Trojan.NSIS.Androm.3_dc7fd4f3cf

by malwarelabrobot on December 7th, 2016 in Malware Descriptions.

Trojan.NSIS.Androm.3 (AdAware), Trojan.NSIS.StartPage.FD (Lavasoft MAS)
Behaviour: Trojan

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: dc7fd4f3cfe333cb005ce5639899f0bf
SHA1: e26aef6eebcb8dbc31224ad3ccec26ac181d1867
SHA256: 232b8da0f5f83f6d1e933fa2fadf6af8f00873ee4c55c8f4df07b93120f14f53
SSDeep: 24576:bTSRVTsof9WbtPZuz y3 w7EH2pJ3rFUgz6CI:PgVTx9WbtPZpi AEoygz6CI
Size: 789566 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: Windows7 SP1 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):
No processes have been created.
The Trojan injects its code into the following process(es):

lte.exe:3632

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

No files have been created.

Registry activity

Dropped PE files

MD5	File path
93417340dabe04e8bd8fafdc34d21377	c:\Program Files\Kirton\lte.exe
b55a422f81b798459f38d95346e2e6ef	c:\Program Files\Mozilla Firefox\firefox334.exe
c8ff52bfddc6898c202c08c4a61a3d22	c:\Program Files\Pair\Microsoft.Win32.TaskScheduler.dll
592e0fe4cde9902fc520af6ea67ac903	c:\Program Files\Pair\lte.exe
52dbda97fd2fb02ed5168971a4b907b3	c:\Program Files\Pair\settings.dll
d562d827f218110a24d4d23c7b8b6af5	c:\Program Files\asked\undiscounted.exe
20ecdf461c177e6d951c68247fb76708	c:\Users\"%CurrentUserName%"\AppData\Local\108502.exe
8749f1c8fc54d4462dd3aca5d3df367a	c:\Users\"%CurrentUserName%"\AppData\Local\13455.exe
a08515c2b5eb4f817676b5b9906d4b8f	c:\Users\"%CurrentUserName%"\AppData\Local\40097.exe
b63fdb3f8bb5dfd5e9cd40dca879c2b8	c:\Users\"%CurrentUserName%"\AppData\Local\58543.exe
34b704ab9563fbfb5ac2a7cc6624dcb3	c:\Users\"%CurrentUserName%"\AppData\Local\83157.exe
b9380b0bea8854fd9f93cc1fda0dfeac	c:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscD44F.tmp\ExecCmd.dll
93417340dabe04e8bd8fafdc34d21377	c:\Windows\undefined.exe

HOSTS file anomalies

The Trojan modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 1053 bytes in size. The following strings are added to the hosts file listed below:

127.0.0.1	validation.sls.microsoft.com
162.222.193.86	aoaomo.tremorhub.com
162.222.193.86	www.howcast.com
162.222.193.86	howcast.com
192.192.3.8	www.virustotal.com
192.192.3.8	virustotal.com

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	23628	24064	4.46394	856b32eb77dfd6fb67f21d6543272da5
.rdata	28672	4764	5120	3.4982	dc77f8a1e6985a4361c55642680ddb4f
.data	36864	154712	1024	3.3278	7922d4ce117d7d5b3ac2cffe4b0b5e4f
.ndata	192512	61440	0	0	d41d8cd98f00b204e9800998ecf8427e
.rsrc	253952	2536	2560	3.13983	5b5a2d9d119a78aca9bef9d54b647674

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 519
87af60575e95350381303447cd2e0d96
c9c0ecad3c7691c9fb77d3e12dca89ba
eb908e35f01c51fd6c3145626da78202
739e7f76fb545c28ae4ce1d85e176484
d00d8a9daa2e2b19d952b1b10037467c
6e2c047259d3bc583dc140202340af7e
75182bfb4dd3d1ad7e0ef5e40b70550f
2a4240cfb6b249da0c5dcff5abf3a292
a746426f5bd2a7f239e0e1bc7529897d
0f2fa5e5c2ce26f0b744d19eff724c25
723325cfdc20c18e1ca96e88c9cca948
5cc9fd6672be1ca9538237031c1382c0
f1b56fd3f82b6a0668d00b9f0d6e991f
7f4ee0d326b67cc3e4a3fec3a25dfe3c
293bbf92195165383b202fa6cd4a2ba6
b33ccbf60d223d0df5c7b0c8b376386a
5c7aaa94fa1bbced13b76e9523bde956
da7eaa6230f54eb9da8f6986b5e53c89
0f5b04d97f3e3dc672c37106fbff0b45
9b0f84c736f2651c17fa4592c98ca6f0
10cdbd65f189a3a3a25eec73396c07d1
3642ef122aa6382d10aaf85824e1d78b
ca68f7598e334d1805d20eb245bebded
4684fab20680d9d8b202a59b822e633a
57f41da1ea05d30f6707060f00876d07

URLs

URL	IP
hxxp://d232tmx7gh8bfo.cloudfront.net/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154
hxxp://d232tmx7gh8bfo.cloudfront.net/jquery.min.js
hxxp://d232tmx7gh8bfo.cloudfront.net/amg.php
hxxp://c.statcounter.com/10114910/0/757d7213/1/	104.20.3.47
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://aoaomo.tremorhub.com/wp-content/themes/howcast/images/icons/love.png
hxxp://8c715ae47b.site.internapcdn.net/page-4.html?lid=937115
hxxp://aoaomo.tremorhub.com/itd.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j47&a=1859802888&t=pageview&_s=1&dl=http://www.commonsensicalmoderated.pw/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154&ul=en-us&de=utf-8&dt=home&sd=24-bit&sr=1276x846&vp=679x392&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1076447804&cid=931079109.1481019585&tid=UA-74694740-5&_r=1&z=1545378189
hxxp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png	67.202.94.93
hxxp://vi.govids.net/report3.php	109.201.148.40
hxxp://ww.commonsensicalmoderated.pw/a.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154&rnd=1481019585000	162.222.193.17
hxxp://govids.net/1.js	162.222.194.11
hxxp://govids.net/jwplayer1.js	162.222.194.11
hxxp://aoaomo.tremorhub.com/o.php
hxxp://widgets.amung.us/draw/?w=colored&n=1299&c=000000ffffff&p=	50.23.131.235
hxxp://vi.govids.net/bck.php?1481019586000	109.201.148.40
hxxp://8c715ae47b.site.internapcdn.net/page-4.htm?lid=937115
hxxp://www.statcounter.com.cdnga.net/counter/counter.js	174.35.61.213
hxxp://govids.net/player1.swf	162.222.194.11
hxxp://c.statcounter.com/t.php?sc_project=10675947&java=1&security=299981d6&u1=B72868160DD54F24488A158617CC8C84&sc_random=0.8780735333600617&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=http://www.govids.net/page-4.html?lid=937115&u=http://www.govids.net/page-4.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1	104.20.3.47
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j47&a=926932721&t=pageview&_s=1&dl=http://www.govids.net/page-4.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1276x846&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1133922811&cid=1153493406.1481019588&tid=UA-74694740-2&_r=1&z=2010394032
hxxp://8c715ae47b.site.internapcdn.net/css1.css
hxxp://8c715ae47b.site.internapcdn.net/img/logo.png
hxxp://8c715ae47b.site.internapcdn.net/img/lbg.png
hxxp://cs28.wpc.thetacdn.net/5/10/logo.png
hxxp://govids.net/ova-jw.swf	162.222.194.11
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/crossdomain.xml
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Home videos, Funny Videos - 4&mediaDesc=Home videos, Funny Videos - 4&mediaId=2&mediaUrl=hxxp://www.govids.net/4.html&srcPageUrl=hxxp://www.govids.net/4.html&contentLength=300&LR_FORMAT=application/x-shockwave-flash
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/crossdomain.xml
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=thetradedesk,audiencescience,mediamath,TubeMogul-GP,tremornet,Videology,dynadmic,adapTV,eyeview,Pulsepoint,SundaySky,TapAd,1,_dmp_turbine,Bidswitch,rocketfuel,dataxu,BidTheatre,google,videoamp,conversant,appnexus,adgear,beeswax,centro&uid=b15b7484a37d4a1abe3149b882b87266&init=true
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=google,conversant,TubeMogul-GP,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=conversant,TubeMogul-GP,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=TubeMogul-GP,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://dyhd7e8p4cqed.cloudfront.net/crossdomain.xml
hxxp://dyhd7e8p4cqed.cloudfront.net/static/noad.xml
hxxp://vi.govids.net/crossdomain.xml	109.201.148.40
hxxp://vi.govids.net/v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hxxp://www.govids.net/4.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Home videos, Funny Videos - 4&LR_FORMAT=application/x-shockwave-flash	109.201.148.40
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/ad/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Home videos, Funny Videos - 4&mediaDesc=Watch Home videos, Funny Videos - 4&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hxxp://www.govids.net/4.html&contentLength=[CONTENT_LENGTH]
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=rocketfuel,dataxu,BidTheatre,TapAd,beeswax,google,Bidswitch,adapTV,Pulsepoint,adgear,dynadmic,mediamath,conversant,audiencescience,_dmp_turbine,appnexus,ignitionone,tremornet,centro,thetradedesk,videoamp,Videology,1,eyeview,TubeMogul-GP&uid=b15b7484a37d4a1abe3149b882b87266&init=true
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266
hxxp://thumb.none1366649718.netdna-cdn.com/crossdomain.xml
hxxp://thumb.none1366649718.netdna-cdn.com/abcd.mp4
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.google-analytics.com/r/collect?v=1&_v=j47&a=926932721&t=pageview&_s=1&dl=http://www.govids.net/page-4.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1276x846&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1133922811&cid=1153493406.1481019588&tid=UA-74694740-2&_r=1&z=2010394032	173.194.32.128
hxxp://xlf5t.ads.tremorhub.com/ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Home videos, Funny Videos - 4&mediaDesc=Home videos, Funny Videos - 4&mediaId=2&mediaUrl=hxxp://www.govids.net/4.html&srcPageUrl=hxxp://www.govids.net/4.html&contentLength=300&LR_FORMAT=application/x-shockwave-flash	52.203.229.152
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.commonsensicalmoderated.pw/jquery.min.js	52.222.174.193
hxxp://www.govids.net/img/lbg.png	69.88.149.142
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.google-analytics.com/analytics.js	173.194.32.128
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://we1sb-wwcgk.ads.tremorhub.com/ad/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Home videos, Funny Videos - 4&mediaDesc=Watch Home videos, Funny Videos - 4&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hxxp://www.govids.net/4.html&contentLength=[CONTENT_LENGTH]	52.206.147.54
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=rocketfuel,dataxu,BidTheatre,TapAd,beeswax,google,Bidswitch,adapTV,Pulsepoint,adgear,dynadmic,mediamath,conversant,audiencescience,_dmp_turbine,appnexus,ignitionone,tremornet,centro,thetradedesk,videoamp,Videology,1,eyeview,TubeMogul-GP&uid=b15b7484a37d4a1abe3149b882b87266&init=true	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/crossdomain.xml	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.statcounter.com/counter/counter.js	174.35.61.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.google-analytics.com/r/collect?v=1&_v=j47&a=1859802888&t=pageview&_s=1&dl=http://www.commonsensicalmoderated.pw/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154&ul=en-us&de=utf-8&dt=home&sd=24-bit&sr=1276x846&vp=679x392&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1076447804&cid=931079109.1481019585&tid=UA-74694740-5&_r=1&z=1545378189	173.194.32.128
hxxp://l.longtailvideo.com/5/10/logo.png	93.184.221.48
hxxp://www.govids.net/page-4.htm?lid=937115	69.88.149.142
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=conversant,TubeMogul-GP,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.howcast.com/wp-content/themes/howcast/images/icons/love.png
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.govids.net/page-4.html?lid=937115	69.88.149.142
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=TubeMogul-GP,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://cdn.tremorhub.com/static/noad.xml	52.222.171.101
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=google,conversant,TubeMogul-GP,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://www.govids.net/css1.css	69.88.149.142
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://cdn.tremorhub.com/crossdomain.xml	52.222.171.101
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://thm.vidvib.com/abcd.mp4	94.31.29.128
hxxp://www.govids.net/img/logo.png	69.88.149.142
hxxp://109.201.148.40/bck.php?1481019586000
hxxp://www.commonsensicalmoderated.pw/amg.php	52.222.174.193
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://we1sb-wwcgk.ads.tremorhub.com/crossdomain.xml	52.206.147.54
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://partners.tremorhub.com/syncnoad?rid=80fc2374739b4f889a1fd3425e5191dd&p=audiencescience,centro,Bidswitch,dynadmic,mediamath,BidTheatre,beeswax,videoamp,TapAd,adgear,Pulsepoint,_dmp_turbine&uid=b15b7484a37d4a1abe3149b882b87266	52.71.68.213
hxxp://thm.vidvib.com/crossdomain.xml	94.31.29.128
hxxp://partners.tremorhub.com/syncnoad?rid=c951ee73c29240129573556468689b00&p=thetradedesk,audiencescience,mediamath,TubeMogul-GP,tremornet,Videology,dynadmic,adapTV,eyeview,Pulsepoint,SundaySky,TapAd,1,_dmp_turbine,Bidswitch,rocketfuel,dataxu,BidTheatre,google,videoamp,conversant,appnexus,adgear,beeswax,centro&uid=b15b7484a37d4a1abe3149b882b87266&init=true	52.71.68.213
hxxp://xlf5t.ads.tremorhub.com/crossdomain.xml	52.203.229.152
hxxp://www.commonsensicalmoderated.pw/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154	52.222.174.193

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /player1.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.govids.net/page-4.htm?lid=937115

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: govids.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Tue, 06 Dec 2016 18:27:40 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT

ETag: "4403c4-1bb61-4fbe0230ad080"

Accept-Ranges: bytes

Content-Length: 113505

Cache-Control: max-age=2592000, public

Expires: Tue, 07 Nov 2017 18:27:40 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... 
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....<<< skipped >>>

GET /analytics.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.commonsensicalmoderated.pw/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Timing-Allow-Origin: *

Date: Tue, 06 Dec 2016 08:42:39 GMT

Expires: Tue, 06 Dec 2016 10:42:39 GMT

Last-Modified: Wed, 28 Sep 2016 20:19:01 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 11590

Age: 5826

Cache-Control: public, max-age=7200
...........}iw..........tc.m'.a.i|B...F6 ...%.6.F.....o..JR/..{.....s'
V..VK..J.W..Hz...=....S....=$......l.j.......d....?Q...-..K...j(FR..W]
.b._..V.Ea-.6u.......D..gF.....[.<..W...../............`z.....g.l..
~.............>..........GB..N....?...?.I2.....U...o<.....W.;...
x qq......J.......zC.q...?.<.....P.."..[.|.....\P.c...[8.......FB;/
..#..N.........,.:..}.mw.....Bx..?...r=&`..,Q....)j.v..f3.._.y....<
.}..........y.5..l...fk..E.B7].X....%. h...6m...J$O.......!=.P,..$qo..
...]]..8g?....f..Oj......M..b4.$.T$...{...R..^......_.63T-.e..#h7Y.F..
~..}..Q....\..Z.2KKO...on8..%.!.n.."V<Qo.j......0. .o{2..u(uU..M.8.
E..FDs6.y.....7..\..g.....x4.7<.......yg.{f.....>.k/s..V..k....)
....s)..@...$QC.7..\.P*I..uI.E.........U..7.<.]Wy.0.....]..........
..*.2.[.0 @e.1....qXT._... .!8..IO..........L%..}.6.%.u6'"...."*.>.
........[.U]..O.k.p.........C'QwI......*..~(..B.v.g...&.y...@.f....S.9
..........<....8@........r..R..=.y.1..M....D...G..P..O..s.v)/[.....
q.......e.s*.aE3"p[..J.[Xj<}.....u...^^.=.....u.....V....sR....Z...
...Uo....P\........M.!,L..v...[....'.hBd.n.....rr....c..@=.o.N..|A....
C..-.D...ju....E.t....s.......p$.7.HT....S...!.4....]./.X.......C.C.[.
X....~..B.d.../.e.4..O.r*q`.....d.....b...t........../^6.jg:B........'
....x4...w;D...J1.._`.@].s...'*U....&.a.KFD....<.....Y@.7.?U..a...P
..J.V..\%...O'].Q...[.7....Fn...0tgA.2S.#-....._..%....q......f..9...z
Z...l==.R .@..v...."......[.....".".;..YBf....~.....m.$....d42?.9f..K@
........7.Q_..w.<-...;z..|..*..>...D...(?r.....@F.. ..P]...2<<< skipped >>>

GET /r/collect?v=1&_v=j47&a=1859802888&t=pageview&_s=1&dl=http://VVV.commonsensicalmoderated.pw/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154&ul=en-us&de=utf-8&dt=home&sd=24-bit&sr=1276x846&vp=679x392&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1076447804&cid=931079109.1481019585&tid=UA-74694740-5&_r=1&z=1545378189 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.commonsensicalmoderated.pw/home.php?id=02AMcKSTyy4dwvAf9I0S&date=2016-11-21&p=none&t=&ca=74784154

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Tue, 06 Dec 2016 10:19:45 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 06 Dec 2016 10:19:45 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;....


GET /r/collect?v=1&_v=j47&a=926932721&t=pageview&_s=1&dl=http://VVV.govids.net/page-4.htm?lid=937115&ul=en-us&de=utf-8&sd=24-bit&sr=1276x846&vp=850x480&je=1&fl=23.0 r0&_u=AEAAAEAAI~&jid=1133922811&cid=1153493406.1481019588&tid=UA-74694740-2&_r=1&z=2010394032 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.govids.net/page-4.htm?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Tue, 06 Dec 2016 10:19:47 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35

GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 06 Dec 2016 10:19:47 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: we1sb-wwcgk.ads.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=b15b7484a37d4a1abe3149b882b87266


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/xml

Date: Tue, 06 Dec 2016 10:19:56 GMT

ETag: W/"144-1446501138000"

Last-Modified: Mon, 02 Nov 2015 21:52:18 GMT

Server: Apache-Coyote/1.1

Content-Length: 144

Connection: keep-alive
<?xml version="1.0" ?>.<cross-domain-policy>.    <!-- V
ery Liberal -->.    <allow-access-from domain="*" secure="false"
/>.</cross-domain-policy>....


GET /ad/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Home videos, Funny Videos - 4&mediaDesc=Watch Home videos, Funny Videos - 4&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hXXp://VVV.govids.net/4.html&contentLength=[CONTENT_LENGTH] HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://govids.net/ova-jw.swf

x-flash-version: 23,0,0,185

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: we1sb-wwcgk.ads.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=b15b7484a37d4a1abe3149b882b87266


HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate

Content-Encoding: gzip

Content-Type: text/xml;charset=ISO-8859-1

Date: Tue, 06 Dec 2016 10:19:56 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Pragma: no-cache

Server: Apache-Coyote/1.1

Set-Cookie: tvid=b15b7484a37d4a1abe3149b882b87266; Domain=.tremorhub.com; Expires=Wed, 06-Dec-2017 16:08:17 GMT; Path=/

Set-Cookie: tvrg_60409="1,1481019597"; Version=1; Domain=.tremorhub.com; Max-Age=60; Expires=Tue, 06-Dec-2016 10:20:57 GMT; Path=/

Vary: Accept-Encoding

x-tremorvideo-status: NO_AD

Content-Length: 529

Connection: keep-alive
...........R.n.0... \..-V$ ..H2T'-..a.Jz..`%.e..I.a[.....}\z 8....3.L.
.f.Em.........J2...{*>^..4.H..Eq......sgSoe...}...z..a%........`.I.
....{/Kr6.....B.E..Xl...;X,...J.MsV@...1K.....".9.S.........JH`S.Y._/.
p4...I.-.x.......o.I...J...h..7.....{G..g...JSP....%....P-e.......V...
*.......\.>[#..v .5.". ....nURt.....'..T.F.7..7.t.E..n............A
..].....K..j`...).r...E....Y...Z....... ...........epS..8...E.@.. ..q.
..8.......j...Y......R.c.V..q.Ak......].....^.....Q.M7.~..4Y..h.0K>
..@.BC...~..L......L.. ....F...............z9...HTTP/1.1 200 OK..Cache
-Control: no-cache, no-store, must-revalidate..Content-Encoding: gzip.
.Content-Type: text/xml;charset=ISO-8859-1..Date: Tue, 06 Dec 2016 10:
19:56 GMT..P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.c
om/en/privacy-policy'..Pragma: no-cache..Server: Apache-Coyote/1.1..Se
t-Cookie: tvid=b15b7484a37d4a1abe3149b882b87266; Domain=.tremorhub.com
; Expires=Wed, 06-Dec-2017 16:08:17 GMT; Path=/..Set-Cookie: tvrg_6040
9="1,1481019597"; Version=1; Domain=.tremorhub.com; Max-Age=60; Expire
s=Tue, 06-Dec-2016 10:20:57 GMT; Path=/..Vary: Accept-Encoding..x-trem
orvideo-status: NO_AD..Content-Length: 529..Connection: keep-alive....
.........R.n.0... \..-V$ ..H2T'-..a.Jz..`%.e..I.a[.....}\z 8....3.L..f
.Em.........J2...{*>^..4.H..Eq......sgSoe...}...z..a%........`.I...
..{/Kr6.....B.E..Xl...;X,...J.MsV@...1K.....".9.S.........JH`S.Y._/.p4
...I.-.x.......o.I...J...h..7.....{G..g...JSP....%....P-e.......V...*.
......\.>[#..v .5.". ....nURt.....'..T.F.7..7.t.E..n...........<<< skipped >>>

GET /jwplayer1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.govids.net/page-4.html?lid=937115

Accept-Language: en-US

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)

Host: govids.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Tue, 06 Dec 2016 18:27:38 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT

ETag: "4403af-25d37-53444eccf91c0"

Accept-Ranges: bytes

Content-Length: 154935

Cache-Control: max-age=2592000, public

Expires: Tue, 07 Nov 2017 18:27:38 GMT

Connection: close

Content-Type: text/javascript
var dtn = Date.parse(new Date().toString());..document.write(unescape(
'

undiscounted.exe_1204:

.text

`.rdata

@.data

.ndata

.rsrc

uDSSh

.DEFAULT\Control Panel\International

Software\Microsoft\Windows\CurrentVersion

GetWindowsDirectoryA

KERNEL32.dll

ExitWindowsEx

USER32.dll

GDI32.dll

SHFileOperationA

ShellExecuteA

SHELL32.dll

RegEnumKeyA

RegCreateKeyExA

RegCloseKey

RegDeleteKeyA

RegOpenKeyExA

ADVAPI32.dll

COMCTL32.dll

ole32.dll

VERSION.dll

verifying installer: %d%%

hXXp://nsis.sf.net/NSIS_Error

... %d%%

~nsu.tmp

%u.%u%s%s

RegDeleteKeyExA

%s=%s

*?|<>/":

ers\"%CurrentUserName%"\AppData\Local\Temp\nscD44F.tmp\ExecCmd.dll

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscD44F.tmp\ExecCmd.dll

"%Program Files%\Kirton\lte.exe"

ed.exe"

p\ExecCmd.dll

.reloc

EnumWindows

ExecCmd.dll

Kernel32.DLL

$$\wininit.ini

e%uy%u

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nscD44F.tmp

lte.exe

rogram Files\Kirton\lte.exe"

ecCmd.dll

.exe" | %SystemRoot%\System32\find /I "lte.exe"

\Users\"%CurrentUserName%"\AppData\Local\Temp\nscD44F.tmp

"%Program Files%\asked\undiscounted.exe"

%Program Files%\asked

undiscounted.exe

ers\"%CurrentUserName%"\AppData\Local\Temp\nsiC052.tmp

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\

%Program Files%\asked\undiscounted.exe

Software\Microsoft\Windows\CurrentVersion\Run

Windows\

%Program Files%

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity version="1.0.0.0" processorArchitecture="X86" name="Nullsoft.NSIS.exehead" type="win32"/><description>Nullsoft Install System v2.46</description><trustInfo xmlns="urn:schemas-microsoft-com:asm.v3"><security><requestedPrivileges><requestedExecutionLevel level="asInvoker" uiAccess="false"/></requestedPrivileges></security></trustInfo><compatibility xmlns="urn:schemas-microsoft-com:compatibility.v1"><application><supportedOS Id="{35138b9a-5d96-4fbd-8e2d-a2440225f93a}"/><supportedOS Id="{e2011457-1546-43c5-a5fe-008deee3d3f0}"/></application></compatibility></assembly>

d\undiscounted.exe"

Kirton\lte.exe"

lte.exe_3632_rwx_00332000_00009000:

.NippNi

lte.exe_3632_rwx_6B2F2000_00002000:

BkVJBk.JBk>

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):No processes have been created.
Delete the original Trojan file.
Restore the original content of the HOSTS file (%System%\drivers\etc\hosts):
127.0.0.1 localhost
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan.NSIS.Androm.3_dc7fd4f3cf

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan.NSIS.Androm.3_dc7fd4f3cf

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet