4704 wrote to memory of 2468	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	103
PID 4704 wrote to memory of 2468	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	103
PID 4704 wrote to memory of 2440	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	107
PID 4704 wrote to memory of 2440	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	107
PID 4704 wrote to memory of 2440	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	107
PID 4704 wrote to memory of 2120	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	109
PID 4704 wrote to memory of 2120	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	109
PID 4704 wrote to memory of 2120	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	109
PID 4704 wrote to memory of 4184	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	111
PID 4704 wrote to memory of 4184	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	111
PID 4704 wrote to memory of 4184	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	111
PID 4704 wrote to memory of 5052	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	114
PID 4704 wrote to memory of 5052	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	114
PID 4704 wrote to memory of 5052	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	114
PID 4704 wrote to memory of 436	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	116
PID 4704 wrote to memory of 436	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	116
PID 4704 wrote to memory of 436	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	116
PID 4704 wrote to memory of 1912	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	120
PID 4704 wrote to memory of 1912	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	120
PID 4704 wrote to memory of 1912	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	120
PID 4704 wrote to memory of 4716	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	124
PID 4704 wrote to memory of 4716	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	124
PID 4704 wrote to memory of 4716	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	124
PID 4704 wrote to memory of 2584	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	126
PID 4704 wrote to memory of 2584	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	126
PID 4704 wrote to memory of 2584	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	126
PID 4704 wrote to memory of 5056	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	128
PID 4704 wrote to memory of 5056	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	128
PID 4704 wrote to memory of 5056	4704	2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe	128

C:\Users\Admin\AppData\Local\Temp\2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe
"C:\Users\Admin\AppData\Local\Temp\2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe"
1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:4704
- C:\Windows\SysWOW64\nslookup.exe
  nslookup nomoreransom.bit dns1.soprodns.ru
  2⤵
  PID:1012
- C:\Windows\SysWOW64\nslookup.exe
  nslookup emsisoft.bit dns1.soprodns.ru
  2⤵
  PID:3324
- C:\Windows\SysWOW64\nslookup.exe
  nslookup gandcrab.bit dns1.soprodns.ru
  2⤵
  PID:2468
- C:\Windows\SysWOW64\nslookup.exe
  nslookup nomoreransom.bit dns1.soprodns.ru
  2⤵
  PID:2440
- C:\Windows\SysWOW64\nslookup.exe
  nslookup emsisoft.bit dns1.soprodns.ru
  2⤵
  PID:2120
- C:\Windows\SysWOW64\nslookup.exe
  nslookup gandcrab.bit dns1.soprodns.ru
  2⤵
  PID:4184
- C:\Windows\SysWOW64\nslookup.exe
  nslookup nomoreransom.bit dns1.soprodns.ru
  2⤵
  PID:5052
- C:\Windows\SysWOW64\nslookup.exe
  nslookup emsisoft.bit dns1.soprodns.ru
  2⤵
  PID:436
- C:\Windows\SysWOW64\nslookup.exe
  nslookup gandcrab.bit dns1.soprodns.ru
  2⤵
  PID:1912
- C:\Windows\SysWOW64\nslookup.exe
  nslookup nomoreransom.bit dns1.soprodns.ru
  2⤵
  PID:4716
- C:\Windows\SysWOW64\nslookup.exe
  nslookup emsisoft.bit dns1.soprodns.ru
  2⤵
  PID:2584
- C:\Windows\SysWOW64\nslookup.exe
  nslookup gandcrab.bit dns1.soprodns.ru
  2⤵
  PID:5056

Network

DNS

217.106.137.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

217.106.137.52.in-addr.arpa

IN PTR

Response
DNS

22.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

22.160.190.20.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=138F41A18665689A005A559B87856913; domain=.bing.com; expires=Mon, 31-Mar-2025 05:33:30 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 595E03DF158F48199D2A76D5C2306323 Ref B: LON04EDGE1119 Ref C: 2024-03-06T05:33:30Z
date: Wed, 06 Mar 2024 05:33:30 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=138F41A18665689A005A559B87856913

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=YBUcnfUsz_6iop_k7ous9Vbk5efk6AXiPYZ86O9ZPsQ; domain=.bing.com; expires=Mon, 31-Mar-2025 05:33:30 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 93AFBBEC1FA8455F81342B91522CB67C Ref B: LON04EDGE1119 Ref C: 2024-03-06T05:33:30Z
date: Wed, 06 Mar 2024 05:33:30 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

Remote address:

204.79.197.200:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=138F41A18665689A005A559B87856913; MSPTC=YBUcnfUsz_6iop_k7ous9Vbk5efk6AXiPYZ86O9ZPsQ

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C7D04154E16547768F5D3960AD637987 Ref B: LON04EDGE1119 Ref C: 2024-03-06T05:33:30Z
date: Wed, 06 Mar 2024 05:33:30 GMT
DNS

200.197.79.204.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.197.79.204.in-addr.arpa

IN PTR

Response

200.197.79.204.in-addr.arpa

IN PTR

a-0001a-msedgenet
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

194.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

194.178.17.96.in-addr.arpa

IN PTR

Response

194.178.17.96.in-addr.arpa

IN PTR

a96-17-178-194deploystaticakamaitechnologiescom
DNS

ipv4bot.whatismyipaddress.com

2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

Remote address:

8.8.8.8:53

Request

ipv4bot.whatismyipaddress.com

IN A

Response
DNS

ipv4bot.whatismyipaddress.com

2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

Remote address:

8.8.8.8:53

Request

ipv4bot.whatismyipaddress.com

IN A
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

41.110.16.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

41.110.16.96.in-addr.arpa

IN PTR

Response

41.110.16.96.in-addr.arpa

IN PTR

a96-16-110-41deploystaticakamaitechnologiescom
DNS

26.165.165.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

26.165.165.52.in-addr.arpa

IN PTR

Response
DNS

198.187.3.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

198.187.3.20.in-addr.arpa

IN PTR

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA

Response
DNS

119.110.54.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

119.110.54.20.in-addr.arpa

IN PTR

Response
DNS

104.241.123.92.in-addr.arpa

Remote address:

8.8.8.8:53

Request

104.241.123.92.in-addr.arpa

IN PTR

Response

104.241.123.92.in-addr.arpa

IN PTR

a92-123-241-104deploystaticakamaitechnologiescom
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

18.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

18.134.221.88.in-addr.arpa

IN PTR

Response

18.134.221.88.in-addr.arpa

IN PTR

a88-221-134-18deploystaticakamaitechnologiescom
DNS

176.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

176.178.17.96.in-addr.arpa

IN PTR

Response

176.178.17.96.in-addr.arpa

IN PTR

a96-17-178-176deploystaticakamaitechnologiescom
DNS

32.134.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

32.134.221.88.in-addr.arpa

IN PTR

Response

32.134.221.88.in-addr.arpa

IN PTR

a88-221-134-32deploystaticakamaitechnologiescom
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A
DNS

0.204.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.204.248.87.in-addr.arpa

IN PTR

Response

0.204.248.87.in-addr.arpa

IN PTR

https-87-248-204-0lhrllnwnet
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

Response
DNS

211.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.135.221.88.in-addr.arpa

IN PTR

Response

211.135.221.88.in-addr.arpa

IN PTR

a88-221-135-211deploystaticakamaitechnologiescom
DNS

211.135.221.88.in-addr.arpa

Remote address:

8.8.8.8:53

Request

211.135.221.88.in-addr.arpa

IN PTR

Response

211.135.221.88.in-addr.arpa

IN PTR

a88-221-135-211deploystaticakamaitechnologiescom
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

0.205.248.87.in-addr.arpa

Remote address:

8.8.8.8:53

Request

0.205.248.87.in-addr.arpa

IN PTR

Response

0.205.248.87.in-addr.arpa

IN PTR

https-87-248-205-0lgwllnwnet
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

43.58.199.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

43.58.199.20.in-addr.arpa

IN PTR

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 404022
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 5F1DBA6CBFF04F93A861EBA2639D3BC5 Ref B: LON04EDGE1011 Ref C: 2024-03-06T05:35:14Z
date: Wed, 06 Mar 2024 05:35:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388224_1CNCLDFOO6A6DWYFX&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239339388224_1CNCLDFOO6A6DWYFX&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 449324
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FE5D6F4690A34EFE81228D308EA3E285 Ref B: LON04EDGE1011 Ref C: 2024-03-06T05:35:14Z
date: Wed, 06 Mar 2024 05:35:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 432423
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 53E51D90E5FF44F4BB4AED9D9F01BE3D Ref B: LON04EDGE1011 Ref C: 2024-03-06T05:35:14Z
date: Wed, 06 Mar 2024 05:35:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 427995
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 063BC8227E7A438091759272D90521CF Ref B: LON04EDGE1011 Ref C: 2024-03-06T05:35:14Z
date: Wed, 06 Mar 2024 05:35:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300961_12GZY3GJPK3SP20HI&pid=21.2&w=1920&h=1080&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239317300961_12GZY3GJPK3SP20HI&pid=21.2&w=1920&h=1080&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 459022
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D4613D8D63BF41EE8ECE4328313F4C2A Ref B: LON04EDGE1011 Ref C: 2024-03-06T05:35:14Z
date: Wed, 06 Mar 2024 05:35:14 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&w=1080&h=1920&c=4

Remote address:

204.79.197.200:443

Request

GET /th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&w=1080&h=1920&c=4 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 351923
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 163CFE19E1E1414EB0FE997CD36A023A Ref B: LON04EDGE1011 Ref C: 2024-03-06T05:35:15Z
date: Wed, 06 Mar 2024 05:35:14 GMT
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN A

Response
DNS

nomoreransom.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

nomoreransom.bit

IN AAAA

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN A

Response
DNS

emsisoft.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

emsisoft.bit

IN AAAA
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

dns1.soprodns.ru

nslookup.exe

Remote address:

8.8.8.8:53

Request

dns1.soprodns.ru

IN A

Response
DNS

8.8.8.8.in-addr.arpa

nslookup.exe

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN A

Response
DNS

gandcrab.bit

nslookup.exe

Remote address:

8.8.8.8:53

Request

gandcrab.bit

IN AAAA

204.79.197.200:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

tls, http2

2.1kB
10.6kB
23
20

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=94d8323ff5e74e6faa5317da6ae19f57&localId=w:011BA1D4-FCB1-62A8-177E-91C13F9689FB&deviceId=6966557510629837&anid=

HTTP Response

204
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.1kB
17
13
204.79.197.200:443

https://tse1.mm.bing.net/th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&w=1080&h=1920&c=4

tls, http2

94.0kB
2.7MB
1944
1934

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301394_1XQ1UP6CPBEHM2FCF&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388224_1CNCLDFOO6A6DWYFX&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418549_1ZU8FEFK0ERHP4923&pid=21.2&w=1920&h=1080&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239340418550_1B8YD3DMBL24NYO16&pid=21.2&w=1080&h=1920&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300961_12GZY3GJPK3SP20HI&pid=21.2&w=1920&h=1080&c=4

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239339388225_1B60QSS9I6SIVS5TS&pid=21.2&w=1080&h=1920&c=4

HTTP Response

200

HTTP Response

200

HTTP Response

200
204.79.197.200:443

tse1.mm.bing.net

tls, http2

2.6kB
9.5kB
23
15
204.79.197.200:443

tse1.mm.bing.net

tls, http2

1.5kB
8.1kB
17
13
204.79.197.200:443

tse1.mm.bing.net

tls, http2

2.2kB
10.8kB
23
16

8.8.8.8:53

217.106.137.52.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

217.106.137.52.in-addr.arpa
8.8.8.8:53

22.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

22.160.190.20.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

200.197.79.204.in-addr.arpa

dns

73 B
106 B
1
1

DNS Request

200.197.79.204.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

194.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

194.178.17.96.in-addr.arpa
8.8.8.8:53

ipv4bot.whatismyipaddress.com

dns

2024-03-06_1cce0adc37ad9e9fc510053ce65dec2d_gandcrab.exe

150 B
134 B
2
1

DNS Request

ipv4bot.whatismyipaddress.com

DNS Request

ipv4bot.whatismyipaddress.com
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

62 B
123 B
1
1

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

41.110.16.96.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

41.110.16.96.in-addr.arpa
8.8.8.8:53

26.165.165.52.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

26.165.165.52.in-addr.arpa
8.8.8.8:53

198.187.3.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

198.187.3.20.in-addr.arpa
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

62 B
123 B
1
1

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

104.241.123.92.in-addr.arpa

dns

73 B
139 B
1
1

DNS Request

104.241.123.92.in-addr.arpa
8.8.8.8:53

119.110.54.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

119.110.54.20.in-addr.arpa
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

18.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

18.134.221.88.in-addr.arpa
8.8.8.8:53

176.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

176.178.17.96.in-addr.arpa
8.8.8.8:53

32.134.221.88.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

32.134.221.88.in-addr.arpa
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

62 B
123 B
1
1

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
1

DNS Request

gandcrab.bit
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

62 B
123 B
1
1

DNS Request

dns1.soprodns.ru
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
246 B
2
2

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
1

DNS Request

emsisoft.bit
8.8.8.8:53

0.204.248.87.in-addr.arpa

dns

71 B
116 B
1
1

DNS Request

0.204.248.87.in-addr.arpa
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
246 B
2
2

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

211.135.221.88.in-addr.arpa

dns

146 B
278 B
2
2

DNS Request

211.135.221.88.in-addr.arpa

DNS Request

211.135.221.88.in-addr.arpa
8.8.8.8:53

0.205.248.87.in-addr.arpa

dns

142 B
232 B
2
2

DNS Request

0.205.248.87.in-addr.arpa

DNS Request

0.205.248.87.in-addr.arpa
8.8.8.8:53

43.58.199.20.in-addr.arpa

dns

142 B
314 B
2
2

DNS Request

43.58.199.20.in-addr.arpa

DNS Request

43.58.199.20.in-addr.arpa
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
246 B
2
2

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
1

DNS Request

nomoreransom.bit
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
246 B
2
2

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
1

DNS Request

emsisoft.bit
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

144 B
316 B
2
2

DNS Request

48.229.111.52.in-addr.arpa

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
123 B
2
1

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

tse1.mm.bing.net

dns

124 B
346 B
2
2

DNS Request

tse1.mm.bing.net

DNS Request

tse1.mm.bing.net

DNS Response

204.79.197.200

13.107.21.200

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
123 B
2
1

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

nomoreransom.bit

dns

nslookup.exe

62 B
137 B
1
1

DNS Request

nomoreransom.bit
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
246 B
2
2

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

emsisoft.bit
8.8.8.8:53

emsisoft.bit

dns

nslookup.exe

58 B
1

DNS Request

emsisoft.bit
8.8.8.8:53

dns1.soprodns.ru

dns

nslookup.exe

124 B
246 B
2
2

DNS Request

dns1.soprodns.ru

DNS Request

dns1.soprodns.ru
8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

nslookup.exe

66 B
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
133 B
1
1

DNS Request

gandcrab.bit
8.8.8.8:53

gandcrab.bit

dns

nslookup.exe

58 B
1

DNS Request

gandcrab.bit

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Privilege Escalation

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Response

HTTP Response

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request