Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1522710
MD5:	d8029e1465ce1c847c658c71f7711bde
SHA1:	4b1a68c52bf2b22c359d6e321177789c1cc622c7
SHA256:	1c16b204dd52d4d3fab6113f20a43c29ff74db2746798b88bfd8f4214ac95cc5
Tags:	exeuser-jstrosch
Infos:

Detection

Gandcrab

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for dropped file

Malicious sample detected (through community Yara rule)

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Gandcrab

AI detected suspicious sample

Found Tor onion address

Machine Learning detection for dropped file

Machine Learning detection for sample

Uses nslookup.exe to query domains

AV process strings found (often used to terminate AV products)

Checks for available system drives (often done to infect USB drives)

Contains functionality to detect virtual machines (SLDT)

Contains functionality to dynamically determine API calls

Contains functionality to enumerate device drivers

Contains functionality to query CPU information (cpuid)

Creates a process in suspended mode (likely to inject code)

Detected non-DNS traffic on DNS port

Detected potential crypto function

Drops PE files

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Found large amount of non-executed APIs

May check the online IP address of the machine

May sleep (evasive loops) to hinder dynamic analysis

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample execution stops while process was sleeping (likely an evasion)

Sigma detected: CurrentVersion Autorun Keys Modification

Too many similar processes found

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara signature match

Classification

Malware Threat Intel
Provided by

Name	Description	Attribution	Blogpost URLs	Link
Gandcrab	GandCrab was a Ransomware-as-a-Service (RaaS) emerged in January 28, 2018, managed by a criminal organization known to be confident and vocal, while running a rapidly evolving ransomware campaign. Through their aggressive, albeit unusual, marketing strategies and constant recruitment of affiliates, they were able to globally distribute a high volume of their malware.In a surprising announcement on May 31, 2019, the GandCrabs operators posted on a dark web forum, announced the end of a little more than a year of ransomware operations, citing staggering profit figures. However, If theres one thing that sets these threat actors apart from other groups, it is that they are unpredictable; so there is always the possibility that they might re-surface in one form or another.	Pinchy Spider	http://asec.ahnlab.com/1145 http://www.secureworks.com/research/threat-profiles/gold-garden http://www.vmray.com/cyber-security-blog/gandcrab-ransomware-evolution-analysis/ https://asec.ahnlab.com/en/41450/ https://blog.intel471.com/2020/03/31/revil-ransomware-as-a-service-an-analysis-of-a-ransomware-affiliate-operation/	https://malpedia.caad.fkie.fraunhofer.de/details/win.gandcrab

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Avira: detection malicious, Label: HEUR/AGEN.1317392

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 89%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.5% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	0_2_00407C60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407DB0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	0_2_00407DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,	0_2_00406000
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,	31_2_00406000
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	31_2_00407C60
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00407DB0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	31_2_00407DB0

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\file.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	0_2_004064A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	0_2_004066F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	31_2_004064A0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	31_2_004066F0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54601 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54596 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50375 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54614 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54586 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54577 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54701 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54574 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54615 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54591 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54600 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54617 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54625 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54686 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54612 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54630 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56477 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54622 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54698 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54607 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51198 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54604 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53171 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54635 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54580 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54584 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53151 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54602 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54599 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54624 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53156 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54626 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50380 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54631 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53133 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54579 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54620 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53136 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54706 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54592 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54696 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53131 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54589 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54576 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53141 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56523 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54713 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54621 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53131 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54575 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53163 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56518 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54720 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56517 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54606 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51196 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55399 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54629 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53146 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54590 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55404 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53135 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55398 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54585 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51222 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54703 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54627 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56527 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61733 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52928 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52944 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62848 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62852 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62853 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62857 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62899 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63755 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63763 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63832 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55348 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50597 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61733 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56495 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54726 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54637 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56472 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56522 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54582 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50381 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56468 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54594 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54611 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54716 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54581 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50373 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54712 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53145 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53152 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55402 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54634 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53162 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53148 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54610 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54693 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53161 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53133 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54616 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54717 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53167 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53155 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53153 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53143 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53166 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54697 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54632 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54587 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54718 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51210 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56475 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51232 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56478 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52959 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56536 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51237 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51226 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50594 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54710 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56501 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50595 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56531 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56493 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54687 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50596 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54721 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54619 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52919 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53008 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54605 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61743 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56502 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56526 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54708 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53157 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56473 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55396 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54692 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54597 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53136 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53160 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61763 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53142 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53142 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56533 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52924 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51213 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54727 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55401 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50376 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53132 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54595 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61049 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56540 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54609 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51221 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51218 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51242 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54695 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53150 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54723 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52208 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54722 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56521 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52978 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52179 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55403 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52933 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51247 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52209 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52956 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61067 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53141 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51228 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51203 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53143 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51235 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54691 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52923 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52920 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:49714 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53172 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56465 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50378 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53130 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53170 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56505 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52213 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:57903 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56492 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51230 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54688 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52240 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56500 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52181 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52980 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52226 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52234 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62803 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62845 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62859 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52931 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50374 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53015 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56491 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52996 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54702 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54636 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54707 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52943 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61737 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52939 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63778 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52241 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51246 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51231 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52404 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52999 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52462 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53019 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53134 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51251 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56471 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56483 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56498 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53158 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56503 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56508 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61731 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63796 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56510 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52266 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63801 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51233 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56512 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52935 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52235 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63476 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54711 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53011 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61727 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52270 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52953 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52986 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52970 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53144 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51225 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52934 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52973 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52963 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53165 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52983 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52971 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53014 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52954 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56520 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52245 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53140 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63815 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53132 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54725 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56476 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52960 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56485 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52976 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52993 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52255 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53020 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56486 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53168 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62808 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52985 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56511 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52186 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54690 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53139 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56488 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51248 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56466 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52248 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54715 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52214 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56490 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53006 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62838 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54728 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56538 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52921 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52251 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62844 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61725 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56543 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52246 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53018 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61741 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56480 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52210 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56528 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56541 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62809 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51195 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62819 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51206 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52949 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52260 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63741 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56496 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61726 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56481 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56513 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52184 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53009 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63798 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52195 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63484 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56507 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56532 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51243 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52981 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52196 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61745 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62895 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52951 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63750 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56487 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63766 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52199 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52243 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63503 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56525 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52223 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55397 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51208 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52238 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52918 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52239 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52244 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53021 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62865 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52958 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52950 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52269 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52190 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52965 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56535 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53010 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62827 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63768 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55298 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52940 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56515 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62877 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55318 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56530 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52203 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51207 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62890 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54685 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63808 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63761 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62863 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51236 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62874 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50379 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52205 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63586 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63757 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63660 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52215 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52984 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52218 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52225 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52998 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62832 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51211 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51245 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51201 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54705 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63762 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51220 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63822 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55314 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62820 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56542 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56537 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52258 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61735 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63813 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51216 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62884 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:65310 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52259 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56516 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52263 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62812 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52938 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51193 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51238 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52198 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55342 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:65322 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52200 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62850 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61730 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62904 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63773 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56467 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63775 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63786 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55328 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55316 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52249 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61747 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55338 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55297 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52946 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61710 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55321 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53005 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53013 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56482 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55324 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62868 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51192 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62823 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55284 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62849 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63742 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55313 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63771 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63745 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:65402 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52254 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61757 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52261 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51197 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63787 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51212 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51200 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62830 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55323 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52974 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63753 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62804 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52989 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61748 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62879 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55567 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62898 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62813 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56470 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61727 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63812 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51240 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61740 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63770 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63828 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55293 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51241 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62807 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55354 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51217 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52185 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61741 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52994 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53001 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52204 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62854 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61046 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52268 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63790 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51227 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62894 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52926 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52178 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55363 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51252 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61745 -> 1.1.1.1:53

Found Tor onion address

Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/c09ba58a9869e72e

Uses nslookup.exe to query domains

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.8:49715 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49714 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49725 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49724 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49722 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49721 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49720 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49718 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49717 -> 1.1.1.1:53

May check the online IP address of the machine

Source: unknown	DNS query: name: ipv4bot.whatismyipaddress.com
Source: unknown	DNS query: name: ipv4bot.whatismyipaddress.com
Source: unknown	DNS query: name: ipv4bot.whatismyipaddress.com

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: ipv4bot.whatismyipaddress.com
Source: global traffic	DNS traffic detected: DNS query: dns1.soprodns.ru
Source: global traffic	DNS traffic detected: DNS query: 1.1.1.1.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: nomoreransom.bit
Source: global traffic	DNS traffic detected: DNS query: emsisoft.bit
Source: global traffic	DNS traffic detected: DNS query: gandcrab.bit

Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.casa/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.guide/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.plus/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.rip/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.top/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2830053630.000000000070B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2830053630.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2830053630.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipv4bot.whatismyipaddress.com/
Source: file.exe, 00000000.00000002.2830053630.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipv4bot.whatismyipaddress.com/S
Source: file.exe, 00000000.00000002.2830053630.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipv4bot.whatismyipaddress.com/U
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.torproject.org/

Spam, unwanted Advertisements and Ransom Demands

Yara detected Gandcrab

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: Process Memory Space: file.exe PID: 3488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ubrrkv.exe PID: 5604, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,		0_2_00406000
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,		31_2_00406000

Too many similar processes found

Source: conhost.exe	Process created: 59
Source: nslookup.exe	Process created: 67

System Summary

Malicious sample detected (through community Yara rule)

Source: file.exe, type: SAMPLE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 31.2.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 31.0.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe, type: DROPPED	Matched rule: Gandcrab Payload Author: kevoreilly

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407EE0		0_2_00407EE0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00407EE0		31_2_00407EE0

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: file.exe, type: SAMPLE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 31.2.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 31.0.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe, type: DROPPED	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload

Source: classification engine

Classification label: mal100.rans.troj.evad.winEXE@511/2@2240/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1824:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4128:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6812:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3800:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4568:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_03
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\pc_group=WORKGROUP&ransom_id=c09ba58a9869e72e
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1644:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7140:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5960:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1564:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5032:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4900:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1060:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5256:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7120:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6680:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1092:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 89%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe "C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe "C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

0_2_00407C60

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name: .xObf
Source: ubrrkv.exe.0.dr	Static PE information: section name: .xObf

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405352 pushfd ; iretd	0_2_00405353
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041FC23 push edi; retf	0_2_0041FC40
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00405352 pushfd ; iretd	31_2_00405353
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_0041FC23 push edi; retf	31_2_0041FC40

Drops PE files

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior

Contains functionality to detect virtual machines (SLDT)

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Code function: 31_2_0041CCC4 sldt word ptr [eax]

31_2_0041CCC4

Contains functionality to enumerate device drivers

Source: C:\Users\user\Desktop\file.exe	Code function: EnumDeviceDrivers,K32EnumDeviceDrivers,VirtualAlloc,K32EnumDeviceDrivers,K32GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,		0_2_00402F50
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: EnumDeviceDrivers,EnumDeviceDrivers,VirtualAlloc,EnumDeviceDrivers,GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,		31_2_00402F50

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\file.exe

Window / User API: threadDelayed 440

Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

API coverage: 1.9 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 5096	Thread sleep count: 440 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5096	Thread sleep time: -4400000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	0_2_004064A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	0_2_004066F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	31_2_004064A0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	31_2_004066F0

Source: file.exe, 00000000.00000002.2830053630.00000000006F5000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

0_2_00407C60

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe "C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00408BC0 cpuid

0_2_00408BC0

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: file.exe

Binary or memory string: avgnt.exe

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

⊘No contacted IP infos

Contacted Domains

Name	IP	Active
emsisoft.bit	unknown	unknown
ipv4bot.whatismyipaddress.com	unknown	unknown
nomoreransom.bit	unknown	unknown
1.1.1.1.in-addr.arpa	unknown	unknown
gandcrab.bit	unknown	unknown
dns1.soprodns.ru	unknown	unknown

AV Detection

Antivirus / Scanner detection for submitted sample

Source: file.exe

Avira: detected

Antivirus detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Avira: detection malicious, Label: HEUR/AGEN.1317392

Multi AV Scanner detection for submitted file

Source: file.exe

ReversingLabs: Detection: 89%

AI detected suspicious sample

Source: Submited Sample

Integrated Neural Analysis Model: Matched 98.5% probability

Machine Learning detection for dropped file

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Joe Sandbox ML: detected

Machine Learning detection for sample

Source: file.exe

Joe Sandbox ML: detected

Uses Microsoft's Enhanced Cryptographic Provider

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	0_2_00407C60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407DB0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	0_2_00407DB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,	0_2_00406000
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,	31_2_00406000
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	31_2_00407C60
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00407DB0 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,	31_2_00407DB0

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Checks for available system drives (often done to infect USB drives)

Source: C:\Users\user\Desktop\file.exe	File opened: z:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: x:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: v:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: t:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: r:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: p:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: n:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: l:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: j:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: h:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: f:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: b:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: y:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: w:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: u:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: s:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: q:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: o:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: m:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: k:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: i:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: g:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: e:	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: a:	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	0_2_004064A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	0_2_004066F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	31_2_004064A0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	31_2_004066F0

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54601 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54596 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50375 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54614 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54586 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54577 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54701 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54574 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54615 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54591 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54600 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54617 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54625 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54686 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54612 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54630 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56477 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54622 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54698 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54607 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51198 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54604 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53171 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54635 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54580 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54584 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53151 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54602 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54599 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54624 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53156 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54626 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50380 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54631 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53133 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54579 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54620 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53136 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54706 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54592 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54696 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53131 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54589 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54576 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53141 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56523 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54713 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53173 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54621 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53131 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54575 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53163 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56518 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54720 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56517 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54606 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51196 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55399 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54629 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53146 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54590 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55404 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53135 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55398 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54585 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51222 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54703 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54627 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56527 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61733 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52928 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52944 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62848 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62852 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62853 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62857 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62899 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63755 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63763 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63832 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55348 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50597 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61733 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56495 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54726 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54637 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56472 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56522 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54582 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50381 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56468 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54594 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54611 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54716 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54581 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50373 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54712 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53145 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53152 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55402 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54634 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53162 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53148 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54610 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54693 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53161 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53133 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54616 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54717 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53167 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53155 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53153 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53143 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53166 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54697 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54632 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54587 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54718 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51210 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56475 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51232 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56478 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52959 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56536 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51237 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51226 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53147 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53137 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50594 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53138 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54710 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56501 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50595 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56531 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56493 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54687 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:50596 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54721 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54619 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52919 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53008 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54605 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61743 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56502 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56526 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54708 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53157 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56473 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55396 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54692 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54597 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53136 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53160 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61763 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53142 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53142 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56533 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52924 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51213 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54727 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55401 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50376 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53132 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54595 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61049 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56540 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54609 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51221 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51218 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51242 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54695 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53150 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54723 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52208 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54722 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56521 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52978 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52179 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55403 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52933 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51247 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54700 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52209 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52956 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61067 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53141 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51228 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51203 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53143 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51235 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54691 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52923 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52920 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:49714 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53172 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56465 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50378 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53130 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53170 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56505 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52213 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:57903 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56492 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51230 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54688 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52240 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56500 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52181 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52980 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52226 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52234 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62803 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62845 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62859 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52931 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:50374 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53015 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56491 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52996 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54702 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54636 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54707 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52943 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61737 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52939 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63778 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52241 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51246 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51231 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52404 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52999 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52462 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53019 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53134 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51251 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56471 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56483 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56498 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53158 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56503 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56508 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61731 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63796 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56510 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52266 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63801 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51233 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56512 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52935 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52235 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63476 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54711 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53011 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61727 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52270 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52953 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52986 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52970 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53144 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51225 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52934 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52973 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52963 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53165 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52983 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52971 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53014 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52954 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56520 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52245 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53140 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63815 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53132 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54725 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56476 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52960 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56485 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52976 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52993 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52255 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53020 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56486 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53168 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62808 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52985 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56511 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52186 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54690 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53139 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56488 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51248 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56466 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52248 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54715 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52214 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56490 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53006 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62838 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:54728 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56538 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52921 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52251 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62844 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61725 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56543 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52246 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53018 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61741 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56480 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52210 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56528 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56541 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62809 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51195 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62819 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51206 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52949 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52260 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63741 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56496 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61726 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56481 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56513 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52184 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53009 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63798 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52195 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63484 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56507 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56532 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51243 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52981 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52196 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61745 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62895 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52951 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63750 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56487 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63766 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52199 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52243 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63503 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56525 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52223 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55397 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51208 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52238 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52918 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52239 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52244 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53021 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62865 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52958 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52950 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52269 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52190 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52965 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56535 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:53010 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62827 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63768 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55298 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52940 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56515 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62877 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55318 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56530 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52203 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51207 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62890 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:54685 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63808 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63761 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62863 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51236 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62874 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:50379 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52205 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63586 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63757 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63660 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52215 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52984 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52218 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52225 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52998 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62832 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51211 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51245 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51201 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:54705 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63762 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51220 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63822 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55314 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62820 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56542 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:56537 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52258 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61735 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63813 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51216 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62884 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:65310 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52259 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56516 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52263 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62860 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62812 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52938 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51193 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51238 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52198 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55342 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:65322 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52200 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62850 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61730 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62904 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63773 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56467 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63775 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63786 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55328 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55316 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52249 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61747 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55338 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55297 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52946 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61710 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61746 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55321 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:53005 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53013 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:56482 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55324 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62868 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51192 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62823 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55284 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62849 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51253 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63742 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:55313 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63771 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63745 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:65402 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52254 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61757 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52261 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51197 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63787 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51212 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51200 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62830 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55323 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52974 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63753 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62804 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52989 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:61748 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62879 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55567 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62898 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:62813 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:56470 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61727 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63812 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51240 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61740 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:63770 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:63828 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55293 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51241 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62807 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:55354 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:51217 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52185 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61741 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52994 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51250 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:53001 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:52204 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:62854 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:61046 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52268 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:63790 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:51227 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829498 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 1 : 192.168.2.8:62894 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:52926 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:52178 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:55363 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2829500 - Severity 1 - ETPRO MALWARE GandCrab DNS Lookup 3 : 192.168.2.8:51252 -> 1.1.1.1:53
Source: Network traffic	Suricata IDS: 2026737 - Severity 1 - ET MALWARE Observed GandCrab Domain (gandcrab .bit) : 192.168.2.8:61745 -> 1.1.1.1:53

Found Tor onion address

Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. Open link in tor browser: http://gdcbghvjyqy7jclk.onion/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 1. http://gdcbghvjyqy7jclk.onion.top/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 2. http://gdcbghvjyqy7jclk.onion.casa/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 3. http://gdcbghvjyqy7jclk.onion.guide/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 4. http://gdcbghvjyqy7jclk.onion.rip/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: 5. http://gdcbghvjyqy7jclk.onion.plus/c09ba58a9869e72e

Uses nslookup.exe to query domains

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.8:49715 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49714 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49725 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49724 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49723 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49722 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49721 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49720 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49719 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49718 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.8:49717 -> 1.1.1.1:53

May check the online IP address of the machine

Source: unknown	DNS query: name: ipv4bot.whatismyipaddress.com
Source: unknown	DNS query: name: ipv4bot.whatismyipaddress.com
Source: unknown	DNS query: name: ipv4bot.whatismyipaddress.com

Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	DNS traffic detected: DNS query: ipv4bot.whatismyipaddress.com
Source: global traffic	DNS traffic detected: DNS query: dns1.soprodns.ru
Source: global traffic	DNS traffic detected: DNS query: 1.1.1.1.in-addr.arpa
Source: global traffic	DNS traffic detected: DNS query: nomoreransom.bit
Source: global traffic	DNS traffic detected: DNS query: emsisoft.bit
Source: global traffic	DNS traffic detected: DNS query: gandcrab.bit

Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.casa/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.guide/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.plus/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.rip/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion.top/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: http://gdcbghvjyqy7jclk.onion/c09ba58a9869e72e
Source: file.exe, 00000000.00000002.2830053630.000000000070B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2830053630.00000000006DC000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2830053630.000000000071D000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipv4bot.whatismyipaddress.com/
Source: file.exe, 00000000.00000002.2830053630.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipv4bot.whatismyipaddress.com/S
Source: file.exe, 00000000.00000002.2830053630.00000000006DC000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://ipv4bot.whatismyipaddress.com/U
Source: file.exe, 00000000.00000002.2829785846.0000000000409000.00000004.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.torproject.org/

Spam, unwanted Advertisements and Ransom Demands

Yara detected Gandcrab

Source: Yara match	File source: file.exe, type: SAMPLE
Source: Yara match	File source: Process Memory Space: file.exe PID: 3488, type: MEMORYSTR
Source: Yara match	File source: Process Memory Space: ubrrkv.exe PID: 5604, type: MEMORYSTR

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,		0_2_00406000
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00406000 EnterCriticalSection,CryptAcquireContextW,GetLastError,CryptAcquireContextW,CryptImportKey,CryptGetKeyParam,CryptEncrypt,GetLastError,CryptReleaseContext,LeaveCriticalSection,		31_2_00406000

Too many similar processes found

Source: conhost.exe	Process created: 59
Source: nslookup.exe	Process created: 67

System Summary

Malicious sample detected (through community Yara rule)

Source: file.exe, type: SAMPLE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 31.2.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 31.0.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab Payload Author: kevoreilly
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe, type: DROPPED	Matched rule: Gandcrab Payload Author: kevoreilly

Detected potential crypto function

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00407EE0		0_2_00407EE0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00407EE0		31_2_00407EE0

Uses 32bit PE files

Source: file.exe

Static PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, 32BIT_MACHINE

Yara signature match

Source: file.exe, type: SAMPLE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.0.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 31.2.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 31.0.ubrrkv.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: 0.2.file.exe.400000.0.unpack, type: UNPACKEDPE	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe, type: DROPPED	Matched rule: Gandcrab author = kevoreilly, description = Gandcrab Payload, cape_type = Gandcrab Payload

Source: classification engine

Classification label: mal100.rans.troj.evad.winEXE@511/2@2240/0

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Jump to behavior

Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1076:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4200:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1824:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4128:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6812:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:3800:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4568:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5212:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6500:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1444:120:WilError_03
Source: C:\Users\user\Desktop\file.exe	Mutant created: \Sessions\1\BaseNamedObjects\Global\pc_group=WORKGROUP&ransom_id=c09ba58a9869e72e
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1644:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:332:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:636:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7140:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2360:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5960:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1564:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6072:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5032:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:504:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5672:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4900:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1060:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4452:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5924:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6476:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5324:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5256:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7120:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6680:120:WilError_03
Source: C:\Windows\System32\conhost.exe	Mutant created: \Sessions\1\BaseNamedObjects\Local\SM0:1092:120:WilError_03

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: file.exe

ReversingLabs: Detection: 89%

Source: unknown	Process created: C:\Users\user\Desktop\file.exe "C:\Users\user\Desktop\file.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: unknown	Process created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe "C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru
Source: C:\Windows\SysWOW64\nslookup.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe "C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptsp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rsaenh.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: userenv.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dnsapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: mswsock.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: iphlpapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: napinsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: pnrpnsp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: wshbth.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: nlaapi.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winrnr.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: rasadhlp.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc6.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: dhcpcsvc.dll
Source: C:\Windows\SysWOW64\nslookup.exe	Section loaded: winnsi.dll

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0358b920-0ac7-461f-98f4-58e32cd89148}\InProcServer32

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: file.exe

Static PE information: DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

0_2_00407C60

PE file contains sections with non-standard names

Source: file.exe	Static PE information: section name: .xObf
Source: ubrrkv.exe.0.dr	Static PE information: section name: .xObf

Uses code obfuscation techniques (call, push, ret)

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00405352 pushfd ; iretd	0_2_00405353
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041FC23 push edi; retf	0_2_0041FC40
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_00405352 pushfd ; iretd	31_2_00405353
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_0041FC23 push edi; retf	31_2_0041FC40

Drops PE files

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce vpfihnjmqea	Jump to behavior

Contains functionality to detect virtual machines (SLDT)

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

Code function: 31_2_0041CCC4 sldt word ptr [eax]

31_2_0041CCC4

Contains functionality to enumerate device drivers

Source: C:\Users\user\Desktop\file.exe	Code function: EnumDeviceDrivers,K32EnumDeviceDrivers,VirtualAlloc,K32EnumDeviceDrivers,K32GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,		0_2_00402F50
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: EnumDeviceDrivers,EnumDeviceDrivers,VirtualAlloc,EnumDeviceDrivers,GetDeviceDriverBaseNameW,lstrcmpiW,VirtualFree,VirtualFree,		31_2_00402F50

Found a high number of Window / User specific system calls (may be a loop to detect user behavior)

Source: C:\Users\user\Desktop\file.exe

Window / User API: threadDelayed 440

Jump to behavior

Found large amount of non-executed APIs

Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe

API coverage: 1.9 %

May sleep (evasive loops) to hinder dynamic analysis

Source: C:\Users\user\Desktop\file.exe TID: 5096	Thread sleep count: 440 > 30			Jump to behavior
Source: C:\Users\user\Desktop\file.exe TID: 5096	Thread sleep time: -4400000s >= -30000s			Jump to behavior

Sample execution stops while process was sleeping (likely an evasion)

Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Users\user\Desktop\file.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed
Source: C:\Windows\System32\conhost.exe	Last function: Thread delayed

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	0_2_004064A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	0_2_004066F0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004064A0 lstrlenW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcmpW,lstrcatW,lstrlenW,lstrcmpW,CreateFileW,GetFileSize,VirtualAlloc,ReadFile,lstrlenA,VirtualFree,CloseHandle,lstrcmpW,FindNextFileW,FindClose,	31_2_004064A0
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Code function: 31_2_004066F0 lstrlenW,lstrcatW,lstrcatW,FindFirstFileW,lstrcmpW,lstrcmpW,lstrcatW,lstrcatW,lstrcatW,FindNextFileW,FindClose,	31_2_004066F0

Source: file.exe, 00000000.00000002.2830053630.00000000006F5000.00000004.00000020.00020000.00000000.sdmp

Binary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Contains functionality to dynamically determine API calls

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00407C60 CryptAcquireContextW,VirtualAlloc,GetModuleHandleA,LoadLibraryA,GetProcAddress,CryptReleaseContext,VirtualFree,CryptReleaseContext,VirtualFree,

0_2_00407C60

Creates a process in suspended mode (likely to inject code)

Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup gandcrab.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup nomoreransom.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\SysWOW64\nslookup.exe nslookup emsisoft.bit dns1.soprodns.ru	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe "C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe"	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process created: unknown unknown	Jump to behavior

Contains functionality to query CPU information (cpuid)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00408BC0 cpuid

0_2_00408BC0

Queries information about the installed CPU (vendor, model number etc)

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	Jump to behavior

Queries the volume information (name, serial number etc) of a device

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior
Source: C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	Queries volume information: C:\ VolumeInformation	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuid

Jump to behavior

AV process strings found (often used to terminate AV products)

Source: file.exe

Binary or memory string: avgnt.exe

ID:	1522710
Product:	CloudBasic
Start time:	15:47:14
Start date:	30.09.2024
Sample:	file.exe
Cookbook:	default.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	d8029e1465ce1c847c658c71f7711bde
SHA1:	4b1a68c52bf2b22c359d6e321177789c1cc622c7
SHA256:	1c16b204dd52d4d3fab6113f20a43c29ff74db2746798b88bfd8f4214ac95cc5
Filetype:	Win32 Executable (generic) a (10002005/4) 99.96%

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Crypto\RSA\S-1-5-21-2246122658-3693405117-2476756634-1003\7ec63eecc011967c28496572961d2a7c_9e146be9-c76a-4720-bcdb-53011b87bd06	data	9B515CE290886100F8C5F7C3AD0CB6A0	CF57023D314B0BAD4BCC41D552A31EC88FA56395	186674F8434D142FE3E22F9A51A70FBE1F5161984D6A4B9EDE27B997C28D66EB
C:\Users\user\AppData\Roaming\Microsoft\ubrrkv.exe	PE32 executable (GUI) Intel 80386, for MS Windows	05AE50BF6E638FAC969303A04BF8CCE6	021844552AFD19CF163A8952E47E7632E72B746C	F9164F81A4AF240A01FE3E9E90728DDFE1A968E76A01C3DAB334367162EA28F4

Windows Analysis Report
file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel
Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Malware Threat Intel Provided by

Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

Spam, unwanted Advertisements and Ransom Demands

DDoS

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Lowering of HIPS / PFW / Operating System Security Settings

Screenshots

Behavior Graph

Network Map

Contacted Domains

Windows Analysis Report
file.exe

Malware Threat Intel
Provided by