ramnit | b194c460c0616b3c5bfc0e13950a7642a777b0927bb5036ecf1477042d1831e8

Analysis

max time kernel
150s
max time network
146s
platform
windows7_x64
resource
win7-20240729-en
resource tags

arch:x64arch:x86image:win7-20240729-enlocale:en-usos:windows7-x64system
submitted
22/03/2025, 05:34 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
Size

129KB
MD5

85d42b5c420227011a4af768f443a3a8
SHA1

d22b5759f7331c483d7bb5780a267ef171aa3fe5
SHA256

b194c460c0616b3c5bfc0e13950a7642a777b0927bb5036ecf1477042d1831e8
SHA512

14ca801115ead33c7c6897375fa8d16d9679ee7dbda980370ae3d83a456a664e0bda357f146e340029f775435759a6925c9b96a4d3da704f59b6fbb0cd57c485
SSDEEP

3072:OdCmj0KVZSXQ0yNPaaHw7Koj4rtuFeHiiaKL:OdC/K/3KeH

Score

10^/10

ramnit banker defense_evasion discovery persistence spyware stealer trojan worm

Malware Config

Signatures

Modifies WinLogon for persistence 2 TTPs 1 IoCs

persistence

Winlogon Helper DLL

T1547.004

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit = "userinit.exe,C:\\Users\\Admin\\AppData\\Local\\fqdftfsr\\nwureicf.exe"	svchost.exe

Ramnit
Ramnit is a versatile family that holds viruses, worms, and Trojans.
trojan spyware stealer worm banker ramnit
Ramnit family
ramnit

UAC bypass 3 TTPs 2 IoCs

defense_evasion trojan

Bypass User Account Control

T1548.002

Disable or Modify Tools

T1562.001

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	svchost.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	fcsmjkeoqbgutuyr.exe

Drops startup file 2 IoCs

description	ioc	Process
File opened for modification	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nwureicf.exe	svchost.exe
File created	C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\nwureicf.exe	svchost.exe

Executes dropped EXE 2 IoCs

pid	Process
2960	fcsmjkeoqbgutuyr.exe
2904	fcsmjkeoqbgutuyr.exe

Loads dropped DLL 4 IoCs

pid	Process
2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
692	cmd.exe
692	cmd.exe

Adds Run key to start application 2 TTPs 1 IoCs

persistence

Registry Run Keys / Startup Folder

T1547.001

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-2703099537-420551529-3771253338-1000\Software\Microsoft\Windows\CurrentVersion\Run\NwuReicf = "C:\\Users\\Admin\\AppData\\Local\\fqdftfsr\\nwureicf.exe"	svchost.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

defense_evasion trojan

System Information Discovery

T1082

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	fcsmjkeoqbgutuyr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 5 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	svchost.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	fcsmjkeoqbgutuyr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	cmd.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe
2716	svchost.exe

Suspicious behavior: LoadsDriver 1 IoCs

pid	Process
480	Process not Found

Suspicious use of AdjustPrivilegeToken 8 IoCs

description	pid	Process
Token: SeSecurityPrivilege	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
Token: SeDebugPrivilege	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
Token: SeSecurityPrivilege	2816	svchost.exe
Token: SeSecurityPrivilege	2716	svchost.exe
Token: SeDebugPrivilege	2716	svchost.exe
Token: SeSecurityPrivilege	2960	fcsmjkeoqbgutuyr.exe
Token: SeSecurityPrivilege	2904	fcsmjkeoqbgutuyr.exe
Token: SeLoadDriverPrivilege	2904	fcsmjkeoqbgutuyr.exe

Suspicious use of WriteProcessMemory 32 IoCs

description	pid	Process	procid_target
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2816	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	30
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2716	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	31
PID 2656 wrote to memory of 2960	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	32
PID 2656 wrote to memory of 2960	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	32
PID 2656 wrote to memory of 2960	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	32
PID 2656 wrote to memory of 2960	2656	JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe	32
PID 2960 wrote to memory of 692	2960	fcsmjkeoqbgutuyr.exe	33
PID 2960 wrote to memory of 692	2960	fcsmjkeoqbgutuyr.exe	33
PID 2960 wrote to memory of 692	2960	fcsmjkeoqbgutuyr.exe	33
PID 2960 wrote to memory of 692	2960	fcsmjkeoqbgutuyr.exe	33
PID 692 wrote to memory of 2904	692	cmd.exe	35
PID 692 wrote to memory of 2904	692	cmd.exe	35
PID 692 wrote to memory of 2904	692	cmd.exe	35
PID 692 wrote to memory of 2904	692	cmd.exe	35

System policy modification 1 TTPs 1 IoCs

defense_evasion

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA = "0"	fcsmjkeoqbgutuyr.exe

C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe
"C:\Users\Admin\AppData\Local\Temp\JaffaCakes118_85d42b5c420227011a4af768f443a3a8.exe"
1⤵
- Loads dropped DLL
- System Location Discovery: System Language Discovery
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of WriteProcessMemory
PID:2656
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  PID:2816
- C:\Windows\SysWOW64\svchost.exe
  C:\Windows\system32\svchost.exe
  2⤵
  - Modifies WinLogon for persistence
  - UAC bypass
  - Drops startup file
  - Adds Run key to start application
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  PID:2716
- C:\Users\Admin\AppData\Local\Temp\fcsmjkeoqbgutuyr.exe
  "C:\Users\Admin\AppData\Local\Temp\fcsmjkeoqbgutuyr.exe" elevate
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of WriteProcessMemory
  PID:2960
- - C:\Windows\SysWOW64\cmd.exe
    "C:\Windows\System32\cmd.exe" /C ""C:\Users\Admin\AppData\Local\Temp\fcsmjkeoqbgutuyr.exe"" admin
    3⤵
    - Loads dropped DLL
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:692
  - - C:\Users\Admin\AppData\Local\Temp\fcsmjkeoqbgutuyr.exe
      "C:\Users\Admin\AppData\Local\Temp\fcsmjkeoqbgutuyr.exe" admin
      4⤵
      UAC bypass
      Executes dropped EXE
      Checks whether UAC is enabled
      Suspicious use of AdjustPrivilegeToken
      System policy modification
      PID:2904

Network

DNS

google.com

svchost.exe

Remote address:

8.8.8.8:53

Request

google.com

IN A

Response

google.com

IN A

172.217.169.78
DNS

tiqfgpaxvmhsxtk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

tiqfgpaxvmhsxtk.com

IN A

Response
DNS

snoknwlgcwgaafbtqkt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

snoknwlgcwgaafbtqkt.com

IN A

Response
DNS

khddwukkbwhfdiufhaj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

khddwukkbwhfdiufhaj.com

IN A

Response
DNS

jiwucjyxjibyd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jiwucjyxjibyd.com

IN A

Response
DNS

jiwucjyxjibyd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jiwucjyxjibyd.com

IN A

Response
DNS

jiwucjyxjibyd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jiwucjyxjibyd.com

IN A

Response
DNS

htmthgurhtchwlhwklf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

htmthgurhtchwlhwklf.com

IN A

Response

htmthgurhtchwlhwklf.com

IN A

162.249.65.200
DNS

cxatodxefolgkokdqy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

cxatodxefolgkokdqy.com

IN A

Response
DNS

ouljuvkvn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ouljuvkvn.com

IN A

Response
DNS

swbadolov.com

svchost.exe

Remote address:

8.8.8.8:53

Request

swbadolov.com

IN A

Response
DNS

tfgyaoingy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

tfgyaoingy.com

IN A

Response

tfgyaoingy.com

IN A

195.201.179.207
DNS

ukiixagdbdkd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ukiixagdbdkd.com

IN A

Response

ukiixagdbdkd.com

IN A

46.165.220.143
DNS

ubkfgwqslhqyy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ubkfgwqslhqyy.com

IN A

Response

ubkfgwqslhqyy.com

IN A

3.249.135.232
DNS

caytmlnlrou.com

svchost.exe

Remote address:

8.8.8.8:53

Request

caytmlnlrou.com

IN A

Response
DNS

qbsqnpyyooh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qbsqnpyyooh.com

IN A

Response
DNS

vrguyjjxorlyen.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vrguyjjxorlyen.com

IN A

Response
DNS

nvepdnpx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nvepdnpx.com

IN A

Response
DNS

vwaeloyyutodtr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vwaeloyyutodtr.com

IN A

Response
DNS

gokbwlivwvgqlretxd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gokbwlivwvgqlretxd.com

IN A

Response
DNS

mukevipvxvrq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mukevipvxvrq.com

IN A

Response
DNS

empsqyowjuvvsvrwj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

empsqyowjuvvsvrwj.com

IN A

Response
DNS

duomyvwabkuappgqxhp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

duomyvwabkuappgqxhp.com

IN A

Response
DNS

voohnyqdinl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

voohnyqdinl.com

IN A

Response
DNS

ncxphtrpiawmchfylsy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ncxphtrpiawmchfylsy.com

IN A

Response
DNS

xwrmquiqjdsxk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xwrmquiqjdsxk.com

IN A

Response
DNS

lnolxrnhb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lnolxrnhb.com

IN A

Response
DNS

ldiogjdyyxacm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ldiogjdyyxacm.com

IN A

Response
DNS

kuetvxnntsk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

kuetvxnntsk.com

IN A

Response
DNS

ppdbeidwufrb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ppdbeidwufrb.com

IN A

Response
DNS

lsawmyxqxvmogvxifm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lsawmyxqxvmogvxifm.com

IN A

Response
DNS

tfipmwkcgigiey.com

svchost.exe

Remote address:

8.8.8.8:53

Request

tfipmwkcgigiey.com

IN A

Response
DNS

pgahbyurf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pgahbyurf.com

IN A

Response
DNS

yaesbfejdxs.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yaesbfejdxs.com

IN A

Response
DNS

pubecchfuxgquhguye.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pubecchfuxgquhguye.com

IN A

Response
DNS

yeokcogbbprvybwqn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yeokcogbbprvybwqn.com

IN A

Response
DNS

ocwbuffwnj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ocwbuffwnj.com

IN A

Response
DNS

cpugvsnhyrueqcyxnvo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

cpugvsnhyrueqcyxnvo.com

IN A

Response
DNS

bxqqsoxw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

bxqqsoxw.com

IN A

Response
DNS

gvjkpsip.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gvjkpsip.com

IN A

Response
DNS

garxfslj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

garxfslj.com

IN A

Response
DNS

jpeobmbipilmwsc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jpeobmbipilmwsc.com

IN A

Response
DNS

mfpgvhnjp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mfpgvhnjp.com

IN A

Response
DNS

sjolcaml.com

svchost.exe

Remote address:

8.8.8.8:53

Request

sjolcaml.com

IN A

Response
DNS

spykqqdavslss.com

svchost.exe

Remote address:

8.8.8.8:53

Request

spykqqdavslss.com

IN A

Response
DNS

hcegcnlr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hcegcnlr.com

IN A

Response
DNS

derdamdyvt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

derdamdyvt.com

IN A

Response
DNS

hnywdakvhxvuoeuap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hnywdakvhxvuoeuap.com

IN A

Response
DNS

fxamvtgx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

fxamvtgx.com

IN A

Response
DNS

rxkcrxbkc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

rxkcrxbkc.com

IN A

Response
DNS

wavmiijmnswdmbuhcn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

wavmiijmnswdmbuhcn.com

IN A

Response
DNS

gylgunsiciis.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gylgunsiciis.com

IN A

Response
DNS

exvpgubuxrdvhijan.com

svchost.exe

Remote address:

8.8.8.8:53

Request

exvpgubuxrdvhijan.com

IN A

Response
DNS

mvorlnmwfkayjrqfni.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mvorlnmwfkayjrqfni.com

IN A

Response
DNS

nhvfyugxtgrnk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nhvfyugxtgrnk.com

IN A

Response
DNS

ktltiueyc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ktltiueyc.com

IN A

Response
DNS

ndtdktwnkplaavqsfa.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ndtdktwnkplaavqsfa.com

IN A

Response
DNS

pvgnfjpvih.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pvgnfjpvih.com

IN A

Response
DNS

ftmtkcjkomqdw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ftmtkcjkomqdw.com

IN A

Response
DNS

udyrxoed.com

svchost.exe

Remote address:

8.8.8.8:53

Request

udyrxoed.com

IN A

Response
DNS

shkxklmbrgcqoeh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

shkxklmbrgcqoeh.com

IN A

Response
DNS

daxwkcompfufkvaa.com

svchost.exe

Remote address:

8.8.8.8:53

Request

daxwkcompfufkvaa.com

IN A

Response
DNS

ttwiysoohhkrhl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ttwiysoohhkrhl.com

IN A

Response
DNS

yblmyabknhn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yblmyabknhn.com

IN A

Response
DNS

rbafexvqgsmmnnvfv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

rbafexvqgsmmnnvfv.com

IN A

Response
DNS

nkootxbt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nkootxbt.com

IN A

Response

nkootxbt.com

IN A

3.249.135.232
DNS

anypbvojndegpnm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

anypbvojndegpnm.com

IN A

Response

anypbvojndegpnm.com

IN A

46.165.220.143
DNS

apimyackpqd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

apimyackpqd.com

IN A

Response
DNS

jptkockakusewlaqfdt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jptkockakusewlaqfdt.com

IN A

Response
DNS

kbohjdsc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

kbohjdsc.com

IN A

Response
DNS

qxthcmscxhradd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qxthcmscxhradd.com

IN A

Response
DNS

ldyyuwwwgw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ldyyuwwwgw.com

IN A

Response
DNS

eonvwoabjwow.com

svchost.exe

Remote address:

8.8.8.8:53

Request

eonvwoabjwow.com

IN A

Response
DNS

rrnuptrt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

rrnuptrt.com

IN A

Response
DNS

ksynclhbmctx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ksynclhbmctx.com

IN A

Response
DNS

nwakycbynypuhbpkpx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nwakycbynypuhbpkpx.com

IN A

Response
DNS

kabywdoswjvqgdso.com

svchost.exe

Remote address:

8.8.8.8:53

Request

kabywdoswjvqgdso.com

IN A

Response
DNS

miafnrcwjddy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

miafnrcwjddy.com

IN A

Response
DNS

fjegwqbvoae.com

svchost.exe

Remote address:

8.8.8.8:53

Request

fjegwqbvoae.com

IN A

Response
DNS

ryauwismekfu.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ryauwismekfu.com

IN A

Response
DNS

njopiyisfxnxw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

njopiyisfxnxw.com

IN A

Response
DNS

kuftuiyxrlyrbffu.com

svchost.exe

Remote address:

8.8.8.8:53

Request

kuftuiyxrlyrbffu.com

IN A

Response
DNS

xjxsswjhxpfekmlcwv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xjxsswjhxpfekmlcwv.com

IN A

Response
DNS

xpgpwjnpcgatgypiepg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xpgpwjnpcgatgypiepg.com

IN A

Response
DNS

hrwgpaisqjtadka.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hrwgpaisqjtadka.com

IN A

Response
DNS

xtjjsdpqjrckayml.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xtjjsdpqjrckayml.com

IN A

Response
DNS

rirbqsrjqsnw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

rirbqsrjqsnw.com

IN A

Response
DNS

jmdqxtwclkxellkxgn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jmdqxtwclkxellkxgn.com

IN A

Response
DNS

ggplhlwurkffvsfxxdh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ggplhlwurkffvsfxxdh.com

IN A

Response
DNS

gjkdyorakldhem.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gjkdyorakldhem.com

IN A

Response
DNS

iaoaagmfylemjyq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

iaoaagmfylemjyq.com

IN A

Response
DNS

gmajhefkqm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gmajhefkqm.com

IN A

Response
DNS

hbjgehxcf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hbjgehxcf.com

IN A

Response
DNS

mesctomcqxdvseeesd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mesctomcqxdvseeesd.com

IN A

Response
DNS

xhxiowpga.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xhxiowpga.com

IN A

Response
DNS

ypwubsqx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ypwubsqx.com

IN A

Response
DNS

gadwjccnb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gadwjccnb.com

IN A

Response
DNS

lecgcbtmbnofr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lecgcbtmbnofr.com

IN A

Response
DNS

wgyndijomue.com

svchost.exe

Remote address:

8.8.8.8:53

Request

wgyndijomue.com

IN A

Response
DNS

riacjyielwbe.com

svchost.exe

Remote address:

8.8.8.8:53

Request

riacjyielwbe.com

IN A

Response
DNS

clufudjixpqmyspofp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

clufudjixpqmyspofp.com

IN A

Response
DNS

otfbjejwjvcno.com

svchost.exe

Remote address:

8.8.8.8:53

Request

otfbjejwjvcno.com

IN A

Response
DNS

takpkwhluhhediie.com

svchost.exe

Remote address:

8.8.8.8:53

Request

takpkwhluhhediie.com

IN A

Response
DNS

ieqpusccgyvca.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ieqpusccgyvca.com

IN A

Response
DNS

pqqvrioftjalqahlo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pqqvrioftjalqahlo.com

IN A

Response
DNS

omqluoghcqw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

omqluoghcqw.com

IN A

Response
DNS

oxlbfdxd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

oxlbfdxd.com

IN A

Response
DNS

ciqeutekeaojdxcxu.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ciqeutekeaojdxcxu.com

IN A

Response
DNS

qfdufqnr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qfdufqnr.com

IN A

Response
DNS

uuwqjcksfo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

uuwqjcksfo.com

IN A

Response
DNS

fjaapqjsqreelq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

fjaapqjsqreelq.com

IN A

Response
DNS

yywtmnpgo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yywtmnpgo.com

IN A

Response
DNS

owjvhbqartmagudc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

owjvhbqartmagudc.com

IN A

Response
DNS

lvhsmwthsn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lvhsmwthsn.com

IN A

Response
DNS

xsmhhtctdkvikelygk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xsmhhtctdkvikelygk.com

IN A

Response
DNS

fymctauygyk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

fymctauygyk.com

IN A

Response
DNS

attqfideqdholwyafo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

attqfideqdholwyafo.com

IN A

Response
DNS

lhvlyhgojmdtq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lhvlyhgojmdtq.com

IN A

Response
DNS

pbpanibyxfajxlr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

pbpanibyxfajxlr.com

IN A

Response
DNS

wbuvoybqnqsbmhcdcfs.com

svchost.exe

Remote address:

8.8.8.8:53

Request

wbuvoybqnqsbmhcdcfs.com

IN A

Response
DNS

ijjuircfabvpqh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ijjuircfabvpqh.com

IN A

Response
DNS

iueenjqheehbvhpkp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

iueenjqheehbvhpkp.com

IN A

Response
DNS

mrigtuhohkbsju.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mrigtuhohkbsju.com

IN A

Response
DNS

wpahyhff.com

svchost.exe

Remote address:

8.8.8.8:53

Request

wpahyhff.com

IN A

Response
DNS

hgbstappdn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hgbstappdn.com

IN A

Response
DNS

nfadxfjmdfvqpj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nfadxfjmdfvqpj.com

IN A

Response
DNS

lkvcgnfsyhvlugcap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lkvcgnfsyhvlugcap.com

IN A

Response
DNS

jdcfoplrebamtbcqa.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jdcfoplrebamtbcqa.com

IN A

Response
DNS

llhbeoxrxoqk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

llhbeoxrxoqk.com

IN A

Response
DNS

hjxaihieibafwv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hjxaihieibafwv.com

IN A

Response
DNS

xyttylxriaj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xyttylxriaj.com

IN A

Response
DNS

jlormrurxa.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jlormrurxa.com

IN A

Response
DNS

gpngcqfqrjmfydxckai.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gpngcqfqrjmfydxckai.com

IN A

Response
DNS

xsflgqxa.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xsflgqxa.com

IN A

Response
DNS

ecguxgqdjcyhggfk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ecguxgqdjcyhggfk.com

IN A

Response
DNS

vqokjkmppvllwxuk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vqokjkmppvllwxuk.com

IN A

Response
DNS

ybxgengtxtycjemmqng.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ybxgengtxtycjemmqng.com

IN A

Response
DNS

mshvgpvvs.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mshvgpvvs.com

IN A

Response
DNS

tuddhpqmbadaaht.com

svchost.exe

Remote address:

8.8.8.8:53

Request

tuddhpqmbadaaht.com

IN A

Response
DNS

uxxykffflohlhskeyi.com

svchost.exe

Remote address:

8.8.8.8:53

Request

uxxykffflohlhskeyi.com

IN A

Response
DNS

iibdbafng.com

svchost.exe

Remote address:

8.8.8.8:53

Request

iibdbafng.com

IN A

Response
DNS

rcsllpxjlsypet.com

svchost.exe

Remote address:

8.8.8.8:53

Request

rcsllpxjlsypet.com

IN A

Response
DNS

xfjiribvjqd.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xfjiribvjqd.com

IN A

Response
DNS

mmxqkwglxtdtor.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mmxqkwglxtdtor.com

IN A

Response
DNS

nvsgajhivvn.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nvsgajhivvn.com

IN A

Response
DNS

prqerbwwjvw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

prqerbwwjvw.com

IN A

Response
DNS

xorutrhmdjwmfcpgsvq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xorutrhmdjwmfcpgsvq.com

IN A

Response
DNS

gnmbqnxvumfclqyug.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gnmbqnxvumfclqyug.com

IN A

Response
DNS

yktervxj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yktervxj.com

IN A

Response
DNS

iblgthye.com

svchost.exe

Remote address:

8.8.8.8:53

Request

iblgthye.com

IN A

Response
DNS

bfbbvadypijthjh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

bfbbvadypijthjh.com

IN A

Response
DNS

hhtxwgap.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hhtxwgap.com

IN A

Response
DNS

ptxfoqfjjxhdnekeh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ptxfoqfjjxhdnekeh.com

IN A

Response
DNS

fmwuiydsiqsporrgw.com

svchost.exe

Remote address:

8.8.8.8:53

Request

fmwuiydsiqsporrgw.com

IN A

Response
DNS

faexhycctgxdl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

faexhycctgxdl.com

IN A

Response
DNS

cdorpnmmafnomwyeny.com

svchost.exe

Remote address:

8.8.8.8:53

Request

cdorpnmmafnomwyeny.com

IN A

Response
DNS

eehckdyaxxjqhdo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

eehckdyaxxjqhdo.com

IN A

Response
DNS

rxatjyykg.com

svchost.exe

Remote address:

8.8.8.8:53

Request

rxatjyykg.com

IN A

Response
DNS

yrluloqkxujrvv.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yrluloqkxujrvv.com

IN A

Response
DNS

ltqgnbgqukixovfdaoi.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ltqgnbgqukixovfdaoi.com

IN A

Response
DNS

mmdchhrh.com

svchost.exe

Remote address:

8.8.8.8:53

Request

mmdchhrh.com

IN A

Response
DNS

vqurlimfhvxttpjr.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vqurlimfhvxttpjr.com

IN A

Response
DNS

buoprdhrhaighfcfl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

buoprdhrhaighfcfl.com

IN A

Response
DNS

lvmmllrmkpdll.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lvmmllrmkpdll.com

IN A

Response
DNS

cbscmebdlyfkdeeasmu.com

svchost.exe

Remote address:

8.8.8.8:53

Request

cbscmebdlyfkdeeasmu.com

IN A

Response
DNS

nucpjoumgxmhndsob.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nucpjoumgxmhndsob.com

IN A

Response
DNS

xqelqiidxspuqvi.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xqelqiidxspuqvi.com

IN A

Response
DNS

osajklwmmhjp.com

svchost.exe

Remote address:

8.8.8.8:53

Request

osajklwmmhjp.com

IN A

Response
DNS

qdonhyqsieseoqlm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qdonhyqsieseoqlm.com

IN A

Response
DNS

nulthurgrjvwqokbic.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nulthurgrjvwqokbic.com

IN A

Response
DNS

gaohkehqjs.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gaohkehqjs.com

IN A

Response
DNS

lrpvmktouq.com

svchost.exe

Remote address:

8.8.8.8:53

Request

lrpvmktouq.com

IN A

Response
DNS

sohwjlifxvlmfguite.com

svchost.exe

Remote address:

8.8.8.8:53

Request

sohwjlifxvlmfguite.com

IN A

Response
DNS

hpswpjjmvccxmimedi.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hpswpjjmvccxmimedi.com

IN A

Response
DNS

ecuamsraikwrwki.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ecuamsraikwrwki.com

IN A

Response
DNS

kyonhkyryembre.com

svchost.exe

Remote address:

8.8.8.8:53

Request

kyonhkyryembre.com

IN A

Response
DNS

vcxkjqaswogrbmqgfyf.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vcxkjqaswogrbmqgfyf.com

IN A

Response
DNS

ksewxcnjo.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ksewxcnjo.com

IN A

Response
DNS

xllnolng.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xllnolng.com

IN A

Response
DNS

treayxvaoaqol.com

svchost.exe

Remote address:

8.8.8.8:53

Request

treayxvaoaqol.com

IN A

Response
DNS

uoqdcxvy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

uoqdcxvy.com

IN A

Response
DNS

xjhhggbuufmlirsmgjx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xjhhggbuufmlirsmgjx.com

IN A

Response
DNS

xjhhggbuufmlirsmgjx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

xjhhggbuufmlirsmgjx.com

IN A
DNS

dsooagtnljlwfpmewvm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

dsooagtnljlwfpmewvm.com

IN A

Response
DNS

cwnwhjtgqtt.com

svchost.exe

Remote address:

8.8.8.8:53

Request

cwnwhjtgqtt.com

IN A

Response
DNS

dcdtpewhb.com

svchost.exe

Remote address:

8.8.8.8:53

Request

dcdtpewhb.com

IN A

Response
DNS

havonolwc.com

svchost.exe

Remote address:

8.8.8.8:53

Request

havonolwc.com

IN A

Response

havonolwc.com

IN A

3.249.135.232
DNS

yvywhtknppwkfcfvyhj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yvywhtknppwkfcfvyhj.com

IN A

Response
DNS

yniktagnfeuapbkkjm.com

svchost.exe

Remote address:

8.8.8.8:53

Request

yniktagnfeuapbkkjm.com

IN A

Response
DNS

eijabgcrvhynghfx.com

svchost.exe

Remote address:

8.8.8.8:53

Request

eijabgcrvhynghfx.com

IN A

Response
DNS

vomdkymumbypgiqba.com

svchost.exe

Remote address:

8.8.8.8:53

Request

vomdkymumbypgiqba.com

IN A

Response
DNS

gggyexvskphnets.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gggyexvskphnets.com

IN A

Response
DNS

ivjbicjj.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ivjbicjj.com

IN A

Response
DNS

qqtxsbps.com

svchost.exe

Remote address:

8.8.8.8:53

Request

qqtxsbps.com

IN A

Response
DNS

ljxvlmvyyqjch.com

svchost.exe

Remote address:

8.8.8.8:53

Request

ljxvlmvyyqjch.com

IN A

Response
DNS

uqmgwttutorxwgums.com

svchost.exe

Remote address:

8.8.8.8:53

Request

uqmgwttutorxwgums.com

IN A

Response
DNS

kfucikjlowsaypemxe.com

svchost.exe

Remote address:

8.8.8.8:53

Request

kfucikjlowsaypemxe.com

IN A

Response
DNS

dtqmfjuwgawuoswof.com

svchost.exe

Remote address:

8.8.8.8:53

Request

dtqmfjuwgawuoswof.com

IN A

Response
DNS

hvjunwdwyoypxkk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

hvjunwdwyoypxkk.com

IN A

Response
DNS

uhguoyhafk.com

svchost.exe

Remote address:

8.8.8.8:53

Request

uhguoyhafk.com

IN A

Response
DNS

nyigwkvffift.com

svchost.exe

Remote address:

8.8.8.8:53

Request

nyigwkvffift.com

IN A

Response
DNS

gllurecirqjdybfy.com

svchost.exe

Remote address:

8.8.8.8:53

Request

gllurecirqjdybfy.com

IN A

Response
DNS

oqrmgtfyglxye.com

svchost.exe

Remote address:

8.8.8.8:53

Request

oqrmgtfyglxye.com

IN A

Response
DNS

jkocxjytlxvytl.com

svchost.exe

Remote address:

8.8.8.8:53

Request

jkocxjytlxvytl.com

IN A

Response

172.217.169.78:80

google.com

svchost.exe

98 B
52 B
2
1
195.201.179.207:443

tfgyaoingy.com

https

svchost.exe

351 B
212 B
6
5
46.165.220.143:443

ukiixagdbdkd.com

https

svchost.exe

351 B
164 B
6
4
162.249.65.200:443

htmthgurhtchwlhwklf.com

svchost.exe

152 B
120 B
3
3
3.249.135.232:443

ubkfgwqslhqyy.com

https

svchost.exe

259 B
216 B
4
5
3.249.135.232:443

nkootxbt.com

https

svchost.exe

259 B
216 B
4
5
46.165.220.143:443

anypbvojndegpnm.com

https

svchost.exe

351 B
164 B
6
4
3.249.135.232:443

havonolwc.com

https

svchost.exe

259 B
216 B
4
5
172.217.169.78:80

google.com

svchost.exe

98 B
52 B
2
1
172.217.169.78:80

google.com

svchost.exe

98 B
52 B
2
1

8.8.8.8:53

google.com

dns

svchost.exe

56 B
72 B
1
1

DNS Request

google.com

DNS Response

172.217.169.78
8.8.8.8:53

tiqfgpaxvmhsxtk.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

tiqfgpaxvmhsxtk.com
8.8.8.8:53

snoknwlgcwgaafbtqkt.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

snoknwlgcwgaafbtqkt.com
8.8.8.8:53

khddwukkbwhfdiufhaj.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

khddwukkbwhfdiufhaj.com
8.8.8.8:53

jiwucjyxjibyd.com

dns

svchost.exe

189 B
189 B
3
3

DNS Request

jiwucjyxjibyd.com

DNS Request

jiwucjyxjibyd.com

DNS Request

jiwucjyxjibyd.com
8.8.8.8:53

htmthgurhtchwlhwklf.com

dns

svchost.exe

69 B
85 B
1
1

DNS Request

htmthgurhtchwlhwklf.com

DNS Response

162.249.65.200
8.8.8.8:53

cxatodxefolgkokdqy.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

cxatodxefolgkokdqy.com
8.8.8.8:53

ouljuvkvn.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

ouljuvkvn.com
8.8.8.8:53

swbadolov.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

swbadolov.com
8.8.8.8:53

tfgyaoingy.com

dns

svchost.exe

60 B
76 B
1
1

DNS Request

tfgyaoingy.com

DNS Response

195.201.179.207
8.8.8.8:53

ukiixagdbdkd.com

dns

svchost.exe

62 B
78 B
1
1

DNS Request

ukiixagdbdkd.com

DNS Response

46.165.220.143
8.8.8.8:53

ubkfgwqslhqyy.com

dns

svchost.exe

63 B
79 B
1
1

DNS Request

ubkfgwqslhqyy.com

DNS Response

3.249.135.232
8.8.8.8:53

caytmlnlrou.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

caytmlnlrou.com
8.8.8.8:53

qbsqnpyyooh.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

qbsqnpyyooh.com
8.8.8.8:53

vrguyjjxorlyen.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

vrguyjjxorlyen.com
8.8.8.8:53

nvepdnpx.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

nvepdnpx.com
8.8.8.8:53

vwaeloyyutodtr.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

vwaeloyyutodtr.com
8.8.8.8:53

gokbwlivwvgqlretxd.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

gokbwlivwvgqlretxd.com
8.8.8.8:53

mukevipvxvrq.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

mukevipvxvrq.com
8.8.8.8:53

empsqyowjuvvsvrwj.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

empsqyowjuvvsvrwj.com
8.8.8.8:53

duomyvwabkuappgqxhp.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

duomyvwabkuappgqxhp.com
8.8.8.8:53

voohnyqdinl.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

voohnyqdinl.com
8.8.8.8:53

ncxphtrpiawmchfylsy.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

ncxphtrpiawmchfylsy.com
8.8.8.8:53

xwrmquiqjdsxk.com

dns

svchost.exe

122 B
268 B
2
2

DNS Request

xwrmquiqjdsxk.com

DNS Request

lnolxrnhb.com
8.8.8.8:53

ldiogjdyyxacm.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

ldiogjdyyxacm.com
8.8.8.8:53

kuetvxnntsk.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

kuetvxnntsk.com
8.8.8.8:53

ppdbeidwufrb.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

ppdbeidwufrb.com
8.8.8.8:53

lsawmyxqxvmogvxifm.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

lsawmyxqxvmogvxifm.com
8.8.8.8:53

tfipmwkcgigiey.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

tfipmwkcgigiey.com
8.8.8.8:53

pgahbyurf.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

pgahbyurf.com
8.8.8.8:53

yaesbfejdxs.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

yaesbfejdxs.com
8.8.8.8:53

pubecchfuxgquhguye.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

pubecchfuxgquhguye.com
8.8.8.8:53

yeokcogbbprvybwqn.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

yeokcogbbprvybwqn.com
8.8.8.8:53

ocwbuffwnj.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

ocwbuffwnj.com
8.8.8.8:53

cpugvsnhyrueqcyxnvo.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

cpugvsnhyrueqcyxnvo.com
8.8.8.8:53

bxqqsoxw.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

bxqqsoxw.com
8.8.8.8:53

gvjkpsip.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

gvjkpsip.com
8.8.8.8:53

garxfslj.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

garxfslj.com
8.8.8.8:53

jpeobmbipilmwsc.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

jpeobmbipilmwsc.com
8.8.8.8:53

mfpgvhnjp.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

mfpgvhnjp.com
8.8.8.8:53

sjolcaml.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

sjolcaml.com
8.8.8.8:53

spykqqdavslss.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

spykqqdavslss.com
8.8.8.8:53

hcegcnlr.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

hcegcnlr.com
8.8.8.8:53

derdamdyvt.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

derdamdyvt.com
8.8.8.8:53

hnywdakvhxvuoeuap.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

hnywdakvhxvuoeuap.com
8.8.8.8:53

fxamvtgx.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

fxamvtgx.com
8.8.8.8:53

rxkcrxbkc.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

rxkcrxbkc.com
8.8.8.8:53

wavmiijmnswdmbuhcn.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

wavmiijmnswdmbuhcn.com
8.8.8.8:53

gylgunsiciis.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

gylgunsiciis.com
8.8.8.8:53

exvpgubuxrdvhijan.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

exvpgubuxrdvhijan.com
8.8.8.8:53

mvorlnmwfkayjrqfni.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

mvorlnmwfkayjrqfni.com
8.8.8.8:53

nhvfyugxtgrnk.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

nhvfyugxtgrnk.com
8.8.8.8:53

ktltiueyc.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

ktltiueyc.com
8.8.8.8:53

ndtdktwnkplaavqsfa.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

ndtdktwnkplaavqsfa.com
8.8.8.8:53

pvgnfjpvih.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

pvgnfjpvih.com
8.8.8.8:53

ftmtkcjkomqdw.com

dns

svchost.exe

121 B
267 B
2
2

DNS Request

ftmtkcjkomqdw.com

DNS Request

udyrxoed.com
8.8.8.8:53

shkxklmbrgcqoeh.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

shkxklmbrgcqoeh.com
8.8.8.8:53

daxwkcompfufkvaa.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

daxwkcompfufkvaa.com
8.8.8.8:53

ttwiysoohhkrhl.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

ttwiysoohhkrhl.com
8.8.8.8:53

yblmyabknhn.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

yblmyabknhn.com
8.8.8.8:53

rbafexvqgsmmnnvfv.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

rbafexvqgsmmnnvfv.com
8.8.8.8:53

nkootxbt.com

dns

svchost.exe

58 B
74 B
1
1

DNS Request

nkootxbt.com

DNS Response

3.249.135.232
8.8.8.8:53

anypbvojndegpnm.com

dns

svchost.exe

65 B
81 B
1
1

DNS Request

anypbvojndegpnm.com

DNS Response

46.165.220.143
8.8.8.8:53

apimyackpqd.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

apimyackpqd.com
8.8.8.8:53

jptkockakusewlaqfdt.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

jptkockakusewlaqfdt.com
8.8.8.8:53

kbohjdsc.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

kbohjdsc.com
8.8.8.8:53

qxthcmscxhradd.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

qxthcmscxhradd.com
8.8.8.8:53

ldyyuwwwgw.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

ldyyuwwwgw.com
8.8.8.8:53

eonvwoabjwow.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

eonvwoabjwow.com
8.8.8.8:53

rrnuptrt.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

rrnuptrt.com
8.8.8.8:53

ksynclhbmctx.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

ksynclhbmctx.com
8.8.8.8:53

nwakycbynypuhbpkpx.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

nwakycbynypuhbpkpx.com
8.8.8.8:53

kabywdoswjvqgdso.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

kabywdoswjvqgdso.com
8.8.8.8:53

miafnrcwjddy.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

miafnrcwjddy.com
8.8.8.8:53

fjegwqbvoae.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

fjegwqbvoae.com
8.8.8.8:53

ryauwismekfu.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

ryauwismekfu.com
8.8.8.8:53

njopiyisfxnxw.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

njopiyisfxnxw.com
8.8.8.8:53

kuftuiyxrlyrbffu.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

kuftuiyxrlyrbffu.com
8.8.8.8:53

xjxsswjhxpfekmlcwv.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

xjxsswjhxpfekmlcwv.com
8.8.8.8:53

xpgpwjnpcgatgypiepg.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

xpgpwjnpcgatgypiepg.com
8.8.8.8:53

hrwgpaisqjtadka.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

hrwgpaisqjtadka.com
8.8.8.8:53

xtjjsdpqjrckayml.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

xtjjsdpqjrckayml.com
8.8.8.8:53

rirbqsrjqsnw.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

rirbqsrjqsnw.com
8.8.8.8:53

jmdqxtwclkxellkxgn.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

jmdqxtwclkxellkxgn.com
8.8.8.8:53

ggplhlwurkffvsfxxdh.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

ggplhlwurkffvsfxxdh.com
8.8.8.8:53

gjkdyorakldhem.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

gjkdyorakldhem.com
8.8.8.8:53

iaoaagmfylemjyq.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

iaoaagmfylemjyq.com
8.8.8.8:53

gmajhefkqm.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

gmajhefkqm.com
8.8.8.8:53

hbjgehxcf.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

hbjgehxcf.com
8.8.8.8:53

mesctomcqxdvseeesd.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

mesctomcqxdvseeesd.com
8.8.8.8:53

xhxiowpga.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

xhxiowpga.com
8.8.8.8:53

ypwubsqx.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

ypwubsqx.com
8.8.8.8:53

gadwjccnb.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

gadwjccnb.com
8.8.8.8:53

lecgcbtmbnofr.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

lecgcbtmbnofr.com
8.8.8.8:53

wgyndijomue.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

wgyndijomue.com
8.8.8.8:53

riacjyielwbe.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

riacjyielwbe.com
8.8.8.8:53

clufudjixpqmyspofp.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

clufudjixpqmyspofp.com
8.8.8.8:53

otfbjejwjvcno.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

otfbjejwjvcno.com
8.8.8.8:53

takpkwhluhhediie.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

takpkwhluhhediie.com
8.8.8.8:53

ieqpusccgyvca.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

ieqpusccgyvca.com
8.8.8.8:53

pqqvrioftjalqahlo.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

pqqvrioftjalqahlo.com
8.8.8.8:53

omqluoghcqw.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

omqluoghcqw.com
8.8.8.8:53

oxlbfdxd.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

oxlbfdxd.com
8.8.8.8:53

ciqeutekeaojdxcxu.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

ciqeutekeaojdxcxu.com
8.8.8.8:53

qfdufqnr.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

qfdufqnr.com
8.8.8.8:53

uuwqjcksfo.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

uuwqjcksfo.com
8.8.8.8:53

fjaapqjsqreelq.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

fjaapqjsqreelq.com
8.8.8.8:53

yywtmnpgo.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

yywtmnpgo.com
8.8.8.8:53

owjvhbqartmagudc.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

owjvhbqartmagudc.com
8.8.8.8:53

lvhsmwthsn.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

lvhsmwthsn.com
8.8.8.8:53

xsmhhtctdkvikelygk.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

xsmhhtctdkvikelygk.com
8.8.8.8:53

fymctauygyk.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

fymctauygyk.com
8.8.8.8:53

attqfideqdholwyafo.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

attqfideqdholwyafo.com
8.8.8.8:53

lhvlyhgojmdtq.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

lhvlyhgojmdtq.com
8.8.8.8:53

pbpanibyxfajxlr.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

pbpanibyxfajxlr.com
8.8.8.8:53

wbuvoybqnqsbmhcdcfs.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

wbuvoybqnqsbmhcdcfs.com
8.8.8.8:53

ijjuircfabvpqh.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

ijjuircfabvpqh.com
8.8.8.8:53

iueenjqheehbvhpkp.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

iueenjqheehbvhpkp.com
8.8.8.8:53

mrigtuhohkbsju.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

mrigtuhohkbsju.com
8.8.8.8:53

wpahyhff.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

wpahyhff.com
8.8.8.8:53

hgbstappdn.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

hgbstappdn.com
8.8.8.8:53

nfadxfjmdfvqpj.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

nfadxfjmdfvqpj.com
8.8.8.8:53

lkvcgnfsyhvlugcap.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

lkvcgnfsyhvlugcap.com
8.8.8.8:53

jdcfoplrebamtbcqa.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

jdcfoplrebamtbcqa.com
8.8.8.8:53

llhbeoxrxoqk.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

llhbeoxrxoqk.com
8.8.8.8:53

hjxaihieibafwv.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

hjxaihieibafwv.com
8.8.8.8:53

xyttylxriaj.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

xyttylxriaj.com
8.8.8.8:53

jlormrurxa.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

jlormrurxa.com
8.8.8.8:53

gpngcqfqrjmfydxckai.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

gpngcqfqrjmfydxckai.com
8.8.8.8:53

xsflgqxa.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

xsflgqxa.com
8.8.8.8:53

ecguxgqdjcyhggfk.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

ecguxgqdjcyhggfk.com
8.8.8.8:53

vqokjkmppvllwxuk.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

vqokjkmppvllwxuk.com
8.8.8.8:53

ybxgengtxtycjemmqng.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

ybxgengtxtycjemmqng.com
8.8.8.8:53

mshvgpvvs.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

mshvgpvvs.com
8.8.8.8:53

tuddhpqmbadaaht.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

tuddhpqmbadaaht.com
8.8.8.8:53

uxxykffflohlhskeyi.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

uxxykffflohlhskeyi.com
8.8.8.8:53

iibdbafng.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

iibdbafng.com
8.8.8.8:53

rcsllpxjlsypet.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

rcsllpxjlsypet.com
8.8.8.8:53

xfjiribvjqd.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

xfjiribvjqd.com
8.8.8.8:53

mmxqkwglxtdtor.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

mmxqkwglxtdtor.com
8.8.8.8:53

nvsgajhivvn.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

nvsgajhivvn.com
8.8.8.8:53

prqerbwwjvw.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

prqerbwwjvw.com
8.8.8.8:53

xorutrhmdjwmfcpgsvq.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

xorutrhmdjwmfcpgsvq.com
8.8.8.8:53

gnmbqnxvumfclqyug.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

gnmbqnxvumfclqyug.com
8.8.8.8:53

yktervxj.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

yktervxj.com
8.8.8.8:53

iblgthye.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

iblgthye.com
8.8.8.8:53

bfbbvadypijthjh.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

bfbbvadypijthjh.com
8.8.8.8:53

hhtxwgap.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

hhtxwgap.com
8.8.8.8:53

ptxfoqfjjxhdnekeh.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

ptxfoqfjjxhdnekeh.com
8.8.8.8:53

fmwuiydsiqsporrgw.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

fmwuiydsiqsporrgw.com
8.8.8.8:53

faexhycctgxdl.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

faexhycctgxdl.com
8.8.8.8:53

cdorpnmmafnomwyeny.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

cdorpnmmafnomwyeny.com
8.8.8.8:53

eehckdyaxxjqhdo.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

eehckdyaxxjqhdo.com
8.8.8.8:53

rxatjyykg.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

rxatjyykg.com
8.8.8.8:53

yrluloqkxujrvv.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

yrluloqkxujrvv.com
8.8.8.8:53

ltqgnbgqukixovfdaoi.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

ltqgnbgqukixovfdaoi.com
8.8.8.8:53

mmdchhrh.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

mmdchhrh.com
8.8.8.8:53

vqurlimfhvxttpjr.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

vqurlimfhvxttpjr.com
8.8.8.8:53

buoprdhrhaighfcfl.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

buoprdhrhaighfcfl.com
8.8.8.8:53

lvmmllrmkpdll.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

lvmmllrmkpdll.com
8.8.8.8:53

cbscmebdlyfkdeeasmu.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

cbscmebdlyfkdeeasmu.com
8.8.8.8:53

nucpjoumgxmhndsob.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

nucpjoumgxmhndsob.com
8.8.8.8:53

xqelqiidxspuqvi.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

xqelqiidxspuqvi.com
8.8.8.8:53

osajklwmmhjp.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

osajklwmmhjp.com
8.8.8.8:53

qdonhyqsieseoqlm.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

qdonhyqsieseoqlm.com
8.8.8.8:53

nulthurgrjvwqokbic.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

nulthurgrjvwqokbic.com
8.8.8.8:53

gaohkehqjs.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

gaohkehqjs.com
8.8.8.8:53

lrpvmktouq.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

lrpvmktouq.com
8.8.8.8:53

sohwjlifxvlmfguite.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

sohwjlifxvlmfguite.com
8.8.8.8:53

hpswpjjmvccxmimedi.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

hpswpjjmvccxmimedi.com
8.8.8.8:53

ecuamsraikwrwki.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

ecuamsraikwrwki.com
8.8.8.8:53

kyonhkyryembre.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

kyonhkyryembre.com
8.8.8.8:53

vcxkjqaswogrbmqgfyf.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

vcxkjqaswogrbmqgfyf.com
8.8.8.8:53

ksewxcnjo.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

ksewxcnjo.com
8.8.8.8:53

xllnolng.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

xllnolng.com
8.8.8.8:53

treayxvaoaqol.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

treayxvaoaqol.com
8.8.8.8:53

uoqdcxvy.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

uoqdcxvy.com
8.8.8.8:53

xjhhggbuufmlirsmgjx.com

dns

svchost.exe

138 B
142 B
2
1

DNS Request

xjhhggbuufmlirsmgjx.com

DNS Request

xjhhggbuufmlirsmgjx.com
8.8.8.8:53

dsooagtnljlwfpmewvm.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

dsooagtnljlwfpmewvm.com
8.8.8.8:53

cwnwhjtgqtt.com

dns

svchost.exe

61 B
134 B
1
1

DNS Request

cwnwhjtgqtt.com
8.8.8.8:53

dcdtpewhb.com

dns

svchost.exe

59 B
132 B
1
1

DNS Request

dcdtpewhb.com
8.8.8.8:53

havonolwc.com

dns

svchost.exe

59 B
75 B
1
1

DNS Request

havonolwc.com

DNS Response

3.249.135.232
8.8.8.8:53

yvywhtknppwkfcfvyhj.com

dns

svchost.exe

69 B
142 B
1
1

DNS Request

yvywhtknppwkfcfvyhj.com
8.8.8.8:53

yniktagnfeuapbkkjm.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

yniktagnfeuapbkkjm.com
8.8.8.8:53

eijabgcrvhynghfx.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

eijabgcrvhynghfx.com
8.8.8.8:53

vomdkymumbypgiqba.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

vomdkymumbypgiqba.com
8.8.8.8:53

gggyexvskphnets.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

gggyexvskphnets.com
8.8.8.8:53

ivjbicjj.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

ivjbicjj.com
8.8.8.8:53

qqtxsbps.com

dns

svchost.exe

58 B
131 B
1
1

DNS Request

qqtxsbps.com
8.8.8.8:53

ljxvlmvyyqjch.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

ljxvlmvyyqjch.com
8.8.8.8:53

uqmgwttutorxwgums.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

uqmgwttutorxwgums.com
8.8.8.8:53

kfucikjlowsaypemxe.com

dns

svchost.exe

68 B
141 B
1
1

DNS Request

kfucikjlowsaypemxe.com
8.8.8.8:53

dtqmfjuwgawuoswof.com

dns

svchost.exe

67 B
140 B
1
1

DNS Request

dtqmfjuwgawuoswof.com
8.8.8.8:53

hvjunwdwyoypxkk.com

dns

svchost.exe

65 B
138 B
1
1

DNS Request

hvjunwdwyoypxkk.com
8.8.8.8:53

uhguoyhafk.com

dns

svchost.exe

60 B
133 B
1
1

DNS Request

uhguoyhafk.com
8.8.8.8:53

nyigwkvffift.com

dns

svchost.exe

62 B
135 B
1
1

DNS Request

nyigwkvffift.com
8.8.8.8:53

gllurecirqjdybfy.com

dns

svchost.exe

66 B
139 B
1
1

DNS Request

gllurecirqjdybfy.com
8.8.8.8:53

oqrmgtfyglxye.com

dns

svchost.exe

63 B
136 B
1
1

DNS Request

oqrmgtfyglxye.com
8.8.8.8:53

jkocxjytlxvytl.com

dns

svchost.exe

64 B
137 B
1
1

DNS Request

jkocxjytlxvytl.com

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Privilege Escalation

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Boot or Logon Autostart Execution

T1547

Registry Run Keys / Startup Folder

T1547.001

Winlogon Helper DLL

T1547.004

Defense Evasion

Abuse Elevation Control Mechanism

T1548

Bypass User Account Control

T1548.002

Impair Defenses

T1562

Disable or Modify Tools

T1562.001

Modify Registry

T1112

Credential Access

Discovery

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\fqdftfsr\nwureicf.exe

Filesize
129KB

MD5
85d42b5c420227011a4af768f443a3a8

SHA1
d22b5759f7331c483d7bb5780a267ef171aa3fe5

SHA256
b194c460c0616b3c5bfc0e13950a7642a777b0927bb5036ecf1477042d1831e8

SHA512
14ca801115ead33c7c6897375fa8d16d9679ee7dbda980370ae3d83a456a664e0bda357f146e340029f775435759a6925c9b96a4d3da704f59b6fbb0cd57c485

Download Submit
memory/2656-37-0x000000007720F000-0x0000000077210000-memory.dmp

Filesize
4KB

Download
memory/2656-3-0x00000000005D0000-0x00000000005D1000-memory.dmp

Filesize
4KB

Download
memory/2656-2-0x00000000003F0000-0x00000000003F1000-memory.dmp

Filesize
4KB

Download
memory/2656-12-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2656-0-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2656-74-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2656-54-0x0000000077210000-0x0000000077211000-memory.dmp

Filesize
4KB

Download
memory/2656-4-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2656-36-0x0000000077210000-0x0000000077211000-memory.dmp

Filesize
4KB

Download
memory/2716-83-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-89-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-92-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-32-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-26-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-91-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-90-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-84-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-45-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-88-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-55-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-51-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-44-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-87-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2716-85-0x0000000020010000-0x000000002002C000-memory.dmp

Filesize
112KB

Download
memory/2816-15-0x0000000020010000-0x000000002001C000-memory.dmp

Filesize
48KB

Download
memory/2816-14-0x0000000000050000-0x0000000000051000-memory.dmp

Filesize
4KB

Download
memory/2816-13-0x0000000000070000-0x0000000000071000-memory.dmp

Filesize
4KB

Download
memory/2816-8-0x0000000000050000-0x0000000000051000-memory.dmp

Filesize
4KB

Download
memory/2816-6-0x0000000020010000-0x000000002001C000-memory.dmp

Filesize
48KB

Download
memory/2816-20-0x0000000000060000-0x0000000000061000-memory.dmp

Filesize
4KB

Download
memory/2816-22-0x0000000020010000-0x000000002001C000-memory.dmp

Filesize
48KB

Download
memory/2816-21-0x0000000020010000-0x000000002001C000-memory.dmp

Filesize
48KB

Download
memory/2816-19-0x0000000020010000-0x000000002001C000-memory.dmp

Filesize
48KB

Download
memory/2904-82-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download
memory/2960-75-0x0000000000400000-0x000000000043A000-memory.dmp

Filesize
232KB

Download

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Response

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Request

DNS Response

DNS Request