Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows7_x64 -
resource
win7-20240508-en -
resource tags
arch:x64arch:x86image:win7-20240508-enlocale:en-usos:windows7-x64system -
submitted
25-05-2024 21:44
Behavioral task
behavioral1
Sample
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe
-
Size
69KB
-
MD5
7357e22d05e1b7be712e400e4d1500bf
-
SHA1
6221f5c88a1098cfeb93fb570fc05b638d0967e1
-
SHA256
aee7056527f4edceb94fccd826e145c90b41555d125fb56939934c6632717116
-
SHA512
124b04c63aebd79312961679f89c3cf21f5bf77db32335205e760874dc6d465e8690f04e82d73cb84a3b0c0ce4b3e6b2db724f3f6d450191fe774a90bf164e69
-
SSDEEP
1536:oZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:mBounVyFHpfMqqDL2/Lkvd
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-2737914667-933161113-3798636211-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\jptxcehzvcq = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe" 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription ioc process File opened (read-only) \??\E: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\G: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\H: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\J: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\R: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\A: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\O: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\P: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\Q: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\V: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\Z: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\I: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\L: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\M: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\N: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\T: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\W: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\B: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\K: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\S: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\U: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\X: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\Y: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 2 IoCs
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exepid process 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription pid process target process PID 1848 wrote to memory of 2384 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2384 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2384 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2384 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2664 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2664 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2664 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2664 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2916 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2916 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2916 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2916 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 1992 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 1992 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 1992 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 1992 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2548 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2548 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2548 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2548 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2756 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2756 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2756 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2756 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2516 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2516 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2516 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2516 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2444 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2444 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2444 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2444 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2360 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2360 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2360 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2360 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 304 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 304 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 304 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 304 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2828 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2828 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2828 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2828 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2608 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2608 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2608 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2608 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2888 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2888 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2888 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2888 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2248 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2248 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2248 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2248 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2228 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2228 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2228 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2228 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2244 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2244 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2244 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1848 wrote to memory of 2244 1848 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1848 -
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2384
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2664
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2916
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1992
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2548
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2756
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2516
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2444
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2360
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:304
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2828
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2608
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2888
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2248
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2228
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2244
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1816
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1692
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1512
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2212
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:852
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1388
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:828
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1716
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1936
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2940
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:536
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1084
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1468
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1800
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2332
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1768
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1948
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:892
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2348
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:752
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:676
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1440
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:3032
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2372
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:880
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2900
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1028
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1556
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2660
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2716
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2628
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2544
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2656
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2768
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2524
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2788
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2432
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:756
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1552
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2820
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:620
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2240
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1792
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1052
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1884
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2040
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1404
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2204
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1384
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2336
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2500
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2388
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1932
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:328
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1108
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:344
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1364
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1772
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1524
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1224
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:992
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2260
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2132
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2396
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2024
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1748
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1864
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1576
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2252
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1048
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2112
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2636
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2764
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2412
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2540
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2732
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:788
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2592
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1188
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2580
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2824
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2856
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1892
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2404
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1608
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1736
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1684
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1540
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2400
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1972
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2616
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2932
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:760
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1480
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:804