Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

10 June 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

00:08:00 Win2K-f 118.232.9.197 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:02:00 Win2K-f 76.243.226.214 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:01:21:00 WinXP 60.249.37.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:01:22:00 Win2K-f 98.141.9.167 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

01:25:00 Win2K-f 122.155.9.40 (CDPM1.COM):
CAT TELECOM PUBLIC COMPANY LTD,
TH. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:34:00 Win2K-f 122.155.9.40 (CDPM1.COM):
CAT TELECOM PUBLIC COMPANY LTD,
TH. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
208.78.69.70:80
US:64.246.48.99:666
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:55:00 Win2K-f 220.179.245.214 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a NL:wow.blackirc.us
NL:83.68.16.6:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:10:00 Win2K-f 96.8.209.10 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:17:00 WinXP 119.234.129.147 (-):
. n/a CN:proxim.ircgalaxy.pl
RU:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 36 9bb68450cd
NEW c2d5ac2315 [0] ASM:Graph
PolyEnE| lines=73
embedded dns trace

T:02:42:00 Win2K-f 65.101.242.10 (PACBELL.NET):
GSC,
LITTLETON, COLORADO, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 36 of 40
37 of 40 1dac4f4c5b
NEW
52162b705b
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:02:45:00 Win2K-f 24.213.224.238 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:57:00 WinXP 125.58.101.228 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

03:53:00 WinXP 204.120.197.191 (WBSNET.NET):
WHEATLAND ELECTRIC COOP,
SCOTT CITY, KANSAS, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 40 824d6a706e
NEW none[none] none:none
none|none none none

T:04:27:00 Win2K-f 61.46.135.107 (ZAQ.NE.JP):
HIGASHI-OSAKA CABLE TELEVISION CO. LTD,
OSAKA, OSAKA, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[1]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:04:27:00 WinXP 93.102.15.112 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none[3] none:none
tElock| none trace

T:05:17:00 WinXP 208.103.59.60 (INDIANAFIBER.NET):
INDIANA FIBER NETWORK LLC,
INDIANAPOLIS, INDIANA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:28:00 WinXP 213.240.12.59 (ISTRA.CO.YU):
YUNET INTERNATIONAL,
CS. n/a DE:siliconfireware.ru
US:searchportal.information.com
:wpad
US:spi.domainsponsor.com
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
http
13 lines Yeah : 0.8
profile none summary
tarball 0 of 40
0 of 40
26 of 40 0479e254d7
NEW
49a39279e8
NEW
78cdea8dc9
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

05:28:00 Win2K-f 220.180.231.211 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:05:37:00 Win2K-f 220.180.231.211 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
208.78.69.70:80
US:64.246.48.99:666
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:06:36:00 WinXP 173.28.128.6 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:58:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:16:00 WinXP 83.6.80.244 (TPNET.PL):
NEOSTRADA PLUS,
LUBLIN, LUBELSKIE, PL. (DSL) 114.80.101.21:65520 CN:proxim.ircgalaxy.pl
DE:dl2.guarddog2009.com
:www.google.com
:upr15may.com
RO:evidek.ro
GB:zz-dns.com 445 pcap raw alerts
ruleset http
irc
http
http
32 lines Yeah : 1.3
profile none summary
tarball 24 of 39
37 of 39
17 of 39 9040565119
NEW
dab4da4e21
NEW
fb0da2ada3
NEW none[none]
e63b813015[0]
none [none] none:none
ASM:Graph
none:none
none|none
PolyEnE|
none|none none
lines=134
none none
trace
none

07:34:00 WinXP 12.64.78.129 (PRSERV.NET):
AT&T GLOBAL SERVICES,
CHICAGO, ILLINOIS, US. n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none[3] none:none
tElock| none trace

T:07:38:00 Win2K-f 120.138.155.139 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:42:00 WinXP 203.82.114.16 (MEDIATTI.NET):
MEDIATTI COMMUNICATIONS INC,
OKINAWA, OKINAWA, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 3 of 33
33 of 33 3ed16ae12d
NEW
79c01ec060
NEW 3ed16ae12d [1]
1bfd34056c[4] ASM:Graph
none:none
Armadillo|
tElock| lines=81
none trace
trace

T:08:33:00 WinXP 96.52.132.194 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 37 of 40
33 of 40 1263228be4
NEW
17e8ce56cd
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:08:33:00 WinXP 130.13.149.109 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

08:37:00 Win2K-f 59.114.199.229 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:08:50:00 Win2K-f 211.212.14.29 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 121.12.116.142:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl 135 pcap raw alerts
ruleset irc
132 lines Yeah : 1.8
profile none summary
tarball 30 of 33
28 of 33 533d15b5ce
NEW
58c343a8d8
NEW c67adf46e2 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=126
embedded dns
lines=91 trace
trace

T:08:58:00 WinXP 72.64.30.16 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
CHARLESTON, WEST VIRGINIA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:02:00 Win2K-f 130.13.13.174 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

T:09:08:00 Win2K-f 61.218.192.234 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:09:12:00 WinXP 209.42.181.81 (WISPNET.NET):
WISPNET LLC,
MURRAY, KENTUCKY, US. n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 3ae357d17b
NEW 462a7be171 [0] ASM:Graph
PolyEnE| lines=73 trace

T:09:19:00 WinXP 61.215.137.172 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
TOKYO, TOKYO, JP. (DSL) 61.120.62.28:3305 TH:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
580 lines Yeah : 1.8
profile none summary
tarball 39 of 40 70ec5c4b3f
NEW none[none] none:none
none|none none none

10:00:00 Win2K-f 122.155.9.122 (CDPM1.COM):
CAT TELECOM PUBLIC COMPANY LTD,
TH. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:12:00 WinXP 62.11.6.166 (DIALUP.TISCALI.IT):
TISCALI ITALIA SPA,
ROME, LAZIO, IT. (DIAL) n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80 445 pcap raw alerts
ruleset http
http
http
14 lines Yeah : 0.8
profile none summary
tarball 29 of 29 df17a625ee
NEW none[0] none:none
ASPack| lines=298
embedded dns trace

10:50:00 Win2K-f 60.48.221.235 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
PETALING JAYA, SELANGOR, MY. n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:50:00 WinXP 67.150.124.36 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
LOS ANGELES, CALIFORNIA, US. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:58:00 Win2K-f 60.48.221.235 (TM.NET.MY):
TELEKOM MALAYSIA BERHAD,
PETALING JAYA, SELANGOR, MY. n/a US:www.maxmind.com
:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:01:00 WinXP 208.127.168.213 (DSLEXTREME.COM):
DSL EXTREME,
WINNETKA, CALIFORNIA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 33 of 40
37 of 40 c7979fa25e
NEW
ff29fa6f09
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

11:08:00 WinXP 87.63.35.32 (CUSTOMER.TELE.DK):
TELEDANMARK,
DK. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 40 624d43be60
NEW none[none] none:none
none|none none none

11:10:00 Win2K-f 59.104.18.190 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:19:00 Win2K-f 59.104.18.190 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
208.78.69.70:80
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:21:00 WinXP 114.48.12.165 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW none[none] none:none
none|none none none

T:11:22:00 WinXP 98.28.108.38 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:11:23:00 WinXP 76.168.87.253 (RR.COM):
ROAD RUNNER HOLDCO LLC,
TUJUNGA, CALIFORNIA, US. n/a CA:xx.ka3ek.com
:zone2tech.info
67.215.1.206:80 135 pcap raw alerts
ruleset irc
551 lines Yeah : 1.3
profile none summary
tarball 39 of 40 05cfbe0bc5
NEW none[none] none:none
none|none none none

T:11:38:00 WinXP 130.15.133.22 (QUEENSU.CA):
QUEEN'S UNIVERSITY,
KINGSTON, ONTARIO, CA. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 37 of 39 5becc34c97
NEW none[none] none:none
none|none none none

T:11:52:00 WinXP 130.13.210.86 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
shell
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

T:11:59:00 WinXP 130.13.208.221 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset ftp
shell
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

T:12:06:00 WinXP 203.118.238.245 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:43:00 WinXP 12.64.66.39 (PRSERV.NET):
AT&T GLOBAL SERVICES,
CHICAGO, ILLINOIS, US. n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none[3] none:none
tElock| none trace

T:13:18:00 WinXP 99.166.178.81 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

13:29:00 Win2K-f 190.191.114.99 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:13:37:00 Win2K-f 190.191.114.99 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:13:43:00 WinXP 75.84.106.163 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (100Mbps) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] ASM:Graph
none|none lines=62 trace

14:14:00 WinXP 93.156.132.77 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:14:38:00 Win2K-f 70.117.157.9 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BEAUMONT, TEXAS, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:44:00 WinXP 189.61.58.149 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:14:54:00 WinXP 81.131.28.186 (BTOPENWORLD.COM):
BT-WEBPORT,
LONDON, ENGLAND, UK. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 25 of 32 8ad3105462
NEW none[4] none:none
none|none none trace

T:14:55:00 Win2K-f 66.109.177.244 (-):
EZ LOCAL ACCESS,
PARKERSBURG, WEST VIRGINIA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:15:21:00 Win2K-f 4.138.82.52 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
SUWANEE, GEORGIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
218 lines Yeah : 1.3
profile none summary
tarball 37 of 40
32 of 40 530e0ff476
NEW
a920535427
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:15:26:00 WinXP 70.182.94.147 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. n/a US:gg.arrancar.org
US:66.90.73.229:555 135 pcap raw alerts
ruleset other
348 lines Yeah : 1.3
profile none summary
tarball 36 of 39 b92cd2414d
NEW none[none] none:none
none|none none none

16:34:00 Win2K-f 186.100.188.181 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:64.246.48.99:666
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:16:53:00 Win2K-f 130.13.214.105 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

T:17:16:00 WinXP 130.13.209.50 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

T:17:40:00 Win2K-f 96.8.216.225 (-):
. 67.43.236.66:10324 83.68.16.6:5190 72.10.172.211:8080 CA:xx.nadnadzz.info
:xx.enterhere.biz
NL:xx.sqlteam.info
CA:xx.ka3ek.com
:zone2tech.info 135 pcap raw alerts
ruleset irc
http
308 lines Yeah : 1.8
profile none summary
tarball 25 of 39
29 of 38 367ce61cff
NEW
4e9fe62355
NEW 48128671a8 [none]
a6117c4a34[0] none:none
ASM:Graph
StarForce|
Mew| none
lines=425
embedded dns none
trace

T:17:50:00 WinXP 24.234.70.169 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

18:17:00 Win2K-f 190.246.229.90 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:18:27:00 WinXP 190.60.69.98 (IFX.NET.CO):
IFX NETWORKS COLOMBIA,
CO. n/a 135 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 14 of 40 9e361c4a7f
NEW none[none] none:none
none|none none none

T:18:31:00 WinXP 4.159.107.54 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ROCHESTER, MINNESOTA, US. (DIAL) n/a DE:siliconfireware.ru
:wpad
US:searchportal.information.com
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
5 lines Yeah : 0.8
profile none summary
tarball 31 of 40 d0368f6fba
NEW none[none] none:none
none|none none none

18:58:00 Win2K-f 89.19.15.50 (CIZGIBILGISAYAR.COM):
CIZGI BILGISAYAR SISTEMLERI SAN. TIC. LTD. STI,
TR. n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:47:00 Win2K-f 203.180.132.189 (IIJ4U.OR.JP):
IIJ INTERNET,
JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:08:00 WinXP 4.141.71.245 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WHITEHALL, NEW YORK, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
117 lines Yeah : 1.3
profile none summary
tarball 36 of 40
37 of 40 16b4707df9
NEW
b8607fc9ba
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

20:09:00 Win2K-f 94.102.14.173 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:20:17:00 Win2K-f 206.15.95.171 (WARYUREN.COM):
ENOVATE NETWORKS INC,
LOS ANGELES, CALIFORNIA, US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a73c16ccd0
NEW none[none] none:none
none|none none none

21:11:00 Win2K-f 173.45.103.204 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

21:13:00 Win2K-f 190.55.245.8 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:21:17:00 Win2K-f 173.45.103.204 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
EU:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:21:53:00 Win2K-f 71.102.161.212 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 39
35 of 39 4cbbc9cdc3
NEW
86d4950962
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:21:59:00 WinXP 69.85.144.192 (O1.COM):
O1.COM,
OAKLAND, CALIFORNIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:02:00 Win2K-f 173.19.143.126 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:22:25:00 WinXP 94.128.20.103 (-):
. n/a DE:siliconfireware.ru
:www.proxy-socks.net
:wpad
US:searchportal.information.com
US:spi.domainsponsor.com
DE:212.227.111.29:80
EU:78.47.200.154:80 445 pcap raw alerts
ruleset http
http
6 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
NEW none[0] none:none
ASPack| lines=281
embedded dns trace

T:22:27:00 Win2K-f 130.13.208.26 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a 135 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 11 of 40 59830c1a23
NEW none[none] none:none
PeCompact| none none

T:22:46:00 Win2K-f 70.166.101.182 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:05:00 WinXP 24.85.37.2 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
RICHMOND, BRITISH COLUMBIA, CA. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 37 of 40
38 of 40 2721d2b151
NEW
b044168966
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:23:16:00 Win2K-f 110.9.174.244 (-):
. 121.12.116.142:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com 135 pcap raw alerts
ruleset irc
133 lines Yeah : 1.8
profile none summary
tarball 29 of 32
28 of 32 8a75955033
NEW
9276c8b36b
NEW none[4]
9276c8b36b[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:23:30:00 Win2K-f 69.232.18.154 (PACBELL.NET):
HI STYLES FASHIONS INC,
PLANO, TEXAS, US. (DSL) 121.12.116.142:65520 CN:brenz.pl
CN:lometr.pl
:onuka.cn
US:ns4.msft.net
US:alt2.gmail-smtp-in.l.google.com
US:alt3.gmail-smtp-in.l.google.com
US:alt4.gmail-smtp-in.l.google.com
US:alt1.gmail-smtp-in.l.google.com
CN:121.12.116.142:65520
94.75.207.146:80 135 pcap raw alerts
ruleset irc
http
256 lines Yeah : 1.3
profile none summary
tarball 7 of 40
24 of 40
19 of 40 abf828b2d5
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

23:46:00 Win2K-f 190.105.29.247 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace