Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

18 June 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

01:22:00 Win2K-f 59.90.74.17 (10/24.BSNL.IN):
NIB (NATIONAL INTERNET BACKBONE),
DELHI, DELHI, IN. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:25:00 WinXP 121.121.75.6 (MAXIS.NET.MY):
MAXIS COMMUNICATIONS BHD,
MY. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 38 of 40 cdbb312d0a
NEW 8050e5ba3e [0] none:none
PolyEnE| none trace

T:01:37:00 Win2K-f 219.250.172.236 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 4c3df24b32
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

02:00:00 WinXP 121.121.75.6 (MAXIS.NET.MY):
MAXIS COMMUNICATIONS BHD,
MY. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 38 of 40 cdbb312d0a
NEW 8050e5ba3e [0] none:none
PolyEnE| none trace

T:02:29:00 Win2K-f 118.223.131.151 (-):
. 114.80.101.21:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:click.winrar2009.cn
CN:ppc0614.winrar2009.cn
CN:brenz.pl
CN:click0614.winrar2009.cn
CN:lometr.pl
:onuka.cn
US:alt4.gmail-smtp-in.l.google.com
US:alt1.gmail-smtp-in.l.google.com
US:alt3.gmail-smtp-in.l.google.com
US:208.109.234.200:80
208.115.108.122:3954
CN:222.138.109.32:80
CN:222.186.13.27:80
US:67.19.219.74:80
US:74.53.96.138:80
94.75.207.146:80
95.129.144.178:80 135 pcap raw alerts
ruleset irc
http
177 lines Yeah : 1.8
profile none summary
tarball 2 of 41
30 of 33
28 of 33
11 of 41
27 of 41
24 of 40
19 of 40 20f346512b
NEW
533d15b5ce
NEW
58c343a8d8
NEW
d3305754f6
NEW
eefb6d217d
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW 90419de3ae [0]
c67adf46e2[0]
none [0]
c692d7d45e[0]
230036ecf3[0]
ff7d442dd1[0]
dce19a471e[0] none:none
ASM:Graph
none:none
none:none
ASM:Graph
none:none
none:none
StarForce|
tElock|
Armadillo|
Armadillo|
StarForce|
none|none
none|none none
lines=126
embedded dns
lines=91
none
lines=6
none
none trace
trace
trace
trace
trace
trace
trace

02:36:00 Win2K-f 124.112.95.58 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:02:45:00 Win2K-f 124.112.95.58 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:02:47:00 Win2K-f 115.69.141.141 (-):
. 121.12.116.142:65520
208.115.108.122:3954
208.115.112.138:3954 445 pcap raw alerts
ruleset irc
http
34 lines Yeah : 0.8
profile none summary
tarball 19 of 40 f37b5a8f0c
NEW dce19a471e [0] none:none
none|none none trace

T:03:05:00 WinXP 213.240.15.164 (ISTRA.CO.YU):
YUNET INTERNATIONAL,
CS. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com 445 pcap raw alerts
ruleset http
http
10 lines Yeah : 0.8
profile none summary
tarball 28 of 29 330eaa2da2
NEW none[3] none:none
ASPack| none trace

T:03:24:00 WinXP 151.16.209.102 (38-151.NET24.IT):
IUNET-BNET,
IT. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

03:38:00 Win2K-f 95.89.123.114 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

T:03:47:00 Win2K-f 95.89.123.114 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
US:64.246.48.99:666
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

04:32:00 Win2K-f 112.202.62.223 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:04:40:00 WinXP 193.219.119.92 (-):
S.C.TORO ELECTRONIC SRL,
RO. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:05:23:00 Win2K-f 173.22.232.92 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:26:00 WinXP 24.234.70.169 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:39:00 WinXP 114.48.24.139 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 37 1987904b12
NEW 9fd17c99f9 [0] ASM:Graph
PolyEnE| lines=68 trace

T:05:59:00 WinXP 79.163.63.67 (-):
IDEA,
PL. 114.80.101.21:65520 121.12.116.142:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
DE:dl2.guarddog2009.com
:www.google.com
:upr15may.com
CN:lometr.pl
GB:zz-dns.com
114.80.101.21:65520
CN:211.95.79.6:80 445 pcap raw alerts
ruleset ftp
irc
http
http
http
49 lines Yeah : 1.3
profile none summary
tarball 38 of 40
12 of 30
25 of 41
19 of 40 7bc8d57d8c
NEW
ca557e7460
NEW
def0132311
NEW
f37b5a8f0c
NEW be025ab204 [0]
42d57774ef[0]
7a31307d90[0]
dce19a471e[0] none:none
none:none
none:none
none:none
none|none
none|none
ASProtect|
none|none none
none
none
none trace
trace
trace
trace

T:06:02:00 WinXP 71.112.8.168 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BOTHELL, WASHINGTON, US. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 41 2d16d63f91
NEW 27cb26ee14 [0] none:none
PolyEnE| none trace

06:12:00 WinXP 193.219.119.92 (-):
S.C.TORO ELECTRONIC SRL,
RO. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:06:18:00 WinXP 190.68.189.26 (TELECOM.COM.CO):
COLOMBIA TELECOMUNICACIONES S.A. ESP,
CO. 121.12.116.142:65520 CN:click.winrar2009.cn
:upr15may.com
CN:ppc0614.winrar2009.cn
CN:click0614.winrar2009.cn
CN:brenz.pl
CN:heyjoy.cn
:bfkq.com
CN:lometr.pl
US:xz.ub9.net
CN:6oxy.com
CN:vcy2.com
US:jsactivity.com
CN:stat.winrar2009.cn
CN:js.users.51.la
CN:121.11.69.211:80
74.54.201.210:8392
74.55.37.210:8392 445 pcap raw alerts
ruleset irc
http
http
http
198 lines Yeah : 1.3
profile none summary
tarball 2 of 41
27 of 41
3 of 41
13 of 40
10 of 40
19 of 40 20f346512b
NEW
8ce5938195
NEW
8f8299cae5
NEW
c2eecd2b27
NEW
e0d9f6d426
NEW
f37b5a8f0c
NEW 90419de3ae [0]
1e1dbc3230[0]
790d80ae6d[0]
9faaf38f58[0]
c7b6d8d1db[0]
dce19a471e[0] none:none
none:none
none:none
none:none
none:none
none:none
StarForce|
none|none
StarForce|
StarForce|
ASPack|
none|none none
none
none
none
none
none trace
trace
trace
trace
trace
trace

06:28:00 Win2K-f 59.94.102.112 (10/24.BSNL.IN):
NIB (NATIONAL INTERNET BACKBONE),
GURGAON, HARYANA, IN. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 223d8089f8
NEW none[3] none:none
StarForce| none trace

07:11:00 Win2K-f 122.121.221.42 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

08:27:00 Win2K-f 85.36.168.106 (BUSINESS.TELECOMITALIA.IT):
COMUNE DI VENARIA REALE,
IT. (100Mbps) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:64.246.48.99:666
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 917c085aca
NEW none[3] none:none
Armadillo| none trace

T:09:14:00 Win2K-f 207.5.209.117 (GWI.NET):
GREAT WORKS INTERNET,
ROCHESTER, NEW HAMPSHIRE, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

09:40:00 Win2K-f 58.27.213.11 (-):
NATIONAL WIMAX/IMS ENVIRONMENT,
PK. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:09:50:00 Win2K-f 58.27.213.11 (-):
NATIONAL WIMAX/IMS ENVIRONMENT,
PK. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:04:00 WinXP 99.191.228.97 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:10:11:00 WinXP 114.137.86.8 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball none none none none none none none

T:10:20:00 Win2K-f 24.234.68.115 (COX.NET):
COX COMMUNICATIONS INC,
LAS VEGAS, NEVADA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

10:38:00 Win2K-f 82.244.121.171 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
EU:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:11:39:00 WinXP 83.5.57.22 (TPNET.PL):
NEOSTRADA PLUS,
TYCHY, SLASKIE, PL. (DSL) 121.12.116.142:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
CN:lometr.pl
CN:click.winrar2009.cn
CN:ppc0614.winrar2009.cn
CN:click0614.winrar2009.cn
CN:heyjoy.cn
:bfkq.com
CN:6oxy.com
:xz.ub9.net
CN:vcy2.com
CN:stat.winrar2009.cn
CN:js.users.51.la
CN:icon.ajiang.net
CN:web2.51.la
US:jsactivity.com
US:74.52.142.226:8392
74.54.201.210:8392 445 pcap raw alerts
ruleset http
irc
194 lines Yeah : 1.3
profile none summary
tarball 2 of 41
11 of 39
9 of 40
3 of 41
7 of 41
10 of 41
37 of 39
10 of 40
19 of 40 20f346512b
NEW
31a7f4355c
NEW
6bce6d0b9e
NEW
8f8299cae5
NEW
bf52cc656a
NEW
bfde2797a4
NEW
dab4da4e21
NEW
e0d9f6d426
NEW
f37b5a8f0c
NEW 90419de3ae [0]
f311468a65[0]
9faaf38f58[0]
790d80ae6d[0]
c692d7d45e[0]
none [4]
e63b813015[0]
c7b6d8d1db[0]
dce19a471e[0] none:none
none:none
none:none
none:none
none:none
none:none
ASM:Graph
none:none
none:none
StarForce|
StarForce|
StarForce|
StarForce|
Armadillo|
Mew|
PolyEnE|
ASPack|
none|none none
none
none
none
none
none
lines=134
none
none trace
trace
trace
trace
trace
trace
trace
trace
trace

T:11:58:00 WinXP 92.40.131.6 (IKBCC.COM):
EU-ZZ,
UK. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:12:10:00 WinXP 71.120.66.150 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
BLOOMINGTON, ILLINOIS, US. n/a :gg.arrancar.org
US:66.90.73.229:555 135 pcap raw alerts
ruleset other
144 lines Yeah : 1.3
profile none summary
tarball 39 of 40 10980f4df2
NEW 1fd3385a95 [0] ASM:Graph
none|none lines=556 trace

12:23:00 Win2K-f 211.20.204.156 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:13:10:00 WinXP 212.124.4.8 (-):
ALPES-NETWORKS,
FR. 114.80.101.21:65520 CN:proxim.ircgalaxy.pl
CN:click.winrar2009.cn
CN:ppc0614.winrar2009.cn
CN:click0614.winrar2009.cn
CN:heyjoy.cn
:bfkq.com
CN:brenz.pl
CN:lometr.pl
US:xz.ub9.net
CN:6oxy.com
CN:vcy2.com
CN:stat.winrar2009.cn
CN:js.users.51.la
CN:icon.ajiang.net
CN:web2.51.la
US:jsactivity.com
CN:ask.ipk8888.cn
CN:218.6.19.103:80
74.54.201.210:8392 445 pcap raw alerts
ruleset http
irc
191 lines Yeah : 1.3
profile none summary
tarball 2 of 41
11 of 39
9 of 40
3 of 41
39 of 41
7 of 40
10 of 41
10 of 40
19 of 40 20f346512b
NEW
31a7f4355c
NEW
6bce6d0b9e
NEW
8f8299cae5
NEW
b3a8d7fa5a
NEW
bc8b9443ab
NEW
bfde2797a4
NEW
e0d9f6d426
NEW
f37b5a8f0c
NEW 90419de3ae [0]
f311468a65[0]
9faaf38f58[0]
790d80ae6d[0]
b5922da65f[0]
c692d7d45e[0]
none [4]
c7b6d8d1db[0]
dce19a471e[0] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
none:none
StarForce|
StarForce|
StarForce|
StarForce|
PolyEnE|
Armadillo|
Mew|
ASPack|
none|none none
none
none
none
none
none
none
none
none trace
trace
trace
trace
trace
trace
trace
trace
trace

T:13:44:00 WinXP 98.156.71.175 (-):
. n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
RU:www.bbin.ru
RU:www.binbank.ru
:wpad 445 pcap raw alerts
ruleset http
http
http
http
40 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
NEW none[0] none:none
ASPack| lines=281
embedded dns trace

T:13:50:00 Win2K-f 203.118.235.215 (-):
GRAND TAINAN TECHNOLOGY CO.LTD,
TAINAN, KAO-HSIUNG, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

14:23:00 Win2K-f 190.134.210.30 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:14:45:00 WinXP 174.0.241.102 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 38 of 41 47689cd2e0
NEW 349cf82a2d [0] none:none
PolyEnE| none trace

T:14:51:00 Win2K-f 72.181.32.57 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:15:06:00 WinXP 189.75.232.147 (-):
. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 29 of 29 f502585714
NEW none[0] none:none
PolyEnE| lines=63 trace

T:15:55:00 Win2K-f 172.190.33.33 (AOL.COM):
AMERICA ONLINE,
RESTON, VIRGINIA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
171 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:24:00 WinXP 70.166.101.182 (COX.NET):
COX COMMUNICATIONS,
PHOENIX, ARIZONA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

16:56:00 Win2K-f 190.246.229.90 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:checkip.dyndns.org
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:17:04:00 Win2K-f 190.246.229.90 (-):
. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset lanman
http
31 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:17:14:00 Win2K-f 60.249.37.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 34 of 38
35 of 38 38ed850a0e
NEW
b9297745a1
NEW 46990f37cd [0]
4294884d84[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace

T:17:21:00 Win2K-f 216.208.241.25 (GROUPTELECOM.NET):
BELL CANADA,
TORONTO, ONTARIO, CA. n/a 135 pcap raw alerts
ruleset other
123 lines Yeah : 1.3
profile none summary
tarball 37 of 41 d2b40c91a1
NEW fbaa414397 [0] none:none
Armadillo| none trace

T:17:53:00 WinXP 124.195.155.99 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:21:00 Win2K-f 76.166.135.18 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LANCASTER, CALIFORNIA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:18:29:00 WinXP 208.103.158.22 (CORETEL.NET):
CORETEL AMERICA INC,
ANNAPOLIS, MARYLAND, US. n/a 135 pcap raw alerts
ruleset other
5 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

18:42:00 Win2K-f 190.55.158.145 (-):
. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

19:10:00 Win2K-f 81.28.116.189 (NS2.SAMA.JO):
INTERNET USERS (DSL DIALUP),
JO. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:19:00 Win2K-f 81.28.116.189 (NS2.SAMA.JO):
INTERNET USERS (DSL DIALUP),
JO. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:19:41:00 WinXP 83.28.197.114 (TPNET.PL):
NEOSTRADA PLUS,
LUBLIN, LUBELSKIE, PL. (DSL) n/a :proxima.ircgalaxy.pl
:moscow-advokat.ru
114.80.101.21:65520 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 c392067a90
NEW d83160e550 [0] none:none
PolyEnE| none trace

T:20:23:00 Win2K-f 118.87.20.65 (-):
. 61.120.62.28:3305 GB:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
603 lines Yeah : 1.8
profile none summary
tarball 36 of 39 f5114d3371
NEW 330af0d74b [0] none:none
StarForce| none trace

T:21:06:00 WinXP 72.21.142.118 (-):
ACETECH USA INC,
LIBERTY LAKE, WASHINGTON, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
RU:www.bbin.ru
RU:www.binbank.ru 445 pcap raw alerts
ruleset http
http
http
http
36 lines Yeah : 0.8
profile none summary
tarball 0 of 41
29 of 29 c2755e5248
NEW
df17a625ee
NEW none[4]
none [0] none:none
none:none
none|none
ASPack| none
lines=298
embedded dns trace
trace

T:21:13:00 WinXP 119.154.60.84 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

22:33:00 Win2K-f 125.21.50.180 (59.AIRTELBROADBAND.IN):
BHARTI TELEVENTURES LIMITED A/C ABTS MP,
BHOPAL, MADHYA PRADESH, IN. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:23:36:00 WinXP 196.20.165.123 (-):
MAURITIUS TELECOM,
MU. 114.80.101.21:65520 121.12.116.142:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
CN:lometr.pl
CN:click.winrar2009.cn
CN:210.51.51.150:88
CN:211.95.79.6:80 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball 38 of 40
10 of 41
19 of 40 0658d04f28
NEW
bfde2797a4
NEW
f37b5a8f0c
NEW 07f788a60e [0]
none [4]
dce19a471e[0] none:none
none:none
none:none
PolyEnE|
Mew|
none|none none
none
none trace
trace
trace

T:23:40:00 Win2K-f 24.66.117.254 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BARRIE, ONTARIO, CA. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
222 lines Yeah : 1.3
profile none summary
tarball 34 of 36
32 of 36 2778910f2e
NEW
7f3f6fd066
NEW c0081ab98f [0]
b493126b1e[0] none:none
none:none
PolyEnE|
Armadillo| none
none trace
trace