Analysis Date2016-04-12 23:20:38
MD5ce6b729b09b6d9e21d1eb7c1c7e78ff8
SHA1ed54b0025b70c68832d6a03550a3e94271c1246e

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 066b297d1f49bcd19f7d2ce38d00d384 sha1: 32429b3934bf24a7b8211d34ec3b941f99a9b6ef size: 677376
Section.rdata md5: 1750983c525bf830fcb4adafa53b5209 sha1: a41766e84d439be0b2e5d0639c3224f520275b72 size: 232960
Section.data md5: 94dd24fb6dbe455394d17d852e4b8553 sha1: fde4332c89be390beff7e36e1148b5663a17f081 size: 5120
Section.reloc md5: b2864e052bfe305b51a421c76d587993 sha1: a35b4756a4795e7fc3dd123ebd62b17cc4617cba size: 90624
Timestamp2013-08-09 15:42:27
PackerMicrosoft Visual C++ ?.?
PEhashf8a07c39f638860cd85da7653867e9779002ba40
IMPhash8e6a856b25db356a2ee070bcc7ab7829
AVRisingNo Virus
AVCA (E-Trust Ino)Gen:Variant.Razy.13381
AVF-SecureGen:Variant.Razy.13381
AVDr. WebTrojan.DownLoader20.29716
AVClamAVNo Virus
AVArcabit (arcavir)Gen:Variant.Razy.13381
AVBullGuardGen:Variant.Razy.13381
AVVirusBlokAda (vba32)No Virus
AVCAT (quickheal)TrojanSpy.Nivdort.WR4
AVTrend MicroNo Virus
AVKasperskyTrojan.Win32.Swizzor.e
AVZillya!No Virus
AVEmsisoftGen:Variant.Razy.13381
AVIkarusTrojan.Win32.Bayrob
AVFrisk (f-prot)No Virus
AVAuthentiumNo Virus
AVMalwareBytesNo Virus
AVMicroWorld (escan)Gen:Variant.Razy.13381
AVMicrosoft Security EssentialsTrojanSpy:Win32/Nivdort.DU
AVK7Trojan ( 004da8bd1 )
AVBitDefenderGen:Variant.Razy.13381
AVFortinetW32/Bayrob.AQ!tr
AVSymantecTrojan.Bayrob!gen7
AVGrisoft (avg)No Virus
AVEset (nod32)Win32/Bayrob.BK
AVAlwil (avast)Win32:Malware-gen
AVAlwil (avast)Malware-gen
AVAd-AwareGen:Variant.Razy.13381
AVTwisterNo Virus
AVAvira (antivir)TR/Nivdort.dpmz
AVMcafeeTrojan-FHVQ!CE6B729B09B6

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\kvfjtctl5pikdltlct77tl.exe
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\tst
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\kvfjtctl5pikdltlct77tl.exe

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\kvfjtctl5pikdltlct77tl.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\Socket KtmRm Bluetooth Process WLAN ➝
C:\WINDOWS\system32\xndvjosqd.exe
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\lck
Creates FileC:\WINDOWS\system32\xndvjosqd.exe
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\tst
Creates ProcessC:\WINDOWS\system32\xndvjosqd.exe
Creates ServiceInteractive Collector Video - C:\WINDOWS\system32\xndvjosqd.exe

Process
↳ C:\WINDOWS\system32\svchost.exe

Creates File\Device\Afd\Endpoint

Process
↳ Pid 812

Process
↳ Pid 864

Process
↳ C:\WINDOWS\System32\svchost.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\WBEM\CIMOM\List of event-active namespaces ➝
NULL
Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\WBEM\Repository\$WinMgmt.CFG
Creates FileC:\WINDOWS\system32\WBEM\Logs\wbemess.log

Process
↳ Pid 1220

Process
↳ C:\WINDOWS\system32\spoolsv.exe

Process
↳ Pid 1180

Process
↳ C:\WINDOWS\system32\xndvjosqd.exe

RegistryHKEY_LOCAL_MACHINE\Software\Microsoft\Security Center\FirewallDisableNotify ➝
1
Creates FileC:\WINDOWS\TEMP\kvfjtczc0jbmdltl.exe
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\tst
Creates File\Device\Afd\AsyncConnectHlp
Creates FileWMIDataDevice
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\rng
Creates Filepipe\net\NtControlPipe10
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\lck
Creates FileC:\WINDOWS\system32\cllwdploxaf.exe
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\run
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\cfg
Creates File\Device\Afd\Endpoint
Creates ProcessC:\WINDOWS\TEMP\kvfjtczc0jbmdltl.exe -r 50643 tcp
Creates ProcessWATCHDOGPROC "c:\windows\system32\xndvjosqd.exe"

Process
↳ C:\WINDOWS\system32\xndvjosqd.exe

Creates FilePIPE\lsarpc
Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\tst

Process
↳ WATCHDOGPROC "c:\windows\system32\xndvjosqd.exe"

Creates FileC:\WINDOWS\system32\cfvvcopgzntdi\tst

Process
↳ C:\WINDOWS\TEMP\kvfjtczc0jbmdltl.exe -r 50643 tcp

Creates File\Device\Afd\Endpoint
Winsock DNS239.255.255.250

Network Details:

DNSriddenstorm.net
Type: A
66.147.240.171
DNSfeltfine.net
Type: A
195.22.28.198
DNSfeltfine.net
Type: A
195.22.28.199
DNSfeltfine.net
Type: A
195.22.28.196
DNSfeltfine.net
Type: A
195.22.28.197
DNSlookfine.ru
Type: A
37.140.192.67
DNSfeltelse.net
Type: A
195.22.28.197
DNSfeltelse.net
Type: A
195.22.28.198
DNSfeltelse.net
Type: A
195.22.28.199
DNSfeltelse.net
Type: A
195.22.28.196
DNSknowsleep.net
Type: A
208.91.197.27
DNShillheight.net
Type: A
149.255.62.48
DNSsongmine.net
Type: A
216.239.36.21
DNSsongmine.net
Type: A
216.239.38.21
DNSsongmine.net
Type: A
216.239.32.21
DNSsongmine.net
Type: A
216.239.34.21
DNSpicklive.net
Type: A
96.45.83.143
DNSpicklive.net
Type: A
96.45.82.72
DNSpicklive.net
Type: A
96.45.82.246
DNSpicklive.net
Type: A
96.45.83.60
DNSablehello.net
Type: A
195.22.28.197
DNSablehello.net
Type: A
195.22.28.198
DNSablehello.net
Type: A
195.22.28.199
DNSablehello.net
Type: A
195.22.28.196
DNSsignlive.net
Type: A
82.165.219.227
DNSkugxv.x.incapdns.net
Type: A
199.83.134.63
DNSmovemine.net
Type: A
184.168.221.54
DNSmovelive.net
Type: A
149.210.215.60
DNSjumpserve.net
Type: A
75.126.173.139
DNSmovelive.ru
Type: A
80.78.250.147
DNSsonglive.net
Type: A
116.255.191.8
DNSHDRedirect-LB-399551664.us-east-1.elb.amazonaws.com
Type: A
52.200.243.123
DNSHDRedirect-LB-399551664.us-east-1.elb.amazonaws.com
Type: A
54.152.144.243
DNSsignhouse.net
Type: A
192.185.138.66
DNSjumpgift.net
Type: A
121.78.122.192
DNSmovehouse.net
Type: A
185.17.174.100
DNSjumphouse.net
Type: A
184.168.221.54
DNSmovehouse.ru
Type: A
31.31.196.100
DNShillhouse.net
Type: A
199.59.243.120
DNSlookhouse.net
Type: A
114.32.109.72
DNSlookgift.net
Type: A
119.10.36.28
DNSlordhouse.net
Type: A
217.70.184.38
DNSthreepeace.net
Type: A
216.230.250.158
DNSablehome.net
Type: A
209.17.116.7
DNSpickover.ru
Type: A
104.27.169.70
DNSpickover.ru
Type: A
104.27.168.70
DNSroomhome.net
Type: A
213.171.195.105
DNSmovehome.net
Type: A
184.168.221.11
DNSmoveover.net
Type: A
207.148.248.143
DNShillhome.net
Type: A
207.148.248.143
DNSjumpgold.net
Type: A
195.22.28.196
DNSjumpgold.net
Type: A
195.22.28.197
DNSjumpgold.net
Type: A
195.22.28.198
DNSjumpgold.net
Type: A
195.22.28.199
DNShillgold.net
Type: A
98.124.204.16
DNSfelthome.ru
Type: A
37.140.192.33
DNSlookover.net
Type: A
69.172.201.208
DNSthreehome.net
Type: A
69.89.22.140
DNSlookhome.net
Type: A
210.134.165.6
DNSlordover.net
Type: A
208.113.186.207
DNSlordgold.net
Type: A
109.226.13.193
DNSsouthfirst.net
Type: A
183.3.222.181
DNSablehouse.net
Type: A
213.239.195.113
DNSknowpeace.net
Type: A
66.6.44.4
DNSgroupguess.net
Type: A
50.63.202.48
DNSknowhouse.net
Type: A
8.5.1.51
DNSpickhouse.net
Type: A
89.31.143.20
DNSfairkill.net
Type: A
195.22.28.198
DNSfairkill.net
Type: A
195.22.28.199
DNSfairkill.net
Type: A
195.22.28.196
DNSfairkill.net
Type: A
195.22.28.197
DNSsonghouse.net
Type: A
183.111.174.28
DNSpickgift.net
Type: A
195.22.28.198
DNSpickgift.net
Type: A
195.22.28.199
DNSpickgift.net
Type: A
195.22.28.196
DNSpickgift.net
Type: A
195.22.28.197
DNSdreamfirst.net
Type: A
31.220.16.214
DNSvisitearth.net
Type: A
5.10.105.45
DNSdreamearth.net
Type: A
208.113.216.222
DNSfairearth.net
Type: A
23.229.201.3
DNSthisearth.net
Type: A
50.63.202.45
DNSwatchearth.net
Type: A
81.169.145.70
DNSwifeabout.net
Type: A
DNSresultneedle.net
Type: A
DNSermintrudesymphony.net
Type: A
DNSlordofthepings.ru
Type: A
DNSjumpelse.net
Type: A
DNSmoveimportant.net
Type: A
DNSjumpimportant.ru
Type: A
DNShillfine.net
Type: A
DNSjumpimportant.net
Type: A
DNSwhomfine.net
Type: A
DNShillnice.net
Type: A
DNShillelse.ru
Type: A
DNSwhomnice.net
Type: A
DNShillelse.net
Type: A
DNShillimportant.net
Type: A
DNSwhomelse.net
Type: A
DNSwhomimportant.net
Type: A
DNSlookfine.net
Type: A
DNSfeltnice.net
Type: A
DNSlooknice.net
Type: A
DNSlookelse.net
Type: A
DNSfeltimportant.ru
Type: A
DNSlookimportant.net
Type: A
DNSfeltimportant.net
Type: A
DNSthreefine.net
Type: A
DNSlordfine.net
Type: A
DNSthreenice.net
Type: A
DNSlordnice.ru
Type: A
DNSlordnice.net
Type: A
DNSthreeelse.net
Type: A
DNSlordelse.net
Type: A
DNSlordimportant.net
Type: A
DNSthreeimportant.net
Type: A
DNSdrinkfine.ru
Type: A
DNSdrinkfine.net
Type: A
DNSdrinknice.net
Type: A
DNSwifefine.net
Type: A
DNSwifenice.net
Type: A
DNSdrinkelse.net
Type: A
DNSwifeelse.ru
Type: A
DNSwifeelse.net
Type: A
DNSdrinkimportant.net
Type: A
DNSwifeimportant.net
Type: A
DNSablesleep.net
Type: A
DNSknowheight.ru
Type: A
DNSknowheight.net
Type: A
DNSableheight.net
Type: A
DNSknowheld.net
Type: A
DNSknowrain.net
Type: A
DNSableheld.net
Type: A
DNSablerain.ru
Type: A
DNSpicksleep.net
Type: A
DNSablerain.net
Type: A
DNSsongsleep.net
Type: A
DNSpickheight.net
Type: A
DNSsongheight.net
Type: A
DNSpickheld.ru
Type: A
DNSpickheld.net
Type: A
DNSsongheld.net
Type: A
DNSsongrain.net
Type: A
DNSpickrain.net
Type: A
DNSroomsleep.net
Type: A
DNSsignsleep.ru
Type: A
DNSsignsleep.net
Type: A
DNSroomheight.net
Type: A
DNSsignheight.net
Type: A
DNSroomheld.net
Type: A
DNSroomrain.net
Type: A
DNSsignheld.net
Type: A
DNSroomrain.ru
Type: A
DNSsignrain.net
Type: A
DNSmovesleep.net
Type: A
DNSjumpsleep.net
Type: A
DNSjumpheight.ru
Type: A
DNSmoveheight.net
Type: A
DNSmoveheld.net
Type: A
DNSjumpheight.net
Type: A
DNSmoverain.net
Type: A
DNSjumprain.net
Type: A
DNShillsleep.net
Type: A
DNShillsleep.ru
Type: A
DNSjumpheld.net
Type: A
DNSwhomsleep.net
Type: A
DNSwhomheight.net
Type: A
DNShillheld.net
Type: A
DNShillrain.net
Type: A
DNSwhomheld.ru
Type: A
DNSwhomheld.net
Type: A
DNSwhomrain.net
Type: A
DNSlooksleep.net
Type: A
DNSfeltsleep.net
Type: A
DNSfeltheight.ru
Type: A
DNSfeltheight.net
Type: A
DNSfeltheld.net
Type: A
DNSlookheight.net
Type: A
DNSlookheld.net
Type: A
DNSfeltrain.net
Type: A
DNSlookrain.ru
Type: A
DNSlookrain.net
Type: A
DNSthreeheight.net
Type: A
DNSlordheight.net
Type: A
DNSthreeheld.ru
Type: A
DNSthreeheld.net
Type: A
DNSlordheld.net
Type: A
DNSthreerain.net
Type: A
DNSlordrain.net
Type: A
DNSdrinksleep.net
Type: A
DNSwifesleep.ru
Type: A
DNSdrinkheight.net
Type: A
DNSwifeheld.net
Type: A
DNSdrinkrain.ru
Type: A
DNSdrinkrain.net
Type: A
DNSwiferain.net
Type: A
DNSknowhello.net
Type: A
DNSknowmine.net
Type: A
DNSablemine.ru
Type: A
DNSablemine.net
Type: A
DNSknowlive.net
Type: A
DNSablelive.net
Type: A
DNSknowserve.net
Type: A
DNSpickmine.net
Type: A
DNSsonglive.ru
Type: A
DNSpickserve.net
Type: A
DNSsongserve.net
Type: A
DNSroomhello.net
Type: A
DNSsignhello.net
Type: A
DNSroommine.ru
Type: A
DNSroommine.net
Type: A
DNSsignmine.net
Type: A
DNSroomlive.net
Type: A
DNSroomserve.net
Type: A
DNSsignserve.ru
Type: A
DNSsignserve.net
Type: A
DNSmovehello.net
Type: A
DNSjumphello.net
Type: A
DNSjumpmine.net
Type: A
DNSdrinkheld.net
Type: A
DNSjumplive.net
Type: A
DNSmoveserve.net
Type: A
DNSsonghello.net
Type: A
DNShillhello.net
Type: A
DNSwhomhello.ru
Type: A
DNSwhomhello.net
Type: A
DNShillmine.net
Type: A
DNSwhommine.net
Type: A
DNShilllive.net
Type: A
DNSwhomlive.net
Type: A
DNShillserve.ru
Type: A
DNShillserve.net
Type: A
DNSwhomserve.net
Type: A
DNSfelthello.net
Type: A
DNSlookhello.net
Type: A
DNSfeltmine.net
Type: A
DNSlookmine.ru
Type: A
DNSlookmine.net
Type: A
DNSfeltlive.net
Type: A
DNSlooklive.net
Type: A
DNSfeltserve.net
Type: A
DNSlookserve.net
Type: A
DNSthreehello.ru
Type: A
DNSthreehello.net
Type: A
DNSthreelive.net
Type: A
DNSlordmine.net
Type: A
DNSlordlive.ru
Type: A
DNSlordlive.net
Type: A
DNSthreeserve.net
Type: A
DNSlordserve.net
Type: A
DNSdrinkhello.net
Type: A
DNSwifehello.net
Type: A
DNSdrinkmine.ru
Type: A
DNSdrinkmine.net
Type: A
DNSwifemine.net
Type: A
DNSdrinklive.net
Type: A
DNSpickpeace.net
Type: A
DNSsongpeace.net
Type: A
DNSroomhouse.net
Type: A
DNSroomgift.net
Type: A
DNSsigngift.ru
Type: A
DNSsigngift.net
Type: A
DNSroomtuesday.net
Type: A
DNSsigntuesday.net
Type: A
DNSroompeace.net
Type: A
DNSsignpeace.net
Type: A
DNSmovegift.net
Type: A
DNSmovetuesday.net
Type: A
DNSjumptuesday.ru
Type: A
DNSjumptuesday.net
Type: A
DNSmovepeace.net
Type: A
DNSjumppeace.net
Type: A
DNSwhomhouse.net
Type: A
DNShillgift.ru
Type: A
DNShillgift.net
Type: A
DNSwhomgift.net
Type: A
DNShilltuesday.net
Type: A
DNSwhomtuesday.net
Type: A
DNShillpeace.net
Type: A
DNSwhompeace.ru
Type: A
DNSwhompeace.net
Type: A
DNSfelthouse.net
Type: A
DNSfeltgift.net
Type: A
DNSfelttuesday.ru
Type: A
DNSfelttuesday.net
Type: A
DNSlooktuesday.net
Type: A
DNSfeltpeace.net
Type: A
DNSlookpeace.net
Type: A
DNSthreehouse.net
Type: A
DNSlordhouse.ru
Type: A
DNSthreegift.net
Type: A
DNSlordgift.net
Type: A
DNSthreetuesday.net
Type: A
DNSlordtuesday.net
Type: A
DNSthreepeace.ru
Type: A
DNSlordpeace.net
Type: A
DNSdrinkhouse.net
Type: A
DNSwifehouse.net
Type: A
DNSdrinkgift.net
Type: A
DNSwifegift.ru
Type: A
DNSwifegift.net
Type: A
DNSdrinktuesday.net
Type: A
DNSwifetuesday.net
Type: A
DNSdrinkpeace.net
Type: A
DNSwifepeace.net
Type: A
DNSknowhome.ru
Type: A
DNSknowhome.net
Type: A
DNSknowover.net
Type: A
DNSableover.net
Type: A
DNSknowgrain.net
Type: A
DNSablegrain.ru
Type: A
DNSablegrain.net
Type: A
DNSknowgold.net
Type: A
DNSablegold.net
Type: A
DNSpickhome.net
Type: A
DNSsonghome.net
Type: A
DNSpickover.net
Type: A
DNSsongover.net
Type: A
DNSpickgrain.net
Type: A
DNSsonggrain.net
Type: A
DNSpickgold.net
Type: A
DNSsonggold.ru
Type: A
DNSthreesleep.net
Type: A
DNSsonggold.net
Type: A
DNSsignhome.net
Type: A
DNSroomover.net
Type: A
DNSlordsleep.net
Type: A
DNSsignover.net
Type: A
DNSroomgrain.ru
Type: A
DNSroomgrain.net
Type: A
DNSsigngrain.net
Type: A
DNSroomgold.net
Type: A
DNSsigngold.net
Type: A
DNSjumphome.ru
Type: A
DNSjumphome.net
Type: A
DNSjumpover.net
Type: A
DNSmovegrain.net
Type: A
DNSjumpgrain.net
Type: A
DNSwifesleep.net
Type: A
DNSmovegold.ru
Type: A
DNSmovegold.net
Type: A
DNSwifeheight.net
Type: A
DNSableserve.net
Type: A
DNSpickhello.ru
Type: A
DNSpickhello.net
Type: A
DNSwhomhome.net
Type: A
DNShillover.net
Type: A
DNSwhomover.ru
Type: A
DNSwhomover.net
Type: A
DNShillgrain.net
Type: A
DNSwhomgrain.net
Type: A
DNSwhomgold.net
Type: A
DNSfelthome.net
Type: A
DNSlookgrain.net
Type: A
DNSfeltgold.net
Type: A
DNSlookgold.net
Type: A
DNSfeltover.net
Type: A
DNSfeltgrain.net
Type: A
DNSlordhome.net
Type: A
DNSthreeover.ru
Type: A
DNSlookgrain.ru
Type: A
DNSthreeover.net
Type: A
DNSlordgrain.net
Type: A
DNSlordhello.net
Type: A
DNSthreegold.net
Type: A
DNSlordgold.ru
Type: A
DNSthreegrain.net
Type: A
DNSdrinkhome.net
Type: A
DNSwifehome.net
Type: A
DNSdrinkover.net
Type: A
DNSwifeover.net
Type: A
DNSdrinkgrain.ru
Type: A
DNSdrinkgrain.net
Type: A
DNSwifegrain.net
Type: A
DNSdrinkgold.net
Type: A
DNSwifegold.net
Type: A
DNSarivestood.net
Type: A
DNSsouthstood.ru
Type: A
DNSsouthstood.net
Type: A
DNSthreemine.net
Type: A
DNSarivekill.net
Type: A
DNSsouthkill.net
Type: A
DNSarivefirst.net
Type: A
DNSariveguess.ru
Type: A
DNSariveguess.net
Type: A
DNSsouthguess.net
Type: A
DNSuponstood.net
Type: A
DNSwhichstood.net
Type: A
DNSuponkill.net
Type: A
DNSwifelive.net
Type: A
DNSwhichkill.ru
Type: A
DNSwhichkill.net
Type: A
DNSuponfirst.net
Type: A
DNSwhichfirst.net
Type: A
DNSuponguess.net
Type: A
DNSdrinkserve.net
Type: A
DNSwhichguess.net
Type: A
DNSspotstood.ru
Type: A
DNSwifeserve.ru
Type: A
DNSspotstood.net
Type: A
DNSsaltstood.net
Type: A
DNSspotkill.net
Type: A
DNSsaltkill.net
Type: A
DNSspotfirst.net
Type: A
DNSsaltfirst.ru
Type: A
DNSwifeserve.net
Type: A
DNSsaltfirst.net
Type: A
DNSspotguess.net
Type: A
DNSsaltguess.net
Type: A
DNSgladstood.net
Type: A
DNStakenstood.net
Type: A
DNSgladkill.ru
Type: A
DNSgladkill.net
Type: A
DNStakenkill.net
Type: A
DNSgladfirst.net
Type: A
DNStakenfirst.net
Type: A
DNSgladguess.net
Type: A
DNSknowgift.net
Type: A
DNStakenguess.ru
Type: A
DNSablegift.net
Type: A
DNStakenguess.net
Type: A
DNSequalstood.net
Type: A
DNSknowtuesday.ru
Type: A
DNSgroupstood.net
Type: A
DNSknowtuesday.net
Type: A
DNSequalkill.net
Type: A
DNSabletuesday.net
Type: A
DNSgroupkill.net
Type: A
DNSequalfirst.ru
Type: A
DNSequalfirst.net
Type: A
DNSgroupfirst.net
Type: A
DNSequalguess.net
Type: A
DNSablepeace.net
Type: A
DNSspokestood.net
Type: A
DNSvisitstood.ru
Type: A
DNSvisitstood.net
Type: A
DNSspokekill.net
Type: A
DNSsonghouse.ru
Type: A
DNSvisitkill.net
Type: A
DNSspokefirst.net
Type: A
DNSvisitfirst.net
Type: A
DNSspokeguess.ru
Type: A
DNSspokeguess.net
Type: A
DNSvisitguess.net
Type: A
DNSwatchstood.net
Type: A
DNSfairstood.net
Type: A
DNSwatchkill.net
Type: A
DNSfairkill.ru
Type: A
DNSwatchfirst.net
Type: A
DNSfairfirst.net
Type: A
DNSwatchguess.net
Type: A
DNSfairguess.net
Type: A
DNSdreamstood.ru
Type: A
DNSdreamstood.net
Type: A
DNSsonggift.net
Type: A
DNSthisstood.net
Type: A
DNSdreamkill.net
Type: A
DNSpicktuesday.net
Type: A
DNSthiskill.net
Type: A
DNSpickpeace.ru
Type: A
DNSthisfirst.ru
Type: A
DNSsongtuesday.net
Type: A
DNSthisfirst.net
Type: A
DNSdreamguess.net
Type: A
DNSthisguess.net
Type: A
DNSarivetaste.net
Type: A
DNSsouthtaste.net
Type: A
DNSariveearth.ru
Type: A
DNSariveearth.net
Type: A
DNSsouthearth.net
Type: A
DNSariveallow.net
Type: A
DNSsouthallow.net
Type: A
DNSarivegives.net
Type: A
DNSsouthgives.ru
Type: A
DNSsouthgives.net
Type: A
DNSupontaste.net
Type: A
DNSwhichtaste.net
Type: A
DNSuponearth.net
Type: A
DNSwhichearth.net
Type: A
DNSuponallow.ru
Type: A
DNSuponallow.net
Type: A
DNSwhichallow.net
Type: A
DNSupongives.net
Type: A
DNSwhichgives.net
Type: A
DNSspottaste.net
Type: A
DNSsalttaste.ru
Type: A
DNSsalttaste.net
Type: A
DNSspotearth.net
Type: A
DNSsaltearth.net
Type: A
DNSspotallow.net
Type: A
DNSsaltallow.net
Type: A
DNSspotgives.ru
Type: A
DNSspotgives.net
Type: A
DNSgladtaste.net
Type: A
DNStakentaste.net
Type: A
DNSgladearth.net
Type: A
DNStakenearth.ru
Type: A
DNSgladallow.net
Type: A
DNStakenallow.net
Type: A
DNSgladgives.net
Type: A
DNSsaltgives.net
Type: A
DNStakengives.net
Type: A
DNSequaltaste.ru
Type: A
DNSequaltaste.net
Type: A
DNSgrouptaste.net
Type: A
DNSequalearth.net
Type: A
DNStakenearth.net
Type: A
DNSgroupearth.net
Type: A
DNSequalallow.net
Type: A
DNSgroupallow.ru
Type: A
DNSgroupallow.net
Type: A
DNSequalgives.net
Type: A
DNSgroupgives.net
Type: A
DNSspoketaste.net
Type: A
DNSspokeearth.ru
Type: A
DNSspokeearth.net
Type: A
DNSspokeallow.net
Type: A
DNSvisitallow.net
Type: A
DNSspokegives.net
Type: A
DNSvisitgives.ru
Type: A
DNSvisitgives.net
Type: A
DNSvisittaste.net
Type: A
DNSwatchtaste.net
Type: A
DNSfairtaste.net
Type: A
DNSfairallow.net
Type: A
DNSwatchgives.net
Type: A
DNSfairgives.net
Type: A
DNSdreamtaste.net
Type: A
DNSthistaste.ru
Type: A
DNSthistaste.net
Type: A
DNSwatchallow.net
Type: A
DNSdreamallow.net
Type: A
DNSwatchallow.ru
Type: A
DNSthisallow.net
Type: A
DNSdreamgives.ru
Type: A
DNSdreamgives.net
Type: A
DNSthisgives.net
Type: A
DNSariveweight.net
Type: A
DNSsouthweight.net
Type: A
DNSsouthtook.net
Type: A
DNSsouthcome.net
Type: A
DNSsouthnerve.net
Type: A
DNSuponweight.net
Type: A
DNSwhichweight.net
Type: A
DNSarivetook.net
Type: A
DNSwhichtook.net
Type: A
DNSsouthtook.ru
Type: A
DNSuponcome.net
Type: A
DNSwhichcome.ru
Type: A
DNSwhichcome.net
Type: A
HTTP GEThttp://131.72.139.16/index.php
User-Agent:
HTTP GEThttp://173.236.150.135:8080/index.php
User-Agent:
HTTP GEThttp://185.106.120.168/index.php
User-Agent:
HTTP GEThttp://riddenstorm.net/index.php
User-Agent:
HTTP GEThttp://feltfine.net/index.php
User-Agent:
HTTP GEThttp://lookfine.ru/index.php
User-Agent:
HTTP GEThttp://feltelse.net/index.php
User-Agent:
HTTP GEThttp://knowsleep.net/index.php
User-Agent:
HTTP GEThttp://hillheight.net/index.php
User-Agent:
HTTP GEThttp://songmine.net/index.php
User-Agent:
HTTP GEThttp://picklive.net/index.php
User-Agent:
HTTP GEThttp://ablehello.net/index.php
User-Agent:
HTTP GEThttp://knowlive.net/index.php
User-Agent:
HTTP GEThttp://signlive.net/index.php
User-Agent:
HTTP GEThttp://movemine.net/index.php
User-Agent:
HTTP GEThttp://movelive.net/index.php
User-Agent:
HTTP GEThttp://jumpserve.net/index.php
User-Agent:
HTTP GEThttp://movelive.ru/index.php
User-Agent:
HTTP GEThttp://songlive.net/index.php
User-Agent:
HTTP GEThttp://looklive.net/index.php
User-Agent:
HTTP GEThttp://signhouse.net/index.php
User-Agent:
HTTP GEThttp://jumpgift.net/index.php
User-Agent:
HTTP GEThttp://movehouse.net/index.php
User-Agent:
HTTP GEThttp://jumphouse.net/index.php
User-Agent:
HTTP GEThttp://movehouse.ru/index.php
User-Agent:
HTTP GEThttp://hillhouse.net/index.php
User-Agent:
HTTP GEThttp://lookhouse.net/index.php
User-Agent:
HTTP GEThttp://lookgift.net/index.php
User-Agent:
HTTP GEThttp://lordhouse.net/index.php
User-Agent:
HTTP GEThttp://threepeace.net/index.php
User-Agent:
HTTP GEThttp://ablehome.net/index.php
User-Agent:
HTTP GEThttp://pickover.ru/index.php
User-Agent:
HTTP GEThttp://roomhome.net/index.php
User-Agent:
HTTP GEThttp://movehome.net/index.php
User-Agent:
HTTP GEThttp://moveover.net/index.php
User-Agent:
HTTP GEThttp://hillhome.net/index.php
User-Agent:
HTTP GEThttp://jumpgold.net/index.php
User-Agent:
HTTP GEThttp://hillgold.net/index.php
User-Agent:
HTTP GEThttp://felthome.ru/index.php
User-Agent:
HTTP GEThttp://threehome.net/index.php
User-Agent:
HTTP GEThttp://lookover.net/index.php
User-Agent:
HTTP GEThttp://lookhome.net/index.php
User-Agent:
HTTP GEThttp://lordgold.net/index.php
User-Agent:
HTTP GEThttp://lordover.net/index.php
User-Agent:
HTTP GEThttp://southfirst.net/index.php
User-Agent:
HTTP GEThttp://ablehouse.net/index.php
User-Agent:
HTTP GEThttp://knowpeace.net/index.php
User-Agent:
HTTP GEThttp://groupguess.net/index.php
User-Agent:
HTTP GEThttp://knowhouse.net/index.php
User-Agent:
HTTP GEThttp://pickhouse.net/index.php
User-Agent:
HTTP GEThttp://fairkill.net/index.php
User-Agent:
HTTP GEThttp://songhouse.net/index.php
User-Agent:
HTTP GEThttp://dreamfirst.net/index.php
User-Agent:
HTTP GEThttp://pickgift.net/index.php
User-Agent:
HTTP GEThttp://visitearth.net/index.php
User-Agent:
HTTP GEThttp://dreamearth.net/index.php
User-Agent:
HTTP GEThttp://thisearth.net/index.php
User-Agent:
HTTP GEThttp://fairearth.net/index.php
User-Agent:
HTTP GEThttp://watchearth.net/index.php
User-Agent:
Flows TCP192.168.1.1:1036 ➝ 131.72.139.16:80
Flows TCP192.168.1.1:1037 ➝ 173.236.150.135:8080
Flows TCP192.168.1.1:1038 ➝ 185.106.120.168:80
Flows TCP192.168.1.1:1040 ➝ 66.147.240.171:80
Flows TCP192.168.1.1:1055 ➝ 104.174.123.66:443
Flows TCP192.168.1.1:1048 ➝ 37.140.192.67:80
Flows TCP192.168.1.1:1049 ➝ 195.22.28.198:80
Flows TCP192.168.1.1:1050 ➝ 195.22.28.197:80
Flows TCP192.168.1.1:1051 ➝ 208.91.197.27:80
Flows TCP192.168.1.1:1054 ➝ 149.255.62.48:80
Flows TCP192.168.1.1:1055 ➝ 216.239.36.21:80
Flows TCP192.168.1.1:1056 ➝ 96.45.83.143:80
Flows TCP192.168.1.1:1058 ➝ 195.22.28.197:80
Flows TCP192.168.1.1:1060 ➝ 82.165.219.227:80
Flows TCP192.168.1.1:1061 ➝ 199.83.134.63:80
Flows TCP192.168.1.1:1062 ➝ 184.168.221.54:80
Flows TCP192.168.1.1:1063 ➝ 149.210.215.60:80
Flows TCP192.168.1.1:1064 ➝ 75.126.173.139:80
Flows TCP192.168.1.1:1065 ➝ 80.78.250.147:80
Flows TCP192.168.1.1:1066 ➝ 116.255.191.8:80
Flows TCP192.168.1.1:1067 ➝ 52.200.243.123:80
Flows TCP192.168.1.1:1068 ➝ 192.185.138.66:80
Flows TCP192.168.1.1:1069 ➝ 121.78.122.192:80
Flows TCP192.168.1.1:1070 ➝ 185.17.174.100:80
Flows TCP192.168.1.1:1071 ➝ 184.168.221.54:80
Flows TCP192.168.1.1:1072 ➝ 31.31.196.100:80
Flows TCP192.168.1.1:1073 ➝ 199.59.243.120:80
Flows TCP192.168.1.1:1074 ➝ 114.32.109.72:80
Flows TCP192.168.1.1:1075 ➝ 217.70.184.38:80
Flows TCP192.168.1.1:1076 ➝ 119.10.36.28:80
Flows TCP192.168.1.1:1077 ➝ 216.230.250.158:80
Flows TCP192.168.1.1:1078 ➝ 209.17.116.7:80
Flows TCP192.168.1.1:1080 ➝ 104.27.169.70:80
Flows TCP192.168.1.1:1082 ➝ 213.171.195.105:80
Flows TCP192.168.1.1:1085 ➝ 184.168.221.11:80
Flows TCP192.168.1.1:1089 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1090 ➝ 207.148.248.143:80
Flows TCP192.168.1.1:1091 ➝ 195.22.28.196:80
Flows TCP192.168.1.1:1092 ➝ 98.124.204.16:80
Flows TCP192.168.1.1:1095 ➝ 37.140.192.33:80
Flows TCP192.168.1.1:1098 ➝ 69.89.22.140:80
Flows TCP192.168.1.1:1099 ➝ 69.172.201.208:80
Flows TCP192.168.1.1:1103 ➝ 210.134.165.6:80
Flows TCP192.168.1.1:1104 ➝ 208.113.186.207:80
Flows TCP192.168.1.1:1105 ➝ 109.226.13.193:80
Flows TCP192.168.1.1:1111 ➝ 183.3.222.181:80
Flows TCP192.168.1.1:1120 ➝ 213.239.195.113:80
Flows TCP192.168.1.1:1123 ➝ 66.6.44.4:80
Flows TCP192.168.1.1:1124 ➝ 50.63.202.48:80
Flows TCP192.168.1.1:1127 ➝ 8.5.1.51:80
Flows TCP192.168.1.1:1133 ➝ 89.31.143.20:80
Flows TCP192.168.1.1:1134 ➝ 195.22.28.198:80
Flows TCP192.168.1.1:1135 ➝ 31.220.16.214:80
Flows TCP192.168.1.1:1136 ➝ 183.111.174.28:80
Flows TCP192.168.1.1:1137 ➝ 195.22.28.198:80
Flows TCP192.168.1.1:1143 ➝ 5.10.105.45:80
Flows TCP192.168.1.1:1146 ➝ 208.113.216.222:80
Flows TCP192.168.1.1:1147 ➝ 50.63.202.45:80
Flows TCP192.168.1.1:1148 ➝ 23.229.201.3:80
Flows TCP192.168.1.1:1151 ➝ 81.169.145.70:80

Raw Pcap

Strings