Analysis Date2016-03-09 06:26:46
MD55e6debf00b715a228d6593346e0f197a
SHA1dcb448ae697364618fb368f8f54dcc1186237397

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: fe8058e4006fca7424c964cccc1e0237 sha1: 6a90136fb23058090fc0ffd82a69e9bae3bed020 size: 56320
Section.rdata md5: 9c9b446a02daa6409c23262139d48cb7 sha1: f300ed7e2b5e7456aaf2f227122fe4346407e8c0 size: 10240
Section.data md5: 0e85cb31de1e91487f1efeeb96798d88 sha1: 0e272e318acf08ee509b8bddfec94e70e4fe7183 size: 6656
Section.rsrc md5: 61fb2ab043e33ec214eefc8d3e2a5f91 sha1: 8bd2b04e0bda2ce7cd36a8ef3af990012593a364 size: 11776
Section.reloc md5: 37d18085d2c1b145a5c64bebaab67354 sha1: 971ef1f5ab6b92668b5dd8b194e65991823afe7e size: 5120
Timestamp2013-02-05 04:03:07
PackerMicrosoft Visual C++ ?.?
PEhash002471867be2a3235a3368c638e8b117ca084b94
IMPhash4511896d043677e4ab4578dc5bcab5a0
AVRisingNo Virus
AVMcafeeGenericR-ESD!5E6DEBF00B71
AVAvira (antivir)TR/Dropper.Gen7
AVTwisterTrojan.F5D4D60C125C8750
AVAd-AwareGen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVAlwil (avast)Malware-gen
AVAlwil (avast)Win32:Malware-gen
AVEset (nod32)Win32/Shyape.G
AVGrisoft (avg)Generic32.CQJL
AVSymantecTrojan.Sakurel
AVFortinetW32/Shyape.G!tr
AVBitDefenderGen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVK7Trojan ( 0043a4491 )
AVMicrosoft Security EssentialsTrojan:Win32/Diofopi.F
AVMicroWorld (escan)Gen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVMalwareBytesTrojan.Agent
AVAuthentiumW32/A-1ec329e0!Eldorado
AVEmsisoftGen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVFrisk (f-prot)No Virus
AVIkarusTrojan.Win32.Scar
AVZillya!Trojan.Scar.Win32.79088
AVKasperskyTrojan.Win32.Scar.hmoa
AVTrend MicroBKDR_DIOFOPI.SM
AVVirusBlokAda (vba32)Trojan.Scar
AVCAT (quickheal)Trojan.Diofopi.MUE.E5
AVBullGuardGen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVArcabit (arcavir)Gen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVClamAVWin.Trojan.Agent-965389
AVDr. WebTrojan.DownLoad3.22515
AVF-SecureGen:Trojan.Heur.RP.fuW@aCHU9Xcj
AVCA (E-Trust Ino)Gen:Trojan.Heur.RP.fuW@aCHU9Xcj

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\MicroMedia ➝
C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe
Creates Processcmd.exe /c ping 127.0.0.1 & del /q C:\malware.exe
Creates ProcessC:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe

Process
↳ cmd.exe /c ping 127.0.0.1 & del /q C:\malware.exe

Creates Processping 127.0.0.1

Process
↳ C:\Documents and Settings\Administrator\Local Settings\Temp\MicroMedia\MediaCenter.exe

Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1537031
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=107296&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1630296&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1474859
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=946468
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1816750
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=511312
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=977546
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=635640
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=262703&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=853250&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1319453
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=822140&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1692453&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=449171&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1692421
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1350531
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1568109
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1164046
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1133000&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=728875
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1847859&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=573500&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=387015&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1474890&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1039734
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=324859&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1785671
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1723531&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=200546&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1754578
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=107265
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=759968
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=387000
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1257328&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1132968
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=697796
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1754609&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1599187
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=946484&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1381625
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1070843&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=138359
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=355921
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=542421&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=573468
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1101921&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=915406&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1630265
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=791062&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1443812&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=231593
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=635671&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=604562
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1505937
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1101890
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=76218&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=511328&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=822125
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1288375
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=200515
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=169453&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1568125&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1039765&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1661343
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1226218
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1816781&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=915390
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=728906&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=791031
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=666750&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1319484&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=138375&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1847828
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=169437
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=262671
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=542390
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1412703
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=324828
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=697828&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1381640&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=293750
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1412734&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=418093&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=76156
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=884328&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1661375&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1195156&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=355937&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1008656&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=449156
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=853218
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=977578&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=418078
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1257296
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=231625&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1537046&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=884296
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=480234
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1785703&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1195125
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=759984&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1505968&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1008625
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1723500
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1350562&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1164078&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1070812
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1599203&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=480250&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=666718
Winsock URLhttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1443781
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1226234&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=604593&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=1288406&photoid=abegujvatqzfzxq-1067872246
Winsock URLhttp://www.polarroute.com/viewphoto.asp?resid=293781&photoid=abegujvatqzfzxq-1067872246

Process
↳ ping 127.0.0.1

Winsock DNS127.0.0.1

Network Details:

DNSpolarroute.com
Type: A
184.168.221.36
DNSwww.polarroute.com
Type: A
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=75890
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=76156
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=76218&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=107234
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=107265
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=107296&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=138328
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=138359
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=138375&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=169406
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=169437
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=169453&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=200484
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=200515
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=200546&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=231562
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=231593
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=231625&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=262640
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=262671
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=262703&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=293718
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=293750
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=293781&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=324812
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=324828
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=324859&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=355890
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=355921
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=355937&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=386968
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=387000
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=387015&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=418046
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=418078
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=418093&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=449125
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=449156
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=449171&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=480203
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=480234
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=480250&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=511281
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=511312
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=511328&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=542359
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=542390
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=542421&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=573453
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=573468
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=573500&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=604531
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=604562
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=604593&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=635625
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=635640
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=635671&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=666703
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=666718
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=666750&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=697781
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=697796
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=697828&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=728859
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=728875
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=728906&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=759937
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=759968
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=759984&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=791015
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=791031
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=791062&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=822093
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=822125
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=822140&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=853203
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=853218
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=853250&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=884281
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=884296
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=884328&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=915359
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=915390
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=915406&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=946437
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=946468
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=946484&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=977515
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=977546
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=977578&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1008609
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1008625
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1008656&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1039687
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1039734
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1039765&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1070796
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1070812
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1070843&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1101875
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1101890
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1101921&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1132953
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1132968
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1133000&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1164031
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1164046
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1164078&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1195109
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1195125
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1195156&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1226187
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1226218
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1226234&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1257265
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1257296
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1257328&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1288343
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1288375
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1288406&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1319437
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1319453
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1319484&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1350515
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1350531
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1350562&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1381593
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1381625
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1381640&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1412671
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1412703
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1412734&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1443765
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1443781
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1443812&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1474843
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1474859
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1474890&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1505921
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1505937
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1505968&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1537000
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1537031
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1537046&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1568078
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1568109
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1568125&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1599156
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1599187
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1599203&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1630234
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1630265
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1630296&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1661328
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1661343
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1661375&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1692406
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1692421
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1692453&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1723468
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1723500
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1723531&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1754562
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1754578
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1754609&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1785640
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1785671
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1785703&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1816718
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1816750
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1816781&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
HTTP POSThttp://www.polarroute.com/newimage.asp?imageid=abegujvatqzfzxq-1067872246&type=0&resid=1847796
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/photo/abegujvatqzfzxq-1067872246.jpg?resid=1847828
User-Agent: iexplorer
HTTP GEThttp://www.polarroute.com/viewphoto.asp?resid=1847859&photoid=abegujvatqzfzxq-1067872246
User-Agent: iexplorer
Flows TCP192.168.1.1:1031 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1032 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1033 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1034 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1035 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1036 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1037 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1038 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1039 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1040 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1041 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1042 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1043 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1044 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1045 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1046 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1047 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1048 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1049 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1050 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1051 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1052 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1053 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1054 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1055 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1056 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1057 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1058 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1059 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1060 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1061 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1062 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1063 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1064 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1065 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1066 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1067 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1068 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1069 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1070 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1071 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1072 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1073 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1074 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1075 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1076 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1077 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1078 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1079 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1080 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1081 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1082 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1083 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1084 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1085 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1086 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1087 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1088 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1089 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1090 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1091 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1092 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1093 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1094 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1095 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1096 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1097 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1098 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1099 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1100 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1101 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1102 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1103 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1104 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1105 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1106 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1107 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1108 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1109 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1110 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1111 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1112 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1113 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1114 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1115 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1116 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1117 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1118 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1119 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1120 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1121 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1122 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1123 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1124 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1125 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1126 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1127 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1128 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1129 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1130 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1131 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1132 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1133 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1134 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1135 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1136 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1137 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1138 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1139 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1140 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1141 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1142 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1143 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1144 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1145 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1146 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1147 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1148 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1149 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1150 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1151 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1152 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1153 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1154 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1155 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1156 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1157 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1158 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1159 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1160 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1161 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1162 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1163 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1164 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1165 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1166 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1167 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1168 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1169 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1170 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1171 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1172 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1173 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1174 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1175 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1176 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1177 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1178 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1179 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1180 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1181 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1182 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1183 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1184 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1185 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1186 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1187 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1188 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1189 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1190 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1191 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1192 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1193 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1194 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1195 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1196 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1197 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1198 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1199 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1200 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1201 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1202 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1203 ➝ 184.168.221.36:80
Flows TCP192.168.1.1:1204 ➝ 184.168.221.36:80

Raw Pcap

Strings
00-+ CC
.
\
 
.
__
A(null)
eaHAREPMKJ
e@IMJMWPVEPKV
gv}tpfewa
                                 H
         (((((                  H
         h((((                  H
@jjj
jjjj
KERNEL32.DLL
mscoree.dll
xsMJ@KSWxw]WPAI
xSMJ@KSWxW]WPAI
xW]WTVAT
xW]WTVATx
xW]WTVATxW]WTVAT
                          
;-<@<[<
0,020U0\0u0
0/040L0R0a0g0v0|0
 !"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuvwxyz{|}~
 !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~
0 2O2t2W4S6W6[6_6c6g6k6o6|6
030:0@0N0U0Z0c0p0v0
=0>4>8><>@>D>H>L>P>T>X>\>`>d>h>l>p>t>x>|>
090?0q0
0A@@Ju
0&cAPiK@QHAbMHAjEIAe
0SSSSS
0WWWWW
1?1X1_1g1l1p1t1
1$2/2M2W2a2s2
141E1P1x1
1&cAPiK@QHAbMHAjEIAs
<%<1<h<q<}<
; ;(;1;:;S;h;
1!sMJa\AG
2$2,242<2D2h3l3p3t3x3|3
2!2K2w2
242]2b2y2
2#444n4{4
2N2T2X2\2`2
3!3K3}3
3#4-4>4U4a4g4q4
38"3$x3.3
3H4\4}4
3Z3`3l3
4(5F5X5v5
:4:I:o:
< ?.?4?N?S?b?k?x?
4rswuvN
4V5\5a5g5n5
5 6-8?8Q8s8
6$61666<6E6N6V6a6f6k6p6z6
6 6(616:6C6N6S6[6j6
6%6:6z6
6"6t6z6
6[7a7z7
6/7H7O7W7\7`7d7
6`7j7w7
6h6m6w6
:):6:=:H:b:
6P7V7\7b7h7n7u7|7
70858:8?8O8~8
?;713?2
7"7'7,777<7D7J7S7X7_7e7
7-7?7E7J7k7
7(7H7h7
7>8D8H8L8P8
83!?;713x7%&
8$8(80848P8\8x8
8!8'8=8D8N9U9
8/8c8i8t8
8)8E8N8T8]8b8q8
8>8H8`8
8:8V8|8
8)919\9e9m9z9
8A8S8a8v8
8;:A:P:]:f:
<8<C<y<
?8?]?p?
8VVVVV
>983/!3::
98:Y:e:
9+929J9V9\9h9w9}9
9%9`9|9
9"9)9.959:9
9 9<9@9`9
9;9m9t9x9|9
9B9k9q9
9B:Q:`:i:~:
abcdefghijklmnopqrstuvwxyz
ABCDEFGHIJKLMNOPQRSTUVWXYZ
ADVAPI32.dll
AllocateAndInitializeSid
>%a\MPtVKGAWW
=a=m=y>^?t?
An application has made an attempt to load the C runtime library incorrectly.
;a<*=[=q=
</assembly>PAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<at9<rt,<wt
- Attempt to initialize the CRT more than once.
- Attempt to use MSIL code from this assembly during native code initialization
August
<&<;<B<H<^<y<
;+;b;s;
@%bVAAhMFVEV]eJ@a\MPpLVAE@
Child ProcessId is %d
cK`ARpKKH
cKhMJO
CloseHandle
cmd.exe
cmd.exe /c 
cmd.exe /c rundll32 "%s" 
CONOUT$
CorExitProcess
/c ping 127.0.0.1 & del /q "%s"
Create Child Cmd.exe Process Succeed!
CreateDirectoryA
CreateFileA
CreatePipe
CreateProcessA
- CRT not initialized
C:\windows\system32\cmd.exe
@.data
dddd, MMMM dd, yyyy
December
DecodePointer
DeleteCriticalSection
%d_of_%d_for_%s_on_%s
DOMAIN error
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
eeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee
<(=E=L=
EncodePointer
EnterCriticalSection
EqualSid
ExitProcess
ExpandEnvironmentStringsA
February
>F>^>i>
FindClose
FindFirstFileA
FindResourceA
- floating point support not loaded
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsA
FreeEnvironmentStringsW
FreeSid
Friday
GetACP
GetActiveWindow
GetCommandLineA
GetComputerNameA
GetConsoleCP
GetConsoleMode
GetConsoleOutputCP
GetCPInfo
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetEnvironmentStrings
GetEnvironmentStringsW
GetFileSize
GetFileType
GetLastActivePopup
GetLastError
GetLocaleInfoA
GetModuleFileNameA
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetProcessWindowStation
GetStartupInfoA
GetStdHandle
GetStringTypeA
GetStringTypeW
GetSystemDirectoryA
GetSystemTimeAsFileTime
GetTempPathA
GetTickCount
GetTokenInformation
GetUserNameA
GetUserObjectInformationA
GetVersionExA
GetVolumeInformationA
gKcAPkFNAGP
gKmJMPMEHM^A
:':g:y:
`h````
HeapAlloc
HeapCreate
HeapFree
HeapReAlloc
HeapSize
:(:H:h:
`h`hhh
HH:mm:ss
;(;H;h;t;
HHtXHHt
=$=H=k=
http://
HTTP/1.1
HttpOpenRequestA
HttpSendRequestA
 IAIWAP
 IEHHKG
iexplorer
>If90t
>">:>@>I>`>h>v>
InitializeCriticalSectionAndSpinCount
InterlockedDecrement
InterlockedIncrement
InternetCloseHandle
InternetConnectA
InternetOpenA
InternetOpenUrlA
InternetReadFile
IsDebuggerPresent
IsValidCodePage
IWRGVP
JanFebMarAprMayJunJulAugSepOctNovDec
January
j@j ^V
=)=?=J=O=Z=_=j=o=|=
.jpg?resid=%d
j"^SSSSS
:J;U;_;p;{;.=?=G=M=R=X=
?=?J?V?^?f?r?
KERNEL32.dll
LCMapStringA
LCMapStringW
L$DQUUUj
LeaveCriticalSection
LoadLibraryA
LoadResource
LockResource
MessageBoxA
Microsoft Visual C++ Runtime Library
MM/dd/yy
Monday
?;?M?t?
MultiByteToWideChar
mWqWAVeJe@IMJ
- not enough space for arguments
- not enough space for environment
- not enough space for locale information
- not enough space for lowio initialization
- not enough space for _onexit/atexit table
- not enough space for stdio initialization
- not enough space for thread data
November
(null)
oavjah
October
OpenProcess
OpenProcessToken
;&<O<u<{<
PeekNamedPipe
PlayWin32
Playx64
Please contact the application's support team for more information.
PPPPPPPP
Program: 
Program Files (x86)
<program name unknown>
- pure virtual function call
PUVh`EA
<&<p<w<
qeg`HH
QueryPerformanceCounter
QVVVVVVh 
>&>;>R>[>b>h>}>
`.rdata
ReadFile
RegCloseKey
RegDeleteKeyA
RegOpenKeyA
RegSetValueExA
@.reloc
        <requestedExecutionLevel level="asInvoker" uiAccess="false"></requestedExecutionLevel>
      </requestedPrivileges>
      <requestedPrivileges>
?resid=%d&photoid=
rss.tmp
rswuvp
RtlUnwind
runtime error 
Runtime Error!
Saturday
    </security>
    <security>
Self Process Id:%d
September
SetEndOfFile
SetFilePointer
SetHandleCount
SetLastError
SetPriorityClass
SetStdHandle
SetThreadPriority
SetUnhandledExceptionFilter
SHChangeNotify
SHELL32.dll
ShellExecuteA
SING error
SizeofResource
SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
^SSSSS
=%s&type=%d&resid=%d
Sunday
SunMonTueWedThuFriSat
teh<[@
TerminateProcess
tGHt.Ht&
tHE]sMJ
This application has requested the Runtime to terminate it in an unusual way.
This indicates a bug in your application.
This indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native constructor or from DllMain.
!This program cannot be run in DOS mode.
Thursday
t h`YA
< tK<	tG
TLOSS error
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
  </trustInfo>
  <trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
t"SS9]
t$<"u	3
Tuesday
;t$,v-
tVKCVEI
t+WWVPV
- unable to initialize heap
- unable to open console device
- unexpected heap error
- unexpected multithread lock error
UnhandledExceptionFilter
UNICODE
UQPXY]Y[
URPQQh
USER32.DLL
UTF-16LE
UUUWUU
:':v:|:
VirtualAlloc
VirtualFree
v	N+D$
Wednesday
 wHAAT
WideCharToMultiByte
WinExec
WININET.dll
%wLAHHa\AGQPAa\s
wlgVAEPAmPAIbVKItEVWMJCjEIA
WriteConsoleA
WriteConsoleW
WriteFile
/!WTVMJPB
^WWWWW
!!!x89$">&9:3$9#"3x59;
!!!x&9:7$$9#"3x59;
xppwpp
xpxxxx
y ?3!&>9"9x7%&
y&>9"9y
>=Yt1j
<,<?<z<