Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

3

Static

static

3

2024-05-23...re.exe

windows7-x64

3

2024-05-23...re.exe

windows10-2004-x64

3

Analysis

  • max time kernel
    149s
  • max time network
    151s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240508-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
  • submitted
    23/05/2024, 22:46 UTC

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe

  • Size

    5.1MB

  • MD5

    25730fe9affa52bb3f90beb1d493701a

  • SHA1

    3527a480e8e1d5737efdab53869211d7cf456fe9

  • SHA256

    77f925c390c617257cb6cb039fc17aaf7ed746401ed56e205ea49d13466fdfb0

  • SHA512

    1cf249587400cfc65df2423e58cf225449abf7fb458a0e04b00843c738ebb6c1f136201216ae068026a30272debfd21b58916c32e5fd2dd4e90d95953efc5c05

  • SSDEEP

    98304:0f9rK0VzQD2Qfa1cDyQTFYeXT4+HhWgF8jiV2e4eEXBzBPxFvFLOAkGkzdnEVom5:0BKmz55m9WgF8j1fZFvFLOyomFHKnP

Score
3/10

Malware Config

Signatures

  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • Suspicious behavior: EnumeratesProcesses 64 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SendNotifyMessage 1 IoCs
  • Suspicious use of SetWindowsHookEx 2 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe"
    1⤵
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of FindShellTrayWindow
    • Suspicious use of SendNotifyMessage
    • Suspicious use of SetWindowsHookEx
    PID:2812

Network

  • flag-us
    DNS
    res3.csasnet.net
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    Remote address:
    8.8.8.8:53
    Request
    res3.csasnet.net
    IN A
    Response
    res3.csasnet.net
    IN A
    103.192.208.126
    res3.csasnet.net
    IN A
    115.236.153.254
    res3.csasnet.net
    IN A
    124.221.138.85
  • flag-us
    DNS
    res1.csasnet.com
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    Remote address:
    8.8.8.8:53
    Request
    res1.csasnet.com
    IN A
    Response
    res1.csasnet.com
    IN A
    124.221.138.85
    res1.csasnet.com
    IN A
    45.124.76.254
    res1.csasnet.com
    IN A
    115.236.153.253
  • flag-us
    DNS
    g.bing.com
    Remote address:
    8.8.8.8:53
    Request
    g.bing.com
    IN A
    Response
    g.bing.com
    IN CNAME
    g-bing-com.dual-a-0034.a-msedge.net
    g-bing-com.dual-a-0034.a-msedge.net
    IN CNAME
    dual-a-0034.a-msedge.net
    dual-a-0034.a-msedge.net
    IN A
    204.79.197.237
    dual-a-0034.a-msedge.net
    IN A
    13.107.21.237
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MUID=24BF952FBECB6DBA089681A7BF706CBF; domain=.bing.com; expires=Tue, 17-Jun-2025 22:46:13 GMT; path=/; SameSite=None; Secure; Priority=High;
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 092F62BE207C4FF29D3982324845C32E Ref B: LON04EDGE0909 Ref C: 2024-05-23T22:46:13Z
    date: Thu, 23 May 2024 22:46:12 GMT
  • flag-us
    GET
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    Remote address:
    204.79.197.237:443
    Request
    GET /neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48 HTTP/2.0
    host: g.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=24BF952FBECB6DBA089681A7BF706CBF; _EDGE_S=SID=006D64E1CA2462C333197069CB4863B5
    Response
    HTTP/2.0 204
    cache-control: no-cache, must-revalidate
    pragma: no-cache
    expires: Fri, 01 Jan 1990 00:00:00 GMT
    set-cookie: MSPTC=6OQjL2Owc_M179uMurSdcjn-BeEamWffamRL9j9_qLc; domain=.bing.com; expires=Tue, 17-Jun-2025 22:46:13 GMT; path=/; Partitioned; secure; SameSite=None
    strict-transport-security: max-age=31536000; includeSubDomains; preload
    access-control-allow-origin: *
    x-cache: CONFIG_NOCACHE
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 0BBCBBB589814E9A8D24404374C70900 Ref B: LON04EDGE0909 Ref C: 2024-05-23T22:46:13Z
    date: Thu, 23 May 2024 22:46:12 GMT
  • flag-nl
    GET
    https://www.bing.com/aes/c.gif?RG=c45be12d0b294a72b2f8a922dc7bc45d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113307Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
    Remote address:
    23.62.61.194:443
    Request
    GET /aes/c.gif?RG=c45be12d0b294a72b2f8a922dc7bc45d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113307Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182 HTTP/2.0
    host: www.bing.com
    accept-encoding: gzip, deflate
    user-agent: WindowsShellClient/9.0.40929.0 (Windows)
    cookie: MUID=24BF952FBECB6DBA089681A7BF706CBF
    Response
    HTTP/2.0 200
    cache-control: private,no-store
    pragma: no-cache
    vary: Origin
    p3p: CP=BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: ADDF67FCC3C04196B8F3471852EE80CE Ref B: BRU30EDGE0512 Ref C: 2024-05-23T22:46:13Z
    content-length: 0
    date: Thu, 23 May 2024 22:46:13 GMT
    set-cookie: _EDGE_S=SID=006D64E1CA2462C333197069CB4863B5; path=/; httponly; domain=bing.com
    set-cookie: MUIDB=24BF952FBECB6DBA089681A7BF706CBF; path=/; httponly; expires=Tue, 17-Jun-2025 22:46:13 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1716504373.184b09e8
  • flag-us
    DNS
    237.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    237.197.79.204.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    241.150.49.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    241.150.49.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    194.61.62.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    194.61.62.23.in-addr.arpa
    IN PTR
    Response
    194.61.62.23.in-addr.arpa
    IN PTR
    a23-62-61-194deploystaticakamaitechnologiescom
  • flag-us
    DNS
    24.125.209.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    24.125.209.23.in-addr.arpa
    IN PTR
    Response
    24.125.209.23.in-addr.arpa
    IN PTR
    a23-209-125-24deploystaticakamaitechnologiescom
  • flag-us
    DNS
    68.159.190.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    68.159.190.20.in-addr.arpa
    IN PTR
    Response
  • flag-nl
    GET
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    Remote address:
    23.62.61.194:443
    Request
    GET /th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90 HTTP/2.0
    host: www.bing.com
    accept: */*
    cookie: MUID=24BF952FBECB6DBA089681A7BF706CBF; _EDGE_S=SID=006D64E1CA2462C333197069CB4863B5; MSPTC=6OQjL2Owc_M179uMurSdcjn-BeEamWffamRL9j9_qLc; MUIDB=24BF952FBECB6DBA089681A7BF706CBF
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-type: image/png
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QWthbWFp"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    content-length: 1107
    date: Thu, 23 May 2024 22:46:16 GMT
    alt-svc: h3=":443"; ma=93600
    x-cdn-traceid: 0.be3d3e17.1716504376.184b1357
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    205.47.74.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    205.47.74.20.in-addr.arpa
    IN PTR
  • flag-us
    DNS
    50.23.12.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    50.23.12.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    206.23.85.13.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    206.23.85.13.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    55.36.223.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    55.36.223.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    25.125.209.23.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    25.125.209.23.in-addr.arpa
    IN PTR
    Response
    25.125.209.23.in-addr.arpa
    IN PTR
    a23-209-125-25deploystaticakamaitechnologiescom
  • flag-us
    DNS
    48.229.111.52.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    48.229.111.52.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    tse1.mm.bing.net
    Remote address:
    8.8.8.8:53
    Request
    tse1.mm.bing.net
    IN A
    Response
    tse1.mm.bing.net
    IN CNAME
    mm-mm.bing.net.trafficmanager.net
    mm-mm.bing.net.trafficmanager.net
    IN CNAME
    dual-a-0001.a-msedge.net
    dual-a-0001.a-msedge.net
    IN A
    204.79.197.200
    dual-a-0001.a-msedge.net
    IN A
    13.107.21.200
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 555746
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 73AE027B8570426C8EB48A53FFB376BD Ref B: LON04EDGE0910 Ref C: 2024-05-23T22:47:54Z
    date: Thu, 23 May 2024 22:47:54 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 415458
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 28236DB184764070A9C6B1B5F5047579 Ref B: LON04EDGE0910 Ref C: 2024-05-23T22:47:54Z
    date: Thu, 23 May 2024 22:47:54 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 449656
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 47D0328CB8374585B3293393025932A2 Ref B: LON04EDGE0910 Ref C: 2024-05-23T22:47:54Z
    date: Thu, 23 May 2024 22:47:54 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 638730
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: E9F3FEE44B64460A85A8B121E60F7697 Ref B: LON04EDGE0910 Ref C: 2024-05-23T22:47:54Z
    date: Thu, 23 May 2024 22:47:54 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 430689
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 621BAB99BD6B4E1D8F886667CD707C0A Ref B: LON04EDGE0910 Ref C: 2024-05-23T22:47:54Z
    date: Thu, 23 May 2024 22:47:54 GMT
  • flag-us
    GET
    https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    Remote address:
    204.79.197.200:443
    Request
    GET /th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
    host: tse1.mm.bing.net
    accept: */*
    accept-encoding: gzip, deflate, br
    user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
    Response
    HTTP/2.0 200
    cache-control: public, max-age=2592000
    content-length: 468637
    content-type: image/jpeg
    x-cache: TCP_HIT
    access-control-allow-origin: *
    access-control-allow-headers: *
    access-control-allow-methods: GET, POST, OPTIONS
    timing-allow-origin: *
    report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
    nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
    accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
    x-msedge-ref: Ref A: 18A6AEFC11EF4943865D66222CA08EF9 Ref B: LON04EDGE0910 Ref C: 2024-05-23T22:47:54Z
    date: Thu, 23 May 2024 22:47:54 GMT
  • flag-us
    DNS
    88.156.103.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    88.156.103.20.in-addr.arpa
    IN PTR
    Response
  • flag-us
    DNS
    200.197.79.204.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    200.197.79.204.in-addr.arpa
    IN PTR
    Response
    200.197.79.204.in-addr.arpa
    IN PTR
    a-0001a-msedgenet
  • flag-us
    DNS
    9.173.189.20.in-addr.arpa
    Remote address:
    8.8.8.8:53
    Request
    9.173.189.20.in-addr.arpa
    IN PTR
    Response
  • 115.236.153.253:511
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 204.79.197.237:443
    https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48
    tls, http2
    2.5kB
     9.0kB
     20
    17

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=530628298&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

    HTTP Response

    204

    HTTP Request

    GET https://g.bing.com/neg/0?action=impression&rlink=https%3A%2F%2Fwww.bing.com%2Faclick%3Fld%3De8XXv6YlFqvKIroUyp1S1tYDVUCUwlIyXGUSFEYx4AYjm8PJK3rRak-Mya1IBrCr0YPoQOmwe_MQa_02yn6c8r7tKXTACoxS2MEqkjy1_P9Kpwgg0hBESgAj2iszDtrbIZ37xotYpf0UpqLdvJkJZ4l6UKXZE9KX57DxxmXdxQO26ZghNI%26u%3DbXN4Ym94JTNhJTJmJTJmZ2FtZSUyZiUzZnByb2R1Y3RJZCUzZDlOMEg2MktaM0JYViUyNm9jaWQlM2RpbnBfcm1jX3hib19zdGFydF9UUHRpdGxlX2VuZ2FnZQ%26rlid%3D0d29505117d411fb82dd366a7566f01c&TIME=20240508T113307Z&CID=530628298&EID=&tids=15000&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182&muid=D54583D0B3DA17FFA4370685003AFE48

    HTTP Response

    204
  • 103.192.208.126:511
    res3.csasnet.net
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 124.221.138.85:511
    res1.csasnet.com
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 23.62.61.194:443
    https://www.bing.com/aes/c.gif?RG=c45be12d0b294a72b2f8a922dc7bc45d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113307Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182
    tls, http2
    1.4kB
     5.3kB
     16
    10

    HTTP Request

    GET https://www.bing.com/aes/c.gif?RG=c45be12d0b294a72b2f8a922dc7bc45d&med=10&pubId=251978541&tids=15000&type=mv&reqver=1.0&TIME=20240508T113307Z&adUnitId=11730597&localId=w:D54583D0-B3DA-17FF-A437-0685003AFE48&deviceId=6966565253439182

    HTTP Response

    200
  • 23.62.61.194:443
    https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90
    tls, http2
    1.6kB
     6.4kB
     17
    12

    HTTP Request

    GET https://www.bing.com/th?id=OADD2.10239359720591_10PHTLBML42K6TRZO&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=24&h=24&dynsize=1&qlt=90

    HTTP Response

    200
  • 45.124.79.199:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.202:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.196:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.25:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.233:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.231:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.109:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.253:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.206:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.199:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.81:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.198:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.246:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.117:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.226:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.98:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.214:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.73:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.214:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.220:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.254:511
    res3.csasnet.net
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 45.124.76.254:511
    res1.csasnet.com
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 115.236.153.243:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.244:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.238:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.226:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.222:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.212:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.67:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.215:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.235:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.116:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.232:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.107:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.196:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.220:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.78:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.199:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.231:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.235:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.233:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.253:511
    res1.csasnet.com
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 124.221.138.85:511
    res1.csasnet.com
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 45.124.76.251:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.206:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.3:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.2:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.198:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.246:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.103:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.226:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.99:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.214:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.88:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.203:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.220:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.243:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.96:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 115.236.153.238:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.113:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.79.222:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 45.124.76.208:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    104 B
     2
  • 103.192.208.4:300
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    260 B
     5
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
    tls, http2
    107.2kB
     3.1MB
     2230
    2226

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351692210_1AKNUXTAY2T0XUMCR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783932_1JCHO8JLBZ4TPAX49&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931609_1JAA48IJSET6WWQHH&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239340783933_1QOIM48UV8MGOV4SU&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239360931610_110BPTPDN41GIXK2B&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Response

    200

    HTTP Request

    GET https://tse1.mm.bing.net/th?id=OADD2.10239351692215_1UJ4FAL91XLA7HB15&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

    HTTP Response

    200
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 204.79.197.200:443
    tse1.mm.bing.net
    tls, http2
    1.2kB
     8.1kB
     16
    14
  • 8.8.8.8:53
    res3.csasnet.net
    dns
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    62 B
     110 B
     1
    1

    DNS Request

    res3.csasnet.net

    DNS Response

    103.192.208.126
    115.236.153.254
    124.221.138.85

  • 8.8.8.8:53
    res1.csasnet.com
    dns
    2024-05-23_25730fe9affa52bb3f90beb1d493701a_bkransomware.exe
    62 B
     110 B
     1
    1

    DNS Request

    res1.csasnet.com

    DNS Response

    124.221.138.85
    45.124.76.254
    115.236.153.253

  • 8.8.8.8:53
    g.bing.com
    dns
    56 B
     151 B
     1
    1

    DNS Request

    g.bing.com

    DNS Response

    204.79.197.237
    13.107.21.237

  • 8.8.8.8:53
    237.197.79.204.in-addr.arpa
    dns
    73 B
     143 B
     1
    1

    DNS Request

    237.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    241.150.49.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    241.150.49.20.in-addr.arpa

  • 8.8.8.8:53
    194.61.62.23.in-addr.arpa
    dns
    71 B
     135 B
     1
    1

    DNS Request

    194.61.62.23.in-addr.arpa

  • 8.8.8.8:53
    24.125.209.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    24.125.209.23.in-addr.arpa

  • 8.8.8.8:53
    68.159.190.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    68.159.190.20.in-addr.arpa

  • 8.8.8.8:53
    205.47.74.20.in-addr.arpa
    dns
    142 B
     157 B
     2
    1

    DNS Request

    205.47.74.20.in-addr.arpa

    DNS Request

    205.47.74.20.in-addr.arpa

  • 8.8.8.8:53
    50.23.12.20.in-addr.arpa
    dns
    70 B
     156 B
     1
    1

    DNS Request

    50.23.12.20.in-addr.arpa

  • 8.8.8.8:53
    206.23.85.13.in-addr.arpa
    dns
    71 B
     145 B
     1
    1

    DNS Request

    206.23.85.13.in-addr.arpa

  • 8.8.8.8:53
    55.36.223.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    55.36.223.20.in-addr.arpa

  • 8.8.8.8:53
    25.125.209.23.in-addr.arpa
    dns
    72 B
     137 B
     1
    1

    DNS Request

    25.125.209.23.in-addr.arpa

  • 8.8.8.8:53
    48.229.111.52.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    48.229.111.52.in-addr.arpa

  • 8.8.8.8:53
    tse1.mm.bing.net
    dns
    62 B
     173 B
     1
    1

    DNS Request

    tse1.mm.bing.net

    DNS Response

    204.79.197.200
    13.107.21.200

  • 8.8.8.8:53
    88.156.103.20.in-addr.arpa
    dns
    72 B
     158 B
     1
    1

    DNS Request

    88.156.103.20.in-addr.arpa

  • 8.8.8.8:53
    200.197.79.204.in-addr.arpa
    dns
    73 B
     106 B
     1
    1

    DNS Request

    200.197.79.204.in-addr.arpa

  • 8.8.8.8:53
    9.173.189.20.in-addr.arpa
    dns
    71 B
     157 B
     1
    1

    DNS Request

    9.173.189.20.in-addr.arpa

MITRE ATT&CK Enterprise v15

Replay Monitor

Loading Replay Monitor...

Downloads

We care about your privacy.

This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.