Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Analysis

  • max time kernel
    150s
  • max time network
    154s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20240802-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
  • submitted
    10/08/2024, 02:39 UTC

General

  • Target

    2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

  • Size

    712KB

  • MD5

    f6847ab67e21a9dd8b96a09b80daa65c

  • SHA1

    e33fb83ab7c248491dd27b8462276b9f75443aa6

  • SHA256

    77a7216e9d954df5898451cb6f61a150cca9e6fec76004a191a2fddc195d5dec

  • SHA512

    ea99e7276be1302ab1ef50be21d5857d54722273492662961cb2cb9a1d4d332a766984f95f7ffed99ae70efc5bf68fe251d9d9d55be144a1b6bced8161d39747

  • SSDEEP

    12288:/tOw6BaWMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:16B8SkQ/7Gb8NLEbeZ

Malware Config

Signatures

  • Executes dropped EXE 22 IoCs
  • Reads user/profile data of web browsers 2 TTPs

    Infostealers often target stored browser data, which can include saved credentials etc.

  • Drops file in System32 directory 31 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Drops file in Windows directory 3 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s).

  • System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

    Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

  • Checks SCSI registry key(s) 3 TTPs 64 IoCs

    SCSI information is often read in order to detect sandboxing environments.

  • Checks processor information in registry 2 TTPs 2 IoCs

    Processor information is often read in order to detect sandboxing environments.

  • Modifies data under HKEY_USERS 64 IoCs
  • Suspicious behavior: EnumeratesProcesses 35 IoCs
  • Suspicious behavior: LoadsDriver 2 IoCs
  • Suspicious use of AdjustPrivilegeToken 45 IoCs
  • Suspicious use of WriteProcessMemory 4 IoCs
  • Uses Volume Shadow Copy service COM API

    The Volume Shadow Copy service is used to manage backups/snapshots.

Processes

  • C:\Users\Admin\AppData\Local\Temp\2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
    "C:\Users\Admin\AppData\Local\Temp\2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe"
    1⤵
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • System Location Discovery: System Language Discovery
    • Suspicious behavior: EnumeratesProcesses
    • Suspicious use of AdjustPrivilegeToken
    PID:4500
  • C:\Windows\System32\alg.exe
    C:\Windows\System32\alg.exe
    1⤵
    • Executes dropped EXE
    • Drops file in System32 directory
    • Drops file in Program Files directory
    • Drops file in Windows directory
    • Suspicious use of AdjustPrivilegeToken
    PID:3220
  • C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
    1⤵
    • Executes dropped EXE
    PID:1996
  • C:\Windows\System32\svchost.exe
    C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
    1⤵
      PID:4868
    • C:\Windows\system32\fxssvc.exe
      C:\Windows\system32\fxssvc.exe
      1⤵
      • Executes dropped EXE
      • Modifies data under HKEY_USERS
      • Suspicious use of AdjustPrivilegeToken
      PID:3292
    • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
      "C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2596
    • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
      1⤵
      • Executes dropped EXE
      PID:2548
    • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
      "C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
      1⤵
      • Executes dropped EXE
      PID:2472
    • C:\Windows\System32\msdtc.exe
      C:\Windows\System32\msdtc.exe
      1⤵
      • Executes dropped EXE
      • Drops file in System32 directory
      • Drops file in Windows directory
      PID:2236
    • \??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
      "c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
      1⤵
      • Executes dropped EXE
      PID:3144
    • C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
      1⤵
      • Executes dropped EXE
      PID:2180
    • C:\Windows\SysWow64\perfhost.exe
      C:\Windows\SysWow64\perfhost.exe
      1⤵
      • Executes dropped EXE
      • System Location Discovery: System Language Discovery
      PID:4904
    • C:\Windows\system32\locator.exe
      C:\Windows\system32\locator.exe
      1⤵
      • Executes dropped EXE
      PID:1800
    • C:\Windows\System32\SensorDataService.exe
      C:\Windows\System32\SensorDataService.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:2672
    • C:\Windows\System32\snmptrap.exe
      C:\Windows\System32\snmptrap.exe
      1⤵
      • Executes dropped EXE
      PID:2948
    • C:\Windows\system32\spectrum.exe
      C:\Windows\system32\spectrum.exe
      1⤵
      • Executes dropped EXE
      • Checks SCSI registry key(s)
      PID:4744
    • C:\Windows\system32\svchost.exe
      C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
      1⤵
        PID:4292
      • C:\Windows\System32\OpenSSH\ssh-agent.exe
        C:\Windows\System32\OpenSSH\ssh-agent.exe
        1⤵
        • Executes dropped EXE
        PID:4688
      • C:\Windows\system32\TieringEngineService.exe
        C:\Windows\system32\TieringEngineService.exe
        1⤵
        • Executes dropped EXE
        • Checks processor information in registry
        • Suspicious use of AdjustPrivilegeToken
        PID:2800
      • C:\Windows\system32\AgentService.exe
        C:\Windows\system32\AgentService.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:1032
      • C:\Windows\System32\vds.exe
        C:\Windows\System32\vds.exe
        1⤵
        • Executes dropped EXE
        PID:4468
      • C:\Windows\system32\vssvc.exe
        C:\Windows\system32\vssvc.exe
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:4516
      • C:\Windows\system32\wbengine.exe
        "C:\Windows\system32\wbengine.exe"
        1⤵
        • Executes dropped EXE
        • Suspicious use of AdjustPrivilegeToken
        PID:3536
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
        1⤵
          PID:2968
        • C:\Windows\system32\wbem\WmiApSrv.exe
          C:\Windows\system32\wbem\WmiApSrv.exe
          1⤵
          • Executes dropped EXE
          PID:5040
        • C:\Windows\system32\SearchIndexer.exe
          C:\Windows\system32\SearchIndexer.exe /Embedding
          1⤵
          • Executes dropped EXE
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:3100
          • C:\Windows\system32\SearchProtocolHost.exe
            "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
            2⤵
            • Modifies data under HKEY_USERS
            PID:5964
          • C:\Windows\system32\SearchFilterHost.exe
            "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
            2⤵
            • Modifies data under HKEY_USERS
            PID:6044

        Network

        • flag-us
          DNS
          8.8.8.8.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          8.8.8.8.in-addr.arpa
          IN PTR
          Response
          8.8.8.8.in-addr.arpa
          IN PTR
          dnsgoogle
        • flag-us
          DNS
          pywolwnvd.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          pywolwnvd.biz
          IN A
          Response
          pywolwnvd.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          pywolwnvd.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          pywolwnvd.biz
          IN A
          Response
          pywolwnvd.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          58.55.71.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          58.55.71.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          POST
          http://pywolwnvd.biz/jravwygahngecv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /jravwygahngecv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pywolwnvd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:30 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=fb081ebf5f4700ed1a692950fcaad72b|194.110.13.70|1723257570|1723257570|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://pywolwnvd.biz/lireajgotnxkayy
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /lireajgotnxkayy HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pywolwnvd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:30 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=9745d76dca5276955722428fa532bb4e|194.110.13.70|1723257570|1723257570|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ssbzmoy.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          ssbzmoy.biz
          IN A
          Response
          ssbzmoy.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://ssbzmoy.biz/adbrglrn
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /adbrglrn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ssbzmoy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:31 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=c8a7ac9739fab8e40bd83b4f6ce47143|194.110.13.70|1723257571|1723257571|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-sg
          POST
          http://ssbzmoy.biz/vlahmlajbpanh
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /vlahmlajbpanh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ssbzmoy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:31 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=81e6e687f938e772d029f75fa6e99ee5|194.110.13.70|1723257571|1723257571|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          177.188.244.54.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          177.188.244.54.in-addr.arpa
          IN PTR
          Response
          177.188.244.54.in-addr.arpa
          IN PTR
          ec2-54-244-188-177 us-west-2compute amazonawscom
        • flag-us
          DNS
          cvgrf.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          cvgrf.biz
          IN A
          Response
          cvgrf.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://cvgrf.biz/j
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /j HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: cvgrf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:33 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=94c93aa3ca1b678eb33d1f5b07a5ff84|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://cvgrf.biz/j
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /j HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: cvgrf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:33 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=28cfe5b095fc60752dd27b26572c7836|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          107.10.141.18.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          107.10.141.18.in-addr.arpa
          IN PTR
          Response
          107.10.141.18.in-addr.arpa
          IN PTR
          ec2-18-141-10-107ap-southeast-1compute amazonawscom
        • flag-us
          DNS
          95.221.229.192.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          95.221.229.192.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          g.bing.com
          Remote address:
          8.8.8.8:53
          Request
          g.bing.com
          IN A
          Response
          g.bing.com
          IN CNAME
          g-bing-com.dual-a-0034.a-msedge.net
          g-bing-com.dual-a-0034.a-msedge.net
          IN CNAME
          dual-a-0034.a-msedge.net
          dual-a-0034.a-msedge.net
          IN A
          13.107.21.237
          dual-a-0034.a-msedge.net
          IN A
          204.79.197.237
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
          Remote address:
          13.107.21.237:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MUID=1CEC946A6C9A68FF3E1C80BD6D2169D2; domain=.bing.com; expires=Thu, 04-Sep-2025 02:39:35 GMT; path=/; SameSite=None; Secure; Priority=High;
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: C1B0F295BAD2442C9FCB4ADB07E8D7CB Ref B: LON04EDGE0908 Ref C: 2024-08-10T02:39:35Z
          date: Sat, 10 Aug 2024 02:39:35 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
          Remote address:
          13.107.21.237:443
          Request
          GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=1CEC946A6C9A68FF3E1C80BD6D2169D2
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          set-cookie: MSPTC=JyE6ptWX54y6Fa86vs5p8MKJQkCfelz31tJ6m6phd_Y; domain=.bing.com; expires=Thu, 04-Sep-2025 02:39:36 GMT; path=/; Partitioned; secure; SameSite=None
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 9DC7E28A66014193A4C9158434DC76EC Ref B: LON04EDGE0908 Ref C: 2024-08-10T02:39:36Z
          date: Sat, 10 Aug 2024 02:39:36 GMT
        • flag-us
          GET
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
          Remote address:
          13.107.21.237:443
          Request
          GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
          host: g.bing.com
          accept-encoding: gzip, deflate
          user-agent: WindowsShellClient/9.0.40929.0 (Windows)
          cookie: MUID=1CEC946A6C9A68FF3E1C80BD6D2169D2; MSPTC=JyE6ptWX54y6Fa86vs5p8MKJQkCfelz31tJ6m6phd_Y
          Response
          HTTP/2.0 204
          cache-control: no-cache, must-revalidate
          pragma: no-cache
          expires: Fri, 01 Jan 1990 00:00:00 GMT
          strict-transport-security: max-age=31536000; includeSubDomains; preload
          access-control-allow-origin: *
          x-cache: CONFIG_NOCACHE
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 571E5BE1FBA14825BA01C6FF542CCC00 Ref B: LON04EDGE0908 Ref C: 2024-08-10T02:39:36Z
          date: Sat, 10 Aug 2024 02:39:36 GMT
        • flag-us
          DNS
          209.205.72.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          209.205.72.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          npukfztj.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          npukfztj.biz
          IN A
          Response
          npukfztj.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://npukfztj.biz/pxestalrit
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /pxestalrit HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: npukfztj.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:33 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=bdc985352289a7396d5b4cc851013139|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://npukfztj.biz/upfet
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /upfet HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: npukfztj.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:33 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=fbaf09f9912afe91b507080360c89200|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          przvgke.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          przvgke.biz
          IN A
          Response
          przvgke.biz
          IN A
          172.234.222.138
          przvgke.biz
          IN A
          172.234.222.143
        • flag-us
          DNS
          237.21.107.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          237.21.107.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          105.84.221.44.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          105.84.221.44.in-addr.arpa
          IN PTR
          Response
          105.84.221.44.in-addr.arpa
          IN PTR
          ec2-44-221-84-105 compute-1 amazonawscom
        • flag-us
          DNS
          105.84.221.44.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          105.84.221.44.in-addr.arpa
          IN PTR
        • flag-us
          POST
          http://przvgke.biz/l
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          172.234.222.138:80
          Request
          POST /l HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: przvgke.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          POST
          http://przvgke.biz/qnragkryuoyh
          alg.exe
          Remote address:
          172.234.222.138:80
          Request
          POST /qnragkryuoyh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: przvgke.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          POST
          http://przvgke.biz/ms
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          172.234.222.138:80
          Request
          POST /ms HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: przvgke.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          POST
          http://przvgke.biz/ms
          alg.exe
          Remote address:
          172.234.222.138:80
          Request
          POST /ms HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: przvgke.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          DNS
          zlenh.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          zlenh.biz
          IN A
          Response
        • flag-us
          DNS
          knjghuig.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          knjghuig.biz
          IN A
          Response
          knjghuig.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://knjghuig.biz/vtivlyxnyxdprhwv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /vtivlyxnyxdprhwv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: knjghuig.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:35 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=7527b786a774fef749297f511d2ad203|194.110.13.70|1723257575|1723257575|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          138.222.234.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          138.222.234.172.in-addr.arpa
          IN PTR
          Response
          138.222.234.172.in-addr.arpa
          IN PTR
          172-234-222-138iplinodeusercontentcom
        • flag-us
          DNS
          uhxqin.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          uhxqin.biz
          IN A
          Response
        • flag-us
          DNS
          anpmnmxo.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          anpmnmxo.biz
          IN A
          Response
        • flag-us
          DNS
          lpuegx.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          lpuegx.biz
          IN A
          Response
          lpuegx.biz
          IN A
          82.112.184.197
        • flag-us
          DNS
          zlenh.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          zlenh.biz
          IN A
          Response
        • flag-us
          DNS
          knjghuig.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          knjghuig.biz
          IN A
          Response
          knjghuig.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://knjghuig.biz/jwncgojbqiyxqnoe
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /jwncgojbqiyxqnoe HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: knjghuig.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:39:39 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=4927e2c96fcea7f79a9dc84ae58e290c|194.110.13.70|1723257579|1723257579|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          uhxqin.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          uhxqin.biz
          IN A
          Response
        • flag-us
          DNS
          anpmnmxo.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          anpmnmxo.biz
          IN A
          Response
        • flag-us
          DNS
          lpuegx.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          lpuegx.biz
          IN A
          Response
          lpuegx.biz
          IN A
          82.112.184.197
        • flag-us
          DNS
          28.118.140.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          28.118.140.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          157.123.68.40.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          157.123.68.40.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          206.23.85.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          206.23.85.13.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          vjaxhpbji.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          vjaxhpbji.biz
          IN A
          Response
          vjaxhpbji.biz
          IN A
          82.112.184.197
        • flag-us
          DNS
          vjaxhpbji.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          vjaxhpbji.biz
          IN A
          Response
          vjaxhpbji.biz
          IN A
          82.112.184.197
        • flag-us
          DNS
          48.229.111.52.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          48.229.111.52.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          240.221.184.93.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          240.221.184.93.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          57.169.31.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          57.169.31.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          172.210.232.199.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          172.210.232.199.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          xlfhhhm.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          xlfhhhm.biz
          IN A
          Response
          xlfhhhm.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://xlfhhhm.biz/nh
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /nh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: xlfhhhm.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:01 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=6ec95925f39bdbad8d4814ab568ce96d|194.110.13.70|1723257661|1723257661|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ifsaia.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          ifsaia.biz
          IN A
          Response
          ifsaia.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://ifsaia.biz/cjhtqkidtbxyl
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /cjhtqkidtbxyl HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ifsaia.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:02 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=d9ed10a6c0052f4c7c1491532e0e13f4|194.110.13.70|1723257662|1723257662|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          212.31.129.47.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          212.31.129.47.in-addr.arpa
          IN PTR
          Response
          212.31.129.47.in-addr.arpa
          IN PTR
          ec2-47-129-31-212ap-southeast-1compute amazonawscom
        • flag-us
          DNS
          saytjshyf.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          saytjshyf.biz
          IN A
          Response
          saytjshyf.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://saytjshyf.biz/p
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /p HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: saytjshyf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:03 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=37d17d69399495a142ee0cbfe55734f1|194.110.13.70|1723257663|1723257663|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          vcddkls.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          vcddkls.biz
          IN A
          Response
          vcddkls.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://vcddkls.biz/ndafyecfudrj
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /ndafyecfudrj HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: vcddkls.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:04 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=52b8eb80fe066f68b1ff1a6b2a1bd251|194.110.13.70|1723257664|1723257664|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          150.16.251.13.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          150.16.251.13.in-addr.arpa
          IN PTR
          Response
          150.16.251.13.in-addr.arpa
          IN PTR
          ec2-13-251-16-150ap-southeast-1compute amazonawscom
        • flag-us
          DNS
          xlfhhhm.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          xlfhhhm.biz
          IN A
          Response
          xlfhhhm.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://xlfhhhm.biz/cwjsf
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /cwjsf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: xlfhhhm.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:04 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=73d4e43516d7e2b27ff6f013d7a9bb6b|194.110.13.70|1723257664|1723257664|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          fwiwk.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          fwiwk.biz
          IN A
          Response
          fwiwk.biz
          IN A
          172.234.222.143
          fwiwk.biz
          IN A
          172.234.222.138
        • flag-us
          POST
          http://fwiwk.biz/rspha
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          172.234.222.143:80
          Request
          POST /rspha HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: fwiwk.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          POST
          http://fwiwk.biz/owxtyxujfra
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          172.234.222.143:80
          Request
          POST /owxtyxujfra HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: fwiwk.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          DNS
          ifsaia.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          ifsaia.biz
          IN A
          Response
          ifsaia.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://ifsaia.biz/fifjxk
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /fifjxk HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ifsaia.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:05 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=f02f7611352e140525dd07c34018d2c8|194.110.13.70|1723257665|1723257665|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          143.222.234.172.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          143.222.234.172.in-addr.arpa
          IN PTR
          Response
          143.222.234.172.in-addr.arpa
          IN PTR
          172-234-222-143iplinodeusercontentcom
        • flag-us
          DNS
          tbjrpv.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          tbjrpv.biz
          IN A
          Response
          tbjrpv.biz
          IN A
          34.246.200.160
        • flag-us
          DNS
          saytjshyf.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          saytjshyf.biz
          IN A
          Response
          saytjshyf.biz
          IN A
          44.221.84.105
        • flag-ie
          POST
          http://tbjrpv.biz/u
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /u HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: tbjrpv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:06 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=f100f1c6fd897c8da191d2e81a73153c|194.110.13.70|1723257666|1723257666|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://saytjshyf.biz/ehaoi
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /ehaoi HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: saytjshyf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:06 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=48075040ce1cc53bb53ea581eb1a48e5|194.110.13.70|1723257666|1723257666|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          deoci.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          deoci.biz
          IN A
          Response
          deoci.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          vcddkls.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          vcddkls.biz
          IN A
          Response
          vcddkls.biz
          IN A
          18.141.10.107
        • flag-us
          POST
          http://deoci.biz/rafbrexontksjth
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /rafbrexontksjth HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: deoci.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:06 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=b5d40e17baa00aba87dea92c5ba951e4|194.110.13.70|1723257666|1723257666|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-sg
          POST
          http://vcddkls.biz/njwq
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /njwq HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: vcddkls.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:07 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=6d0827e5237cc98f8aa0cd0a390bdf97|194.110.13.70|1723257667|1723257667|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gytujflc.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          gytujflc.biz
          IN A
          Response
          gytujflc.biz
          IN A
          208.100.26.245
        • flag-us
          DNS
          160.200.246.34.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          160.200.246.34.in-addr.arpa
          IN PTR
          Response
          160.200.246.34.in-addr.arpa
          IN PTR
          ec2-34-246-200-160 eu-west-1compute amazonawscom
        • flag-us
          DNS
          248.156.208.18.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          248.156.208.18.in-addr.arpa
          IN PTR
          Response
          248.156.208.18.in-addr.arpa
          IN PTR
          ec2-18-208-156-248 compute-1 amazonawscom
        • flag-us
          POST
          http://gytujflc.biz/jmmjwqredi
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /jmmjwqredi HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gytujflc.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:06 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://gytujflc.biz/fpuvoedfholdfds
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /fpuvoedfholdfds HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gytujflc.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:06 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://yunalwv.biz/hckibafbv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /hckibafbv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yunalwv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:11 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://yunalwv.biz/rhuhxxlslfjyrwd
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /rhuhxxlslfjyrwd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yunalwv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:11 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://gjogvvpsf.biz/xtwfv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /xtwfv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gjogvvpsf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:45 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://gjogvvpsf.biz/wkhdhutcptwaqv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /wkhdhutcptwaqv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gjogvvpsf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:45 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          DNS
          qaynky.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          qaynky.biz
          IN A
          Response
          qaynky.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://qaynky.biz/paik
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /paik HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: qaynky.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:07 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=2bb3b8324ce82c99f83ae3b3e9e42be9|194.110.13.70|1723257667|1723257667|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          fwiwk.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          fwiwk.biz
          IN A
          Response
          fwiwk.biz
          IN A
          172.234.222.143
          fwiwk.biz
          IN A
          172.234.222.138
        • flag-us
          POST
          http://fwiwk.biz/dsowokpmderaai
          alg.exe
          Remote address:
          172.234.222.143:80
          Request
          POST /dsowokpmderaai HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: fwiwk.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          DNS
          245.26.100.208.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          245.26.100.208.in-addr.arpa
          IN PTR
          Response
          245.26.100.208.in-addr.arpa
          IN PTR
          ip245 208-100-26static steadfastdnsnet
        • flag-us
          POST
          http://fwiwk.biz/yvw
          alg.exe
          Remote address:
          172.234.222.143:80
          Request
          POST /yvw HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: fwiwk.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          DNS
          tbjrpv.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          tbjrpv.biz
          IN A
          Response
          tbjrpv.biz
          IN A
          34.246.200.160
        • flag-ie
          POST
          http://tbjrpv.biz/awb
          alg.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /awb HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: tbjrpv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:08 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=351e773ba1d599c815dfdc2de9ec2fd8|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          bumxkqgxu.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          bumxkqgxu.biz
          IN A
          Response
          bumxkqgxu.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://bumxkqgxu.biz/oyv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /oyv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: bumxkqgxu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:08 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=942bafca821c9eafdd9edeb43612f999|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          deoci.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          deoci.biz
          IN A
          Response
          deoci.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://deoci.biz/x
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /x HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: deoci.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:08 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=f07057487daa69203775820184cbc608|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          dwrqljrr.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          dwrqljrr.biz
          IN A
          Response
          dwrqljrr.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://dwrqljrr.biz/gkdghdqowbglwt
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /gkdghdqowbglwt HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: dwrqljrr.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:08 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=757328710d60f8545b18f8650ae7ec8c|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gytujflc.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          gytujflc.biz
          IN A
          Response
          gytujflc.biz
          IN A
          208.100.26.245
        • flag-us
          POST
          http://gytujflc.biz/kxitualufpr
          alg.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /kxitualufpr HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gytujflc.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:08 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://gytujflc.biz/plttcyqwrmvn
          alg.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /plttcyqwrmvn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gytujflc.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:09 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://yunalwv.biz/evfpfqigqqwkkpv
          alg.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /evfpfqigqqwkkpv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yunalwv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:13 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://yunalwv.biz/cikdstvnyfhg
          alg.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /cikdstvnyfhg HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yunalwv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:13 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://gjogvvpsf.biz/lqlqjckxmtpne
          alg.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /lqlqjckxmtpne HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gjogvvpsf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:38 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          POST
          http://gjogvvpsf.biz/bvlimahcko
          alg.exe
          Remote address:
          208.100.26.245:80
          Request
          POST /bvlimahcko HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gjogvvpsf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.14.0 (Ubuntu)
          Date: Sat, 10 Aug 2024 02:41:39 GMT
          Content-Type: text/html
          Content-Length: 580
          Connection: keep-alive
        • flag-us
          DNS
          nqwjmb.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          nqwjmb.biz
          IN A
          Response
          nqwjmb.biz
          IN A
          35.164.78.200
        • flag-us
          DNS
          qaynky.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          qaynky.biz
          IN A
          Response
          qaynky.biz
          IN A
          13.251.16.150
        • flag-us
          POST
          http://nqwjmb.biz/pgxepktabqwlsi
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          35.164.78.200:80
          Request
          POST /pgxepktabqwlsi HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: nqwjmb.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:09 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=fddfa4aaf0cbb62a0a9070e7d00e6aa1|194.110.13.70|1723257669|1723257669|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-sg
          POST
          http://qaynky.biz/yo
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /yo HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: qaynky.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:09 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=9fc2ddaf57b30b4ee209540ddab731e7|194.110.13.70|1723257669|1723257669|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ytctnunms.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          ytctnunms.biz
          IN A
          Response
          ytctnunms.biz
          IN A
          3.94.10.34
        • flag-us
          POST
          http://ytctnunms.biz/rdlcfrplmmnsn
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          3.94.10.34:80
          Request
          POST /rdlcfrplmmnsn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ytctnunms.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:09 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=f3310848ee2cc12a6bac4dd604a94885|194.110.13.70|1723257669|1723257669|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          myups.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          myups.biz
          IN A
          Response
          myups.biz
          IN A
          165.160.13.20
          myups.biz
          IN A
          165.160.15.20
        • flag-us
          POST
          http://myups.biz/evrholb
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          165.160.13.20:80
          Request
          POST /evrholb HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: myups.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Date: Sat, 10 Aug 2024 02:41:10 GMT
          Content-Length: 94
        • flag-us
          POST
          http://myups.biz/cdgq
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          165.160.13.20:80
          Request
          POST /cdgq HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: myups.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Date: Sat, 10 Aug 2024 02:41:10 GMT
          Content-Length: 94
        • flag-us
          DNS
          bumxkqgxu.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          bumxkqgxu.biz
          IN A
          Response
          bumxkqgxu.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://bumxkqgxu.biz/jh
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /jh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: bumxkqgxu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:10 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=6cbe79b38423212292a7d74401fcb8ec|194.110.13.70|1723257670|1723257670|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          dwrqljrr.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          dwrqljrr.biz
          IN A
          Response
          dwrqljrr.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://dwrqljrr.biz/paospdfemlfr
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /paospdfemlfr HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: dwrqljrr.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:10 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=a997087dbe363e9fc413236c66779490|194.110.13.70|1723257670|1723257670|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          oshhkdluh.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          oshhkdluh.biz
          IN A
          Response
          oshhkdluh.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          200.78.164.35.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          200.78.164.35.in-addr.arpa
          IN PTR
          Response
          200.78.164.35.in-addr.arpa
          IN PTR
          ec2-35-164-78-200 us-west-2compute amazonawscom
        • flag-us
          DNS
          34.10.94.3.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          34.10.94.3.in-addr.arpa
          IN PTR
          Response
          34.10.94.3.in-addr.arpa
          IN PTR
          ec2-3-94-10-34 compute-1 amazonawscom
        • flag-us
          DNS
          20.13.160.165.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          20.13.160.165.in-addr.arpa
          IN PTR
          Response
        • flag-us
          POST
          http://oshhkdluh.biz/dwxn
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /dwxn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: oshhkdluh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:11 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=bc8c719e72b6fd12e141bd5d257cacd0|194.110.13.70|1723257671|1723257671|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          nqwjmb.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          nqwjmb.biz
          IN A
          Response
          nqwjmb.biz
          IN A
          35.164.78.200
        • flag-us
          POST
          http://nqwjmb.biz/yvkqxkipwavs
          alg.exe
          Remote address:
          35.164.78.200:80
          Request
          POST /yvkqxkipwavs HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: nqwjmb.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:11 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=0ba919a879db2c7e6734a3eedeac6d5f|194.110.13.70|1723257671|1723257671|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          yunalwv.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          yunalwv.biz
          IN A
          Response
          yunalwv.biz
          IN A
          208.100.26.245
        • flag-us
          DNS
          ytctnunms.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          ytctnunms.biz
          IN A
          Response
          ytctnunms.biz
          IN A
          3.94.10.34
        • flag-us
          POST
          http://ytctnunms.biz/qjbovdx
          alg.exe
          Remote address:
          3.94.10.34:80
          Request
          POST /qjbovdx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ytctnunms.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:11 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=afc5ee89d9b5a5f976c3bc0e79726e7e|194.110.13.70|1723257671|1723257671|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jpskm.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          jpskm.biz
          IN A
          Response
          jpskm.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://jpskm.biz/vv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /vv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jpskm.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:12 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8214a8c5077a515cbdf5e3eaca4b2bce|194.110.13.70|1723257672|1723257672|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          myups.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          myups.biz
          IN A
          Response
          myups.biz
          IN A
          165.160.15.20
          myups.biz
          IN A
          165.160.13.20
        • flag-us
          POST
          http://myups.biz/e
          alg.exe
          Remote address:
          165.160.15.20:80
          Request
          POST /e HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: myups.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Date: Sat, 10 Aug 2024 02:41:12 GMT
          Content-Length: 94
        • flag-us
          POST
          http://myups.biz/phefhp
          alg.exe
          Remote address:
          165.160.15.20:80
          Request
          POST /phefhp HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: myups.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Date: Sat, 10 Aug 2024 02:41:12 GMT
          Content-Length: 94
        • flag-us
          DNS
          lrxdmhrr.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          lrxdmhrr.biz
          IN A
          Response
          lrxdmhrr.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://lrxdmhrr.biz/f
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /f HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: lrxdmhrr.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:12 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=b19aa46a06f7bfe3bb74748f7dfabc16|194.110.13.70|1723257672|1723257672|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          45.97.211.34.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          45.97.211.34.in-addr.arpa
          IN PTR
          Response
          45.97.211.34.in-addr.arpa
          IN PTR
          ec2-34-211-97-45 us-west-2compute amazonawscom
        • flag-us
          DNS
          kvbjaur.biz
          Remote address:
          8.8.8.8:53
          Request
          kvbjaur.biz
          IN A
          Response
          kvbjaur.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          20.15.160.165.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          20.15.160.165.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          oshhkdluh.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          oshhkdluh.biz
          IN A
          Response
          oshhkdluh.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://oshhkdluh.biz/vaqrwjenfcgdoimi
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /vaqrwjenfcgdoimi HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: oshhkdluh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:13 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=5a6a93a24ce8ae793c1a17c5f93f6cd7|194.110.13.70|1723257673|1723257673|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          wllvnzb.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          wllvnzb.biz
          IN A
          Response
          wllvnzb.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://wllvnzb.biz/ebnsnrfcmadivrr
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /ebnsnrfcmadivrr HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: wllvnzb.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:13 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=0456a2f7322c9078a88d9122f206d24c|194.110.13.70|1723257673|1723257673|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          yunalwv.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          yunalwv.biz
          IN A
          Response
          yunalwv.biz
          IN A
          208.100.26.245
        • flag-us
          DNS
          jpskm.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          jpskm.biz
          IN A
          Response
          jpskm.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://jpskm.biz/vhmxekcwgn
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /vhmxekcwgn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jpskm.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:14 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=7e80eefad8dbeda07fe09da5d36d53d6|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gnqgo.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          gnqgo.biz
          IN A
          Response
          gnqgo.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          lrxdmhrr.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          lrxdmhrr.biz
          IN A
          Response
          lrxdmhrr.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://gnqgo.biz/xch
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /xch HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gnqgo.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:14 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=40f1fa596982e6e83df9bf67efa1a039|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://lrxdmhrr.biz/tkfreqok
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /tkfreqok HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: lrxdmhrr.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:14 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=97f36da0df01e1856322fe58295b529e|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jhvzpcfg.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          jhvzpcfg.biz
          IN A
          Response
          jhvzpcfg.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://jhvzpcfg.biz/eumhnkxgxvlha
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /eumhnkxgxvlha HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jhvzpcfg.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:14 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ad7ac0da2bec7b6b234aa47f9d20460c|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          acwjcqqv.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          acwjcqqv.biz
          IN A
          Response
          acwjcqqv.biz
          IN A
          18.141.10.107
        • flag-us
          DNS
          wllvnzb.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          wllvnzb.biz
          IN A
          Response
          wllvnzb.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://acwjcqqv.biz/lqww
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /lqww HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: acwjcqqv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:15 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=26df4034d19804b507426bde2d02952d|194.110.13.70|1723257675|1723257675|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-sg
          POST
          http://wllvnzb.biz/vgtpmxrv
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /vgtpmxrv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: wllvnzb.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:15 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=4feb2c70f51929cfc35cc5f62a00273a|194.110.13.70|1723257675|1723257675|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          lejtdj.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          lejtdj.biz
          IN A
          Response
        • flag-us
          DNS
          gnqgo.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          gnqgo.biz
          IN A
          Response
          gnqgo.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          vyome.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          vyome.biz
          IN A
          Response
          vyome.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://gnqgo.biz/chhvlxbnyeptx
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /chhvlxbnyeptx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gnqgo.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:16 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=72040e76dc24da7dba7601839ee82989|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://vyome.biz/dfbius
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /dfbius HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: vyome.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:16 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ad67b4615f6efd4248e1e040341da8dc|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jhvzpcfg.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          jhvzpcfg.biz
          IN A
          Response
          jhvzpcfg.biz
          IN A
          44.221.84.105
        • flag-us
          DNS
          yauexmxk.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          yauexmxk.biz
          IN A
          Response
          yauexmxk.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://jhvzpcfg.biz/osmicrm
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /osmicrm HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jhvzpcfg.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:16 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=d1c6c84efca4053bd7de97a79ed4fe0a|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://yauexmxk.biz/ixgtdmsnbehuinty
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /ixgtdmsnbehuinty HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yauexmxk.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:16 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=11fdfd73264a18203158589e97df874a|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          acwjcqqv.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          acwjcqqv.biz
          IN A
          Response
          acwjcqqv.biz
          IN A
          18.141.10.107
        • flag-us
          DNS
          iuzpxe.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          iuzpxe.biz
          IN A
          Response
          iuzpxe.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://acwjcqqv.biz/fbogd
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /fbogd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: acwjcqqv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:17 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=108fec7abf33cd5a3ae38bff90e7f5e3|194.110.13.70|1723257677|1723257677|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-sg
          POST
          http://iuzpxe.biz/ajndjgmdxag
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /ajndjgmdxag HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: iuzpxe.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:17 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=064c57c7930b29a2e638d99b7760a29f|194.110.13.70|1723257677|1723257677|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          5.173.189.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          5.173.189.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          5.173.189.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          5.173.189.20.in-addr.arpa
          IN PTR
        • flag-us
          DNS
          86.104.213.44.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          86.104.213.44.in-addr.arpa
          IN PTR
          Response
          86.104.213.44.in-addr.arpa
          IN PTR
          ec2-44-213-104-86 compute-1 amazonawscom
        • flag-us
          DNS
          lejtdj.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          lejtdj.biz
          IN A
          Response
        • flag-us
          DNS
          vyome.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          vyome.biz
          IN A
          Response
          vyome.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://vyome.biz/sbvyanland
          alg.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /sbvyanland HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: vyome.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:17 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=0cff472a96d3b0157f73f10849bacbf2|194.110.13.70|1723257677|1723257677|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          yauexmxk.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          yauexmxk.biz
          IN A
          Response
          yauexmxk.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://yauexmxk.biz/ijyvhudj
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /ijyvhudj HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yauexmxk.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:18 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=e5046c3fd44bf4262fffa9e14272a97e|194.110.13.70|1723257678|1723257678|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          iuzpxe.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          iuzpxe.biz
          IN A
          Response
          iuzpxe.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://iuzpxe.biz/huf
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /huf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: iuzpxe.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:19 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=4cea2f6e2f067113d1310e3a6a30160d|194.110.13.70|1723257679|1723257679|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          55.36.223.20.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          55.36.223.20.in-addr.arpa
          IN PTR
          Response
        • flag-us
          DNS
          tse1.mm.bing.net
          Remote address:
          8.8.8.8:53
          Request
          tse1.mm.bing.net
          IN A
          Response
          tse1.mm.bing.net
          IN CNAME
          mm-mm.bing.net.trafficmanager.net
          mm-mm.bing.net.trafficmanager.net
          IN CNAME
          ax-0001.ax-msedge.net
          ax-0001.ax-msedge.net
          IN A
          150.171.28.10
          ax-0001.ax-msedge.net
          IN A
          150.171.27.10
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 719294
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: D2F13F4C610E448BB976615777AE19E8 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
          date: Sat, 10 Aug 2024 02:41:18 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 305259
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: C5DA0627AEF94DDDB8EC946B39908C6E Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
          date: Sat, 10 Aug 2024 02:41:18 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 675336
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 63C1C7E622CD4A0E90B2247464A3AD43 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
          date: Sat, 10 Aug 2024 02:41:18 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 830618
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: DB960B57534E44779EADDBF526F707C9 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
          date: Sat, 10 Aug 2024 02:41:18 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 771656
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: FD5A14BEA5AC4E319475BDF742811D05 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
          date: Sat, 10 Aug 2024 02:41:18 GMT
        • flag-us
          GET
          https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          Remote address:
          150.171.28.10:443
          Request
          GET /th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
          host: tse1.mm.bing.net
          accept: */*
          accept-encoding: gzip, deflate, br
          user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041
          Response
          HTTP/2.0 200
          cache-control: public, max-age=2592000
          content-length: 258855
          content-type: image/jpeg
          x-cache: TCP_HIT
          access-control-allow-origin: *
          access-control-allow-headers: *
          access-control-allow-methods: GET, POST, OPTIONS
          timing-allow-origin: *
          report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
          nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
          accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
          x-msedge-ref: Ref A: 38CF301CCE3B4D5EBFC7E0B56789FD2C Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:20Z
          date: Sat, 10 Aug 2024 02:41:19 GMT
        • flag-us
          DNS
          sxmiywsfv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          sxmiywsfv.biz
          IN A
          Response
          sxmiywsfv.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://sxmiywsfv.biz/yn
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /yn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: sxmiywsfv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:20 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=313c17275964aad7a6dee4169a6ac9e0|194.110.13.70|1723257680|1723257680|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          sxmiywsfv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          sxmiywsfv.biz
          IN A
          Response
          sxmiywsfv.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://sxmiywsfv.biz/yvitagnvklbvbe
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /yvitagnvklbvbe HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: sxmiywsfv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:20 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=676d70b5ab570a267cd31ce52aa64af2|194.110.13.70|1723257680|1723257680|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          vrrazpdh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          vrrazpdh.biz
          IN A
          Response
          vrrazpdh.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://vrrazpdh.biz/wpaskfaew
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /wpaskfaew HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: vrrazpdh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:20 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=4af4296e3cd300f13826e12c16c33468|194.110.13.70|1723257680|1723257680|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ftxlah.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ftxlah.biz
          IN A
          Response
          ftxlah.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://ftxlah.biz/gloqsmdx
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /gloqsmdx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ftxlah.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:21 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=271e40809cfe580cfc6d544eeba6edcd|194.110.13.70|1723257681|1723257681|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          typgfhb.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          typgfhb.biz
          IN A
          Response
          typgfhb.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://typgfhb.biz/vu
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /vu HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: typgfhb.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:22 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=2893917d7fd499f0ef9a6cfbfef8588a|194.110.13.70|1723257682|1723257682|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          esuzf.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          esuzf.biz
          IN A
          Response
          esuzf.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://esuzf.biz/toykljwnn
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /toykljwnn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: esuzf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:23 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=bf0a1bbaaf452c402efcc262f8b517c7|194.110.13.70|1723257683|1723257683|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gvijgjwkh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gvijgjwkh.biz
          IN A
          Response
          gvijgjwkh.biz
          IN A
          3.94.10.34
        • flag-us
          DNS
          vrrazpdh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          vrrazpdh.biz
          IN A
          Response
          vrrazpdh.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://gvijgjwkh.biz/rrslewr
          alg.exe
          Remote address:
          3.94.10.34:80
          Request
          POST /rrslewr HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gvijgjwkh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:23 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=2f4a1e9d751c01c0a3915fb7cb143e03|194.110.13.70|1723257683|1723257683|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://vrrazpdh.biz/maqbkeaqcbtkh
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /maqbkeaqcbtkh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: vrrazpdh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:24 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=70fb87cd04cd0586a9419d2066a84343|194.110.13.70|1723257684|1723257684|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          qpnczch.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          qpnczch.biz
          IN A
          Response
          qpnczch.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://qpnczch.biz/w
          alg.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /w HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: qpnczch.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:24 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=333b93ea3634e38f806bb35864480663|194.110.13.70|1723257684|1723257684|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ftxlah.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ftxlah.biz
          IN A
          Response
          ftxlah.biz
          IN A
          47.129.31.212
        • flag-us
          DNS
          brsua.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          brsua.biz
          IN A
          Response
          brsua.biz
          IN A
          3.254.94.185
        • flag-sg
          POST
          http://ftxlah.biz/vvfyslvjnwdr
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /vvfyslvjnwdr HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ftxlah.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:25 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=dcb484cdf38ffda7dbed66af977f3e60|194.110.13.70|1723257685|1723257685|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-ie
          POST
          http://brsua.biz/glcrkrdbxyijyckh
          alg.exe
          Remote address:
          3.254.94.185:80
          Request
          POST /glcrkrdbxyijyckh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: brsua.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:24 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8461552dcebc7a8412d1896f79aa2862|194.110.13.70|1723257684|1723257684|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          dlynankz.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          dlynankz.biz
          IN A
          Response
          dlynankz.biz
          IN A
          85.214.228.140
        • flag-de
          POST
          http://dlynankz.biz/xwjijmwqnuh
          alg.exe
          Remote address:
          85.214.228.140:80
          Request
          POST /xwjijmwqnuh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: dlynankz.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.27.0
          Date: Sat, 10 Aug 2024 02:41:24 GMT
          Transfer-Encoding: chunked
          Connection: keep-alive
          Keep-Alive: timeout=20
        • flag-us
          DNS
          185.94.254.3.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          185.94.254.3.in-addr.arpa
          IN PTR
          Response
          185.94.254.3.in-addr.arpa
          IN PTR
          ec2-3-254-94-185 eu-west-1compute amazonawscom
        • flag-us
          DNS
          oflybfv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          oflybfv.biz
          IN A
          Response
          oflybfv.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://oflybfv.biz/ywmi
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /ywmi HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: oflybfv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:25 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=e4cd57c8c4d8b6fb026694c48b463116|194.110.13.70|1723257685|1723257685|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          typgfhb.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          typgfhb.biz
          IN A
          Response
          typgfhb.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://typgfhb.biz/egctlpn
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /egctlpn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: typgfhb.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:26 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8a85d78e503336ced777733a3640e252|194.110.13.70|1723257686|1723257686|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          140.228.214.85.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          140.228.214.85.in-addr.arpa
          IN PTR
          Response
          140.228.214.85.in-addr.arpa
          IN PTR
          h2758763 stratoservernet
        • flag-us
          DNS
          yhqqc.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          yhqqc.biz
          IN A
          Response
          yhqqc.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://yhqqc.biz/salhskahvruvrcuv
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /salhskahvruvrcuv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yhqqc.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:26 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=96f477951e9ba9594e8f30c2b1b85540|194.110.13.70|1723257686|1723257686|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          esuzf.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          esuzf.biz
          IN A
          Response
          esuzf.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://esuzf.biz/sp
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /sp HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: esuzf.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:26 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=b0c36a5f785fcc2f725539ab2678ba9f|194.110.13.70|1723257686|1723257686|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          mnjmhp.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          mnjmhp.biz
          IN A
          Response
          mnjmhp.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://mnjmhp.biz/cvafbqvshgednjeh
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /cvafbqvshgednjeh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: mnjmhp.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:27 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ed9716cef6930359595453c3ed09549a|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gvijgjwkh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gvijgjwkh.biz
          IN A
          Response
          gvijgjwkh.biz
          IN A
          3.94.10.34
        • flag-us
          POST
          http://gvijgjwkh.biz/ftkwwo
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          3.94.10.34:80
          Request
          POST /ftkwwo HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gvijgjwkh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:27 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ab75d2d66359b6a1ce5e616371c8ffd2|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          qpnczch.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          qpnczch.biz
          IN A
          Response
          qpnczch.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://qpnczch.biz/nuogu
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /nuogu HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: qpnczch.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:27 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ee7c90f62ef7a9264f114076ff2387a1|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          opowhhece.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          opowhhece.biz
          IN A
          Response
          opowhhece.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          brsua.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          brsua.biz
          IN A
          Response
          brsua.biz
          IN A
          3.254.94.185
        • flag-us
          POST
          http://opowhhece.biz/tntkdjmqlepeqrd
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /tntkdjmqlepeqrd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: opowhhece.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:27 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=75dff09d7120a57d6dbfbaa40df85752|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-ie
          POST
          http://brsua.biz/buhwillsnkahdc
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          3.254.94.185:80
          Request
          POST /buhwillsnkahdc HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: brsua.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:27 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=275a8e9602e9e3c3e25ad9595e47ced1|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          zjbpaao.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zjbpaao.biz
          IN A
          Response
        • flag-us
          DNS
          jdhhbs.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jdhhbs.biz
          IN A
          Response
          jdhhbs.biz
          IN A
          13.251.16.150
        • flag-us
          DNS
          dlynankz.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          dlynankz.biz
          IN A
          Response
          dlynankz.biz
          IN A
          85.214.228.140
        • flag-sg
          POST
          http://jdhhbs.biz/le
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /le HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jdhhbs.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:28 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=508d3676c0173179e11d913bb60d79d1|194.110.13.70|1723257688|1723257688|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-de
          POST
          http://dlynankz.biz/sgofhymid
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          85.214.228.140:80
          Request
          POST /sgofhymid HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: dlynankz.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 404 Not Found
          Server: nginx/1.27.0
          Date: Sat, 10 Aug 2024 02:41:28 GMT
          Transfer-Encoding: chunked
          Connection: keep-alive
          Keep-Alive: timeout=20
        • flag-us
          DNS
          oflybfv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          oflybfv.biz
          IN A
          Response
          oflybfv.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://oflybfv.biz/myf
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /myf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: oflybfv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:29 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=da616d838dba8c0c2bac80d1906cf77d|194.110.13.70|1723257689|1723257689|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          mgmsclkyu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          mgmsclkyu.biz
          IN A
          Response
          mgmsclkyu.biz
          IN A
          34.246.200.160
        • flag-ie
          POST
          http://mgmsclkyu.biz/mhtdtdoseyinvm
          alg.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /mhtdtdoseyinvm HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: mgmsclkyu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:29 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=5c1ae1b361b6d9673882175aba8ea1f8|194.110.13.70|1723257689|1723257689|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          yhqqc.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          yhqqc.biz
          IN A
          Response
          yhqqc.biz
          IN A
          34.211.97.45
        • flag-us
          DNS
          warkcdu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          warkcdu.biz
          IN A
          Response
          warkcdu.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://warkcdu.biz/cipbtkgbdwuic
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /cipbtkgbdwuic HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: warkcdu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:30 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=d3aa14c3e8f134b2b768f5e42a180084|194.110.13.70|1723257690|1723257690|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://yhqqc.biz/xq
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /xq HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: yhqqc.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:29 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8d3bcbe4537d052103dc5d84446e838c|194.110.13.70|1723257689|1723257689|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          mnjmhp.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          mnjmhp.biz
          IN A
          Response
          mnjmhp.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://mnjmhp.biz/xeyhwgjusghv
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /xeyhwgjusghv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: mnjmhp.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:30 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=76e38c9235912502d1dda1f7ebb39c25|194.110.13.70|1723257690|1723257690|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gcedd.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gcedd.biz
          IN A
          Response
          gcedd.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://gcedd.biz/mblrmvhwptqty
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /mblrmvhwptqty HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gcedd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:31 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=c7e41be8ccf141c067e209088f8de5dc|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          opowhhece.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          opowhhece.biz
          IN A
          Response
          opowhhece.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://opowhhece.biz/wdtuaxbrwwl
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /wdtuaxbrwwl HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: opowhhece.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:31 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=788ffe17cd8318e6695f490c6048e84d|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          zjbpaao.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zjbpaao.biz
          IN A
          Response
        • flag-us
          DNS
          jdhhbs.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jdhhbs.biz
          IN A
          Response
          jdhhbs.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://jdhhbs.biz/pmmohmcpnduukf
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /pmmohmcpnduukf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jdhhbs.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:32 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=74f6e2ca4f0885f07446776d84b92af7|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jwkoeoqns.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jwkoeoqns.biz
          IN A
          Response
          jwkoeoqns.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://jwkoeoqns.biz/ukiefard
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /ukiefard HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jwkoeoqns.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:31 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=de094e563deea4932a3f33befcd00d7e|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          xccjj.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          xccjj.biz
          IN A
          Response
          xccjj.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://xccjj.biz/chstmolcvoddsxm
          alg.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /chstmolcvoddsxm HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: xccjj.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:31 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=c5918927273c26cae974609a0ed3c2f9|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          hehckyov.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          hehckyov.biz
          IN A
          Response
          hehckyov.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://hehckyov.biz/paxgdiwt
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /paxgdiwt HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: hehckyov.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:32 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=7aa2773990a0cb4b9eb44ff3afb429da|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          rynmcq.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rynmcq.biz
          IN A
          Response
          rynmcq.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://rynmcq.biz/miaedpo
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /miaedpo HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: rynmcq.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:32 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=a3f43e8606082000e0d04d0362aacfec|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          mgmsclkyu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          mgmsclkyu.biz
          IN A
          Response
          mgmsclkyu.biz
          IN A
          34.246.200.160
        • flag-ie
          POST
          http://mgmsclkyu.biz/afjfaxckahjgpxg
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /afjfaxckahjgpxg HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: mgmsclkyu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:32 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=bcbd515b5cae78ebaf952fe01f226d8f|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          warkcdu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          warkcdu.biz
          IN A
          Response
          warkcdu.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://warkcdu.biz/rrqofswiww
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /rrqofswiww HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: warkcdu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:33 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=72b3c3e1d1d01ea2c137fa514e4a87e5|194.110.13.70|1723257693|1723257693|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          uaafd.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          uaafd.biz
          IN A
          Response
          uaafd.biz
          IN A
          3.254.94.185
        • flag-ie
          POST
          http://uaafd.biz/eo
          alg.exe
          Remote address:
          3.254.94.185:80
          Request
          POST /eo HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: uaafd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:33 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=786b47104e9d1d6974f89bd387392243|194.110.13.70|1723257693|1723257693|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          eufxebus.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          eufxebus.biz
          IN A
          Response
          eufxebus.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://eufxebus.biz/g
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /g HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: eufxebus.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:34 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=f3db7e815d9b17d4e7b78603944db5f1|194.110.13.70|1723257694|1723257694|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gcedd.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gcedd.biz
          IN A
          Response
          gcedd.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://gcedd.biz/vh
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /vh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: gcedd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:34 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=a620e274e6416f4262dc028a43baadad|194.110.13.70|1723257694|1723257694|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          pwlqfu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          pwlqfu.biz
          IN A
          Response
          pwlqfu.biz
          IN A
          34.246.200.160
        • flag-ie
          POST
          http://pwlqfu.biz/mokjawbdjkimvpn
          alg.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /mokjawbdjkimvpn HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pwlqfu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:34 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=911a3e618c9cad4b23d54241744250c1|194.110.13.70|1723257694|1723257694|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          rrqafepng.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rrqafepng.biz
          IN A
          Response
          rrqafepng.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://rrqafepng.biz/opolpfukjifrdf
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /opolpfukjifrdf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: rrqafepng.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:35 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ed2a6e16c479db1f98953f50a1b56969|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jwkoeoqns.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jwkoeoqns.biz
          IN A
          Response
          jwkoeoqns.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://jwkoeoqns.biz/ksww
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /ksww HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jwkoeoqns.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:35 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=a2e1dbd739b7408f2fb5a40e21c048cd|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          xccjj.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          xccjj.biz
          IN A
          Response
          xccjj.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://xccjj.biz/lsafplpxmxlox
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /lsafplpxmxlox HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: xccjj.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:35 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=3b794d998840164cbab5669df90a3d78|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          hehckyov.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          hehckyov.biz
          IN A
          Response
          hehckyov.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://hehckyov.biz/dehnogj
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /dehnogj HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: hehckyov.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:35 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=13e33e1e6129e6c68ee3d7c448487096|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ctdtgwag.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ctdtgwag.biz
          IN A
          Response
          ctdtgwag.biz
          IN A
          3.94.10.34
        • flag-us
          POST
          http://ctdtgwag.biz/nibxswmiugqsh
          alg.exe
          Remote address:
          3.94.10.34:80
          Request
          POST /nibxswmiugqsh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ctdtgwag.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:35 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=282570c4bc2ad96c02afcabf562b8188|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          rynmcq.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rynmcq.biz
          IN A
          Response
          rynmcq.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://rynmcq.biz/q
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /q HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: rynmcq.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:36 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=15e96da7ef1c7dcecbfd6648ad06d657|194.110.13.70|1723257696|1723257696|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          tnevuluw.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          tnevuluw.biz
          IN A
          Response
          tnevuluw.biz
          IN A
          35.164.78.200
        • flag-us
          POST
          http://tnevuluw.biz/etihyknx
          alg.exe
          Remote address:
          35.164.78.200:80
          Request
          POST /etihyknx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: tnevuluw.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:36 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=6dafa69fa9dd7427c8cdf8cec651347f|194.110.13.70|1723257696|1723257696|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          uaafd.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          uaafd.biz
          IN A
          Response
          uaafd.biz
          IN A
          3.254.94.185
        • flag-ie
          POST
          http://uaafd.biz/s
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          3.254.94.185:80
          Request
          POST /s HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: uaafd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:36 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=0c44560e1837f5d58593964d9d0a212c|194.110.13.70|1723257696|1723257696|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          whjovd.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          whjovd.biz
          IN A
          Response
          whjovd.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://whjovd.biz/cwcbrxb
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /cwcbrxb HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: whjovd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:37 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=db9a8f212a8e2496f52228ebdbca18b3|194.110.13.70|1723257697|1723257697|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          eufxebus.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          eufxebus.biz
          IN A
          Response
          eufxebus.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://eufxebus.biz/ptkvnnoblotaspt
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /ptkvnnoblotaspt HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: eufxebus.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:37 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=f088159af8cf0aa7ccbf3a16fdd8a9e0|194.110.13.70|1723257697|1723257697|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          gjogvvpsf.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gjogvvpsf.biz
          IN A
          Response
          gjogvvpsf.biz
          IN A
          208.100.26.245
        • flag-us
          DNS
          gjogvvpsf.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gjogvvpsf.biz
          IN A
        • flag-us
          DNS
          reczwga.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          reczwga.biz
          IN A
          Response
          reczwga.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://reczwga.biz/eafsxqlvdarkclbx
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /eafsxqlvdarkclbx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: reczwga.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:39 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=271fcf28284d5a02cd16badd7ae46aa7|194.110.13.70|1723257699|1723257699|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          bghjpy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          bghjpy.biz
          IN A
          Response
          bghjpy.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://bghjpy.biz/dltbwlflsvq
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /dltbwlflsvq HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: bghjpy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:39 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=c82e5fbe6b8e65e56ed149df2e481c1e|194.110.13.70|1723257699|1723257699|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          damcprvgv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          damcprvgv.biz
          IN A
          Response
          damcprvgv.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://damcprvgv.biz/ddcogfgqgnbmdg
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /ddcogfgqgnbmdg HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: damcprvgv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:40 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=d5e25877a255c58dd09d279d49b1d6f9|194.110.13.70|1723257700|1723257700|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ocsvqjg.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ocsvqjg.biz
          IN A
          Response
          ocsvqjg.biz
          IN A
          3.254.94.185
        • flag-us
          DNS
          ocsvqjg.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ocsvqjg.biz
          IN A
        • flag-us
          DNS
          ocsvqjg.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ocsvqjg.biz
          IN A
        • flag-us
          DNS
          pwlqfu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          pwlqfu.biz
          IN A
          Response
          pwlqfu.biz
          IN A
          34.246.200.160
        • flag-us
          DNS
          pwlqfu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          pwlqfu.biz
          IN A
          Response
          pwlqfu.biz
          IN A
          34.246.200.160
        • flag-ie
          POST
          http://pwlqfu.biz/gtvrbhfoanady
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /gtvrbhfoanady HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pwlqfu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:41 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=b1eb28da6373f153117e3fc58ace889c|194.110.13.70|1723257701|1723257701|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          rrqafepng.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rrqafepng.biz
          IN A
          Response
          rrqafepng.biz
          IN A
          47.129.31.212
        • flag-us
          DNS
          rrqafepng.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rrqafepng.biz
          IN A
          Response
          rrqafepng.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://rrqafepng.biz/vcxvcowwqmm
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /vcxvcowwqmm HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: rrqafepng.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:42 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=c6e58b84ca88beff0ef4b639b1590d3a|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-ie
          POST
          http://ocsvqjg.biz/towjpkre
          alg.exe
          Remote address:
          3.254.94.185:80
          Request
          POST /towjpkre HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ocsvqjg.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:41 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=950982e86e30b03264c13b73ef2f94b8|194.110.13.70|1723257701|1723257701|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ywffr.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ywffr.biz
          IN A
          Response
          ywffr.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://ywffr.biz/cialfll
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /cialfll HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ywffr.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:42 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ebffa49ccc7371e35a45befbafd03d6d|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ecxbwt.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ecxbwt.biz
          IN A
          Response
          ecxbwt.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          ecxbwt.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ecxbwt.biz
          IN A
        • flag-us
          DNS
          ctdtgwag.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ctdtgwag.biz
          IN A
          Response
          ctdtgwag.biz
          IN A
          3.94.10.34
        • flag-us
          POST
          http://ctdtgwag.biz/levjus
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          3.94.10.34:80
          Request
          POST /levjus HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ctdtgwag.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:42 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=30a2d41da811e1d19cf2e33483daa837|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://ecxbwt.biz/c
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /c HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ecxbwt.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:42 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=4fd5cd23e1c0d97fb04d2614f9ed1361|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          tnevuluw.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          tnevuluw.biz
          IN A
          Response
          tnevuluw.biz
          IN A
          35.164.78.200
        • flag-us
          DNS
          tnevuluw.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          tnevuluw.biz
          IN A
          Response
          tnevuluw.biz
          IN A
          35.164.78.200
        • flag-us
          POST
          http://tnevuluw.biz/ioqhrbxykhf
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          35.164.78.200:80
          Request
          POST /ioqhrbxykhf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: tnevuluw.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:43 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=77dea603bfa0dd0d25415213b5b241c4|194.110.13.70|1723257703|1723257703|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          pectx.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          pectx.biz
          IN A
          Response
          pectx.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://pectx.biz/lrhajojaonilviwc
          alg.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /lrhajojaonilviwc HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pectx.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:43 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=2e50d6656ae857609b10704f6118c3be|194.110.13.70|1723257703|1723257703|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          whjovd.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          whjovd.biz
          IN A
          Response
          whjovd.biz
          IN A
          18.141.10.107
        • flag-us
          DNS
          zyiexezl.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zyiexezl.biz
          IN A
          Response
          zyiexezl.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://zyiexezl.biz/rkmfaitlvd
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /rkmfaitlvd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: zyiexezl.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:44 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=03be403ee281a729d35802bb20c96747|194.110.13.70|1723257704|1723257704|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-sg
          POST
          http://whjovd.biz/rkmfaitlvd
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /rkmfaitlvd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: whjovd.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:45 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=0760dc4f96a9d9ae27dd7a954e5d6fcb|194.110.13.70|1723257705|1723257705|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          banwyw.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          banwyw.biz
          IN A
          Response
          banwyw.biz
          IN A
          44.221.84.105
        • flag-us
          DNS
          banwyw.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          banwyw.biz
          IN A
          Response
          banwyw.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://banwyw.biz/cxrlkhprtqe
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /cxrlkhprtqe HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: banwyw.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:44 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=ab30c4edf5201e1994938bb28f48df15|194.110.13.70|1723257704|1723257704|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          muapr.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          muapr.biz
          IN A
          Response
        • flag-us
          DNS
          wxgzshna.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          wxgzshna.biz
          IN A
          Response
          wxgzshna.biz
          IN A
          72.52.178.23
        • flag-us
          POST
          http://wxgzshna.biz/nosfroxqexgsdh
          alg.exe
          Remote address:
          72.52.178.23:80
          Request
          POST /nosfroxqexgsdh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: wxgzshna.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          DNS
          gjogvvpsf.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          gjogvvpsf.biz
          IN A
          Response
          gjogvvpsf.biz
          IN A
          208.100.26.245
        • flag-us
          DNS
          reczwga.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          reczwga.biz
          IN A
          Response
          reczwga.biz
          IN A
          44.221.84.105
        • flag-us
          DNS
          reczwga.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          reczwga.biz
          IN A
          Response
          reczwga.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://reczwga.biz/rockb
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /rockb HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: reczwga.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:46 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=70933f76fa8407c78a4e4ccae471d1ab|194.110.13.70|1723257706|1723257706|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://wxgzshna.biz/dsavdykbjv
          alg.exe
          Remote address:
          72.52.178.23:80
          Request
          POST /dsavdykbjv HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: wxgzshna.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          DNS
          zrlssa.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zrlssa.biz
          IN A
          Response
          zrlssa.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://zrlssa.biz/vcbqknlytkbbu
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /vcbqknlytkbbu HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: zrlssa.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:46 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8dcb0789b91683778cde36789dd3942a|194.110.13.70|1723257706|1723257706|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jlqltsjvh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jlqltsjvh.biz
          IN A
          Response
          jlqltsjvh.biz
          IN A
          18.141.10.107
        • flag-us
          DNS
          23.178.52.72.in-addr.arpa
          Remote address:
          8.8.8.8:53
          Request
          23.178.52.72.in-addr.arpa
          IN PTR
          Response
          23.178.52.72.in-addr.arpa
          IN PTR
          lb01 parklogiccom
        • flag-sg
          POST
          http://jlqltsjvh.biz/nviyjifo
          alg.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /nviyjifo HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jlqltsjvh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:47 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=6704530d2cd14c614b0413381efccfa2|194.110.13.70|1723257707|1723257707|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          bghjpy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          bghjpy.biz
          IN A
          Response
          bghjpy.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://bghjpy.biz/cqdmnramj
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /cqdmnramj HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: bghjpy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:47 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=c0a92403375a1ea387ed9f5bb3c7fa9f|194.110.13.70|1723257707|1723257707|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          damcprvgv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          damcprvgv.biz
          IN A
          Response
          damcprvgv.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          damcprvgv.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          damcprvgv.biz
          IN A
        • flag-us
          POST
          http://damcprvgv.biz/yupadylunhwfy
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /yupadylunhwfy HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: damcprvgv.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:47 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8db7beaaddcb61e412839068521672b9|194.110.13.70|1723257707|1723257707|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ocsvqjg.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ocsvqjg.biz
          IN A
          Response
          ocsvqjg.biz
          IN A
          3.254.94.185
        • flag-ie
          POST
          http://ocsvqjg.biz/mndmtaw
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          3.254.94.185:80
          Request
          POST /mndmtaw HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ocsvqjg.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:48 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=71a8b889e51d82c878fd27eea5420d5e|194.110.13.70|1723257708|1723257708|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          xyrgy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          xyrgy.biz
          IN A
          Response
          xyrgy.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://xyrgy.biz/de
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /de HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: xyrgy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:48 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=74cc54ec0d4f902537880fa52fb6ca45|194.110.13.70|1723257708|1723257708|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ywffr.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ywffr.biz
          IN A
          Response
          ywffr.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          htwqzczce.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          htwqzczce.biz
          IN A
          Response
          htwqzczce.biz
          IN A
          172.234.222.138
          htwqzczce.biz
          IN A
          172.234.222.143
        • flag-us
          DNS
          htwqzczce.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          htwqzczce.biz
          IN A
        • flag-us
          POST
          http://ywffr.biz/ey
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /ey HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ywffr.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:49 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=3aa30d57c8ef5f564ea683715f5e1f8c|194.110.13.70|1723257709|1723257709|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          POST
          http://htwqzczce.biz/fdjsyjdmh
          alg.exe
          Remote address:
          172.234.222.138:80
          Request
          POST /fdjsyjdmh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: htwqzczce.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          POST
          http://htwqzczce.biz/bgyfxpgneqbmdrd
          alg.exe
          Remote address:
          172.234.222.138:80
          Request
          POST /bgyfxpgneqbmdrd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: htwqzczce.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          POST
          http://kvbjaur.biz/kidgnxhtlufkka
          alg.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /kidgnxhtlufkka HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: kvbjaur.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:49 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=bf5c2ab323f0fde10248d2ce20b67320|194.110.13.70|1723257709|1723257709|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          ecxbwt.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ecxbwt.biz
          IN A
          Response
          ecxbwt.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          ecxbwt.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          ecxbwt.biz
          IN A
          Response
          ecxbwt.biz
          IN A
          54.244.188.177
        • flag-us
          POST
          http://ecxbwt.biz/ggijh
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /ggijh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: ecxbwt.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:49 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=85744c7e2e2fda549967f5e94e077506|194.110.13.70|1723257709|1723257709|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          uphca.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          uphca.biz
          IN A
          Response
          uphca.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://uphca.biz/teqedfknpkosgo
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /teqedfknpkosgo HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: uphca.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:50 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=4dd76195be5f3379f9cc092fed8c866a|194.110.13.70|1723257710|1723257710|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          pectx.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          pectx.biz
          IN A
          Response
          pectx.biz
          IN A
          44.213.104.86
        • flag-us
          DNS
          pectx.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          pectx.biz
          IN A
          Response
          pectx.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://pectx.biz/icehp
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /icehp HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pectx.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:51 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=456976cf68bad20667f620394dc71c0f|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          fjumtfnz.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          fjumtfnz.biz
          IN A
          Response
          fjumtfnz.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://fjumtfnz.biz/cifnhpxqu
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /cifnhpxqu HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: fjumtfnz.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:51 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=665760260bb147df608a5d7f9711249e|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          zyiexezl.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zyiexezl.biz
          IN A
          Response
          zyiexezl.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          zyiexezl.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zyiexezl.biz
          IN A
          Response
          zyiexezl.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://zyiexezl.biz/hwhkk
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /hwhkk HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: zyiexezl.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:51 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=e603bbf1b672b2d2325172dd4897fb6e|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          hlzfuyy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          hlzfuyy.biz
          IN A
          Response
          hlzfuyy.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://hlzfuyy.biz/letlovtcg
          alg.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /letlovtcg HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: hlzfuyy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:51 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=096608078680ccdd78384e9129a94f92|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          banwyw.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          banwyw.biz
          IN A
          Response
          banwyw.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://banwyw.biz/nonvbgwvrqdbuy
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /nonvbgwvrqdbuy HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: banwyw.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:51 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=69d27a6d1a2e129619c72f3a078d485b|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          muapr.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          muapr.biz
          IN A
          Response
        • flag-us
          DNS
          wxgzshna.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          wxgzshna.biz
          IN A
          Response
          wxgzshna.biz
          IN A
          72.52.178.23
        • flag-us
          DNS
          rffxu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rffxu.biz
          IN A
          Response
          rffxu.biz
          IN A
          34.246.200.160
        • flag-us
          POST
          http://wxgzshna.biz/ryp
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          72.52.178.23:80
          Request
          POST /ryp HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: wxgzshna.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-ie
          POST
          http://rffxu.biz/ryp
          alg.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /ryp HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: rffxu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:52 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=1a0ae08c90dd92b7f14e102ce7b53a3a|194.110.13.70|1723257712|1723257712|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          cikivjto.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          cikivjto.biz
          IN A
          Response
          cikivjto.biz
          IN A
          44.213.104.86
        • flag-us
          POST
          http://wxgzshna.biz/ncxgwcra
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          72.52.178.23:80
          Request
          POST /ncxgwcra HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: wxgzshna.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          POST
          http://cikivjto.biz/o
          alg.exe
          Remote address:
          44.213.104.86:80
          Request
          POST /o HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: cikivjto.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:53 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=083dfdce233c614d93afd0e19e2b02e4|194.110.13.70|1723257713|1723257713|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          zrlssa.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          zrlssa.biz
          IN A
          Response
          zrlssa.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://zrlssa.biz/glyaeqsxfxck
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /glyaeqsxfxck HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: zrlssa.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:52 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=51b26613a27046e28a03c905f8d72de1|194.110.13.70|1723257712|1723257712|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          jlqltsjvh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jlqltsjvh.biz
          IN A
          Response
          jlqltsjvh.biz
          IN A
          18.141.10.107
        • flag-us
          DNS
          jlqltsjvh.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          jlqltsjvh.biz
          IN A
          Response
          jlqltsjvh.biz
          IN A
          18.141.10.107
        • flag-sg
          POST
          http://jlqltsjvh.biz/omdjtrtffvh
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.141.10.107:80
          Request
          POST /omdjtrtffvh HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: jlqltsjvh.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:53 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=0431325bd334404070ddadb8555c9310|194.110.13.70|1723257713|1723257713|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          qncdaagct.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          qncdaagct.biz
          IN A
          Response
          qncdaagct.biz
          IN A
          47.129.31.212
        • flag-us
          DNS
          qncdaagct.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          qncdaagct.biz
          IN A
        • flag-sg
          POST
          http://qncdaagct.biz/ega
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /ega HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: qncdaagct.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:54 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=980ba906e8c64b86b4e636f4fa2a650b|194.110.13.70|1723257714|1723257714|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          xyrgy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          xyrgy.biz
          IN A
          Response
          xyrgy.biz
          IN A
          18.208.156.248
        • flag-us
          DNS
          xyrgy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          xyrgy.biz
          IN A
          Response
          xyrgy.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://xyrgy.biz/cuoleqtrjcblluy
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /cuoleqtrjcblluy HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: xyrgy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:54 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=16fd0a9d29a63bd6c463cf7a4ce565fd|194.110.13.70|1723257714|1723257714|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          htwqzczce.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          htwqzczce.biz
          IN A
          Response
          htwqzczce.biz
          IN A
          172.234.222.143
          htwqzczce.biz
          IN A
          172.234.222.138
        • flag-us
          POST
          http://htwqzczce.biz/bhvtjlnoyx
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          172.234.222.143:80
          Request
          POST /bhvtjlnoyx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: htwqzczce.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          POST
          http://htwqzczce.biz/uya
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          172.234.222.143:80
          Request
          POST /uya HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: htwqzczce.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • flag-us
          DNS
          shpwbsrw.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          shpwbsrw.biz
          IN A
          Response
          shpwbsrw.biz
          IN A
          13.251.16.150
        • flag-sg
          POST
          http://shpwbsrw.biz/df
          alg.exe
          Remote address:
          13.251.16.150:80
          Request
          POST /df HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: shpwbsrw.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:55 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=31e1c1001311d6351ba39ac8432bd863|194.110.13.70|1723257715|1723257715|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          kvbjaur.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          kvbjaur.biz
          IN A
          Response
          kvbjaur.biz
          IN A
          54.244.188.177
        • flag-us
          DNS
          kvbjaur.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          kvbjaur.biz
          IN A
        • flag-us
          POST
          http://kvbjaur.biz/jxrtranvhdvr
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          54.244.188.177:80
          Request
          POST /jxrtranvhdvr HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: kvbjaur.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:55 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=2709cd06599ba064d530c567cecbbf3f|194.110.13.70|1723257715|1723257715|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          uphca.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          uphca.biz
          IN A
          Response
          uphca.biz
          IN A
          44.221.84.105
        • flag-us
          DNS
          uphca.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          uphca.biz
          IN A
          Response
          uphca.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://uphca.biz/rtnrhhjhsrf
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /rtnrhhjhsrf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: uphca.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:55 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=aee12260162797034864a033126588bb|194.110.13.70|1723257715|1723257715|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          cjvgcl.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          cjvgcl.biz
          IN A
          Response
          cjvgcl.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://cjvgcl.biz/wggrsg
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /wggrsg HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: cjvgcl.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:56 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=02328e267c5c288509ef3d555f2c1c63|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          fjumtfnz.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          fjumtfnz.biz
          IN A
          Response
          fjumtfnz.biz
          IN A
          34.211.97.45
        • flag-us
          DNS
          fjumtfnz.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          fjumtfnz.biz
          IN A
          Response
          fjumtfnz.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://fjumtfnz.biz/veppepsklmyyrtnd
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /veppepsklmyyrtnd HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: fjumtfnz.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:56 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=a49af7a132e26164190a2ab74286e1ca|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          neazudmrq.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          neazudmrq.biz
          IN A
          Response
          neazudmrq.biz
          IN A
          44.221.84.105
        • flag-us
          POST
          http://neazudmrq.biz/o
          alg.exe
          Remote address:
          44.221.84.105:80
          Request
          POST /o HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: neazudmrq.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:56 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=b7fd2e82f11d506ade1c5f20a09fcebc|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          pgfsvwx.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          pgfsvwx.biz
          IN A
          Response
          pgfsvwx.biz
          IN A
          18.208.156.248
        • flag-us
          POST
          http://pgfsvwx.biz/lapfyboolgtaavf
          alg.exe
          Remote address:
          18.208.156.248:80
          Request
          POST /lapfyboolgtaavf HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: pgfsvwx.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:56 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=a440d9ccaed280563fe28a3c3a04dbfe|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          hlzfuyy.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          hlzfuyy.biz
          IN A
          Response
          hlzfuyy.biz
          IN A
          34.211.97.45
        • flag-us
          POST
          http://hlzfuyy.biz/mgcjwdmxoufvmx
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.211.97.45:80
          Request
          POST /mgcjwdmxoufvmx HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: hlzfuyy.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
          Response
          HTTP/1.1 200 OK
          Server: nginx
          Date: Sat, 10 Aug 2024 02:41:56 GMT
          Content-Type: text/html
          Transfer-Encoding: chunked
          Connection: close
          Set-Cookie: btst=8485fbb1df136f0db181554c53d2d810|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
          Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
        • flag-us
          DNS
          aatcwo.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          aatcwo.biz
          IN A
          Response
          aatcwo.biz
          IN A
          47.129.31.212
        • flag-us
          DNS
          aatcwo.biz
          alg.exe
          Remote address:
          8.8.8.8:53
          Request
          aatcwo.biz
          IN A
          Response
          aatcwo.biz
          IN A
          47.129.31.212
        • flag-sg
          POST
          http://aatcwo.biz/dlwnxuieic
          alg.exe
          Remote address:
          47.129.31.212:80
          Request
          POST /dlwnxuieic HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: aatcwo.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 782
        • flag-us
          DNS
          rffxu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rffxu.biz
          IN A
          Response
          rffxu.biz
          IN A
          34.246.200.160
        • flag-us
          DNS
          rffxu.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          8.8.8.8:53
          Request
          rffxu.biz
          IN A
          Response
          rffxu.biz
          IN A
          34.246.200.160
        • flag-ie
          POST
          http://rffxu.biz/mtnbsqhu
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          Remote address:
          34.246.200.160:80
          Request
          POST /mtnbsqhu HTTP/1.1
          Cache-Control: no-cache
          Connection: Keep-Alive
          Pragma: no-cache
          Host: rffxu.biz
          User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
          Content-Length: 922
        • 54.244.188.177:80
          http://pywolwnvd.biz/jravwygahngecv
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          659 B
          6
          6

          HTTP Request

          POST http://pywolwnvd.biz/jravwygahngecv

          HTTP Response

          200
        • 54.244.188.177:80
          http://pywolwnvd.biz/lireajgotnxkayy
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://pywolwnvd.biz/lireajgotnxkayy

          HTTP Response

          200
        • 18.141.10.107:80
          http://ssbzmoy.biz/adbrglrn
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          705 B
          8
          7

          HTTP Request

          POST http://ssbzmoy.biz/adbrglrn

          HTTP Response

          200
        • 18.141.10.107:80
          http://ssbzmoy.biz/vlahmlajbpanh
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://ssbzmoy.biz/vlahmlajbpanh

          HTTP Response

          200
        • 54.244.188.177:80
          http://cvgrf.biz/j
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          663 B
          7
          6

          HTTP Request

          POST http://cvgrf.biz/j

          HTTP Response

          200
        • 54.244.188.177:80
          http://cvgrf.biz/j
          http
          alg.exe
          1.4kB
          655 B
          7
          6

          HTTP Request

          POST http://cvgrf.biz/j

          HTTP Response

          200
        • 13.107.21.237:443
          https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=
          tls, http2
          2.0kB
          9.3kB
          21
          19

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

          HTTP Response

          204

          HTTP Request

          GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

          HTTP Response

          204
        • 44.221.84.105:80
          http://npukfztj.biz/pxestalrit
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://npukfztj.biz/pxestalrit

          HTTP Response

          200
        • 44.221.84.105:80
          http://npukfztj.biz/upfet
          http
          alg.exe
          1.4kB
          658 B
          6
          6

          HTTP Request

          POST http://npukfztj.biz/upfet

          HTTP Response

          200
        • 172.234.222.138:80
          http://przvgke.biz/l
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          204 B
          6
          5

          HTTP Request

          POST http://przvgke.biz/l
        • 172.234.222.138:80
          http://przvgke.biz/qnragkryuoyh
          http
          alg.exe
          1.4kB
          124 B
          6
          3

          HTTP Request

          POST http://przvgke.biz/qnragkryuoyh
        • 172.234.222.138:80
          http://przvgke.biz/ms
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          204 B
          6
          5

          HTTP Request

          POST http://przvgke.biz/ms
        • 172.234.222.138:80
          http://przvgke.biz/ms
          http
          alg.exe
          1.5kB
          204 B
          8
          5

          HTTP Request

          POST http://przvgke.biz/ms
        • 18.141.10.107:80
          http://knjghuig.biz/vtivlyxnyxdprhwv
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          666 B
          6
          6

          HTTP Request

          POST http://knjghuig.biz/vtivlyxnyxdprhwv

          HTTP Response

          200
        • 82.112.184.197:80
          lpuegx.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          260 B
          5
        • 18.141.10.107:80
          http://knjghuig.biz/jwncgojbqiyxqnoe
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://knjghuig.biz/jwncgojbqiyxqnoe

          HTTP Response

          200
        • 82.112.184.197:80
          lpuegx.biz
          alg.exe
          260 B
          5
        • 82.112.184.197:80
          lpuegx.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          260 B
          5
        • 82.112.184.197:80
          lpuegx.biz
          alg.exe
          260 B
          5
        • 82.112.184.197:80
          vjaxhpbji.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          260 B
          5
        • 82.112.184.197:80
          vjaxhpbji.biz
          alg.exe
          260 B
          5
        • 82.112.184.197:80
          vjaxhpbji.biz
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          260 B
          5
        • 82.112.184.197:80
          vjaxhpbji.biz
          alg.exe
          260 B
          5
        • 47.129.31.212:80
          http://xlfhhhm.biz/nh
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          665 B
          6
          6

          HTTP Request

          POST http://xlfhhhm.biz/nh

          HTTP Response

          200
        • 13.251.16.150:80
          http://ifsaia.biz/cjhtqkidtbxyl
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://ifsaia.biz/cjhtqkidtbxyl

          HTTP Response

          200
        • 44.221.84.105:80
          http://saytjshyf.biz/p
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          667 B
          6
          6

          HTTP Request

          POST http://saytjshyf.biz/p

          HTTP Response

          200
        • 18.141.10.107:80
          http://vcddkls.biz/ndafyecfudrj
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          657 B
          6
          6

          HTTP Request

          POST http://vcddkls.biz/ndafyecfudrj

          HTTP Response

          200
        • 47.129.31.212:80
          http://xlfhhhm.biz/cwjsf
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://xlfhhhm.biz/cwjsf

          HTTP Response

          200
        • 172.234.222.143:80
          http://fwiwk.biz/rspha
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          204 B
          6
          5

          HTTP Request

          POST http://fwiwk.biz/rspha
        • 172.234.222.143:80
          http://fwiwk.biz/owxtyxujfra
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          204 B
          6
          5

          HTTP Request

          POST http://fwiwk.biz/owxtyxujfra
        • 13.251.16.150:80
          http://ifsaia.biz/fifjxk
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://ifsaia.biz/fifjxk

          HTTP Response

          200
        • 34.246.200.160:80
          http://tbjrpv.biz/u
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://tbjrpv.biz/u

          HTTP Response

          200
        • 44.221.84.105:80
          http://saytjshyf.biz/ehaoi
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://saytjshyf.biz/ehaoi

          HTTP Response

          200
        • 18.208.156.248:80
          http://deoci.biz/rafbrexontksjth
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://deoci.biz/rafbrexontksjth

          HTTP Response

          200
        • 18.141.10.107:80
          http://vcddkls.biz/njwq
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://vcddkls.biz/njwq

          HTTP Response

          200
        • 208.100.26.245:80
          http://gjogvvpsf.biz/wkhdhutcptwaqv
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          9.7kB
          5.8kB
          19
          14

          HTTP Request

          POST http://gytujflc.biz/jmmjwqredi

          HTTP Response

          404

          HTTP Request

          POST http://gytujflc.biz/fpuvoedfholdfds

          HTTP Response

          404

          HTTP Request

          POST http://yunalwv.biz/hckibafbv

          HTTP Response

          404

          HTTP Request

          POST http://yunalwv.biz/rhuhxxlslfjyrwd

          HTTP Response

          404

          HTTP Request

          POST http://gjogvvpsf.biz/xtwfv

          HTTP Response

          404

          HTTP Request

          POST http://gjogvvpsf.biz/wkhdhutcptwaqv

          HTTP Response

          404
        • 13.251.16.150:80
          http://qaynky.biz/paik
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://qaynky.biz/paik

          HTTP Response

          200
        • 172.234.222.143:80
          http://fwiwk.biz/dsowokpmderaai
          http
          alg.exe
          1.4kB
          204 B
          6
          5

          HTTP Request

          POST http://fwiwk.biz/dsowokpmderaai
        • 172.234.222.143:80
          http://fwiwk.biz/yvw
          http
          alg.exe
          1.3kB
          84 B
          4
          2

          HTTP Request

          POST http://fwiwk.biz/yvw
        • 34.246.200.160:80
          http://tbjrpv.biz/awb
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://tbjrpv.biz/awb

          HTTP Response

          200
        • 44.221.84.105:80
          http://bumxkqgxu.biz/oyv
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          667 B
          6
          6

          HTTP Request

          POST http://bumxkqgxu.biz/oyv

          HTTP Response

          200
        • 18.208.156.248:80
          http://deoci.biz/x
          http
          alg.exe
          1.4kB
          655 B
          6
          6

          HTTP Request

          POST http://deoci.biz/x

          HTTP Response

          200
        • 54.244.188.177:80
          http://dwrqljrr.biz/gkdghdqowbglwt
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          666 B
          6
          6

          HTTP Request

          POST http://dwrqljrr.biz/gkdghdqowbglwt

          HTTP Response

          200
        • 208.100.26.245:80
          http://gjogvvpsf.biz/bvlimahcko
          http
          alg.exe
          7.5kB
          5.0kB
          17
          14

          HTTP Request

          POST http://gytujflc.biz/kxitualufpr

          HTTP Response

          404

          HTTP Request

          POST http://gytujflc.biz/plttcyqwrmvn

          HTTP Response

          404

          HTTP Request

          POST http://yunalwv.biz/evfpfqigqqwkkpv

          HTTP Response

          404

          HTTP Request

          POST http://yunalwv.biz/cikdstvnyfhg

          HTTP Response

          404

          HTTP Request

          POST http://gjogvvpsf.biz/lqlqjckxmtpne

          HTTP Response

          404

          HTTP Request

          POST http://gjogvvpsf.biz/bvlimahcko

          HTTP Response

          404
        • 35.164.78.200:80
          http://nqwjmb.biz/pgxepktabqwlsi
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://nqwjmb.biz/pgxepktabqwlsi

          HTTP Response

          200
        • 13.251.16.150:80
          http://qaynky.biz/yo
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://qaynky.biz/yo

          HTTP Response

          200
        • 3.94.10.34:80
          http://ytctnunms.biz/rdlcfrplmmnsn
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          659 B
          6
          6

          HTTP Request

          POST http://ytctnunms.biz/rdlcfrplmmnsn

          HTTP Response

          200
        • 165.160.13.20:80
          http://myups.biz/cdgq
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          2.9kB
          708 B
          9
          9

          HTTP Request

          POST http://myups.biz/evrholb

          HTTP Response

          200

          HTTP Request

          POST http://myups.biz/cdgq

          HTTP Response

          200
        • 44.221.84.105:80
          http://bumxkqgxu.biz/jh
          http
          alg.exe
          1.4kB
          667 B
          6
          6

          HTTP Request

          POST http://bumxkqgxu.biz/jh

          HTTP Response

          200
        • 54.244.188.177:80
          http://dwrqljrr.biz/paospdfemlfr
          http
          alg.exe
          1.4kB
          658 B
          6
          6

          HTTP Request

          POST http://dwrqljrr.biz/paospdfemlfr

          HTTP Response

          200
        • 54.244.188.177:80
          http://oshhkdluh.biz/dwxn
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          659 B
          7
          6

          HTTP Request

          POST http://oshhkdluh.biz/dwxn

          HTTP Response

          200
        • 35.164.78.200:80
          http://nqwjmb.biz/yvkqxkipwavs
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://nqwjmb.biz/yvkqxkipwavs

          HTTP Response

          200
        • 3.94.10.34:80
          http://ytctnunms.biz/qjbovdx
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://ytctnunms.biz/qjbovdx

          HTTP Response

          200
        • 34.211.97.45:80
          http://jpskm.biz/vv
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://jpskm.biz/vv

          HTTP Response

          200
        • 165.160.15.20:80
          http://myups.biz/phefhp
          http
          alg.exe
          2.6kB
          708 B
          9
          9

          HTTP Request

          POST http://myups.biz/e

          HTTP Response

          200

          HTTP Request

          POST http://myups.biz/phefhp

          HTTP Response

          200
        • 54.244.188.177:80
          http://lrxdmhrr.biz/f
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://lrxdmhrr.biz/f

          HTTP Response

          200
        • 54.244.188.177:80
          http://oshhkdluh.biz/vaqrwjenfcgdoimi
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://oshhkdluh.biz/vaqrwjenfcgdoimi

          HTTP Response

          200
        • 18.141.10.107:80
          http://wllvnzb.biz/ebnsnrfcmadivrr
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          665 B
          6
          6

          HTTP Request

          POST http://wllvnzb.biz/ebnsnrfcmadivrr

          HTTP Response

          200
        • 34.211.97.45:80
          http://jpskm.biz/vhmxekcwgn
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://jpskm.biz/vhmxekcwgn

          HTTP Response

          200
        • 18.208.156.248:80
          http://gnqgo.biz/xch
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://gnqgo.biz/xch

          HTTP Response

          200
        • 54.244.188.177:80
          http://lrxdmhrr.biz/tkfreqok
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://lrxdmhrr.biz/tkfreqok

          HTTP Response

          200
        • 44.221.84.105:80
          http://jhvzpcfg.biz/eumhnkxgxvlha
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://jhvzpcfg.biz/eumhnkxgxvlha

          HTTP Response

          200
        • 18.141.10.107:80
          http://acwjcqqv.biz/lqww
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          658 B
          6
          6

          HTTP Request

          POST http://acwjcqqv.biz/lqww

          HTTP Response

          200
        • 18.141.10.107:80
          http://wllvnzb.biz/vgtpmxrv
          http
          alg.exe
          1.4kB
          657 B
          6
          6

          HTTP Request

          POST http://wllvnzb.biz/vgtpmxrv

          HTTP Response

          200
        • 18.208.156.248:80
          http://gnqgo.biz/chhvlxbnyeptx
          http
          alg.exe
          1.4kB
          655 B
          6
          6

          HTTP Request

          POST http://gnqgo.biz/chhvlxbnyeptx

          HTTP Response

          200
        • 44.213.104.86:80
          http://vyome.biz/dfbius
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://vyome.biz/dfbius

          HTTP Response

          200
        • 44.221.84.105:80
          http://jhvzpcfg.biz/osmicrm
          http
          alg.exe
          1.4kB
          658 B
          6
          6

          HTTP Request

          POST http://jhvzpcfg.biz/osmicrm

          HTTP Response

          200
        • 18.208.156.248:80
          http://yauexmxk.biz/ixgtdmsnbehuinty
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          658 B
          6
          6

          HTTP Request

          POST http://yauexmxk.biz/ixgtdmsnbehuinty

          HTTP Response

          200
        • 18.141.10.107:80
          http://acwjcqqv.biz/fbogd
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://acwjcqqv.biz/fbogd

          HTTP Response

          200
        • 13.251.16.150:80
          http://iuzpxe.biz/ajndjgmdxag
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          2.9kB
          636 B
          8
          5

          HTTP Request

          POST http://iuzpxe.biz/ajndjgmdxag

          HTTP Response

          200
        • 44.213.104.86:80
          http://vyome.biz/sbvyanland
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://vyome.biz/sbvyanland

          HTTP Response

          200
        • 18.208.156.248:80
          http://yauexmxk.biz/ijyvhudj
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://yauexmxk.biz/ijyvhudj

          HTTP Response

          200
        • 13.251.16.150:80
          http://iuzpxe.biz/huf
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://iuzpxe.biz/huf

          HTTP Response

          200
        • 150.171.28.10:443
          https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90
          tls, http2
          129.5kB
          3.7MB
          2677
          2673

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Response

          200

          HTTP Request

          GET https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

          HTTP Response

          200
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
          6.9kB
          15
          13
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
          6.9kB
          15
          13
        • 13.251.16.150:80
          http://sxmiywsfv.biz/yn
          http
          alg.exe
          1.4kB
          667 B
          6
          6

          HTTP Request

          POST http://sxmiywsfv.biz/yn

          HTTP Response

          200
        • 150.171.28.10:443
          tse1.mm.bing.net
          tls, http2
          1.2kB
          6.9kB
          15
          13
        • 13.251.16.150:80
          http://sxmiywsfv.biz/yvitagnvklbvbe
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          2.9kB
          639 B
          8
          5

          HTTP Request

          POST http://sxmiywsfv.biz/yvitagnvklbvbe

          HTTP Response

          200
        • 34.211.97.45:80
          http://vrrazpdh.biz/wpaskfaew
          http
          alg.exe
          1.4kB
          658 B
          6
          6

          HTTP Request

          POST http://vrrazpdh.biz/wpaskfaew

          HTTP Response

          200
        • 47.129.31.212:80
          http://ftxlah.biz/gloqsmdx
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://ftxlah.biz/gloqsmdx

          HTTP Response

          200
        • 13.251.16.150:80
          http://typgfhb.biz/vu
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://typgfhb.biz/vu

          HTTP Response

          200
        • 34.211.97.45:80
          http://esuzf.biz/toykljwnn
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://esuzf.biz/toykljwnn

          HTTP Response

          200
        • 3.94.10.34:80
          http://gvijgjwkh.biz/rrslewr
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://gvijgjwkh.biz/rrslewr

          HTTP Response

          200
        • 34.211.97.45:80
          http://vrrazpdh.biz/maqbkeaqcbtkh
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://vrrazpdh.biz/maqbkeaqcbtkh

          HTTP Response

          200
        • 44.213.104.86:80
          http://qpnczch.biz/w
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://qpnczch.biz/w

          HTTP Response

          200
        • 47.129.31.212:80
          http://ftxlah.biz/vvfyslvjnwdr
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://ftxlah.biz/vvfyslvjnwdr

          HTTP Response

          200
        • 3.254.94.185:80
          http://brsua.biz/glcrkrdbxyijyckh
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://brsua.biz/glcrkrdbxyijyckh

          HTTP Response

          200
        • 85.214.228.140:80
          http://dlynankz.biz/xwjijmwqnuh
          http
          alg.exe
          1.4kB
          378 B
          5
          5

          HTTP Request

          POST http://dlynankz.biz/xwjijmwqnuh

          HTTP Response

          404
        • 47.129.31.212:80
          http://oflybfv.biz/ywmi
          http
          alg.exe
          1.4kB
          657 B
          6
          6

          HTTP Request

          POST http://oflybfv.biz/ywmi

          HTTP Response

          200
        • 13.251.16.150:80
          http://typgfhb.biz/egctlpn
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          665 B
          6
          6

          HTTP Request

          POST http://typgfhb.biz/egctlpn

          HTTP Response

          200
        • 34.211.97.45:80
          http://yhqqc.biz/salhskahvruvrcuv
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://yhqqc.biz/salhskahvruvrcuv

          HTTP Response

          200
        • 34.211.97.45:80
          http://esuzf.biz/sp
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://esuzf.biz/sp

          HTTP Response

          200
        • 47.129.31.212:80
          http://mnjmhp.biz/cvafbqvshgednjeh
          http
          alg.exe
          1.4kB
          656 B
          6
          6

          HTTP Request

          POST http://mnjmhp.biz/cvafbqvshgednjeh

          HTTP Response

          200
        • 3.94.10.34:80
          http://gvijgjwkh.biz/ftkwwo
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          667 B
          6
          6

          HTTP Request

          POST http://gvijgjwkh.biz/ftkwwo

          HTTP Response

          200
        • 44.213.104.86:80
          http://qpnczch.biz/nuogu
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          657 B
          6
          6

          HTTP Request

          POST http://qpnczch.biz/nuogu

          HTTP Response

          200
        • 18.208.156.248:80
          http://opowhhece.biz/tntkdjmqlepeqrd
          http
          alg.exe
          1.4kB
          667 B
          6
          6

          HTTP Request

          POST http://opowhhece.biz/tntkdjmqlepeqrd

          HTTP Response

          200
        • 3.254.94.185:80
          http://brsua.biz/buhwillsnkahdc
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://brsua.biz/buhwillsnkahdc

          HTTP Response

          200
        • 13.251.16.150:80
          http://jdhhbs.biz/le
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://jdhhbs.biz/le

          HTTP Response

          200
        • 85.214.228.140:80
          http://dlynankz.biz/sgofhymid
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          378 B
          5
          5

          HTTP Request

          POST http://dlynankz.biz/sgofhymid

          HTTP Response

          404
        • 47.129.31.212:80
          http://oflybfv.biz/myf
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          705 B
          7
          7

          HTTP Request

          POST http://oflybfv.biz/myf

          HTTP Response

          200
        • 34.246.200.160:80
          http://mgmsclkyu.biz/mhtdtdoseyinvm
          http
          alg.exe
          1.4kB
          667 B
          6
          6

          HTTP Request

          POST http://mgmsclkyu.biz/mhtdtdoseyinvm

          HTTP Response

          200
        • 18.141.10.107:80
          http://warkcdu.biz/cipbtkgbdwuic
          http
          alg.exe
          1.4kB
          657 B
          6
          6

          HTTP Request

          POST http://warkcdu.biz/cipbtkgbdwuic

          HTTP Response

          200
        • 34.211.97.45:80
          http://yhqqc.biz/xq
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://yhqqc.biz/xq

          HTTP Response

          200
        • 47.129.31.212:80
          http://mnjmhp.biz/xeyhwgjusghv
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          656 B
          6
          6

          HTTP Request

          POST http://mnjmhp.biz/xeyhwgjusghv

          HTTP Response

          200
        • 13.251.16.150:80
          http://gcedd.biz/mblrmvhwptqty
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://gcedd.biz/mblrmvhwptqty

          HTTP Response

          200
        • 18.208.156.248:80
          http://opowhhece.biz/wdtuaxbrwwl
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          659 B
          6
          6

          HTTP Request

          POST http://opowhhece.biz/wdtuaxbrwwl

          HTTP Response

          200
        • 13.251.16.150:80
          http://jdhhbs.biz/pmmohmcpnduukf
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://jdhhbs.biz/pmmohmcpnduukf

          HTTP Response

          200
        • 18.208.156.248:80
          http://jwkoeoqns.biz/ukiefard
          http
          alg.exe
          1.4kB
          667 B
          6
          6

          HTTP Request

          POST http://jwkoeoqns.biz/ukiefard

          HTTP Response

          200
        • 44.213.104.86:80
          http://xccjj.biz/chstmolcvoddsxm
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://xccjj.biz/chstmolcvoddsxm

          HTTP Response

          200
        • 44.221.84.105:80
          http://hehckyov.biz/paxgdiwt
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://hehckyov.biz/paxgdiwt

          HTTP Response

          200
        • 54.244.188.177:80
          http://rynmcq.biz/miaedpo
          http
          alg.exe
          1.4kB
          656 B
          6
          6

          HTTP Request

          POST http://rynmcq.biz/miaedpo

          HTTP Response

          200
        • 34.246.200.160:80
          http://mgmsclkyu.biz/afjfaxckahjgpxg
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          667 B
          6
          6

          HTTP Request

          POST http://mgmsclkyu.biz/afjfaxckahjgpxg

          HTTP Response

          200
        • 18.141.10.107:80
          http://warkcdu.biz/rrqofswiww
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          665 B
          6
          6

          HTTP Request

          POST http://warkcdu.biz/rrqofswiww

          HTTP Response

          200
        • 3.254.94.185:80
          http://uaafd.biz/eo
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://uaafd.biz/eo

          HTTP Response

          200
        • 18.141.10.107:80
          http://eufxebus.biz/g
          http
          alg.exe
          1.4kB
          658 B
          6
          6

          HTTP Request

          POST http://eufxebus.biz/g

          HTTP Response

          200
        • 13.251.16.150:80
          http://gcedd.biz/vh
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://gcedd.biz/vh

          HTTP Response

          200
        • 34.246.200.160:80
          http://pwlqfu.biz/mokjawbdjkimvpn
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://pwlqfu.biz/mokjawbdjkimvpn

          HTTP Response

          200
        • 47.129.31.212:80
          http://rrqafepng.biz/opolpfukjifrdf
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://rrqafepng.biz/opolpfukjifrdf

          HTTP Response

          200
        • 18.208.156.248:80
          http://jwkoeoqns.biz/ksww
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          659 B
          6
          6

          HTTP Request

          POST http://jwkoeoqns.biz/ksww

          HTTP Response

          200
        • 44.213.104.86:80
          http://xccjj.biz/lsafplpxmxlox
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          655 B
          6
          6

          HTTP Request

          POST http://xccjj.biz/lsafplpxmxlox

          HTTP Response

          200
        • 44.221.84.105:80
          http://hehckyov.biz/dehnogj
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://hehckyov.biz/dehnogj

          HTTP Response

          200
        • 3.94.10.34:80
          http://ctdtgwag.biz/nibxswmiugqsh
          http
          alg.exe
          1.4kB
          658 B
          6
          6

          HTTP Request

          POST http://ctdtgwag.biz/nibxswmiugqsh

          HTTP Response

          200
        • 54.244.188.177:80
          http://rynmcq.biz/q
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          656 B
          6
          6

          HTTP Request

          POST http://rynmcq.biz/q

          HTTP Response

          200
        • 35.164.78.200:80
          http://tnevuluw.biz/etihyknx
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://tnevuluw.biz/etihyknx

          HTTP Response

          200
        • 3.254.94.185:80
          http://uaafd.biz/s
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://uaafd.biz/s

          HTTP Response

          200
        • 18.141.10.107:80
          http://whjovd.biz/cwcbrxb
          http
          alg.exe
          1.4kB
          656 B
          6
          6

          HTTP Request

          POST http://whjovd.biz/cwcbrxb

          HTTP Response

          200
        • 18.141.10.107:80
          http://eufxebus.biz/ptkvnnoblotaspt
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          2.9kB
          578 B
          7
          4

          HTTP Request

          POST http://eufxebus.biz/ptkvnnoblotaspt

          HTTP Response

          200
        • 44.221.84.105:80
          http://reczwga.biz/eafsxqlvdarkclbx
          http
          alg.exe
          1.4kB
          657 B
          6
          6

          HTTP Request

          POST http://reczwga.biz/eafsxqlvdarkclbx

          HTTP Response

          200
        • 34.211.97.45:80
          http://bghjpy.biz/dltbwlflsvq
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://bghjpy.biz/dltbwlflsvq

          HTTP Response

          200
        • 18.208.156.248:80
          http://damcprvgv.biz/ddcogfgqgnbmdg
          http
          alg.exe
          1.5kB
          659 B
          7
          6

          HTTP Request

          POST http://damcprvgv.biz/ddcogfgqgnbmdg

          HTTP Response

          200
        • 34.246.200.160:80
          http://pwlqfu.biz/gtvrbhfoanady
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          656 B
          6
          6

          HTTP Request

          POST http://pwlqfu.biz/gtvrbhfoanady

          HTTP Response

          200
        • 47.129.31.212:80
          http://rrqafepng.biz/vcxvcowwqmm
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          659 B
          6
          6

          HTTP Request

          POST http://rrqafepng.biz/vcxvcowwqmm

          HTTP Response

          200
        • 3.254.94.185:80
          http://ocsvqjg.biz/towjpkre
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://ocsvqjg.biz/towjpkre

          HTTP Response

          200
        • 54.244.188.177:80
          http://ywffr.biz/cialfll
          http
          alg.exe
          1.4kB
          655 B
          7
          6

          HTTP Request

          POST http://ywffr.biz/cialfll

          HTTP Response

          200
        • 3.94.10.34:80
          http://ctdtgwag.biz/levjus
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://ctdtgwag.biz/levjus

          HTTP Response

          200
        • 54.244.188.177:80
          http://ecxbwt.biz/c
          http
          alg.exe
          1.4kB
          656 B
          6
          6

          HTTP Request

          POST http://ecxbwt.biz/c

          HTTP Response

          200
        • 35.164.78.200:80
          http://tnevuluw.biz/ioqhrbxykhf
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://tnevuluw.biz/ioqhrbxykhf

          HTTP Response

          200
        • 44.213.104.86:80
          http://pectx.biz/lrhajojaonilviwc
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://pectx.biz/lrhajojaonilviwc

          HTTP Response

          200
        • 18.208.156.248:80
          http://zyiexezl.biz/rkmfaitlvd
          http
          alg.exe
          1.5kB
          666 B
          7
          6

          HTTP Request

          POST http://zyiexezl.biz/rkmfaitlvd

          HTTP Response

          200
        • 18.141.10.107:80
          http://whjovd.biz/rkmfaitlvd
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          664 B
          7
          6

          HTTP Request

          POST http://whjovd.biz/rkmfaitlvd

          HTTP Response

          200
        • 44.221.84.105:80
          http://banwyw.biz/cxrlkhprtqe
          http
          alg.exe
          1.4kB
          656 B
          6
          6

          HTTP Request

          POST http://banwyw.biz/cxrlkhprtqe

          HTTP Response

          200
        • 72.52.178.23:80
          http://wxgzshna.biz/nosfroxqexgsdh
          http
          alg.exe
          1.5kB
          244 B
          7
          6

          HTTP Request

          POST http://wxgzshna.biz/nosfroxqexgsdh
        • 44.221.84.105:80
          http://reczwga.biz/rockb
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          665 B
          7
          6

          HTTP Request

          POST http://reczwga.biz/rockb

          HTTP Response

          200
        • 72.52.178.23:80
          http://wxgzshna.biz/dsavdykbjv
          http
          alg.exe
          1.4kB
          252 B
          6
          6

          HTTP Request

          POST http://wxgzshna.biz/dsavdykbjv
        • 44.221.84.105:80
          http://zrlssa.biz/vcbqknlytkbbu
          http
          alg.exe
          1.4kB
          664 B
          6
          6

          HTTP Request

          POST http://zrlssa.biz/vcbqknlytkbbu

          HTTP Response

          200
        • 18.141.10.107:80
          http://jlqltsjvh.biz/nviyjifo
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://jlqltsjvh.biz/nviyjifo

          HTTP Response

          200
        • 34.211.97.45:80
          http://bghjpy.biz/cqdmnramj
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://bghjpy.biz/cqdmnramj

          HTTP Response

          200
        • 18.208.156.248:80
          http://damcprvgv.biz/yupadylunhwfy
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          667 B
          6
          6

          HTTP Request

          POST http://damcprvgv.biz/yupadylunhwfy

          HTTP Response

          200
        • 3.254.94.185:80
          http://ocsvqjg.biz/mndmtaw
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          665 B
          6
          6

          HTTP Request

          POST http://ocsvqjg.biz/mndmtaw

          HTTP Response

          200
        • 18.208.156.248:80
          http://xyrgy.biz/de
          http
          alg.exe
          1.4kB
          655 B
          7
          6

          HTTP Request

          POST http://xyrgy.biz/de

          HTTP Response

          200
        • 54.244.188.177:80
          http://ywffr.biz/ey
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          2.8kB
          615 B
          7
          5

          HTTP Request

          POST http://ywffr.biz/ey

          HTTP Response

          200
        • 172.234.222.138:80
          http://htwqzczce.biz/fdjsyjdmh
          http
          alg.exe
          1.4kB
          204 B
          6
          5

          HTTP Request

          POST http://htwqzczce.biz/fdjsyjdmh
        • 172.234.222.138:80
          http://htwqzczce.biz/bgyfxpgneqbmdrd
          http
          alg.exe
          1.4kB
          204 B
          6
          5

          HTTP Request

          POST http://htwqzczce.biz/bgyfxpgneqbmdrd
        • 54.244.188.177:80
          http://kvbjaur.biz/kidgnxhtlufkka
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://kvbjaur.biz/kidgnxhtlufkka

          HTTP Response

          200
        • 54.244.188.177:80
          http://ecxbwt.biz/ggijh
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://ecxbwt.biz/ggijh

          HTTP Response

          200
        • 44.221.84.105:80
          http://uphca.biz/teqedfknpkosgo
          http
          alg.exe
          1.5kB
          663 B
          7
          6

          HTTP Request

          POST http://uphca.biz/teqedfknpkosgo

          HTTP Response

          200
        • 44.213.104.86:80
          http://pectx.biz/icehp
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          655 B
          7
          6

          HTTP Request

          POST http://pectx.biz/icehp

          HTTP Response

          200
        • 34.211.97.45:80
          http://fjumtfnz.biz/cifnhpxqu
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://fjumtfnz.biz/cifnhpxqu

          HTTP Response

          200
        • 18.208.156.248:80
          http://zyiexezl.biz/hwhkk
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          666 B
          6
          6

          HTTP Request

          POST http://zyiexezl.biz/hwhkk

          HTTP Response

          200
        • 34.211.97.45:80
          http://hlzfuyy.biz/letlovtcg
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://hlzfuyy.biz/letlovtcg

          HTTP Response

          200
        • 44.221.84.105:80
          http://banwyw.biz/nonvbgwvrqdbuy
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://banwyw.biz/nonvbgwvrqdbuy

          HTTP Response

          200
        • 72.52.178.23:80
          http://wxgzshna.biz/ryp
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.4kB
          164 B
          4
          4

          HTTP Request

          POST http://wxgzshna.biz/ryp
        • 34.246.200.160:80
          http://rffxu.biz/ryp
          http
          alg.exe
          1.4kB
          663 B
          6
          6

          HTTP Request

          POST http://rffxu.biz/ryp

          HTTP Response

          200
        • 72.52.178.23:80
          http://wxgzshna.biz/ncxgwcra
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          204 B
          6
          5

          HTTP Request

          POST http://wxgzshna.biz/ncxgwcra
        • 44.213.104.86:80
          http://cikivjto.biz/o
          http
          alg.exe
          1.5kB
          658 B
          8
          6

          HTTP Request

          POST http://cikivjto.biz/o

          HTTP Response

          200
        • 44.221.84.105:80
          http://zrlssa.biz/glyaeqsxfxck
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          664 B
          6
          6

          HTTP Request

          POST http://zrlssa.biz/glyaeqsxfxck

          HTTP Response

          200
        • 18.141.10.107:80
          http://jlqltsjvh.biz/omdjtrtffvh
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          667 B
          6
          6

          HTTP Request

          POST http://jlqltsjvh.biz/omdjtrtffvh

          HTTP Response

          200
        • 47.129.31.212:80
          http://qncdaagct.biz/ega
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://qncdaagct.biz/ega

          HTTP Response

          200
        • 18.208.156.248:80
          http://xyrgy.biz/cuoleqtrjcblluy
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://xyrgy.biz/cuoleqtrjcblluy

          HTTP Response

          200
        • 172.234.222.143:80
          http://htwqzczce.biz/bhvtjlnoyx
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          212 B
          6
          5

          HTTP Request

          POST http://htwqzczce.biz/bhvtjlnoyx
        • 172.234.222.143:80
          http://htwqzczce.biz/uya
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          204 B
          7
          5

          HTTP Request

          POST http://htwqzczce.biz/uya
        • 13.251.16.150:80
          http://shpwbsrw.biz/df
          http
          alg.exe
          1.4kB
          666 B
          6
          6

          HTTP Request

          POST http://shpwbsrw.biz/df

          HTTP Response

          200
        • 54.244.188.177:80
          http://kvbjaur.biz/jxrtranvhdvr
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          665 B
          6
          6

          HTTP Request

          POST http://kvbjaur.biz/jxrtranvhdvr

          HTTP Response

          200
        • 44.221.84.105:80
          http://uphca.biz/rtnrhhjhsrf
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          663 B
          6
          6

          HTTP Request

          POST http://uphca.biz/rtnrhhjhsrf

          HTTP Response

          200
        • 18.208.156.248:80
          http://cjvgcl.biz/wggrsg
          http
          alg.exe
          1.4kB
          656 B
          6
          6

          HTTP Request

          POST http://cjvgcl.biz/wggrsg

          HTTP Response

          200
        • 34.211.97.45:80
          http://fjumtfnz.biz/veppepsklmyyrtnd
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.6kB
          666 B
          6
          6

          HTTP Request

          POST http://fjumtfnz.biz/veppepsklmyyrtnd

          HTTP Response

          200
        • 44.221.84.105:80
          http://neazudmrq.biz/o
          http
          alg.exe
          1.4kB
          659 B
          6
          6

          HTTP Request

          POST http://neazudmrq.biz/o

          HTTP Response

          200
        • 18.208.156.248:80
          http://pgfsvwx.biz/lapfyboolgtaavf
          http
          alg.exe
          1.4kB
          665 B
          6
          6

          HTTP Request

          POST http://pgfsvwx.biz/lapfyboolgtaavf

          HTTP Response

          200
        • 34.211.97.45:80
          http://hlzfuyy.biz/mgcjwdmxoufvmx
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.5kB
          665 B
          6
          6

          HTTP Request

          POST http://hlzfuyy.biz/mgcjwdmxoufvmx

          HTTP Response

          200
        • 47.129.31.212:80
          http://aatcwo.biz/dlwnxuieic
          http
          alg.exe
          1.3kB
          52 B
          4
          1

          HTTP Request

          POST http://aatcwo.biz/dlwnxuieic
        • 34.246.200.160:80
          http://rffxu.biz/mtnbsqhu
          http
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          1.4kB
          44 B
          4
          1

          HTTP Request

          POST http://rffxu.biz/mtnbsqhu
        • 44.213.104.86:80
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
        • 47.129.31.212:80
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
        • 18.208.156.248:80
          alg.exe
        • 8.8.8.8:53
          8.8.8.8.in-addr.arpa
          dns
          66 B
          90 B
          1
          1

          DNS Request

          8.8.8.8.in-addr.arpa

        • 8.8.8.8:53
          pywolwnvd.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          pywolwnvd.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          pywolwnvd.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          pywolwnvd.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          58.55.71.13.in-addr.arpa
          dns
          70 B
          144 B
          1
          1

          DNS Request

          58.55.71.13.in-addr.arpa

        • 8.8.8.8:53
          ssbzmoy.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          ssbzmoy.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          177.188.244.54.in-addr.arpa
          dns
          73 B
          137 B
          1
          1

          DNS Request

          177.188.244.54.in-addr.arpa

        • 8.8.8.8:53
          cvgrf.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          cvgrf.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          107.10.141.18.in-addr.arpa
          dns
          72 B
          140 B
          1
          1

          DNS Request

          107.10.141.18.in-addr.arpa

        • 8.8.8.8:53
          95.221.229.192.in-addr.arpa
          dns
          73 B
          144 B
          1
          1

          DNS Request

          95.221.229.192.in-addr.arpa

        • 8.8.8.8:53
          g.bing.com
          dns
          56 B
          151 B
          1
          1

          DNS Request

          g.bing.com

          DNS Response

          13.107.21.237
          204.79.197.237

        • 8.8.8.8:53
          209.205.72.20.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          209.205.72.20.in-addr.arpa

        • 8.8.8.8:53
          npukfztj.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          npukfztj.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          przvgke.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          89 B
          1
          1

          DNS Request

          przvgke.biz

          DNS Response

          172.234.222.138
          172.234.222.143

        • 8.8.8.8:53
          237.21.107.13.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          237.21.107.13.in-addr.arpa

        • 8.8.8.8:53
          105.84.221.44.in-addr.arpa
          dns
          144 B
          127 B
          2
          1

          DNS Request

          105.84.221.44.in-addr.arpa

          DNS Request

          105.84.221.44.in-addr.arpa

        • 8.8.8.8:53
          zlenh.biz
          dns
          alg.exe
          55 B
          117 B
          1
          1

          DNS Request

          zlenh.biz

        • 8.8.8.8:53
          knjghuig.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          knjghuig.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          138.222.234.172.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          138.222.234.172.in-addr.arpa

        • 8.8.8.8:53
          uhxqin.biz
          dns
          alg.exe
          56 B
          118 B
          1
          1

          DNS Request

          uhxqin.biz

        • 8.8.8.8:53
          anpmnmxo.biz
          dns
          alg.exe
          58 B
          120 B
          1
          1

          DNS Request

          anpmnmxo.biz

        • 8.8.8.8:53
          lpuegx.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          lpuegx.biz

          DNS Response

          82.112.184.197

        • 8.8.8.8:53
          zlenh.biz
          dns
          alg.exe
          55 B
          117 B
          1
          1

          DNS Request

          zlenh.biz

        • 8.8.8.8:53
          knjghuig.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          knjghuig.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          uhxqin.biz
          dns
          alg.exe
          56 B
          118 B
          1
          1

          DNS Request

          uhxqin.biz

        • 8.8.8.8:53
          anpmnmxo.biz
          dns
          alg.exe
          58 B
          120 B
          1
          1

          DNS Request

          anpmnmxo.biz

        • 8.8.8.8:53
          lpuegx.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          lpuegx.biz

          DNS Response

          82.112.184.197

        • 8.8.8.8:53
          28.118.140.52.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          28.118.140.52.in-addr.arpa

        • 8.8.8.8:53
          157.123.68.40.in-addr.arpa
          dns
          72 B
          146 B
          1
          1

          DNS Request

          157.123.68.40.in-addr.arpa

        • 8.8.8.8:53
          206.23.85.13.in-addr.arpa
          dns
          71 B
          145 B
          1
          1

          DNS Request

          206.23.85.13.in-addr.arpa

        • 8.8.8.8:53
          vjaxhpbji.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          vjaxhpbji.biz

          DNS Response

          82.112.184.197

        • 8.8.8.8:53
          vjaxhpbji.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          vjaxhpbji.biz

          DNS Response

          82.112.184.197

        • 8.8.8.8:53
          48.229.111.52.in-addr.arpa
          dns
          72 B
          158 B
          1
          1

          DNS Request

          48.229.111.52.in-addr.arpa

        • 8.8.8.8:53
          240.221.184.93.in-addr.arpa
          dns
          73 B
          144 B
          1
          1

          DNS Request

          240.221.184.93.in-addr.arpa

        • 8.8.8.8:53
          57.169.31.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          57.169.31.20.in-addr.arpa

        • 8.8.8.8:53
          172.210.232.199.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          172.210.232.199.in-addr.arpa

        • 8.8.8.8:53
          xlfhhhm.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          xlfhhhm.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          ifsaia.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          ifsaia.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          212.31.129.47.in-addr.arpa
          dns
          72 B
          140 B
          1
          1

          DNS Request

          212.31.129.47.in-addr.arpa

        • 8.8.8.8:53
          saytjshyf.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          saytjshyf.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          vcddkls.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          vcddkls.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          150.16.251.13.in-addr.arpa
          dns
          72 B
          140 B
          1
          1

          DNS Request

          150.16.251.13.in-addr.arpa

        • 8.8.8.8:53
          xlfhhhm.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          xlfhhhm.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          fwiwk.biz
          dns
          alg.exe
          55 B
          87 B
          1
          1

          DNS Request

          fwiwk.biz

          DNS Response

          172.234.222.143
          172.234.222.138

        • 8.8.8.8:53
          ifsaia.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          ifsaia.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          143.222.234.172.in-addr.arpa
          dns
          74 B
          128 B
          1
          1

          DNS Request

          143.222.234.172.in-addr.arpa

        • 8.8.8.8:53
          tbjrpv.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          tbjrpv.biz

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          saytjshyf.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          saytjshyf.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          deoci.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          deoci.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          vcddkls.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          vcddkls.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          gytujflc.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          gytujflc.biz

          DNS Response

          208.100.26.245

        • 8.8.8.8:53
          160.200.246.34.in-addr.arpa
          dns
          73 B
          137 B
          1
          1

          DNS Request

          160.200.246.34.in-addr.arpa

        • 8.8.8.8:53
          248.156.208.18.in-addr.arpa
          dns
          73 B
          129 B
          1
          1

          DNS Request

          248.156.208.18.in-addr.arpa

        • 8.8.8.8:53
          qaynky.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          qaynky.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          fwiwk.biz
          dns
          alg.exe
          55 B
          87 B
          1
          1

          DNS Request

          fwiwk.biz

          DNS Response

          172.234.222.143
          172.234.222.138

        • 8.8.8.8:53
          245.26.100.208.in-addr.arpa
          dns
          73 B
          127 B
          1
          1

          DNS Request

          245.26.100.208.in-addr.arpa

        • 8.8.8.8:53
          tbjrpv.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          tbjrpv.biz

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          bumxkqgxu.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          bumxkqgxu.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          deoci.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          deoci.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          dwrqljrr.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          dwrqljrr.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          gytujflc.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          gytujflc.biz

          DNS Response

          208.100.26.245

        • 8.8.8.8:53
          nqwjmb.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          nqwjmb.biz

          DNS Response

          35.164.78.200

        • 8.8.8.8:53
          qaynky.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          qaynky.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          ytctnunms.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          ytctnunms.biz

          DNS Response

          3.94.10.34

        • 8.8.8.8:53
          myups.biz
          dns
          alg.exe
          55 B
          87 B
          1
          1

          DNS Request

          myups.biz

          DNS Response

          165.160.13.20
          165.160.15.20

        • 8.8.8.8:53
          bumxkqgxu.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          bumxkqgxu.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          dwrqljrr.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          dwrqljrr.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          oshhkdluh.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          oshhkdluh.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          200.78.164.35.in-addr.arpa
          dns
          72 B
          135 B
          1
          1

          DNS Request

          200.78.164.35.in-addr.arpa

        • 8.8.8.8:53
          34.10.94.3.in-addr.arpa
          dns
          69 B
          121 B
          1
          1

          DNS Request

          34.10.94.3.in-addr.arpa

        • 8.8.8.8:53
          20.13.160.165.in-addr.arpa
          dns
          72 B
          146 B
          1
          1

          DNS Request

          20.13.160.165.in-addr.arpa

        • 8.8.8.8:53
          nqwjmb.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          nqwjmb.biz

          DNS Response

          35.164.78.200

        • 8.8.8.8:53
          yunalwv.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          yunalwv.biz

          DNS Response

          208.100.26.245

        • 8.8.8.8:53
          ytctnunms.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          ytctnunms.biz

          DNS Response

          3.94.10.34

        • 8.8.8.8:53
          jpskm.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          jpskm.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          myups.biz
          dns
          alg.exe
          55 B
          87 B
          1
          1

          DNS Request

          myups.biz

          DNS Response

          165.160.15.20
          165.160.13.20

        • 8.8.8.8:53
          lrxdmhrr.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          lrxdmhrr.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          45.97.211.34.in-addr.arpa
          dns
          128 B
          206 B
          2
          2

          DNS Request

          45.97.211.34.in-addr.arpa

          DNS Request

          kvbjaur.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          20.15.160.165.in-addr.arpa
          dns
          72 B
          146 B
          1
          1

          DNS Request

          20.15.160.165.in-addr.arpa

        • 8.8.8.8:53
          oshhkdluh.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          oshhkdluh.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          wllvnzb.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          wllvnzb.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          yunalwv.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          yunalwv.biz

          DNS Response

          208.100.26.245

        • 8.8.8.8:53
          jpskm.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          jpskm.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          gnqgo.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          gnqgo.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          lrxdmhrr.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          lrxdmhrr.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          jhvzpcfg.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          jhvzpcfg.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          acwjcqqv.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          acwjcqqv.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          wllvnzb.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          wllvnzb.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          lejtdj.biz
          dns
          alg.exe
          56 B
          118 B
          1
          1

          DNS Request

          lejtdj.biz

        • 8.8.8.8:53
          gnqgo.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          gnqgo.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          vyome.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          vyome.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          jhvzpcfg.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          jhvzpcfg.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          yauexmxk.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          yauexmxk.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          acwjcqqv.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          acwjcqqv.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          iuzpxe.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          iuzpxe.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          5.173.189.20.in-addr.arpa
          dns
          142 B
          157 B
          2
          1

          DNS Request

          5.173.189.20.in-addr.arpa

          DNS Request

          5.173.189.20.in-addr.arpa

        • 8.8.8.8:53
          86.104.213.44.in-addr.arpa
          dns
          72 B
          127 B
          1
          1

          DNS Request

          86.104.213.44.in-addr.arpa

        • 8.8.8.8:53
          lejtdj.biz
          dns
          alg.exe
          56 B
          118 B
          1
          1

          DNS Request

          lejtdj.biz

        • 8.8.8.8:53
          vyome.biz
          dns
          alg.exe
          55 B
          71 B
          1
          1

          DNS Request

          vyome.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          yauexmxk.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          yauexmxk.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          iuzpxe.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          iuzpxe.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          55.36.223.20.in-addr.arpa
          dns
          71 B
          157 B
          1
          1

          DNS Request

          55.36.223.20.in-addr.arpa

        • 8.8.8.8:53
          tse1.mm.bing.net
          dns
          62 B
          170 B
          1
          1

          DNS Request

          tse1.mm.bing.net

          DNS Response

          150.171.28.10
          150.171.27.10

        • 8.8.8.8:53
          sxmiywsfv.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          sxmiywsfv.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          sxmiywsfv.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          sxmiywsfv.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          vrrazpdh.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          vrrazpdh.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          ftxlah.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          ftxlah.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          typgfhb.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          typgfhb.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          esuzf.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          esuzf.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          gvijgjwkh.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          gvijgjwkh.biz

          DNS Response

          3.94.10.34

        • 8.8.8.8:53
          vrrazpdh.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          vrrazpdh.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          qpnczch.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          qpnczch.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          ftxlah.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          ftxlah.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          brsua.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          brsua.biz

          DNS Response

          3.254.94.185

        • 8.8.8.8:53
          dlynankz.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          dlynankz.biz

          DNS Response

          85.214.228.140

        • 8.8.8.8:53
          185.94.254.3.in-addr.arpa
          dns
          71 B
          133 B
          1
          1

          DNS Request

          185.94.254.3.in-addr.arpa

        • 8.8.8.8:53
          oflybfv.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          oflybfv.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          typgfhb.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          typgfhb.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          140.228.214.85.in-addr.arpa
          dns
          73 B
          112 B
          1
          1

          DNS Request

          140.228.214.85.in-addr.arpa

        • 8.8.8.8:53
          yhqqc.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          yhqqc.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          esuzf.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          esuzf.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          mnjmhp.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          mnjmhp.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          gvijgjwkh.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          gvijgjwkh.biz

          DNS Response

          3.94.10.34

        • 8.8.8.8:53
          qpnczch.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          qpnczch.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          opowhhece.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          opowhhece.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          brsua.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          brsua.biz

          DNS Response

          3.254.94.185

        • 8.8.8.8:53
          zjbpaao.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          119 B
          1
          1

          DNS Request

          zjbpaao.biz

        • 8.8.8.8:53
          jdhhbs.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          jdhhbs.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          dlynankz.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          dlynankz.biz

          DNS Response

          85.214.228.140

        • 8.8.8.8:53
          oflybfv.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          oflybfv.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          mgmsclkyu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          mgmsclkyu.biz

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          yhqqc.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          yhqqc.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          warkcdu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          warkcdu.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          mnjmhp.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          mnjmhp.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          gcedd.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          gcedd.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          opowhhece.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          opowhhece.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          zjbpaao.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          119 B
          1
          1

          DNS Request

          zjbpaao.biz

        • 8.8.8.8:53
          jdhhbs.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          jdhhbs.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          jwkoeoqns.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          jwkoeoqns.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          xccjj.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          xccjj.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          hehckyov.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          hehckyov.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          rynmcq.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          rynmcq.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          mgmsclkyu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          mgmsclkyu.biz

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          warkcdu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          warkcdu.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          uaafd.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          uaafd.biz

          DNS Response

          3.254.94.185

        • 8.8.8.8:53
          eufxebus.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          eufxebus.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          gcedd.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          gcedd.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          pwlqfu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          pwlqfu.biz

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          rrqafepng.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          rrqafepng.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          jwkoeoqns.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          jwkoeoqns.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          xccjj.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          xccjj.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          hehckyov.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          hehckyov.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          ctdtgwag.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          ctdtgwag.biz

          DNS Response

          3.94.10.34

        • 8.8.8.8:53
          rynmcq.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          rynmcq.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          tnevuluw.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          tnevuluw.biz

          DNS Response

          35.164.78.200

        • 8.8.8.8:53
          uaafd.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          uaafd.biz

          DNS Response

          3.254.94.185

        • 8.8.8.8:53
          whjovd.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          whjovd.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          eufxebus.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          eufxebus.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          gjogvvpsf.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          118 B
          75 B
          2
          1

          DNS Request

          gjogvvpsf.biz

          DNS Request

          gjogvvpsf.biz

          DNS Response

          208.100.26.245

        • 8.8.8.8:53
          reczwga.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          reczwga.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          bghjpy.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          bghjpy.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          damcprvgv.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          damcprvgv.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          ocsvqjg.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          171 B
          73 B
          3
          1

          DNS Request

          ocsvqjg.biz

          DNS Request

          ocsvqjg.biz

          DNS Request

          ocsvqjg.biz

          DNS Response

          3.254.94.185

        • 8.8.8.8:53
          pwlqfu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          112 B
          144 B
          2
          2

          DNS Request

          pwlqfu.biz

          DNS Request

          pwlqfu.biz

          DNS Response

          34.246.200.160

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          rrqafepng.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          118 B
          150 B
          2
          2

          DNS Request

          rrqafepng.biz

          DNS Request

          rrqafepng.biz

          DNS Response

          47.129.31.212

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          ywffr.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          ywffr.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          ecxbwt.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          112 B
          72 B
          2
          1

          DNS Request

          ecxbwt.biz

          DNS Request

          ecxbwt.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          ctdtgwag.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          ctdtgwag.biz

          DNS Response

          3.94.10.34

        • 8.8.8.8:53
          tnevuluw.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          116 B
          148 B
          2
          2

          DNS Request

          tnevuluw.biz

          DNS Request

          tnevuluw.biz

          DNS Response

          35.164.78.200

          DNS Response

          35.164.78.200

        • 8.8.8.8:53
          pectx.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          pectx.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          whjovd.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          whjovd.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          zyiexezl.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          zyiexezl.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          banwyw.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          112 B
          144 B
          2
          2

          DNS Request

          banwyw.biz

          DNS Request

          banwyw.biz

          DNS Response

          44.221.84.105

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          muapr.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          117 B
          1
          1

          DNS Request

          muapr.biz

        • 8.8.8.8:53
          wxgzshna.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          wxgzshna.biz

          DNS Response

          72.52.178.23

        • 8.8.8.8:53
          gjogvvpsf.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          gjogvvpsf.biz

          DNS Response

          208.100.26.245

        • 8.8.8.8:53
          reczwga.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          114 B
          146 B
          2
          2

          DNS Request

          reczwga.biz

          DNS Request

          reczwga.biz

          DNS Response

          44.221.84.105

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          zrlssa.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          zrlssa.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          jlqltsjvh.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          75 B
          1
          1

          DNS Request

          jlqltsjvh.biz

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          23.178.52.72.in-addr.arpa
          dns
          71 B
          103 B
          1
          1

          DNS Request

          23.178.52.72.in-addr.arpa

        • 8.8.8.8:53
          bghjpy.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          bghjpy.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          damcprvgv.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          118 B
          75 B
          2
          1

          DNS Request

          damcprvgv.biz

          DNS Request

          damcprvgv.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          ocsvqjg.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          ocsvqjg.biz

          DNS Response

          3.254.94.185

        • 8.8.8.8:53
          xyrgy.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          xyrgy.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          ywffr.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          ywffr.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          htwqzczce.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          118 B
          91 B
          2
          1

          DNS Request

          htwqzczce.biz

          DNS Request

          htwqzczce.biz

          DNS Response

          172.234.222.138
          172.234.222.143

        • 8.8.8.8:53
          ecxbwt.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          112 B
          144 B
          2
          2

          DNS Request

          ecxbwt.biz

          DNS Request

          ecxbwt.biz

          DNS Response

          54.244.188.177

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          uphca.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          uphca.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          pectx.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          110 B
          142 B
          2
          2

          DNS Request

          pectx.biz

          DNS Request

          pectx.biz

          DNS Response

          44.213.104.86

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          fjumtfnz.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          fjumtfnz.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          zyiexezl.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          116 B
          148 B
          2
          2

          DNS Request

          zyiexezl.biz

          DNS Request

          zyiexezl.biz

          DNS Response

          18.208.156.248

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          hlzfuyy.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          hlzfuyy.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          banwyw.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          banwyw.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          muapr.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          117 B
          1
          1

          DNS Request

          muapr.biz

        • 8.8.8.8:53
          wxgzshna.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          wxgzshna.biz

          DNS Response

          72.52.178.23

        • 8.8.8.8:53
          rffxu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          55 B
          71 B
          1
          1

          DNS Request

          rffxu.biz

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
          cikivjto.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          58 B
          74 B
          1
          1

          DNS Request

          cikivjto.biz

          DNS Response

          44.213.104.86

        • 8.8.8.8:53
          zrlssa.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          56 B
          72 B
          1
          1

          DNS Request

          zrlssa.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          jlqltsjvh.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          118 B
          150 B
          2
          2

          DNS Request

          jlqltsjvh.biz

          DNS Request

          jlqltsjvh.biz

          DNS Response

          18.141.10.107

          DNS Response

          18.141.10.107

        • 8.8.8.8:53
          qncdaagct.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          118 B
          75 B
          2
          1

          DNS Request

          qncdaagct.biz

          DNS Request

          qncdaagct.biz

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          xyrgy.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          110 B
          142 B
          2
          2

          DNS Request

          xyrgy.biz

          DNS Request

          xyrgy.biz

          DNS Response

          18.208.156.248

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          htwqzczce.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          59 B
          91 B
          1
          1

          DNS Request

          htwqzczce.biz

          DNS Response

          172.234.222.143
          172.234.222.138

        • 8.8.8.8:53
          shpwbsrw.biz
          dns
          alg.exe
          58 B
          74 B
          1
          1

          DNS Request

          shpwbsrw.biz

          DNS Response

          13.251.16.150

        • 8.8.8.8:53
          kvbjaur.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          114 B
          73 B
          2
          1

          DNS Request

          kvbjaur.biz

          DNS Request

          kvbjaur.biz

          DNS Response

          54.244.188.177

        • 8.8.8.8:53
          uphca.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          110 B
          142 B
          2
          2

          DNS Request

          uphca.biz

          DNS Request

          uphca.biz

          DNS Response

          44.221.84.105

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          cjvgcl.biz
          dns
          alg.exe
          56 B
          72 B
          1
          1

          DNS Request

          cjvgcl.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          fjumtfnz.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          116 B
          148 B
          2
          2

          DNS Request

          fjumtfnz.biz

          DNS Request

          fjumtfnz.biz

          DNS Response

          34.211.97.45

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          neazudmrq.biz
          dns
          alg.exe
          59 B
          75 B
          1
          1

          DNS Request

          neazudmrq.biz

          DNS Response

          44.221.84.105

        • 8.8.8.8:53
          pgfsvwx.biz
          dns
          alg.exe
          57 B
          73 B
          1
          1

          DNS Request

          pgfsvwx.biz

          DNS Response

          18.208.156.248

        • 8.8.8.8:53
          hlzfuyy.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          57 B
          73 B
          1
          1

          DNS Request

          hlzfuyy.biz

          DNS Response

          34.211.97.45

        • 8.8.8.8:53
          aatcwo.biz
          dns
          alg.exe
          112 B
          144 B
          2
          2

          DNS Request

          aatcwo.biz

          DNS Request

          aatcwo.biz

          DNS Response

          47.129.31.212

          DNS Response

          47.129.31.212

        • 8.8.8.8:53
          rffxu.biz
          dns
          2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
          110 B
          142 B
          2
          2

          DNS Request

          rffxu.biz

          DNS Request

          rffxu.biz

          DNS Response

          34.246.200.160

          DNS Response

          34.246.200.160

        • 8.8.8.8:53
        • 8.8.8.8:53
        • 8.8.8.8:53
        • 8.8.8.8:53

        MITRE ATT&CK Enterprise v15

        Replay Monitor

        Loading Replay Monitor...

        Downloads

        • C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe

          Filesize

          2.2MB

          MD5

          146e162b912c91c5f08cbefa45e5feaa

          SHA1

          60e15d8fabd1c1051c52df9cd6279f287cb44078

          SHA256

          db3dd3a1a5877eca384e0fcaf4953b7e9b3f58d52287e3287d28feb5aef4ee40

          SHA512

          f9021274d03a7df3c4644aa6e3f3a1c0589cefece79539aa3944b9d2550b36b72453268f1dcf93c5d032878272016d769897cc93fde7203b131eaff948181011

        • C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

          Filesize

          789KB

          MD5

          bc00dd7c69bd55d4a1b8a6cfcd0125a7

          SHA1

          ffb81c25e90ea5575c584a7a5f77d3ea1346ea2f

          SHA256

          8bb673bb7c8d42a1a9a753d53afb1097a10eb7e9bc847a5b26d33570b5e5fbae

          SHA512

          4a8a76515656702b4871137d4342ef0e6cd37091c0c2e11d380788e23730f385549eceb0a3b56029af5612c6fed64d22ec95ad54e5c7645616f917b0d33c2211

        • C:\Program Files\7-Zip\7z.exe

          Filesize

          1.1MB

          MD5

          8d90fde691ce439128a8bbca87ddc4bc

          SHA1

          f13f8f376dfbeb04e4e27fc407abc26661bbedbb

          SHA256

          cda1a9cb0cae2455cb8024759ee7aaed9c71902fbeb40ca5ed783bb098694447

          SHA512

          8a6dbf8bf2ae074f6738f97bc164dc3a7f5a36e3686d457c2ef92c7f54ba714199f0d84b2d5737d32d90b3d890edd41b5c9f404b7b15ba1ebfe901db3e463e76

        • C:\Program Files\7-Zip\7zFM.exe

          Filesize

          1.5MB

          MD5

          d6c86650a2674dd722bf9b7b08251f87

          SHA1

          489ae47116b1570e38418f051143e24f896f462e

          SHA256

          74993352f08053ec48ef1b3e1d1978917da63e9f791ac04db58c632d4077d9b2

          SHA512

          72cc9bd3bcb4c0e0b8120104b3a92bcbf8aa846169033731c0c447fb17ab07ed298dbaa9439427e39753596f641e3130719471f665686e67986d58a4d72e1e1a

        • C:\Program Files\7-Zip\7zG.exe

          Filesize

          1.2MB

          MD5

          861f54abdbf807fc5528e12b3e658d6a

          SHA1

          67f01763ea1a20eb956aabbc023f06224bc3448a

          SHA256

          b36e764c723151bb9de843c8647b54a7580ed45ea6aff2190b0217525e454361

          SHA512

          6f35594d8420b3c71d75104ba1f389f29848e746724498a1b201b623d382acea4805d91a0ff4e9711cc9dc2400ccb88dbc6f319a06b8cc405a9b8c921f7c6b38

        • C:\Program Files\7-Zip\Uninstall.exe

          Filesize

          582KB

          MD5

          bc3afb87d03cef67b1093552d0a61f9c

          SHA1

          1f9303fbf30721f3ac76331039bccae7e5db9cc9

          SHA256

          26837217b32c5594795b8fd21f09745f0ad8c46bf2fa9a6ba6bf5dc3b2a421a6

          SHA512

          b5f55f2fff481d7e9ab997234ebc4fdeba86d3c57993651e99a7dbd2347dd0d505ce6e59d13e8c394f37acb7c26cb4b91fbb7849a44943d730a19f0c204bcd2d

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

          Filesize

          840KB

          MD5

          5cbd6954700b53ea8fa054798d8a60aa

          SHA1

          5c15622df0798dadeafd3d120cca8d5dd9463171

          SHA256

          47ab2991f8c4fb485aa224ebc547aaf2c29352ac0982e23e861f62e8f3b90938

          SHA512

          727f3a20ce385f5f4da737f80818432fad10564d95513d26362605930943f446cc7cf1f0ca383eedd5e67566dca01ae16bd5cccad38534411dedf9c3fde1b5f7

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

          Filesize

          4.6MB

          MD5

          9008a6ad0547adf8b4a7a692bf894573

          SHA1

          df881c22f73923a14a673b01e4c8e2982d1b70de

          SHA256

          24aa53d5dbd2099792705d5a32acd0e6fb6f1c22992888026c437746f8eccde2

          SHA512

          778788c2662a1499bd1e46c6c72f5464be2d0a6885e0779a340a3552232e851b2326f5f3f60869bde03b1d4946572cff3ee88ea9a47843c13067afe0e583cdf4

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

          Filesize

          910KB

          MD5

          684fb6f1e5b281478837715719391e12

          SHA1

          8211b5bcf45c696b2255eaed6840cac8a9541519

          SHA256

          211d23e2a3ff00325fec25c5acef759a3a4ca7749285d7ef2ad4a961dd661b18

          SHA512

          987cd108652b8c83a3696640152cb9fa7535fc1a1b7bd3b3efc36d096d8cc43f2d021a7ae39ae2446eaded03c73a8d262948f3502680b416e834bc1aaab46dd0

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

          Filesize

          24.0MB

          MD5

          fe629b0a7296f5de33ae26bd889ceaa7

          SHA1

          50960afcbcea4e4a3e28ce6dd57ca202d0c18655

          SHA256

          255f41ac11dd6aa42c1ce1d917ac3aa1a7cea3b8881ddf699b0943a5fc170d59

          SHA512

          8c4742ab3b05e76e8471050f4055d0267830061f6e1f946458ae63222e8344f3f8c3edf515e1e7a1c104b8ff558d9307d55a3b6cb2e318d71de86ff09a613493

        • C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

          Filesize

          2.7MB

          MD5

          e1ce2173654368757b176eb4723b281f

          SHA1

          3fb499f4e13bfc766139eeec7629e18e2da95599

          SHA256

          d9f6abdeec7ed274831dbabf189a1d49de60c05c7671b5840ff0294db3a5a4e1

          SHA512

          c00354938a90813e1cb2f4904b4a70d791929fae1359e9340b916044e54a32dda49cdf4f15d28931bc9fb713230c90b47f725cd4ce00ebedf21ca74ca4315e15

        • C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

          Filesize

          1.1MB

          MD5

          dbf9e10a112ff13924b344a024b75f23

          SHA1

          42c561e00208ab849d5a41ce4877524c7fcb31da

          SHA256

          07df6268e07db37d0f93866d1a1a26b81c3f26add81769681a984ea8aa94877f

          SHA512

          ca884b414e4ac7afbab6c9d208f2e0b1ea7f6e6c2b864a73b9bac7c70abafc6786ed8c880082a7455fd52a8cd09d0aece6e60879705ff055583086f51bb9e03a

        • C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

          Filesize

          805KB

          MD5

          c130c7928f1aa745974e920239402352

          SHA1

          d29f95ac892615a2fb6533e6af237f99c0b757a4

          SHA256

          5e22903bbe417faae33a778a08450c85091b5447860c5f9309dd31c20d59cd95

          SHA512

          bdc284493c8fef0e27fb7c4e1f4fa6cf9798eb0b19f8e04511d3b963aec945ffd492e1511a73bdd4cdd4a26ccf73309d186526a287dee61c389f56d35844b0b1

        • C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

          Filesize

          656KB

          MD5

          47eb184704b1d56c6d29a2c773164cd2

          SHA1

          d5b4f6d5a37bfca9e6b0edd9049b32152c6aacab

          SHA256

          5e0667a6450e0b08b21f9ff2e197388c49b54f416bc10ed4481fd5801c5f56d2

          SHA512

          a34160700ef794358cd7cc7c1d466c920b95a87b22ad3782abc03b270ec38c4766326a6dc5d5d63e4f36fabcf73729901cb4a639c0b22acc7d76b489ac413cf3

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

          Filesize

          4.6MB

          MD5

          fc0660855d16eda65071d1ba525e0a05

          SHA1

          0d0addcf55636f5b0e9b197d595be4cdb0138ca3

          SHA256

          4419edfea05792ff48eb75306e9d1dc70e24cb689eef1cc389fe6deb0d15b606

          SHA512

          ac468d05442df7b822600f203234b3bb0cf9b4065ba33d83ff7bf92ba503e025b3ee51c6a1928549f7a90d8152d52dda06962b781623dad02b4c05e0d9456fcb

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

          Filesize

          4.6MB

          MD5

          46cd27b4e1459e5a015768ba503b0021

          SHA1

          6b550dae8b26037a61173421227ada8ff0671b30

          SHA256

          b655f842ac1795ae946e2a270bbe6a0b3d698a21a25477e5beb4e96877f69f7e

          SHA512

          8d1864bb390c2169935795915e8d7f76629f61830e1d4b8fb9f7cebb152f44bb7158dd9141b4b430face64912ea7109aed2ee4efaa1e48fc940e1e25569453c0

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

          Filesize

          1.9MB

          MD5

          dd6683ef3276b74ec6ad48be9fd38afd

          SHA1

          c2585e3e8170a65793f08f8e1eeb5f94c113c8ac

          SHA256

          4412ead8e655d6f857cb8fcbfa81adbb9706a6b0384e9c62a08aacdd2fe5b09a

          SHA512

          b6e5c3ddfa8cb3e35c9ab6a2ca6aa595030c897390b8d0968acdcd00369385a29645b238b471c28478f8700a734c0ccd550a749a629ab91ba11c7952fe239781

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

          Filesize

          2.1MB

          MD5

          2c204e84ce50c935231bcc6dfd9092bd

          SHA1

          fcead0cebe35cb5595362c0b6370eeb7fc2f06a9

          SHA256

          8ff22ed52b274fd74ee452a69b5054c6e1561db3240691c5cc80afa4d316a865

          SHA512

          60b59ed6b7699082d16ac8e95383f3951d43b5116368316941e9bd3fcac0bfdc1f20821b5547f4e1ff7853cd6bcbc5fe2ac8ecf889f75e6c21cf45b4d962faaa

        • C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

          Filesize

          1.8MB

          MD5

          efc455b621f61f67bbff166c8993f5b2

          SHA1

          053cf58547447abe2a896791462c489098964bce

          SHA256

          d91a90c1fa3ecafe6be4d99b15793136c5c32280da09763fec7002098ca4b5f0

          SHA512

          30d7da73e762cb4eb7c5e98e6e73017485670584b34d33841ff6c6625f2bdc7044684ee94a9218fe5845a913f92e3e17a075c2a709139d7afa46be36cd004c46

        • C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

          Filesize

          1.6MB

          MD5

          e41a56f6bdee1542ebbf590c7bcb8f90

          SHA1

          22f1337594e9d804aea8694de4494c30907068d3

          SHA256

          c231d6b1092b7731a0eaf7e4dff6d5a48319c2f4cd564b21da79d2a6ccceaf80

          SHA512

          c5e3456426c8dd3159547fd4f8c695e86944970f42450f674a38e01821e0218501c43fe005bf3c0a9930ba09c271d3de0e4e440a1a7912e272704e8720ac44f5

        • C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

          Filesize

          581KB

          MD5

          6bf9ad85b498e5218537084931b7f5a0

          SHA1

          62e7ab50d23d3d6eaad2e54be0911a0140cd1178

          SHA256

          50e9fad8da2987c475f884d98c2d5966dd5e8e55f603efdc2a8827534a158f9f

          SHA512

          ce09f60eb4b3c466c3a41ed2adc8ca3534f346071f621a8f2717e45e79def6fda81caa9a0ae29b39d02e4f740e6103f9d1db3f43141dd1e8a5278f8eabd77459

        • C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

          Filesize

          581KB

          MD5

          f6713351cd8321be04738b25486198b4

          SHA1

          f023ffce9858389e47683038da41a3c11c2984c2

          SHA256

          df3384bcdeb78302c84cf3b4f168a0034e13f9bdbad8b2719df424308a79ec3f

          SHA512

          8b8621660dd46c1a7e0b1b36d08600e74d0998bd87a2f582ba39c19f55fac5e4eb4e8293e31985e1051053a1a811852c60bfd0fb46e9ed3000a4c736340daa14

        • C:\Program Files\Java\jdk-1.8\bin\idlj.exe

          Filesize

          581KB

          MD5

          1604a4aeef57f7bf8e11baaf0a1598cc

          SHA1

          19ed857eda5552f8470cc19df3a4c4dc22ed3c18

          SHA256

          ba7515e957067a2586f8c26d86144b922428b4208216140a6d2f3dbbf4ad39b7

          SHA512

          b67259025611e71f2771f35245422568481bbf6a608d39c8d149459e8f6d7af2c48d6fb3d38a4c60c41dcbd809901fcc95e104c34980bd0a74ee1870f30fcf66

        • C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

          Filesize

          601KB

          MD5

          64a4df015de4c6f9e506def0faded181

          SHA1

          d6fb5ea82dbd232cdc884a757bf23f14d850c933

          SHA256

          313c243c07e334c9c839060623b4b9cbd2df76048266bc5109082ad76bd766a1

          SHA512

          0e6172b4db0026d63db57a770deae1636d65332dd9fb542146f9a43646f63d2c80998ba945d5f500c99f6964077276842b596a0b4481134da237f1a8cf537e8b

        • C:\Program Files\Java\jdk-1.8\bin\jar.exe

          Filesize

          581KB

          MD5

          1a517087b2e0f008c68b164935475662

          SHA1

          6ff46c436f26eebab7ba29201919e7a21159775a

          SHA256

          8a87318964780cfd8ab8d38c2cfc22b95c23023c79ed9d8e9ac6e4cfc69298d4

          SHA512

          cf64a20146fe64e2057f8416585c3e353f3c56065830349fc6648b101332d862af33a97233ff99c66e303b3a6454f6a97794c4b26bd3823910896f70c7525cc8

        • C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

          Filesize

          581KB

          MD5

          f057b9bbf03d4ea9d36293fa3ef67fab

          SHA1

          62738223f990a743a44ba3dfa763a64ad30de64d

          SHA256

          4f1c34e6974a2c63294994b9099ef71ad5025a010e20dc0cd1bcce36c1e7ed7f

          SHA512

          5ded8e800ecf1a49e0de660e610a75f073417eb39270f8f42f77b0009cb1efbabf49b0acff502bda903654277fd339fb1e760bebd59820b7ae33be1a21c23cb1

        • C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

          Filesize

          581KB

          MD5

          7045f0aef823eb60196b657f6833685a

          SHA1

          983e3d9f4ba76cacf1ca9898ca8eacab3f064f04

          SHA256

          a41f4ba30e721b072cb184872d41356b81dcc9a79da4fdf7b9f2fafc1119eb95

          SHA512

          937064aa0842915007a9fd20d13a57b929e89dc428e021cf0a68997721ecada8f13db34e0117de6238ea0b3b005b8f78821b9263d45ab9c54fdd52c064fde8dc

        • C:\Program Files\Java\jdk-1.8\bin\java.exe

          Filesize

          841KB

          MD5

          f842304fbaf5a06b6056c589c130d5d6

          SHA1

          2b21bd4b2a093a7a541992f9683b6ad3a8126c40

          SHA256

          69e4bfd99c20118b063252ea07839b96e076e684f7680328ac687f01cd7626da

          SHA512

          1ea30d5125f581d213a374e0a505be6844efb485ff8cfbd571f455d807fb3bb7aa6d887a8cc0df0813dc9ea26206ddb14d2ed9491cf99972c0b7deef3a30106a

        • C:\Program Files\Java\jdk-1.8\bin\javac.exe

          Filesize

          581KB

          MD5

          fdf0a0722e51d6c91723f9af4a166df4

          SHA1

          6ec4a3418966e9856598194ba227b96e2132cba4

          SHA256

          8baed6eac321a0642f4b7c5c9dd390441c7747b3a5034745058170eb64769eec

          SHA512

          371c85b259b2c7943fe087e9471059d82b499fa9aa0b4884f682091d93d8aa0e2a439fffcae6c00017d1a3e3ba61b0b66d40552f990843bc62015f09d8dee934

        • C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

          Filesize

          581KB

          MD5

          e8db8add4c479002f25631641cd91b32

          SHA1

          764e75d3a0a821f991d09ab14c196450e552a847

          SHA256

          c259775d32a156a8eab78aebef9bcd6f7cb0cd47a2a0711b2157e43e5dc84354

          SHA512

          5950640e5f5d4e7cfe0548eeb0858e91a55ef296882fc4cba63f943ce2010d05cf81652f60242bb56151a36cdfbafe36412fb0f1db6502987bd364644893ee20

        • C:\Program Files\Java\jdk-1.8\bin\javah.exe

          Filesize

          581KB

          MD5

          97c28c4091c02213540c8d4ec1641edf

          SHA1

          3ee40f34949e356f458790178d03882636ee8f33

          SHA256

          710122832c3515586eede053bba3b00555e3294e72a33d7fba1f9e6b555fad18

          SHA512

          94318fbccd000143a9789c6755816b860aa8458c10ebf003bb74db18cd0baf0a96b0c933fcaf5e3448e898a45cec40d95065c7b8a5bff83f770eec5a4d22a05b

        • C:\Program Files\Java\jdk-1.8\bin\javap.exe

          Filesize

          581KB

          MD5

          ccb8f7822034552f7124c70fd1d334a6

          SHA1

          c94e4b70207ec39fdbe63bfd89b03215de90b2a4

          SHA256

          0a8ca74009f6d8945399996bad4b2d7fa9e2057467e9761cbf7a72d2489d6de8

          SHA512

          00832127f58f572181572a88e708a9b44e015f04238f5a6c5ba8d521eb4856e39239ec17cf0e04d35a17d58a55ec566b52f0836d410870df88ae68e588bdfed9

        • C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

          Filesize

          717KB

          MD5

          63948ca7b003ea9bdb81b1b7d1c9d0c2

          SHA1

          a20659016f7c475993f869224b97eb4946d7bdde

          SHA256

          2793f092b458afe41cd67f481f89811bcc0f9d3dea682d0d9957e5c9df58963f

          SHA512

          16047e5c4cd3675d15433c0c97380ff05e31ee39a87d982f92466df0c3fd1682ab8cd18f0a48dc5eb8ac89cabd96007f56d525d8a8464aae50205741117f528f

        • C:\Program Files\Java\jdk-1.8\bin\javaw.exe

          Filesize

          841KB

          MD5

          8020190faefd97966581f0ffe81edf5a

          SHA1

          23f11e917ac8ab087c875fef2c3632434862cf95

          SHA256

          afede0ca3f6ce7ed5a9fef76eb908a473946a913383cc25c1b982351a9bac0a3

          SHA512

          b37e90bae68fc1ae00352cccdf31e801af159916615be8f2f6bb2bf4b42f535c40c9275f93e178ee012635d09a712821ea77425422eaeb4be549a30ac532d341

        • C:\Program Files\Java\jdk-1.8\bin\javaws.exe

          Filesize

          1020KB

          MD5

          844f116e5da93fcde5718dcf2baa2fc2

          SHA1

          0ecb8671d715bf0c4d0a70506b1c93925afea90d

          SHA256

          4bd77997373493240b48228e887fc22d8cfeb82e781cce1128f4e400ddc7c2ee

          SHA512

          243f9f002c952d3ac21bbf4fca21347f4cbf55e746a2a133cf02d799d0192dacb8fbba9f2488a54fd7622ca5ac90c73ff5e4f7cbd3771e536e2f70b7c8feda88

        • C:\Program Files\Windows Media Player\wmpnetwk.exe

          Filesize

          1.5MB

          MD5

          ceae022b7397f65f8c6f4ddda469584a

          SHA1

          6a6f512b30678b54b5dac1a04060249526dec426

          SHA256

          1671dcbe4effa1421fef717ffc86d98637eb729a48aa5a1d814e751d3843583e

          SHA512

          01cfc978193952fce786689c5d3ae2d04ab8bd66978ce17ae03fbbe06e27890033517be1ae408a08ed8683ab405f91bb3ac8f5fb215e9b8201a64df98a45105f

        • C:\Program Files\dotnet\dotnet.exe

          Filesize

          701KB

          MD5

          cf2f2a1e420eaedda11951d1e8d8ebe0

          SHA1

          d78ba420fe2c866bb8055f6ae66fa4f2d80db865

          SHA256

          2728bd8e00302c2499dc2742c6d0b9d4b28598575bd27775e79c7eedd0704fb4

          SHA512

          c480ed17de364996238f5592ed01750dbfb06fd93af39cb2dd84fdc06661c68876f12c435bead0ca9696e036e42bc4d4b9cdd105ac8a65595488679a620b5940

        • C:\Windows\SysWOW64\perfhost.exe

          Filesize

          588KB

          MD5

          4d00bb86a1fc8e9a2fcb06d6ec2c2ad2

          SHA1

          b5e8a5e1f059ca78bf502099ac4486800a4010da

          SHA256

          24e0cf50cd4b1614b840296a2d733b81952581dfc333c0e8f9668de616d9c637

          SHA512

          e184c04d288b485e6bc917dcdc60a73547da0a33798e917c99f15e92eaa39c39ef279cbb4f1447e4f65374da6d1aa31c633536ff00870991005cda0302864294

        • C:\Windows\System32\AgentService.exe

          Filesize

          1.7MB

          MD5

          67ad75cc7a738baf4d62d901d9949294

          SHA1

          f036fc024b6acbd747188d5aa7ba90c2fde8528e

          SHA256

          bd2a3e5dd27243db1e092695f2992d1dc52c111caf6bce18f08fae0ad972e621

          SHA512

          d0815e4f4167f674f0be99796143c0f1658d41e5bbd667f04615020f74353a681ae4fc06c5433ecfdd0514a66ee6859e03b3f109c68dca6fbfb591ba45afe47d

        • C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

          Filesize

          659KB

          MD5

          8f68dcba8081a8b04be6c11ec024204f

          SHA1

          04fd87f924a1ac4c2b1f3f4a1eb35e5578143bb8

          SHA256

          23c805493e043b3774301365e4f02406c193b65c13a93d700e79d79abd57d8d5

          SHA512

          82df4ade37c3c018fb5f0ec50fb4c0e881616d60e0a7a70b190f548ae6c60993190a93221275b8221785ee317d87a2ffdbdca9d1c883218162c1e878b1a78de1

        • C:\Windows\System32\FXSSVC.exe

          Filesize

          1.2MB

          MD5

          420bd9bb00809001e2813e39a97c181e

          SHA1

          bf2f498943580ee8bc8a652d03145858a16e18de

          SHA256

          b4c00e727d9884f36442e54b3b3ddc6a1f9c25ed3cb16e46cfbacebe24cf00fb

          SHA512

          6647580c360ef297e78d11438e6789ab7792a85fcf6a9ecd5bb646dea5de7237779df7dee5db033d237d172a1e9d28054ef4398790016b80d647b70bcbb26418

        • C:\Windows\System32\Locator.exe

          Filesize

          578KB

          MD5

          8dddb38cd132d9b1ec73e4d5a2c2a30d

          SHA1

          2925d6f3b79758814ef04ee38e870df3fd914355

          SHA256

          e3b3af9a4e43032340367c2cd9b0a1e9cd3192b4309b6e6d4bd0d2febb8aeb65

          SHA512

          a2f2f7c9c48f966e9816b34e81549445c83379234ccfff133d41985179e663170edc99877d1da1851f639d0b5b3f07afeaf8c2bc21ea8892bd3a71bab9814a16

        • C:\Windows\System32\OpenSSH\ssh-agent.exe

          Filesize

          940KB

          MD5

          9a4a3f81c6279f775e27cbfa8ce26f6e

          SHA1

          9a75e00a449b5b2821aab66eb2076f4e15181cd3

          SHA256

          f64f45dbd9ee4a74fe2baebeee14d43c61fdcc0f864ea3f6e0344b2d77727f41

          SHA512

          77db750c330718e73857a763731886aa49389be2ba9500fff4333b5bff91fbd7ccb7d4afd37bbe0e870cf4ba796f1363b93bad64287300ee911564309b0cfe4e

        • C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

          Filesize

          671KB

          MD5

          ee7389a95c9a7c6cd0f2865acca87da1

          SHA1

          90115bf8b535de870c69ee640062f172f6c6e899

          SHA256

          5c12b308cfc13dd6d390ae479290eba417396c220b5006f6e9265e55eebd8319

          SHA512

          8db085b6c8fe031962fd3610cfcfb2a4b6274b34e885ee0ed3383115046d118c2eb1e27e92963becd62c1e07622c886f00e46e684954e01038e86d18fc7f4f44

        • C:\Windows\System32\SearchIndexer.exe

          Filesize

          1.4MB

          MD5

          a357a34fefb33d877194e27c25ab4a33

          SHA1

          86ecd7c033f90d20174780fbbb35cd006b3908df

          SHA256

          45671311f11046d4852bc5e53c822b22142a71032cf0f4299c39036130f3c5af

          SHA512

          cc089da0874ac29f37b7b842b775ab3f9a159a3807db113b13b34b78e2f8d8ec2c4bd7e27828bc1b020b77a870a236575a622fcd44619b952f2e16aa9873659a

        • C:\Windows\System32\SensorDataService.exe

          Filesize

          1.8MB

          MD5

          2642fcaab0f8885a7bfdc851898358cd

          SHA1

          a5adc5c44a816317b5f2317cdb14b540c392a35a

          SHA256

          6ac890c48a412f262d182d92e70711cddf15794f511adc9f78feef020bdab6ce

          SHA512

          780ca9519b52fed87e452dd2e60ddbaa7e074f5f05685b0c3303c14619f14f9b08ab9e737a3ee9565da29203c56ba5e3333dfdca150ccca66e28c80190ea4ea9

        • C:\Windows\System32\Spectrum.exe

          Filesize

          1.4MB

          MD5

          3daef93db35fe39a49d8a6ae810d9cbc

          SHA1

          a598822db68f12d7ada45e71cfd459939d9032ba

          SHA256

          c57bd1e048b24cb2757d06151ab0b0d37b797f0482dc862a5c1297af456449d0

          SHA512

          542394e4b9afea88faf60baf8c31f914204cfc4ce067e0fd0f27ca502ddc067f2a0a22be3b01722b035e47d5a3781eef532cf9df1fa4699d6f2950af3a64fab1

        • C:\Windows\System32\TieringEngineService.exe

          Filesize

          885KB

          MD5

          45186b6e61f1e265e3c03d9324045e54

          SHA1

          f62a0ae18073acf1101d0f2028c453a2c54d4355

          SHA256

          813ffdc4f31cf4f9c6953dcdc54ff094bf6345cc3428e02047a4a19607a5ef0e

          SHA512

          9c45530351f4adc0ab3cb29c657a7fdd7dbf4d3d322105d6d5166c89ba4d41b765d8752cfc86182f892ef4815e72fdd252c80a671e387f2d26ae7f6978f51be5

        • C:\Windows\System32\VSSVC.exe

          Filesize

          2.0MB

          MD5

          8b24e73146777b5d925a0224d13c3387

          SHA1

          e14063d01b53fecd0331f8f4f1cb8b7f5f500b86

          SHA256

          6ec53a9d3cd66131722e7f7e0e070f24f8ead1c9b46fd532c09386de61316234

          SHA512

          06e265c87f976a337198a442430d42fdfce34a8746faa24dd26846d2e68f7f8cfe308ce6e3e4ddd28d92acf8c72f7e5fc78e3b086406dea43c2443d7b9884c48

        • C:\Windows\System32\alg.exe

          Filesize

          661KB

          MD5

          5ce8a24668a3eb128fbbddf502df52b5

          SHA1

          e8e3959ee94475a92c043b7249ea548d02aa9eda

          SHA256

          2c2aecbc20634c3de077fceb38bace541fc840dd03919c63df092aff0e4a58e7

          SHA512

          fabf5073c7f78e5af621d77005e53b9fed0bf98210bc7fbe277e8119480dafbb9c6674af65050755335b17e3bc1fb3ac88d5a3f3d0b179a5c042ea257dafe52d

        • C:\Windows\System32\msdtc.exe

          Filesize

          712KB

          MD5

          aa7e8590f9a435debd1d30352c0bf359

          SHA1

          db1f56918d13f8de34f03f986f95eb615c436b76

          SHA256

          14dab581120eaaba466a298dbebfd6c6c14d6f394d658f158b9715b1ded0ef00

          SHA512

          0895edc7d0554bc7c1503b0c81dc0f3d8213d575f21a672d2f4af4d341ada129b84b1704d22ddea21211ad2778b2faf886c89857c03e81ddb0bf794b3d118584

        • C:\Windows\System32\snmptrap.exe

          Filesize

          584KB

          MD5

          343f516be024ebf6dd72febb6aa96302

          SHA1

          129c51a9fb29879b22a02ef24c96a5696f88f3f4

          SHA256

          0fc96c90be3485d99b478499c2a33388edec948ece624279b2cf1b7b6b83ef88

          SHA512

          3a9dd91657c824f516849ea833c23a9e283e5de28d67946b5b1f6f1b8988c78c68f59c2fa07fedea77a3cca4290283694005c1cf7239bf0022b5f904157d4933

        • C:\Windows\System32\vds.exe

          Filesize

          1.3MB

          MD5

          03875e9989a793f2cef24c42ea2d93c8

          SHA1

          0f0983912cc6f019c99028665934a2e6f07e0d69

          SHA256

          669d1ee692ffe864496ab7d928f5fb896d93cf3ca9c1687c474aec8714f1f1d1

          SHA512

          8c36b6509ec66ec25d23f1933c5d47c4af7fd6138625fd2ffedfc6a0816deded4d7280173d5633f974245aa2794960cea6da48580477ab000d412bf9348c7dc0

        • C:\Windows\System32\wbem\WmiApSrv.exe

          Filesize

          772KB

          MD5

          00dbaffcd6407c974ab29dbb85dbb745

          SHA1

          9426e0d86147b1e217b96d54e66ea82e9c1b63f4

          SHA256

          61ebacb647262db8fc0ea3706e2d3ffee11966905d48b6b89150fb76a6fafcbc

          SHA512

          0b0d67905238f34e35cc2c790b4e9aef0e2239f33996b6d2533376fbf0ec3b844f22a92248d57c42050b7c414b2f63475578d0aa26c9c8140c998a8bf39419be

        • C:\Windows\System32\wbengine.exe

          Filesize

          2.1MB

          MD5

          a916cadab60d20e6da15441cff7e7c5a

          SHA1

          88e75711ede34fa120b9c14597c07b5234c87ec6

          SHA256

          2612161a2a615d978e1307e794695fde400b7cbe38c61b2ad7b516207418773d

          SHA512

          497feca2958a1715bba3f374483faf8ed732eb89e5af3e2763491f86ae97b2e9050665a5744703509a5bb8240e3a6139cf67f324ff97014f2a2096084ad13afc

        • C:\Windows\system32\AppVClient.exe

          Filesize

          1.3MB

          MD5

          89eaac9183ac0a1243d0afb15f93b762

          SHA1

          102269686940ffaf99e1b20468492415f38de809

          SHA256

          f8bfa461a01bc3d8a79d1ca749c60a67407b8f4a1acf1b9d0d11b7b215e09089

          SHA512

          584c11bf285f5b37546cc1fe864e2ab7b0dd31e2be40af32f553db4bd9a111177fbb9ea9d6d4dcf09acf6e2579dfd2cb08f9c505c7391a1eed5b0fe29929a096

        • C:\Windows\system32\SgrmBroker.exe

          Filesize

          877KB

          MD5

          b2e2ee6ff7d3245c327c21e1be61703a

          SHA1

          d0ec3affb0ad58122da517909fe0e90da96916ef

          SHA256

          a4fa16a15afa8d5299c431741dfcda5a165fcea01dd3e981e76d5f305e155915

          SHA512

          89aca3552754d4e8b424d66876db0aba1e501dc9095c6c95de02f9f7791ceaf9ab931554062a17250f73e91f51ea52a0ec2874d3b8552a8fb7d9372c3663ccc3

        • C:\Windows\system32\msiexec.exe

          Filesize

          635KB

          MD5

          f55ad8eaf24af9f71a49b8dae4bf5c61

          SHA1

          4e06d2b294dd186647b92446a9bdb053d3ead6b7

          SHA256

          3fe17642db945b251c6817ab599053306b5031970c3649776866fca3a6e33a6f

          SHA512

          fbdfbfff3d93d61b6bdbf4adc94382ba335f8d8f911a5fd79656c0f112329a4162f83ce189eac233e087289040cd69d4e540f68cccbc2b707060e7f51a6d1991

        • memory/1032-220-0x0000000140000000-0x00000001401C0000-memory.dmp

          Filesize

          1.8MB

        • memory/1032-208-0x0000000140000000-0x00000001401C0000-memory.dmp

          Filesize

          1.8MB

        • memory/1800-268-0x0000000140000000-0x0000000140095000-memory.dmp

          Filesize

          596KB

        • memory/1800-142-0x0000000140000000-0x0000000140095000-memory.dmp

          Filesize

          596KB

        • memory/1996-141-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

        • memory/1996-31-0x0000000000690000-0x00000000006F0000-memory.dmp

          Filesize

          384KB

        • memory/1996-28-0x0000000140000000-0x00000001400A9000-memory.dmp

          Filesize

          676KB

        • memory/1996-24-0x0000000000690000-0x00000000006F0000-memory.dmp

          Filesize

          384KB

        • memory/2180-234-0x0000000140000000-0x00000001400AB000-memory.dmp

          Filesize

          684KB

        • memory/2180-113-0x0000000140000000-0x00000001400AB000-memory.dmp

          Filesize

          684KB

        • memory/2236-207-0x0000000140000000-0x00000001400B9000-memory.dmp

          Filesize

          740KB

        • memory/2236-87-0x0000000140000000-0x00000001400B9000-memory.dmp

          Filesize

          740KB

        • memory/2472-195-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

        • memory/2472-82-0x0000000001AA0000-0x0000000001B00000-memory.dmp

          Filesize

          384KB

        • memory/2472-84-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

        • memory/2472-71-0x0000000001AA0000-0x0000000001B00000-memory.dmp

          Filesize

          384KB

        • memory/2472-77-0x0000000001AA0000-0x0000000001B00000-memory.dmp

          Filesize

          384KB

        • memory/2548-66-0x0000000140000000-0x000000014024C000-memory.dmp

          Filesize

          2.3MB

        • memory/2548-58-0x0000000000890000-0x00000000008F0000-memory.dmp

          Filesize

          384KB

        • memory/2548-64-0x0000000000890000-0x00000000008F0000-memory.dmp

          Filesize

          384KB

        • memory/2548-183-0x0000000140000000-0x000000014024C000-memory.dmp

          Filesize

          2.3MB

        • memory/2596-55-0x0000000140000000-0x0000000140234000-memory.dmp

          Filesize

          2.2MB

        • memory/2596-47-0x0000000000D50000-0x0000000000DB0000-memory.dmp

          Filesize

          384KB

        • memory/2596-53-0x0000000000D50000-0x0000000000DB0000-memory.dmp

          Filesize

          384KB

        • memory/2596-170-0x0000000140000000-0x0000000140234000-memory.dmp

          Filesize

          2.2MB

        • memory/2672-481-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/2672-279-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/2672-147-0x0000000140000000-0x00000001401D7000-memory.dmp

          Filesize

          1.8MB

        • memory/2800-483-0x0000000140000000-0x00000001400E2000-memory.dmp

          Filesize

          904KB

        • memory/2800-196-0x0000000140000000-0x00000001400E2000-memory.dmp

          Filesize

          904KB

        • memory/2948-473-0x0000000140000000-0x0000000140096000-memory.dmp

          Filesize

          600KB

        • memory/2948-159-0x0000000140000000-0x0000000140096000-memory.dmp

          Filesize

          600KB

        • memory/3100-618-0x0000000140000000-0x0000000140179000-memory.dmp

          Filesize

          1.5MB

        • memory/3100-280-0x0000000140000000-0x0000000140179000-memory.dmp

          Filesize

          1.5MB

        • memory/3144-222-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

        • memory/3144-108-0x0000000140000000-0x00000001400CF000-memory.dmp

          Filesize

          828KB

        • memory/3220-110-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

        • memory/3220-12-0x00000000006B0000-0x0000000000710000-memory.dmp

          Filesize

          384KB

        • memory/3220-18-0x00000000006B0000-0x0000000000710000-memory.dmp

          Filesize

          384KB

        • memory/3220-11-0x0000000140000000-0x00000001400AA000-memory.dmp

          Filesize

          680KB

        • memory/3292-35-0x0000000000E90000-0x0000000000EF0000-memory.dmp

          Filesize

          384KB

        • memory/3292-44-0x0000000000E90000-0x0000000000EF0000-memory.dmp

          Filesize

          384KB

        • memory/3292-81-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

        • memory/3292-43-0x0000000140000000-0x0000000140135000-memory.dmp

          Filesize

          1.2MB

        • memory/3292-67-0x0000000000E90000-0x0000000000EF0000-memory.dmp

          Filesize

          384KB

        • memory/3536-247-0x0000000140000000-0x0000000140216000-memory.dmp

          Filesize

          2.1MB

        • memory/3536-616-0x0000000140000000-0x0000000140216000-memory.dmp

          Filesize

          2.1MB

        • memory/4468-223-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

        • memory/4468-484-0x0000000140000000-0x0000000140147000-memory.dmp

          Filesize

          1.3MB

        • memory/4500-86-0x0000000000400000-0x0000000000584000-memory.dmp

          Filesize

          1.5MB

        • memory/4500-1-0x0000000002420000-0x0000000002486000-memory.dmp

          Filesize

          408KB

        • memory/4500-0-0x0000000000400000-0x0000000000584000-memory.dmp

          Filesize

          1.5MB

        • memory/4500-6-0x0000000002420000-0x0000000002486000-memory.dmp

          Filesize

          408KB

        • memory/4516-235-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB

        • memory/4516-615-0x0000000140000000-0x00000001401FC000-memory.dmp

          Filesize

          2.0MB

        • memory/4688-190-0x0000000140000000-0x0000000140102000-memory.dmp

          Filesize

          1.0MB

        • memory/4688-482-0x0000000140000000-0x0000000140102000-memory.dmp

          Filesize

          1.0MB

        • memory/4744-179-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

        • memory/4744-478-0x0000000140000000-0x0000000140169000-memory.dmp

          Filesize

          1.4MB

        • memory/4904-125-0x0000000000400000-0x0000000000497000-memory.dmp

          Filesize

          604KB

        • memory/4904-246-0x0000000000400000-0x0000000000497000-memory.dmp

          Filesize

          604KB

        • memory/5040-617-0x0000000140000000-0x00000001400C6000-memory.dmp

          Filesize

          792KB

        • memory/5040-269-0x0000000140000000-0x00000001400C6000-memory.dmp

          Filesize

          792KB

        We care about your privacy.

        This website stores cookies on your computer. These cookies are used to improve your website experience and provide more personalized services to you, both on this website and through other media. To find out more about the cookies we use, see our Privacy Policy.