Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

30 June 2009
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:10:00 Win2K-f 118.220.199.109 (-):
. 218.93.205.24:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:brenz.pl
CN:lometr.pl 135 pcap raw alerts
ruleset irc
http
139 lines Yeah : 1.8
profile none summary
tarball 7 of 41
9 of 41
30 of 33
28 of 33
19 of 40 18dfbbc85b
NEW
1ff1b53653
NEW
533d15b5ce
NEW
58c343a8d8
NEW
f37b5a8f0c
NEW 4f6fcecea3 [0]
none [4]
c67adf46e2[0]
none [0]
dce19a471e[0] none:none
none:none
ASM:Graph
none:none
none:none
UPX|
Mew|
tElock|
Armadillo|
none|none none
none
lines=126
embedded dns
lines=91
none trace
trace
trace
trace
trace

T:00:18:00 WinXP 74.214.47.11 (METROCAST.NET):
GMP CABLE TV,
BERWICK, PENNSYLVANIA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:24:00 Win2K-f 71.181.173.172 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
WILKES BARRE, PENNSYLVANIA, US. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
http
10 lines Yeah : 0.8
profile none summary
tarball 19 of 40 f37b5a8f0c
NEW dce19a471e [0] none:none
none|none none trace

T:00:28:00 WinXP 4.226.225.57 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BANDERA, TEXAS, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:01:04:00 WinXP 86.105.122.82 (-):
SC HQS SRL,
CLUJ-NAPOCA, CLUJ, RO. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 41 e49bd14db6
NEW cd910f4cfa [0] none:none
PolyEnE| none trace

T:01:18:00 WinXP 117.254.58.81 (-):
. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball none c05290bb06
NEW dddfe6a7fe [0] none:none
PolyEnE| none trace

T:01:44:00 Win2K-f 96.10.95.74 (-):
. n/a 135 pcap raw alerts
ruleset other
255 lines Yeah : 1.3
profile none summary
tarball none a4dde6f9e4
NEW none[4] none:none
none|none none trace

T:02:13:00 WinXP 88.147.173.8 (SAN.RU):
NETWORK OF SARATOV BRANCH OF OJSC VOLGATELECOM,
SARATOV, SARATOVSKAYA OBLAST', RU. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
CN:lometr.pl
CN:221.5.74.39:65520 445 pcap raw alerts
ruleset http
irc
18 lines Yeah : 1.3
profile none summary
tarball 38 of 40
9 of 41
19 of 40 0658d04f28
NEW
1ff1b53653
NEW
f37b5a8f0c
NEW 07f788a60e [0]
none [4]
dce19a471e[0] none:none
none:none
none:none
PolyEnE|
Mew|
none|none none
none
none trace
trace
trace

02:15:00 Win2K-f 212.59.11.84 (ZEBRA.LT):
LIETUVOS,
VILNIUS, VILNIAUS APSKRITIS, LT. (100Mbps) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:getmyip.co.uk
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:02:32:00 WinXP 114.45.138.224 (-):
. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 37 of 40 d8e60db98a
NEW 6991257f56 [0] none:none
pex| none trace

T:02:42:00 Win2K-f 24.78.229.176 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
SQUAMISH, BRITISH COLUMBIA, CA. (DSL) n/a :japan.youngpeyatech.info
CN:done.blacktiehsbdcs.com 135 pcap raw alerts
ruleset irc
http
533 lines Yeah : 1.3
profile none summary
tarball 7 of 39
38 of 40 0616ff8c4f
NEW
fcab6c9d17
NEW a0fa7f1f71 [0]
none [4] none:none
none:none
PENinja S|
Xtreme-Pr| none
none trace
trace

T:02:46:00 WinXP 83.215.2.19 (SALZBURG-ONLINE.AT):
SALZBURG AG PROVIDES INTERNET-SERVICES,
SALZBURG, SALZBURG, AT. n/a RU:m.DRD3H.COM 139 pcap raw alerts
ruleset ftp
irc
26 lines Yeah : 0.8
profile none summary
tarball 38 of 40 3490e2ea15
NEW 1d04d6dc84 [0] ASM:Graph
ASPack| lines=3292
embedded dns trace

03:00:00 Win2K-f 87.97.213.1 (GGBIT.NET):
EKK CATV PLOVDIV,
PLOVDIV, PLOVDIV, BG. n/a US:www.maxmind.com
US:www.getmyip.org
US:checkip.dyndns.org
US:getmyip.co.uk
208.78.69.70:80
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:03:08:00 Win2K-f 87.97.213.1 (GGBIT.NET):
EKK CATV PLOVDIV,
PLOVDIV, PLOVDIV, BG. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:03:34:00 WinXP 67.125.140.230 (PACBELL.NET):
AT&T INTERNET SERVICES,
FRESNO, CALIFORNIA, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

03:47:00 Win2K-f 91.66.190.152 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:www.maxmind.com
:checkip.dyndns.org
US:getmyip.co.uk
US:www.getmyip.org
US:64.246.48.99:666
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:03:57:00 Win2K-f 91.66.190.152 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. n/a US:www.maxmind.com
:checkip.dyndns.org
US:www.getmyip.org
US:getmyip.co.uk
208.78.69.70:80
US:64.246.48.99:666
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:04:01:00 WinXP 220.109.12.136 (PLALA.OR.JP):
PLALA NETWORKS INC,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 31 of 32 741e3b03b3
NEW none[0] none:none
none|none lines=61 trace

T:04:15:00 WinXP 78.88.149.163 (-):
VECTRA TECHNOLOGIE S.A,
PL. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 5bb1174a3d
NEW 8ba258f5b1 [0] none:none
PolyEnE| none trace

04:49:00 Win2K-f 115.81.109.111 (-):
. n/a US:www.maxmind.com
US:getmyip.co.uk
US:www.getmyip.org
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:05:24:00 Win2K-f 208.63.46.22 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
MIAMI, FLORIDA, US. n/a US:qtas.net
CZ:t32.marund.net 445 pcap raw alerts
ruleset http
irc
56 lines Yeah : 0.8
profile none summary
tarball none 06161f6519
NEW cfec9aabc3 [0] none:none
MingWin32| none trace

T:05:46:00 WinXP 114.48.46.254 (-):
. n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:06:27:00 WinXP 220.239.241.190 (OPTUSNET.COM.AU):
OPTUS INTERNET - RETAIL,
SYDNEY, NEW SOUTH WALES, AU. 123.164.66.62:18067 :symantec.loves.the.cock.pheer.biz 445 pcap raw alerts
ruleset irc
14 lines Yeah : 1.3
profile none summary
tarball none 7dc73bfa4d
NEW f85ec0d786 [0] none:none
MEW| none trace

T:06:47:00 WinXP 77.125.149.154 (INTER.NET.IL):
EURONET DIGITAL COMMUNICATIONS,
IL. n/a 445 pcap raw alerts
ruleset other
0 lines Yeah : 0.8
profile none summary
tarball 29 of 29 492957db81
NEW none[0] ASM:Graph
PolyEnE| lines=69
embedded dns trace

07:01:00 Win2K-f 189.28.177.42 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:www.maxmind.com
EU:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:10:00 Win2K-f 189.28.177.42 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:07:15:00 WinXP 187.22.202.242 (-):
. n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 39 of 41 06f29527f1
NEW 01b1457ad7 [0] none:none
PolyEnE| none trace

T:07:20:00 Win2K-f 173.28.194.104 (-):
. n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball none c038787a44
NEW none[3] none:none
none|none none trace

07:34:00 Win2K-f 94.52.110.237 (-):
. n/a US:www.maxmind.com
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:07:43:00 Win2K-f 94.52.110.237 (-):
. n/a US:www.maxmind.com
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 2 of 37 d60e538e72
NEW none[3] none:none
UPX| none trace

T:07:52:00 WinXP 117.96.41.94 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 41 of 41 e1a7bda6ff
NEW cfc8c71bb6 [0] none:none
PolyEnE| none trace

T:08:19:00 WinXP 63.17.153.221 (UU.NET):
UUNET TECHNOLOGIES INC,
NEW YORK, NEW YORK, US. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
86 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

09:09:00 Win2K-f 66.117.7.11 (IMPLUX.NET):
IMPLUX LLC,
SAN DIEGO, CALIFORNIA, US. (100Mbps) n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:getmyip.co.uk
US:67.15.94.80:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:11:46:00 WinXP 24.80.169.137 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
VANCOUVER, BRITISH COLUMBIA, CA. (DSL) n/a CN:irc.zief.pl
:gg.arrancar.org
CN:brenz.pl
CN:lometr.pl
CN:218.93.205.24:65520
CN:221.5.74.39:65520
US:66.90.73.229:555 135 pcap raw alerts
ruleset http
344 lines Yeah : 1.3
profile none summary
tarball 7 of 41
9 of 41
34 of 40
19 of 40 18dfbbc85b
NEW
1ff1b53653
NEW
a72398081f
NEW
f37b5a8f0c
NEW 4f6fcecea3 [0]
none [4]
3f0ad45d1c[0]
dce19a471e[0] none:none
none:none
none:none
none:none
UPX|
Mew|
tElock|
none|none none
none
none
none trace
trace
trace
trace

T:11:48:00 Win2K-f 218.238.56.56 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:brenz.pl
CN:lometr.pl 135 pcap raw alerts
ruleset irc
http
121 lines Yeah : 1.8
profile none summary
tarball 7 of 41
9 of 41
29 of 32
28 of 32
19 of 40 18dfbbc85b
NEW
1ff1b53653
NEW
8a75955033
NEW
9276c8b36b
NEW
f37b5a8f0c
NEW 4f6fcecea3 [0]
none [4]
2bf3e548b9[0]
none [0]
dce19a471e[0] none:none
none:none
ASM:Graph
ASM:Graph
none:none
UPX|
Mew|
tElock|
Armadillo|
none|none none
none
lines=126
embedded dns
lines=81
none trace
trace
trace
trace
trace

T:12:26:00 Win2K-f 4.138.49.80 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WEAVERVILLE, NORTH CAROLINA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
175 lines Yeah : 1.3
profile none summary
tarball 38 of 41
36 of 41 97d5230e3f
NEW
dfb19bde14
NEW 2deaf62cb7 [0]
7d7d4ab834[0] none:none
none:none
tElock|
Armadillo| none
none trace
trace

T:12:26:00 Win2K-f 70.253.62.9 (SWBELL.NET):
PPPOX POOL - RBACK2.HSTNTX,
HOUSTON, TEXAS, US. (DIAL) 83.68.16.6:5190 72.10.172.211:8080 NL:xx.sqlteam.info
CA:xx.ka3ek.com
:zone2tech.info
67.215.1.206:80 135 pcap raw alerts
ruleset irc
267 lines Yeah : 1.8
profile none summary
tarball none a4dde6f9e4
NEW none[4] none:none
none|none none trace

T:13:03:00 Win2K-f 4.137.197.249 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHARLOTTE, NORTH CAROLINA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
60 lines Yeah : 1.3
profile none summary
tarball 0 of 33 a08f3b74a4
NEW none[0] none:none
Armadillo| lines=90 trace

T:13:39:00 WinXP 24.103.196.250 (-):
. 67.43.236.66:8080 72.10.172.211:8080 CA:xx.ka3ek.com
:zone2tech.info
67.215.1.206:80
CA:67.43.236.66:8080 135 pcap raw alerts
ruleset irc
340 lines Yeah : 1.8
profile none summary
tarball 37 of 40 a0a15f5ebf
NEW c506c7cc86 [0] none:none
Mew| none trace

T:13:58:00 WinXP 166.164.74.161 (MYVZW.COM):
SERVICE PROVIDER CORPORATION,
BEDMINSTER, NEW JERSEY, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:14:08:00 WinXP 76.172.106.45 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (100Mbps) n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none 7e53200f90
NEW none[4] none:none
PolyEnE| none trace

T:14:08:00 WinXP 128.143.103.22 (VIRGINIA.EDU):
UNIVERSITY OF VIRGINIA,
CHARLOTTESVILLE, VIRGINIA, US. n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:www.proxy-socks.net
:wpad 445 pcap raw alerts
ruleset http
http
http
20 lines Yeah : 0.8
profile none summary
tarball 29 of 29 a12cab51ef
NEW none[0] none:none
ASPack| lines=281
embedded dns trace

14:36:00 Win2K-f 190.55.227.213 (-):
. n/a 445 pcap raw alerts
ruleset http
2 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:15:19:00 WinXP 99.153.107.178 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
59 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33 53bfe15e91
NEW
b7082104e4
NEW 1473091351 [0]
c5b49e7b82[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=75
embedded dns
lines=41 trace
trace

T:15:44:00 WinXP 76.247.106.162 (PACBELL.NET):
AT&T INTERNET SERVICES,
US. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 32 of 32 03f912899b
NEW none[0] none:none
none|none lines=64 trace

15:45:00 Win2K-f 118.168.187.198 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
US:getmyip.co.uk
US:checkip.dyndns.org
US:67.15.94.80:80
US:75.126.138.202:80 445 pcap raw alerts
ruleset http
4 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:16:38:00 WinXP 206.172.98.93 (BELL.CA):
SYMPATICO,
BELLEVILLE, ONTARIO, CA. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
133 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:40:00 WinXP 75.119.7.2 (LDMI.COM):
TALK AMERICA,
DETROIT, MICHIGAN, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:47:00 WinXP 219.238.244.4 (IAPCM.AC.CN):
BEIJING TELETRON TELECOM ENGINEERING CO. LTD,
BEIJING, GUANGDONG, CN. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
133 lines Yeah : 1.3
profile none summary
tarball 36 of 40
37 of 40 1a76ee47c1
NEW
78834f5ab6
NEW 8ef942208b [0]
2e416b0e36[0] none:none
ASM:Graph
Armadillo|
tElock| none
lines=64
embedded dns trace
trace

T:16:55:00 Win2K-f 76.90.147.66 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

17:24:00 WinXP 75.119.7.2 (LDMI.COM):
TALK AMERICA,
DETROIT, MICHIGAN, US. 213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b27d73bfcb
NEW 473c6454ce [0] ASM:Graph
PolyEnE| lines=68 trace

18:02:00 Win2K-f 173.45.97.150 (-):
. n/a US:www.maxmind.com
US:www.getmyip.org
EU:checkip.dyndns.org
US:getmyip.co.uk
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:20:06:00 WinXP 68.121.244.117 (PACBELL.NET):
PPPOX POOL - BRAS1IRVNCA,
LOS ANGELES, CALIFORNIA, US. (DSL) n/a RU:citi-bank.ru
RU:213.219.245.212:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 29 of 29 d6df3972a0
NEW none[0] ASM:Graph
PolyEnE| lines=65 trace

T:20:45:00 WinXP 201.140.139.104 (-):
CORRUGADOS DE BC,
MX. (100Mbps) 221.5.74.39:65520 CN:proxim.ircgalaxy.pl
CN:brenz.pl
CN:lometr.pl 139 pcap raw alerts
ruleset irc
http
25 lines Yeah : 1.3
profile none summary
tarball 9 of 41
none
19 of 40 1ff1b53653
NEW
b744842287
NEW
f37b5a8f0c
NEW none[4]
6d86e99a65[0]
dce19a471e[0] none:none
none:none
none:none
Mew|
none|none
none|none none
none
none trace
trace
trace

21:13:00 Win2K-f 75.10.64.41 (MDSG-PACWEST.COM):
BOND MANUFACTURING,
PLANO, TEXAS, US. (100Mbps) n/a US:www.maxmind.com
US:getmyip.co.uk
:checkip.dyndns.org
US:www.getmyip.org
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:21:15:00 Win2K-f 122.55.172.109 (PLDT.NET):
IPG,
PH. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none 6529257178
NEW 71e290f942 [0] none:none
none|none none trace

T:21:22:00 Win2K-f 75.10.64.41 (MDSG-PACWEST.COM):
BOND MANUFACTURING,
PLANO, TEXAS, US. (100Mbps) n/a US:www.maxmind.com
:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
5 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

21:40:00 Win2K-f 190.50.47.143 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a US:www.maxmind.com
US:checkip.dyndns.org
US:67.15.94.80:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:21:48:00 Win2K-f 190.50.47.143 (COM.AR):
TELEFONICA DE ARGENTINA,
AR. n/a US:www.maxmind.com
US:getmyip.co.uk
US:www.getmyip.org
EU:checkip.dyndns.org
US:64.246.48.99:666 445 pcap raw alerts
ruleset http
8 lines Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace

T:22:30:00 Win2K-f 208.63.46.22 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
MIAMI, FLORIDA, US. n/a US:qtas.net
US:64.38.1.235:80 445 pcap raw alerts
ruleset other
0 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:22:36:00 Win2K-f 96.50.104.64 (-):
. 61.120.62.28:3305 KR:cx10man.weedns.com
JP:fx010413.whyI.org
TH:gynoman.weedns.com
JP:61.120.62.28:3305 135 pcap raw alerts
ruleset irc
609 lines Yeah : 1.8
profile none summary
tarball 34 of 38 50cfeab10d
NEW 47efaeaaf5 [0] none:none
StarForce| none trace

T:23:25:00 Win2K-f 211.120.157.73 (ZAQ.NE.JP):
KITAKAWACHI CABLE NET CO LTD,
OSAKA, OSAKA, JP. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 0 of 33
33 of 33 2e45ae247e
NEW
53bfe15e91
NEW 36aa8cd03d [0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| none
lines=75
embedded dns trace
trace

23:54:00 Win2K-f 78.111.96.201 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. n/a US:www.maxmind.com
US:www.getmyip.org
:checkip.dyndns.org
US:getmyip.co.uk
US:65.254.39.170:80
US:67.15.94.80:80
US:75.126.138.202:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 7 of 37 7587773eea
NEW none[3] none:none
StarForce| none trace