Analysis
-
max time kernel
150s -
max time network
149s -
platform
windows10-2004_x64 -
resource
win10v2004-20240426-en -
resource tags
arch:x64arch:x86image:win10v2004-20240426-enlocale:en-usos:windows10-2004-x64system -
submitted
25-05-2024 21:44
Behavioral task
behavioral1
Sample
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe
Resource
win7-20240508-en
Behavioral task
behavioral2
Sample
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe
Resource
win10v2004-20240426-en
General
-
Target
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe
-
Size
69KB
-
MD5
7357e22d05e1b7be712e400e4d1500bf
-
SHA1
6221f5c88a1098cfeb93fb570fc05b638d0967e1
-
SHA256
aee7056527f4edceb94fccd826e145c90b41555d125fb56939934c6632717116
-
SHA512
124b04c63aebd79312961679f89c3cf21f5bf77db32335205e760874dc6d465e8690f04e82d73cb84a3b0c0ce4b3e6b2db724f3f6d450191fe774a90bf164e69
-
SSDEEP
1536:oZZZZZZZZZZZZpXzzzzzzzzzzzzV9rXounV98hbHnAwfMqqU+2bbbAV2/S2Lkvd9:mBounVyFHpfMqqDL2/Lkvd
Malware Config
Signatures
-
Adds Run key to start application 2 TTPs 1 IoCs
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription ioc process Set value (str) \REGISTRY\USER\S-1-5-21-711569230-3659488422-571408806-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\aczsfplevgm = "C:\\Users\\Admin\\AppData\\Local\\Temp\\7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe" 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Enumerates connected drives 3 TTPs 23 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription ioc process File opened (read-only) \??\X: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\G: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\J: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\L: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\R: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\K: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\M: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\T: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\V: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\B: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\E: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\H: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\I: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\Y: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\A: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\P: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\S: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\W: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\Z: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\N: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\O: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\Q: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe File opened (read-only) \??\U: 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Checks processor information in registry 2 TTPs 3 IoCs
Processor information is often read in order to detect sandboxing environments.
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription ioc process Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Identifier 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Suspicious behavior: EnumeratesProcesses 4 IoCs
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exepid process 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe -
Suspicious use of WriteProcessMemory 64 IoCs
Processes:
7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exedescription pid process target process PID 1644 wrote to memory of 3672 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3672 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3672 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1888 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1888 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1888 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4920 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4920 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4920 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3012 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3012 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3012 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2120 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2120 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2120 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1492 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1492 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1492 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2956 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2956 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2956 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4908 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4908 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4908 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1764 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1764 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1764 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3720 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3720 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 3720 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4764 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4764 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4764 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4552 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4552 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4552 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4932 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4932 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4932 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2008 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2008 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2008 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2248 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2248 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2248 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2752 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2752 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2752 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4188 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4188 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4188 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2336 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2336 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 2336 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4852 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4852 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4852 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4992 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4992 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4992 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4548 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4548 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 4548 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe PID 1644 wrote to memory of 1960 1644 7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe nslookup.exe
Processes
-
C:\Users\Admin\AppData\Local\Temp\7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe"C:\Users\Admin\AppData\Local\Temp\7357e22d05e1b7be712e400e4d1500bf_JaffaCakes118.exe"1⤵
- Adds Run key to start application
- Enumerates connected drives
- Checks processor information in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:1644 -
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3672
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1888
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4920
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:3012
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2120
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1492
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2956
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4908
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1764
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:3720
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:4764
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4552
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:4932
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2008
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2248
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2752
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:4188
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2336
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:4852
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4992
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4548
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1960
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1060
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1352
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3932
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:3716
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2244
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1476
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1996
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2888
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3412
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2820
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2964
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:4000
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2560
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4584
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1344
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:3692
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4208
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1840
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:884
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4820
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:4360
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:976
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4344
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:4484
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:3176
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2944
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3996
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2084
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:3952
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2876
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:3240
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:1692
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1704
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:3472
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2520
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:2532
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:468
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4164
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3004
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:772
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2184
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:632
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:3440
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:2688
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1092
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4944
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1848
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:4912
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2932
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4496
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3008
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:344
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4972
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1312
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1076
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:3872
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2948
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4264
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4204
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:3204
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:4364
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4808
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:2412
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:1952
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2372
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:1900
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:3084
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:3268
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:3148
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:2188
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:1892
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:3980
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:2920
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4504
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:1264
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4292
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:2032
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:4160
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:640
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:4140
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:756
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4356
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns2.soprodns.ru2⤵PID:4048
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns2.soprodns.ru2⤵PID:3476
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns2.soprodns.ru2⤵PID:1784
-
C:\Windows\SysWOW64\nslookup.exenslookup gandcrab.bit dns1.soprodns.ru2⤵PID:224
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.coin dns1.soprodns.ru2⤵PID:4156
-
C:\Windows\SysWOW64\nslookup.exenslookup nomoreransom.bit dns1.soprodns.ru2⤵PID:4960