Joe Sandbox - Abstract Analysis File 16203

Generated with Joe Sandbox 6.0.2

General information
Start time:	20:02:20
Start date:	02/07/2012
Overall analysis duration:	0h 2m 48s
Sample file name:	6f7e68ac83fb111653e2093c17d46b21
Cookbook file name:	Analyse Banking Trojan.jbs
Analysis system description:	XP SP3 (Office 2003 SP2, Java 1.6.0, Acrobat Reader 9.3.4, Internet Explorer 8)
Number of analysed new started processes analysed:	6
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	20
Errors:	Too many NtReadFile calls (excessive behavior) Too many NtProtectVirtualMemory calls (excessive behavior) Too many NtWriteFile calls (excessive behavior) Too many NtSetInformationFile calls (excessive behavior)

Classification / Threat Score
Persistence, Installation, Boot Survival:
Hiding, Stealthiness, Detection and Removal Protection:
Security Solution / Mechanism bypass, termination and removal, Anti Debugging, VM Detection:
Spreading:
Exploiting:
Networking:
Data spying, Sniffing, Keylogging, Ebanking Fraud:

Signature Detections
Binary contains device paths (device paths are often used for kernelmode <-> usermode communication)
Downloads files
Executable is probably coded in java
Printf formatting strings found in memory and binary data
Queries a list of all open handles
Queries a list of all running processes
Spawns processes
Urls found in memory or binary data
Binary may include packed or crypted data
Creates a mutex to recognise infected hosts	\BaseNamedObjects\Global\ch971pGLCYGJFFTTU5XPPGQTZJ8OdYB \BaseNamedObjects\zXeRY3a_PtW\|00000000 \BaseNamedObjects\Global\SystemService
Deletes itself after installation
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Allocates memory in foreign processes
Changes memory attributes in foreign processes to executable or writable
Found strings which match to known bank urls
Hijackes the control flow in another process
Hooks files or directories query functions (used to hide files and directories)
Hooks registry keys query functions (used to hide registry keys)
Hooks winsocket function (used for sniffing or altering network traffic)
Injects a PE file into a foreign processes
Modifies the context of a thread in another process (thread injection)
Modifies the prolog of usermode functions (usermode inline hooks)
Writes to foreign memory regions

Static File Information

General Information
File name:	6f7e68ac83fb111653e2093c17d46b21
File size:	196096
MD5:	6f7e68ac83fb111653e2093c17d46b21
SHA1:	5dbe5f3f62456998d8bf2b351783f26e15d154de
SHA256:	b22ffd981d026c84fc20edd94f21d74a189ae349d9608c719088415ed54da70e
File type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit

PE Information

General
Entrypoint:	0x401b3bL	.text
Imagebase:	0x400000L
Time stamp:	0x4F0F2D99 [Thu Jan 12 18:59:37 2012 UTC]
Subsystem:	windows gui
TLS callbacks:

Resources
Name	RVA address	Size	Type
	0xe438L	0x138L	data
	0xe570L	0x138L	data
	0xe6a8L	0x138L	data
	0xe7e0L	0x138L	data
	0xe918L	0x138L	data
	0xea50L	0x138L	data
	0xeb88L	0x138L	data
	0xecc0L	0x138L	data
	0xedf8L	0x138L	data
	0xef30L	0x138L	data
	0xf068L	0x138L	data
	0xf1a0L	0x138L	data
	0xf2d8L	0x138L	data
	0xf410L	0x138L	data
	0xf548L	0x138L	data
	0xf680L	0x138L	data
	0xf7b8L	0x138L	data
	0xf8f0L	0x138L	data
	0xfa28L	0x138L	data
	0xfb60L	0x138L	data
	0xfc98L	0x138L	data
	0xfdd0L	0x138L	data
	0xff08L	0x138L	data
	0x10040L	0x138L	data
	0x10178L	0x138L	data
	0x102b0L	0x138L	data
	0x103e8L	0x138L	data
	0x10520L	0x138L	data
	0x10658L	0x138L	data
	0x10790L	0x138L	data
	0x108c8L	0x138L	data
	0x10a00L	0x138L	data
	0x10b38L	0x138L	data
	0x10c70L	0x138L	data
	0x10da8L	0x138L	data
	0x10ee0L	0x138L	data
	0x11018L	0x138L	data
	0x11150L	0x138L	data
	0x11288L	0x138L	data
	0x113c0L	0x138L	data
	0x114f8L	0x138L	data
	0x11630L	0x138L	data
	0x11768L	0x138L	data
	0x118a0L	0x138L	data
	0x119d8L	0x138L	data
	0x11b10L	0x138L	data
	0x11c48L	0x138L	data
	0x11d80L	0x138L	data
	0x11eb8L	0x138L	data
	0x11ff0L	0x138L	data
	0x12128L	0x138L	data
	0x12260L	0x138L	data
	0x12398L	0x138L	data
	0x124d0L	0x138L	data
	0x12608L	0x138L	data
	0x12740L	0x138L	data
	0x12878L	0x138L	data
	0x129b0L	0x138L	data
	0x12ae8L	0x138L	data
	0x12c20L	0x138L	data
	0x12d58L	0x138L	data
	0x12e90L	0x138L	data
	0x12fc8L	0x138L	data
	0x13100L	0x10a8L	data
	0x141a8L	0x138L	data
	0x142e0L	0x138L	data
	0x14418L	0x138L	data
	0x14550L	0x138L	data
	0x14688L	0x138L	data
	0x147c0L	0x138L	data
	0x148f8L	0x138L	data
	0x14a30L	0x138L	data
	0x14b68L	0x138L	data
	0x14ca0L	0x138L	data
	0x14dd8L	0x138L	data
	0x14f10L	0x138L	data
	0x15048L	0x138L	data
	0x15180L	0x138L	data
	0x152b8L	0x138L	data
	0x153f0L	0x138L	data
	0x15528L	0x138L	data
	0x15660L	0x138L	data
	0x15798L	0x138L	data
	0x158d0L	0x138L	data
	0x15a08L	0x138L	data
	0x15b40L	0x138L	data
	0x15c78L	0x138L	data
	0x15db0L	0x138L	data
	0x15ee8L	0x138L	data
	0x16020L	0x138L	data
	0x16158L	0x138L	data
	0x16290L	0x138L	data
	0x163c8L	0x138L	data
	0x16500L	0x138L	data
	0x16638L	0x138L	data
	0x16770L	0x138L	data
	0x168a8L	0x138L	data
	0x169e0L	0x138L	data
	0x16b18L	0x138L	data
	0x16c50L	0x138L	data
	0x16d88L	0x138L	data
	0x16ec0L	0x138L	data
	0x16ff8L	0x138L	data
	0x17130L	0x138L	data
	0x17268L	0x138L	data
	0x173a0L	0x138L	data
	0x174d8L	0x138L	data
	0x17610L	0x138L	data
	0x17748L	0x138L	data
	0x17880L	0x138L	data
	0x179b8L	0x138L	data
	0x17af0L	0x138L	data
	0x17c28L	0x138L	data
	0x17d60L	0x138L	data
	0x17e98L	0x138L	data
	0x17fd0L	0x138L	data
	0x18108L	0x138L	data
	0x18240L	0x138L	data
	0x18378L	0x138L	data
	0x184b0L	0x138L	data
	0x185e8L	0x138L	data
	0x18720L	0x138L	data
	0x18858L	0x138L	data
	0x18990L	0x138L	data
	0x18ac8L	0x138L	data
	0x18c00L	0x138L	data
	0x18d38L	0x138L	data
	0x18e70L	0x138L	data
	0x18fa8L	0x138L	data
	0x190e0L	0x138L	data
	0x19218L	0x138L	data
	0x19350L	0x138L	data
	0x19488L	0x138L	data
	0x195c0L	0x138L	data
	0x196f8L	0x138L	data
	0x19830L	0x138L	data
	0x19968L	0x138L	data
	0x19aa0L	0x138L	data
	0x19bd8L	0x138L	data
	0x19d10L	0x138L	data
	0x19e48L	0x138L	data
	0x19f80L	0x138L	data
	0x1a0b8L	0x138L	data
	0x1a1f0L	0x138L	data
	0x1a328L	0x138L	data
	0x1a460L	0x138L	data
	0x1a598L	0x138L	data
	0x1a6d0L	0x138L	data
	0x1a808L	0x138L	data
	0x1a940L	0x138L	data
	0x1aa78L	0x138L	data
	0x1abb0L	0x138L	data
	0x1ace8L	0x138L	data
	0x1ae20L	0x138L	data
	0x1af58L	0x138L	data
	0x1b090L	0x138L	data
	0x1b1c8L	0x138L	data
	0x1b300L	0x138L	data
	0x1b438L	0x138L	data
	0x1b570L	0x138L	data
	0x1b6a8L	0x138L	data
	0x1b7e0L	0x138L	data
	0x1b918L	0x138L	data
	0x1ba50L	0x138L	data
	0x1bb88L	0x138L	data
	0x1bcc0L	0x138L	data
	0x1bdf8L	0x138L	data
	0x1bf30L	0x138L	data
	0x1c068L	0x138L	data
	0x1c1a0L	0x138L	data
	0x1c2d8L	0x138L	data
	0x1c410L	0x138L	data
	0x1c548L	0x138L	data
	0x1c680L	0x138L	data
	0x1c7b8L	0x138L	data
	0x1c8f0L	0x138L	data
	0x1ca28L	0x138L	data
	0x1cb60L	0x138L	data
	0x1cc98L	0x138L	data
	0x1cdd0L	0x138L	data
	0x1cf08L	0x138L	data
	0x1d040L	0x138L	data
	0x1d178L	0x138L	data
	0x1d2b0L	0x138L	data
	0x1d3e8L	0x138L	data
	0x1d520L	0x138L	data
	0x1d658L	0x138L	data
	0x1d790L	0x138L	data
	0x1d8c8L	0x138L	data
	0x1da00L	0x138L	data
	0x1db38L	0x138L	data
	0x1dc70L	0x138L	data
	0x1dda8L	0x138L	data
	0x1dee0L	0x138L	data
	0x1e018L	0x138L	data
	0x1e150L	0x138L	data
	0x1e288L	0x138L	data
	0x1e3c0L	0x138L	data
	0x1e4f8L	0x138L	data
	0x1e630L	0x138L	data
	0x1e768L	0x138L	data
	0x1e8a0L	0x138L	data
	0x1e9d8L	0x138L	data
	0x1eb10L	0x138L	data
	0x1ec48L	0x138L	data
	0x1ed80L	0x138L	data
	0x1eeb8L	0x138L	data
	0x1eff0L	0x138L	data
	0x1f128L	0x138L	data
	0x1f260L	0x138L	data
	0x1f398L	0x138L	data
	0x1f4d0L	0x138L	data
	0x1f608L	0x138L	data
	0x1f740L	0x138L	data
	0x1f878L	0x138L	data
	0x1f9b0L	0x138L	data
	0x1fae8L	0x138L	data
	0x1fc20L	0x138L	data
	0x1fd58L	0x138L	data
	0x1fe90L	0x138L	data
	0x1ffc8L	0x138L	data
	0x20100L	0x138L	data
	0x20238L	0x138L	data
	0x20370L	0x138L	data
	0x204a8L	0x138L	data
	0x205e0L	0x138L	data
	0x20718L	0x138L	data
	0x20850L	0x138L	data
	0x20988L	0x138L	data
	0x20ac0L	0x138L	data
	0x20bf8L	0x138L	data
	0x20d30L	0x138L	data
	0x20e68L	0x138L	data
	0x20fa0L	0x138L	data
	0x210d8L	0x138L	data
	0x21210L	0x138L	data
	0x21348L	0x138L	data
	0x21480L	0x138L	data
	0x215b8L	0x138L	data
	0x216f0L	0x138L	data
	0x21828L	0x138L	data
	0x21960L	0x138L	data
	0x21a98L	0x138L	data
	0x21bd0L	0x138L	data
	0x21d08L	0x138L	data
	0x21e40L	0x138L	data
	0x21f78L	0x138L	data
	0x220b0L	0x138L	data
	0x221e8L	0x138L	data
	0x22320L	0x138L	data
	0x22458L	0x138L	data
	0x22590L	0x138L	data
	0x226c8L	0x138L	data
	0x22800L	0x138L	data
	0x22938L	0x138L	data
	0x22a70L	0x138L	data
	0x22ba8L	0x138L	data
	0x22ce0L	0x138L	data
	0x22e18L	0x138L	data
	0x22f50L	0x138L	data
	0x23088L	0x138L	data
	0x231c0L	0x138L	data
	0x232f8L	0x138L	data
	0x23430L	0x138L	data
	0x23568L	0x138L	data
	0x236a0L	0x138L	data
	0x237d8L	0x138L	data
	0x23910L	0x138L	data
	0x23a48L	0x138L	data
	0x23b80L	0x138L	data
	0x23cb8L	0x138L	data
	0x23df0L	0x138L	data
	0x23f28L	0x138L	data
	0x24060L	0x138L	data
	0x24198L	0x138L	data
	0x242d0L	0x138L	data
	0x24408L	0x138L	data
	0x24540L	0x138L	data
	0x24678L	0x138L	data
	0x247b0L	0x138L	data
	0x248e8L	0x138L	data
	0x24a20L	0x138L	data
	0x24b58L	0x138L	data
	0x24c90L	0x138L	data
	0x24dc8L	0x138L	data
	0x24f00L	0x138L	data
	0x25038L	0x138L	data
	0x25170L	0x138L	data
	0x252a8L	0x138L	data
	0x253e0L	0x138L	data
	0x25518L	0x138L	data
	0x25650L	0x138L	data
	0x25788L	0x138L	data
	0x258c0L	0x138L	data
	0x259f8L	0x138L	data
	0x25b30L	0x138L	data
	0x25c68L	0x138L	data
	0x25da0L	0x138L	data
	0x25ed8L	0x138L	data
	0x26010L	0x138L	data
	0x26148L	0x138L	data
	0x26280L	0x138L	data
	0x263b8L	0x138L	data
	0x264f0L	0x138L	data
	0x26628L	0x138L	data
	0x26760L	0x138L	data
	0x26898L	0x138L	data
	0x269d0L	0x138L	data
	0x26b08L	0x138L	data
	0x26c40L	0x138L	data
	0x26d78L	0x138L	data
	0x26eb0L	0x138L	data
	0x26fe8L	0x138L	data
	0x27120L	0x138L	data
	0x27258L	0x138L	data
	0x27390L	0x138L	data
	0x274c8L	0x138L	data
	0x27600L	0x138L	data
	0x27738L	0x138L	data
	0x27870L	0x138L	data
	0x279a8L	0x138L	data
	0x27ae0L	0x138L	data
	0x27c18L	0x138L	data
	0x27d50L	0x138L	data
	0x27e88L	0x138L	data
	0x27fc0L	0x138L	data
	0x280f8L	0x138L	data
	0x28230L	0x138L	data
	0x28368L	0x138L	data
	0x284a0L	0x138L	data
	0x285d8L	0x138L	data
	0x28710L	0x138L	data
	0x28848L	0x138L	data
	0x28980L	0x138L	data
	0x28ab8L	0x138L	data
	0x28bf0L	0x138L	data
	0x28d28L	0x138L	data
	0x28e60L	0x138L	data
	0x28f98L	0x138L	data
	0x290d0L	0x138L	data
	0x29208L	0x138L	data
	0x29340L	0x138L	data
	0x29478L	0x138L	data
	0x295b0L	0x138L	data
	0x296e8L	0x138L	data
	0x29820L	0x138L	data
	0x29958L	0x138L	data
	0x29a90L	0x138L	data
	0x29bc8L	0x138L	data
	0x29d00L	0x138L	data
	0x29e38L	0x138L	data
	0x29f70L	0x138L	data
	0x2a0a8L	0x138L	data
	0x2a1e0L	0x138L	data
	0x2a318L	0x138L	data
	0x2a450L	0x138L	data
	0x2a588L	0x138L	data
	0x2a6c0L	0x138L	data
	0x2a7f8L	0x138L	data
	0x2a930L	0x138L	data
	0x2aa68L	0x138L	data
	0x2aba0L	0x138L	data
	0x2acd8L	0x138L	data
	0x2ae10L	0x138L	data
	0x2af48L	0x138L	data
	0x2b080L	0x138L	data
	0x2b1b8L	0x138L	data
	0x2b2f0L	0x138L	data
	0x2b428L	0x138L	data
	0x2b560L	0x138L	data
	0x2b698L	0x138L	data
	0x2b7d0L	0x138L	data
	0x2b908L	0x138L	data
	0x2ba40L	0x138L	data
	0x2bb78L	0x138L	data
	0x2bcb0L	0x138L	data
	0x2bde8L	0x138L	data
	0x2bf20L	0x138L	data
	0x2c058L	0x138L	data
	0x2c190L	0x138L	data
	0x2c2c8L	0x138L	data
	0x2c400L	0x138L	data
	0x2c538L	0x138L	data
	0x2c670L	0x138L	data
	0x2c7a8L	0x138L	data
	0x2c8e0L	0x138L	data
	0x2ca18L	0x138L	data
	0x2cb50L	0x138L	data
	0x2cc88L	0x138L	data
	0x2cdc0L	0x138L	data
	0x2cef8L	0x138L	data
	0x2d030L	0x138L	data
	0x2d168L	0x138L	data
	0x2d2a0L	0x138L	data
	0x2d3d8L	0x138L	data
	0x2d510L	0x138L	data
	0x2d648L	0x138L	data
	0x2d780L	0x138L	data
	0x2d8b8L	0x138L	data
	0x2d9f0L	0x138L	data
	0x2db28L	0x138L	data
	0x2dc60L	0x138L	data
	0x2dd98L	0x138L	data
	0x2ded0L	0x138L	data
	0x2e008L	0x138L	data
	0x2e140L	0x138L	data
	0x2e278L	0x138L	data
	0x2e3b0L	0x138L	data
	0x2e4e8L	0x138L	data
	0x2e620L	0x138L	data
	0x2e758L	0x138L	data
	0x2e890L	0x138L	data
	0x2e9c8L	0x138L	data
	0x2eb00L	0x138L	data
	0x2ec38L	0x138L	data
	0x2ed70L	0x138L	data
	0x2eea8L	0x138L	data
	0x2efe0L	0x138L	data
	0x2f118L	0x138L	data
	0x2f250L	0x138L	data
	0x2f388L	0x138L	data
	0x2f4c0L	0x138L	data
	0x2f5f8L	0x138L	data
	0x2f730L	0x138L	data
	0x2f868L	0x138L	data
	0x2f9a0L	0x138L	data
	0x2fad8L	0x138L	data
	0x2fc10L	0x138L	data
	0x2fd48L	0x138L	data
	0x2fe80L	0x138L	data
	0x2ffb8L	0x138L	data
	0x300f0L	0x138L	data
	0x30228L	0x138L	data
	0x30360L	0x138L	data
	0x30498L	0x138L	data
	0x305d0L	0x138L	data
	0x30708L	0x138L	data
	0x30840L	0x138L	data
	0x30978L	0x138L	data
	0x30ab0L	0x138L	data
	0x30be8L	0x138L	data
	0x30d20L	0x138L	data
	0x30e58L	0x138L	data
	0x30f90L	0x138L	data
	0x310c8L	0x138L	data
	0x31200L	0x138L	data
	0x31338L	0x186aL	MS Windows icon resource

Imports
DLL	Import
KERNEL32.dll	GetProcAddress, LoadLibraryA, GetModuleFileNameA, HeapAlloc, ExitProcess, GetModuleHandleA, GetStartupInfoA, GetCommandLineA, GetVersionExA, HeapDestroy, HeapCreate, VirtualFree, HeapFree, VirtualAlloc, HeapReAlloc, QueryPerformanceCounter, GetTickCount, GetCurrentThreadId, GetCurrentProcessId, GetSystemTimeAsFileTime, TerminateProcess, GetCurrentProcess, WriteFile, GetStdHandle, UnhandledExceptionFilter, FreeEnvironmentStringsA, GetEnvironmentStrings, FreeEnvironmentStringsW, WideCharToMultiByte, GetLastError, GetEnvironmentStringsW, SetHandleCount, GetFileType, RtlUnwind, InterlockedExchange, VirtualQuery, GetACP, GetOEMCP, GetCPInfo, HeapSize, LCMapStringA, MultiByteToWideChar, LCMapStringW, GetStringTypeA, GetStringTypeW, GetLocaleInfoA, VirtualProtect, GetSystemInfo

Exports

Sections
Name	Virtual address	Virtual size	Raw size	entropy
.text	0x1000L	0x4800L	0x4800L	6.7326638037
.rdata	0x6000L	0x1200L	0x1200L	4.65458811417
.data	0x8000L	0x95cL	0x400L	4.58844164508
.rsrc	0x9000L	0x29ba4L	0x29c00L	7.01149258922

Version Infos
Description	Data

Possible Origin
Language of compilation system	Country where language is spoken	Map

String Analysis

Formattings for printf style functions
String value	Source
3[)%gY	iexplore.exe
LOG: File %s being registered.	iexplore.exe
CPenIMX(sketch)::OnKillThreadFocus(); _GetOnOff() returns %s.	iexplore.exe
zD\%ce	6f7e68ac83fb111653e2093c17d46b21.exe, B6232F3AC2C.exe, 5CBD14A05E0D693.dr
Identified by %s7%1!ls!	iexplore.exe
Netscape Navigator profile: %s	iexplore.exe
%OHB"s	iexplore.exe
\|%SystemRoot%\system32\rsvpsp.dll	iexplore.exe
%IEFRAME.dl	iexplore.exe
%s hr	iexplore.exe
CTipFunctionProvider(sketch)::GetFunction %s	iexplore.exe
%SystemRoot%\Debug\UserMode\userenv.bak	iexplore.exe
%Can't create necessary temporary	iexplore.exe
%s Document\|%s\|All Files\|.*\|\|	iexplore.exe
var L_ACR_ReturnTo_TEXT = "Try to return to %s";	iexplore.exe
Unknown-Lear&n more about search provider preferences%Lear&n more about InPrivate Filtering	iexplore.exe
CTipFunctionProvider(sketch)::GetFunction(...,...,%s)	iexplore.exe
Start Page.Would you like to set your Start Page to "%s"?	iexplore.exe
!.LOG: INF Processing: Satellite DLL found:%s	iexplore.exe
%SystemRoot%\Debug\UserMode\userenv.log	iexplore.exe
%s Line: %ld Character: %ld	iexplore.exe
BERR: Run Setup Hook: Failed Error Code:(hr) = %lx, processing: %s	iexplore.exe
Accelerators: %s	iexplore.exe
Netscape versions less than 4.0"Netscape Navigator 4.0 profile: %s	iexplore.exe
%sAuthor: %s	iexplore.exe
ERR: Security Trust Verification Failed or rejected by user/administrator. Check Security Settings. Detailed Error Code (hr) = %lx	iexplore.exe
m&&delete g[m];g[a]=r;h[i]=a;i=(i+1)%f}e!=_.p&&j.vv==_.p&&(j.vv=e);c!=_.p&&(j.lx=c);d!=_.p&&(j.rv+=d)}function c(a,e){for(var b=0,c;b<a.length;++b)if(c=e[b],0<c&&a[b]>c)return _.l;return _.w}var f=e\|\|10,g={},h=[],i=0,j=b(),m=b(),e={LX:function updateTimeToFirstChunk(a,e){d(a,e,_.p,_.p)},MX:function updateTimeToLastChunk(a,e){d(a,_.p,e,_.p)},JX:function updateProcessingTime(a,e){d(a,_.p,_.p,e)},YR:function checkThresholds(e,b,d){a();var g=[j.vv,j.lx,j.rv],i=[m.vv,m.lx,m.rv];if(e=e.sI(b,d))if(b=h.length==	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
End downloading component %s	iexplore.exe
Unknown Setup Error.=LOG: Downloaded images must now be all native code, URL:(%s)	iexplore.exe
$xsJ%xs{%xs	iexplore.exe
%s (expiring)	iexplore.exe
Do you want to replace it?+Cannot find %s.	iexplore.exe
Global\%s	iexplore.exe
%s\%s\%s\%s\%s\%s	iexplore.exe
Default: %s	iexplore.exe
%s min	iexplore.exe
re = /%s/g;	iexplore.exe
%SystemRoot%\System32\mswsock.dll	iexplore.exe
[ERROR] : dwErr == %u	iexplore.exe
Pw%n[w	iexplore.exe
%C&&]N	iexplore.exe
Connecting to site %s	iexplore.exe
%ls %ls	iexplore.exe
6This is the full list of %s. No filters are available.	iexplore.exe
Export the favorites to %s	iexplore.exe
%d.%d.%d.%d	iexplore.exe
Export the cookies to %s	iexplore.exe
Go to '%s'	iexplore.exe
_.Oba=function(e,a){function b(a){a-=e;0>a&&(a=0);c[f]=a;f=(f+1)%d}var d=a\|\|20,c=[],f=0,g=_.w,h={start:function start$$9(){function a(){var d=window.google.time();b(d-c);g&&(c=d,window.setTimeout(a,e))}var c=window.google.time();g=_.l;window.setTimeout(a,e)},stop:function stop$$1(){g=_.w},GS:function getAllDataPoints(){return c.slice(f).concat(c.slice(0,f))}};h.hZ=b;return h};	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
EERR: INF Processing: No section for processing: %s	iexplore.exe
%s (Upgrade)	iexplore.exe
%u minute ago	iexplore.exe
Q%fLY 8	B6232F3AC2C.exe.dr
PackagerWould you like to allow pop-ups from '%s'?Would you like to block pop-ups from '%s'?	iexplore.exe
New Folder (%d)	iexplore.exe
%userenv.dll	iexplore.exe
%%%%GGGGOOOOBBBB((((	iexplore.exe
%Certisign Certificadora Digital Ltda.100.	iexplore.exe
. Cannot get primary/default language!RLOG: URL Download Complete: hrStatus:%lx, hrOSB:%lx, hrResponseHdr:%lx, URL:(%ws)	iexplore.exe
Disclosed to others who might contact you for marketing of services and/or products. You will have an opportunity to ask the site not to do this.%Disclosed to others for any purposes.	iexplore.exe
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*%+%-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s%+!,!	iexplore.exe
%sWhat's New: %s	iexplore.exe
[ERROR] : dwErr == %u ( Could be invalid encryption key )	iexplore.exe
%systemr	svchost.exe
Tab Group %d	iexplore.exe
Installing component %s	iexplore.exe
%SystemRoot%\	iexplore.exe
UERR: Setup Failed Error Code: (hr) = %lx, installing: %s to %s destination code(%lx)	iexplore.exe
nLOG: Reporting Code Download Completion: (hr:%lx%s, CLASSID: %lx..., szCODE:(%ws), MainType:%ws, MainExt:%ws)	iexplore.exe
"%s"pInternet Explorer does not support this type of search provider.	iexplore.exe
%systemroot%\system32\com\dmp	iexplore.exe
%s%s%s	iexplore.exe
Back to %s (Alt+Left)	iexplore.exe
%u hours ago	iexplore.exe
eHu%ip	nav_logo107[1].png.dr
http://%s.com	iexplore.exe
1Are you sure you want to delete History Item: %s?7Are you sure you want to delete these %d History items?5Are you sure you want to delete the selected Cookies?	iexplore.exe
Do you want to format it now?)The disk in drive %c cannot be formatted.	iexplore.exe
CPenIMX(sketch)::_EditInk(...,%s,%s)	iexplore.exe
URL:%s Protocol	iexplore.exe
%%%FFFFFFFiiiii	iexplore.exe
Shows or hides the status bar.%Shows or hides formatting indicators.	iexplore.exe
Sketch-Ink version=%s	iexplore.exe
%s Accelerator	iexplore.exe
%s (new)	iexplore.exe
%f7A{[	iexplore.exe
%SystemRoot%\system32\mswso	iexplore.exe
%s (Alt+Z)	iexplore.exe
%sSubject: %s	iexplore.exe
Pages visited %s%Pages visited in week starting %1!ws!#Pages visited from %1!ws! to %2!ws!	iexplore.exe
%i>0T;	iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F40.dr
Expires at: %s	iexplore.exe
%odm650	B6232F3AC2C.exe.dr
Updated %s	iexplore.exe
CWndMain(sketch)::Enable(fEnable=%s)	iexplore.exe
%s\|%s\|All Files\|.*\|\|	iexplore.exe
,%.%0%2%4%6%8%:%<%>%@%B%E%G%I%	iexplore.exe
Content-Length: %u	iexplore.exe
Feed %d	iexplore.exe
%s (Default)cPlease choose another default search provider for Internet Explorer before removing this selection.	iexplore.exe
SOFTWARE\Microsoft\CTF\TIP\%s\LanguageProfile\0x%08X	iexplore.exe
%ole32.dll	iexplore.exe
LOG: Item %s being processed.	iexplore.exe
q%I0z(e*&	6f7e68ac83fb111653e2093c17d46b21.exe, B6232F3AC2C.exe
[ERROR] : dwErr == %u ( Config is damaged )	iexplore.exe
2LOG: Redundant download started on %s (hr = %lx).	iexplore.exe
Search for "%s"	iexplore.exe
EncodeUrl = EncodeUrl + '%u' + OutputEncoder_TwoByteHex(c);	iexplore.exe
%d-%d-%d	iexplore.exe
&'return' statement outside of function"Can't have 'break' outside of loop%Can't have 'continue' outside of loop	iexplore.exe
yOpening %d tabs at once might take a long time and cause Internet Explorer to respond slowly.	iexplore.exe
%s sec	iexplore.exe
!XERR: INF Processing: Failed (%lx) processing: %s	iexplore.exe
%%%FFFFF	iexplore.exe
%Secure Server Certification Authority0	iexplore.exe
. language = %s	iexplore.exe
UYour current security settings do not allow you to download files from this location.vWhen you send information to the %s, it might be possible for others to see that information. Do you want to continue?xWhen you send information from the %s, it might be possible for others to see that information. Do you want to continue?	iexplore.exe
Import the favorites from %s	iexplore.exe
\%1\$s\|\%s	iexplore.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%d	iexplore.exe
r = %s	iexplore.exe
%s\%s\%s\%s\%s	iexplore.exe
`w%D,3	iexplore.exe
%u matches	iexplore.exe
threadmetadata!nfo%d	iexplore.exe
H$Bee%n:	iexplore.exe
Cicero version=%s	iexplore.exe
%s - Security Warning$Al&ways ask before opening this file	iexplore.exe
A%emC{	iexplore.exe
rERR: OCX Install: detected incompatible platform binary (%s). Please contact site for a binary for your platform.	iexplore.exe
You have imported %i feeds.	iexplore.exe
%%%FFFFFF	iexplore.exe
%s Suggestions	iexplore.exe
running from location : %s	iexplore.exe
CPenIMX(sketch)::OnChange(); _GetOnOff() returns %s.	iexplore.exe
rogram Files\Windows Media Player\wmplayer.exe /Open "%L"	explorer.exe
Assertion failed: %s, file %s, line %d	iexplore.exe
CWndMain(sketch)::Show(fShow=%s) %s	iexplore.exe
%sLast Updated: %s	iexplore.exe
Adding CDL=(CLASSID: %lx..., szCODE:(%ws), VersionMS:%lx, VersionLS:%lx)	iexplore.exe
%s (unverified publisher)	iexplore.exe
of webpages that are designed for older browsers.aA problem displaying %s caused Internet Explorer to refresh the webpage using Compatibility View.	iexplore.exe
%s\Content.IE5\%s	iexplore.exe
[ERROR] : Cannot dump file (%u bytes) { %s }	iexplore.exe
Add Search Providers...Mhttp://auto.search.msn.com/response.asp?MT={searchTerms}&srch=%d&prov=%s&utf8NThe following search provider is already installed. Do you want to replace it?9The following search provider is already installed:	iexplore.exe
Sho&w: %s0Add-ons that have been used by Internet Explorer-Add-ons that run without requiring permission$Downloaded ActiveX Controls (32-bit)-Add-ons currently loaded in Internet Explorer	iexplore.exe
tid=%u&stat=	iexplore.exe
Expires in: %s	iexplore.exe
CPenIMX::_ICCallback(%s,%08X,...)	iexplore.exe
/LOG: Version not identified for %s, using 0.1.	iexplore.exe
%d %d %d %d	iexplore.exe
(Not verified) %s	iexplore.exe
%Opens a new Internet Explorer window./Adds the current page to your Favorites folder.&Previews how this document will print.*Prints the document in the selected frame.	iexplore.exe
%iX,43X	B6232F3AC2C.exe.dr
%sLast Visited: %s	iexplore.exe
CWndMain(sketch)::ShowHideUI() GetTipWantsToBeVisible()=%s _GetOnOff=%s this->bCanGetIC()=%s bShowMain=%s bEnable=%s	iexplore.exe
Expired %s	iexplore.exe
%SystemRoot	iexplore.exe
%ld sites	iexplore.exe
%IgnoreLoadLibrary	iexplore.exe
Label not found6'default' can only appear once in a 'switch' statement%Expected identifier, string or number	iexplore.exe
/Z%D,3	iexplore.exe
%s Feed %d	iexplore.exe
CLSID\%s\InprocServer32	iexplore.exe
Pages visited at %s	iexplore.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\%d	iexplore.exe
Redirecting to site: %s	iexplore.exe
(GMT %s%02u:%02u) %s	iexplore.exe
Forward to %s (Alt+Right)	iexplore.exe
Import the cookies from %s	iexplore.exe
DragDrop%lx	iexplore.exe
0%clear	iexplore.exe
AThere is no disk in drive %c.	iexplore.exe
(Default for %s Accelerator)jThis Accelerator runs code. To remove this Accelerator, please try Remove Programs from the Control Panel.	iexplore.exe
%u(t:B,c'	iexplore.exe
%Opens the webpage for this Web Slice.	iexplore.exe
Open '%s' in a new tab	iexplore.exe
CPenIMX(sketch)::OnSetThreadFocus(); _GetOnOff() returns %s.	iexplore.exe
(%d new)	iexplore.exe
Start downloading from site: %s	iexplore.exe
ache%OLK*	6f7e68ac83fb111653e2093c17d46b21.exe, B6232F3AC2C.exe, svchost.exe, iexplore.exe
For details, see 9ERR: Could not convert extension %s or type %s to clsid.	iexplore.exe
Search %s	iexplore.exe
[ERR: INF Processing: Failed Error Code:(%lx) processing: %s. Cannot get primary language!	iexplore.exe
%%s has requested information from you	iexplore.exe
%s (expired)	iexplore.exe
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*	iexplore.exe
CPenIMX(sketch)::EditInk(%s)	iexplore.exe
Getting data from cache %s#Website found. Waiting for reply...	iexplore.exe
%d Weeks Ago	iexplore.exe
4O0-%i1	iexplore.exe
%xpsp2res.dll	iexplore.exe
%OLE32.DLL	iexplore.exe
Application: %s	iexplore.exe
%Certisign Certificadora Digital Ltda.1301	iexplore.exe
%u hour ago	iexplore.exe
%s (Default)	iexplore.exe
E&dit with %s	iexplore.exe
%u minutes ago	iexplore.exe
.LOG: Setup Hook %s was executed successfully.	iexplore.exe
,Select which folder you want to export from.+Where do you want to export your favorites?7Select where you would like your favorites exported to..Where do you want to import your cookies from?8You can select where we should import your cookies from.)Where do you want to export your cookies?6You can select where we should export your cookies to.-%s already exists.	iexplore.exe
0,_.Gd)(b,"disabled")\|\|this.B.push(b)};_.EI=function(e,a){e.IB(e.M==_.p?a?0:e.B.length-1:(e.M+(a?1:e.B.length-1))%e.B.length)};	iexplore.exe
%USERPROFILE%\Favo	iexplore.exe
Keep &maximum items (%i)	iexplore.exe
l%s has been removed from this computer. Do you want to clean up your personalized settings for this program?	iexplore.exe
%O*@hv#	iexplore.exe
Navigate to '%s'	iexplore.exe
CPenIMX::_DIMCallback(%s,%08X,%08X,...)	iexplore.exe
rI]%ipF	iexplore.exe
zqnj%SNT	svchost.exe, ROUTER1.dr
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe	iexplore.exe
Insert a disk, and then try again.EThe disk in drive %c is not formatted.	iexplore.exe
Search with %s	iexplore.exe
Sketch TIP version=1.00.2297.1 m_langIDCurrent=0x%04X %s	iexplore.exe
This item expired %s	iexplore.exe
%sComments: %s	iexplore.exe
Downloading from site: %s	iexplore.exe
%SystemRoot%\system32\rsvpsp.dll	iexplore.exe
`OyB%i	explorer.exe, B6232F3AC2C.exe.dr
Importing: %s	iexplore.exe
8A webpage is not responding on the following website: %s	iexplore.exe
_.DI=function(e){this.element=e;this.B=[];this.M=_.p;"ab_opt"==this.element.id&&0==this.element.childNodes.length&&window.gbar.aomc(this.element);for(var e=(0,_.Qc)(".ab_dropdownitem",this.element),a=0,b;b=e[a];a++)(0,_.Gd)(b,"disabled")\|\|this.B.push(b)};_.EI=function(e,a){e.IB(e.M==_.p?a?0:e.B.length-1:(e.M+(a?1:e.B.length-1))%e.B.length)};	rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
88qB%S	iexplore.exe
%s, %s	iexplore.exe
Looking up %s	iexplore.exe
Host: %s	iexplore.exe
erJ `%I"	6f7e68ac83fb111653e2093c17d46b21.exe, B6232F3AC2C.exe, svchost.exe, iexplore.exe
hNp%cxr	B6232F3AC2C.exe.dr
:LOG: Downloaded images must now be all x86 code, URL:(%s)	iexplore.exe
%s\Content.IE5\0	iexplore.exe
WRN: OCX Registration: no DllRegisterServer entry point in (%s). Skipping registration. INF Author: mark this section with RegisterServer=No as a performance optimization.	iexplore.exe
_.Zfa=function(){(0,_.Rc)("#iur");for(var e=(0,_.Qc)("li.uh_r"),a=_.Xw,b=0,d;d=e[b++];){var c=(0,_.Rc)("a.bia",d),f=_.Yw[c.id];d=(0,_.Rc)("button.esw",d);f&&d&&(d.setAttribute("g:imgtbn",f[0]),c=c.href,d.setAttribute("g:imgland",c),c=/:\/\/(www.)?([^/?#]*)/i.exec((0,_.Sw)(c,"imgrefurl")),c=a.replace(/\%1\$s\|\%s/,c?c[2]:""),d.setAttribute("g:imgtitle",c))}};	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
Search provider: %s	iexplore.exe
var L_ACR_Title_TEXT = "We were unable to return you to %s.";	iexplore.exe
Export the feeds to %s	iexplore.exe
Compatibility View(%s is now running in Compatibility View.	iexplore.exe
%SystemRoot%\system32\SHELL32.dll	iexplore.exe
%s%03d.tmp	iexplore.exe
%s bytes	iexplore.exe
?Are you sure you want to import '%ls' to your Favorites folder?8Are you sure you want to export your Favorites to '%ls'?aFavorites cannot be imported because modification of favorites on this machine has been disabled.HThe Import/Export Wizard has been disabled by your system administrator.@Select Folder to Import Bookmarks	iexplore.exe
K%f"Vl	iexplore.exe
%s%s&rep=%s	iexplore.exe
Expected '@end'%Conditional compilation is turned off	iexplore.exe
%s&stat=online	explorer.exe
%1!s!, %2!s!%Do you want to run or save this file?	iexplore.exe
%sTitle: %s	iexplore.exe
%d.%d.%d	iexplore.exe
CPenIMX(sketch)::ActivateUI(...); GetTipWantsToBeVisible()=%s _GetOnOff=%s this->bCanGetIC()=%s.	iexplore.exe
%d%% complete.CThe webpage could not be saved because one of its files is missing.	iexplore.exe
%SHIMENG.DLL	iexplore.exe
fz0z%D6	B6232F3AC2C.exe.dr
KLOG: Download OnStopBinding called (hrStatus = %lx / hrResponseHdr = %lx).	iexplore.exe
Open in new tab (Ctrl+Enter)%Open '%s' in a tab group (Ctrl+Enter)	iexplore.exe
%SystemRoot%\System32\winrnr.dll	iexplore.exe
%SystemRoot%\system32\mswsock.dll	iexplore.exe
WISP - %s	iexplore.exe
VWRN: File %s was installed, but will require a reboot for the install to take effect.	iexplore.exe
ALOG: Setup successful installing: %s to %s destination code(%lx)	iexplore.exe
This is the new setting suggested by %s	iexplore.exe
http://www.%s.com Launch Internet Explorer Browser Launch Internet Explorer Browser	iexplore.exe
Start downloading component %s	iexplore.exe
%d,%d,%d,%d	iexplore.exe
%systemroot%\Registration	iexplore.exe
Drive %c cannot be accessed.	iexplore.exe
%s File	iexplore.exe
;ERR: Error installing Java Package. Error Code (hr) = %lx.	iexplore.exe
guid=%s&ver=%u&ie=%s&os=%u.%u.%u&ut=%s&ccrc=%08X&md5=%s&plg=%s&plgstat=%s&wake=%u	explorer.exe
OWRN: OBJECT tags for CLASSID=%lx... have mixed usage with CODEBASE=%ws and %ws	iexplore.exe
Open all items (%u new)	iexplore.exe
P%S%V%Y%\%	iexplore.exe
HTTP/%d.%d	iexplore.exe
+Go to "%s" (Alt+Enter to open in a new tab)	iexplore.exe
re = /%s/g;	iexplore.exe
Filter by %s:jAre you sure you want to delete this feed item?	iexplore.exe
(s) (AC:3C) [09:36:44:546]: Executing op: FeaturePublish(Feature=FT_VC_Redist_MFC_x86,Parent=VC_Redist_12222_x86_enu,Absent=2,Component=-EnVx*}4B8{{l=gZ@m1kI@yCj'brE4q0LDoYL~fX^+NYK4w?(7+e=i(MTt%-g[m0%C!}L5O6hxDf?@'NMrNuGte}T4$fobOP4@MM~NpMp$[Dm4HGyYz=3~&x)	msiexec.exe
SOFTWARE\Microsoft\CTF\TIP\%s\LanguageProfile\0x%08X\%s	iexplore.exe
Open '%s' in a background tab	iexplore.exe
%%%FFFFFFFiiiiii	iexplore.exe
%%%FFFF	iexplore.exe

URLs
String value	Source
http://%s.com	iexplore.exe
http://ads1.msn.com/library/dap.js	explorer.exe
http://ajax.aspnetcdn.com/ajax/jquery/jquery-1.5.1.min.js	explorer.exe
http://amazon.fr/	iexplore.exe
http://answers.microsoft.com/en-us?wt.mc_id=mscom_en_us_hp_supporthome_131z4enus21969	explorer.exe
http://api.bing.com/qsml.aspx?query=	iexplore.exe
http://api.search.live.com/qsml.aspx?query=	iexplore.exe
http://ariadna.elmundo.es/	iexplore.exe
http://ariadna.elmundo.es/favicon.ico	iexplore.exe
http://arianna.libero.it/	iexplore.exe
http://arianna.libero.it/favicon.ico	iexplore.exe
http://asp.usatoday.com/	iexplore.exe
http://asp.usatoday.com/favicon.ico	iexplore.exe
http://auone.jp/favicon.ico	iexplore.exe
http://auto.search.msn.com/response.asp?mt=	iexplore.exe
http://books.google.fr/bkshp?hl=fr&tab=wp	iexplore.exe, google_fr[1].txt.dr
http://br.search.yahoo.com/	iexplore.exe
http://browse.guardian.co.uk/	iexplore.exe
http://browse.guardian.co.uk/favicon.ico	iexplore.exe
http://busca.buscape.com.br/	iexplore.exe
http://busca.buscape.com.br/favicon.ico	iexplore.exe
http://busca.estadao.com.br/favicon.ico	iexplore.exe
http://busca.igbusca.com.br/	iexplore.exe
http://busca.igbusca.com.br//app/static/images/favicon.ico	iexplore.exe
http://busca.orange.es/	iexplore.exe
http://busca.uol.com.br/	iexplore.exe
http://busca.uol.com.br/favicon.ico	iexplore.exe
http://buscador.lycos.es/	iexplore.exe
http://buscador.terra.com.br/	iexplore.exe
http://buscador.terra.com/	iexplore.exe
http://buscador.terra.com/favicon.ico	iexplore.exe
http://buscador.terra.es/	iexplore.exe
http://buscar.ozu.es/	iexplore.exe
http://buscar.ya.com/	iexplore.exe
http://busqueda.aol.com.mx/	iexplore.exe
http://c.microsoft.com/trans_pixel.aspx	explorer.exe
http://ca.sia.it/seccli/repository/crl.der0j	iexplore.exe
http://ca.sia.it/secsrv/repository/crl.der0j	iexplore.exe
http://cerca.lycos.it/	iexplore.exe
http://cgi.search.biglobe.ne.jp/	iexplore.exe
http://cgi.search.biglobe.ne.jp/favicon.ico	iexplore.exe
http://clients5.google.com/complete/search?hl=	iexplore.exe
http://clk.atdmt.com/mrt/go/403600292/direct/01/	explorer.exe
http://clk.atdmt.com/mrt/go/403930520/direct/01/	explorer.exe
http://clk.atdmt.com/mrt/go/403952099/direct/01/	explorer.exe
http://clk.atdmt.com/mrt/go/404082205/direct/01/	explorer.exe
http://cnet.search.com/	iexplore.exe
http://cnweb.search.live.com/	iexplore.exe
http://cnweb.search.live.com/favicon.ico	iexplore.exe
http://corp.naukri.com/	iexplore.exe
http://corp.naukri.com/favicon.ico	iexplore.exe
http://crl.comodo.net/utn-userfirst-hardware.crl0q	iexplore.exe
http://crl.comodoca.com/utn-userfirst-hardware.crl06	iexplore.exe
http://crl.quovadisglobal.com/qvrca2.crl0	iexplore.exe
http://crl.usertrust.com/utn-datacorpsgc.crl0	iexplore.exe
http://crl.usertrust.com/utn-userfirst-clientauthenticationandemail.crl0	iexplore.exe
http://crl.usertrust.com/utn-userfirst-hardware.crl01	iexplore.exe
http://crl.usertrust.com/utn-userfirst-networkapplications.crl0	iexplore.exe
http://crl.usertrust.com/utn-userfirst-object.crl0)	iexplore.exe
http://crl.verisign.com/pca1.1.1.crl0g	iexplore.exe
http://crl.verisign.com/pca2.1.1.crl0g	iexplore.exe
http://crl.verisign.com/pca3.crl	iexplore.exe, 60E31627FDA0A46932B0E5948949F2A5.dr
http://crl.verisign.com/pca3.crl0)	iexplore.exe
http://crl.verisign.com/thawtetimestampingca.crl0	iexplore.exe
http://crl.verisign.com/tss-ca.crl0	iexplore.exe
http://crt.comodoca.com/utnaddtrustserverca.crt0$	iexplore.exe
http://cs.wikipedia.org/	iexplore.exe
http://cs.wikipedia.org/favicon.ico	iexplore.exe
http://cs.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://csc3-2009-2-aia.verisign.com/csc3-2009-2.cer0	iexplore.exe
http://csc3-2009-2-crl.verisign.com/csc3-2009-2.crl	iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F4.dr
http://csc3-2009-2-crl.verisign.com/csc3-2009-2.crl0d	iexplore.exe
http://de.search.yahoo.com/	iexplore.exe
http://de.wikipedia.org/	iexplore.exe
http://de.wikipedia.org/favicon.ico	iexplore.exe
http://de.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://download.macromedia.com/pub/shockwave/cabs/flash/	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
http://eeopqogagjqoqq.ru/vvvvvv.php	explorer.exe
http://eeopqogagjqoqq.ru/vvvvvv.php;300	explorer.exe
http://eewtoopqq.ru/wwww.php	explorer.exe
http://eewtoopqq.ru/wwww.php;300	explorer.exe
http://en.wikipedia.org/	iexplore.exe
http://en.wikipedia.org/favicon.ico	iexplore.exe
http://en.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://es.ask.com/	iexplore.exe
http://es.search.yahoo.com/	iexplore.exe
http://es.wikipedia.org/	iexplore.exe
http://es.wikipedia.org/favicon.ico	iexplore.exe
http://es.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://esearch.rakuten.co.jp/	iexplore.exe
http://espanol.search.yahoo.com/	iexplore.exe
http://espn.go.com/favicon.ico	iexplore.exe
http://find.joins.com/	iexplore.exe
http://fr.search.yahoo.com/	iexplore.exe
http://fr.wikipedia.org/	iexplore.exe
http://fr.wikipedia.org/favicon.ico	iexplore.exe
http://fr.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://go.microsoft.com/?linkid=2	explorer.exe
http://go.microsoft.com/?linkid=2028325	explorer.exe
http://go.microsoft.com/?linkid=4412892	explorer.exe
http://go.microsoft.com/favicon.ico	iexplore.exe
http://go.microsoft.com/fwlink/?l	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=105563	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=120347-http://go.microsoft.com/fwlink/?linkid=1203463read	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=120476	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=121315	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=121792	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=122812hthe	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=124983	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=12658	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=12939	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=134080)search	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=140502	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=50462	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=50893)lear&n	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54537&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54729&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54758	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54796&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54896&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55027&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55028&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55107&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55242&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55245&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=56297&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=57427&protocol=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=58472&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=58473&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=58658	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=66725	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=68928	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=68929	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=69157	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=74005finternet	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=76277	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=81184	explorer.exe
http://go.microsoft.com/fwlink/?linkid=99193	iexplore.exe
http://go.microsoft.com/fwlink/p/?linkid=139753	explorer.exe
http://go.microsoft.com/fwlink/p/?linkid=139754	explorer.exe
http://google.pchome.com.tw/	iexplore.exe
http://hhotelst555.ru/apache.php	explorer.exe
http://hhotelst555.ru/apache.php;300	explorer.exe
http://home.altervista.org/	iexplore.exe
http://home.altervista.org/favicon.ico	iexplore.exe
http://i.microsoft.com/en-us/homepage/bimapping.js?gv=bimapping&k=/en-us/homepage/components/bimappingen-us.xml&v=-2004919139	explorer.exe
http://i.microsoft.com/en-us/homepage/script.jsx?k=~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.dataretrievers.attr.js;~/shared/templat	explorer.exe
http://i.microsoft.com/en-us/homepage/script.jsx?k=~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.dataretrievers.attr.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.dataretrievers.structure.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.queue.js;~/shared/templates/components/mscomviews/controls/scripts/wedcs.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.dataconsumers.wedcs.js;~/shared/templates/components/mscomviews/controls/scripts/webtrends_16.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.dataconsumers.webtrends.js;~/shared/templates/components/mscomviews/controls/scripts/jquery.bi.dataconsumers.saas.js&v=1112179869	explorer.exe
http://i.microsoft.com/en-us/homepage/script.jsx?k=~/shared/templates/components/mscomviews/controls/scripts/mscomhelper.js;~/shared/templates/components/mscomviews/controls/scripts/mscommenu.js;~/shared/templates/components/mscomviews/search/search.js;~/shared/templates/components/mscomviews/geo/geocookie.js;~/shared/templates/components/mscomviews/localepicker/localepicker.js&v=-309888484	explorer.exe
http://i.microsoft.com/en-us/homepage/script.jsx?k=~/shared/templates/components/mscomviews/vpivot/vpivot.js;~/shared/templates/components/mscomviews/grid/grid.js;~/shared/templates/components/mscomviews/hero/hero.js&v=743108056	explorer.exe
http://i.microsoft.com/en-us/homepage/shared/templates/components/hpsearch/images/searchsprite.ltr.gif	explorer.exe
http://i.microsoft.com/en-us/homepage/style.cssx?k=~/shared/templates/components/mscomviews/vpivot/vpivot-css.aspx;~/shared/templates/components/mscomviews/grid/grid-css.aspx;~/shared/templates/components/mscomviews/hero/hero-css.aspx;~/shared/templates/components/mscomviews/list/list-css.aspx;~/shared/templates/components/mscomviews/controls/featureitem/featureitem-css.aspx&sc=/en-us/homepage/site.config&pc=&v=-820925690	explorer.exe
http://i.microsoft.com/en-us/homepage/style.cssx?k=~/shared/templates/master/hpmaster/master-css.aspx;~/shared/templates/components/mscomviews/header/header-css.aspx;~/shared/templates/components/mscomviews/products/products-css.aspx;~/shared/templates/components/mscomviews/producttiles/producttiles-css.aspx;~/shared/templates/components/mscomviews/productlist/productlist-css.aspx;~/shared/templates/components/mscomviews/search/search-css.aspx;~/shared/templates/components/mscomviews/localepicker/localepicker-css.aspx;~/shared/templates/components/mscomviews/menu/menu-css.aspx;~/shared/templates/components/mscomviews/footer/footer-css.aspx&sc=/en-us/homepage/site.config&pc=&v=-2141141143	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/header/ielogo.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/header/officelogo.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/header/phonelogo.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/header/windowslogo.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/header/xboxlogo.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprite.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/16/bg_fade.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/16/bg_skirtsolid.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/microsoft.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/microsoft_header.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/welcome_microsoft.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/wh	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/sprites/white_vpivot.png	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/footer/footer-bing.jpg	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/footer/footer-office.jpg	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/footer/footer-store.jpg	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/footer/footer-windows-phone.jpg	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/footer/footer-windows.jpg	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/footer/footer-xbox.jpg	explorer.exe
http://i.microsoft.com/global/en-us/homepage/publishingimages/v2/hrule.jpg	explorer.exe
http://i.microsoft.com/global/en-us/news/publishingimages/homepage/highlights/event_kinectacc_hl.jpg	explorer.exe
http://i.microsoft.com/global/en-us/news/publishingimages/homepage/highlights/prod_global365_hl.jpg	explorer.exe
http://i.microsoft.com/global/en-us/news/publishingimages/homepage/highlights/theme_localimpact_hl.jpg	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/features/bingsocial_0702_260x130_en-us.png	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/features/fixit_0702_260x130_en-us.png	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/features/officetrial_0702_260x130_en-us.png	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/features/windowsphone_0702_800x470_en-us.jpg	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/footer/about.jpg	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/footer/footer_skype.jpg	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/footer/support.jpg	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/thumbnails/icon_answers_40x40.png	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/thumbnails/icon_mssecurityessentials_40x40.png	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/thumbnails/icon_msupdates_40x40.png	explorer.exe
http://i.microsoft.com/global/imagestore/publishingimages/asset/thumbnails/icon_winservicepackcenter_40x40.png	explorer.exe
http://i3.microsoft.com/library/svy/broker.js	explorer.exe
http://ie.search.yahoo.com/os?command=	iexplore.exe
http://ie8.ebay.com/open-search/output-xml.php?q=	iexplore.exe
http://image.excite.co.jp/jp/favicon/lep.ico	iexplore.exe
http://images.joins.com/ui_c/fvc_joins.ico	iexplore.exe
http://images.monster.com/favicon.ico	iexplore.exe
http://img.atlas.cz/favicon.ico	iexplore.exe
http://img.shopzilla.com/shopzilla/shopzilla.ico	iexplore.exe
http://in.search.yahoo.com/	iexplore.exe
http://it.search.dada.net/	iexplore.exe
http://it.search.dada.net/favicon.ico	iexplore.exe
http://it.search.yahoo.com/	iexplore.exe
http://it.wikipedia.org/	iexplore.exe
http://it.wikipedia.org/favicon.ico	iexplore.exe
http://it.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://ja.wikipedia.org/	iexplore.exe
http://ja.wikipedia.org/favicon.ico	iexplore.exe
http://ja.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://jobsearch.monster.com/	iexplore.exe
http://kr.search.yahoo.com/	iexplore.exe
http://list.taobao.com/	iexplore.exe
http://list.taobao.com/browse/search_visual.htm?n=15&q=	iexplore.exe
http://livesearch.msn.co.kr/	iexplore.exe
http://logo.verisign.com/vslogo.gif0	iexplore.exe
http://mail.live.com/	iexplore.exe
http://mail.live.com/?rru=compose%3fsubject%3d	iexplore.exe
http://maps.google.fr/maps?hl=fr&tab=wl	iexplore.exe, google_fr[1].txt.dr
http://maps.live.com/	iexplore.exe
http://maps.live.com/default.aspx	iexplore.exe
http://maps.live.com/geotager.aspx	iexplore.exe
http://msdn.microsoft.com/	iexplore.exe
http://msdn.microsoft.com/en-us/default.aspx	explorer.exe
http://msdn.microsoft.com/en-us/evalcenter/default.aspx	explorer.exe
http://msdn.microsoft.com/en-us/hh361695	explorer.exe
http://msdn.microsoft.com/workshop/security/privacy/overview/privacyimportxml.asp)	iexplore.exe
http://msdn.microsoft.com/workshop/security/szone/overview/templates.asp)	iexplore.exe
http://msk.afisha.ru/	iexplore.exe
http://news.google.fr/nwshp?hl=fr&tab=wn	iexplore.exe, google_fr[1].txt.dr
http://nl.wikipedia.org/	iexplore.exe
http://nl.wikipedia.org/favicon.ico	iexplore.exe
http://nl.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://ns.adobe.com/exif/1.0/	iexplore.exe
http://ns.adobe.com/ix/1.0/	iexplore.exe
http://ns.adobe.com/pdf/1.3/	iexplore.exe
http://ns.adobe.com/photoshop/1.0/	iexplore.exe
http://ns.adobe.com/tiff/1.0/	iexplore.exe
http://ns.adobe.com/xap/1.0/	iexplore.exe
http://ns.adobe.com/xap/1.0/mm/	iexplore.exe
http://ocnsearch.goo.ne.jp/	iexplore.exe
http://office.microsoft.com/en-us/	explorer.exe
http://office.microsoft.com/en-us/downloads	explorer.exe
http://office.microsoft.com/en-us/downloads?wt.mc_id=mscom_en_us_hp_supporthome_131o4enus22344	explorer.exe
http://office.microsoft.com/en-us/images/	explorer.exe
http://office.microsoft.com/en-us/images/images-clip-art-photos-sounds-animations-fx101741979.aspx?ctt=97&wt.mc_id=mscom_en_us_hp_supporthome_131o4enus21996	explorer.exe
http://office.microsoft.com/en-us/products/	explorer.exe
http://office.microsoft.com/en-us/support	explorer.exe
http://office.microsoft.com/en-us/support/?wt.mc_id=mscom_en_us_hp_supporthome_131o4enus21971	explorer.exe
http://office.microsoft.com/en-us/templates/	explorer.exe
http://office.microsoft.com/en-us/templates/?wt.mc_id=mscom_en_us_hp_supporthome_131o4enus21983	explorer.exe
http://office.microsoft.com/en-us/try	explorer.exe
http://openimage.interpark.com/interpark.ico	iexplore.exe
http://p.zhongsou.com/	iexplore.exe
http://p.zhongsou.com/favicon.ico	iexplore.exe
http://p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com/	iexplore.exe
http://p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com/intl/en_all/ipv6/images/6.gif	iexplore.exe
http://p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com/	iexplore.exe
http://p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com/intl/en_all/ipv6/images/6.gif	iexplore.exe
http://picasaweb.google.fr/home?hl=fr&tab=wq	iexplore.exe, google_fr[1].txt.dr
http://pinpoint.microsoft.com/en-us/default.aspx?wt.mc_id=mscom_hp_us_bl_pinpoint	explorer.exe
http://pinpoint.microsoft.com/en-us/home?wt.mc_id=mscom_hp_us_nav_pc_solutions	explorer.exe
http://pl.wikipedia.org/	iexplore.exe
http://pl.wikipedia.org/favicon.ico	iexplore.exe
http://pl.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://price.ru/	iexplore.exe
http://price.ru/favicon.ico	iexplore.exe
http://pt.wikipedia.org/	iexplore.exe
http://pt.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://purl.org/dc/elements/1.1/	iexplore.exe
http://purl.org/rss/1.0/modules/content/	iexplore.exe
http://purl.org/rss/1.0/modules/slash/	iexplore.exe
http://recherche.linternaute.com/	iexplore.exe
http://recherche.tf1.fr/	iexplore.exe
http://recherche.tf1.fr/favicon.ico	iexplore.exe
http://rover.ebay.com	iexplore.exe
http://ru.search.yahoo.com	iexplore.exe
http://ru.wikipedia.org/	iexplore.exe
http://ru.wikipedia.org/favicon.ico	iexplore.exe
http://ru.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://sads.myspace.com/	iexplore.exe
http://schema.org/webpage	iexplore.exe, google_fr[1].txt.dr
http://schemas.microsoft.com/office/2004/12/omml	iexplore.exe
http://search-dyn.tiscali.it/	iexplore.exe
http://search.about.com/	iexplore.exe
http://search.alice.it/	iexplore.exe
http://search.alice.it/favicon.ico	iexplore.exe
http://search.aol.com/	iexplore.exe
http://search.aol.in/	iexplore.exe
http://search.atlas.cz/	iexplore.exe
http://search.auction.co.kr/	iexplore.exe
http://search.auone.jp/	iexplore.exe
http://search.books.com.tw/	iexplore.exe
http://search.books.com.tw/favicon.ico	iexplore.exe
http://search.centrum.cz/	iexplore.exe
http://search.centrum.cz/favicon.ico	iexplore.exe
http://search.chol.com/	iexplore.exe
http://search.chol.com/favicon.ico	iexplore.exe
http://search.cn.yahoo.com/	iexplore.exe
http://search.daum.net/	iexplore.exe
http://search.daum.net/favicon.ico	iexplore.exe
http://search.dreamwiz.com/	iexplore.exe
http://search.dreamwiz.com/favicon.ico	iexplore.exe
http://search.ebay.co.uk/	iexplore.exe
http://search.ebay.com/	iexplore.exe
http://search.ebay.com/favicon.ico	iexplore.exe
http://search.ebay.de/	iexplore.exe
http://search.ebay.es/	iexplore.exe
http://search.ebay.fr/	iexplore.exe
http://search.ebay.in/	iexplore.exe
http://search.ebay.it/	iexplore.exe
http://search.empas.com/	iexplore.exe
http://search.empas.com/favicon.ico	iexplore.exe
http://search.espn.go.com/	iexplore.exe
http://search.gamer.com.tw/	iexplore.exe
http://search.gamer.com.tw/favicon.ico	iexplore.exe
http://search.gismeteo.ru/	iexplore.exe
http://search.goo.ne.jp/	iexplore.exe
http://search.goo.ne.jp/favicon.ico	iexplore.exe
http://search.hanafos.com/	iexplore.exe
http://search.hanafos.com/favicon.ico	iexplore.exe
http://search.interpark.com/	iexplore.exe
http://search.ipop.co.kr/	iexplore.exe
http://search.ipop.co.kr/favicon.ico	iexplore.exe
http://search.live.com/results.aspx?form=iefm1&q=	iexplore.exe
http://search.live.com/results.aspx?form=so2tdf&q=	iexplore.exe
http://search.live.com/results.aspx?form=soltdf&q=	iexplore.exe
http://search.live.com/results.aspx?q=	iexplore.exe
http://search.live.com/results.aspx?q=search&form=hpdtdf	iexplore.exe
http://search.live.com/results.aspx?q=search&form=hpntdf	iexplore.exe
http://search.livedoor.com/	iexplore.exe
http://search.livedoor.com/favicon.ico	iexplore.exe
http://search.lycos.co.uk/	iexplore.exe
http://search.lycos.com/	iexplore.exe
http://search.lycos.com/favicon.ico	iexplore.exe
http://search.microsoft.com/	iexplore.exe
http://search.microsoft.com/results.aspx?form=mshome&mkt=	explorer.exe
http://search.microsoft.com/shared/templates/master/smcpage/autosuggesthandler.ashx?q=	explorer.exe
http://search.msn.co.jp/results.aspx?q=	iexplore.exe
http://search.msn.co.uk/results.aspx?q=	iexplore.exe
http://search.msn.com.cn/results.aspx?q=	iexplore.exe
http://search.msn.com/results.aspx?q=	iexplore.exe
http://search.nate.com/	iexplore.exe
http://search.naver.com/	iexplore.exe
http://search.naver.com/favicon.ico	iexplore.exe
http://search.nifty.com/	iexplore.exe
http://search.orange.co.uk/	iexplore.exe
http://search.orange.co.uk/favicon.ico	iexplore.exe
http://search.rediff.com/	iexplore.exe
http://search.rediff.com/favicon.ico	iexplore.exe
http://search.seznam.cz/	iexplore.exe
http://search.seznam.cz/favicon.ico	iexplore.exe
http://search.sify.com/	iexplore.exe
http://search.yahoo.co.jp	iexplore.exe
http://search.yahoo.co.jp/favicon.ico	iexplore.exe
http://search.yahoo.com/	iexplore.exe
http://search.yahoo.com/favicon.ico	iexplore.exe
http://search.yam.com/	iexplore.exe
http://search1.taobao.com/	iexplore.exe
http://search2.estadao.com.br/	iexplore.exe
http://searchresults.news.com.au/	iexplore.exe
http://service2.bfast.com/	iexplore.exe
http://si.wikipedia.org/	iexplore.exe
http://si.wikipedia.org/favicon.ico	iexplore.exe
http://si.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://sitesearch.timesonline.co.uk/	iexplore.exe
http://so-net.search.goo.ne.jp/	iexplore.exe
http://spaces.live.com/	iexplore.exe
http://spaces.live.com/blogit.aspx	iexplore.exe
http://ssl.gstatic.com/	iexplore.exe
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png	iexplore.exe
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png...	iexplore.exe
http://ssl.gstatic.com/gb/js/sem_feed2a2e2d54cd5f40fb4b5f5244fff2.js	iexplore.exe
http://store.microsoft.com/;icon-uri=http://img3.store.microsoft.com/prod/clusterb/v2/framework/pages/global/msstore_icon.ico	explorer.exe
http://suche.aol.de/	iexplore.exe
http://suche.freenet.de/	iexplore.exe
http://suche.freenet.de/favicon.ico	iexplore.exe
http://suche.lycos.de/	iexplore.exe
http://suche.t-online.de/	iexplore.exe
http://suche.web.de/	iexplore.exe
http://suche.web.de/favicon.ico	iexplore.exe
http://support.microsoft.com	iexplore.exe
http://support.microsoft.com/	explorer.exe
http://support.microsoft.com/;icon-uri=http://www.microsoft.com/favicon.ico	explorer.exe
http://support.microsoft.com/?ln=en-us&x=16&y=12	explorer.exe
http://support.microsoft.com/?wt.mc_id=mscom_en_us_hp_supporthome_131z4enus21977	explorer.exe
http://support.microsoft.com/fixit/;icon-uri=http://www.microsoft.com/favicon.ico	explorer.exe
http://support.microsoft.com/fixit?wt.mc_id=mscom_en_us_hp_hlhome_131z4enus22012	explorer.exe
http://support.microsoft.com/search	explorer.exe
http://support.xbox.com/en-us/home?wt.mc_id=mscom_en_us_hp_supporthome_131x4enus21975	explorer.exe
http://technet.microsoft.com/en-us/default.aspx	explorer.exe
http://technet.microsoft.com/en-us/evalcenter	explorer.exe
http://technet.microsoft.com/en-us/ms772425	explorer.exe
http://translate.google.fr/?hl=fr&tab=wt	iexplore.exe, google_fr[1].txt.dr
http://translator.live.com/?ref=ie8activity	iexplore.exe
http://translator.live.com/bv.aspx?ref=ie8activity&a=	iexplore.exe
http://translator.live.com/bvprev.aspx?ref=ie8activity	iexplore.exe
http://translator.live.com/default.aspx?ref=ie8activity	iexplore.exe
http://translator.live.com/defaultprev.aspx?ref=ie8activity	iexplore.exe
http://treyresearch.net	iexplore.exe
http://tw.search.yahoo.com/	iexplore.exe
http://udn.com/	iexplore.exe
http://udn.com/favicon.ico	iexplore.exe
http://uk.ask.com/	iexplore.exe
http://uk.ask.com/favicon.ico	iexplore.exe
http://uk.search.yahoo.com/	iexplore.exe
http://update.microsoft.com/microsoftupdate?wt.mc_id=mscom_en_us_hp_securityhome_131z4enus21978	explorer.exe
http://vachercher.lycos.fr/	iexplore.exe
http://video.globo.com/	iexplore.exe
http://video.globo.com/favicon.ico	iexplore.exe
http://video.google.fr/?hl=fr&tab=wv	iexplore.exe, google_fr[1].txt.dr
http://web.ask.com/	iexplore.exe
http://wellformedweb.org/commentapi/	iexplore.exe
http://windows.microsoft.com/en-us/hotmail/home	explorer.exe
http://windows.microsoft.com/en-us/internet-explorer/downloads/ie	explorer.exe
http://windows.microsoft.com/en-us/internet-explorer/help?wt.mc_id=mscom_en_us_hp_supporthome_131i4enus21974	explorer.exe
http://windows.microsoft.com/en-us/internet-explorer/products/ie/home	explorer.exe
http://windows.microsoft.com/en-us/skydrive/home	explorer.exe
http://windows.microsoft.com/en-us/windows-live/essentials-home	explorer.exe
http://windows.microsoft.com/en-us/windows/downloads	explorer.exe
http://windows.microsoft.com/en-us/windows/downloads/service-packs	explorer.exe
http://windows.microsoft.com/en-us/windows/downloads/service-packs?wt.mc_id=mscom_en_us_hp_securityhome_131w4enus21980	explorer.exe
http://windows.microsoft.com/en-us/windows/downloads?wt.mc_id=mscom_en_us_hp_supporthome_131w4enus22343	explorer.exe
http://windows.microsoft.com/en-us/windows/help	explorer.exe
http://windows.microsoft.com/en-us/windows/help?wt.mc_id=mscom_en_us_hp_supporthome_131w4enus21970	explorer.exe
http://windows.microsoft.com/en-us/windows/home	explorer.exe
http://windows.microsoft.com/en-us/windows/products	explorer.exe
http://windows.microsoft.com/en-us/windows/products/security-essentials	explorer.exe
http://windows.microsoft.com/en-us/windows/products/security-essentials?wt.mc_id=mscom_en_us_hp_securityhome_131z4enus21979	explorer.exe
http://windows.microsoft.com/en-us/windows/products/windows-xp	explorer.exe
http://windows.microsoft.com/en-us/windows7/products/home	explorer.exe
http://windowsupdate.microsoft.com	iexplore.exe
http://www.abril.com.br/	iexplore.exe
http://www.abril.com.br/favicon.ico	iexplore.exe
http://www.afisha.ru/app_themes/default/images/favicon.ico	iexplore.exe
http://www.alarabiya.net/	iexplore.exe
http://www.alarabiya.net/favicon.ico	iexplore.exe
http://www.amazon.co.jp/	iexplore.exe
http://www.amazon.co.uk/	iexplore.exe
http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=	iexplore.exe
http://www.amazon.com/favicon.ico	iexplore.exe
http://www.amazon.com/gp/search?ie=utf8&tag=ie8search-20&index=blended&linkcode=qs&camp=1789&creative=9325&keywords=	iexplore.exe
http://www.amazon.de/	iexplore.exe
http://www.aol.com/favicon.ico	iexplore.exe
http://www.arrakis.com/	iexplore.exe
http://www.arrakis.com/favicon.ico	iexplore.exe
http://www.asharqalawsat.com/	iexplore.exe
http://www.asharqalawsat.com/favicon.ico	iexplore.exe
http://www.ask.com/	iexplore.exe
http://www.asp.net/ajaxlibrary/cdn.ashx.--	explorer.exe
http://www.auction.co.kr/auction.ico	iexplore.exe
http://www.autoitscript.com/autoit3/	explorer.exe
http://www.baidu.com/	iexplore.exe
http://www.baidu.com/favicon.ico	iexplore.exe
http://www.bing.com/	explorer.exe
http://www.bing.com/;icon-uri=http://www.bing.com/fd/s/a/bing.ico	explorer.exe
http://www.bing.com/favicon.ico	iexplore.exe
http://www.bing.com/search?form=mshpls&q=	explorer.exe
http://www.bing.com/search?q=	iexplore.exe
http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-searchbox&form=ie8src	iexplore.exe
http://www.blogger.com/?tab=wj	iexplore.exe, google_fr[1].txt.dr
http://www.cdiscount.com/	iexplore.exe
http://www.cdiscount.com/favicon.ico	iexplore.exe
http://www.ceneo.pl/	iexplore.exe
http://www.ceneo.pl/favicon.ico	iexplore.exe
http://www.certplus.com/crl/class1.crl0	iexplore.exe
http://www.certplus.com/crl/class2.crl0	iexplore.exe
http://www.certplus.com/crl/class3.crl0	iexplore.exe
http://www.certplus.com/crl/class3p.crl0	iexplore.exe
http://www.certplus.com/crl/class3ts.crl0	iexplore.exe
http://www.chennaionline.com/ncommon/images/collogo.ico	iexplore.exe
http://www.cjmall.com/	iexplore.exe
http://www.cjmall.com/favicon.ico	iexplore.exe
http://www.clarin.com/favicon.ico	iexplore.exe
http://www.cnet.co.uk/	iexplore.exe
http://www.cnet.com/favicon.ico	iexplore.exe
http://www.dailymail.co.uk/	iexplore.exe
http://www.dailymail.co.uk/favicon.ico	iexplore.exe
http://www.digsigtrust.com/dst_trust_cps_v990701.html0	iexplore.exe
http://www.entrust.net/crl/net1.crl0	iexplore.exe
http://www.etmall.com.tw/	iexplore.exe
http://www.etmall.com.tw/favicon.ico	iexplore.exe
http://www.excite.co.jp/	iexplore.exe
http://www.expedia.com/	iexplore.exe
http://www.expedia.com/favicon.ico	iexplore.exe
http://www.facebook.com/	iexplore.exe
http://www.facebook.com/favicon.ico	iexplore.exe
http://www.gamesforwindows.com/en-us	explorer.exe
http://www.gismeteo.ru/favicon.ico	iexplore.exe
http://www.gmarket.co.kr/	iexplore.exe
http://www.gmarket.co.kr/favicon.ico	iexplore.exe
http://www.google.co.in/	iexplore.exe
http://www.google.co.jp/	iexplore.exe
http://www.google.co.uk/	iexplore.exe
http://www.google.com	iexplore.exe
http://www.google.com.br/	iexplore.exe
http://www.google.com.sa/	iexplore.exe
http://www.google.com.tw/	iexplore.exe
http://www.google.com/	iexplore.exe
http://www.google.com/favicon.ico	iexplore.exe
http://www.google.com/ncr	iexplore.exe, google_fr[1].txt.dr
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657	iexplore.exe
http://www.google.com/support/websearch/bin/answer.py?hl=	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
http://www.google.com/textinput	iexplore.exe
http://www.google.com/textinputassistant/tia.png	iexplore.exe
http://www.google.cz/	iexplore.exe
http://www.google.de/	iexplore.exe
http://www.google.es/	iexplore.exe
http://www.google.fr	iexplore.exe
http://www.google.fr/	{0DD04C9E-4667-11E1-97AA-08002763FBB4}.dat.dr
http://www.google.fr/%20-%20windows%20internet%20explorer	iexplore.exe
http://www.google.fr/&sig=0_y9ghr6l8ehidh5wp82jawajplts%3d&suggon=2	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/&sig=0_y9ghr6l8ehidh5wp82jawajplts%3d&suggon=2	iexplore.exe
http://www.google.fr/advanced_search?hl=fr	iexplore.exe
http://www.google.fr/chrome/index.html?hl=fr&brand=chng&utm_source=fr-hpp&utm_medium=hpp&utm_campaign=fr	iexplore.exe
http://www.google.fr/csi?v=3&s=webhp&action=&e=17259	iexplore.exe
http://www.google.fr/extern_chrome/b0659096785d29d3.js	iexplore.exe
http://www.google.fr/favicon.ico	iexplore.exe
http://www.google.fr/history/optout?hl=fr	iexplore.exe
http://www.google.fr/ig	iexplore.exe
http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg	iexplore.exe
http://www.google.fr/ig/	iexplore.exe
http://www.google.fr/images/icons/product/chrome-48.png	iexplore.exe
http://www.google.fr/images/mgyhp_sm.png	iexplore.exe
http://www.google.fr/images/nav_logo107.png	iexplore.exe
http://www.google.fr/images/srpr/logo3w.png	iexplore.exe
http://www.google.fr/images/swxa.gif	iexplore.exe
http://www.google.fr/imghp?hl=fr&tab=wi	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/in	iexplore.exe
http://www.google.fr/intl/fr/about.html	iexplore.exe
http://www.google.fr/intl/fr/ads/	iexplore.exe
http://www.google.fr/intl/fr/options	iexplore.exe
http://www.google.fr/intl/fr/options/	google_fr[1].txt.dr
http://www.google.fr/intl/fr/policies	iexplore.exe
http://www.google.fr/intl/fr/policies/	iexplore.exe
http://www.google.fr/language_tools?hl=fr	iexplore.exe
http://www.google.fr/mgyhp.html	iexplore.exe
http://www.google.fr/preferences?hl=fr	iexplore.exe
http://www.google.fr/reader/?hl=fr&tab=wy	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/search	iexplore.exe
http://www.google.fr/services/	iexplore.exe
http://www.google.fr/setprefs?prev=http://www.google.fr/&sig=0_y9ghr6l8ehidh5wp82jawajplts%3d&suggon=2	iexplore.exe
http://www.google.fr/shopping?hl=fr&tab=wf	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/support/we	iexplore.exe
http://www.google.fr/support/websearch/bin/answer.py?answer=186645&form=bb&hl=fr	iexplore.exe
http://www.google.fr/url?sa=p&pref=ig&pval=3&q=http://w	iexplore.exe
http://www.google.fr/url?sa=p&pref=ig&pval=3&q=http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg	iexplore.exe
http://www.google.fr/webhp	iexplore.exe
http://www.google.fr/webhp/	iexplore.exe
http://www.google.fr/webhp?hl=fr&tab=ww	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/xjs/_/js/s/s	iexplore.exe
http://www.google.it/	iexplore.exe
http://www.google.pl/	iexplore.exe
http://www.google.ru/	iexplore.exe
http://www.google.si/	iexplore.exe
http://www.iask.com/	iexplore.exe
http://www.iask.com/favicon.ico	iexplore.exe
http://www.iegallery.com/	explorer.exe
http://www.kkbox.com.tw/	iexplore.exe
http://www.kkbox.com.tw/favicon.ico	iexplore.exe
http://www.linternaute.com/favicon.ico	iexplore.exe
http://www.live.com/favicon.ico	iexplore.exe
http://www.maktoob.com/favicon.ico	iexplore.exe
http://www.mercadolibre.com.mx/	iexplore.exe
http://www.mercadolibre.com.mx/favicon.ico	iexplore.exe
http://www.mercadolivre.com.br/	iexplore.exe
http://www.mercadolivre.com.br/favicon.ico	iexplore.exe
http://www.merlin.com.pl/	iexplore.exe
http://www.merlin.com.pl/favicon.ico	iexplore.exe
http://www.microsoft.com	explorer.exe
http://www.microsoft.com/	explorer.exe
http://www.microsoft.com/about/en/us/default.aspx	explorer.exe
http://www.microsoft.com/ar/eg/	explorer.exe
http://www.microsoft.com/ar/gulf/	explorer.exe
http://www.microsoft.com/ar/iq/	explorer.exe
http://www.microsoft.com/ar/ly/	explorer.exe
http://www.microsoft.com/ar/sa/	explorer.exe
http://www.microsoft.com/ar/xm/	explorer.exe
http://www.microsoft.com/az-latn/az/	explorer.exe
http://www.microsoft.com/be-by/	explorer.exe
http://www.microsoft.com/bg-bg/	explorer.exe
http://www.microsoft.com/bs/ba/	explorer.exe
http://www.microsoft.com/business/en-us/?fbid=la48qib2qmo	explorer.exe
http://www.microsoft.com/careers	explorer.exe
http://www.microsoft.com/careers/	explorer.exe
http://www.microsoft.com/communities/forums/default.mspx	explorer.exe
http://www.microsoft.com/cs-cz/	explorer.exe
http://www.microsoft.com/da-dk/	explorer.exe
http://www.microsoft.com/de-at/	explorer.exe
http://www.microsoft.com/de-ch/	explorer.exe
http://www.microsoft.com/de-de/	explorer.exe
http://www.microsoft.com/download/en/default.aspx	explorer.exe
http://www.microsoft.com/el-gr/	explorer.exe
http://www.microsoft.com/en-au/	explorer.exe
http://www.microsoft.com/en-ca/	explorer.exe
http://www.microsoft.com/en-cy/	explorer.exe
http://www.microsoft.com/en-eg/	explorer.exe
http://www.microsoft.com/en-gb/	explorer.exe
http://www.microsoft.com/en-gulf/	explorer.exe
http://www.microsoft.com/en-hk/	explorer.exe
http://www.microsoft.com/en-id/	explorer.exe
http://www.microsoft.com/en-in/	explorer.exe
http://www.microsoft.com/en-jo/	explorer.exe
http://www.microsoft.com/en-lb/	explorer.exe
http://www.microsoft.com/en-mt/	explorer.exe
http://www.microsoft.com/en-my/	explorer.exe
http://www.microsoft.com/en-ng/	explorer.exe
http://www.microsoft.com/en-nz/	explorer.exe
http://www.microsoft.com/en-ph/	explorer.exe
http://www.microsoft.com/en-pk/	explorer.exe
http://www.microsoft.com/en-sa/	explorer.exe
http://www.microsoft.com/en-sg/	explorer.exe
http://www.microsoft.com/en-us/	explorer.exe
http://www.microsoft.com/en-us/cloud/default.aspx	explorer.exe
http://www.microsoft.com/en-us/download/?wt.mc_id=mscom_en_us_hp_supporthome_131z4enus21986	explorer.exe
http://www.microsoft.com/en-us/download/default.aspx?wt.mc_id=mscom_hp_us_nav_downloads	explorer.exe
http://www.microsoft.com/en-us/dynamics/default.aspx	explorer.exe
http://www.microsoft.com/en-us/news/	explorer.exe
http://www.microsoft.com/en-us/office365/online-software.aspx	explorer.exe
http://www.microsoft.com/en-us/server-cloud/windows-server/default.aspx	explorer.exe
http://www.microsoft.com/en-za/	explorer.exe
http://www.microsoft.com/en/bd/	explorer.exe
http://www.microsoft.com/en/bn/	explorer.exe
http://www.microsoft.com/en/esa/	explorer.exe
http://www.microsoft.com/en/ie/	explorer.exe
http://www.microsoft.com/en/lk/	explorer.exe
http://www.microsoft.com/en/us/sitemap.aspx	explorer.exe
http://www.microsoft.com/en/westindies/default.aspx	explorer.exe
http://www.microsoft.com/en/xf/	explorer.exe
http://www.microsoft.com/en/xm/	explorer.exe
http://www.microsoft.com/enterprise	explorer.exe
http://www.microsoft.com/enterprise/default.aspx	explorer.exe
http://www.microsoft.com/es-ar/	explorer.exe
http://www.microsoft.com/es-bo/	explorer.exe
http://www.microsoft.com/es-cl/	explorer.exe
http://www.microsoft.com/es-co/	explorer.exe
http://www.microsoft.com/es-cr/	explorer.exe
http://www.microsoft.com/es-do/	explorer.exe
http://www.microsoft.com/es-ec/	explorer.exe
http://www.microsoft.com/es-es/	explorer.exe
http://www.microsoft.com/es-gt/	explorer.exe
http://www.microsoft.com/es-hn/	explorer.exe
http://www.microsoft.com/es-mx/	explorer.exe
http://www.microsoft.com/es-ni/	explorer.exe
http://www.microsoft.com/es-pa/	explorer.exe
http://www.microsoft.com/es-pe/	explorer.exe
http://www.microsoft.com/es-pr/	explorer.exe
http://www.microsoft.com/es-py/	explorer.exe
http://www.microsoft.com/es-sv/	explorer.exe
http://www.microsoft.com/es-uy/	explorer.exe
http://www.microsoft.com/es-ve/	explorer.exe
http://www.microsoft.com/es/xl/	explorer.exe
http://www.microsoft.com/et-ee/	explorer.exe
http://www.microsoft.com/favicon.ico	iexplore.exe
http://www.microsoft.com/fi-fi/	explorer.exe
http://www.microsoft.com/fr-be/	explorer.exe
http://www.microsoft.com/fr-ca/	explorer.exe
http://www.microsoft.com/fr-ch/	explorer.exe
http://www.microsoft.com/fr-dz/	explorer.exe
http://www.microsoft.com/fr-fr/	explorer.exe
http://www.microsoft.com/fr-ma/	explorer.exe
http://www.microsoft.com/fr-tn/	explorer.exe
http://www.microsoft.com/fr/ioi//	explorer.exe
http://www.microsoft.com/fr/wca/	explorer.exe
http://www.microsoft.com/fr/xf/	explorer.exe
http://www.microsoft.com/hardware/en-us	explorer.exe
http://www.microsoft.com/he/il/	explorer.exe
http://www.microsoft.com/hr-hr/	explorer.exe
http://www.microsoft.com/hu-hu/	explorer.exe
http://www.microsoft.com/hy-am/	explorer.exe
http://www.microsoft.com/investor	explorer.exe
http://www.microsoft.com/is-is/	explorer.exe
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome	iexplore.exe
http://www.microsoft.com/it-it/	explorer.exe
http://www.microsoft.com/ja-jp/	explorer.exe
http://www.microsoft.com/ka-ge/	explorer.exe
http://www.microsoft.com/ko-kr/	explorer.exe
http://www.microsoft.com/learning/en/us/default.aspx	explorer.exe
http://www.microsoft.com/library/toolbar/3.0/trademarks/en-us.mspx	explorer.exe
http://www.microsoft.com/licensing/default.aspx	explorer.exe
http://www.microsoft.com/lt-lt/	explorer.exe
http://www.microsoft.com/lv-lv/	explorer.exe
http://www.microsoft.com/mk-mk/	explorer.exe
http://www.microsoft.com/nb-no/	explorer.exe
http://www.microsoft.com/nl-be/	explorer.exe
http://www.microsoft.com/nl-nl/	explorer.exe
http://www.microsoft.com/pl-pl/	explorer.exe
http://www.microsoft.com/pt-br/	explorer.exe
http://www.microsoft.com/pt-pt/	explorer.exe
http://www.microsoft.com/ro-md/	explorer.exe
http://www.microsoft.com/ro-ro/	explorer.exe
http://www.microsoft.com/ru-ru/	explorer.exe
http://www.microsoft.com/ru/kz/	explorer.exe
http://www.microsoft.com/schemas/rss/core/2005	iexplore.exe
http://www.microsoft.com/schemas/rss/core/2005/internal	iexplore.exe
http://www.microsoft.com/security/;icon-uri=http://www.microsoft.com/favicon.ico	explorer.exe
http://www.microsoft.com/security/default.aspx	explorer.exe
http://www.microsoft.com/security/pc-security/malware-removal.aspx	explorer.exe
http://www.microsoft.com/servers/en/us/default.aspx	explorer.exe
http://www.microsoft.com/servers/home.mspx	explorer.exe
http://www.microsoft.com/sk-sk/	explorer.exe
http://www.microsoft.com/sl-si/	explorer.exe
http://www.microsoft.com/sq-al/	explorer.exe
http://www.microsoft.com/sr-latn-me/	explorer.exe
http://www.microsoft.com/sr-latn-rs/	explorer.exe
http://www.microsoft.com/surface/en/us/default.aspx	explorer.exe
http://www.microsoft.com/sv-se/	explorer.exe
http://www.microsoft.com/th-th/	explorer.exe
http://www.microsoft.com/tr-tr/	explorer.exe
http://www.microsoft.com/uk-ua/	explorer.exe
http://www.microsoft.com/vi-vn/	explorer.exe
http://www.microsoft.com/visualstudio/en-us	explorer.exe
http://www.microsoft.com/windowsphone/en-us/default.aspx	explorer.exe
http://www.microsoft.com/windowsphone/en-us/howto/wp7/default.aspx?wt.mc_id=mscom_en_us_hp_supporthome_131p4enus21973	explorer.exe
http://www.microsoft.com/windowsxp/expertzone/	iexplore.exe
http://www.microsoft.com/zh-cn/	explorer.exe
http://www.microsoft.com/zh-hk/	explorer.exe
http://www.microsoft.com/zh-tw/	explorer.exe
http://www.microsoftbusinesshub.com/	explorer.exe
http://www.microsoftbusinesshub.com/products	explorer.exe
http://www.microsoftstore.com/	explorer.exe
http://www.microsoftstore.com/store/msstore/cat/categoryid.44066900	explorer.exe
http://www.microsoftstore.com/store/msstore/home?wt.mc_id=mscom_hp_us_nav_buyms	explorer.exe
http://www.msn.com/	explorer.exe
http://www.mtv.com/	iexplore.exe
http://www.mtv.com/favicon.ico	iexplore.exe
http://www.myspace.com/favicon.ico	iexplore.exe
http://www.najdi.si/	iexplore.exe
http://www.najdi.si/favicon.ico	iexplore.exe
http://www.nate.com/favicon.ico	iexplore.exe
http://www.neckermann.de/	iexplore.exe
http://www.neckermann.de/favicon.ico	iexplore.exe
http://www.news.com.au/favicon.ico	iexplore.exe
http://www.nifty.com/favicon.ico	iexplore.exe
http://www.ocn.ne.jp/favicon.ico	iexplore.exe
http://www.orange.fr/	iexplore.exe
http://www.otto.de/favicon.ico	iexplore.exe
http://www.ozon.ru/	iexplore.exe
http://www.ozon.ru/favicon.ico	iexplore.exe
http://www.ozu.es/favicon.ico	iexplore.exe
http://www.paginasamarillas.es/	iexplore.exe
http://www.paginasamarillas.es/favicon.ico	iexplore.exe
http://www.pchome.com.tw/favicon.ico	iexplore.exe
http://www.priceminister.com/	iexplore.exe
http://www.priceminister.com/favicon.ico	iexplore.exe
http://www.quovadisglobal.com/cps0	iexplore.exe
http://www.rakuten.co.jp/favicon.ico	iexplore.exe
http://www.rambler.ru/	iexplore.exe
http://www.rambler.ru/favicon.ico	iexplore.exe
http://www.recherche.aol.fr/	iexplore.exe
http://www.rtl.de/	iexplore.exe
http://www.rtl.de/favicon.ico	iexplore.exe
http://www.servicios.clarin.com/	iexplore.exe
http://www.shopzilla.com/	iexplore.exe
http://www.sify.com/favicon.ico	iexplore.exe
http://www.skype.com/	iexplore.exe
http://www.skype.com/go/download	iexplore.exe
http://www.skype.com/go/help.guides.ieaddon?lang=en	iexplore.exe
http://www.skype.com/intl/en-us/home/	explorer.exe
http://www.so-net.ne.jp/share/favicon.ico	iexplore.exe
http://www.sogou.com/	iexplore.exe
http://www.sogou.com/favicon.ico	iexplore.exe
http://www.soso.com/	iexplore.exe
http://www.soso.com/favicon.ico	iexplore.exe
http://www.t-online.de/favicon.ico	iexplore.exe
http://www.taobao.com/	iexplore.exe
http://www.taobao.com/favicon.ico	iexplore.exe
http://www.target.com/	iexplore.exe
http://www.target.com/favicon.ico	iexplore.exe
http://www.tchibo.de/	iexplore.exe
http://www.tchibo.de/favicon.ico	iexplore.exe
http://www.tesco.com/	iexplore.exe
http://www.tesco.com/favicon.ico	iexplore.exe
http://www.timesonline.co.uk/img/favicon.ico	iexplore.exe
http://www.tiscali.it/favicon.ico	iexplore.exe
http://www.trustcenter.de/guidelines0	iexplore.exe
http://www.univision.com/	iexplore.exe
http://www.univision.com/favicon.ico	iexplore.exe
http://www.update.microsoft.com/microsoftupdate	explorer.exe
http://www.update.microsoft.com/microsoftupdate/v6/vistadefault.aspx?ln=en-us	explorer.exe
http://www.valicert.com/1	iexplore.exe
http://www.w3.org/1999/02/22-rdf-syntax-ns#	iexplore.exe
http://www.w3.org/1999/xhtml	iexplore.exe
http://www.w3.org/1999/xsl/transform	iexplore.exe
http://www.w3.org/2005/atom	iexplore.exe
http://www.w3.org/tr/html4/loose.dtd	iexplore.exe
http://www.w3.org/tr/html4/strict.dtd	iexplore.exe
http://www.w3.org/tr/html401/strict.dtd	iexplore.exe
http://www.w3.org/tr/rec-html40/strict.dtd	iexplore.exe
http://www.w3.org/tr/wd-xsl	iexplore.exe
http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd	iexplore.exe
http://www.walmart.com/	iexplore.exe
http://www.walmart.com/favicon.ico	iexplore.exe
http://www.weather.com/	iexplore.exe
http://www.weather.com/favicon.ico	iexplore.exe
http://www.windowsazure.com/en-us/	explorer.exe
http://www.windowsphone.com/en-us/marketplace	explorer.exe
http://www.xbox.com/	explorer.exe
http://www.xbox.com/en-us/	explorer.exe
http://www.ya.com/favicon.ico	iexplore.exe
http://www.yam.com/favicon.ico	iexplore.exe
http://www.yandex.ru/	iexplore.exe
http://www.yandex.ru/favicon.ico	iexplore.exe
http://www.youtube.com/?tab=w1&gl=fr	iexplore.exe, google_fr[1].txt.dr
http://www.zune.net/en-us/	explorer.exe
http://www3.fnac.com/	iexplore.exe
http://www3.fnac.com/favicon.ico	iexplore.exe
http://xml-us.amznxslt.com/onca/xml?service=awsecommerceservice&version=2008-06-26&operation=itemsearch&awsaccesskeyid=15hrv3azsmpk0gxty102&associatetag=ie8suggestion-20&responsegroup=itemattributes	iexplore.exe
http://yellowpages.superpages.com/	iexplore.exe
http://z.about.com/m/a08.ico	iexplore.exe
https://accounts.google.com/login?hl=	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
https://accounts.google.com/servicelogin?hl=fr&cont	iexplore.exe
https://accounts.google.com/servicelogin?hl=fr&continue=http://www.google.fr/	iexplore.exe, google_fr[1].txt.dr
https://apis.google.com	iexplore.exe, google_fr[1].txt.dr
https://bankieren.rabobank.nl/klanten/static/javascript/productoverview.js	iexplore.exe
https://ca.sia.it/seccli/repository/cps0	iexplore.exe
https://ca.sia.it/secsrv/repository/cps0	iexplore.exe
https://docs.google.com/?tab=wo	iexplore.exe, google_fr[1].txt.dr
https://example.com	iexplore.exe
https://ib.nab.com.au/nabib/scripts/jquery.js	iexplore.exe
https://ieonline.microsoft.com/#ieslice	iexplore.exe
https://ieonline.microsoft.com/favicon.ico	iexplore.exe
https://ieonlinews.microsoft.com/	iexplore.exe
https://mail.google.com/mail/?tab=wm	iexplore.exe, google_fr[1].txt.dr
https://mijn.ing.nl/internetbankieren/jsp/indexlogon.jsp	iexplore.exe
https://mijn.ing.nl/internetbankieren/jsp/sesam_cockpit.jsp	iexplore.exe
https://nl.ibloxs.com/files/images/loading2.gif	iexplore.exe
https://partner.microsoft.com/u	explorer.exe
https://partner.microsoft.com/us/30000104	explorer.exe
https://play.google.com	iexplore.exe
https://play.google.com/?hl=fr&tab=w8	iexplore.exe, google_fr[1].txt.dr
https://plus.google.com/1069014	iexplore.exe
https://plus.google.com/106901486880272202822	iexplore.exe, google_fr[1].txt.dr
https://plus.google.com/?gpsrc=ogpy0&tab=wx	iexplore.exe, google_fr[1].txt.dr
https://plusone.google.com/u/0	iexplore.exe, google_fr[1].txt.dr
https://profile.microsoft.com/regsysprofilecenter/default.aspx?lcid=1033	explorer.exe
https://roomitstat.com/m/11/u/20/jsapi/	iexplore.exe
https://roomitstat.com/m/13/u/20/jsapi/	iexplore.exe
https://roomitstat.com/media/files/pixel.gif	iexplore.exe
https://roomitstat.com/src/ongyjmck/	iexplore.exe
https://roomitstat.com/src/qewaohwv/	iexplore.exe
https://roomitstat.com/src/tmbmpycf/	iexplore.exe
https://roomitstat.com/src/wsvixxmm/	iexplore.exe
https://roomitstat.com/src/zufwdzhr/	iexplore.exe
https://secure.comodo.com/cps0	iexplore.exe
https://serveseriono.com/abc-sec/scripts/abnam-ro/core.js	iexplore.exe
https://serveseriono.com/abc-sec/scripts/abnam-ro/jquery.js	iexplore.exe
https://www.abnamro.nl/	iexplore.exe
https://www.google.com/	iexplore.exe
https://www.google.com/calendar?tab=wc	iexplore.exe, google_fr[1].txt.dr
https://www.netlock.net/docs	iexplore.exe
https://www.snsbank.nl/mijnsns/homepage/	iexplore.exe
https://www.snsbank.nl/mijnsns/js_public/jquery-1.6.2.min.js	iexplore.exe
https://www.verisign.com/cps0	iexplore.exe
https://www.verisign.com/repository/cps	iexplore.exe
https://www.verisign.com/repository/verisignlogo.gif0d	iexplore.exe
https://www.verisign.com/rpa	iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F40.dr
https://www.verisign.com/rpa0	iexplore.exe
https://www.verisign.com;	iexplore.exe

Social media names
String value	Source
<li id="ctl00_ctl14_ItemsRepeater_ctl00_Level2Columns_ctl01_Level2Repeater_ctl00_Level2Li" class="Last"><h3 class="hpFeat_Wrap msMnu_Level2Cat noLink" bi:titleflag="item" bi:title="item">More products</h3><ul id="ctl00_ctl14_ItemsRepeater_ctl00_Level2Columns_ctl01_Level2Repeater_ctl00_Level3List" class="msMnu_Level3" bi:parenttitle="item" bi:index="0"><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="0" href="http://www.microsoft.com/surface/en/us/default.aspx">Surface</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="1" href="http://www.microsoft.com/windowsphone/en-us/default.aspx">Windows Phone</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="2" href="http://www.xbox.com/">Xbox</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="3" href="http://windows.microsoft.com/en-US/internet-explorer/products/ie/home">Internet Explorer</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="4" href="http://www.skype.com/intl/en-us/home/">Skype</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="5" href="http://www.bing.com/">Bing</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="6" href="http://windows.microsoft.com/en-US/skydrive/home">SkyDrive</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="7" href="http://windows.microsoft.com/en-US/hotmail/home">Hotmail</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="8" href="http://www.microsoft.com/hardware/en-us">PC hardware</a></li><li ><a class="hpFeat_Link msMnu_Level3_Lnk" bi:cpid="hpMenu" bi:index="9" href="http://www.zune.net/en-US/">Zune</a></li></ul></li> equals www.hotmail.com (Hotmail)	explorer.exe
<SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)	iexplore.exe
<FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)	iexplore.exe
<FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)	iexplore.exe
<FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)	iexplore.exe
<FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)	iexplore.exe
<FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)	iexplore.exe
<URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)	iexplore.exe
<URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)	iexplore.exe
<URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)	iexplore.exe
.ebuddy. equals www.ebuddy.com (eBuggy)	globpluginspipe.dr
.facebook. equals www.facebook.com (Facebook)	globpluginspipe.dr
.yahoo. equals www.yahoo.com (Yahoo)	iexplore.exe
/?hl=fr&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:36}); class=gbzt id=gb_36 href="http://www.youtube.com/?tab=w1&gl=FR"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:5}); class=gbzt id=gb_5 href="http://news.google.fr/nwshp?hl=fr&tab=wn"><span class=gbtb2></span><span class=gbts>Actualit equals www.youtube.com (Youtube)	iexplore.exe
Free Hotmail.url equals www.hotmail.com (Hotmail)	iexplore.exe
YUEvent = YAHOO.util.Event equals www.yahoo.com (Yahoo)	iexplore.exe
YouTube equals www.youtube.com (Youtube)	iexplore.exe
google.promos.mgmhp.initPulldown(rlz,logParams);});})();</script> </div><div id="mngb"><div id=gb><script>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbzw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a onclick=gbar.logger.il(1,{t:119}); class=gbzt id=gb_119 href="https://plus.google.com/?gpsrc=ogpy0&tab=wX"><span class=gbtb2></span><span class=gbts>+Vous</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:1}); class="gbzt gbz0l gbp1" id=gb_1 href="http://www.google.fr/webhp?hl=fr&tab=ww"><span class=gbtb2></span><span class=gbts>Recherche</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:2}); class=gbzt id=gb_2 href="http://www.google.fr/imghp?hl=fr&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:8}); class=gbzt id=gb_8 href="http://maps.google.fr/maps?hl=fr&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:78}); class=gbzt id=gb_78 href="https://play.google.com/?hl=fr&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:36}); class=gbzt id=gb_36 href="http://www.youtube.com/?tab=w1&gl=FR"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:5}); class=gbzt id=gb_5 href="http://news.google.fr/nwshp?hl=fr&tab=wn"><span class=gbtb2></span><span class=gbts>Actualit equals www.youtube.com (Youtube)	google_fr[1].txt.dr
http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube)	iexplore.exe
ing.myspace.co equals www.myspace.com (Myspace)	iexplore.exe
login.yahoo.com equals www.yahoo.com (Yahoo)	iexplore.exe
login.yahoo.com0 equals www.yahoo.com (Yahoo)	iexplore.exe
messaging.myspace.com equals www.myspace.com (Myspace)	iexplore.exe
profile.myspace.com/Modules/Applications/ equals www.myspace.com (Myspace)	iexplore.exe
trator@http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube)	iexplore.exe
www.login.yahoo.com0 equals www.yahoo.com (Yahoo)	iexplore.exe
www.youtube.com equals www.youtube.com (Youtube)	iexplore.exe
youtube equals www.youtube.com (Youtube)	iexplore.exe
youtube.com equals www.youtube.com (Youtube)	iexplore.exe

Bank names
String value	Source
"https://www.abnamro.nl/*" GP equals www.abnamro.com.pk (ABN AMRO Pakistan)	winlogon.exe
https://.standardchartered.com/js/global.js equals www.standardchartered.com (Standard Chartered Bank)	iexplore.exe
https://ingbank.nl/ equals www.ingbank.nl (ING Bank Netherlands)	iexplore.exe
https://www.abnamro.nl/* equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe
https://www.abnamro.nl/*/framekiller.js equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe
https://www.abnamro.nl/*/menu/scripts/IB_menu.js equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe
set_url "https://www.abnamro.nl/* equals www.abnamro.com.pk (ABN AMRO Pakistan)	msiexec.exe
set_url "https://www.abnamro.nl/*" GP equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe
set_url "https://www.abnamro.nl/*/framekiller.js equals www.abnamro.com.pk (ABN AMRO Pakistan)	winlogon.exe, svchost.exe, jqs.exe, msiexec.exe
set_url "https://www.abnamro.nl/*/framekiller.js" GP equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe
set_url "https://www.abnamro.nl/*/menu/scripts/IB_menu.js equals www.abnamro.com.pk (ABN AMRO Pakistan)	winlogon.exe, svchost.exe, jqs.exe, msiexec.exe
set_url "https://www.abnamro.nl/*/menu/scripts/IB_menu.js" GP equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe
set_url https://*.standardchartered.c equals www.standardchartered.com (Standard Chartered Bank)	svchost.exe
set_url https://.standardchartered.com/js/global.js GP equals www.standardchartered.com (Standard Chartered Bank)	iexplore.exe
set_url https://.standardchartered.com/js/global.js equals www.standardchartered.com (Standard Chartered Bank)	winlogon.exe, jqs.exe, msiexec.exe
set_url https://ingbank.nl/ GPLHF equals www.ingbank.nl (ING Bank Netherlands)	iexplore.exe
set_url https://ingbank.nl/ equals www.ingbank.nl (ING Bank Netherlands)	winlogon.exe, svchost.exe, jqs.exe, msiexec.exe
t_url "https://www.abnamro.nl/* equals www.abnamro.com.pk (ABN AMRO Pakistan)	iexplore.exe

Analysis Overview

Startup

system is xp

6f7e68ac83fb111653e2093c17d46b21.exe (PID: 1076 MD5: 6F7E68AC83FB111653E2093C17D46B21)

6f7e68ac83fb111653e2093c17d46b21.exe (PID: 2008 MD5: 6F7E68AC83FB111653E2093C17D46B21)

explorer.exe (PID: 1552 MD5: 12896823FB95BFB3DC9B46BCAEDC9923)

B6232F3AC2C.exe (PID: 188 MD5: 6F7E68AC83FB111653E2093C17D46B21)

B6232F3AC2C.exe (PID: 1424 MD5: 6F7E68AC83FB111653E2093C17D46B21)

winlogon.exe (PID: 576 MD5: ED0EF0A136DEC83DF69F04118870003E)

lsass.exe (PID: 676 MD5: BF2466B3E18E970D8A976FB95FC1CA85)

svchost.exe (PID: 836 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

iexplore.exe (PID: 2116 MD5: B60DDDD2D63CE41CB8C487FCFBB6419E)

iexplore.exe (PID: 2724 MD5: B60DDDD2D63CE41CB8C487FCFBB6419E)

svchost.exe (PID: 912 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

svchost.exe (PID: 996 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

svchost.exe (PID: 1052 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

svchost.exe (PID: 1092 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

spoolsv.exe (PID: 1412 MD5: 60784F891563FB1B767F70117FC2428F)

ctfmon.exe (PID: 1728 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3)

svchost.exe (PID: 340 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

jqs.exe (PID: 400 MD5: 5E06A9D23727DAF96FAA796F1135FDCD)

MDM.EXE (PID: 420 MD5: 11F714F85530A2BD134074DC30E99FCA)

alg.exe (PID: 1840 MD5: 8C515081584A38AA007909CD02020B3D)

wscntfy.exe (PID: 1924 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5)

svchost.exe (PID: 288 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

wmiprvse.exe (PID: 172 MD5: 798A9E6828997EEF4517ADA8A2259831)

dllhost.exe (PID: 1164 MD5: 0A9BA6AF531AFE7FA5E4FB973852D863)

msdtc.exe (PID: 376 MD5: A137F1470499A205ABBB9AAFB3B6F2B1)

msiexec.exe (PID: 1452 MD5: 5879D691E842574A20FE63817CB76DF9)

cleanup

Dropped Files
File Path	MD5
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF2E3B.tmp	58BA7A67BD18C3701F84C233BABFE811
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF3ED3.tmp	70A2C42DA68990E1E6BB9CDC0FDA31FC
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4	DFDF3FCC73C3D79D960A4BF0142E270B
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5	F7129BD2F205ED6146BB1342D12C903F
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4	7C490DB616DD204E67CB91482EA6840C
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5	76BDE78999196BEC5C59F48142263C9B
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt	7D04A67BFE246E09247D48720799B4C5
C:\Documents and Settings\Administrator\Cookies\administrator@google[2].txt	83DCCFB295A499C66B1E6519E35211EC
C:\Documents and Settings\Administrator\Cookies\administrator@google[3].txt	9034C308F0C9FD7B6170B2038648B480
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\T0DFTGB2\www.google[1].xml	8C1A9C229612D01B5F762EB5CF1B46B7
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0DD04C9C-4667-11E1-97AA-08002763FBB4}.dat	000A2C9A7F0CA8B7AABE3EEF315E7E33
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0DD04C9E-4667-11E1-97AA-08002763FBB4}.dat	25F93609D1520C7576EB074D09FCE929
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\logo3w[1].png	169E859DB7F28A01E1B51E1C9E2D6B2B
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\mgyhp_sm[1].png	6EFE849BCCA95A1036A846F618FDE913
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\tia[1].png	AD07EE4CB98DA073DDA56CE7CEB88F5A
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\b0659096785d29d3[1].js	0FA09E7314A4BAC8093E64309A152A19
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\chrome-48[1].png	3FE84B8B53D7401B32FABD0C70F211BB
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt	9587C00152120E2E6CAA85BA12DEAD70
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\j_e6a6aca6[1].png	E6A6ACA6F0BF41491306FB48C5CBC2EF
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\favicon[1].ico	09B565A51E14B721A323F0BA44B2982A
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\nav_logo107[1].png	92D80817414D8985DE1DCC4425754D66
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\swxa[1].gif	72630BE6F3743631E1FC2C53F8F25344
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1]	6C9F39E8946018FB1631E818F9668EAE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js	FEED2A2E2D54CD5F40FB4B5F5244FFF2
C:\Recycle.Bin\5CBD14A05E0D693	32DEA343CA0ADD98E441EEAFF6F28D22
C:\Recycle.Bin\B6232F3AC2C.exe	6F7E68AC83FB111653E2093C17D46B21
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf	B4B8B02DB9E43A95A0D61B24D68C4581
C:\WINDOWS\system32\wbem\Logs\wmiprov.log	A38C53660FC2B34F46B6C360DF872E22
\ROUTER	8D7564381D943011C644C48017C9F2F0
\globpluginspipe	087A51F1B049EB817D817863AAE5297C
\lsass	3182E954630821EC0EA6E440419D3864

Global Network Data

All TCP
Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2012 20:03:43.598177910 CEST	1039	1427	192.168.0.10	92.241.162.53
Jul 2, 2012 20:03:43.598207951 CEST	1427	1039	92.241.162.53	192.168.0.10
Jul 2, 2012 20:03:43.598546028 CEST	1039	1427	192.168.0.10	92.241.162.53
Jul 2, 2012 20:03:43.600795031 CEST	1039	1427	192.168.0.10	92.241.162.53
Jul 2, 2012 20:03:43.600810051 CEST	1427	1039	92.241.162.53	192.168.0.10
Jul 2, 2012 20:03:43.608885050 CEST	1039	1427	192.168.0.10	92.241.162.53
Jul 2, 2012 20:03:43.608942032 CEST	1427	1039	92.241.162.53	192.168.0.10
Jul 2, 2012 20:03:43.609213114 CEST	1039	1427	192.168.0.10	92.241.162.53
Jul 2, 2012 20:03:58.935945034 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:03:58.935976982 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:03:58.936338902 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:03:58.942425013 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:03:58.942440033 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:03:59.596462965 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:03:59.656255960 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:03:59.656788111 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:03:59.656809092 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:03:59.838814020 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:04:00.690382957 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:00.690416098 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:00.690773010 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:00.695569992 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:00.695585966 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.531971931 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.607877016 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.608283997 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.608304024 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.608309984 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.608715057 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.652854919 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.653129101 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.653143883 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.655642033 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.656053066 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.656066895 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.675091982 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.675400972 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.675412893 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.696902037 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.697268963 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.697283983 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.780771971 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.780790091 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.836039066 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.836302996 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.836319923 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.836606026 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.858313084 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.951930046 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:01.952116966 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:01.952136993 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.006422043 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.006676912 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.006692886 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.006714106 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.031719923 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.032643080 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.078569889 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.078859091 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.078876972 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.246087074 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.602509022 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.602529049 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.610963106 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.610987902 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:02.611186028 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.612231016 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:02.612245083 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.028846979 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.085880041 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.086214066 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.086235046 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.132586956 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.132603884 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.504678965 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.631467104 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.669061899 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.669080019 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.740099907 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.740374088 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.740391970 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.740614891 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.740619898 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.740633965 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:03.740859032 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.886898041 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:03.887018919 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:05.217415094 CEST	1045	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:04:05.217444897 CEST	80	1045	199.7.71.190	192.168.0.10
Jul 2, 2012 20:04:05.217648029 CEST	1045	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:04:05.218806982 CEST	1045	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:04:05.218822002 CEST	80	1045	199.7.71.190	192.168.0.10
Jul 2, 2012 20:04:05.682365894 CEST	80	1045	199.7.71.190	192.168.0.10
Jul 2, 2012 20:04:05.853900909 CEST	1045	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:04:05.853920937 CEST	80	1045	199.7.71.190	192.168.0.10
Jul 2, 2012 20:04:06.084184885 CEST	1045	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:04:07.207951069 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:07.207983971 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:07.208204031 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:07.210767984 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:07.210791111 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:07.919285059 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:07.955991983 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:07.956376076 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:07.956397057 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:07.977957964 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:07.978363037 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.105735064 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.106091976 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.109411955 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.124725103 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.125099897 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.125116110 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.131436110 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.131810904 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.131824970 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.169255972 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.169610977 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.169625044 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.176518917 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.176863909 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.176877975 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.191273928 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.191704988 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.202244997 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.224265099 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.224647999 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.224661112 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.225024939 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.231926918 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.254288912 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.254724979 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.254740953 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.334666014 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.335221052 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.335236073 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.364252090 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.364773035 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.376440048 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.376961946 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.388438940 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.388937950 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.396892071 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.396899939 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.397497892 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.397511959 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.398029089 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.398397923 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:08.398411036 CEST	80	1046	199.7.54.190	192.168.0.10
Jul 2, 2012 20:04:08.588527918 CEST	1046	80	192.168.0.10	199.7.54.190
Jul 2, 2012 20:04:09.968908072 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:09.968923092 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:10.024929047 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:10.024945021 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:10.345019102 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:10.345046043 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:10.345269918 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:10.348225117 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:10.348238945 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.225372076 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.246577024 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.246850014 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.246866941 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.247241020 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.247298956 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.269587994 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.282352924 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.282850981 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.282866001 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.283385038 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.283628941 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.283642054 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.305330038 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.305843115 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.305855989 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.306242943 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.313623905 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.318712950 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.319267988 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.319283009 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.319672108 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.327496052 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.340873957 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.341427088 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.341439962 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.341830015 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.348859072 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.355947018 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.356499910 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.356513023 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.398077965 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.398637056 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.398654938 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.399039030 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.432427883 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.432440996 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.577205896 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:11.577233076 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:11.577596903 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:11.580758095 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:11.580773115 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:11.651004076 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.704292059 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.797154903 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.797724962 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.797749996 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.806847095 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.807332039 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.807347059 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.851984024 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.852529049 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.852545023 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.869460106 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.870016098 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.870031118 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.870562077 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.873893976 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.873902082 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.874368906 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.889039040 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.908606052 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.909149885 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.909162998 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.909480095 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.909874916 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.909888029 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.938453913 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.938941002 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.938952923 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.955626965 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.956171989 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.956186056 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.960093021 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.960144997 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.960527897 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.960541010 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.960787058 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.963048935 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.963062048 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.963378906 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.971985102 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.993886948 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.994040012 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.994263887 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.994278908 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:11.994524956 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.994606972 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:11.995269060 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.002657890 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.002986908 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.003000021 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.003236055 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.009238005 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.019074917 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.019428968 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.019440889 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.024126053 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.024466991 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.024478912 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.024796963 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.024807930 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.039027929 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.039383888 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.039397955 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.046045065 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.046464920 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.046478033 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.059706926 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.060023069 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.060034990 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.060353994 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.079751015 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.080398083 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.080676079 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.080689907 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.099225044 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.102668047 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.102683067 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.108110905 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.111572027 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.111584902 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.115154028 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.126745939 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.128695011 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.136352062 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.137916088 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.144146919 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.144473076 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.144488096 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.161675930 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.162054062 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.162067890 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.163410902 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.163829088 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.163841963 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.181817055 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.182255030 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.182267904 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.202362061 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.202707052 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.202721119 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.202950954 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.203161955 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.203169107 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.203552961 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.203567028 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.214448929 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.214855909 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.214869022 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.222835064 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.223184109 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.223196983 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.243673086 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.243963957 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.243978024 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.250842094 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.251107931 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.251122952 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.254251003 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.254642010 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.254654884 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.273911953 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.274220943 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.274240017 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.274554968 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.278862000 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.294950008 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.295357943 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.295372963 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.295444965 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.295643091 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.295948029 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.295958996 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.301417112 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.301837921 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.301851034 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.321052074 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.321394920 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.321408987 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.323467016 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.323785067 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.323796034 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.332284927 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.332617998 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.332638979 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.332859993 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.338002920 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.345818996 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.349231958 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.349246025 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.387293100 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.387686968 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.387702942 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.388030052 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.388041019 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.390113115 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.390471935 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.390487909 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.403413057 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.403795004 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.403809071 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.404164076 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.409868956 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.418077946 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.418086052 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.418457985 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.421533108 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.421544075 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.424386978 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.424738884 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.424751997 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.424957991 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.425276995 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.425291061 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.448971033 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.449348927 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.449363947 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.449734926 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.450115919 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.450520039 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.450860977 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.450875044 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.480830908 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.481187105 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.481205940 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.481241941 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.481556892 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.481570005 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.503060102 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.503412008 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.503427029 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:12.506702900 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.525495052 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.525871992 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.525887966 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.525895119 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.526295900 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.526400089 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.551084995 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.556826115 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.557245016 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.557260036 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.557738066 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.558888912 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.560503006 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.567543030 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:12.573832989 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.574256897 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.574270964 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.574609995 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:12.635873079 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.842432022 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:12.842803955 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:13.327394962 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:13.346952915 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:13.584280014 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:13.584300041 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.617311954 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:04:13.617326021 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:04:13.744057894 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:13.744076967 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:13.784454107 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:13.784475088 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.883213043 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.964555025 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.965082884 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:13.965100050 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.965472937 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:13.987257957 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.991763115 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.992180109 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:13.992197037 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:13.993233919 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.018239975 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.031369925 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.031414986 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.031739950 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.031757116 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.043231010 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.043695927 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.043715000 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.043720961 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.044125080 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.051960945 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.064893961 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.065253019 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.065268040 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.086762905 CEST	80	1042	173.194.69.106	192.168.0.10
Jul 2, 2012 20:04:14.132999897 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.133403063 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.133430958 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.133449078 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.133822918 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.133836031 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.165466070 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.165824890 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.165838003 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.166682005 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.187467098 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.187480927 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.187864065 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.187876940 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:04:14.194185972 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.194592953 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.194607019 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.209667921 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.210082054 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.210093975 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.275837898 CEST	1042	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:04:14.310000896 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.310017109 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.385521889 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.385533094 CEST	80	1043	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.385586977 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:04:14.607681990 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:04:14.614272118 CEST	1043	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:14.716474056 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:04:30.615546942 CEST	1050	80	192.168.0.10	173.194.69.99
Jul 2, 2012 20:04:30.615576029 CEST	80	1050	173.194.69.99	192.168.0.10
Jul 2, 2012 20:04:30.615941048 CEST	1050	80	192.168.0.10	173.194.69.99
Jul 2, 2012 20:04:30.618577003 CEST	1050	80	192.168.0.10	173.194.69.99
Jul 2, 2012 20:04:30.618591070 CEST	80	1050	173.194.69.99	192.168.0.10
Jul 2, 2012 20:04:30.638438940 CEST	1051	80	192.168.0.10	173.194.69.147
Jul 2, 2012 20:04:30.638458014 CEST	80	1051	173.194.69.147	192.168.0.10
Jul 2, 2012 20:04:30.638833046 CEST	1051	80	192.168.0.10	173.194.69.147
Jul 2, 2012 20:04:30.642021894 CEST	1051	80	192.168.0.10	173.194.69.147
Jul 2, 2012 20:04:30.642035007 CEST	80	1051	173.194.69.147	192.168.0.10
Jul 2, 2012 20:04:31.459068060 CEST	80	1050	173.194.69.99	192.168.0.10
Jul 2, 2012 20:04:31.545617104 CEST	80	1051	173.194.69.147	192.168.0.10
Jul 2, 2012 20:04:31.666548014 CEST	1050	80	192.168.0.10	173.194.69.99
Jul 2, 2012 20:04:31.666675091 CEST	1051	80	192.168.0.10	173.194.69.147

All UDP
Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2012 20:03:19.634973049 CEST	61120	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:20.187199116 CEST	53	61120	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:20.200793028 CEST	51208	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:20.200853109 CEST	53	51208	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:36.911964893 CEST	56719	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:36.912050962 CEST	53	56719	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:36.925652981 CEST	51094	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:36.925681114 CEST	53	51094	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:45.330770969 CEST	63631	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:46.323252916 CEST	63631	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:47.323080063 CEST	63631	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:49.323508978 CEST	63631	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:49.323910952 CEST	63631	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:50.204643011 CEST	53	63631	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:50.325241089 CEST	53	63631	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:50.347255945 CEST	53	63631	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:51.835757017 CEST	58466	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:52.652427912 CEST	53604	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:52.823400021 CEST	58466	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:53.653381109 CEST	53604	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:53.754273891 CEST	53	58466	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:54.008047104 CEST	53	63631	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:54.030069113 CEST	53	63631	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:54.651412010 CEST	53604	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:55.163966894 CEST	53	58466	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:56.651685953 CEST	53604	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:56.652255058 CEST	53604	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:03:58.261976957 CEST	53	53604	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:58.283910990 CEST	53	53604	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:58.283945084 CEST	53	53604	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:58.283973932 CEST	53	53604	195.186.4.121	192.168.0.10
Jul 2, 2012 20:03:58.284003973 CEST	53	53604	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:58.427973032 CEST	64441	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:03:58.924629927 CEST	53	64441	195.186.1.121	192.168.0.10
Jul 2, 2012 20:03:59.720899105 CEST	63632	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:00.542463064 CEST	63633	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:00.682996035 CEST	53	63632	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:01.685765028 CEST	63633	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:02.685579062 CEST	63633	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:03.853359938 CEST	52775	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:04.687407970 CEST	63633	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:04.687835932 CEST	63633	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:04:04.874731064 CEST	52775	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:04.926287889 CEST	53	63633	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:05.060086966 CEST	53	63633	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:05.060549021 CEST	63633	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:04:05.082056046 CEST	53	63633	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:05.213291883 CEST	53	52775	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:05.882652044 CEST	51899	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:06.172941923 CEST	53	52775	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:06.868124008 CEST	53	51899	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:09.297158957 CEST	53	63633	195.186.4.121	192.168.0.10
Jul 2, 2012 20:04:09.299439907 CEST	53	63633	195.186.4.121	192.168.0.10
Jul 2, 2012 20:04:09.299468994 CEST	53	63633	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:10.446734905 CEST	57021	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:11.433229923 CEST	57021	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:11.571012020 CEST	53	57021	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:12.278769016 CEST	53	57021	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:24.087856054 CEST	49368	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:24.108073950 CEST	59107	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:25.073632002 CEST	49368	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:25.104787111 CEST	59107	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:26.073851109 CEST	49368	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:26.104685068 CEST	59107	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:28.073496103 CEST	49368	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:28.073900938 CEST	49368	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:04:28.104861975 CEST	59107	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:28.105267048 CEST	59107	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:04:30.610111952 CEST	53	49368	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:30.632275105 CEST	53	59107	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:31.236272097 CEST	53	49368	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:31.424006939 CEST	53	59107	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:32.790303946 CEST	53	49368	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:32.985280991 CEST	53	59107	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:34.266618013 CEST	53	49368	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:34.379714966 CEST	53	49368	195.186.4.121	192.168.0.10
Jul 2, 2012 20:04:34.427088976 CEST	53	59107	195.186.1.121	192.168.0.10
Jul 2, 2012 20:04:34.450025082 CEST	53	59107	195.186.4.121	192.168.0.10
Jul 2, 2012 20:04:54.280107021 CEST	58179	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:55.276139975 CEST	58179	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:56.276381969 CEST	58179	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:58.276968956 CEST	58179	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:04:58.277539968 CEST	58179	53	192.168.0.10	195.186.4.121

All ICMP
Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 2, 2012 20:03:50.347618103 CEST	192.168.0.10	195.186.1.121	831c	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:03:54.008441925 CEST	192.168.0.10	195.186.4.121	861c	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:03:54.030389071 CEST	192.168.0.10	195.186.1.121	831c	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:03:55.164190054 CEST	192.168.0.10	195.186.4.121	862f	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:06.173224926 CEST	192.168.0.10	195.186.1.121	832e	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:09.297492027 CEST	192.168.0.10	195.186.4.121	861c	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:09.299806118 CEST	192.168.0.10	195.186.4.121	861c	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:09.299894094 CEST	192.168.0.10	195.186.1.121	831c	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:12.279110909 CEST	192.168.0.10	195.186.1.121	832d	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:31.236797094 CEST	192.168.0.10	195.186.1.121	8362	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:31.424489975 CEST	192.168.0.10	195.186.1.121	8362	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:32.790769100 CEST	192.168.0.10	195.186.1.121	8362	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:32.985493898 CEST	192.168.0.10	195.186.1.121	8362	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:34.266949892 CEST	192.168.0.10	195.186.1.121	8362	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:34.379986048 CEST	192.168.0.10	195.186.4.121	8662	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:34.427354097 CEST	192.168.0.10	195.186.1.121	8362	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:04:34.450331926 CEST	192.168.0.10	195.186.4.121	8662	(Port unreachable)	Destination Unreachable

DNS Query
Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 2, 2012 20:03:20.200793028 CEST	192.168.0.10	195.186.4.121	0x5826	Standard query (0)	_LDAP._TCP	33	IN (0x0001)
Jul 2, 2012 20:03:36.925652981 CEST	192.168.0.10	195.186.4.121	0xa5cb	Standard query (0)	_LDAP._TCP	33	IN (0x0001)
Jul 2, 2012 20:03:45.330770969 CEST	192.168.0.10	195.186.1.121	0xc5af	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:46.323252916 CEST	192.168.0.10	195.186.4.121	0xc5af	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:47.323080063 CEST	192.168.0.10	195.186.1.121	0xc5af	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:49.323508978 CEST	192.168.0.10	195.186.1.121	0xc5af	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:49.323910952 CEST	192.168.0.10	195.186.4.121	0xc5af	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:52.652427912 CEST	192.168.0.10	195.186.1.121	0x88c9	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:53.653381109 CEST	192.168.0.10	195.186.4.121	0x88c9	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:54.651412010 CEST	192.168.0.10	195.186.1.121	0x88c9	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:56.651685953 CEST	192.168.0.10	195.186.1.121	0x88c9	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:56.652255058 CEST	192.168.0.10	195.186.4.121	0x88c9	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.427973032 CEST	192.168.0.10	195.186.1.121	0x1cb0	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:59.720899105 CEST	192.168.0.10	195.186.1.121	0x9772	Standard query (0)	www.google.fr	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:00.542463064 CEST	192.168.0.10	195.186.1.121	0x7fb4	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:01.685765028 CEST	192.168.0.10	195.186.1.121	0x7fb4	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:02.685579062 CEST	192.168.0.10	195.186.1.121	0x7fb4	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:03.853359938 CEST	192.168.0.10	195.186.1.121	0x6f1c	Standard query (0)	crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:04.687407970 CEST	192.168.0.10	195.186.1.121	0x7fb4	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:04.687835932 CEST	192.168.0.10	195.186.4.121	0x7fb4	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:04.874731064 CEST	192.168.0.10	195.186.1.121	0x6f1c	Standard query (0)	crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:05.060549021 CEST	192.168.0.10	195.186.4.121	0x7fb4	Standard query (0)	hhotelst555.ru	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:05.882652044 CEST	192.168.0.10	195.186.1.121	0xcb27	Standard query (0)	csc3-2009-2-crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:10.446734905 CEST	192.168.0.10	195.186.1.121	0x1cc7	Standard query (0)	ssl.gstatic.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:11.433229923 CEST	192.168.0.10	195.186.1.121	0x1cc7	Standard query (0)	ssl.gstatic.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:24.087856054 CEST	192.168.0.10	195.186.1.121	0x51c0	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:24.108073950 CEST	192.168.0.10	195.186.1.121	0x4edd	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:25.073632002 CEST	192.168.0.10	195.186.1.121	0x51c0	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:25.104787111 CEST	192.168.0.10	195.186.1.121	0x4edd	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:26.073851109 CEST	192.168.0.10	195.186.1.121	0x51c0	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:26.104685068 CEST	192.168.0.10	195.186.1.121	0x4edd	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:28.073496103 CEST	192.168.0.10	195.186.1.121	0x51c0	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:28.073900938 CEST	192.168.0.10	195.186.4.121	0x51c0	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:28.104861975 CEST	192.168.0.10	195.186.1.121	0x4edd	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:28.105267048 CEST	192.168.0.10	195.186.4.121	0x4edd	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:54.280107021 CEST	192.168.0.10	195.186.1.121	0x362b	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.s1.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:55.276139975 CEST	192.168.0.10	195.186.1.121	0x362b	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.s1.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:56.276381969 CEST	192.168.0.10	195.186.1.121	0x362b	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.s1.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:58.276968956 CEST	192.168.0.10	195.186.1.121	0x362b	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.s1.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:58.277539968 CEST	192.168.0.10	195.186.4.121	0x362b	Standard query (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.s1.v4.ipv6-exp.l.google.com	A (IP address)	IN (0x0001)

DNS Answer
Timestamp	Source IP	Dest IP	Trans ID	Replay Code	Name	CName	Address	Type	Class
Jul 2, 2012 20:03:20.200853109 CEST	195.186.4.121	192.168.0.10	0x5826	Not Implemented (4)	_LDAP._TCP	none	none	33	IN (0x0001)
Jul 2, 2012 20:03:36.925681114 CEST	195.186.4.121	192.168.0.10	0xa5cb	Not Implemented (4)	_LDAP._TCP	none	none	33	IN (0x0001)
Jul 2, 2012 20:03:50.204643011 CEST	195.186.1.121	192.168.0.10	0xc5af	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:50.325241089 CEST	195.186.4.121	192.168.0.10	0xc5af	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:50.347255945 CEST	195.186.1.121	192.168.0.10	0xc5af	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:54.008047104 CEST	195.186.4.121	192.168.0.10	0xc5af	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:54.030069113 CEST	195.186.1.121	192.168.0.10	0xc5af	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.261976957 CEST	195.186.4.121	192.168.0.10	0x88c9	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.283910990 CEST	195.186.1.121	192.168.0.10	0x88c9	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.283945084 CEST	195.186.1.121	192.168.0.10	0x88c9	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.283973932 CEST	195.186.4.121	192.168.0.10	0x88c9	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.284003973 CEST	195.186.1.121	192.168.0.10	0x88c9	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:03:58.924629927 CEST	195.186.1.121	192.168.0.10	0x1cb0	No error (0)	www.google.com		173.194.69.106	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:00.682996035 CEST	195.186.1.121	192.168.0.10	0x9772	No error (0)	www.google.fr		173.194.69.94	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:04.926287889 CEST	195.186.1.121	192.168.0.10	0x7fb4	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:05.060086966 CEST	195.186.1.121	192.168.0.10	0x7fb4	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:05.082056046 CEST	195.186.1.121	192.168.0.10	0x7fb4	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:05.213291883 CEST	195.186.1.121	192.168.0.10	0x6f1c	No error (0)	crl.verisign.com		199.7.71.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:06.172941923 CEST	195.186.1.121	192.168.0.10	0x6f1c	No error (0)	crl.verisign.com		199.7.71.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:06.868124008 CEST	195.186.1.121	192.168.0.10	0xcb27	No error (0)	csc3-2009-2-crl.verisign.com		199.7.54.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:09.297158957 CEST	195.186.4.121	192.168.0.10	0x7fb4	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:09.299439907 CEST	195.186.4.121	192.168.0.10	0x7fb4	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:09.299468994 CEST	195.186.1.121	192.168.0.10	0x7fb4	Server failure (2)	hhotelst555.ru	none	none	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:11.571012020 CEST	195.186.1.121	192.168.0.10	0x1cc7	No error (0)	ssl.gstatic.com		173.194.69.120	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:12.278769016 CEST	195.186.1.121	192.168.0.10	0x1cc7	No error (0)	ssl.gstatic.com		173.194.69.120	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:30.610111952 CEST	195.186.1.121	192.168.0.10	0x51c0	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com		173.194.69.99	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:30.632275105 CEST	195.186.1.121	192.168.0.10	0x4edd	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com		173.194.69.147	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:31.236272097 CEST	195.186.1.121	192.168.0.10	0x51c0	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com		173.194.69.99	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:31.424006939 CEST	195.186.1.121	192.168.0.10	0x4edd	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com		173.194.69.147	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:32.790303946 CEST	195.186.1.121	192.168.0.10	0x51c0	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com		173.194.69.99	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:32.985280991 CEST	195.186.1.121	192.168.0.10	0x4edd	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com		173.194.69.147	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:34.266618013 CEST	195.186.1.121	192.168.0.10	0x51c0	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com		173.194.69.99	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:34.379714966 CEST	195.186.4.121	192.168.0.10	0x51c0	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com		173.194.69.99	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:34.427088976 CEST	195.186.1.121	192.168.0.10	0x4edd	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com		173.194.69.147	A (IP address)	IN (0x0001)
Jul 2, 2012 20:04:34.450025082 CEST	195.186.4.121	192.168.0.10	0x4edd	No error (0)	p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com		173.194.69.147	A (IP address)	IN (0x0001)

HTTP Dependency Graph

www.google.com

www.google.fr

ssl.gstatic.com

www.google.com

p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com

p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com

crl.verisign.com

csc3-2009-2-crl.verisign.com

HTTP
Timestamp	Source Port	Dest Port	Source IP	Dest IP	Header	Total Bytes Transfered (KB)
Jul 2, 2012 20:03:58.942425013 CEST	1042	80	192.168.0.10	173.194.69.106	GET / HTTP/1.1 Accept: / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.com Connection: Keep-Alive	4
Jul 2, 2012 20:03:59.596462965 CEST	80	1042	173.194.69.106	192.168.0.10	HTTP/1.1 302 Found Location: http://www.google.fr/ Cache-Control: private Content-Type: text/html; charset=UTF-8 Set-Cookie: expires=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: path=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: domain=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: expires=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.www.google.com Set-Cookie: pat	4
Jul 2, 2012 20:04:00.695569992 CEST	1043	80	192.168.0.10	173.194.69.94	GET / HTTP/1.1 Accept: / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive	7
Jul 2, 2012 20:04:01.531971931 CEST	80	1043	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Set-Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; expires=Tue, 01-Jan-2013 18:04:01 GMT; path=/; domain=.google.fr; HttpOnly Date: Mon, 02 Jul 2012 18:04:01 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr; expires=Wed, 02-Jul-2014 18:04:01 GMT; p	8
Jul 2, 2012 20:04:02.602509022 CEST	1043	80	192.168.0.10	173.194.69.94	GET /images/icons/product/chrome-48.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	38
Jul 2, 2012 20:04:02.612231016 CEST	1044	80	192.168.0.10	173.194.69.94	GET /images/mgyhp_sm.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	39
Jul 2, 2012 20:04:03.028846979 CEST	80	1043	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:02 GMT Expires: Mon, 02 Jul 2012 18:04:02 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 1834 X-XSS-Protection: 1; mode=block	39
Jul 2, 2012 20:04:03.132586956 CEST	1043	80	192.168.0.10	173.194.69.94	GET /images/srpr/logo3w.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	42
Jul 2, 2012 20:04:03.504678965 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:03 GMT Expires: Mon, 02 Jul 2012 18:04:03 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 331 X-XSS-Protection: 1; mode=block	42
Jul 2, 2012 20:04:03.631467104 CEST	80	1043	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:03 GMT Expires: Mon, 02 Jul 2012 18:04:03 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 7007 X-XSS-Protection: 1; mode=block	43
Jul 2, 2012 20:04:05.218806982 CEST	1045	80	192.168.0.10	199.7.71.190	GET /pca3.crl HTTP/1.1 Accept: / User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: crl.verisign.com Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache	51
Jul 2, 2012 20:04:05.682365894 CEST	80	1045	199.7.71.190	192.168.0.10	HTTP/1.0 200 OK Age: 245 Date: Mon, 02 Jul 2012 18:00:01 GMT Connection: Keep-Alive Via: NS-248 ETag: "c3d047-382-4c370d230a740" Server: Apache/2.2.3 (Red Hat) Last-Modified: Wed, 27 Jun 2012 09:27:17 GMT Accept-Ranges: bytes Content-Length: 898 Content-Type: application/pkix-crl X-Cache: MISS from hostname X-Cache-Lookup: HIT from hostname:80 Via: 1.0 hostname:80 (squid/2.6.STABLE21)	52
Jul 2, 2012 20:04:07.210767984 CEST	1046	80	192.168.0.10	199.7.54.190	GET /CSC3-2009-2.crl HTTP/1.1 Accept: / User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: csc3-2009-2-crl.verisign.com Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache	54
Jul 2, 2012 20:04:07.919285059 CEST	80	1046	199.7.54.190	192.168.0.10	HTTP/1.0 200 OK Age: 239 Date: Mon, 02 Jul 2012 18:00:09 GMT Connection: Keep-Alive Via: NS-248 ETag: "8f8144-8dac-4c3d50600aac0" Server: Apache/2.2.3 (Red Hat) Last-Modified: Mon, 02 Jul 2012 09:00:03 GMT Accept-Ranges: bytes Content-Length: 36268 Content-Type: application/pkix-crl X-Cache: MISS from hostname X-Cache-Lookup: HIT from hostname:80 Via: 1.0 hostname:80 (squid/2.6.STABLE21)	55
Jul 2, 2012 20:04:09.968908072 CEST	1044	80	192.168.0.10	173.194.69.94	GET /images/nav_logo107.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	132
Jul 2, 2012 20:04:10.024929047 CEST	1043	80	192.168.0.10	173.194.69.94	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	133
Jul 2, 2012 20:04:10.348225117 CEST	1048	80	192.168.0.10	173.194.69.94	GET /xjs/_/js/s/s,st,anim,bbd,c,sb,hv,wta,cr,cdos,pj,tbpr,tbui,rsn,ob,mb,lc,du,ada,bihu,lu,m,tng,hsm,j,p,pcc,csitl/rt=j/ver=2uka1iBbpRI.en_US./d=1/rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	165
Jul 2, 2012 20:04:11.225372076 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 16 Mar 2012 04:38:08 GMT Date: Mon, 02 Jul 2012 18:04:10 GMT Expires: Mon, 02 Jul 2012 18:04:10 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 28693 X-XSS-Protection: 1; mode=block	282
Jul 2, 2012 20:04:11.269587994 CEST	80	1043	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:10 GMT Expires: Mon, 02 Jul 2012 18:04:10 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 1150 X-XSS-Protection: 1; mode=block	288
Jul 2, 2012 20:04:11.580758095 CEST	1049	80	192.168.0.10	173.194.69.120	GET /gb/js/sem_feed2a2e2d54cd5f40fb4b5f5244fff2.js HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: ssl.gstatic.com Connection: Keep-Alive	314
Jul 2, 2012 20:04:11.704292059 CEST	80	1048	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Type: text/javascript; charset=UTF-8 Last-Modified: Wed, 27 Jun 2012 20:50:45 GMT Date: Thu, 28 Jun 2012 06:14:39 GMT Expires: Fri, 28 Jun 2013 06:14:39 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 148757 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 388172	314
Jul 2, 2012 20:04:12.506702900 CEST	80	1049	173.194.69.120	192.168.0.10	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Type: text/javascript Last-Modified: Sat, 23 Jun 2012 00:48:13 GMT Date: Fri, 29 Jun 2012 00:11:11 GMT Expires: Sat, 29 Jun 2013 00:11:11 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 16899 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 323580	471
Jul 2, 2012 20:04:13.584280014 CEST	1044	80	192.168.0.10	173.194.69.94	GET /extern_chrome/b0659096785d29d3.js HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	489
Jul 2, 2012 20:04:13.617311954 CEST	1042	80	192.168.0.10	173.194.69.106	GET /textinputassistant/tia.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.com Connection: Keep-Alive Cookie: PREF=ID=3740656370e573ad:FF=0:TM=1341252239:LM=1341252239:S=SskzaATPSlZCGbET; NID=61=k92McNxtDZbrafsil-yPtkDcLjmWWzZuTTBYwWDZuV5g2qxdsv1pUWFV3y1Zqtc_BKkdEMIJwxo1QhKLYZDec6dpkWb4Bx-f-G_UTDX5tTcgxS97PIPIb1ynCLLVRncd	490
Jul 2, 2012 20:04:13.744057894 CEST	1049	80	192.168.0.10	173.194.69.120	GET /gb/images/j_e6a6aca6.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: ssl.gstatic.com Connection: Keep-Alive	491
Jul 2, 2012 20:04:13.784454107 CEST	1043	80	192.168.0.10	173.194.69.94	GET /images/swxa.gif HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	491
Jul 2, 2012 20:04:13.883213043 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Expires: Mon, 01 Jul 2013 00:00:00 GMT Last-Modified: Mon, 04 Jul 2011 00:00:00 GMT Content-Type: text/javascript; charset=UTF-8 Content-Disposition: attachment Content-Encoding: gzip Date: Mon, 02 Jul 2012 18:04:13 GMT Server: gws Cache-Control: private Content-Length: 10633 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN	492
Jul 2, 2012 20:04:14.031414986 CEST	80	1049	173.194.69.120	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Thu, 29 Mar 2012 23:53:57 GMT Date: Thu, 28 Jun 2012 11:57:52 GMT Expires: Fri, 28 Jun 2013 11:57:52 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 15130 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 367581	503
Jul 2, 2012 20:04:14.086762905 CEST	80	1042	173.194.69.106	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:13 GMT Expires: Mon, 02 Jul 2012 18:04:13 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 387 X-XSS-Protection: 1; mode=block	511
Jul 2, 2012 20:04:14.187480927 CEST	80	1043	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:14 GMT Expires: Mon, 02 Jul 2012 18:04:14 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 5223 X-XSS-Protection: 1; mode=block	520
Jul 2, 2012 20:04:14.310000896 CEST	1048	80	192.168.0.10	173.194.69.94	GET /csi?v=3&s=webhp&action=&e=17259,36253,37102,38816,39365,39370,39411,39549,39580,39604,39664,39730,39737&ei=keLxT4WwCoaKsga0ws37Cg&imc=2&imn=2&imp=0&rt=xjsls.7500,prt.7547,ol.7797,iml.7547,xjses.11250,xjsee.11781,xjs.12109 HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=MRfw65cNxEYLwvIcEvCv4Ix5IDnLO4e7I7ieI3KozhoqC8BTAkXHeYbMikmqByuI6BW7W39mF26EDlVTU5FKt_NQANYnc8iytcG2Nn8Q-SE2YZg9N8oV72K5m2DBHNph; PREF=ID=64273badff072a23:FF=0:TM=1341252241:LM=1341252241:S=mviKdCdjhaq409dr	526
Jul 2, 2012 20:04:14.607681990 CEST	80	1048	173.194.69.94	192.168.0.10	HTTP/1.1 204 No Content Content-Length: 0 Date: Wed, 21 Jan 2004 19:51:30 GMT Pragma: no-cache Cache-Control: private, no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: image/gif Server: Golfe	527
Jul 2, 2012 20:04:30.618577003 CEST	1050	80	192.168.0.10	173.194.69.99	GET /intl/en_ALL/ipv6/images/6.gif HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i1.ds.ipv6-exp.l.google.com Connection: Keep-Alive Cookie: PREF=ID=3740656370e573ad:FF=0:TM=1341252239:LM=1341252239:S=SskzaATPSlZCGbET; NID=61=k92McNxtDZbrafsil-yPtkDcLjmWWzZuTTBYwWDZuV5g2qxdsv1pUWFV3y1Zqtc_BKkdEMIJwxo1QhKLYZDec6dpkWb4Bx-f-G_UTDX5tTcgxS97PIPIb1ynCLLVRncd	530
Jul 2, 2012 20:04:30.642021894 CEST	1051	80	192.168.0.10	173.194.69.147	GET /intl/en_ALL/ipv6/images/6.gif HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: p5.6qizwgpslmgcg.k2cxhkzltvi3hxmd.912250.i2.v4.ipv6-exp.l.google.com Connection: Keep-Alive Cookie: PREF=ID=3740656370e573ad:FF=0:TM=1341252239:LM=1341252239:S=SskzaATPSlZCGbET; NID=61=k92McNxtDZbrafsil-yPtkDcLjmWWzZuTTBYwWDZuV5g2qxdsv1pUWFV3y1Zqtc_BKkdEMIJwxo1QhKLYZDec6dpkWb4Bx-f-G_UTDX5tTcgxS97PIPIb1ynCLLVRncd	531
Jul 2, 2012 20:04:31.459068060 CEST	80	1050	173.194.69.99	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:31 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate X-Content-Type-Options: nosniff Server: sffe Content-Length: 35 X-XSS-Protection: 1; mode=block	532
Jul 2, 2012 20:04:31.545617104 CEST	80	1051	173.194.69.147	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:04:31 GMT Pragma: no-cache Expires: Fri, 01 Jan 1990 00:00:00 GMT Cache-Control: no-cache, must-revalidate X-Content-Type-Options: nosniff Server: sffe Content-Length: 35 X-XSS-Protection: 1; mode=block	532

Hooks

User Modules

Hook Summary
Function Name	Hook Type	Active in Processes
TranslateMessage	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
ZwVdmControl	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
NtResumeThread	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
ZwEnumerateValueKey	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
ZwResumeThread	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
NtVdmControl	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
ZwSetInformationFile	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
NtEnumerateValueKey	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
NtQueryDirectoryFile	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
ZwQueryDirectoryFile	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
NtSetInformationFile	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
send	INLINE	winlogon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, explorer.exe
PFXImportCertStore	INLINE	winlogon.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
CryptEncrypt	INLINE	winlogon.exe, ctfmon.exe, wmiprvse.exe, jqs.exe, lsass.exe, svchost.exe, msiexec.exe, explorer.exe
ZwClose	INLINE	svchost.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, MDM.EXE
NtClose	INLINE	svchost.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, MDM.EXE
InternetReadFile	INLINE	svchost.exe
HttpOpenRequestA	INLINE	svchost.exe
HttpSendRequestA	INLINE	svchost.exe, explorer.exe
HttpSendRequestW	INLINE	svchost.exe, explorer.exe
InternetQueryDataAvailable	INLINE	svchost.exe
InternetReadFileExA	INLINE	svchost.exe
HttpQueryInfoA	INLINE	svchost.exe
InternetWriteFile	INLINE	svchost.exe, explorer.exe
InternetQueryOptionA	INLINE	svchost.exe
HttpAddRequestHeadersA	INLINE	svchost.exe
InternetCloseHandle	INLINE	svchost.exe, explorer.exe

Processes

Process: winlogon.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: ctfmon.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: ctfmon.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: ctfmon.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x31
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x31

Process: wmiprvse.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: wmiprvse.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: wmiprvse.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: wmiprvse.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30

Process: jqs.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msdtc.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x3E
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x3E

Process: dllhost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30

Process: alg.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30

Process: wscntfy.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x31
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x31

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: spoolsv.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x30

Process: msiexec.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: MDM.EXE, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x3F
NtClose	INLINE	0xE9 0x9B 0xBF 0xF3 0x33 0x3F

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WININET.dll
Function Name	Hook Type	New Data
InternetReadFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpOpenRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestW	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetQueryDataAvailable	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetReadFileExA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpQueryInfoA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetWriteFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetQueryOptionA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpAddRequestHeadersA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetCloseHandle	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtSetInformationFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: WININET.dll
Function Name	Hook Type	New Data
HttpSendRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestW	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetWriteFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetCloseHandle	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Analysis File: 6f7e68ac83fb111653e2093c17d46b21.exe PID: 1076 Parent PID: 232

Sections

General
Start time:	09:39:50
Start date:	24/01/2012
Path:	C:\6f7e68ac83fb111653e2093c17d46b21.exe
Wow64 process (32bit):	false
Commandline:	unknown
Imagebase:	0x400000
File size:	196096 bytes
MD5 hash:	6F7E68AC83FB111653E2093C17D46B21

Section Activities:

Section loaded by Windows
File Path	Access	Type	Base	Size	Mapped to pid	Protection	Completion	Count
\KnownDlls\kernel32.dll	write and read and execute	unknown	7C800000	1007616	own pid	read write	success or wait	1
unknown	query and write and read and execute and extend size	reserve	7C800000	1007616	own pid	read write	success or wait	1
\NLS\NlsSectionUnicode	read	unknown	260000	90112	own pid	readonly	success or wait	1
\NLS\NlsSectionLocale	read	unknown	280000	266240	own pid	readonly	success or wait	1
\NLS\NlsSectionSortkey	query and read	unknown	2D0000	266240	own pid	readonly	success or wait	1
\NLS\NlsSectionSortTbls	read	unknown	320000	24576	own pid	readonly	success or wait	1
\NLS\NlsSectionSortkey00000409	read	unknown	unknown	unknown	unknown	unknown	object name not found	1
\NLS\NlsSectionSortkey00000409	read	unknown	unknown	unknown	unknown	unknown	object name not found	1
\KnownDlls\SHELL32.dll	write and read and execute	unknown	7C9C0000	8482816	own pid	read write	success or wait	1
C:\WINDOWS\system32\shell32.dll	read	commit	B20000	8462336	own pid	readonly	success or wait	1
\KnownDlls\comctl32.dll	write and read and execute	unknown	5D090000	630784	own pid	read write	success or wait	1
C:\WINDOWS\system32\comctl32.dll	read	commit	B20000	618496	own pid	readonly	success or wait	1
\BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768	write	unknown	3F0000	32768	own pid	read write	success or wait	1
\BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Cookies_index.dat_16384	write	unknown	B20000	16384	own pid	read write	success or wait	1
\BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768	write	unknown	B30000	32768	own pid	read write	success or wait	1
\KnownDlls\ws2_32.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\ws2_32.dll	query and write and read and execute	image	71AB0000	94208	own pid	read write	success or wait	1
\KnownDlls\WS2HELP.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\ws2help.dll	query and write and read and execute	image	71AA0000	32768	own pid	read write	success or wait	1
\KnownDlls\VERSION.dll	write and read and execute	unknown	77C00000	32768	own pid	read write	success or wait	1
\BaseNamedObjects\Local\UrlZonesSM_Administrator	query and write and read	commit	unknown	unknown	unknown	unknown	object name exists	1
\KnownDlls\RASAPI32.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\rasapi32.dll	query and write and read and execute	image	76EE0000	245760	own pid	read write	success or wait	1
\KnownDlls\rasman.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\rasman.dll	query and write and read and execute	image	76E90000	73728	own pid	read write	success or wait	1
\KnownDlls\NETAPI32.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\netapi32.dll	query and write and read and execute	image	5B860000	348160	own pid	read write	success or wait	1
\KnownDlls\TAPI32.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\tapi32.dll	query and write and read and execute	image	76EB0000	192512	own pid	read write	success or wait	1
\KnownDlls\rtutils.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\rtutils.dll	query and write and read and execute	image	76E80000	57344	own pid	read write	success or wait	1
\KnownDlls\WINMM.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\winmm.dll	query and write and read and execute	image	76B40000	184320	own pid	read write	success or wait	1
C:\WINDOWS\system32\tapi32.dll	read	commit	DD0000	184320	own pid	readonly	success or wait	1
\KnownDlls\USERENV.dll	write and read and execute	unknown	769C0000	737280	own pid	read write	success or wait	1
\KnownDlls\msapsspc.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\msapsspc.dll	query and write and read and execute	image	71E50000	86016	own pid	read write	success or wait	1
\KnownDlls\MSVCRT40.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\msvcrt40.dll	query and write and read and execute	image	78080000	69632	own pid	read write	success or wait	1
\KnownDlls\schannel.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\schannel.dll	query and write and read and execute	image	767F0000	163840	own pid	read write	success or wait	1
\KnownDlls\CRYPT32.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\crypt32.dll	query and write and read and execute	image	77A80000	610304	own pid	read write	success or wait	1
\KnownDlls\MSASN1.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\msasn1.dll	query and write and read and execute	image	77B20000	73728	own pid	read write	success or wait	1
\KnownDlls\digest.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\digest.dll	query and write and read and execute	image	75B00000	86016	own pid	read write	success or wait	1
\KnownDlls\msnsspc.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\msnsspc.dll	query and write and read and execute	image	747B0000	290816	own pid	read write	success or wait	1
\KnownDlls\MSVCRT40.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\msvcrt40.dll	query and write and read and execute	image	78080000	69632	own pid	read write	success or wait	1
\KnownDlls\sensapi.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\sensapi.dll	query and write and read and execute	image	722B0000	20480	own pid	read write	success or wait	1
\BaseNamedObjects\SENS Information Cache	read	unknown	DD0000	4096	own pid	readonly	success or wait	1
C:\WINDOWS\system32\msv1_0.dll	write and read and execute	commit	E10000	139264	own pid	execute	success or wait	1
C:\WINDOWS\system32\msv1_0.dll	query and write and read and execute	image	77C70000	151552	own pid	read write	success or wait	1
\KnownDlls\cryptdll.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\cryptdll.dll	query and write and read and execute	image	76790000	49152	own pid	read write	success or wait	1
\KnownDlls\iphlpapi.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\iphlpapi.dll	query and write and read and execute	image	76D60000	102400	own pid	read write	success or wait	1
C:\WINDOWS\system32\mswsock.dll	write and read and execute	commit	E10000	245760	own pid	execute	success or wait	1
C:\WINDOWS\system32\mswsock.dll	query and write and read and execute	image	71A50000	258048	own pid	read write	success or wait	1
\KnownDlls\rasadhlp.dll	write and read and execute	unknown	unknown	unknown	unknown	unknown	object name not found	1
C:\WINDOWS\system32\rasadhlp.dll	query and write and read and execute	image	76FC0000	24576	own pid	read write	success or wait	1
C:\6f7e68ac83fb111653e2093c17d46b21.exe	query and write and read and execute and extend size	image	76FC0000	24576	own pid	read write	success or wait	1
\BaseNamedObjects\ShimSharedMemory	write	unknown	F10000	57344	own pid	read write	success or wait	1
C:\6f7e68ac83fb111653e2093c17d46b21.exe	query and read	commit	F20000	196608	own pid	readonly	success or wait	1

Section loaded by program
File Path	Access	Type	Base	Size	Mapped to pid	Protection	Completion	Count	Source Address
\KnownDlls\Wininet.dll	write and read and execute	unknown	3D930000	942080	own pid	read write	success or wait	1	4012BB
\KnownDlls\msvcrt.dll	write and read and execute	unknown	77C10000	360448	own pid	read write	success or wait	1	4012BB
\KnownDlls\SHLWAPI.dll	write and read and execute	unknown	77F60000	483328	own pid	read write	success or wait	1	4012BB
\KnownDlls\ADVAPI32.dll	write and read and execute	unknown	77DD0000	634880	own pid	read write	success or wait	1	4012BB
\KnownDlls\RPCRT4.dll	write and read and execute	unknown	77E70000	602112	own pid	read write	success or wait	1	4012BB
\KnownDlls\Secur32.dll	write and read and execute	unknown	77FE0000	69632	own pid	read write	success or wait	1	4012BB
\KnownDlls\GDI32.dll	write and read and execute	unknown	77F10000	299008	own pid	read write	success or wait	1	4012BB
\KnownDlls\USER32.dll	write and read and execute	unknown	7E410000	593920	own pid	read write	success or wait	1	4012BB
\KnownDlls\Normaliz.dll	write and read and execute	unknown	340000	36864	own pid	read write	conflicting addresses	1	4012BB
\KnownDlls\urlmon.dll	write and read and execute	unknown	78130000	1257472	own pid	read write	success or wait	1	4012BB
\KnownDlls\ole32.dll	write and read and execute	unknown	774E0000	1302528	own pid	read write	success or wait	1	4012BB
\KnownDlls\OLEAUT32.dll	write and read and execute	unknown	77120000	569344	own pid	read write	success or wait	1	4012BB
\KnownDlls\iertutil.dll	write and read and execute	unknown	3DFD0000	2002944	own pid	read write	success or wait	1	4012BB
\NLS\NlsSectionCType	read	unknown	360000	12288	own pid	readonly	success or wait	1	4012BB
C:\WINDOWS\system32\imm32.dll	write and read and execute	commit	370000	110592	own pid	execute	success or wait	1	4012BB
C:\WINDOWS\system32\imm32.dll	write and read and execute	commit	370000	110592	own pid	execute	success or wait	1	4012BB
C:\WINDOWS\system32\imm32.dll	query and write and read and execute	image	76390000	118784	own pid	read write	success or wait	1	4012BB
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll	write and read and execute	commit	920000	1056768	own pid	execute	success or wait	1	4012BB
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll	query and write and read and execute	image	773D0000	1060864	own pid	read write	success or wait	1	4012BB
C:\WINDOWS\WindowsShell.Manifest	write and read and execute	commit	3A0000	4096	own pid	execute	success or wait	1	4012BB
C:\WINDOWS\WindowsShell.Manifest	query and read	commit	3A0000	4096	own pid	readonly	success or wait	1	4012BB
C:\WINDOWS\WindowsShell.Manifest	read	commit	3A0000	4096	own pid	readonly	success or wait	1	4012BB

Process Activities:

Process started
PID	Filepath	Cmdline	Flags	Completion	Count	Source Address	Symbol
2008	C:\6f7e68ac83fb111653e2093c17d46b21.exe	C:\6f7e68ac83fb111653e2093c17d46b21.exe	none	success or wait	1	401817	CreateProcessA

Process information queried
PID	Process info class	Completion	Count	Source Address	Symbol
1076	Cookie	success or wait	3	unknown	unknown
1076	ImageInformation	success or wait	1	unknown	unknown
1076	Wow64Information	success or wait	1	unknown	unknown
1076	SessionInformation	success or wait	1	unknown	unknown
1076	DefaultHardErrorMode	success or wait	26	unknown	unknown
1076	QuotaLimits	success or wait	1	unknown	unknown
1076	VmCounters	success or wait	1	unknown	unknown
2008	BasicInformation	success or wait	2	unknown	unknown

Thread Activities:

Thread context set

TID

PID

DR0

DR1

DR2

DR3

DR7

EFLAGS

EIP

Completion

Count

Source Address

Symbol

384

2008

200

7C810705

success or wait

4019AA

SetThreadContext

Thread resumed
TID	PID	Path	Completion	Count	Source Address	Symbol
384	2008	C:\6f7e68ac83fb111653e2093c17d46b21.exe	success or wait	1	4019B7	ResumeThread

Memory Activities:

Memory read
PID	Filepath	Base	Length	Value	Completion	Count	Source Address	Symbol
2008	C:\6f7e68ac83fb111653e2093c17d46b21.exe	7FFDE008	4	00 00 40 00	success or wait	1	401881	ReadProcessMemory

Memory written
PID	Filepath	Base	Length	Value	Completion	Count	Source Address	Symbol
2008	C:\6f7e68ac83fb111653e2093c17d46b21.exe	400000	397312	4D 5A 90 00 03 00 00 00 04 00 00 00 FF FF 00 00 B8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 D0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4C 01 03 00 FB 82 86 4E 00 00 00 00 00 00 00 00 E0 00 02 01 0B 01 0A 00 00 D0 01 00 00 10 00 00 00 20 04 00 70 F2 05 00 00 30 04	success or wait	1	401958	WriteProcessMemory
2008	C:\6f7e68ac83fb111653e2093c17d46b21.exe	7FFDE008	4	00 00 40 00	success or wait	1	40198B	WriteProcessMemory

Memory allocated
PID	Filepath	Base	Length	Protection	Completion	Count	Source Address	Symbol
1076	C:\6f7e68ac83fb111653e2093c17d46b21.exe	330000	12FE80	page read and write	success or wait	1	401D48	HeapCreate
1076	C:\6f7e68ac83fb111653e2093c17d46b21.exe	330000	12FE84	page read and write	success or wait	1	401D48	HeapCreate
1076	C:\6f7e68ac83fb111653e2093c17d46b21.exe	F30000	12FC98	page read and write	success or wait	1	4011FD	VirtualAlloc
2008	C:\6f7e68ac83fb111653e2093c17d46b21.exe	400000	12FCC8	page execute and read and write	success or wait	1	4018BA	VirtualAllocEx

Memory attributes changed
PID	Filepath	Base	Length	New Protection	Old Protection	Completion	Count	Source Address	Symbol
1076	C:\6f7e68ac83fb111653e2093c17d46b21.exe	401000	5000	page read and write	page execute read	success or wait	1	4015C4	VirtualProtect

Chronological sections
Operation	Data	Completion	Time
Section loaded	Path: \KnownDlls\kernel32.dll Access: write and read and execute Type: unknown Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid	success or wait	540135493
Process information queried	PID: 1076 Info Class: Cookie	success or wait	540144210
Section loaded	Path: unknown Access: query and write and read and execute and extend size Type: reserve Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid	success or wait	540147677
Section loaded	Path: \NLS\NlsSectionUnicode Access: read Type: unknown Baseaddress: 260000 Size: 90112 Protection: readonly Mapped to pid: own pid	success or wait	540157374
Section loaded	Path: \NLS\NlsSectionLocale Access: read Type: unknown Baseaddress: 280000 Size: 266240 Protection: readonly Mapped to pid: own pid	success or wait	540159339
Section loaded	Path: \NLS\NlsSectionSortkey Access: query and read Type: unknown Baseaddress: 2D0000 Size: 266240 Protection: readonly Mapped to pid: own pid	success or wait	540162753
Section loaded	Path: \NLS\NlsSectionSortTbls Access: read Type: unknown Baseaddress: 320000 Size: 24576 Protection: readonly Mapped to pid: own pid	success or wait	540165881
Section loaded	Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	540168235
Section loaded	Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	540168604
Process information queried	PID: 1076 Info Class: ImageInformation	success or wait	540172103
Memory allocated	PID: 1076 Path: C:\6f7e68ac83fb111653e2093c17d46b21.exe Base: 330000 Length: 12FE80 Allocation Type: unknown Protection: page read and write	success or wait	540182664
Memory allocated	PID: 1076 Path: C:\6f7e68ac83fb111653e2093c17d46b21.exe Base: 330000 Length: 12FE84 Allocation Type: unknown Protection: page read and write	success or wait	540182934
Memory attributes changed	PID: 1076 Path: C:\6f7e68ac83fb111653e2093c17d46b21.exe Base: 401000 Length: 5000 New Protection: page read and write New Protection: page execute read	success or wait	540184081
Section loaded	Path: \KnownDlls\Wininet.dll Access: write and read and execute Type: unknown Baseaddress: 3D930000 Size: 942080 Protection: read write Mapped to pid: own pid	success or wait	540186217
Section loaded	Path: \KnownDlls\msvcrt.dll Access: write and read and execute Type: unknown Baseaddress: 77C10000 Size: 360448 Protection: read write Mapped to pid: own pid	success or wait	540189983
Section loaded	Path: \KnownDlls\SHLWAPI.dll Access: write and read and execute Type: unknown Baseaddress: 77F60000 Size: 483328 Protection: read write Mapped to pid: own pid	success or wait	540196534
Section loaded	Path: \KnownDlls\ADVAPI32.dll Access: write and read and execute Type: unknown Baseaddress: 77DD0000 Size: 634880 Protection: read write Mapped to pid: own pid	success or wait	540200633
Section loaded	Path: \KnownDlls\RPCRT4.dll Access: write and read and execute Type: unknown Baseaddress: 77E70000 Size: 602112 Protection: read write Mapped to pid: own pid	success or wait	540207309
Section loaded	Path: \KnownDlls\Secur32.dll Access: write and read and execute Type: unknown Baseaddress: 77FE0000 Size: 69632 Protection: read write Mapped to pid: own pid	success or wait	540215403
Section loaded	Path: \KnownDlls\GDI32.dll Access: write and read and execute Type: unknown Baseaddress: 77F10000 Size: 299008 Protection: read write Mapped to pid: own pid	success or wait	540228714
Section loaded	Path: \KnownDlls\USER32.dll Access: write and read and execute Type: unknown Baseaddress: 7E410000 Size: 593920 Protection: read write Mapped to pid: own pid	success or wait	540234867
Section loaded	Path: \KnownDlls\Normaliz.dll Access: write and read and execute Type: unknown Baseaddress: 340000 Size: 36864 Protection: read write Mapped to pid: own pid	conflicting addresses	540259525
Section loaded	Path: \KnownDlls\urlmon.dll Access: write and read and execute Type: unknown Baseaddress: 78130000 Size: 1257472 Protection: read write Mapped to pid: own pid	success or wait	540269189
Section loaded	Path: \KnownDlls\ole32.dll Access: write and read and execute Type: unknown Baseaddress: 774E0000 Size: 1302528 Protection: read write Mapped to pid: own pid	success or wait	540272404
Section loaded	Path: \KnownDlls\OLEAUT32.dll Access: write and read and execute Type: unknown Baseaddress: 77120000 Size: 569344 Protection: read write Mapped to pid: own pid	success or wait	540280773
Section loaded	Path: \KnownDlls\iertutil.dll Access: write and read and execute Type: unknown Baseaddress: 3DFD0000 Size: 2002944 Protection: read write Mapped to pid: own pid	success or wait	540292548
Section loaded	Path: \NLS\NlsSectionCType Access: read Type: unknown Baseaddress: 360000 Size: 12288 Protection: readonly Mapped to pid: own pid	success or wait	540305596
Process information queried	PID: 1076 Info Class: Cookie	success or wait	540308230
Process information queried	PID: 1076 Info Class: Cookie	success or wait	540308580
Section loaded	Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 370000 Size: 110592 Protection: execute Mapped to pid: own pid	success or wait	540315263
Section loaded	Path: C:\WINDOWS\system32\imm32.dll Access: write and read and execute Type: commit Baseaddress: 370000 Size: 110592 Protection: execute Mapped to pid: own pid	success or wait	540319004
Section loaded	Path: C:\WINDOWS\system32\imm32.dll Access: query and write and read and execute Type: image Baseaddress: 76390000 Size: 118784 Protection: read write Mapped to pid: own pid	success or wait	540321686
Section loaded	Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: write and read and execute Type: commit Baseaddress: 920000 Size: 1056768 Protection: execute Mapped to pid: own pid	success or wait	540391077
Section loaded	Path: C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll Access: query and write and read and execute Type: image Baseaddress: 773D0000 Size: 1060864 Protection: read write Mapped to pid: own pid	success or wait	540394534
Section loaded	Path: C:\WINDOWS\WindowsShell.Manifest Access: write and read and execute Type: commit Baseaddress: 3A0000 Size: 4096 Protection: execute Mapped to pid: own pid	success or wait	540406227
Section loaded	Path: C:\WINDOWS\WindowsShell.Manifest Access: query and read Type: commit Baseaddress: 3A0000 Size: 4096 Protection: readonly Mapped to pid: own pid	success or wait	540410000
Section loaded	Path: C:\WINDOWS\WindowsShell.Manifest Access: read Type: commit Baseaddress: 3A0000 Size: 4096 Protection: readonly Mapped to pid: own pid	success or wait	540413147
Process information queried	PID: 1076 Info Class: Wow64Information	success or wait	540542979
Section loaded	Path: \KnownDlls\SHELL32.dll Access: write and read and execute Type: unknown Baseaddress: 7C9C0000 Size: 8482816 Protection: read write Mapped to pid: own pid	success or wait	540554313
Section loaded	Path: C:\WINDOWS\system32\shell32.dll Access: read Type: commit Baseaddress: B20000 Size: 8462336 Protection: readonly Mapped to pid: own pid	success or wait	540567562
Section loaded	Path: \KnownDlls\comctl32.dll Access: write and read and execute Type: unknown Baseaddress: 5D090000 Size: 630784 Protection: read write Mapped to pid: own pid	success or wait	540602862
Section loaded	Path: C:\WINDOWS\system32\comctl32.dll Access: read Type: commit Baseaddress: B20000 Size: 618496 Protection: readonly Mapped to pid: own pid	success or wait	540616902
Process information queried	PID: 1076 Info Class: SessionInformation	success or wait	540626232
Section loaded	Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_Temporary Internet Files_Content.IE5_index.dat_32768 Access: write Type: unknown Baseaddress: 3F0000 Size: 32768 Protection: read write Mapped to pid: own pid	success or wait	540701922
Section loaded	Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Cookies_index.dat_16384 Access: write Type: unknown Baseaddress: B20000 Size: 16384 Protection: read write Mapped to pid: own pid	success or wait	540716436
Section loaded	Path: \BaseNamedObjects\Local\C:_Documents and Settings_Administrator_Local Settings_History_History.IE5_index.dat_32768 Access: write Type: unknown Baseaddress: B30000 Size: 32768 Protection: read write Mapped to pid: own pid	success or wait	540726924
Section loaded	Path: \KnownDlls\ws2_32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	540856694
Section loaded	Path: C:\WINDOWS\system32\ws2_32.dll Access: query and write and read and execute Type: image Baseaddress: 71AB0000 Size: 94208 Protection: read write Mapped to pid: own pid	success or wait	540858313
Section loaded	Path: \KnownDlls\WS2HELP.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	540863445
Section loaded	Path: C:\WINDOWS\system32\ws2help.dll Access: query and write and read and execute Type: image Baseaddress: 71AA0000 Size: 32768 Protection: read write Mapped to pid: own pid	success or wait	540865562
Section loaded	Path: \KnownDlls\VERSION.dll Access: write and read and execute Type: unknown Baseaddress: 77C00000 Size: 32768 Protection: read write Mapped to pid: own pid	success or wait	540958632
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	540963117
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	540963750
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	540964956
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	540965561
Section loaded	Path: \BaseNamedObjects\Local\UrlZonesSM_Administrator Access: query and write and read Type: commit Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name exists	540972106
Section loaded	Path: \KnownDlls\RASAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541018665
Section loaded	Path: C:\WINDOWS\system32\rasapi32.dll Access: query and write and read and execute Type: image Baseaddress: 76EE0000 Size: 245760 Protection: read write Mapped to pid: own pid	success or wait	541020496
Section loaded	Path: \KnownDlls\rasman.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541026652
Section loaded	Path: C:\WINDOWS\system32\rasman.dll Access: query and write and read and execute Type: image Baseaddress: 76E90000 Size: 73728 Protection: read write Mapped to pid: own pid	success or wait	541028464
Section loaded	Path: \KnownDlls\NETAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541034233
Section loaded	Path: C:\WINDOWS\system32\netapi32.dll Access: query and write and read and execute Type: image Baseaddress: 5B860000 Size: 348160 Protection: read write Mapped to pid: own pid	success or wait	541036125
Section loaded	Path: \KnownDlls\TAPI32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541048536
Section loaded	Path: C:\WINDOWS\system32\tapi32.dll Access: query and write and read and execute Type: image Baseaddress: 76EB0000 Size: 192512 Protection: read write Mapped to pid: own pid	success or wait	541050351
Section loaded	Path: \KnownDlls\rtutils.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541057996
Section loaded	Path: C:\WINDOWS\system32\rtutils.dll Access: query and write and read and execute Type: image Baseaddress: 76E80000 Size: 57344 Protection: read write Mapped to pid: own pid	success or wait	541059879
Section loaded	Path: \KnownDlls\WINMM.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541067673
Section loaded	Path: C:\WINDOWS\system32\winmm.dll Access: query and write and read and execute Type: image Baseaddress: 76B40000 Size: 184320 Protection: read write Mapped to pid: own pid	success or wait	541069590
Section loaded	Path: C:\WINDOWS\system32\tapi32.dll Access: read Type: commit Baseaddress: DD0000 Size: 184320 Protection: readonly Mapped to pid: own pid	success or wait	541146693
Section loaded	Path: \KnownDlls\USERENV.dll Access: write and read and execute Type: unknown Baseaddress: 769C0000 Size: 737280 Protection: read write Mapped to pid: own pid	success or wait	541202647
Process information queried	PID: 1076 Info Class: QuotaLimits	success or wait	541234879
Process information queried	PID: 1076 Info Class: VmCounters	success or wait	541235263
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541265435
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541266069
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541267011
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541270452
Section loaded	Path: \KnownDlls\msapsspc.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541309972
Section loaded	Path: C:\WINDOWS\system32\msapsspc.dll Access: query and write and read and execute Type: image Baseaddress: 71E50000 Size: 86016 Protection: read write Mapped to pid: own pid	success or wait	541323633
Section loaded	Path: \KnownDlls\MSVCRT40.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541329443
Section loaded	Path: C:\WINDOWS\system32\msvcrt40.dll Access: query and write and read and execute Type: image Baseaddress: 78080000 Size: 69632 Protection: read write Mapped to pid: own pid	success or wait	541331761
Section loaded	Path: \KnownDlls\schannel.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541364550
Section loaded	Path: C:\WINDOWS\system32\schannel.dll Access: query and write and read and execute Type: image Baseaddress: 767F0000 Size: 163840 Protection: read write Mapped to pid: own pid	success or wait	541366704
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541375146
Section loaded	Path: \KnownDlls\CRYPT32.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541376582
Section loaded	Path: C:\WINDOWS\system32\crypt32.dll Access: query and write and read and execute Type: image Baseaddress: 77A80000 Size: 610304 Protection: read write Mapped to pid: own pid	success or wait	541378524
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541384980
Section loaded	Path: \KnownDlls\MSASN1.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541389298
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541391890
Section loaded	Path: C:\WINDOWS\system32\msasn1.dll Access: query and write and read and execute Type: image Baseaddress: 77B20000 Size: 73728 Protection: read write Mapped to pid: own pid	success or wait	541396981
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541403260
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541404849
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541413958
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541445982
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541447966
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541448505
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541449092
Section loaded	Path: \KnownDlls\digest.dll Access: write and read and execute Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	541461177
Section loaded	Path: C:\WINDOWS\system32\digest.dll Access: query and write and read and execute Type: image Baseaddress: 75B00000 Size: 86016 Protection: read write Mapped to pid: own pid	success or wait	541469402
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541511013
Process information queried	PID: 1076 Info Class: DefaultHardErrorMode	success or wait	541512707
Section loaded	Path: \KnownDlls\msnsspc.dll Access: write and read and execute Type: unknown Baseaddress: