Analysis Date2016-04-29 04:50:25
MD531e18c04ec0853d3f9c709c83d101f1b
SHA179b4c0c8275af34fc5d12ffdb7fadf93f1e66323

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 0d91e90ef095c6611fda31b34c1051d6 sha1: 58698d71bb2228d893ce8fe90e354753b4361f65 size: 678400
Section.rdata md5: adb438359e68c03d2422735bded7070f sha1: 0fe12148bce10a6de67c7bbaef618b6ee0d2d9da size: 252928
Section.data md5: 914fd6b7286028eeda2124350088917a sha1: 6f82bc097b125a7ff40faf20fcc1a37992eb3007 size: 5120
Section.reloc md5: 25aadd0a69518d836b7cf7a793a49885 sha1: 5a20e1bd86287d57dfc8fe8c9153f7b49cd389c3 size: 90624
Timestamp2015-01-03 23:29:11
PackerMicrosoft Visual C++ ?.?
PEhash836811c03bfd9195760849524df747df01887b47
IMPhash28e65f33271b292cadd3345242898ab3
AVCA (E-Trust Ino)Gen:Variant.Razy.14896
AVF-SecureGen:Variant.Razy.14896
AVDr. WebNo Virus
AVClamAVNo Virus
AVArcabit (arcavir)Gen:Variant.Razy.14896
AVBullGuardGen:Variant.Razy.14896
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)TrojanSpy.Nivdort.WR4
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Swizzor.e
AVZillya!No Virus
AVEmsisoftGen:Variant.Razy.14896
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)No Virus
AVAuthentiumNo Virus
AVMalwareBytesNo Virus
AVMicroWorld (escan)Gen:Variant.Razy.14896
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.DU
AVK7Trojan ( 004da8bd1 )
AVBitDefenderGen:Variant.Razy.14896
AVFortinetW32/Bayrob.AQ!tr
AVSymantecTrojan.Bayrob!gen7
AVGrisoft (avg)No Virus
AVEset (nod32)Win32/Bayrob.BK
AVAlwil (avast)Evo-gen [Susp]
AVAd-AwareGen:Variant.Razy.14896
AVTwisterNo Virus
AVAvira (antivir)TR/Nivdort.xcov
AVMcafeeNivdort!31E18C04EC08
AVRisingNo Virus

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\pea5nks0djnw39crubxqlf.exe
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\tluoolqefqg\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\pea5nks0djnw39crubxqlf.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\pea5nks0djnw39crubxqlf.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Defragmenter Now Compatibility Provider ➝
C:\WINDOWS\system32\tacjghsili.exe
Creates FileC:\WINDOWS\system32\tacjghsili.exe
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\tluoolqefqg\lck
Creates FileC:\WINDOWS\system32\tluoolqefqg\tst
Creates ProcessC:\WINDOWS\system32\tacjghsili.exe
Creates ServiceEncryption Visual Sharing Bus - C:\WINDOWS\system32\tacjghsili.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates FileWMIDataDevice
Creates File\Device\Afd\Endpoint

Process
↳ Pid 804

Process
↳ Pid 852

Process
↳ C:\WINDOWS\System32\svchost.exe

Creates FileC:\WINDOWS\Prefetch\RUNDLL32.EXE-1BC69D2D.pf
Creates FileC:\WINDOWS\Prefetch\SNWLHKVRCRP.EXE-272BEA01.pf
Creates FileC:\WINDOWS\Prefetch\TACJGHSILI.EXE-1C5BD14F.pf
Creates FileC:\WINDOWS\Prefetch\PEA5NKS0DJNW39CRUBXQLF.EXE-0F42F2A5.pf
Creates FileC:\WINDOWS\Prefetch\CMD.EXE-087B4001.pf
Creates FileC:\WINDOWS\Prefetch\NET1.EXE-029B9DB4.pf
Creates FileC:\WINDOWS\Prefetch\PEA5NKS0L4AT0OCR.EXE-2EDC2090.pf
Creates FileC:\WINDOWS\Prefetch\EXPLORER.EXE-082F38A9.pf
Creates FileC:\WINDOWS\Prefetch\READER_SL.EXE-3614FA6E.pf
Creates FileC:\WINDOWS\Prefetch\USERINIT.EXE-30B18140.pf
Creates FileC:\WINDOWS\Prefetch\monitor.exe-1949D260.pf
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log
Creates FileC:\WINDOWS\Prefetch\svchost.EXE-0C867EC1.pf

Process
↳ Pid 1208

Process
↳ Pid 1320

Process
↳ Pid 996

Process
↳ C:\WINDOWS\system32\tacjghsili.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\system32\snwlhkvrcrp.exe
Creates FileC:\WINDOWS\system32\tluoolqefqg\rng
Creates FileC:\WINDOWS\TEMP\pea5nks0l4at0ocr.exe
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\WINDOWS\system32\tluoolqefqg\run
Creates FileWMIDataDevice
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\tluoolqefqg\cfg
Creates FileC:\WINDOWS\system32\tluoolqefqg\lck
Creates File\Device\Afd\Endpoint
Creates FileC:\WINDOWS\system32\tluoolqefqg\tst
Deletes FileC:\WINDOWS\TEMP\pea5nks0l4at0ocr.exe
Creates ProcessC:\WINDOWS\TEMP\pea5nks0l4at0ocr.exe -r 31601 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\tacjghsili.exe"

Process
↳ C:\WINDOWS\system32\tacjghsili.exe

Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\tluoolqefqg\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\tacjghsili.exe"

Creates FileC:\WINDOWS\system32\tluoolqefqg\tst

Process
↳ C:\WINDOWS\TEMP\pea5nks0l4at0ocr.exe -r 31601 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSriddenstorm.net
Type: A
66.147.240.171
DNSsightguide.net
Type: A
95.143.172.148
DNScaseguide.net
Type: A
195.22.28.196
DNScaseguide.net
Type: A
195.22.28.197
DNScaseguide.net
Type: A
195.22.28.198
DNScaseguide.net
Type: A
195.22.28.199
DNSquickname.net
Type: A
184.168.221.104
DNScaselate.net
Type: A
72.52.4.90
DNSquickguide.net
Type: A
207.148.248.143
DNSquicklate.net
Type: A
208.100.26.234
DNSquickname.ru
Type: A
94.76.205.132
DNSdarkhalf.net
Type: A
173.236.166.37
DNSsightlady.net
Type: A
192.64.119.29
DNScloudguide.net
Type: A
72.52.4.91
DNScloudname.net
Type: A
84.49.232.107
DNSheadwing.net
Type: A
199.34.228.59
DNSheadfish.net
Type: A
46.30.211.213
DNSquickwing.net
Type: A
184.168.221.96
DNSmeatlady.net
Type: A
184.168.221.45
DNSsightfish.net
Type: A
211.5.66.82
DNSmeatpast.net
Type: A
195.22.28.199
DNSmeatpast.net
Type: A
195.22.28.198
DNSmeatpast.net
Type: A
195.22.28.197
DNSmeatpast.net
Type: A
195.22.28.196
DNScloudfish.net
Type: A
184.168.221.62
DNSdarkfish.net
Type: A
74.96.70.52
DNSsickfish.net
Type: A
97.74.144.212
DNSmilklady.net
Type: A
192.254.233.58
DNStriedlady.net
Type: A
208.100.26.234
DNSmilkfish.net
Type: A
72.229.50.66
DNSwithwing.net
Type: A
36.3.112.226
DNShillborn.net
Type: A
184.168.221.42
DNSdutywing.net
Type: A
195.22.26.248
DNSsicklady.net
Type: A
157.7.107.124
DNSablecroud.net
Type: A
195.22.28.196
DNSablecroud.net
Type: A
195.22.28.197
DNSablecroud.net
Type: A
195.22.28.198
DNSablecroud.net
Type: A
195.22.28.199
DNSmoveprice.net
Type: A
184.168.221.45
DNSmeatfish.net
Type: A
185.103.173.2
DNSlookraise.net
Type: A
208.100.26.234
DNSdarkwing.net
Type: A
207.96.1.77
DNScloudpast.net
Type: A
208.100.26.234
DNSroomfood.net
Type: A
203.170.80.252
DNSjumpneck.net
Type: A
195.22.28.197
DNSjumpneck.net
Type: A
195.22.28.198
DNSjumpneck.net
Type: A
195.22.28.199
DNSjumpneck.net
Type: A
195.22.28.196
DNSdrinkfood.net
Type: A
213.145.228.16
DNSknowtoday.net
Type: A
198.64.249.65
DNSknowseven.net
Type: A
208.100.26.234
DNSjumpcloth.net
Type: A
208.100.26.234
DNSsongseven.net
Type: A
66.6.44.4
DNSknowsome.net
Type: A
27.124.118.252
DNSsigntoday.net
Type: A
158.181.48.33
DNShillseven.net
Type: A
184.168.221.25
DNSmovetoday.net
Type: A
184.168.221.52
DNSjumptoday.net
Type: A
184.168.221.18
DNSfeltseven.net
Type: A
195.22.28.198
DNSfeltseven.net
Type: A
195.22.28.199
DNSfeltseven.net
Type: A
195.22.28.196
DNSfeltseven.net
Type: A
195.22.28.197
DNSthreesome.net
Type: A
72.52.4.119
DNSknowbody.net
Type: A
208.73.211.195
DNSknowbody.net
Type: A
208.73.211.183
DNSknowbody.net
Type: A
208.73.211.192
DNSknowbody.net
Type: A
208.73.211.179
DNSablebody.net
Type: A
66.238.232.70
DNSthreeseven.net
Type: A
122.114.108.153
DNSroomtell.net
Type: A
208.100.26.234
DNSsigntell.net
Type: A
184.168.221.31
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSthreebody.net
Type: A
66.96.149.1
DNSdrinktell.net
Type: A
208.91.197.27
DNSdrinkbody.net
Type: A
195.22.28.196
DNSdrinkbody.net
Type: A
195.22.28.199
DNSdrinkbody.net
Type: A
195.22.28.198
DNSdrinkbody.net
Type: A
195.22.28.197
DNSjumphigh.net
Type: A
207.148.248.143
DNSjumpfeel.net
Type: A
213.186.33.5
DNSmovehigh.net
Type: A
52.0.217.44
DNSjumpcolor.net
Type: A
184.168.152.56
DNSlookfeel.net
Type: A
207.148.248.143
DNSfelthigh.net
Type: A
208.100.26.234
DNSmelbourneit.hotkeysparking.com
Type: A
8.5.1.16
DNSlordonly.net
Type: A
64.71.40.23
DNSknowname.net
Type: A
50.63.202.74
DNSableguide.net
Type: A
195.22.28.197
DNSableguide.net
Type: A
195.22.28.196
DNSableguide.net
Type: A
195.22.28.198
DNSableguide.net
Type: A
195.22.28.199
DNSsongname.net
Type: A
162.244.253.17
DNSthreehigh.net
Type: A
175.28.4.6
DNSthreecolor.net
Type: A
93.89.17.170
DNSwifeabout.net
Type: A
DNSresultneedle.net
Type: A
DNSermintrudesymphony.net
Type: A
DNSlordofthepings.ru
Type: A
DNSsightname.ru
Type: A
DNSsightname.net
Type: A
DNStheseguide.net
Type: A
DNStheselate.net
Type: A
DNSsightlate.net
Type: A
DNScasehalf.ru
Type: A
DNScasehalf.net
Type: A
DNSheadhalf.net
Type: A
DNScasename.net
Type: A
DNSheadname.net
Type: A
DNSheadguide.ru
Type: A
DNSheadguide.net
Type: A
DNSheadlate.net
Type: A
DNSquickhalf.net
Type: A
DNSthenhalf.net
Type: A
DNSthenname.net
Type: A
DNSthenguide.net
Type: A
DNSthenlate.net
Type: A
DNSthenlate.ru
Type: A
DNSsundayhalf.net
Type: A
DNSmosthalf.net
Type: A
DNSsundayname.net
Type: A
DNSsundayguide.ru
Type: A
DNSsundayguide.net
Type: A
DNSmostname.net
Type: A
DNSmostguide.net
Type: A
DNSsundaylate.net
Type: A
DNSmostlate.net
Type: A
DNSsickhalf.ru
Type: A
DNSmeathalf.net
Type: A
DNSsickhalf.net
Type: A
DNSmeatname.net
Type: A
DNSsickname.net
Type: A
DNSmeatguide.net
Type: A
DNSsickguide.net
Type: A
DNSmeatlate.net
Type: A
DNSmeatlate.ru
Type: A
DNSsicklate.net
Type: A
DNScloudhalf.net
Type: A
DNSdarkname.net
Type: A
DNSdarkname.ru
Type: A
DNSdarkguide.net
Type: A
DNScloudlate.net
Type: A
DNSdarklate.net
Type: A
DNSmilkwing.ru
Type: A
DNStheselady.net
Type: A
DNSthesefish.net
Type: A
DNScasewing.net
Type: A
DNSheadwing.ru
Type: A
DNScasepast.net
Type: A
DNSheadpast.net
Type: A
DNScaselady.net
Type: A
DNSheadlady.net
Type: A
DNScasefish.ru
Type: A
DNScasefish.net
Type: A
DNSthenwing.net
Type: A
DNSquickpast.net
Type: A
DNSthenpast.ru
Type: A
DNSthenpast.net
Type: A
DNSquicklady.net
Type: A
DNSthenlady.net
Type: A
DNSquickfish.net
Type: A
DNSthenfish.net
Type: A
DNSsundaywing.ru
Type: A
DNSmostlady.net
Type: A
DNSsundayfish.net
Type: A
DNSmostfish.net
Type: A
DNSmostlady.ru
Type: A
DNSsundaylady.net
Type: A
DNSsundaywing.net
Type: A
DNSmeatwing.net
Type: A
DNSsickwing.net
Type: A
DNSdutylady.net
Type: A
DNSmeatpast.ru
Type: A
DNStriedlady.ru
Type: A
DNSsickpast.net
Type: A
DNSwithlady.net
Type: A
DNSsightwing.net
Type: A
DNSthesepast.net
Type: A
DNStriedpast.net
Type: A
DNSsickfish.ru
Type: A
DNSwithfish.net
Type: A
DNScloudwing.net
Type: A
DNSthesewing.net
Type: A
DNSwithpast.net
Type: A
DNStriedfish.net
Type: A
DNSdutyfish.ru
Type: A
DNScloudlady.net
Type: A
DNSdarklady.net
Type: A
DNSdutyfish.net
Type: A
DNStheselady.ru
Type: A
DNSdutypast.net
Type: A
DNSwithpast.ru
Type: A
DNSmilkwing.net
Type: A
DNSsightpast.net
Type: A
DNSablecloth.ru
Type: A
DNSmilkpast.net
Type: A
DNSablecloth.net
Type: A
DNSknowpaid.net
Type: A
DNSablepaid.net
Type: A
DNSknowborn.ru
Type: A
DNSknowborn.net
Type: A
DNSableborn.net
Type: A
DNSpickcloth.net
Type: A
DNSsongcloth.net
Type: A
DNSsongpaid.ru
Type: A
DNSpickpaid.net
Type: A
DNSsongpaid.net
Type: A
DNSpickaugust.net
Type: A
DNSsongaugust.net
Type: A
DNSpickborn.net
Type: A
DNSsongborn.net
Type: A
DNSroomcloth.ru
Type: A
DNSroomcloth.net
Type: A
DNSsigncloth.net
Type: A
DNSroompaid.net
Type: A
DNSsignpaid.net
Type: A
DNSroomaugust.net
Type: A
DNSsignaugust.ru
Type: A
DNSsignborn.net
Type: A
DNSmoveaugust.net
Type: A
DNSjumpaugust.net
Type: A
DNSmoveborn.net
Type: A
DNSjumpborn.ru
Type: A
DNSjumpborn.net
Type: A
DNSroomborn.net
Type: A
DNShillcloth.net
Type: A
DNSwhomcloth.net
Type: A
DNShillpaid.net
Type: A
DNSwhompaid.net
Type: A
DNShillaugust.ru
Type: A
DNShillaugust.net
Type: A
DNSwhomborn.net
Type: A
DNSfeltcloth.net
Type: A
DNSlookcloth.ru
Type: A
DNSlookcloth.net
Type: A
DNSfeltpaid.net
Type: A
DNSlookpaid.net
Type: A
DNSfeltaugust.net
Type: A
DNSlookaugust.net
Type: A
DNSfeltborn.ru
Type: A
DNSfeltborn.net
Type: A
DNSlookborn.net
Type: A
DNSthreecloth.net
Type: A
DNSlordcloth.net
Type: A
DNSthreepaid.net
Type: A
DNSlordpaid.ru
Type: A
DNSlordpaid.net
Type: A
DNSthreeaugust.net
Type: A
DNSlordaugust.net
Type: A
DNSthreeborn.net
Type: A
DNSlordborn.net
Type: A
DNSdrinkcloth.ru
Type: A
DNSdrinkcloth.net
Type: A
DNSwifecloth.net
Type: A
DNSdrinkpaid.net
Type: A
DNSwifepaid.net
Type: A
DNSdrinkaugust.net
Type: A
DNSwifeaugust.ru
Type: A
DNSwifeaugust.net
Type: A
DNSdrinkborn.net
Type: A
DNSwifeborn.net
Type: A
DNSknowprice.net
Type: A
DNSableprice.net
Type: A
DNSknowcroud.ru
Type: A
DNSknowcroud.net
Type: A
DNSknowraise.net
Type: A
DNSableraise.net
Type: A
DNSknowreach.net
Type: A
DNSablereach.ru
Type: A
DNSablereach.net
Type: A
DNSpickprice.net
Type: A
DNSsongprice.net
Type: A
DNSpickcroud.net
Type: A
DNSsongcroud.net
Type: A
DNSpickraise.ru
Type: A
DNSpickraise.net
Type: A
DNSsongraise.net
Type: A
DNSpickreach.net
Type: A
DNSsongreach.net
Type: A
DNSroomprice.net
Type: A
DNSsignprice.ru
Type: A
DNSsignprice.net
Type: A
DNSroomcroud.net
Type: A
DNSsigncroud.net
Type: A
DNSroomraise.net
Type: A
DNSsignraise.net
Type: A
DNSroomreach.ru
Type: A
DNSroomreach.net
Type: A
DNSsignreach.net
Type: A
DNSjumpprice.net
Type: A
DNSmovecroud.net
Type: A
DNSjumpcroud.ru
Type: A
DNSjumpcroud.net
Type: A
DNSmoveraise.net
Type: A
DNSjumpraise.net
Type: A
DNSmovereach.net
Type: A
DNSjumpreach.net
Type: A
DNShillprice.ru
Type: A
DNShillprice.net
Type: A
DNSwhomprice.net
Type: A
DNShillcroud.net
Type: A
DNSwhomcroud.net
Type: A
DNShillraise.net
Type: A
DNSwhomraise.ru
Type: A
DNSwhomraise.net
Type: A
DNShillreach.net
Type: A
DNSwhomreach.net
Type: A
DNSfeltprice.net
Type: A
DNSlookprice.net
Type: A
DNSfeltcroud.ru
Type: A
DNSfeltcroud.net
Type: A
DNSlookcroud.net
Type: A
DNSfeltraise.net
Type: A
DNSfeltreach.net
Type: A
DNSlookreach.ru
Type: A
DNSlookreach.net
Type: A
DNSthreeprice.net
Type: A
DNSlordprice.net
Type: A
DNSthreecroud.net
Type: A
DNStriedwing.net
Type: A
DNSlordcroud.net
Type: A
DNSthreeraise.ru
Type: A
DNSthreeraise.net
Type: A
DNSlordraise.net
Type: A
DNSthreereach.net
Type: A
DNSlordreach.net
Type: A
DNSdrinkprice.net
Type: A
DNSwifeprice.ru
Type: A
DNSwifeprice.net
Type: A
DNSdrinkcroud.net
Type: A
DNSwifecroud.net
Type: A
DNSdrinkraise.net
Type: A
DNSwiferaise.net
Type: A
DNSdrinkreach.ru
Type: A
DNSdrinkreach.net
Type: A
DNSwifereach.net
Type: A
DNSmostwing.net
Type: A
DNSknowneck.net
Type: A
DNSableneck.net
Type: A
DNSknowshown.net
Type: A
DNSableshown.ru
Type: A
DNSableshown.net
Type: A
DNSmostpast.net
Type: A
DNSknowfood.net
Type: A
DNSablefood.net
Type: A
DNSknowmeet.net
Type: A
DNSablemeet.net
Type: A
DNSpickneck.ru
Type: A
DNSpickneck.net
Type: A
DNSsongneck.net
Type: A
DNSpickshown.net
Type: A
DNSsongshown.net
Type: A
DNSsundaypast.net
Type: A
DNSpickfood.net
Type: A
DNSsongfood.ru
Type: A
DNSsongfood.net
Type: A
DNSpickmeet.net
Type: A
DNSsongmeet.net
Type: A
DNSroomneck.net
Type: A
DNSsignneck.net
Type: A
DNSroomshown.ru
Type: A
DNSroomshown.net
Type: A
DNSdarkpast.net
Type: A
DNSsignshown.net
Type: A
DNScloudlady.ru
Type: A
DNSsignfood.net
Type: A
DNSroommeet.net
Type: A
DNSsignmeet.ru
Type: A
DNSsignmeet.net
Type: A
DNSmoveneck.net
Type: A
DNSknowcloth.net
Type: A
DNSmoveshown.net
Type: A
DNSjumpshown.net
Type: A
DNSmovefood.ru
Type: A
DNSmovefood.net
Type: A
DNSjumpfood.net
Type: A
DNSmovemeet.net
Type: A
DNSknowaugust.net
Type: A
DNSwhomneck.net
Type: A
DNShillshown.net
Type: A
DNSableaugust.net
Type: A
DNSwhomshown.net
Type: A
DNShillfood.net
Type: A
DNSwhomfood.net
Type: A
DNShillmeet.ru
Type: A
DNSjumpmeet.net
Type: A
DNShillmeet.net
Type: A
DNShillneck.net
Type: A
DNSwhommeet.net
Type: A
DNSwhomneck.ru
Type: A
DNSfeltneck.net
Type: A
DNSlookneck.net
Type: A
DNSfeltshown.net
Type: A
DNSsignaugust.net
Type: A
DNSlookshown.ru
Type: A
DNSlookshown.net
Type: A
DNSfeltfood.net
Type: A
DNSlookfood.net
Type: A
DNSfeltmeet.net
Type: A
DNSlookmeet.net
Type: A
DNSthreeneck.net
Type: A
DNSmovecloth.net
Type: A
DNSlordshown.net
Type: A
DNSthreeneck.ru
Type: A
DNSlordmeet.net
Type: A
DNSdrinkneck.net
Type: A
DNSwifeneck.net
Type: A
DNSlordneck.net
Type: A
DNSdrinkshown.ru
Type: A
DNSthreeshown.net
Type: A
DNSdrinkshown.net
Type: A
DNSwifeshown.net
Type: A
DNSthreefood.net
Type: A
DNSlordfood.ru
Type: A
DNSwifefood.net
Type: A
DNSdrinkmeet.net
Type: A
DNSwifemeet.ru
Type: A
DNSlordfood.net
Type: A
DNSwifemeet.net
Type: A
DNSthreemeet.net
Type: A
DNSmovepaid.ru
Type: A
DNSmovepaid.net
Type: A
DNSableseven.net
Type: A
DNSjumppaid.net
Type: A
DNSabletoday.net
Type: A
DNSknowsuch.net
Type: A
DNSablesuch.net
Type: A
DNSwhomaugust.net
Type: A
DNSpicksome.net
Type: A
DNSsongsome.ru
Type: A
DNSablesome.net
Type: A
DNSsongsome.net
Type: A
DNSpickseven.net
Type: A
DNSknowtoday.ru
Type: A
DNSpicktoday.net
Type: A
DNSsongtoday.net
Type: A
DNSpicksuch.ru
Type: A
DNSpicksuch.net
Type: A
DNSsongsuch.net
Type: A
DNSroomsome.net
Type: A
DNSsignsome.net
Type: A
DNSroomseven.net
Type: A
DNSsignseven.ru
Type: A
DNSsignseven.net
Type: A
DNSroomtoday.net
Type: A
DNSroomsuch.net
Type: A
DNSmovesome.net
Type: A
DNSjumpsome.net
Type: A
DNSmoveseven.net
Type: A
DNSsignsuch.net
Type: A
DNSmovesome.ru
Type: A
DNShillsome.net
Type: A
DNSwhomsome.net
Type: A
DNShillseven.ru
Type: A
DNSjumpseven.net
Type: A
DNSwhomseven.net
Type: A
DNShilltoday.net
Type: A
DNSwhomtoday.net
Type: A
DNSjumptoday.ru
Type: A
DNSmovesuch.net
Type: A
DNSwhomsuch.net
Type: A
DNSjumpsuch.net
Type: A
DNSfeltsome.net
Type: A
DNSlooksome.net
Type: A
DNSlookseven.net
Type: A
DNShillsuch.net
Type: A
DNSfelttoday.ru
Type: A
DNSfelttoday.net
Type: A
DNSwhomsuch.ru
Type: A
DNSlooktoday.net
Type: A
DNSfeltsuch.net
Type: A
DNSlooksuch.net
Type: A
DNSlordsome.ru
Type: A
DNSlordsome.net
Type: A
DNSlordseven.net
Type: A
DNSthreetoday.net
Type: A
DNSlordtoday.net
Type: A
DNSthreesuch.ru
Type: A
DNSthreesuch.net
Type: A
DNSlordsuch.net
Type: A
DNSdrinksome.net
Type: A
DNSwifesome.net
Type: A
DNSdrinkseven.net
Type: A
DNSwifeseven.ru
Type: A
DNSwifeseven.net
Type: A
DNSdrinktoday.net
Type: A
DNSwifetoday.net
Type: A
DNSdrinksuch.net
Type: A
DNSwifesuch.net
Type: A
DNSknowdare.ru
Type: A
DNSknowdare.net
Type: A
DNSabledare.net
Type: A
DNSablebody.ru
Type: A
DNSpickdance.ru
Type: A
DNSknowdance.net
Type: A
DNSabledance.net
Type: A
DNSsongdance.net
Type: A
DNSsongbody.net
Type: A
DNSpicktell.net
Type: A
DNSknowtell.net
Type: A
DNSsongtell.ru
Type: A
DNSabletell.net
Type: A
DNSsongtell.net
Type: A
DNSpickdare.net
Type: A
DNSroomdare.net
Type: A
DNSsongdare.net
Type: A
DNSpickdance.net
Type: A
DNSpickbody.net
Type: A
DNSroomdance.net
Type: A
DNSroombody.ru
Type: A
DNSroombody.net
Type: A
DNSsignbody.net
Type: A
DNSmovedare.net
Type: A
DNSsigndare.net
Type: A
DNSjumpdare.ru
Type: A
DNSjumpdare.net
Type: A
DNSsigndance.net
Type: A
DNSmovedance.net
Type: A
DNSjumpdance.net
Type: A
DNSmovebody.net
Type: A
DNSjumpbody.net
Type: A
DNShilldare.net
Type: A
DNShilldance.net
Type: A
DNSwhomdance.ru
Type: A
DNSmovetell.ru
Type: A
DNSwhombody.net
Type: A
DNSmovetell.net
Type: A
DNShilltell.net
Type: A
DNSjumptell.net
Type: A
DNSwhomtell.net
Type: A
DNSfeltdare.ru
Type: A
DNSfeltdare.net
Type: A
DNSwhomdare.net
Type: A
DNSlookdare.net
Type: A
DNSwhomdance.net
Type: A
DNSlookdance.net
Type: A
DNSfeltbody.net
Type: A
DNShillbody.net
Type: A
DNSfelttell.net
Type: A
DNSfeltdance.net
Type: A
DNSlooktell.net
Type: A
DNSlookbody.ru
Type: A
DNSlookbody.net
Type: A
DNSthreetell.net
Type: A
DNSthreedare.net
Type: A
DNSlordtell.net
Type: A
DNSlorddare.net
Type: A
DNSthreedance.ru
Type: A
DNSthreedance.net
Type: A
DNSdrinkdance.net
Type: A
DNSlorddance.net
Type: A
DNSwifedance.net
Type: A
DNSlordbody.net
Type: A
DNSwifebody.net
Type: A
DNSlordtell.ru
Type: A
DNSdrinkdare.net
Type: A
DNSwifetell.net
Type: A
DNSwifedare.net
Type: A
DNSknowfeel.net
Type: A
DNSablefeel.ru
Type: A
DNSdrinkbody.ru
Type: A
DNSablefeel.net
Type: A
DNSablehigh.net
Type: A
DNSablecolor.net
Type: A
DNSknowonly.ru
Type: A
DNSknowhigh.net
Type: A
DNSpickfeel.net
Type: A
DNSsongfeel.net
Type: A
DNSpickhigh.net
Type: A
DNSknowcolor.net
Type: A
DNSknowonly.net
Type: A
DNSableonly.net
Type: A
DNSsongonly.net
Type: A
DNSroomfeel.net
Type: A
DNSsignfeel.net
Type: A
DNSroomhigh.net
Type: A
DNSsonghigh.ru
Type: A
DNSsignhigh.net
Type: A
DNSsonghigh.net
Type: A
DNSpickcolor.net
Type: A
DNSroomcolor.net
Type: A
DNSsigncolor.ru
Type: A
DNSsongcolor.net
Type: A
DNSpickonly.net
Type: A
DNSsigncolor.net
Type: A
DNSroomfeel.ru
Type: A
DNSmovehigh.ru
Type: A
DNSroomonly.net
Type: A
DNSmovecolor.net
Type: A
DNSsignonly.net
Type: A
DNSmovefeel.net
Type: A
DNSmoveonly.net
Type: A
DNSjumponly.ru
Type: A
DNSwhomcolor.net
Type: A
DNSjumponly.net
Type: A
DNShillfeel.net
Type: A
DNSwhomonly.net
Type: A
DNSwhomfeel.net
Type: A
DNSfeltfeel.net
Type: A
DNSlookfeel.ru
Type: A
DNShillhigh.net
Type: A
DNSwhomhigh.net
Type: A
DNShillcolor.ru
Type: A
DNShillcolor.net
Type: A
DNShillonly.net
Type: A
DNSlookcolor.net
Type: A
DNSlookhigh.net
Type: A
DNSfeltcolor.net
Type: A
DNSlordcolor.net
Type: A
DNSfeltonly.ru
Type: A
DNSthreeonly.net
Type: A
DNSfeltonly.net
Type: A
DNSdrinkfeel.ru
Type: A
DNSlookonly.net
Type: A
DNSthreefeel.net
Type: A
DNSdrinkhigh.net
Type: A
DNSlordfeel.net
Type: A
DNSlordhigh.ru
Type: A
DNSdrinkcolor.net
Type: A
DNSlordhigh.net
Type: A
DNSdrinkfeel.net
Type: A
DNSwifefeel.net
Type: A
DNSwifeonly.net
Type: A
DNSknowhalf.net
Type: A
DNSablehalf.net
Type: A
DNSwifehigh.net
Type: A
DNSknowname.ru
Type: A
DNSwifecolor.ru
Type: A
DNSwifecolor.net
Type: A
DNSdrinkonly.net
Type: A
DNSknowlate.net
Type: A
DNSablelate.ru
Type: A
DNSablename.net
Type: A
DNSpickname.net
Type: A
DNSknowguide.net
Type: A
DNSablelate.net
Type: A
DNSpickhalf.net
Type: A
DNSsonglate.net
Type: A
DNSsonghalf.net
Type: A
DNSroomhalf.net
Type: A
DNSroomname.net
Type: A
DNSpickguide.ru
Type: A
DNSpickguide.net
Type: A
DNSsongguide.net
Type: A
DNSpicklate.net
Type: A
DNSsignhalf.ru
Type: A
DNSsignhalf.net
Type: A
HTTP GEThttp://131.72.139.16/index.php
User-Agent:
HTTP GEThttp://173.236.150.135:8080/index.php
User-Agent:
HTTP GEThttp://185.106.120.168/index.php
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php
User-Agent:
HTTP GEThttp://quickname.net/index.php
User-Agent:
HTTP GEThttp://sightguide.net/index.php
User-Agent:
HTTP GEThttp://caseguide.net/index.php
User-Agent:
HTTP GEThttp://caselate.net/index.php
User-Agent:
HTTP GEThttp://quicklate.net/index.php
User-Agent:
HTTP GEThttp://quickname.ru/index.php
User-Agent:
HTTP GEThttp://quickguide.net/index.php
User-Agent:
HTTP GEThttp://darkhalf.net/index.php
User-Agent:
HTTP GEThttp://sightlady.net/index.php
User-Agent:
HTTP GEThttp://cloudname.net/index.php
User-Agent:
HTTP GEThttp://cloudguide.net/index.php
User-Agent:
HTTP GEThttp://headwing.net/index.php
User-Agent:
HTTP GEThttp://quickwing.net/index.php
User-Agent:
HTTP GEThttp://headfish.net/index.php
User-Agent:
HTTP GEThttp://meatlady.net/index.php
User-Agent:
HTTP GEThttp://sightfish.net/index.php
User-Agent:
HTTP GEThttp://meatpast.net/index.php
User-Agent:
HTTP GEThttp://cloudfish.net/index.php
User-Agent:
HTTP GEThttp://darkfish.net/index.php
User-Agent:
HTTP GEThttp://sickfish.net/index.php
User-Agent:
HTTP GEThttp://milklady.net/index.php
User-Agent:
HTTP GEThttp://triedlady.net/index.php
User-Agent:
HTTP GEThttp://milkfish.net/index.php
User-Agent:
HTTP GEThttp://withwing.net/index.php
User-Agent:
HTTP GEThttp://hillborn.net/index.php
User-Agent:
HTTP GEThttp://dutywing.net/index.php
User-Agent:
HTTP GEThttp://sicklady.net/index.php
User-Agent:
HTTP GEThttp://ablecroud.net/index.php
User-Agent:
HTTP GEThttp://moveprice.net/index.php
User-Agent:
HTTP GEThttp://meatfish.net/index.php
User-Agent:
HTTP GEThttp://lookraise.net/index.php
User-Agent:
HTTP GEThttp://darkwing.net/index.php
User-Agent:
HTTP GEThttp://cloudpast.net/index.php
User-Agent:
HTTP GEThttp://roomfood.net/index.php
User-Agent:
HTTP GEThttp://jumpneck.net/index.php
User-Agent:
HTTP GEThttp://drinkfood.net/index.php
User-Agent:
HTTP GEThttp://knowtoday.net/index.php
User-Agent:
HTTP GEThttp://knowseven.net/index.php
User-Agent:
HTTP GEThttp://jumpcloth.net/index.php
User-Agent:
HTTP GEThttp://songseven.net/index.php
User-Agent:
HTTP GEThttp://knowsome.net/index.php
User-Agent:
HTTP GEThttp://signtoday.net/index.php
User-Agent:
HTTP GEThttp://hillseven.net/index.php
User-Agent:
HTTP GEThttp://movetoday.net/index.php
User-Agent:
HTTP GEThttp://jumptoday.net/index.php
User-Agent:
HTTP GEThttp://feltseven.net/index.php
User-Agent:
HTTP GEThttp://threesome.net/index.php
User-Agent:
HTTP GEThttp://knowbody.net/index.php
User-Agent:
HTTP GEThttp://threeseven.net/index.php
User-Agent:
HTTP GEThttp://roomtell.net/index.php
User-Agent:
HTTP GEThttp://signtell.net/index.php
User-Agent:
HTTP GEThttp://hilldance.net/index.php
User-Agent:
HTTP GEThttp://ablebody.net/index.php
User-Agent:
HTTP GEThttp://threebody.net/index.php
User-Agent:
HTTP GEThttp://drinktell.net/index.php
User-Agent:
HTTP GEThttp://drinkbody.net/index.php
User-Agent:
HTTP GEThttp://jumpfeel.net/index.php
User-Agent:
HTTP GEThttp://jumphigh.net/index.php
User-Agent:
HTTP GEThttp://movehigh.net/index.php
User-Agent:
HTTP GEThttp://jumpcolor.net/index.php
User-Agent:
HTTP GEThttp://lookfeel.net/index.php
User-Agent:
HTTP GEThttp://felthigh.net/index.php
User-Agent:
HTTP GEThttp://threeonly.net/index.php
User-Agent:
HTTP GEThttp://lordonly.net/index.php
User-Agent:
HTTP GEThttp://knowname.net/index.php
User-Agent:
HTTP GEThttp://ableguide.net/index.php
User-Agent:
HTTP GEThttp://songname.net/index.php
User-Agent:
HTTP GEThttp://threehigh.net/index.php
User-Agent:
HTTP GEThttp://threecolor.net/index.php
User-Agent:
Flows TCP192.168.1.1:1032 ➝ 131.72.139.16:80
Flows TCP192.168.1.1:1032 ➝ 131.72.139.16:80
Flows TCP192.168.1.1:1033 ➝ 173.236.150.135:8080
Flows TCP192.168.1.1:1034 ➝ 185.106.120.168:80
Flows TCP192.168.1.1:1039 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1045 ➝ 184.168.221.104:80
Flows TCP192.168.1.1:1050 ➝ 95.143.172.148:80
Flows TCP192.168.1.1:1052 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1053 ➝ 72.52.4.90:80
Flows TCP192.168.1.1:1054 ➝ 94.76.205.132:80
Flows TCP192.168.1.1:1055 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1056 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1057 ➝ 173.236.166.37:80
Flows TCP192.168.1.1:1058 ➝ 192.64.119.29:80
Flows TCP192.168.1.1:1059 ➝ 72.52.4.91:80
Flows TCP192.168.1.1:1060 ➝ 84.49.232.107:80
Flows TCP192.168.1.1:1061 ➝ 199.34.228.59:80
Flows TCP192.168.1.1:1062 ➝ 46.30.211.213:80
Flows TCP192.168.1.1:1063 ➝ 184.168.221.96:80
Flows TCP192.168.1.1:1087 ➝ 184.168.221.45:80
Flows TCP192.168.1.1:1088 ➝ 211.5.66.82:80
Flows TCP192.168.1.1:1089 ➝ 195.22.28.199:80
Flows TCP192.168.1.1:1090 ➝ 184.168.221.62:80
Flows TCP192.168.1.1:1091 ➝ 74.96.70.52:80
Flows TCP192.168.1.1:1092 ➝ 97.74.144.212:80
Flows TCP192.168.1.1:1093 ➝ 192.254.233.58:80
Flows TCP192.168.1.1:1094 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1095 ➝ 72.229.50.66:80
Flows TCP192.168.1.1:1096 ➝ 36.3.112.226:80
Flows TCP192.168.1.1:1098 ➝ 184.168.221.42:80
Flows TCP192.168.1.1:1099 ➝ 195.22.26.248:80
Flows TCP192.168.1.1:1100 ➝ 157.7.107.124:80
Flows TCP192.168.1.1:1101 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1102 ➝ 184.168.221.45:80
Flows TCP192.168.1.1:1103 ➝ 185.103.173.2:80
Flows TCP192.168.1.1:1105 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1113 ➝ 207.96.1.77:80
Flows TCP192.168.1.1:1115 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1120 ➝ 203.170.80.252:80
Flows TCP192.168.1.1:1122 ➝ 195.22.28.197:80
Flows TCP192.168.1.1:1134 ➝ 213.145.228.16:80
Flows TCP192.168.1.1:1142 ➝ 198.64.249.65:80
Flows TCP192.168.1.1:1143 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1144 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1146 ➝ 66.6.44.4:80
Flows TCP192.168.1.1:1153 ➝ 27.124.118.252:80
Flows TCP192.168.1.1:1155 ➝ 158.181.48.33:80
Flows TCP192.168.1.1:1156 ➝ 184.168.221.25:80
Flows TCP192.168.1.1:1159 ➝ 184.168.221.52:80
Flows TCP192.168.1.1:1160 ➝ 184.168.221.18:80
Flows TCP192.168.1.1:1161 ➝ 195.22.28.198:80
Flows TCP192.168.1.1:1162 ➝ 72.52.4.119:80
Flows TCP192.168.1.1:1170 ➝ 208.73.211.195:80
Flows TCP192.168.1.1:1173 ➝ 122.114.108.153:80
Flows TCP192.168.1.1:1176 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1177 ➝ 184.168.221.31:80
Flows TCP192.168.1.1:1183 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1199 ➝ 66.238.232.70:80
Flows TCP192.168.1.1:1200 ➝ 66.96.149.1:80
Flows TCP192.168.1.1:1202 ➝ 208.91.197.27:80
Flows TCP192.168.1.1:1206 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1224 ➝ 213.186.33.5:80
Flows TCP192.168.1.1:1226 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1228 ➝ 52.0.217.44:80
Flows TCP192.168.1.1:1230 ➝ 184.168.152.56:80
Flows TCP192.168.1.1:1238 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1241 ➝ 208.100.26.234:80
Flows TCP192.168.1.1:1249 ➝ 8.5.1.16:80
Flows TCP192.168.1.1:1251 ➝ 64.71.40.23:80
Flows TCP192.168.1.1:1253 ➝ 50.63.202.74:80
Flows TCP192.168.1.1:1262 ➝ 195.22.28.197:80
Flows TCP192.168.1.1:1265 ➝ 162.244.253.17:80
Flows TCP192.168.1.1:1266 ➝ 175.28.4.6:80
Flows TCP192.168.1.1:1267 ➝ 93.89.17.170:80

Raw Pcap

Strings