Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

17 May 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

01:26:00 WinXP 174.42.165.121 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - WARRENSVILLE HEIGHTS,
SALISBURY, NORTH CAROLINA, US. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:01:40:00 WinXP 112.200.171.4 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 42
39 of 42 81ba587884
NEW
8981ffaa65
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

02:20:00 WinXP 50.15.131.12 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 43 of 43 6ffc4847e4
NEW none[none] none:none
none|none none none

T:02:24:00 Win2K-f 175.123.78.40 (-):
. 60.190.222.139:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:yigeshabi.8800.org
CN:w.nucleardiscover.com
CN:russia.9966.org
CN:myck.nucleardiscover.com
US:lasikoutlook.com
US:images01.tzimg.com
CN:ck3.nucleardiscover.com
US:psychologyjazz.com
:domdex.com
:a.collective-media.net
US:ib.adnxs.com
:b.collective-media.net
173.192.167.133:80 135 pcap raw alerts
ruleset irc
http
196 lines Yeah : 1.8
profile none summary
tarball 22 of 42
25 of 42
33 of 43
30 of 33
29 of 43
36 of 41 0825a8dc78
NEW
1d572144b6
NEW
40e1c8a6a3
NEW
533d15b5ce
NEW
8b55a62bd9
NEW
a8d5f22a14
NEW none[none]
none [none]
none [none]
c67adf46e2[0]
none [none]
none [none] none:none
none:none
none:none
ASM:Graph
none:none
none:none
none|none
none|none
none|none
tElock|
none|none
none|none none
none
none
lines=126
embedded dns
none
none none
none
none
trace
none
none

T:02:36:00 Win2K-f 203.99.173.255 (PIE.NET.PK):
PAKISTAN TELECOMMUNICATION COMPANY LIMITED,
ISLAMABAD, ISLAMABAD, PK. (DSL) n/a :managementfish.com
US:www.yceml.net
US:scripts.chitika.net
:financialinstrument.org
:download.macromedia.com
:infotrademark.com
:www.moolanomy.com
:singlemindedwomen.com
US:legalaidadvisory.com
US:farm1.static.flickr.com
US:farm2.static.flickr.com
:l.yimg.com
72.47.239.42:80 445 pcap raw alerts
ruleset irc
http
391 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:02:37:00 WinXP 160.80.101.105 (NET.UNIROMA2.IT):
UNIVERSITA' DEGLI STUDI DI ROMA 'TOR VERGATA',
ROME, LAZIO, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none c049e988f2
NEW none[none] none:none
none|none none none

T:02:46:00 Win2K-f 122.59.177.43 (GLOBAL-GATEWAY.NET.NZ):
TELECOM NEW ZEALAND LIMITED,
NZ. (DSL) 83.133.119.197:65520 US:themedicalminds.com
CA:insureyourselfnow.com
CN:russia.9966.org
CN:yigeshabi.8800.org
US:as.casalemedia.com
:infotrademark.com
US:p.chango.com
CN:w.nucleardiscover.com
CA:www.searchnut.com
US:ticketssnapper.com
:stocksname.com
US:activex.microsoft.com
:conaeaiquitos2010.com
US:codecs.microsoft.com
98.126.50.74:80 135 pcap raw alerts
ruleset irc
http
26 lines Yeah : 1.3
profile none summary
tarball 25 of 42
33 of 43
1 of 42 1d572144b6
NEW
40e1c8a6a3
NEW
f8de9e55eb
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

T:02:47:00 WinXP 187.80.95.143 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 dc467897c8
NEW none[none] none:none
none|none none none

T:02:59:00 WinXP 46.134.252.194 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 c19c8a2776
NEW none[none] none:none
none|none none none

T:04:15:00 WinXP 27.98.0.72 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
99 lines Yeah : 1.3
profile none summary
tarball 39 of 40
40 of 41 6a6aaa5b73
NEW
8bde6dd126
NEW 63889c9976 [0]
885c68f500[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=42
lines=64
embedded dns trace
trace

04:48:00 WinXP 49.14.17.6 (-):
. n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 38 of 42 fa18d66b7d
NEW none[none] none:none
none|none none none

T:05:28:00 WinXP 222.230.153.156 (VECTANT.NE.JP):
SEIKA CORPORATION,
YOKOHAMA, KANAGAWA, JP. (100Mbps) n/a 445 pcap raw alerts
ruleset shell
ftp
13 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] none:none
none|none lines=60 trace

T:05:31:00 WinXP 160.80.101.105 (NET.UNIROMA2.IT):
UNIVERSITA' DEGLI STUDI DI ROMA 'TOR VERGATA',
ROME, LAZIO, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball none c049e988f2
NEW none[none] none:none
none|none none none

T:05:40:00 WinXP 211.75.159.211 (KENNY.COM.TW):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:22:00 Win2K-f 61.105.42.142 (KRLINE.NET):
KRNIC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
37 of 40 5d445c59d8
NEW
8a54950abb
NEW 892e12db7b [0]
f6b9e43917[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:07:17:00 Win2K-f 61.215.158.112 (CABLENET.NE.JP):
CABLENET SAITAMA CO. LTD,
FUNABASHI, CHIBA, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 40 of 41
40 of 41 10c560fc02
NEW
1b8d146832
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:07:23:00 WinXP 125.197.79.141 (MESH.AD.JP):
NEC CORPORATION,
TSUKUBA, IBARAKI, JP. (DSL) n/a 445 pcap raw alerts
ruleset ftp
13 lines Yeah : 0.8
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] none:none
none|none lines=60 trace

07:23:00 WinXP 177.30.32.58 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 42 3d3a793f61
NEW none[none] none:none
none|none none none

T:07:38:00 WinXP 75.37.173.251 (SBCGLOBAL.NET):
JASON LEE,
PLANO, TEXAS, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:07:49:00 WinXP 178.24.88.213 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:07:55:00 WinXP 218.175.149.64 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:08:00 WinXP 223.138.117.33 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:11:00 WinXP 178.25.224.11 (FINEBLANK.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 42 of 42 0c3e031d4a
NEW none[none] none:none
none|none none none

09:36:00 WinXP 218.175.149.64 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:41:00 WinXP 95.74.214.144 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 1595515522
NEW none[none] none:none
none|none none none

T:09:54:00 WinXP 111.82.37.87 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:36:00 Win2K-f 112.201.209.147 (PLDT.NET):
IPG,
LAS PINAS CITY, MANILA, PH. (DSL) n/a 135 pcap raw alerts
ruleset other
454 lines Yeah : 1.3
profile none summary
tarball 37 of 42 b53773d680
NEW none[none] none:none
none|none none none

10:42:00 WinXP 124.106.185.71 (PLDT.NET):
PLAN,
QUEZON CITY, QUEZON CITY, PH. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 43 2aa74cbf6b
NEW none[none] none:none
none|none none none

T:10:42:00 WinXP 77.23.176.233 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BAMBERG, BAYERN, DE. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 5f186aa322
NEW none[none] none:none
none|none none none

T:11:25:00 WinXP 50.15.144.162 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 39 of 40 5e8ccc4190
NEW 8d5f86583f [0] ASM:Graph
PolyEnE| lines=68 trace

T:12:11:00 Win2K-f 173.212.6.172 (-):
. n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 42 470ef834b1
NEW none[none] none:none
none|none none none

T:13:38:00 Win2K-f 98.175.169.158 (COX.NET):
COX COMMUNICATIONS,
OKLAHOMA CITY, OKLAHOMA, US. (DSL) 91.193.194.67:65520 69.22.162.170:80 CN:proxim.ircgalaxy.pl
US:microsoft.com
CN:yigeshabi.8800.org
CN:w.nucleardiscover.com
CN:russia.9966.org
CN:myck.nucleardiscover.com
US:voucherslunch.com
CN:ck3.nucleardiscover.com
US:trucksrealtor.com
US:as.casalemedia.com
:images.ddc.com
:domdex.com
US:p.chango.com
66.114.50.41:80 135 pcap raw alerts
ruleset irc
http
142 lines Yeah : 1.8
profile none summary
tarball 22 of 42
25 of 42
39 of 42
none
33 of 43
29 of 43
1 of 42 0825a8dc78
NEW
1d572144b6
NEW
220c0b183d
NEW
40a82f045f
NEW
40e1c8a6a3
NEW
8b55a62bd9
NEW
adfd231b5e
NEW none[none]
none [none]
none [none]
none [none]
none [none]
none [none]
none [none] none:none
none:none
none:none
none:none
none:none
none:none
none:none
none|none
none|none
none|none
none|none
none|none
none|none
none|none none
none
none
none
none
none
none none
none
none
none
none
none
none

T:14:16:00 Win2K-f 111.253.160.128 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
118 lines Yeah : 1.3
profile none summary
tarball 40 of 41
41 of 43 2bc8f15054
NEW
9956124c58
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:14:16:00 Win2K-f 61.218.191.251 (-):
LIAN HONG BUSINESS CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
57ce4acac2
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:14:24:00 Win2K-f 109.228.80.35 (STERLINGSTUDENTS.NET):
EU-ZZ,
UK. (DSL) 69.22.162.153:80 CN:ck4.nucleardiscover.com
:virginiaventure.com
CN:ck3.nucleardiscover.com
CN:myck.nucleardiscover.com
US:istanbulcomputing.com
US:whitefilescabinets.com
:images.ddc.com
US:as.casalemedia.com
66.114.50.46:80
67.214.158.5:80
98.126.50.74:80 445 pcap raw alerts
ruleset http
irc
28 lines Yeah : 0.8
profile none summary
tarball 1 of 42 aae045b10e
NEW none[none] none:none
none|none none none

T:14:39:00 Win2K-f 173.28.213.167 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
CHANHASSEN, MINNESOTA, US. (DSL) n/a CN:ck3.nucleardiscover.com
:virginiaventure.com
CN:myck.nucleardiscover.com
:brazilireland.com
US:findtherightplans.com
CN:w.nucleardiscover.com
CN:russia.9966.org
US:as.casalemedia.com
DE:www.sedoparking.com
:images.ddc.com
:domdex.com
US:p.chango.com
CN:proxim.ircgalaxy.pl
US:activex.microsoft.com
US:codecs.microsoft.com
:shoescosmetics.com
US:homesteadstaxes.com
US:cdn.optmd.com
US:tripbooks.net
US:bootsports.com
:lengthenaccu.com
:fishyteu.com
:arabirc.net
:tourismsinsurance.info
:lifeinsuranceonlinepayment.com
US:insurance-mp.com
US:highb2b.com
98.126.50.74:80 135 pcap raw alerts
ruleset http
29 lines Yeah : 1.3
profile none summary
tarball 25 of 42
1 of 42 1d572144b6
NEW
c32cadf826
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:14:47:00 WinXP 70.182.80.91 (COX.NET):
COX COMMUNICATIONS,
TULSA, OKLAHOMA, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 31 of 41 682a384fe9
NEW none[3] none:none
none|none none trace

T:15:00:00 WinXP 65.36.14.155 (GRANDENETWORKS.NET):
GRANDE COMMUNICATIONS ODESSA HUB,
SAN MARCOS, TEXAS, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:17:55:00 WinXP 27.98.18.1 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
99 lines Yeah : 1.3
profile none summary
tarball 39 of 40
40 of 41 6a6aaa5b73
NEW
8bde6dd126
NEW 63889c9976 [0]
885c68f500[0] ASM:Graph
ASM:Graph
tElock|
tElock| lines=42
lines=64
embedded dns trace
trace

T:17:57:00 WinXP 187.80.30.109 (CAMPUSEAI.ORG):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 40 dc467897c8
NEW none[none] none:none
none|none none none

19:08:00 WinXP 113.210.42.230 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:19:30:00 WinXP 95.58.9.175 (DIAL.ONLINE.KZ):
JSC KAZAKHTELECOM SOUTH KAZAKHSTAN AFFILIATE,
ALMATY, ALMATY CITY, KZ. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 42 of 43 2c94e3fd00
NEW none[none] none:none
none|none none none

T:19:51:00 WinXP 122.132.106.80 (MESH.AD.JP):
NEC BIGLOBE LTD,
TSUKUBA, IBARAKI, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
NEW none[0] none:none
none|none lines=60 trace

T:20:10:00 Win2K-f 65.19.251.75 (VNET-INC.COM):
TRIANGLE TELEPHONE,
ENNIS, MONTANA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
114 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 d031b42d3f
NEW
fa14802705
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:20:12:00 WinXP 4.252.19.147 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
OSSEO, MINNESOTA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

20:32:00 Win2K-f 182.18.134.158 (-):
. n/a US:www.maxmind.com
US:checkip.dyndns.org
:www.getmyip.org
EU:getmyip.co.uk
US:www.vouchercodes.net
US:208.43.124.51:80
US:217.160.239.39:80
EU:91.198.22.71:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

20:42:00 WinXP 115.81.37.159 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 42 89333786d3
NEW none[none] none:none
none|none none none

21:02:00 Win2K-f 200.71.105.168 (COLDECON.COM):
COLDECON,
CALI, VALLE DEL CAUCA, CO. (DSL) n/a US:www.maxmind.com
:www.getmyip.org
EU:checkip.dyndns.org
EU:getmyip.co.uk
US:www.vouchercodes.net
EU:91.198.22.71:80 445 pcap raw alerts
ruleset http
1017 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

21:15:00 Win2K-f 202.141.240.250 (MULTI.NET.PK):
MULTINETBROADBAND,
KARACHI, SINDH, PK. (DSL) n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
US:www.vouchercodes.net
DE:131.220.6.26:80 445 pcap raw alerts
ruleset http
1011 lines Yeah : 0.8
profile none summary
tarball 3 of 37 d9cb288f31
NEW 45603a001c [0] ASM:Graph
UPX| lines=174
embedded dns trace

T:21:43:00 Win2K-f 112.205.190.45 (PLDT.NET):
IPG,
PH. (DSL) n/a 135 pcap raw alerts
ruleset other
1003 lines Yeah : 1.3
profile none summary
tarball 36 of 43 52936225a5
NEW none[none] none:none
none|none none none

T:21:46:00 WinXP 186.222.148.191 (-):
. n/a DE:moscow-advokat.ru
NL:diemen.nl.eu.undernet.org
DE:82.98.86.164:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
NEW none[0] none:none
PolyEnE| lines=93
embedded dns trace

T:21:51:00 WinXP 186.254.84.23 (-):
. n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:22:31:00 Win2K-f 14.96.133.33 (-):
. n/a US:microsoft.com
DE:irc.zief.pl 135 pcap raw alerts
ruleset irc
http
280 lines Yeah : 1.3
profile none summary
tarball 38 of 42
37 of 43
33 of 41 01653e5df4
NEW
22b837c271
NEW
da908ba645
NEW none[none]
none [none]
none [none] none:none
none:none
none:none
none|none
none|none
none|none none
none
none none
none
none

T:22:55:00 Win2K-f 75.187.228.115 (RR.COM):
ROAD RUNNER HOLDCO LLC,
LORAIN, OHIO, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:09:00 Win2K-f 120.138.175.125 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
110 lines Yeah : 1.3
profile none summary
tarball 39 of 41
40 of 41 6a1dc43309
NEW
94e49d5627
NEW 522dace6c1 [0]
777259292a[0] ASM:Graph
ASM:Graph
Armadillo|
tElock| lines=91
lines=64
embedded dns trace
trace