evilprogram.pcap

MD5	5685dcd54364e76e1801fb04b22678a3
Submission Date	2022-05-14 13:13:51
Tags	(not set)

Alert 0

#		Timestamp	Src Ip	Dest Ip	Alert Signature	P
No results found.

DNS 20

Showing 1-20 of 20 items.

Timestamp

Src Ip

Dest Ip

Dns Type

Resource Record Name

Resource Record Type

Resource Data

2004-09-02T10:10:46.017841-0700

24.6.125.19

216.148.227.68

query

updatekeepalive.mcafee.com

(not set)

2004-09-02T10:10:46.053280-0700

216.148.227.68

24.6.125.19

answer

updatekeepalive.mcafee.com

(not set)

2004-09-02T10:11:26.150334-0700

24.6.125.19

216.148.227.68

query

us.mcafee.com

(not set)

2004-09-02T10:11:26.298362-0700

216.148.227.68

24.6.125.19

answer

us.mcafee.com

(not set)

2004-09-02T13:03:34.633048-0700

24.6.125.19

216.148.227.68

query

19.125.6.24.in-addr.arpa

PTR

(not set)

2004-09-02T13:03:34.680333-0700

216.148.227.68

24.6.125.19

answer

19.125.6.24.in-addr.arpa

PTR

(not set)

2004-09-02T13:03:34.805115-0700

24.6.125.19

216.148.227.68

query

virtumonde.com

(not set)

2004-09-02T13:03:34.842746-0700

216.148.227.68

24.6.125.19

answer

virtumonde.com

(not set)

2004-09-02T15:05:47.667521-0700

24.6.125.19

216.148.227.68

query

us.mcafee.com

(not set)

2004-09-02T15:05:47.697674-0700

216.148.227.68

24.6.125.19

answer

us.mcafee.com

(not set)

2004-09-02T13:03:11.157438-0700

24.6.125.19

216.148.227.68

query

updates.virtumonde.com

(not set)

2004-09-02T13:03:11.227374-0700

216.148.227.68

24.6.125.19

answer

updates.virtumonde.com

(not set)

2004-09-02T14:10:47.268281-0700

24.6.125.19

216.148.227.68

query

0.0.0.0.in-addr.arpa

PTR

(not set)

2004-09-02T14:10:47.358301-0700

216.148.227.68

24.6.125.19

answer

0.0.0.0.in-addr.arpa

PTR

(not set)

2004-09-02T14:10:47.387949-0700

24.6.125.19

216.148.227.68

query

14.150.123.209.in-addr.arpa

PTR

(not set)

2004-09-02T14:10:47.424274-0700

216.148.227.68

24.6.125.19

answer

14.150.123.209.in-addr.arpa

PTR

(not set)

2004-09-02T15:05:43.646438-0700

24.6.125.19

216.148.227.68

query

updatekeepalive.mcafee.com

(not set)

2004-09-02T15:05:43.682133-0700

216.148.227.68

24.6.125.19

answer

updatekeepalive.mcafee.com

(not set)

2004-09-02T15:27:32.903194-0700

24.6.125.19

216.148.227.68

query

0.0.0.0.in-addr.arpa

PTR

(not set)

2004-09-02T15:27:32.943510-0700

216.148.227.68

24.6.125.19

answer

0.0.0.0.in-addr.arpa

PTR

(not set)

TLS 0

#		Timestamp	Source IP	Destination IP	TLS Version	Server Name Indication
No results found.

TFTP 0

#	Timestamp	Src Ip	Dest Ip	Tftp Packet	Tftp File	Tftp Mode
No results found.

HTTP 15

Showing 1-15 of 15 items.

Timestamp

Source

Hostname

Port

Method

URL

Status

2004-09-02T10:11:26.622000-0700

24.6.125.19

us.mcafee.com

GET

/apps/Agent/en-us/Agent5/chknews.asp?affid=&OS=4&Version=5.0&INS=200206121212&MYS=200406151000&OEM=&sic=200209271218

200

2004-09-02T10:16:48.480227-0700

24.6.125.19

us.mcafee.com

GET

/apps/Agent/en-us/Agent5/chknews.asp?affid=&OS=4&Version=5.0&INS=200206121212&MYS=200406151000&OEM=&sic=200209271218

200

2004-09-02T10:16:49.381532-0700

24.6.125.19

us.mcafee.com

GET

/apps/Agent/en-us/Agent5/chkalert.asp?affid=&OS=4&Version=5.0&EventID=2004615736

200

2004-09-02T10:11:27.022607-0700

24.6.125.19

us.mcafee.com

POST

/apps/agent/submgr/appinstru.asp

200

2004-09-02T10:11:29.826581-0700

24.6.125.19

us.mcafee.com

GET

/apps/Agent/en-us/Agent5/chkalert.asp?affid=&OS=4&Version=5.0&EventID=2004615736

200

2004-09-02T10:16:51.684800-0700

24.6.125.19

us.mcafee.com

POST

/apps/vso/en-us/vso9/chkupd.asp?affid=

200

2004-09-02T10:11:41.242837-0700

24.6.125.19

us.mcafee.com

POST

/apps/vso/en-us/vso9/chkupd.asp?affid=

200

2004-09-02T10:11:49.254263-0700

24.6.125.19

us.mcafee.com

POST

/apps/Agent/en-us/Agent5/chkupd.asp?affid=

200

2004-09-02T10:16:52.886504-0700

24.6.125.19

us.mcafee.com

POST

/apps/Agent/en-us/Agent5/chkupd.asp?affid=

200

2004-09-02T13:03:36.028086-0700

24.6.125.19

virtumonde.com

POST

200

2004-09-02T15:05:47.966877-0700

24.6.125.19

us.mcafee.com

GET

/apps/Agent/en-us/Agent5/chknews.asp?affid=&OS=4&Version=5.0&INS=200206121212&MYS=200406151000&OEM=&sic=200209271218

200

2004-09-02T15:05:48.968143-0700

24.6.125.19

us.mcafee.com

GET

/apps/Agent/en-us/Agent5/chkalert.asp?affid=&OS=4&Version=5.0&EventID=2004615736

200

2004-09-02T15:05:51.271408-0700

24.6.125.19

us.mcafee.com

POST

/apps/vso/en-us/vso9/chkupd.asp?affid=

200

2004-09-02T15:05:52.773730-0700

24.6.125.19

us.mcafee.com

POST

/apps/Agent/en-us/Agent5/chkupd.asp?affid=

200

2004-09-02T15:29:56.397180-0700

24.6.125.19

updates.virtumonde.com

GET

/bkinst.exe

200

SMB 0

#		Timestamp	Src Ip	Dest Ip	SMB Dialect	Command	Session	Tree
No results found.

SMTP 0

#		Timestamp	Source	Destination	Email From	Email To	Subject
No results found.

Flow 119

Showing 1-20 of 119 items.

Timestamp

Flow Id

Event Type

Source

Source Port

Destination

Destination Port

Protocol

Host

2004-09-02T15:29:56.397180-0700

704573923341074

flow

24.87.14.222

4588

24.6.125.19

3127

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1128231771169042

flow

210.96.100.130

54447

24.6.125.19

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1269744052474189

flow

220.121.188.170

3426

24.6.125.19

1023

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

708518526951573

flow

220.95.85.243

2818

24.6.125.19

1023

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

427329213624372

flow

24.136.28.59

3089

24.6.125.19

2745

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1835224196977511

flow

24.6.104.173

3212

24.6.125.19

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

850327770010218

flow

24.86.194.206

1329

24.6.125.19

2745

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1836295937801996

flow

83.38.71.127

4195

24.6.125.19

4899

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

2118442797457613

flow

24.87.14.222

4589

24.6.125.19

6129

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

996151202326743

flow

219.251.49.28

1314

24.6.125.19

4899

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

714912566745198

flow

24.20.206.20

4938

24.6.125.19

5554

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1279073523827649

flow

204.104.226.88

14171

24.6.125.19

1026

UDP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1842096864427691

flow

24.6.125.19

1060

216.49.88.118

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1843148002829908

flow

24.136.28.59

3099

24.6.125.19

3127

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1702681065743182

flow

24.6.125.19

1028

216.49.88.118

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1843817982833104

flow

65.206.44.81

7951

24.6.125.19

4899

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1843817982889309

flow

65.206.44.81

7951

24.6.125.19

4899

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1843817982868029

flow

65.206.44.81

7951

24.6.125.19

4899

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

1422628978167672

flow

64.229.250.186

3213

24.6.125.19

9898

TCP

pcapanalyzer

2004-09-02T15:29:56.397180-0700

18849876528230

flow

24.6.125.19

1030

216.49.88.118

TCP

pcapanalyzer

File 23

Showing 1-20 of 23 items.

Timestamp

Source

Destination

File Name

File Magic

File Size

2004-09-02T10:11:26.622000-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chknews.asp

ASCII text

2004-09-02T10:16:48.480227-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chknews.asp

ASCII text

2004-09-02T10:11:26.663025-0700

24.6.125.19

216.49.88.118

/apps/agent/submgr/appinstru.asp

data

526

2004-09-02T10:16:49.381532-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chkalert.asp

ASCII text

2004-09-02T10:11:27.022607-0700

216.49.88.118

24.6.125.19

/apps/agent/submgr/appinstru.asp

ASCII text, with no line terminators

2004-09-02T10:11:29.826581-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chkalert.asp

ASCII text

2004-09-02T10:16:51.503354-0700

24.6.125.19

216.49.88.118

/apps/vso/en-us/vso9/chkupd.asp

ASCII text, with very long lines, with no line terminators

964

2004-09-02T10:11:41.073233-0700

24.6.125.19

216.49.88.118

/apps/vso/en-us/vso9/chkupd.asp

ASCII text, with very long lines, with no line terminators

964

2004-09-02T10:16:51.684800-0700

216.49.88.118

24.6.125.19

/apps/vso/en-us/vso9/chkupd.asp

ASCII text

2004-09-02T10:11:41.242837-0700

216.49.88.118

24.6.125.19

/apps/vso/en-us/vso9/chkupd.asp

ASCII text

2004-09-02T10:11:48.934445-0700

24.6.125.19

216.49.88.118

/apps/Agent/en-us/Agent5/chkupd.asp

ASCII text, with very long lines, with no line terminators

421

2004-09-02T10:16:52.536587-0700

24.6.125.19

216.49.88.118

/apps/Agent/en-us/Agent5/chkupd.asp

ASCII text, with very long lines, with no line terminators

421

2004-09-02T10:11:49.254263-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chkupd.asp

ASCII text

2004-09-02T10:16:52.886504-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chkupd.asp

ASCII text

2004-09-02T13:03:35.193889-0700

24.6.125.19

209.123.150.14

data

4663

2004-09-02T13:03:36.028086-0700

209.123.150.14

24.6.125.19

zlib compressed data

39482

2004-09-02T15:05:47.966877-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chknews.asp

ASCII text

2004-09-02T15:05:48.968143-0700

216.49.88.118

24.6.125.19

/apps/Agent/en-us/Agent5/chkalert.asp

ASCII text

2004-09-02T15:05:51.128288-0700

24.6.125.19

216.49.88.118

/apps/vso/en-us/vso9/chkupd.asp

ASCII text, with very long lines, with no line terminators

964

2004-09-02T15:05:51.271408-0700

216.49.88.118

24.6.125.19

/apps/vso/en-us/vso9/chkupd.asp

ASCII text

Comments	(not set)

Update Download PCAP Delete