Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00405750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
1_2_00405750 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
1_2_00407C60 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00405D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
1_2_00405D80 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_004048A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW, |
1_2_004048A0 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00407DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
1_2_00407DB0 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00405540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
1_2_00405540 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
1_2_00405050 |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Code function: 1_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
1_2_00406000 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_004048A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW, |
13_2_004048A0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00405540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
13_2_00405540 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00405750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
13_2_00405750 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
13_2_00405050 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
13_2_00407C60 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
13_2_00406000 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00405D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
13_2_00405D80 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 13_2_00407DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
13_2_00407DB0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_004048A0 Sleep,ExitProcess,CreateThread,WaitForSingleObject,TerminateThread,CloseHandle,ExitProcess,Sleep,lstrlenA,VirtualAlloc,CryptStringToBinaryA,ExitProcess,InitializeCriticalSection,DeleteCriticalSection,VirtualAlloc,GetModuleFileNameW,VirtualFree,ShellExecuteW, |
21_2_004048A0 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00405540 VirtualAlloc,wsprintfW,lstrlenW,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenW,lstrlenW,CryptBinaryToStringA,GetLastError,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,VirtualFree,VirtualFree,VirtualFree, |
21_2_00405540 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00405750 VirtualAlloc,CryptBinaryToStringA,CryptBinaryToStringA,CryptBinaryToStringA,lstrlenA,lstrlenA,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrlenA,lstrcatW,lstrcatW,lstrlenW,lstrlenW,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenA,lstrlenW,MultiByteToWideChar,lstrcatW,lstrlenW,lstrlenW,VirtualAlloc,lstrlenW,lstrlenW,_memset,lstrlenA,lstrlenA,CryptBinaryToStringA,GetLastError,lstrlenA,VirtualAlloc,lstrlenA,lstrlenA,lstrlenA,lstrlenA,MultiByteToWideChar,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree,VirtualFree, |
21_2_00405750 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00405050 lstrlenA,VirtualAlloc,VirtualAlloc,CryptStringToBinaryA,_memset,lstrlenA,lstrlenA,VirtualAlloc,CryptStringToBinaryA,VirtualAlloc,MultiByteToWideChar,GetLastError,VirtualAlloc,VirtualFree,lstrlenA,VirtualAlloc,lstrcpyA,HeapFree,GetProcessHeap,HeapFree,GetProcessHeap,HeapFree,VirtualFree,GetLastError, |
21_2_00405050 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
21_2_00407C60 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection, |
21_2_00406000 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00405D80 CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptGenKey,CryptExportKey,CryptExportKey,CryptDestroyKey,CryptReleaseContext,CryptAcquireContextW, |
21_2_00405D80 |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe |
Code function: 21_2_00407DB0 VirtualAlloc,CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree, |
21_2_00407DB0 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:51141 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:51142 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:51143 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:51144 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:52957 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:52958 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:52959 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:52960 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:60584 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:60585 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:60586 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:60587 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57136 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57137 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57138 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57139 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:56044 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:56045 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:56046 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:56047 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59638 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59639 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59640 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59641 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55640 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55641 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55642 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55643 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57706 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57707 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57708 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57709 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65322 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65323 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65324 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65325 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60769 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60770 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60771 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60772 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65109 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65110 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65111 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65112 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53850 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53851 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53852 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53853 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57573 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57574 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57575 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:57576 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53307 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53308 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53309 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53310 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59435 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59436 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59437 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59438 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53846 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53847 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53848 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53849 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53468 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53469 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53470 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:53471 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53625 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53626 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53627 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53628 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61418 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61419 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61420 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61421 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65198 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65199 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65200 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65201 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59583 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59584 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59585 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59586 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53051 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53052 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53053 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53054 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60090 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60091 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60092 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60093 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:63564 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:63565 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:63566 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:63567 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53430 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53431 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53432 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53433 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65513 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65514 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65515 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65516 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59822 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59823 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59824 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59825 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64597 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64598 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64599 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64600 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64825 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64826 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64827 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64828 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51994 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51995 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51996 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51997 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:58121 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:58122 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:58123 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:58124 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49168 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49169 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49170 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49171 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:58303 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:58304 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:58305 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:58306 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63448 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63449 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63450 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63451 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49876 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49877 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49878 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:49879 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65387 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65388 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65389 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:65390 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54155 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54156 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54157 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54158 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64604 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64605 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64606 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64607 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50786 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50787 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50788 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50789 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64123 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64124 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64125 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64126 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64969 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64970 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64971 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64972 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:49203 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:49204 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:49205 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:49206 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60474 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60475 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60476 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60477 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59376 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59377 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59378 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59379 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:56618 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:56619 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:56620 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:56621 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61186 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61187 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61188 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61189 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57389 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57390 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57391 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57392 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50230 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50231 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50232 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50233 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53271 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53272 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53273 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:53274 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59829 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59830 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59831 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:59832 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62433 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62434 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62435 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62436 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64273 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64274 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64275 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:64276 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:51107 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:51108 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:51109 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:51110 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52457 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52458 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52459 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52460 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55246 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55247 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55248 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55249 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64973 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64974 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53039 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53040 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53041 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:53042 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55459 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55460 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55461 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55462 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60818 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60819 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60820 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:60821 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62426 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62427 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62428 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:62429 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61128 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61129 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61130 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61131 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58914 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58915 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58916 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58917 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50624 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50625 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50626 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50627 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55651 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55652 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55653 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:55654 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64378 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64379 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64380 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:64381 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52112 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52113 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52114 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52115 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63689 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63690 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63691 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:63692 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57826 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57827 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57828 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:57829 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52743 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52744 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52745 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:52746 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60646 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60647 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60648 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60649 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:55953 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:55954 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:55955 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:55956 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51594 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51595 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51596 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51597 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61361 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61362 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61363 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:61364 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58482 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58483 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58484 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:58485 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51891 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51892 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51893 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:51894 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60420 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60421 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60422 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:60423 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:54285 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:54286 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:54287 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:54288 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59765 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59766 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59767 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:59768 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54433 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54434 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54435 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829498 ETPRO TROJAN GandCrab DNS Lookup 1 192.168.2.3:54436 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65463 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65464 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65465 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2829500 ETPRO TROJAN GandCrab DNS Lookup 3 192.168.2.3:65466 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50092 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50093 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50094 -> 8.8.8.8:53 |
Source: Traffic |
Snort IDS: 2026737 ET TROJAN Observed GandCrab Domain (gandcrab .bit) 192.168.2.3:50095 -> 8.8.8.8:53 |
Source: 9gkAKTWOXp.exe, 00000001.00000000.253403415.000000000040E000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000000.253403415.000000000040E000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000000.253403415.000000000040E000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000000.253403415.000000000040E000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000000.253403415.000000000040E000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000000.253403415.000000000040E000.00000008.00000001.01000000.00000003.sdmp |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000002.561907295.000000000040E000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000002.561907295.000000000040E000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000002.561907295.000000000040E000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000002.561907295.000000000040E000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000002.561907295.000000000040E000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: 9gkAKTWOXp.exe, 00000001.00000002.561907295.000000000040E000.00000004.00000001.01000000.00000003.sdmp |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000000.288179215.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000000.288179215.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000000.288179215.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000000.288179215.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000000.288179215.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000000.288179215.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000002.295333499.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000002.295333499.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000002.295333499.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000002.295333499.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000002.295333499.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: vkspii.exe, 0000000D.00000002.295333499.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000000.302558828.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000000.302558828.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000000.302558828.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000000.302558828.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000000.302558828.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000000.302558828.000000000040E000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000002.305274923.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000002.305274923.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000002.305274923.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000002.305274923.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000002.305274923.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: vkspii.exe, 00000015.00000002.305274923.0000000000412000.00000008.00000001.01000000.00000006.sdmp |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: 9gkAKTWOXp.exe |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: 9gkAKTWOXp.exe |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: 9gkAKTWOXp.exe |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: 9gkAKTWOXp.exe |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: 9gkAKTWOXp.exe |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: 9gkAKTWOXp.exe |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: vkspii.exe.1.dr |
String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/e644d32fec6144de |
Source: vkspii.exe.1.dr |
String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/e644d32fec6144de |
Source: vkspii.exe.1.dr |
String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/e644d32fec6144de |
Source: vkspii.exe.1.dr |
String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/e644d32fec6144de |
Source: vkspii.exe.1.dr |
String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/e644d32fec6144de |
Source: vkspii.exe.1.dr |
String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/e644d32fec6144de |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: 9gkAKTWOXp.exe, type: SAMPLE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 9gkAKTWOXp.exe, type: SAMPLE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.0.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.0.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.2.9gkAKTWOXp.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.2.9gkAKTWOXp.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 13.2.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 13.2.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 21.2.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 1.0.9gkAKTWOXp.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 21.2.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 1.0.9gkAKTWOXp.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: 21.0.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: 21.0.vkspii.exe.400000.0.unpack, type: UNPACKEDPE |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe, type: DROPPED |
Matched rule: SUSP_RANSOMWARE_Indicator_Jul20 date = 2020-07-28, hash3 = 6cb9afff8166976bd62bb29b12ed617784d6e74b110afcf8955477573594f306, hash2 = 5e78475d10418c6938723f6cfefb89d5e9de61e45ecf374bb435c1c99dd4a473, author = Florian Roth, description = Detects ransomware indicator, score = 52888b5f881f4941ae7a8f4d84de27fc502413861f96ee58ee560c09c11880d6, reference = https://securelist.com/lazarus-on-the-hunt-for-big-game/97757/ |
Source: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe, type: DROPPED |
Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload |
Source: unknown |
Process created: C:\Users\user\Desktop\9gkAKTWOXp.exe "C:\Users\user\Desktop\9gkAKTWOXp.exe" |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe "C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe" |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: unknown |
Process created: C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe "C:\Users\user\AppData\Roaming\Microsoft\vkspii.exe" |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
Jump to behavior |
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Windows\SysWOW64\nslookup.exe |
File read: C:\Windows\System32\drivers\etc\hosts |
|
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |
Source: C:\Users\user\Desktop\9gkAKTWOXp.exe |
Process created: unknown unknown |
Jump to behavior |