Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D4950 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
0_2_0F1D4950 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D8150 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
0_2_0F1D8150 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D5880 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
0_2_0F1D5880 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D62B0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
0_2_0F1D62B0 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D82A0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
0_2_0F1D82A0 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D5210 lstrlenA,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
0_2_0F1D5210 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D6530 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
0_2_0F1D6530 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D5670 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
0_2_0F1D5670 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC4950 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
9_2_0FBC4950 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC62B0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
9_2_0FBC62B0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC82A0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
9_2_0FBC82A0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC5880 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
9_2_0FBC5880 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC6530 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
9_2_0FBC6530 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC5210 lstrlenA,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
9_2_0FBC5210 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC5670 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
9_2_0FBC5670 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC8150 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
9_2_0FBC8150 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC4950 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,VirtualAlloc,GetModuleFileNameW,VirtualFree,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW,ExitThread, |
25_2_0FBC4950 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC62B0 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
25_2_0FBC62B0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC82A0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
25_2_0FBC82A0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC5880 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
25_2_0FBC5880 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC6530 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
25_2_0FBC6530 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC5210 lstrlenA,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
25_2_0FBC5210 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC5670 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
25_2_0FBC5670 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC8150 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
25_2_0FBC8150 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D6A40 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, |
0_2_0F1D6A40 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D6C90 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, |
0_2_0F1D6C90 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC6C90 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, |
9_2_0FBC6C90 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC6A40 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, |
9_2_0FBC6A40 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC6C90 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, |
25_2_0FBC6C90 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC6A40 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, |
25_2_0FBC6A40 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:50507 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:50508 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:50509 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:50510 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:61180 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:61181 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:61182 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:61183 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:53338 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:53339 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:53340 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:53341 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:51009 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:51010 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:51011 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:51012 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58285 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58286 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58287 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58288 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50026 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50027 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50028 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50029 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:62681 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:62682 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:62683 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:62684 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:52106 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:52107 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:52108 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:52109 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51141 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51142 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51143 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51144 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:58786 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:58787 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:58788 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:58789 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58748 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58749 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58750 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:58751 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62435 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62436 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62437 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62438 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:64080 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:64081 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:64082 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:64083 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50233 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50234 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50235 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:50236 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51438 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51439 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51440 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:51441 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59055 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59056 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59057 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59058 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:63189 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:63190 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:63191 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:63192 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:53639 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:53640 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:53641 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:53642 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:54194 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:54195 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:54196 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:54197 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62020 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62021 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62022 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62023 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:60839 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:60840 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:60841 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:60842 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:55833 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:55834 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:55835 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:55836 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:56773 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:56774 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:56775 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:56776 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59548 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59549 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59550 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:59551 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:61174 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:61175 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:61176 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:61177 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62910 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62911 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62912 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:62913 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59848 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59849 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59850 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59851 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:63293 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:63294 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:63295 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.7:63296 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59114 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59115 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59116 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.7:59117 -> 8.8.8.8:53 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: O8ZHhytWhn.exe, type: SAMPLE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: O8ZHhytWhn.exe, type: SAMPLE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 9.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 9.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 25.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 25.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.2.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.2.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 0.0.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 0.0.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: 9.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: 9.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe, type: DROPPED |
Matched rule: detects Reflective DLL injection artifacts Author: ditekSHen |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe, type: DROPPED |
Matched rule: Gandcrab Payload Author: kevoreilly |
Source: O8ZHhytWhn.exe, type: SAMPLE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: O8ZHhytWhn.exe, type: SAMPLE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: O8ZHhytWhn.exe, type: SAMPLE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: O8ZHhytWhn.exe, type: SAMPLE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 9.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 9.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 9.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 9.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 25.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 25.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 25.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 25.0.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.0.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 0.2.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 0.2.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.2.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 0.0.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 0.0.O8ZHhytWhn.exe.f1d0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 9.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: 9.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 9.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: 9.2.wjaoab.exe.fbc0000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe, type: DROPPED |
Matched rule: ReflectiveLoader author = Florian Roth, description = Detects a unspecified hack tool, crack or malware using a reflective loader - no hard match - further investigation recommended, nodeepdive = , score = 2017-07-17, reference = Internal Research, modified = 2021-03-15 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe, type: DROPPED |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe, type: DROPPED |
Matched rule: INDICATOR_SUSPICIOUS_ReflectiveLoader author = ditekSHen, description = detects Reflective DLL injection artifacts |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe, type: DROPPED |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: unknown |
Process created: C:\Users\user\Desktop\O8ZHhytWhn.exe "C:\Users\user\Desktop\O8ZHhytWhn.exe" |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe "C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe" |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe "C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe" |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3116:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1840:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5588:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6012:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5708:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2300:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5944:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5184:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5928:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5376:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:160:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2800:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3144:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:588:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4908:120:WilError_01 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Global\pc_group=WORKGROUP&ransom_id=4afbeea82d32d45 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5756:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2980:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1352:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4824:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4372:120:WilError_01 |
Source: C:\Windows\System32\conhost.exe |
Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1836:120:WilError_01 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Windows\System32\conhost.exe |
Last function: Thread delayed |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D6A40 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, |
0_2_0F1D6A40 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Code function: 0_2_0F1D6C90 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, |
0_2_0F1D6C90 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC6C90 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, |
9_2_0FBC6C90 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 9_2_0FBC6A40 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, |
9_2_0FBC6A40 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC6C90 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose, |
25_2_0FBC6C90 |
Source: C:\Users\user\AppData\Roaming\Microsoft\wjaoab.exe |
Code function: 25_2_0FBC6A40 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose, |
25_2_0FBC6A40 |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.coin dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns2.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\O8ZHhytWhn.exe |
Process created: unknown unknown |
Jump to behavior |