Pattern A

Ports	Infection Listen Egg-download Upload mostly 445 or 139 135 (100%) 500 (100%) 1026 (100%) 1027 (99%) 445 (40%) 1028 (46%) 1028 (96%)
Registry keys	HKEY_USERS@...InternetSettings\5.0 (100%) HKEY_LOCAL_MACHINE@...Microsoft\DownloadManager (100%) HKEY_USERS@...InternetSettings\Connections (100%)
Snort IDs	1:99913 (98%) 1:3000003 (98%) 1:2466 (69%) 1:2001683 (34%)
Network chatter	HTTP UA=Mozilla/4.0 (compatible; MSIE 5.01; Windows NT 5.0) (96%) version=1.0 (96%) filename=/zmon.exe (69%)
Static analysis	MD5 Antivirus labels None (34%) a0a7e837cba166943b44455ff2cb4fd9 (16%) cefc8f1802900f1b7028355b2fae0fd8 (7%) sdbot (38%) rinbot (37%) nirbot (37%) ircbot (37%) vanbot (36%) delbot (33%) hupigon (26%) rbot (26%)