Analysis
-
max time kernel
150s -
max time network
152s -
platform
windows7_x64 -
resource
win7-20240221-en -
resource tags
arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system -
submitted
24/03/2024, 03:52
Behavioral task
behavioral1
Sample
d721976d1cda5b317fd29d178ec24e55.exe
Resource
win7-20240221-en
Behavioral task
behavioral2
Sample
d721976d1cda5b317fd29d178ec24e55.exe
Resource
win10v2004-20240226-en
General
-
Target
d721976d1cda5b317fd29d178ec24e55.exe
-
Size
69KB
-
MD5
d721976d1cda5b317fd29d178ec24e55
-
SHA1
2f9988f7f4ac6f482bd4fb1203ebd5257be719c1
-
SHA256
376d1f424ec2944ab983f78cf50ec55d0acf56b5e7074ce1d1a2639569c83eeb
-
SHA512
f928a28c582cbac9abf9211c53209d9d2a956eee852a99030fef60b54d09a46dff3277ec7b6c0787b35a3b19f62c5d5195f66133349e9a17095615a07e547683
-
SSDEEP
1536:HZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:PBounVyFHpfMqqDL2/Lkvd
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
description ioc Process Set value (str) \REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\dawubksxfdb = "C:\\Users\\Admin\\AppData\\Local\\Temp\\d721976d1cda5b317fd29d178ec24e55.exe" d721976d1cda5b317fd29d178ec24e55.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
description ioc Process File opened (read-only) \??\A: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\B: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\G: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\M: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\S: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\T: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\W: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\Y: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\O: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\Q: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\R: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\X: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\E: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\J: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\V: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\H: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\I: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\K: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\L: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\N: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\P: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\U: d721976d1cda5b317fd29d178ec24e55.exe File opened (read-only) \??\Z: d721976d1cda5b317fd29d178ec24e55.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
description ioc Process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 d721976d1cda5b317fd29d178ec24e55.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString d721976d1cda5b317fd29d178ec24e55.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier d721976d1cda5b317fd29d178ec24e55.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
pid Process 1784 d721976d1cda5b317fd29d178ec24e55.exe 1784 d721976d1cda5b317fd29d178ec24e55.exe -
Suspicious use of WriteProcessMemory 64 IoCs
description pid Process procid_target PID 1784 wrote to memory of 2508 1784 d721976d1cda5b317fd29d178ec24e55.exe 28 PID 1784 wrote to memory of 2508 1784 d721976d1cda5b317fd29d178ec24e55.exe 28 PID 1784 wrote to memory of 2508 1784 d721976d1cda5b317fd29d178ec24e55.exe 28 PID 1784 wrote to memory of 2508 1784 d721976d1cda5b317fd29d178ec24e55.exe 28 PID 1784 wrote to memory of 2700 1784 d721976d1cda5b317fd29d178ec24e55.exe 30 PID 1784 wrote to memory of 2700 1784 d721976d1cda5b317fd29d178ec24e55.exe 30 PID 1784 wrote to memory of 2700 1784 d721976d1cda5b317fd29d178ec24e55.exe 30 PID 1784 wrote to memory of 2700 1784 d721976d1cda5b317fd29d178ec24e55.exe 30 PID 1784 wrote to memory of 2716 1784 d721976d1cda5b317fd29d178ec24e55.exe 33 PID 1784 wrote to memory of 2716 1784 d721976d1cda5b317fd29d178ec24e55.exe 33 PID 1784 wrote to memory of 2716 1784 d721976d1cda5b317fd29d178ec24e55.exe 33 PID 1784 wrote to memory of 2716 1784 d721976d1cda5b317fd29d178ec24e55.exe 33 PID 1784 wrote to memory of 2708 1784 d721976d1cda5b317fd29d178ec24e55.exe 35 PID 1784 wrote to memory of 2708 1784 d721976d1cda5b317fd29d178ec24e55.exe 35 PID 1784 wrote to memory of 2708 1784 d721976d1cda5b317fd29d178ec24e55.exe 35 PID 1784 wrote to memory of 2708 1784 d721976d1cda5b317fd29d178ec24e55.exe 35 PID 1784 wrote to memory of 2740 1784 d721976d1cda5b317fd29d178ec24e55.exe 37 PID 1784 wrote to memory of 2740 1784 d721976d1cda5b317fd29d178ec24e55.exe 37 PID 1784 wrote to memory of 2740 1784 d721976d1cda5b317fd29d178ec24e55.exe 37 PID 1784 wrote to memory of 2740 1784 d721976d1cda5b317fd29d178ec24e55.exe 37 PID 1784 wrote to memory of 2456 1784 d721976d1cda5b317fd29d178ec24e55.exe 39 PID 1784 wrote to memory of 2456 1784 d721976d1cda5b317fd29d178ec24e55.exe 39 PID 1784 wrote to memory of 2456 1784 d721976d1cda5b317fd29d178ec24e55.exe 39 PID 1784 wrote to memory of 2456 1784 d721976d1cda5b317fd29d178ec24e55.exe 39 PID 1784 wrote to memory of 2416 1784 d721976d1cda5b317fd29d178ec24e55.exe 41 PID 1784 wrote to memory of 2416 1784 d721976d1cda5b317fd29d178ec24e55.exe 41 PID 1784 wrote to memory of 2416 1784 d721976d1cda5b317fd29d178ec24e55.exe 41 PID 1784 wrote to memory of 2416 1784 d721976d1cda5b317fd29d178ec24e55.exe 41 PID 1784 wrote to memory of 2336 1784 d721976d1cda5b317fd29d178ec24e55.exe 43 PID 1784 wrote to memory of 2336 1784 d721976d1cda5b317fd29d178ec24e55.exe 43 PID 1784 wrote to memory of 2336 1784 d721976d1cda5b317fd29d178ec24e55.exe 43 PID 1784 wrote to memory of 2336 1784 d721976d1cda5b317fd29d178ec24e55.exe 43 PID 1784 wrote to memory of 2068 1784 d721976d1cda5b317fd29d178ec24e55.exe 45 PID 1784 wrote to memory of 2068 1784 d721976d1cda5b317fd29d178ec24e55.exe 45 PID 1784 wrote to memory of 2068 1784 d721976d1cda5b317fd29d178ec24e55.exe 45 PID 1784 wrote to memory of 2068 1784 d721976d1cda5b317fd29d178ec24e55.exe 45 PID 1784 wrote to memory of 2036 1784 d721976d1cda5b317fd29d178ec24e55.exe 47 PID 1784 wrote to memory of 2036 1784 d721976d1cda5b317fd29d178ec24e55.exe 47 PID 1784 wrote to memory of 2036 1784 d721976d1cda5b317fd29d178ec24e55.exe 47 PID 1784 wrote to memory of 2036 1784 d721976d1cda5b317fd29d178ec24e55.exe 47 PID 1784 wrote to memory of 792 1784 d721976d1cda5b317fd29d178ec24e55.exe 49 PID 1784 wrote to memory of 792 1784 d721976d1cda5b317fd29d178ec24e55.exe 49 PID 1784 wrote to memory of 792 1784 d721976d1cda5b317fd29d178ec24e55.exe 49 PID 1784 wrote to memory of 792 1784 d721976d1cda5b317fd29d178ec24e55.exe 49 PID 1784 wrote to memory of 1484 1784 d721976d1cda5b317fd29d178ec24e55.exe 51 PID 1784 wrote to memory of 1484 1784 d721976d1cda5b317fd29d178ec24e55.exe 51 PID 1784 wrote to memory of 1484 1784 d721976d1cda5b317fd29d178ec24e55.exe 51 PID 1784 wrote to memory of 1484 1784 d721976d1cda5b317fd29d178ec24e55.exe 51 PID 1784 wrote to memory of 1632 1784 d721976d1cda5b317fd29d178ec24e55.exe 53 PID 1784 wrote to memory of 1632 1784 d721976d1cda5b317fd29d178ec24e55.exe 53 PID 1784 wrote to memory of 1632 1784 d721976d1cda5b317fd29d178ec24e55.exe 53 PID 1784 wrote to memory of 1632 1784 d721976d1cda5b317fd29d178ec24e55.exe 53 PID 1784 wrote to memory of 2732 1784 d721976d1cda5b317fd29d178ec24e55.exe 55 PID 1784 wrote to memory of 2732 1784 d721976d1cda5b317fd29d178ec24e55.exe 55 PID 1784 wrote to memory of 2732 1784 d721976d1cda5b317fd29d178ec24e55.exe 55 PID 1784 wrote to memory of 2732 1784 d721976d1cda5b317fd29d178ec24e55.exe 55 PID 1784 wrote to memory of 2760 1784 d721976d1cda5b317fd29d178ec24e55.exe 57 PID 1784 wrote to memory of 2760 1784 d721976d1cda5b317fd29d178ec24e55.exe 57 PID 1784 wrote to memory of 2760 1784 d721976d1cda5b317fd29d178ec24e55.exe 57 PID 1784 wrote to memory of 2760 1784 d721976d1cda5b317fd29d178ec24e55.exe 57 PID 1784 wrote to memory of 2308 1784 d721976d1cda5b317fd29d178ec24e55.exe 59 PID 1784 wrote to memory of 2308 1784 d721976d1cda5b317fd29d178ec24e55.exe 59 PID 1784 wrote to memory of 2308 1784 d721976d1cda5b317fd29d178ec24e55.exe 59 PID 1784 wrote to memory of 2308 1784 d721976d1cda5b317fd29d178ec24e55.exe 59
Processes
-
C:\Users\Admin\AppData\Local\Temp\d721976d1cda5b317fd29d178ec24e55.exe"C:\Users\Admin\AppData\Local\Temp\d721976d1cda5b317fd29d178ec24e55.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1784 -
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2508
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2700
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2716
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2708
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2740
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2456
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2416
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2336
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2068
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2036
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:792
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1484
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1632
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2732
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2760
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2308
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2332
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:896
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1100
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2304
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1844
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1796
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1444
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2240
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:612
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2080
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1812
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1092
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2272
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1140
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1040
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1352
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1792
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1788
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2980
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1292
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1264
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1136
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:820
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1524
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1988
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1704
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1540
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2612
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2112
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2428
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2896
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2992
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2712
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2396
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2940
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2888
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:988
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:560
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:888
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1360
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:928
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1232
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1968
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1648
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1964
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2468
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2652
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2268
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:3004
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1488
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1308
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:3028
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1676
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1664
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1124
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1960
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1052
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1328
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:676
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2212
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2188
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1468
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2220
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1000
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1600
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2480
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:3036
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2544
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2620
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2644
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2564
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2536
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2108
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2476
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2872
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2384
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:520
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:464
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:944
-
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2768
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1460
-
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2852
-