Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

26 June 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:24:00 WinXP 207.5.236.176 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:46:00 WinXP 115.81.221.84 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none c05290bb06
NEW dddfe6a7fe [0] none:none
PolyEnE| none trace

T:01:01:00 Win2K-f 71.115.148.207 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
DENTON, TEXAS, US. (100Mbps) 61.120.62.28:3305 KR:cx10man.weedns.com 135 pcap raw alerts
ruleset irc
607 lines Yeah : 1.8
profile none summary
tarball 38 of 41 ebe3c9e82b
NEW 4f5a351416 [0] none:none
StarForce| none trace

01:10:00 Win2K-f 84.235.6.129 (SAUDI.NET.SA):
SAUDINET-INFRASTRUCTURE,
DAMMAM, ASH SHARQIYAH, SA. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:01:19:00 Win2K-f 84.235.6.129 (SAUDI.NET.SA):
SAUDINET-INFRASTRUCTURE,
DAMMAM, ASH SHARQIYAH, SA. n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:64.246.48.99:666
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

01:26:00 WinXP 122.55.151.165 (PLDT.NET):
IPG,
PH. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none 4fbedbfe15
NEW c6d4932011 [0] none:none
none|none none trace

T:01:54:00 WinXP 114.45.109.125 (-):
. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:02:07:00 Win2K-f 208.125.40.153 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BINGHAMTON, NEW YORK, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:02:12:00 WinXP 114.48.194.80 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:02:58:00 WinXP 114.48.66.12 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:03:38:00 WinXP 81.159.39.124 (BTCENTRALPLUS.COM):
BT-CENTRAL-PLUS,
LONDON, ENGLAND, UK. n/a 135 pcap raw alerts
ruleset other
10 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

03:55:00 Win2K-f 59.104.88.55 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
US:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:04:04:00 Win2K-f 59.104.88.55 (SEED.NET.TW):
DIGITAL UNITED I,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:04:21:00 Win2K-f 61.218.193.250 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

04:25:00 Win2K-f 190.254.90.86 (-):
. n/a US:www.maxmind.com
:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
208.78.68.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:35:00 WinXP 203.73.84.253 (SEED.NET.TW):
DIGITAL UNITED INC,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:04:50:00 Win2K-f 174.1.105.102 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:04:59:00 Win2K-f 70.167.73.201 (COX.NET):
COX COMMUNICATIONS,
VINCENNES, INDIANA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:05:04:00 WinXP 220.219.3.36 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:05:13:00 Win2K-f 120.138.145.50 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

05:39:00 WinXP 110.10.253.79 (-):
. 221.5.74.39:65520 CN:goasi.cn
CN:lometr.pl
CN:brenz.pl
:onuka.cn
CN:222.186.13.27:80
67.215.233.58:2085
72.167.37.74:80 139 pcap raw alerts
ruleset irc
http
http
566 lines Yeah : 1.3
profile none summary
tarball 18 of 41
0 of 41
39 of 41
24 of 40
19 of 40 4efa213b79
NEW
681c9f3327
NEW
a1f6a65508
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW 9e7dff694f [0]
none [4]
6540d7f2f3[0]
ff7d442dd1[0]
dce19a471e[0] none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none trace
trace
trace
trace
trace

T:05:50:00 WinXP 114.48.21.231 (-):
. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 37 1987904b12
NEW 9fd17c99f9 [0] ASM:Graph
PolyEnE| lines=68 trace

06:06:00 WinXP 62.162.167.124 (-):
MOBI IP SUBNET,
OHRID, OHRID, MK. n/a 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 38 of 41 bb36f3840d
NEW 5b6906c2ab [0] none:none
pex| none trace

T:06:33:00 WinXP 118.19.59.235 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
17 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

T:07:42:00 Win2K-f 203.91.168.214 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:08:10:00 WinXP 93.102.64.3 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 135 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 31 of 32 17028f1eda
NEW none[3] none:none
tElock| none trace

T:08:20:00 Win2K-f 99.164.106.141 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:08:20:00 Win2K-f 110.8.13.140 (-):
. n/a 135 pcap raw alerts
ruleset other
53 lines Yeah : 1.3
profile none summary
tarball 3 of 41 a411897d1a
NEW a4ef478c53 [0] none:none
Armadillo| none trace

08:42:00 Win2K-f 217.31.178.96 (BITNET.NU):
ADSL FOR PRIVATE CUSTOMERS,
BORLäNGE, DALARNAS, SE. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
:getmyip.co.uk
US:64.246.48.99:666
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:08:51:00 WinXP 212.200.146.154 (SR.GOV.YU):
UPRAVA ZA ZAJEDNICKE POSLOVE REPUBLICKIH ORGANA,
CS. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 b6a0232811
NEW 810385d12c [0] none:none
PolyEnE| none trace

T:08:52:00 Win2K-f 217.31.178.96 (BITNET.NU):
ADSL FOR PRIVATE CUSTOMERS,
BORLäNGE, DALARNAS, SE. (DSL) n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:09:23:00 Win2K-f 98.141.161.252 (-):
. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:09:25:00 WinXP 70.245.28.219 (SWBELL.NET):
PPPOX POOL - BRAS3 OKCYOK,
OKLAHOMA CITY, OKLAHOMA, US. (DIAL) n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:10:28:00 Win2K-f 202.137.188.43 (CCNETMIE.NE.JP):
C-TECH CORPORATION,
TOYOKAWA, AICHI, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=81
lines=75
embedded dns trace
trace

T:10:42:00 WinXP 83.6.50.223 (TPNET.PL):
NEOSTRADA PLUS,
LUBLIN, LUBELSKIE, PL. (DSL) 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
CN:goasi.cn
CN:lometr.pl
CN:brenz.pl
:onuka.cn 445 pcap raw alerts
ruleset http
irc
http
http
http
http
126 lines Yeah : 1.3
profile none summary
tarball 18 of 41
37 of 39
24 of 40
19 of 40 4efa213b79
NEW
dab4da4e21
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW 9e7dff694f [0]
e63b813015[0]
ff7d442dd1[0]
dce19a471e[0] none:none
ASM:Graph
none:none
none:none
none|none
PolyEnE|
none|none
none|none none
lines=134
none
none trace
trace
trace
trace

10:43:00 Win2K-f 81.56.112.107 (PROXAD.NET):
PROXAD / FREE SAS,
LYON, RHONE-ALPES, FR. n/a US:www.maxmind.com
EU:checkip.dyndns.org
:getmyip.co.uk
US:www.getmyip.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:10:52:00 Win2K-f 81.56.112.107 (PROXAD.NET):
PROXAD / FREE SAS,
LYON, RHONE-ALPES, FR. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:64.246.48.99:666
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:11:00 Win2K-f 203.91.186.175 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:42:00 WinXP 95.220.218.118 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:13:40:00 WinXP 94.196.88.9 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 40 824d6a706e
NEW a66fd13bcb [0] none:none
PolyEnE| none trace

T:13:41:00 Win2K-f 208.103.158.37 (CORETEL.NET):
CORETEL AMERICA INC,
ANNAPOLIS, MARYLAND, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
74 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:44:00 Win2K-f 204.183.123.121 (-):
AA/TWA RESERVATIONS,
TULSA, OKLAHOMA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 36 of 41
38 of 41 4d4b7efca2
NEW
539d61fc06
NEW ec83dac222 [0]
c3af874c93[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:13:51:00 WinXP 81.57.58.69 (PROXAD.NET):
PROXAD / FREE TELECOM,
PARIS, ILE-DE-FRANCE, FR. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 41 7f38ca84af
NEW 89991cf07f [0] none:none
PolyEnE| none trace

T:14:38:00 Win2K-f 174.6.218.142 (-):
. 61.120.62.28:3305 GB:cx10man.weedns.com
GB:fx010413.whyI.org
JP:61.120.62.28:3305 135 pcap raw alerts
ruleset irc
607 lines Yeah : 1.8
profile none summary
tarball 37 of 41 3b16f8252c
NEW c8a5de145b [0] none:none
StarForce| none trace

14:40:00 Win2K-f 202.132.132.28 (TTN.NET):
TAIWAN TELECOMMUNICATION NETWORK SERVICES CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:www.maxmind.com
:getmyip.co.uk
US:www.getmyip.org
:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:14:54:00 WinXP 173.28.194.104 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
36 of 41 84095d6bdf
NEW
f23d74cd1d
NEW 39a06e182e [0]
e127ec599c[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:15:43:00 Win2K-f 24.77.242.138 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
1009 lines Yeah : 1.3
profile none summary
tarball 9 of 41 74e1b14f4a
NEW none[3] none:none
ASProtect| none trace

T:16:21:00 WinXP 66.53.81.13 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
PHOENIX, ARIZONA, US. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:16:28:00 Win2K-f 63.17.179.202 (UU.NET):
UUNET TECHNOLOGIES INC,
US. n/a 135 pcap raw alerts
ruleset other
119 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

16:28:00 Win2K-f 190.220.78.242 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 dc331fb791
NEW none[3] none:none
UPX| none trace

T:16:30:00 Win2K-f 4.236.111.137 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NEW YORK, NEW YORK, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
81 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:17:47:00 Win2K-f 96.51.7.187 (-):
. n/a 135 pcap raw alerts
ruleset other
55 lines Yeah : 1.3
profile none summary
tarball 0 of 32 73f1082158
NEW none[0] none:none
Armadillo| lines=90 trace

T:17:56:00 WinXP 114.48.67.146 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:18:07:00 WinXP 116.82.178.247 (OCN.NE.JP):
FUJITSU LIMITED,
JP. n/a 445 pcap raw alerts
ruleset ftp
12 lines Yeah : 0.8
profile none summary
tarball 29 of 29 1a2c0e6130
NEW none[0] none:none
none|none lines=60 trace

T:18:34:00 Win2K-f 96.48.10.185 (-):
. n/a :teek.ihshsd8.com
CN:done.blacktiehsbdcs.com 135 pcap raw alerts
ruleset irc
http
265 lines Yeah : 1.3
profile none summary
tarball 7 of 39
37 of 41 0616ff8c4f
NEW
bd133be999
NEW a0fa7f1f71 [0]
503a67cfa9[0] none:none
none:none
PENinja S|
StarForce| none
none trace
trace

T:19:10:00 WinXP 99.174.144.82 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:19:17:00 WinXP 99.128.63.250 (-):
. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
NEW none[0] none:none
PolyEnE| lines=57 trace

T:19:25:00 WinXP 41.243.152.164 (TELKOM-IPNET.CO.ZA):
AFRINIC,
JOHANNESBURG, GAUTENG, ZA. 83.68.16.6:6556 NL:0xff.lsass.cc
:0xff.lsass.net
NL:0xff.lsass.org
:0xff.devtech.us
:0xff.memzero.info
NL:83.68.16.6:6556 135 pcap raw alerts
ruleset other
260 lines Yeah : 1.8
profile none summary
tarball 5 of 41
39 of 41 26a4197727
NEW
349cf2e831
NEW none[3]
ac9801d19a[0] none:none
none:none
none|none
none|none none
none trace
trace

T:19:50:00 Win2K-f 202.124.3.9 (TAKAMORI.NE.JP):
TAKAMORI TOWN OFFICE,
JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:26:00 Win2K-f 4.189.47.241 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
KILLEEN, TEXAS, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
172 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:20:59:00 Win2K-f 70.74.200.215 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
222 lines Yeah : 1.3
profile none summary
tarball 37 of 41
38 of 41 4180c19d91
NEW
b6e91e001c
NEW 9f3f2de385 [0]
d2275a6cf5[0] none:none
none:none
Armadillo|
PolyEnE| none
none trace
trace

T:21:02:00 Win2K-f 220.229.211.147 (SPARQNET.NET):
NEW CENTURY INFOCOMM TECH CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:21:29:00 WinXP 24.80.173.47 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a RU:m.drd3h.com
RU:89.221.18.86:6668 139 pcap raw alerts
ruleset ftp
irc
22 lines Yeah : 0.8
profile none summary
tarball 38 of 41 1f3842f20e
NEW 54b7d6cc0d [0] none:none
ASPack| none trace

T:21:34:00 Win2K-f 204.181.141.157 (OXFORDNETWORKS.NET):
OXFORD NETWORKS,
BUCKFIELD, MAINE, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 36 of 41
38 of 41 4d4b7efca2
NEW
539d61fc06
NEW ec83dac222 [0]
c3af874c93[0] none:none
none:none
Armadillo|
tElock| none
none trace
trace

T:21:44:00 Win2K-f 125.4.235.169 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
JP. n/a :dong.nagitiriheiwu.net
CN:italian.swiifatecihno.com 135 pcap raw alerts
ruleset irc
http
616 lines Yeah : 1.3
profile none summary
tarball 7 of 39
39 of 41 0616ff8c4f
NEW
1cd802d624
NEW a0fa7f1f71 [0]
5d1f5c7c14[0] none:none
none:none
PENinja S|
ASPack| none
none trace
trace

21:58:00 Win2K-f 190.64.61.137 (ANTELDATA.NET.UY):
ADMINISTRACION NACIONAL DE TELECOMUNICACIONES,
MONTEVIDEO, MONTEVIDEO, UY. (DIAL) n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:www.getmyip.org
:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:22:55:00 WinXP 96.8.216.225 (-):
. n/a :xx.enterhere.biz
CA:xx.ka3ek.com
:zone2tech.info
67.215.1.206:80 135 pcap raw alerts
ruleset irc
308 lines Yeah : 1.3
profile none summary
tarball 29 of 38 4e9fe62355
NEW a6117c4a34 [0] ASM:Graph
Mew| lines=425
embedded dns trace

T:23:03:00 WinXP 118.108.101.169 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] ASM:Graph
none|none lines=61 trace

T:23:36:00 Win2K-f 211.210.232.140 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 218.93.205.24:65520 US:microsoft.com
CN:proxim.ircgalaxy.pl
CN:goasi.cn
CN:lometr.pl
CN:brenz.pl
:onuka.cn
US:ns5.msft.net
US:ns2.msft.net
:alt2.gmail-smtp-in.l.google.com
US:alt4.gmail-smtp-in.l.google.com
US:alt1.gmail-smtp-in.l.google.com
US:alt3.gmail-smtp-in.l.google.com
CN:222.186.13.27:80
US:64.56.64.63:3954
US:66.197.252.149:3954
US:67.19.219.74:80
US:74.53.96.138:80 135 pcap raw alerts
ruleset irc
http
310 lines Yeah : 1.8
profile none summary
tarball 18 of 41
38 of 40
38 of 40
24 of 40
19 of 40 4efa213b79
NEW
66863cfb13
NEW
e8dfca0741
NEW
f1bb8174e3
NEW
f37b5a8f0c
NEW 9e7dff694f [0]
fca240f318[0]
20dfd2147c[0]
ff7d442dd1[0]
dce19a471e[0] none:none
none:none
none:none
none:none
none:none
none|none
Armadillo|
tElock|
none|none
none|none none
none
none
none
none trace
trace
trace
trace
trace

23:55:00 Win2K-f 89.19.15.2 (CIZGIBILGISAYAR.COM):
CIZGI BILGISAYAR SISTEMLERI SAN. TIC. LTD. STI,
TR. n/a US:www.maxmind.com
:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace