{
	"id": "7c0a2da5-0f5c-4617-91ca-cfbc6b4e8339",
	"created_at": "2026-04-06T00:06:55.079096Z",
	"updated_at": "2026-04-10T03:21:28.184361Z",
	"deleted_at": null,
	"sha1_hash": "39fa5d4aea8b0e20cc087271b8ef1edfd6c3fa2a",
	"title": "OSX/Dockster.A and Win32/Trojan.Agent.AXMO Samples, pcaps, OSX malware analysis tools",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 150967,
	"plain_text": "OSX/Dockster.A and Win32/Trojan.Agent.AXMO Samples, pcaps, OSX\r\nmalware analysis tools\r\nArchived: 2026-04-05 13:01:18 UTC\r\nMemoryze Walk process list. \r\n-h  help screen\r\n-f filename  previously dumpped memory (otherwise uses physical memory and driver)\r\n-x xml output\r\ndump\r\n-q quiet (dont display % complete)\r\n-f name of file to dump to\r\n-w parse process file handles with process\r\n-s parse process section info with process\r\n-t dump process sections [requires -s option]\r\n-c carve processes (dont walk list)\r\n-r walk mach task list\r\n-n name name of process to process\r\nkextlist\r\n-c carve kexts from memory\r\nsyscalllist\r\n-s syscall table\r\n-m mach_trap table\r\n1.203.100.232\r\n1.203.102.251\r\n1.203.102.63\r\n1.203.103.227\r\n1.203.104.45\r\n1.203.106.150\r\n1.203.107.125\r\n1.203.107.200\r\n1.203.108.46\r\n1.203.109.193\r\n1.203.112.147\r\n1.203.112.178\r\n1.203.113.2\r\n1.203.114.165\r\n1.203.118.19\r\n1.203.123.29\r\n1.203.123.68\r\n1.203.123.83\r\n1.203.125.201\r\n1.203.125.248\r\n1.203.132.236\r\n1.203.132.54\r\n1.203.135.238\r\n1.203.137.25\r\n1.203.139.148\r\n1.203.139.94\r\n1.203.142.100\r\n1.203.142.111\r\n1.203.98.98\r\n1.203.99.111\r\n1.203.99.36\r\n111.194.101.196\r\n111.194.104.129\r\n111.194.104.220\r\n111.194.105.63\r\n111.194.106.206\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 1 of 71\n\n111.194.106.225\r\n111.194.107.0\r\n111.194.108.247\r\n111.194.109.202\r\n111.194.109.36\r\n111.194.111.0\r\n111.194.111.16\r\n111.194.116.110\r\n111.194.116.160\r\n111.194.119.106\r\n111.194.120.159\r\n111.194.123.34\r\n111.194.92.111\r\n111.194.92.203\r\n111.194.93.187\r\n111.194.93.62\r\n111.194.93.67\r\n111.194.94.141\r\n111.194.94.188\r\n111.194.94.99\r\n111.194.96.100\r\n111.194.96.194\r\n111.194.96.44\r\n111.194.97.128\r\n111.194.97.55\r\n111.194.98.34\r\n111.194.99.29\r\n114.248.100.174\r\n114.248.100.22\r\n114.248.102.191\r\n114.248.103.1\r\n114.248.103.54\r\n114.248.104.3\r\n114.248.105.118\r\n114.248.107.233\r\n114.248.107.97\r\n114.248.108.73\r\n114.248.109.170\r\n114.248.80.175\r\n114.248.80.241\r\n114.248.80.81\r\n114.248.80.84\r\n114.248.81.127\r\n114.248.81.151\r\n114.248.81.155\r\n114.248.81.157\r\n114.248.81.230\r\n114.248.81.247\r\n114.248.81.253\r\n114.248.81.30\r\n114.248.81.42\r\n114.248.82.128\r\n114.248.82.195\r\n114.248.82.66\r\n114.248.83.161\r\n114.248.83.28\r\n114.248.83.98\r\n114.248.84.134\r\n114.248.84.170\r\n114.248.84.171\r\n114.248.84.180\r\n114.248.84.201\r\n114.248.84.64\r\n114.248.84.79\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 2 of 71\n\n114.248.85.150\r\n114.248.85.154\r\n114.248.85.159\r\n114.248.85.188\r\n114.248.85.189\r\n114.248.85.197\r\n114.248.85.204\r\n114.248.85.21\r\n114.248.85.236\r\n114.248.86.108\r\n114.248.86.206\r\n114.248.86.232\r\n114.248.86.240\r\n114.248.86.59\r\n114.248.86.76\r\n114.248.87.142\r\n114.248.87.150\r\n114.248.87.227\r\n114.248.87.28\r\n114.248.88.125\r\n114.248.88.142\r\n114.248.88.144\r\n114.248.88.166\r\n114.248.88.173\r\n114.248.88.225\r\n114.248.88.230\r\n114.248.88.232\r\n114.248.88.241\r\n114.248.88.35\r\n114.248.88.39\r\n114.248.88.44\r\n114.248.88.46\r\n114.248.88.98\r\n114.248.89.12\r\n114.248.89.144\r\n114.248.89.189\r\n114.248.89.221\r\n114.248.89.6\r\n114.248.89.63\r\n114.248.90.143\r\n114.248.90.185\r\n114.248.90.189\r\n114.248.90.216\r\n114.248.90.28\r\n114.248.90.60\r\n114.248.91.103\r\n114.248.91.145\r\n114.248.91.168\r\n114.248.91.180\r\n114.248.91.194\r\n114.248.91.244\r\n114.248.91.27\r\n114.248.91.28\r\n114.248.91.51\r\n114.248.92.10\r\n114.248.92.106\r\n114.248.92.128\r\n114.248.92.188\r\n114.248.92.197\r\n114.248.92.225\r\n114.248.92.51\r\n114.248.93.106\r\n114.248.93.112\r\n114.248.93.138\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 3 of 71\n\n114.248.93.150\r\n114.248.93.169\r\n114.248.93.192\r\n114.248.93.199\r\n114.248.93.223\r\n114.248.93.225\r\n114.248.93.29\r\n114.248.94.157\r\n114.248.94.207\r\n114.248.94.208\r\n114.248.94.220\r\n114.248.95.122\r\n114.248.95.252\r\n114.248.95.49\r\n114.248.95.59\r\n114.248.95.76\r\n114.248.98.177\r\n114.249.17.36\r\n114.249.192.233\r\n114.249.192.240\r\n114.249.193.21\r\n114.249.193.224\r\n114.249.198.34\r\n114.249.200.189\r\n114.249.201.179\r\n114.249.202.183\r\n114.249.202.186\r\n114.249.203.14\r\n114.249.204.158\r\n114.249.204.231\r\n114.249.204.84\r\n114.249.205.239\r\n114.249.207.180\r\n114.249.21.11\r\n114.249.23.24\r\n114.249.26.166\r\n114.249.30.18\r\n114.249.30.231\r\n115.170.0.45\r\n115.170.0.72\r\n115.170.1.206\r\n115.170.10.130\r\n115.170.10.225\r\n115.170.100.226\r\n115.170.102.194\r\n115.170.102.206\r\n115.170.102.87\r\n115.170.103.103\r\n115.170.103.21\r\n115.170.103.64\r\n115.170.104.14\r\n115.170.105.173\r\n115.170.105.238\r\n115.170.105.79\r\n115.170.106.113\r\n115.170.106.227\r\n115.170.107.103\r\n115.170.107.36\r\n115.170.108.94\r\n115.170.109.87\r\n115.170.11.251\r\n115.170.110.15\r\n115.170.110.230\r\n115.170.112.223\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 4 of 71\n\n115.170.113.118\r\n115.170.114.108\r\n115.170.114.17\r\n115.170.114.6\r\n115.170.115.199\r\n115.170.117.59\r\n115.170.118.48\r\n115.170.120.127\r\n115.170.122.87\r\n115.170.124.23\r\n115.170.125.97\r\n115.170.126.173\r\n115.170.128.140\r\n115.170.128.43\r\n115.170.128.72\r\n115.170.129.116\r\n115.170.129.176\r\n115.170.129.181\r\n115.170.129.183\r\n115.170.130.74\r\n115.170.131.191\r\n115.170.131.4\r\n115.170.132.122\r\n115.170.132.123\r\n115.170.133.151\r\n115.170.133.165\r\n115.170.133.245\r\n115.170.134.107\r\n115.170.134.136\r\n115.170.134.225\r\n115.170.135.90\r\n115.170.136.213\r\n115.170.137.130\r\n115.170.138.132\r\n115.170.138.16\r\n115.170.139.90\r\n115.170.14.14\r\n115.170.140.232\r\n115.170.142.183\r\n115.170.146.231\r\n115.170.146.253\r\n115.170.153.134\r\n115.170.153.135\r\n115.170.157.205\r\n115.170.162.122\r\n115.170.163.131\r\n115.170.163.155\r\n115.170.166.132\r\n115.170.166.133\r\n115.170.166.32\r\n115.170.168.33\r\n115.170.170.122\r\n115.170.171.171\r\n115.170.172.161\r\n115.170.173.42\r\n115.170.173.75\r\n115.170.173.8\r\n115.170.174.246\r\n115.170.174.85\r\n115.170.175.206\r\n115.170.176.233\r\n115.170.177.113\r\n115.170.177.198\r\n115.170.183.100\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 5 of 71\n\n115.170.185.163\r\n115.170.187.43\r\n115.170.188.46\r\n115.170.188.77\r\n115.170.189.57\r\n115.170.19.79\r\n115.170.191.71\r\n115.170.191.95\r\n115.170.194.179\r\n115.170.194.66\r\n115.170.195.248\r\n115.170.197.19\r\n115.170.197.38\r\n115.170.197.82\r\n115.170.199.39\r\n115.170.20.200\r\n115.170.200.88\r\n115.170.202.130\r\n115.170.203.242\r\n115.170.204.136\r\n115.170.205.46\r\n115.170.206.142\r\n115.170.209.192\r\n115.170.209.203\r\n115.170.21.112\r\n115.170.210.246\r\n115.170.211.134\r\n115.170.211.51\r\n115.170.212.115\r\n115.170.212.157\r\n115.170.212.68\r\n115.170.212.70\r\n115.170.212.86\r\n115.170.215.138\r\n115.170.217.225\r\n115.170.219.235\r\n115.170.219.89\r\n115.170.221.125\r\n115.170.23.254\r\n115.170.231.191\r\n115.170.236.178\r\n115.170.237.235\r\n115.170.238.56\r\n115.170.24.217\r\n115.170.24.219\r\n115.170.24.220\r\n115.170.3.87\r\n115.170.30.49\r\n115.170.31.215\r\n115.170.32.127\r\n115.170.32.58\r\n115.170.32.65\r\n115.170.33.1\r\n115.170.34.247\r\n115.170.35.169\r\n115.170.35.185\r\n115.170.39.112\r\n115.170.39.228\r\n115.170.4.125\r\n115.170.4.175\r\n115.170.40.230\r\n115.170.41.43\r\n115.170.43.78\r\n115.170.45.173\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 6 of 71\n\n115.170.46.2\r\n115.170.47.39\r\n115.170.48.38\r\n115.170.49.223\r\n115.170.5.17\r\n115.170.52.198\r\n115.170.57.211\r\n115.170.6.11\r\n115.170.6.203\r\n115.170.6.252\r\n115.170.60.1\r\n115.170.61.137\r\n115.170.61.218\r\n115.170.62.54\r\n115.170.63.149\r\n115.170.63.221\r\n115.170.66.117\r\n115.170.67.116\r\n115.170.67.98\r\n115.170.68.177\r\n115.170.69.142\r\n115.170.69.155\r\n115.170.70.102\r\n115.170.96.119\r\n115.170.96.32\r\n115.170.97.137\r\n115.170.97.141\r\n115.170.97.235\r\n115.170.97.50\r\n115.170.99.132\r\n115.170.99.217\r\n115.170.99.40\r\n115.171.10.216\r\n115.171.100.183\r\n115.171.112.80\r\n115.171.114.160\r\n115.171.116.27\r\n115.171.118.227\r\n115.171.119.50\r\n115.171.121.27\r\n115.171.124.245\r\n115.171.127.215\r\n115.171.128.17\r\n115.171.132.26\r\n115.171.132.46\r\n115.171.135.11\r\n115.171.138.110\r\n115.171.139.104\r\n115.171.141.206\r\n115.171.143.109\r\n115.171.15.22\r\n115.171.15.58\r\n115.171.17.183\r\n115.171.18.98\r\n115.171.34.145\r\n115.171.37.160\r\n115.171.37.32\r\n115.171.38.40\r\n115.171.4.134\r\n115.171.4.239\r\n115.171.40.114\r\n115.171.41.235\r\n115.171.45.117\r\n115.171.46.36\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 7 of 71\n\n115.171.47.154\r\n115.171.47.8\r\n115.171.49.46\r\n115.171.5.76\r\n115.171.51.175\r\n115.171.61.159\r\n116.69.194.241\r\n116.69.44.161\r\n120.50.35.60\r\n122.147.136.56\r\n123.117.16.231\r\n123.117.16.92\r\n123.117.19.168\r\n123.117.20.202\r\n123.117.22.18\r\n123.120.100.101\r\n123.120.100.205\r\n123.120.100.41\r\n123.120.100.90\r\n123.120.101.100\r\n123.120.101.162\r\n123.120.101.189\r\n123.120.101.204\r\n123.120.101.23\r\n123.120.101.94\r\n123.120.102.114\r\n123.120.102.160\r\n123.120.102.212\r\n123.120.102.25\r\n123.120.102.252\r\n123.120.103.147\r\n123.120.103.242\r\n123.120.103.50\r\n123.120.103.6\r\n123.120.103.8\r\n123.120.104.16\r\n123.120.104.49\r\n123.120.104.77\r\n123.120.104.93\r\n123.120.105.159\r\n123.120.106.139\r\n123.120.106.234\r\n123.120.106.70\r\n123.120.106.92\r\n123.120.107.130\r\n123.120.107.173\r\n123.120.107.211\r\n123.120.107.6\r\n123.120.107.63\r\n123.120.107.82\r\n123.120.108.147\r\n123.120.108.176\r\n123.120.108.180\r\n123.120.108.2\r\n123.120.108.212\r\n123.120.108.245\r\n123.120.108.46\r\n123.120.108.71\r\n123.120.108.75\r\n123.120.108.98\r\n123.120.109.150\r\n123.120.109.158\r\n123.120.109.88\r\n123.120.110.172\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 8 of 71\n\n123.120.110.212\r\n123.120.110.233\r\n123.120.110.25\r\n123.120.110.4\r\n123.120.110.49\r\n123.120.110.52\r\n123.120.110.78\r\n123.120.111.168\r\n123.120.111.201\r\n123.120.112.147\r\n123.120.112.180\r\n123.120.112.218\r\n123.120.113.120\r\n123.120.113.17\r\n123.120.113.245\r\n123.120.113.251\r\n123.120.113.45\r\n123.120.114.185\r\n123.120.114.207\r\n123.120.114.208\r\n123.120.114.228\r\n123.120.114.242\r\n123.120.114.46\r\n123.120.114.90\r\n123.120.115.194\r\n123.120.115.210\r\n123.120.116.168\r\n123.120.116.181\r\n123.120.116.185\r\n123.120.116.52\r\n123.120.116.95\r\n123.120.117.100\r\n123.120.117.189\r\n123.120.117.214\r\n123.120.117.47\r\n123.120.117.74\r\n123.120.117.83\r\n123.120.118.101\r\n123.120.118.107\r\n123.120.118.127\r\n123.120.118.132\r\n123.120.118.139\r\n123.120.118.155\r\n123.120.118.180\r\n123.120.118.225\r\n123.120.118.98\r\n123.120.119.128\r\n123.120.119.144\r\n123.120.119.41\r\n123.120.119.62\r\n123.120.119.82\r\n123.120.120.154\r\n123.120.120.174\r\n123.120.120.235\r\n123.120.120.252\r\n123.120.120.3\r\n123.120.120.35\r\n123.120.120.79\r\n123.120.120.82\r\n123.120.120.86\r\n123.120.121.149\r\n123.120.121.164\r\n123.120.121.51\r\n123.120.121.53\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 9 of 71\n\n123.120.121.56\r\n123.120.121.6\r\n123.120.121.80\r\n123.120.122.102\r\n123.120.122.118\r\n123.120.122.141\r\n123.120.122.146\r\n123.120.122.158\r\n123.120.122.201\r\n123.120.122.3\r\n123.120.122.46\r\n123.120.122.88\r\n123.120.123.125\r\n123.120.123.184\r\n123.120.123.186\r\n123.120.123.229\r\n123.120.123.46\r\n123.120.123.82\r\n123.120.124.149\r\n123.120.124.16\r\n123.120.124.165\r\n123.120.124.168\r\n123.120.124.197\r\n123.120.124.33\r\n123.120.124.41\r\n123.120.124.43\r\n123.120.124.55\r\n123.120.124.74\r\n123.120.125.156\r\n123.120.125.225\r\n123.120.125.226\r\n123.120.125.245\r\n123.120.125.4\r\n123.120.126.103\r\n123.120.126.116\r\n123.120.126.127\r\n123.120.126.139\r\n123.120.126.140\r\n123.120.126.163\r\n123.120.126.186\r\n123.120.126.225\r\n123.120.126.23\r\n123.120.126.56\r\n123.120.126.60\r\n123.120.126.86\r\n123.120.127.143\r\n123.120.127.160\r\n123.120.127.210\r\n123.120.127.23\r\n123.120.127.59\r\n123.120.127.87\r\n123.120.96.128\r\n123.120.96.150\r\n123.120.96.159\r\n123.120.96.235\r\n123.120.97.101\r\n123.120.97.156\r\n123.120.97.193\r\n123.120.97.27\r\n123.120.98.116\r\n123.120.98.161\r\n123.120.98.22\r\n123.120.99.110\r\n123.120.99.151\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 10 of 71\n\n123.120.99.159\r\n123.120.99.190\r\n123.120.99.30\r\n123.120.99.39\r\n123.120.99.74\r\n123.120.99.86\r\n204.16.193.12\r\n209.11.241.144\r\n42.90.16.38\r\n42.90.21.154\r\n42.90.213.155\r\n42.90.224.201\r\n60.194.1.105\r\n65.19.157.229\r\ncount 35883\r\nfirst seen 2012-01-01 04:33:53 -0000\r\nlast seen 2012-12-03 23:00:20 -0000\r\nitsec.eicp.net. A 0.0.0.0\r\ncount 43\r\nfirst seen 2012-05-27 01:16:35 -0000\r\nlast seen 2012-05-27 02:25:19 -0000\r\nitsec.eicp.net. A 1.203.0.145\r\ncount 188\r\nfirst seen 2012-05-13 01:31:07 -0000\r\nlast seen 2012-05-13 06:09:04 -0000\r\nitsec.eicp.net. A 1.203.1.2\r\ncount 51\r\nfirst seen 2012-05-16 14:31:01 -0000\r\nlast seen 2012-05-16 17:13:18 -0000\r\nitsec.eicp.net. A 1.203.1.31\r\ncount 96\r\nfirst seen 2012-06-12 04:14:16 -0000\r\nlast seen 2012-06-12 16:43:38 -0000\r\nitsec.eicp.net. A 1.203.1.74\r\ncount 111\r\nfirst seen 2012-05-26 00:19:17 -0000\r\nlast seen 2012-05-26 15:49:18 -0000\r\nitsec.eicp.net. A 1.203.2.67\r\ncount 4\r\nfirst seen 2012-05-24 04:21:46 -0000\r\nlast seen 2012-05-24 06:19:19 -0000\r\nitsec.eicp.net. A 1.203.2.104\r\ncount 2\r\nfirst seen 2012-06-13 04:20:05 -0000\r\nlast seen 2012-06-13 05:20:05 -0000\r\nitsec.eicp.net. A 1.203.2.146\r\ncount 276\r\nfirst seen 2012-06-08 17:19:11 -0000\r\nlast seen 2012-06-09 00:19:10 -0000\r\nitsec.eicp.net. A 1.203.2.180\r\ncount 1\r\nfirst seen 2012-06-13 11:50:04 -0000\r\nlast seen 2012-06-13 11:50:04 -0000\r\nitsec.eicp.net. A 1.203.3.50\r\ncount 38\r\nfirst seen 2012-03-21 15:48:49 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 11 of 71\n\nlast seen 2012-03-21 19:16:29 -0000\r\nitsec.eicp.net. A 1.203.3.53\r\ncount 23\r\nfirst seen 2012-03-30 04:30:09 -0000\r\nlast seen 2012-03-30 05:42:41 -0000\r\nitsec.eicp.net. A 1.203.7.121\r\ncount 15\r\nfirst seen 2012-10-21 07:24:44 -0000\r\nlast seen 2012-10-21 15:00:55 -0000\r\nitsec.eicp.net. A 1.203.7.234\r\ncount 33\r\nfirst seen 2012-04-10 04:32:49 -0000\r\nlast seen 2012-04-10 06:05:03 -0000\r\nitsec.eicp.net. A 1.203.9.204\r\ncount 33\r\nfirst seen 2012-05-25 04:19:20 -0000\r\nlast seen 2012-05-25 06:19:17 -0000\r\nitsec.eicp.net. A 1.203.10.5\r\ncount 10\r\nfirst seen 2012-09-25 03:03:33 -0000\r\nlast seen 2012-09-25 08:40:07 -0000\r\nitsec.eicp.net. A 1.203.10.99\r\ncount 1141\r\nfirst seen 2012-09-08 14:15:40 -0000\r\nlast seen 2012-09-09 23:35:19 -0000\r\nitsec.eicp.net. A 1.203.10.220\r\ncount 14\r\nfirst seen 2012-07-30 11:00:01 -0000\r\nlast seen 2012-07-30 23:40:01 -0000\r\nitsec.eicp.net. A 1.203.11.44\r\ncount 13\r\nfirst seen 2012-04-26 14:33:48 -0000\r\nlast seen 2012-04-26 15:15:38 -0000\r\nitsec.eicp.net. A 1.203.12.38\r\ncount 4\r\nfirst seen 2012-05-21 13:19:20 -0000\r\nlast seen 2012-05-21 15:49:20 -0000\r\nitsec.eicp.net. A 1.203.13.190\r\ncount 5\r\nfirst seen 2012-10-01 13:16:07 -0000\r\nlast seen 2012-10-01 13:47:24 -0000\r\nitsec.eicp.net. A 1.203.14.147\r\ncount 6\r\nfirst seen 2012-05-13 01:25:21 -0000\r\nlast seen 2012-05-13 01:30:06 -0000\r\nitsec.eicp.net. A 1.203.15.95\r\ncount 20\r\nfirst seen 2012-07-16 13:44:57 -0000\r\nlast seen 2012-07-16 23:14:57 -0000\r\nitsec.eicp.net. A 1.203.15.234\r\ncount 231\r\nfirst seen 2012-05-15 13:46:15 -0000\r\nlast seen 2012-05-15 23:56:53 -0000\r\nitsec.eicp.net. A 1.203.17.16\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 12 of 71\n\ncount 7\r\nfirst seen 2012-11-21 11:59:57 -0000\r\nlast seen 2012-11-21 17:39:55 -0000\r\nitsec.eicp.net. A 1.203.17.192\r\ncount 6\r\nfirst seen 2012-06-03 07:19:14 -0000\r\nlast seen 2012-06-03 12:19:13 -0000\r\nitsec.eicp.net. A 1.203.18.5\r\ncount 18\r\nfirst seen 2012-05-17 14:17:24 -0000\r\nlast seen 2012-05-17 15:37:32 -0000\r\nitsec.eicp.net. A 1.203.18.11\r\ncount 251\r\nfirst seen 2012-09-10 11:40:08 -0000\r\nlast seen 2012-09-10 23:40:58 -0000\r\nitsec.eicp.net. A 1.203.18.65\r\ncount 1\r\nfirst seen 2012-09-24 04:20:07 -0000\r\nlast seen 2012-09-24 04:20:07 -0000\r\nitsec.eicp.net. A 1.203.19.156\r\ncount 2\r\nfirst seen 2012-08-04 14:59:59 -0000\r\nlast seen 2012-08-04 15:19:59 -0000\r\nitsec.eicp.net. A 1.203.19.210\r\ncount 5\r\nfirst seen 2012-03-13 16:36:58 -0000\r\nlast seen 2012-03-13 17:31:37 -0000\r\nitsec.eicp.net. A 1.203.20.121\r\ncount 11\r\nfirst seen 2012-09-13 04:13:25 -0000\r\nlast seen 2012-09-13 05:00:10 -0000\r\nitsec.eicp.net. A 1.203.21.177\r\ncount 2\r\nfirst seen 2012-06-05 04:49:13 -0000\r\nlast seen 2012-06-05 05:49:13 -0000\r\nitsec.eicp.net. A 1.203.24.239\r\ncount 2\r\nfirst seen 2012-07-24 06:20:04 -0000\r\nlast seen 2012-07-24 06:40:03 -0000\r\nitsec.eicp.net. A 1.203.25.244\r\ncount 10\r\nfirst seen 2012-10-20 03:45:20 -0000\r\nlast seen 2012-10-20 07:40:10 -0000\r\nitsec.eicp.net. A 1.203.26.24\r\ncount 441\r\nfirst seen 2012-06-18 13:29:03 -0000\r\nlast seen 2012-06-19 04:22:45 -0000\r\nitsec.eicp.net. A 1.203.29.42\r\ncount 2\r\nfirst seen 2012-09-03 13:58:24 -0000\r\nlast seen 2012-09-03 15:31:36 -0000\r\nitsec.eicp.net. A 1.203.30.194\r\ncount 5\r\nfirst seen 2012-07-17 04:44:57 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 13 of 71\n\nlast seen 2012-07-17 06:29:57 -0000\r\nitsec.eicp.net. A 1.203.30.207\r\ncount 302\r\nfirst seen 2012-08-30 16:29:53 -0000\r\nlast seen 2012-08-30 23:00:03 -0000\r\nitsec.eicp.net. A 1.203.30.209\r\ncount 16\r\nfirst seen 2012-07-22 04:00:05 -0000\r\nlast seen 2012-07-22 23:30:06 -0000\r\nitsec.eicp.net. A 1.203.30.222\r\ncount 374\r\nfirst seen 2012-04-14 13:53:35 -0000\r\nlast seen 2012-04-15 12:34:27 -0000\r\nitsec.eicp.net. A 1.203.31.150\r\ncount 13\r\nfirst seen 2012-11-05 12:40:04 -0000\r\nlast seen 2012-11-05 23:20:03 -0000\r\nitsec.eicp.net. A 1.203.31.195\r\ncount 121\r\nfirst seen 2012-06-15 04:50:03 -0000\r\nlast seen 2012-06-16 00:20:03 -0000\r\nitsec.eicp.net. A 1.203.32.224\r\ncount 18\r\nfirst seen 2012-11-23 12:59:55 -0000\r\nlast seen 2012-11-24 01:59:55 -0000\r\nitsec.eicp.net. A 1.203.34.234\r\ncount 8\r\nfirst seen 2012-05-13 06:19:30 -0000\r\nlast seen 2012-05-13 07:42:35 -0000\r\nitsec.eicp.net. A 1.203.35.154\r\ncount 62\r\nfirst seen 2012-06-23 00:33:11 -0000\r\nlast seen 2012-06-23 13:20:03 -0000\r\nitsec.eicp.net. A 1.203.39.175\r\ncount 9\r\nfirst seen 2012-10-31 13:40:07 -0000\r\nlast seen 2012-10-31 23:00:09 -0000\r\nitsec.eicp.net. A 1.203.39.230\r\ncount 23\r\nfirst seen 2012-11-02 22:40:06 -0000\r\nlast seen 2012-11-03 07:00:11 -0000\r\nitsec.eicp.net. A 1.203.40.174\r\ncount 115\r\nfirst seen 2012-05-27 02:26:19 -0000\r\nlast seen 2012-05-27 11:19:17 -0000\r\nitsec.eicp.net. A 1.203.40.184\r\ncount 277\r\nfirst seen 2012-10-06 09:20:03 -0000\r\nlast seen 2012-10-07 00:03:51 -0000\r\nitsec.eicp.net. A 1.203.42.67\r\ncount 3\r\nfirst seen 2012-05-07 04:19:35 -0000\r\nlast seen 2012-05-07 05:49:34 -0000\r\nitsec.eicp.net. A 1.203.43.157\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 14 of 71\n\ncount 15\r\nfirst seen 2012-06-23 13:50:03 -0000\r\nlast seen 2012-06-23 23:50:03 -0000\r\nitsec.eicp.net. A 1.203.43.198\r\ncount 28\r\nfirst seen 2012-07-07 21:59:59 -0000\r\nlast seen 2012-07-08 11:59:59 -0000\r\nitsec.eicp.net. A 1.203.44.197\r\ncount 4\r\nfirst seen 2012-05-25 10:19:18 -0000\r\nlast seen 2012-05-25 14:49:18 -0000\r\nitsec.eicp.net. A 1.203.45.36\r\ncount 1\r\nfirst seen 2012-09-11 15:00:11 -0000\r\nlast seen 2012-09-11 15:00:11 -0000\r\nitsec.eicp.net. A 1.203.47.53\r\ncount 37\r\nfirst seen 2012-07-10 08:29:58 -0000\r\nlast seen 2012-07-10 22:44:59 -0000\r\nitsec.eicp.net. A 1.203.48.243\r\ncount 23\r\nfirst seen 2012-10-14 11:44:13 -0000\r\nlast seen 2012-10-14 13:41:36 -0000\r\nitsec.eicp.net. A 1.203.50.146\r\ncount 2\r\nfirst seen 2012-01-23 18:33:43 -0000\r\nlast seen 2012-01-24 00:33:07 -0000\r\nitsec.eicp.net. A 1.203.51.149\r\ncount 368\r\nfirst seen 2012-04-02 13:57:02 -0000\r\nlast seen 2012-04-03 13:58:25 -0000\r\nitsec.eicp.net. A 1.203.53.41\r\ncount 116\r\nfirst seen 2012-10-23 13:47:03 -0000\r\nlast seen 2012-10-23 23:58:05 -0000\r\nitsec.eicp.net. A 1.203.54.227\r\ncount 5\r\nfirst seen 2012-09-03 04:18:31 -0000\r\nlast seen 2012-09-03 04:22:18 -0000\r\nitsec.eicp.net. A 1.203.56.206\r\ncount 13\r\nfirst seen 2012-11-23 04:39:55 -0000\r\nlast seen 2012-11-23 11:59:55 -0000\r\nitsec.eicp.net. A 1.203.56.239\r\ncount 239\r\nfirst seen 2012-09-18 10:40:08 -0000\r\nlast seen 2012-09-18 23:51:31 -0000\r\nitsec.eicp.net. A 1.203.59.47\r\ncount 1\r\nfirst seen 2012-07-14 11:29:58 -0000\r\nlast seen 2012-07-14 11:29:58 -0000\r\nitsec.eicp.net. A 1.203.60.36\r\ncount 4\r\nfirst seen 2012-07-06 14:45:00 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 15 of 71\n\nlast seen 2012-07-06 15:45:00 -0000\r\nitsec.eicp.net. A 1.203.60.113\r\ncount 7\r\nfirst seen 2012-02-24 13:49:53 -0000\r\nlast seen 2012-02-25 00:49:52 -0000\r\nitsec.eicp.net. A 1.203.65.120\r\ncount 212\r\nfirst seen 2012-04-15 12:51:55 -0000\r\nlast seen 2012-04-15 23:51:42 -0000\r\nitsec.eicp.net. A 1.203.68.172\r\ncount 3\r\nfirst seen 2012-11-07 14:20:03 -0000\r\nlast seen 2012-11-07 16:00:11 -0000\r\nitsec.eicp.net. A 1.203.69.112\r\ncount 1\r\nfirst seen 2012-02-16 04:42:42 -0000\r\nlast seen 2012-02-16 04:42:42 -0000\r\nitsec.eicp.net. A 1.203.69.142\r\ncount 45\r\nfirst seen 2012-09-17 04:18:23 -0000\r\nlast seen 2012-09-17 06:13:55 -0000\r\nitsec.eicp.net. A 1.203.72.159\r\ncount 31\r\nfirst seen 2012-05-07 12:52:52 -0000\r\nlast seen 2012-05-07 15:02:11 -0000\r\nitsec.eicp.net. A 1.203.74.176\r\ncount 7\r\nfirst seen 2012-02-28 17:19:48 -0000\r\nlast seen 2012-02-29 00:49:48 -0000\r\nitsec.eicp.net. A 1.203.74.187\r\ncount 213\r\nfirst seen 2012-09-30 00:40:05 -0000\r\nlast seen 2012-09-30 07:40:05 -0000\r\nitsec.eicp.net. A 1.203.80.110\r\ncount 2\r\nfirst seen 2012-10-28 10:20:08 -0000\r\nlast seen 2012-10-28 11:20:07 -0000\r\nitsec.eicp.net. A 1.203.84.191\r\ncount 194\r\nfirst seen 2012-04-05 04:52:30 -0000\r\nlast seen 2012-04-05 13:53:34 -0000\r\nitsec.eicp.net. A 1.203.86.130\r\ncount 13\r\nfirst seen 2012-10-30 14:00:08 -0000\r\nlast seen 2012-10-30 19:20:07 -0000\r\nitsec.eicp.net. A 1.203.89.139\r\ncount 42\r\nfirst seen 2012-03-21 03:01:47 -0000\r\nlast seen 2012-03-21 07:05:04 -0000\r\nitsec.eicp.net. A 1.203.91.18\r\ncount 59\r\nfirst seen 2012-03-09 15:42:46 -0000\r\nlast seen 2012-03-10 00:03:05 -0000\r\nitsec.eicp.net. A 1.203.95.163\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 16 of 71\n\ncount 110\r\nfirst seen 2012-03-30 14:54:39 -0000\r\nlast seen 2012-03-30 21:14:00 -0000\r\nitsec.eicp.net. A 1.203.97.206\r\ncount 8\r\nfirst seen 2012-11-06 04:20:04 -0000\r\nlast seen 2012-11-06 08:40:03 -0000\r\nitsec.eicp.net. A 1.203.98.98\r\ncount 22\r\nfirst seen 2012-03-29 04:49:54 -0000\r\nlast seen 2012-03-29 05:56:09 -0000\r\nitsec.eicp.net. A 1.203.99.36\r\ncount 1\r\nfirst seen 2011-10-13 15:49:33 -0000\r\nlast seen 2011-10-13 15:49:33 -0000\r\nitsec.eicp.net. A 1.203.99.111\r\ncount 59\r\nfirst seen 2012-03-19 15:49:59 -0000\r\nlast seen 2012-03-20 01:18:52 -0000\r\nitsec.eicp.net. A 1.203.100.232\r\ncount 21\r\nfirst seen 2012-04-08 14:24:11 -0000\r\nlast seen 2012-04-08 15:24:43 -0000\r\nitsec.eicp.net. A 1.203.102.63\r\ncount 1\r\nfirst seen 2011-12-04 14:33:49 -0000\r\nlast seen 2011-12-04 14:33:49 -0000\r\nitsec.eicp.net. A 1.203.102.251\r\ncount 359\r\nfirst seen 2012-09-24 13:40:06 -0000\r\nlast seen 2012-09-25 03:02:32 -0000\r\nitsec.eicp.net. A 1.203.103.227\r\ncount 21\r\nfirst seen 2012-04-30 09:49:41 -0000\r\nlast seen 2012-04-30 14:20:13 -0000\r\nitsec.eicp.net. A 1.203.104.45\r\ncount 61\r\nfirst seen 2012-05-09 04:12:56 -0000\r\nlast seen 2012-05-09 06:36:53 -0000\r\nitsec.eicp.net. A 1.203.106.150\r\ncount 355\r\nfirst seen 2012-10-12 09:29:20 -0000\r\nlast seen 2012-10-12 23:38:36 -0000\r\nitsec.eicp.net. A 1.203.107.125\r\ncount 1\r\nfirst seen 2011-12-27 20:34:41 -0000\r\nlast seen 2011-12-27 20:34:41 -0000\r\nitsec.eicp.net. A 1.203.107.200\r\ncount 1\r\nfirst seen 2012-05-08 04:19:34 -0000\r\nlast seen 2012-05-08 04:19:34 -0000\r\nitsec.eicp.net. A 1.203.108.46\r\ncount 108\r\nfirst seen 2012-09-21 08:00:09 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 17 of 71\n\nlast seen 2012-09-21 22:40:06 -0000\r\nitsec.eicp.net. A 1.203.109.193\r\ncount 10\r\nfirst seen 2012-11-20 10:39:56 -0000\r\nlast seen 2012-11-20 22:59:56 -0000\r\nitsec.eicp.net. A 1.203.112.147\r\ncount 2\r\nfirst seen 2012-01-26 04:33:23 -0000\r\nlast seen 2012-01-26 06:34:49 -0000\r\nitsec.eicp.net. A 1.203.112.178\r\ncount 7\r\nfirst seen 2012-10-25 02:42:39 -0000\r\nlast seen 2012-10-25 06:00:10 -0000\r\nitsec.eicp.net. A 1.203.113.2\r\ncount 11\r\nfirst seen 2012-11-16 08:19:59 -0000\r\nlast seen 2012-11-16 17:19:58 -0000\r\nitsec.eicp.net. A 1.203.114.165\r\ncount 13\r\nfirst seen 2012-12-01 04:40:20 -0000\r\nlast seen 2012-12-01 13:40:21 -0000\r\nitsec.eicp.net. A 1.203.118.19\r\ncount 1\r\nfirst seen 2012-01-04 14:35:20 -0000\r\nlast seen 2012-01-04 14:35:20 -0000\r\nitsec.eicp.net. A 1.203.123.29\r\ncount 1\r\nfirst seen 2012-10-19 14:40:12 -0000\r\nlast seen 2012-10-19 14:40:12 -0000\r\nitsec.eicp.net. A 1.203.123.68\r\ncount 213\r\nfirst seen 2012-10-22 12:20:09 -0000\r\nlast seen 2012-10-22 23:20:09 -0000\r\nitsec.eicp.net. A 1.203.123.83\r\ncount 38\r\nfirst seen 2012-04-13 04:19:45 -0000\r\nlast seen 2012-04-13 05:57:52 -0000\r\nitsec.eicp.net. A 1.203.125.201\r\ncount 62\r\nfirst seen 2012-03-07 16:43:44 -0000\r\nlast seen 2012-03-08 00:10:18 -0000\r\nitsec.eicp.net. A 1.203.125.248\r\ncount 11\r\nfirst seen 2012-03-08 06:09:11 -0000\r\nlast seen 2012-03-08 07:26:47 -0000\r\nitsec.eicp.net. A 1.203.132.54\r\ncount 1\r\nfirst seen 2012-03-15 17:50:03 -0000\r\nlast seen 2012-03-15 17:50:03 -0000\r\nitsec.eicp.net. A 1.203.132.236\r\ncount 3\r\nfirst seen 2012-03-22 09:49:57 -0000\r\nlast seen 2012-03-22 10:49:58 -0000\r\nitsec.eicp.net. A 1.203.135.238\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 18 of 71\n\ncount 1\r\nfirst seen 2011-12-29 10:31:41 -0000\r\nlast seen 2011-12-29 10:31:41 -0000\r\nitsec.eicp.net. A 1.203.137.25\r\ncount 448\r\nfirst seen 2012-04-19 04:37:55 -0000\r\nlast seen 2012-04-19 23:41:20 -0000\r\nitsec.eicp.net. A 1.203.139.94\r\ncount 110\r\nfirst seen 2012-03-25 14:41:20 -0000\r\nlast seen 2012-03-26 03:58:37 -0000\r\nitsec.eicp.net. A 1.203.139.148\r\ncount 179\r\nfirst seen 2012-03-29 14:25:09 -0000\r\nlast seen 2012-03-29 23:32:29 -0000\r\nitsec.eicp.net. A 1.203.142.100\r\ncount 604\r\nfirst seen 2012-03-31 04:49:14 -0000\r\nlast seen 2012-04-01 13:25:24 -0000\r\nitsec.eicp.net. A 1.203.142.111\r\ncount 759\r\nfirst seen 2012-08-11 02:45:34 -0000\r\nlast seen 2012-08-14 02:39:56 -0000\r\nitsec.eicp.net. A 42.90.16.38\r\ncount 2\r\nfirst seen 2012-08-07 09:59:58 -0000\r\nlast seen 2012-08-07 12:39:58 -0000\r\nitsec.eicp.net. A 42.90.21.154\r\ncount 1\r\nfirst seen 2012-08-14 02:59:56 -0000\r\nlast seen 2012-08-14 02:59:56 -0000\r\nitsec.eicp.net. A 42.90.213.155\r\ncount 892\r\nfirst seen 2012-08-14 04:59:56 -0000\r\nlast seen 2012-08-21 12:00:07 -0000\r\nitsec.eicp.net. A 42.90.224.201\r\ncount 914\r\nfirst seen 2012-08-27 03:45:50 -0000\r\nlast seen 2012-09-05 02:46:27 -0000\r\nitsec.eicp.net. A 60.194.1.105\r\ncount 12\r\nfirst seen 2011-09-22 21:54:21 -0000\r\nlast seen 2011-10-09 01:59:50 -0000\r\nitsec.eicp.net. A 65.19.157.229\r\ncount 6\r\nfirst seen 2012-02-25 07:19:52 -0000\r\nlast seen 2012-02-25 11:49:52 -0000\r\nitsec.eicp.net. A 111.194.92.111\r\ncount 81\r\nfirst seen 2012-03-06 01:40:11 -0000\r\nlast seen 2012-03-06 16:05:07 -0000\r\nitsec.eicp.net. A 111.194.92.203\r\ncount 8\r\nfirst seen 2012-03-13 01:50:05 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 19 of 71\n\nlast seen 2012-03-13 04:11:27 -0000\r\nitsec.eicp.net. A 111.194.93.62\r\ncount 5\r\nfirst seen 2012-03-31 01:23:41 -0000\r\nlast seen 2012-03-31 01:38:31 -0000\r\nitsec.eicp.net. A 111.194.93.67\r\ncount 103\r\nfirst seen 2012-03-19 02:03:14 -0000\r\nlast seen 2012-03-19 15:39:57 -0000\r\nitsec.eicp.net. A 111.194.93.187\r\ncount 18\r\nfirst seen 2012-03-27 02:40:30 -0000\r\nlast seen 2012-03-27 03:31:49 -0000\r\nitsec.eicp.net. A 111.194.94.99\r\ncount 4\r\nfirst seen 2012-03-01 12:49:48 -0000\r\nlast seen 2012-03-01 15:49:47 -0000\r\nitsec.eicp.net. A 111.194.94.141\r\ncount 20\r\nfirst seen 2012-03-13 05:50:05 -0000\r\nlast seen 2012-03-13 15:46:49 -0000\r\nitsec.eicp.net. A 111.194.94.188\r\ncount 50\r\nfirst seen 2012-03-30 06:42:06 -0000\r\nlast seen 2012-03-30 09:16:46 -0000\r\nitsec.eicp.net. A 111.194.96.44\r\ncount 10\r\nfirst seen 2012-03-17 02:15:39 -0000\r\nlast seen 2012-03-17 03:12:28 -0000\r\nitsec.eicp.net. A 111.194.96.100\r\ncount 2\r\nfirst seen 2012-02-22 10:36:03 -0000\r\nlast seen 2012-02-22 12:34:48 -0000\r\nitsec.eicp.net. A 111.194.96.194\r\ncount 2\r\nfirst seen 2012-02-27 13:49:50 -0000\r\nlast seen 2012-02-27 14:49:50 -0000\r\nitsec.eicp.net. A 111.194.97.55\r\ncount 48\r\nfirst seen 2012-03-10 03:00:42 -0000\r\nlast seen 2012-03-10 12:51:14 -0000\r\nitsec.eicp.net. A 111.194.97.128\r\ncount 71\r\nfirst seen 2012-03-12 01:52:19 -0000\r\nlast seen 2012-03-12 15:46:40 -0000\r\nitsec.eicp.net. A 111.194.98.34\r\ncount 59\r\nfirst seen 2012-03-17 03:32:00 -0000\r\nlast seen 2012-03-17 12:59:43 -0000\r\nitsec.eicp.net. A 111.194.99.29\r\ncount 22\r\nfirst seen 2012-03-15 01:29:19 -0000\r\nlast seen 2012-03-15 05:08:40 -0000\r\nitsec.eicp.net. A 111.194.101.196\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 20 of 71\n\ncount 8\r\nfirst seen 2012-03-07 04:09:14 -0000\r\nlast seen 2012-03-07 05:19:44 -0000\r\nitsec.eicp.net. A 111.194.104.129\r\ncount 30\r\nfirst seen 2012-03-16 07:16:56 -0000\r\nlast seen 2012-03-16 12:52:19 -0000\r\nitsec.eicp.net. A 111.194.104.220\r\ncount 8\r\nfirst seen 2012-02-27 02:49:51 -0000\r\nlast seen 2012-02-27 10:19:50 -0000\r\nitsec.eicp.net. A 111.194.105.63\r\ncount 242\r\nfirst seen 2012-03-03 01:54:54 -0000\r\nlast seen 2012-03-05 00:19:45 -0000\r\nitsec.eicp.net. A 111.194.106.206\r\ncount 14\r\nfirst seen 2012-03-08 01:26:10 -0000\r\nlast seen 2012-03-08 05:26:20 -0000\r\nitsec.eicp.net. A 111.194.106.225\r\ncount 1\r\nfirst seen 2012-02-23 08:39:14 -0000\r\nlast seen 2012-02-23 08:39:14 -0000\r\nitsec.eicp.net. A 111.194.107.0\r\ncount 23\r\nfirst seen 2012-03-29 06:12:56 -0000\r\nlast seen 2012-03-29 07:39:08 -0000\r\nitsec.eicp.net. A 111.194.108.247\r\ncount 13\r\nfirst seen 2012-03-26 04:03:39 -0000\r\nlast seen 2012-03-26 05:26:40 -0000\r\nitsec.eicp.net. A 111.194.109.36\r\ncount 70\r\nfirst seen 2012-03-14 01:55:25 -0000\r\nlast seen 2012-03-14 16:21:20 -0000\r\nitsec.eicp.net. A 111.194.109.202\r\ncount 17\r\nfirst seen 2012-03-22 01:33:54 -0000\r\nlast seen 2012-03-22 04:53:07 -0000\r\nitsec.eicp.net. A 111.194.111.0\r\ncount 2\r\nfirst seen 2012-02-25 02:49:52 -0000\r\nlast seen 2012-02-25 03:49:53 -0000\r\nitsec.eicp.net. A 111.194.111.16\r\ncount 1\r\nfirst seen 2012-02-28 16:19:50 -0000\r\nlast seen 2012-02-28 16:19:50 -0000\r\nitsec.eicp.net. A 111.194.116.110\r\ncount 139\r\nfirst seen 2012-03-22 13:49:58 -0000\r\nlast seen 2012-03-23 14:29:46 -0000\r\nitsec.eicp.net. A 111.194.116.160\r\ncount 35\r\nfirst seen 2012-03-07 12:19:44 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 21 of 71\n\nlast seen 2012-03-07 16:28:07 -0000\r\nitsec.eicp.net. A 111.194.119.106\r\ncount 90\r\nfirst seen 2012-03-08 13:07:02 -0000\r\nlast seen 2012-03-09 01:14:27 -0000\r\nitsec.eicp.net. A 111.194.120.159\r\ncount 3\r\nfirst seen 2012-03-21 12:50:45 -0000\r\nlast seen 2012-03-21 12:52:49 -0000\r\nitsec.eicp.net. A 111.194.123.34\r\ncount 26\r\nfirst seen 2012-09-03 23:51:42 -0000\r\nlast seen 2012-09-04 00:17:28 -0000\r\nitsec.eicp.net. A 114.248.80.81\r\ncount 141\r\nfirst seen 2012-08-27 23:57:15 -0000\r\nlast seen 2012-08-28 05:39:57 -0000\r\nitsec.eicp.net. A 114.248.80.84\r\ncount 133\r\nfirst seen 2012-04-17 09:23:55 -0000\r\nlast seen 2012-04-17 15:07:00 -0000\r\nitsec.eicp.net. A 114.248.80.175\r\ncount 2\r\nfirst seen 2012-06-24 07:50:03 -0000\r\nlast seen 2012-06-24 09:20:03 -0000\r\nitsec.eicp.net. A 114.248.80.241\r\ncount 76\r\nfirst seen 2012-09-14 01:09:22 -0000\r\nlast seen 2012-09-14 02:13:45 -0000\r\nitsec.eicp.net. A 114.248.81.30\r\ncount 1\r\nfirst seen 2012-06-19 07:50:02 -0000\r\nlast seen 2012-06-19 07:50:02 -0000\r\nitsec.eicp.net. A 114.248.81.42\r\ncount 3\r\nfirst seen 2012-09-11 08:00:10 -0000\r\nlast seen 2012-09-11 09:40:10 -0000\r\nitsec.eicp.net. A 114.248.81.127\r\ncount 8\r\nfirst seen 2012-10-19 00:18:36 -0000\r\nlast seen 2012-10-19 01:55:44 -0000\r\nitsec.eicp.net. A 114.248.81.151\r\ncount 14\r\nfirst seen 2012-05-04 01:22:31 -0000\r\nlast seen 2012-05-04 08:19:36 -0000\r\nitsec.eicp.net. A 114.248.81.155\r\ncount 2\r\nfirst seen 2012-12-04 00:00:19 -0000\r\nlast seen 2012-12-04 00:40:20 -0000\r\nitsec.eicp.net. A 114.248.81.157\r\ncount 1\r\nfirst seen 2011-09-28 10:01:39 -0000\r\nlast seen 2011-09-28 10:01:39 -0000\r\nitsec.eicp.net. A 114.248.81.230\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 22 of 71\n\ncount 72\r\nfirst seen 2012-05-16 23:37:36 -0000\r\nlast seen 2012-05-17 03:41:39 -0000\r\nitsec.eicp.net. A 114.248.81.247\r\ncount 22\r\nfirst seen 2012-04-12 02:16:28 -0000\r\nlast seen 2012-04-12 03:41:24 -0000\r\nitsec.eicp.net. A 114.248.81.253\r\ncount 4\r\nfirst seen 2012-09-29 00:20:06 -0000\r\nlast seen 2012-09-29 02:20:06 -0000\r\nitsec.eicp.net. A 114.248.82.66\r\ncount 61\r\nfirst seen 2012-09-02 14:14:46 -0000\r\nlast seen 2012-09-02 15:28:25 -0000\r\nitsec.eicp.net. A 114.248.82.128\r\ncount 48\r\nfirst seen 2012-05-16 06:10:05 -0000\r\nlast seen 2012-07-17 09:44:57 -0000\r\nitsec.eicp.net. A 114.248.82.195\r\ncount 17\r\nfirst seen 2012-04-24 02:49:37 -0000\r\nlast seen 2012-04-24 13:49:36 -0000\r\nitsec.eicp.net. A 114.248.83.28\r\ncount 2\r\nfirst seen 2012-08-31 03:00:07 -0000\r\nlast seen 2012-08-31 03:00:10 -0000\r\nitsec.eicp.net. A 114.248.83.98\r\ncount 6\r\nfirst seen 2012-08-27 07:43:44 -0000\r\nlast seen 2012-08-27 09:40:04 -0000\r\nitsec.eicp.net. A 114.248.83.161\r\ncount 9\r\nfirst seen 2012-09-04 02:36:12 -0000\r\nlast seen 2012-09-04 02:43:46 -0000\r\nitsec.eicp.net. A 114.248.84.64\r\ncount 5\r\nfirst seen 2012-07-23 01:00:05 -0000\r\nlast seen 2012-07-23 04:20:04 -0000\r\nitsec.eicp.net. A 114.248.84.79\r\ncount 7\r\nfirst seen 2012-11-09 01:00:02 -0000\r\nlast seen 2012-11-09 07:00:03 -0000\r\nitsec.eicp.net. A 114.248.84.134\r\ncount 7\r\nfirst seen 2012-06-21 06:20:03 -0000\r\nlast seen 2012-06-21 13:25:21 -0000\r\nitsec.eicp.net. A 114.248.84.170\r\ncount 80\r\nfirst seen 2012-05-09 06:41:46 -0000\r\nlast seen 2012-05-09 09:52:58 -0000\r\nitsec.eicp.net. A 114.248.84.171\r\ncount 1\r\nfirst seen 2012-11-30 09:59:54 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 23 of 71\n\nlast seen 2012-11-30 09:59:54 -0000\r\nitsec.eicp.net. A 114.248.84.180\r\ncount 48\r\nfirst seen 2012-05-14 23:45:21 -0000\r\nlast seen 2012-05-15 03:43:13 -0000\r\nitsec.eicp.net. A 114.248.84.201\r\ncount 1\r\nfirst seen 2012-02-08 07:03:41 -0000\r\nlast seen 2012-02-08 07:03:41 -0000\r\nitsec.eicp.net. A 114.248.85.21\r\ncount 2\r\nfirst seen 2012-06-26 08:50:01 -0000\r\nlast seen 2012-06-26 09:20:02 -0000\r\nitsec.eicp.net. A 114.248.85.150\r\ncount 1\r\nfirst seen 2011-12-07 04:38:28 -0000\r\nlast seen 2011-12-07 04:38:28 -0000\r\nitsec.eicp.net. A 114.248.85.154\r\ncount 3\r\nfirst seen 2012-06-26 00:50:03 -0000\r\nlast seen 2012-06-26 03:20:02 -0000\r\nitsec.eicp.net. A 114.248.85.159\r\ncount 1\r\nfirst seen 2011-12-29 06:32:16 -0000\r\nlast seen 2011-12-29 06:32:16 -0000\r\nitsec.eicp.net. A 114.248.85.188\r\ncount 3\r\nfirst seen 2012-05-24 09:49:20 -0000\r\nlast seen 2012-05-24 13:49:18 -0000\r\nitsec.eicp.net. A 114.248.85.189\r\ncount 4\r\nfirst seen 2012-09-18 06:20:08 -0000\r\nlast seen 2012-09-18 09:00:10 -0000\r\nitsec.eicp.net. A 114.248.85.197\r\ncount 5\r\nfirst seen 2012-09-04 08:00:10 -0000\r\nlast seen 2012-09-04 09:45:27 -0000\r\nitsec.eicp.net. A 114.248.85.204\r\ncount 2\r\nfirst seen 2012-07-18 07:30:09 -0000\r\nlast seen 2012-07-18 09:00:06 -0000\r\nitsec.eicp.net. A 114.248.85.236\r\ncount 7\r\nfirst seen 2012-08-29 06:34:10 -0000\r\nlast seen 2012-08-29 11:40:04 -0000\r\nitsec.eicp.net. A 114.248.86.59\r\ncount 3\r\nfirst seen 2012-07-11 04:00:00 -0000\r\nlast seen 2012-07-11 04:29:59 -0000\r\nitsec.eicp.net. A 114.248.86.76\r\ncount 3\r\nfirst seen 2012-09-26 07:40:05 -0000\r\nlast seen 2012-09-26 09:40:07 -0000\r\nitsec.eicp.net. A 114.248.86.108\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 24 of 71\n\ncount 50\r\nfirst seen 2010-12-02 06:10:06 -0000\r\nlast seen 2010-12-02 09:31:29 -0000\r\nitsec.eicp.net. A 114.248.86.206\r\ncount 6\r\nfirst seen 2012-09-10 01:43:08 -0000\r\nlast seen 2012-09-10 02:40:08 -0000\r\nitsec.eicp.net. A 114.248.86.232\r\ncount 21\r\nfirst seen 2012-09-18 23:52:16 -0000\r\nlast seen 2012-09-19 06:20:09 -0000\r\nitsec.eicp.net. A 114.248.86.240\r\ncount 662\r\nfirst seen 2012-10-27 00:55:01 -0000\r\nlast seen 2012-10-28 05:40:07 -0000\r\nitsec.eicp.net. A 114.248.87.28\r\ncount 2\r\nfirst seen 2012-05-07 02:49:35 -0000\r\nlast seen 2012-05-07 03:49:35 -0000\r\nitsec.eicp.net. A 114.248.87.142\r\ncount 23\r\nfirst seen 2012-12-03 00:20:21 -0000\r\nlast seen 2012-12-03 19:00:19 -0000\r\nitsec.eicp.net. A 114.248.87.150\r\ncount 3\r\nfirst seen 2012-05-23 01:24:41 -0000\r\nlast seen 2012-05-23 03:44:54 -0000\r\nitsec.eicp.net. A 114.248.87.227\r\ncount 1\r\nfirst seen 2012-04-10 03:33:27 -0000\r\nlast seen 2012-04-10 03:33:27 -0000\r\nitsec.eicp.net. A 114.248.88.35\r\ncount 7\r\nfirst seen 2012-05-22 08:19:20 -0000\r\nlast seen 2012-05-22 13:19:20 -0000\r\nitsec.eicp.net. A 114.248.88.39\r\ncount 3\r\nfirst seen 2012-06-25 01:20:02 -0000\r\nlast seen 2012-06-25 03:50:03 -0000\r\nitsec.eicp.net. A 114.248.88.44\r\ncount 37\r\nfirst seen 2012-05-09 01:45:00 -0000\r\nlast seen 2012-05-09 04:08:33 -0000\r\nitsec.eicp.net. A 114.248.88.46\r\ncount 19\r\nfirst seen 2012-05-16 00:47:35 -0000\r\nlast seen 2012-05-16 04:21:10 -0000\r\nitsec.eicp.net. A 114.248.88.98\r\ncount 1\r\nfirst seen 2012-11-02 00:40:06 -0000\r\nlast seen 2012-11-02 00:40:06 -0000\r\nitsec.eicp.net. A 114.248.88.125\r\ncount 3\r\nfirst seen 2012-05-17 06:12:47 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 25 of 71\n\nlast seen 2012-05-17 06:30:31 -0000\r\nitsec.eicp.net. A 114.248.88.142\r\ncount 34\r\nfirst seen 2012-11-19 01:19:57 -0000\r\nlast seen 2012-11-20 10:19:57 -0000\r\nitsec.eicp.net. A 114.248.88.144\r\ncount 3\r\nfirst seen 2012-08-28 07:40:05 -0000\r\nlast seen 2012-08-28 09:20:04 -0000\r\nitsec.eicp.net. A 114.248.88.166\r\ncount 170\r\nfirst seen 2012-04-18 06:36:49 -0000\r\nlast seen 2012-04-18 13:50:17 -0000\r\nitsec.eicp.net. A 114.248.88.173\r\ncount 133\r\nfirst seen 2012-09-10 03:21:50 -0000\r\nlast seen 2012-09-10 05:20:08 -0000\r\nitsec.eicp.net. A 114.248.88.225\r\ncount 294\r\nfirst seen 2012-06-20 10:11:41 -0000\r\nlast seen 2012-06-20 15:04:34 -0000\r\nitsec.eicp.net. A 114.248.88.230\r\ncount 5\r\nfirst seen 2012-11-11 00:40:01 -0000\r\nlast seen 2012-11-11 03:00:00 -0000\r\nitsec.eicp.net. A 114.248.88.232\r\ncount 2\r\nfirst seen 2012-07-24 03:20:04 -0000\r\nlast seen 2012-07-24 04:00:05 -0000\r\nitsec.eicp.net. A 114.248.88.241\r\ncount 2\r\nfirst seen 2012-08-31 02:20:04 -0000\r\nlast seen 2012-08-31 02:40:02 -0000\r\nitsec.eicp.net. A 114.248.89.6\r\ncount 25\r\nfirst seen 2012-11-13 02:20:01 -0000\r\nlast seen 2012-11-13 22:39:59 -0000\r\nitsec.eicp.net. A 114.248.89.12\r\ncount 282\r\nfirst seen 2012-06-11 06:50:07 -0000\r\nlast seen 2012-06-11 23:35:49 -0000\r\nitsec.eicp.net. A 114.248.89.63\r\ncount 5\r\nfirst seen 2012-06-18 06:11:35 -0000\r\nlast seen 2012-06-18 09:20:04 -0000\r\nitsec.eicp.net. A 114.248.89.144\r\ncount 2\r\nfirst seen 2012-07-12 02:29:59 -0000\r\nlast seen 2012-07-12 03:14:59 -0000\r\nitsec.eicp.net. A 114.248.89.189\r\ncount 3\r\nfirst seen 2012-11-29 12:00:00 -0000\r\nlast seen 2012-11-29 13:40:00 -0000\r\nitsec.eicp.net. A 114.248.89.221\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 26 of 71\n\ncount 2\r\nfirst seen 2012-05-03 07:19:38 -0000\r\nlast seen 2012-05-03 08:19:36 -0000\r\nitsec.eicp.net. A 114.248.90.28\r\ncount 5\r\nfirst seen 2012-09-20 00:07:59 -0000\r\nlast seen 2012-09-20 03:43:09 -0000\r\nitsec.eicp.net. A 114.248.90.60\r\ncount 1\r\nfirst seen 2011-12-19 02:35:13 -0000\r\nlast seen 2011-12-19 02:35:13 -0000\r\nitsec.eicp.net. A 114.248.90.143\r\ncount 17\r\nfirst seen 2012-11-26 23:59:54 -0000\r\nlast seen 2012-11-27 13:19:54 -0000\r\nitsec.eicp.net. A 114.248.90.185\r\ncount 6\r\nfirst seen 2012-04-09 01:49:48 -0000\r\nlast seen 2012-04-09 02:03:52 -0000\r\nitsec.eicp.net. A 114.248.90.189\r\ncount 22\r\nfirst seen 2012-10-19 01:56:29 -0000\r\nlast seen 2012-10-19 09:44:36 -0000\r\nitsec.eicp.net. A 114.248.90.216\r\ncount 5\r\nfirst seen 2012-05-23 06:49:23 -0000\r\nlast seen 2012-05-23 10:19:19 -0000\r\nitsec.eicp.net. A 114.248.91.27\r\ncount 1\r\nfirst seen 2012-05-28 06:49:16 -0000\r\nlast seen 2012-05-28 06:49:16 -0000\r\nitsec.eicp.net. A 114.248.91.28\r\ncount 1\r\nfirst seen 2012-01-11 06:35:15 -0000\r\nlast seen 2012-01-11 06:35:15 -0000\r\nitsec.eicp.net. A 114.248.91.51\r\ncount 4\r\nfirst seen 2012-06-08 06:19:10 -0000\r\nlast seen 2012-06-08 09:19:10 -0000\r\nitsec.eicp.net. A 114.248.91.103\r\ncount 1\r\nfirst seen 2012-05-02 08:49:37 -0000\r\nlast seen 2012-05-02 08:49:37 -0000\r\nitsec.eicp.net. A 114.248.91.145\r\ncount 8\r\nfirst seen 2012-09-27 23:51:38 -0000\r\nlast seen 2012-09-28 03:44:56 -0000\r\nitsec.eicp.net. A 114.248.91.168\r\ncount 1\r\nfirst seen 2012-07-05 03:15:01 -0000\r\nlast seen 2012-07-05 03:15:01 -0000\r\nitsec.eicp.net. A 114.248.91.180\r\ncount 19\r\nfirst seen 2012-06-11 23:36:50 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 27 of 71\n\nlast seen 2012-06-12 03:42:27 -0000\r\nitsec.eicp.net. A 114.248.91.194\r\ncount 1\r\nfirst seen 2012-09-24 08:00:07 -0000\r\nlast seen 2012-09-24 08:00:07 -0000\r\nitsec.eicp.net. A 114.248.91.244\r\ncount 114\r\nfirst seen 2012-04-09 02:18:41 -0000\r\nlast seen 2012-04-09 08:49:46 -0000\r\nitsec.eicp.net. A 114.248.92.10\r\ncount 1\r\nfirst seen 2012-06-13 01:52:50 -0000\r\nlast seen 2012-06-13 01:52:50 -0000\r\nitsec.eicp.net. A 114.248.92.51\r\ncount 9\r\nfirst seen 2012-07-16 07:44:57 -0000\r\nlast seen 2012-07-16 12:59:57 -0000\r\nitsec.eicp.net. A 114.248.92.106\r\ncount 14\r\nfirst seen 2012-09-05 06:16:41 -0000\r\nlast seen 2012-09-05 09:57:21 -0000\r\nitsec.eicp.net. A 114.248.92.128\r\ncount 26\r\nfirst seen 2012-10-11 00:46:03 -0000\r\nlast seen 2012-10-11 03:51:46 -0000\r\nitsec.eicp.net. A 114.248.92.188\r\ncount 3\r\nfirst seen 2012-10-31 09:20:06 -0000\r\nlast seen 2012-10-31 10:40:07 -0000\r\nitsec.eicp.net. A 114.248.92.197\r\ncount 6\r\nfirst seen 2012-07-10 01:30:00 -0000\r\nlast seen 2012-07-10 03:29:59 -0000\r\nitsec.eicp.net. A 114.248.92.225\r\ncount 46\r\nfirst seen 2012-06-19 09:50:03 -0000\r\nlast seen 2012-09-19 11:40:08 -0000\r\nitsec.eicp.net. A 114.248.93.29\r\ncount 3\r\nfirst seen 2012-07-09 07:30:00 -0000\r\nlast seen 2012-07-09 08:00:00 -0000\r\nitsec.eicp.net. A 114.248.93.106\r\ncount 10\r\nfirst seen 2012-04-05 03:27:23 -0000\r\nlast seen 2012-04-05 03:53:57 -0000\r\nitsec.eicp.net. A 114.248.93.112\r\ncount 13\r\nfirst seen 2012-05-07 06:49:34 -0000\r\nlast seen 2012-05-07 12:19:34 -0000\r\nitsec.eicp.net. A 114.248.93.138\r\ncount 8\r\nfirst seen 2012-07-23 07:00:06 -0000\r\nlast seen 2012-07-23 13:00:05 -0000\r\nitsec.eicp.net. A 114.248.93.150\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 28 of 71\n\ncount 4\r\nfirst seen 2012-10-15 00:20:18 -0000\r\nlast seen 2012-10-15 01:33:34 -0000\r\nitsec.eicp.net. A 114.248.93.169\r\ncount 21\r\nfirst seen 2012-06-24 00:20:03 -0000\r\nlast seen 2012-06-24 04:06:32 -0000\r\nitsec.eicp.net. A 114.248.93.192\r\ncount 35\r\nfirst seen 2012-04-11 00:21:05 -0000\r\nlast seen 2012-04-11 04:20:54 -0000\r\nitsec.eicp.net. A 114.248.93.199\r\ncount 1\r\nfirst seen 2012-06-20 06:28:31 -0000\r\nlast seen 2012-06-20 06:28:31 -0000\r\nitsec.eicp.net. A 114.248.93.223\r\ncount 3\r\nfirst seen 2012-11-15 00:59:59 -0000\r\nlast seen 2012-11-15 01:40:00 -0000\r\nitsec.eicp.net. A 114.248.93.225\r\ncount 1\r\nfirst seen 2012-07-19 08:00:06 -0000\r\nlast seen 2012-07-19 08:00:06 -0000\r\nitsec.eicp.net. A 114.248.94.157\r\ncount 3\r\nfirst seen 2012-07-20 03:00:06 -0000\r\nlast seen 2012-07-20 03:03:12 -0000\r\nitsec.eicp.net. A 114.248.94.207\r\ncount 8\r\nfirst seen 2012-10-02 06:20:04 -0000\r\nlast seen 2012-10-02 13:40:04 -0000\r\nitsec.eicp.net. A 114.248.94.208\r\ncount 8\r\nfirst seen 2012-11-15 23:59:59 -0000\r\nlast seen 2012-11-16 07:19:58 -0000\r\nitsec.eicp.net. A 114.248.94.220\r\ncount 3\r\nfirst seen 2012-05-28 06:05:51 -0000\r\nlast seen 2012-05-28 06:19:16 -0000\r\nitsec.eicp.net. A 114.248.95.49\r\ncount 1\r\nfirst seen 2011-09-07 14:31:57 -0000\r\nlast seen 2011-09-07 14:31:57 -0000\r\nitsec.eicp.net. A 114.248.95.59\r\ncount 88\r\nfirst seen 2012-09-04 00:33:12 -0000\r\nlast seen 2012-09-04 02:34:42 -0000\r\nitsec.eicp.net. A 114.248.95.76\r\ncount 2\r\nfirst seen 2012-07-19 08:30:06 -0000\r\nlast seen 2012-07-19 10:00:06 -0000\r\nitsec.eicp.net. A 114.248.95.122\r\ncount 4\r\nfirst seen 2012-05-17 07:19:20 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 29 of 71\n\nlast seen 2012-05-17 07:49:23 -0000\r\nitsec.eicp.net. A 114.248.95.252\r\ncount 8\r\nfirst seen 2012-05-16 12:05:48 -0000\r\nlast seen 2012-05-16 12:45:20 -0000\r\nitsec.eicp.net. A 114.248.98.177\r\ncount 11\r\nfirst seen 2012-05-02 13:19:37 -0000\r\nlast seen 2012-05-02 13:51:40 -0000\r\nitsec.eicp.net. A 114.248.100.22\r\ncount 28\r\nfirst seen 2012-05-09 12:01:20 -0000\r\nlast seen 2012-05-09 13:26:36 -0000\r\nitsec.eicp.net. A 114.248.100.174\r\ncount 3\r\nfirst seen 2012-09-10 06:40:08 -0000\r\nlast seen 2012-09-10 09:00:08 -0000\r\nitsec.eicp.net. A 114.248.102.191\r\ncount 3\r\nfirst seen 2012-08-03 07:00:01 -0000\r\nlast seen 2012-08-03 08:40:00 -0000\r\nitsec.eicp.net. A 114.248.103.1\r\ncount 5\r\nfirst seen 2012-06-24 13:50:03 -0000\r\nlast seen 2012-06-24 17:20:03 -0000\r\nitsec.eicp.net. A 114.248.103.54\r\ncount 14\r\nfirst seen 2012-09-02 02:58:14 -0000\r\nlast seen 2012-09-02 03:44:25 -0000\r\nitsec.eicp.net. A 114.248.104.3\r\ncount 12\r\nfirst seen 2012-06-28 13:50:01 -0000\r\nlast seen 2012-06-28 21:20:01 -0000\r\nitsec.eicp.net. A 114.248.105.118\r\ncount 3\r\nfirst seen 2012-07-25 08:20:03 -0000\r\nlast seen 2012-07-25 09:00:03 -0000\r\nitsec.eicp.net. A 114.248.107.97\r\ncount 13\r\nfirst seen 2012-11-11 03:40:01 -0000\r\nlast seen 2012-11-11 15:40:01 -0000\r\nitsec.eicp.net. A 114.248.107.233\r\ncount 1\r\nfirst seen 2012-04-27 09:19:34 -0000\r\nlast seen 2012-04-27 09:19:34 -0000\r\nitsec.eicp.net. A 114.248.108.73\r\ncount 2\r\nfirst seen 2012-11-29 09:39:53 -0000\r\nlast seen 2012-11-29 10:39:59 -0000\r\nitsec.eicp.net. A 114.248.109.170\r\ncount 10\r\nfirst seen 2012-02-28 03:19:50 -0000\r\nlast seen 2012-02-28 13:19:49 -0000\r\nitsec.eicp.net. A 114.249.17.36\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 30 of 71\n\ncount 32\r\nfirst seen 2012-03-28 11:59:24 -0000\r\nlast seen 2012-03-28 13:44:38 -0000\r\nitsec.eicp.net. A 114.249.21.11\r\ncount 74\r\nfirst seen 2012-03-05 01:41:15 -0000\r\nlast seen 2012-03-05 15:02:57 -0000\r\nitsec.eicp.net. A 114.249.23.24\r\ncount 21\r\nfirst seen 2012-03-21 13:35:45 -0000\r\nlast seen 2012-03-21 15:13:14 -0000\r\nitsec.eicp.net. A 114.249.26.166\r\ncount 8\r\nfirst seen 2012-03-10 13:52:18 -0000\r\nlast seen 2012-03-10 15:16:01 -0000\r\nitsec.eicp.net. A 114.249.30.18\r\ncount 53\r\nfirst seen 2012-03-20 01:25:21 -0000\r\nlast seen 2012-03-20 10:34:03 -0000\r\nitsec.eicp.net. A 114.249.30.231\r\ncount 15\r\nfirst seen 2012-03-15 12:11:48 -0000\r\nlast seen 2012-03-15 14:45:57 -0000\r\nitsec.eicp.net. A 114.249.192.233\r\ncount 50\r\nfirst seen 2012-03-09 07:19:43 -0000\r\nlast seen 2012-03-09 14:53:10 -0000\r\nitsec.eicp.net. A 114.249.192.240\r\ncount 56\r\nfirst seen 2012-03-30 00:17:00 -0000\r\nlast seen 2012-03-30 04:22:44 -0000\r\nitsec.eicp.net. A 114.249.193.21\r\ncount 1\r\nfirst seen 2012-02-28 01:49:50 -0000\r\nlast seen 2012-02-28 01:49:50 -0000\r\nitsec.eicp.net. A 114.249.193.224\r\ncount 28\r\nfirst seen 2012-03-09 01:21:32 -0000\r\nlast seen 2012-03-09 05:55:27 -0000\r\nitsec.eicp.net. A 114.249.198.34\r\ncount 7\r\nfirst seen 2012-03-27 01:24:16 -0000\r\nlast seen 2012-03-27 02:29:48 -0000\r\nitsec.eicp.net. A 114.249.200.189\r\ncount 23\r\nfirst seen 2012-03-16 01:30:34 -0000\r\nlast seen 2012-03-16 05:26:15 -0000\r\nitsec.eicp.net. A 114.249.201.179\r\ncount 30\r\nfirst seen 2012-03-24 01:53:23 -0000\r\nlast seen 2012-03-24 05:37:36 -0000\r\nitsec.eicp.net. A 114.249.202.183\r\ncount 58\r\nfirst seen 2012-03-28 00:33:12 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 31 of 71\n\nlast seen 2012-03-28 03:51:41 -0000\r\nitsec.eicp.net. A 114.249.202.186\r\ncount 8\r\nfirst seen 2012-02-29 08:49:49 -0000\r\nlast seen 2012-02-29 16:19:50 -0000\r\nitsec.eicp.net. A 114.249.203.14\r\ncount 9\r\nfirst seen 2012-03-26 08:22:42 -0000\r\nlast seen 2012-03-26 08:54:46 -0000\r\nitsec.eicp.net. A 114.249.204.84\r\ncount 30\r\nfirst seen 2012-03-21 07:19:59 -0000\r\nlast seen 2012-03-21 09:26:15 -0000\r\nitsec.eicp.net. A 114.249.204.158\r\ncount 3\r\nfirst seen 2012-03-12 01:35:41 -0000\r\nlast seen 2012-03-12 01:51:21 -0000\r\nitsec.eicp.net. A 114.249.204.231\r\ncount 3\r\nfirst seen 2012-03-27 08:27:16 -0000\r\nlast seen 2012-03-27 14:19:55 -0000\r\nitsec.eicp.net. A 114.249.205.239\r\ncount 8\r\nfirst seen 2012-03-01 04:19:49 -0000\r\nlast seen 2012-03-01 10:19:47 -0000\r\nitsec.eicp.net. A 114.249.207.180\r\ncount 70\r\nfirst seen 2012-06-21 13:26:52 -0000\r\nlast seen 2012-06-21 14:34:21 -0000\r\nitsec.eicp.net. A 115.170.0.45\r\ncount 5\r\nfirst seen 2012-06-30 00:20:07 -0000\r\nlast seen 2012-06-30 04:40:02 -0000\r\nitsec.eicp.net. A 115.170.0.72\r\ncount 192\r\nfirst seen 2012-04-18 14:12:26 -0000\r\nlast seen 2012-04-19 00:11:06 -0000\r\nitsec.eicp.net. A 115.170.1.206\r\ncount 287\r\nfirst seen 2012-06-16 11:20:05 -0000\r\nlast seen 2012-06-17 11:50:04 -0000\r\nitsec.eicp.net. A 115.170.3.87\r\ncount 391\r\nfirst seen 2012-09-12 15:40:10 -0000\r\nlast seen 2012-09-13 00:50:52 -0000\r\nitsec.eicp.net. A 115.170.4.125\r\ncount 13\r\nfirst seen 2012-06-14 04:19:58 -0000\r\nlast seen 2012-06-14 14:20:05 -0000\r\nitsec.eicp.net. A 115.170.4.175\r\ncount 4\r\nfirst seen 2012-08-31 04:56:29 -0000\r\nlast seen 2012-08-31 06:20:07 -0000\r\nitsec.eicp.net. A 115.170.5.17\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 32 of 71\n\ncount 136\r\nfirst seen 2012-05-28 12:49:16 -0000\r\nlast seen 2012-05-29 00:49:16 -0000\r\nitsec.eicp.net. A 115.170.6.11\r\ncount 26\r\nfirst seen 2012-07-01 02:02:20 -0000\r\nlast seen 2012-07-01 13:45:02 -0000\r\nitsec.eicp.net. A 115.170.6.203\r\ncount 71\r\nfirst seen 2012-03-05 16:10:54 -0000\r\nlast seen 2012-03-06 01:16:27 -0000\r\nitsec.eicp.net. A 115.170.6.252\r\ncount 24\r\nfirst seen 2012-04-27 13:40:04 -0000\r\nlast seen 2012-04-27 14:42:03 -0000\r\nitsec.eicp.net. A 115.170.10.130\r\ncount 112\r\nfirst seen 2012-06-09 01:39:17 -0000\r\nlast seen 2012-06-09 09:49:09 -0000\r\nitsec.eicp.net. A 115.170.10.225\r\ncount 5\r\nfirst seen 2012-07-26 13:20:02 -0000\r\nlast seen 2012-07-26 15:40:02 -0000\r\nitsec.eicp.net. A 115.170.11.251\r\ncount 32\r\nfirst seen 2012-05-15 23:58:08 -0000\r\nlast seen 2012-05-16 00:46:49 -0000\r\nitsec.eicp.net. A 115.170.14.14\r\ncount 3\r\nfirst seen 2012-09-11 04:40:10 -0000\r\nlast seen 2012-09-11 05:40:11 -0000\r\nitsec.eicp.net. A 115.170.19.79\r\ncount 12\r\nfirst seen 2012-06-27 12:50:01 -0000\r\nlast seen 2012-06-28 03:50:00 -0000\r\nitsec.eicp.net. A 115.170.20.200\r\ncount 20\r\nfirst seen 2012-07-07 13:45:00 -0000\r\nlast seen 2012-07-07 21:44:59 -0000\r\nitsec.eicp.net. A 115.170.21.112\r\ncount 26\r\nfirst seen 2012-05-08 14:19:33 -0000\r\nlast seen 2012-05-08 15:23:49 -0000\r\nitsec.eicp.net. A 115.170.23.254\r\ncount 380\r\nfirst seen 2012-05-27 13:19:17 -0000\r\nlast seen 2012-05-27 22:56:10 -0000\r\nitsec.eicp.net. A 115.170.24.217\r\ncount 51\r\nfirst seen 2012-06-20 05:22:38 -0000\r\nlast seen 2012-06-20 06:28:00 -0000\r\nitsec.eicp.net. A 115.170.24.219\r\ncount 3\r\nfirst seen 2012-05-16 04:38:28 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 33 of 71\n\nlast seen 2012-05-16 05:08:20 -0000\r\nitsec.eicp.net. A 115.170.24.220\r\ncount 354\r\nfirst seen 2012-06-30 05:40:04 -0000\r\nlast seen 2012-07-01 02:02:03 -0000\r\nitsec.eicp.net. A 115.170.30.49\r\ncount 303\r\nfirst seen 2012-05-18 05:53:37 -0000\r\nlast seen 2012-05-19 11:19:21 -0000\r\nitsec.eicp.net. A 115.170.31.215\r\ncount 328\r\nfirst seen 2012-05-12 02:10:10 -0000\r\nlast seen 2012-05-13 01:24:06 -0000\r\nitsec.eicp.net. A 115.170.32.58\r\ncount 2\r\nfirst seen 2012-07-03 10:15:01 -0000\r\nlast seen 2012-07-03 10:45:01 -0000\r\nitsec.eicp.net. A 115.170.32.65\r\ncount 1\r\nfirst seen 2011-12-30 04:33:08 -0000\r\nlast seen 2011-12-30 04:33:08 -0000\r\nitsec.eicp.net. A 115.170.32.127\r\ncount 13\r\nfirst seen 2012-08-30 11:00:02 -0000\r\nlast seen 2012-08-30 16:17:22 -0000\r\nitsec.eicp.net. A 115.170.33.1\r\ncount 3\r\nfirst seen 2012-07-02 04:30:01 -0000\r\nlast seen 2012-07-02 05:15:01 -0000\r\nitsec.eicp.net. A 115.170.34.247\r\ncount 240\r\nfirst seen 2012-07-11 13:59:58 -0000\r\nlast seen 2012-07-12 00:55:06 -0000\r\nitsec.eicp.net. A 115.170.35.169\r\ncount 5\r\nfirst seen 2012-04-07 08:28:38 -0000\r\nlast seen 2012-04-07 08:49:09 -0000\r\nitsec.eicp.net. A 115.170.35.185\r\ncount 2\r\nfirst seen 2012-06-17 12:50:04 -0000\r\nlast seen 2012-06-17 15:20:07 -0000\r\nitsec.eicp.net. A 115.170.39.112\r\ncount 509\r\nfirst seen 2012-08-22 07:40:06 -0000\r\nlast seen 2012-08-23 01:17:48 -0000\r\nitsec.eicp.net. A 115.170.39.228\r\ncount 245\r\nfirst seen 2012-07-01 15:00:02 -0000\r\nlast seen 2012-07-02 00:08:49 -0000\r\nitsec.eicp.net. A 115.170.40.230\r\ncount 501\r\nfirst seen 2012-06-20 15:05:35 -0000\r\nlast seen 2012-06-20 22:34:16 -0000\r\nitsec.eicp.net. A 115.170.41.43\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 34 of 71\n\ncount 1\r\nfirst seen 2012-01-14 16:35:28 -0000\r\nlast seen 2012-01-14 16:35:28 -0000\r\nitsec.eicp.net. A 115.170.43.78\r\ncount 2\r\nfirst seen 2012-06-24 04:20:06 -0000\r\nlast seen 2012-06-24 04:50:04 -0000\r\nitsec.eicp.net. A 115.170.45.173\r\ncount 2\r\nfirst seen 2012-07-25 05:00:03 -0000\r\nlast seen 2012-07-25 06:00:03 -0000\r\nitsec.eicp.net. A 115.170.46.2\r\ncount 2\r\nfirst seen 2012-07-27 14:00:03 -0000\r\nlast seen 2012-07-27 15:20:01 -0000\r\nitsec.eicp.net. A 115.170.47.39\r\ncount 1\r\nfirst seen 2011-12-26 14:33:05 -0000\r\nlast seen 2011-12-26 14:33:05 -0000\r\nitsec.eicp.net. A 115.170.48.38\r\ncount 33\r\nfirst seen 2012-03-07 06:03:05 -0000\r\nlast seen 2012-03-07 11:39:13 -0000\r\nitsec.eicp.net. A 115.170.49.223\r\ncount 13\r\nfirst seen 2012-05-17 04:21:44 -0000\r\nlast seen 2012-05-17 05:49:23 -0000\r\nitsec.eicp.net. A 115.170.52.198\r\ncount 7\r\nfirst seen 2012-10-06 06:00:04 -0000\r\nlast seen 2012-10-06 08:40:03 -0000\r\nitsec.eicp.net. A 115.170.57.211\r\ncount 3\r\nfirst seen 2012-07-03 05:00:01 -0000\r\nlast seen 2012-07-03 05:45:01 -0000\r\nitsec.eicp.net. A 115.170.60.1\r\ncount 51\r\nfirst seen 2012-04-11 13:46:41 -0000\r\nlast seen 2012-04-11 16:19:13 -0000\r\nitsec.eicp.net. A 115.170.61.137\r\ncount 34\r\nfirst seen 2012-05-09 10:10:56 -0000\r\nlast seen 2012-05-09 11:54:41 -0000\r\nitsec.eicp.net. A 115.170.61.218\r\ncount 1\r\nfirst seen 2011-10-17 21:37:17 -0000\r\nlast seen 2011-10-17 21:37:17 -0000\r\nitsec.eicp.net. A 115.170.62.54\r\ncount 9\r\nfirst seen 2012-11-01 15:40:07 -0000\r\nlast seen 2012-11-01 23:40:06 -0000\r\nitsec.eicp.net. A 115.170.63.149\r\ncount 22\r\nfirst seen 2012-07-09 14:14:59 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 35 of 71\n\nlast seen 2012-07-10 01:14:59 -0000\r\nitsec.eicp.net. A 115.170.63.221\r\ncount 4\r\nfirst seen 2012-05-13 07:49:17 -0000\r\nlast seen 2012-05-13 08:11:58 -0000\r\nitsec.eicp.net. A 115.170.66.117\r\ncount 4\r\nfirst seen 2012-07-16 04:30:00 -0000\r\nlast seen 2012-07-16 06:44:58 -0000\r\nitsec.eicp.net. A 115.170.67.98\r\ncount 5\r\nfirst seen 2012-09-06 04:08:28 -0000\r\nlast seen 2012-09-06 05:00:09 -0000\r\nitsec.eicp.net. A 115.170.67.116\r\ncount 63\r\nfirst seen 2012-05-11 03:57:26 -0000\r\nlast seen 2012-05-11 15:31:09 -0000\r\nitsec.eicp.net. A 115.170.68.177\r\ncount 17\r\nfirst seen 2012-07-21 14:30:05 -0000\r\nlast seen 2012-07-22 03:00:06 -0000\r\nitsec.eicp.net. A 115.170.69.142\r\ncount 624\r\nfirst seen 2012-08-21 14:00:06 -0000\r\nlast seen 2012-08-22 06:20:06 -0000\r\nitsec.eicp.net. A 115.170.69.155\r\ncount 11\r\nfirst seen 2012-06-29 04:50:00 -0000\r\nlast seen 2012-06-29 17:19:59 -0000\r\nitsec.eicp.net. A 115.170.70.102\r\ncount 13\r\nfirst seen 2012-11-26 12:39:53 -0000\r\nlast seen 2012-11-26 22:59:53 -0000\r\nitsec.eicp.net. A 115.170.96.32\r\ncount 1\r\nfirst seen 2012-01-09 04:34:10 -0000\r\nlast seen 2012-01-09 04:34:10 -0000\r\nitsec.eicp.net. A 115.170.96.119\r\ncount 247\r\nfirst seen 2012-10-04 00:08:32 -0000\r\nlast seen 2012-10-04 07:40:04 -0000\r\nitsec.eicp.net. A 115.170.97.50\r\ncount 11\r\nfirst seen 2012-11-09 15:20:02 -0000\r\nlast seen 2012-11-09 21:40:01 -0000\r\nitsec.eicp.net. A 115.170.97.137\r\ncount 16\r\nfirst seen 2012-11-18 12:19:57 -0000\r\nlast seen 2012-11-18 23:19:57 -0000\r\nitsec.eicp.net. A 115.170.97.141\r\ncount 20\r\nfirst seen 2012-11-03 08:20:05 -0000\r\nlast seen 2012-11-04 01:20:05 -0000\r\nitsec.eicp.net. A 115.170.97.235\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 36 of 71\n\ncount 37\r\nfirst seen 2012-11-17 14:51:40 -0000\r\nlast seen 2012-11-18 11:19:58 -0000\r\nitsec.eicp.net. A 115.170.99.40\r\ncount 8\r\nfirst seen 2012-09-18 04:18:57 -0000\r\nlast seen 2012-09-18 06:00:09 -0000\r\nitsec.eicp.net. A 115.170.99.132\r\ncount 316\r\nfirst seen 2012-10-16 18:51:32 -0000\r\nlast seen 2012-10-16 23:47:57 -0000\r\nitsec.eicp.net. A 115.170.99.217\r\ncount 3\r\nfirst seen 2012-02-29 03:49:49 -0000\r\nlast seen 2012-02-29 07:49:49 -0000\r\nitsec.eicp.net. A 115.170.100.226\r\ncount 457\r\nfirst seen 2012-09-30 08:20:05 -0000\r\nlast seen 2012-10-01 11:00:04 -0000\r\nitsec.eicp.net. A 115.170.102.87\r\ncount 3\r\nfirst seen 2012-09-21 05:20:07 -0000\r\nlast seen 2012-09-21 06:40:08 -0000\r\nitsec.eicp.net. A 115.170.102.194\r\ncount 1\r\nfirst seen 2011-12-25 06:33:22 -0000\r\nlast seen 2011-12-25 06:33:22 -0000\r\nitsec.eicp.net. A 115.170.102.206\r\ncount 225\r\nfirst seen 2012-09-22 14:29:13 -0000\r\nlast seen 2012-09-23 01:25:41 -0000\r\nitsec.eicp.net. A 115.170.103.21\r\ncount 3\r\nfirst seen 2012-09-28 12:40:06 -0000\r\nlast seen 2012-09-28 14:20:06 -0000\r\nitsec.eicp.net. A 115.170.103.64\r\ncount 1\r\nfirst seen 2011-11-14 04:33:35 -0000\r\nlast seen 2011-11-14 04:33:35 -0000\r\nitsec.eicp.net. A 115.170.103.103\r\ncount 2\r\nfirst seen 2012-09-27 05:20:06 -0000\r\nlast seen 2012-09-27 05:40:06 -0000\r\nitsec.eicp.net. A 115.170.104.14\r\ncount 543\r\nfirst seen 2012-10-04 08:00:04 -0000\r\nlast seen 2012-10-04 23:24:53 -0000\r\nitsec.eicp.net. A 115.170.105.79\r\ncount 65\r\nfirst seen 2012-10-25 17:00:09 -0000\r\nlast seen 2012-10-25 19:46:28 -0000\r\nitsec.eicp.net. A 115.170.105.173\r\ncount 77\r\nfirst seen 2012-12-01 14:00:20 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 37 of 71\n\nlast seen 2012-12-02 23:00:20 -0000\r\nitsec.eicp.net. A 115.170.105.238\r\ncount 15\r\nfirst seen 2012-11-22 10:59:56 -0000\r\nlast seen 2012-11-22 23:19:55 -0000\r\nitsec.eicp.net. A 115.170.106.113\r\ncount 268\r\nfirst seen 2012-10-04 23:25:26 -0000\r\nlast seen 2012-10-06 04:54:53 -0000\r\nitsec.eicp.net. A 115.170.106.227\r\ncount 15\r\nfirst seen 2012-08-01 08:40:01 -0000\r\nlast seen 2012-08-01 23:00:01 -0000\r\nitsec.eicp.net. A 115.170.107.36\r\ncount 1\r\nfirst seen 2011-09-01 21:32:44 -0000\r\nlast seen 2011-09-01 21:32:44 -0000\r\nitsec.eicp.net. A 115.170.107.103\r\ncount 1\r\nfirst seen 2012-09-26 14:00:07 -0000\r\nlast seen 2012-09-26 14:00:07 -0000\r\nitsec.eicp.net. A 115.170.108.94\r\ncount 17\r\nfirst seen 2012-12-04 14:00:20 -0000\r\nlast seen 2012-12-04 23:40:20 -0000\r\nitsec.eicp.net. A 115.170.109.87\r\ncount 30\r\nfirst seen 2012-07-08 12:15:00 -0000\r\nlast seen 2012-07-09 02:14:59 -0000\r\nitsec.eicp.net. A 115.170.110.15\r\ncount 18\r\nfirst seen 2012-07-28 08:00:04 -0000\r\nlast seen 2012-07-29 00:00:02 -0000\r\nitsec.eicp.net. A 115.170.110.230\r\ncount 116\r\nfirst seen 2012-03-27 14:57:51 -0000\r\nlast seen 2012-03-27 23:27:01 -0000\r\nitsec.eicp.net. A 115.170.112.223\r\ncount 1\r\nfirst seen 2012-01-15 18:33:01 -0000\r\nlast seen 2012-01-15 18:33:01 -0000\r\nitsec.eicp.net. A 115.170.113.118\r\ncount 163\r\nfirst seen 2012-10-12 23:39:37 -0000\r\nlast seen 2012-10-13 11:00:16 -0000\r\nitsec.eicp.net. A 115.170.114.6\r\ncount 3\r\nfirst seen 2012-10-09 01:40:31 -0000\r\nlast seen 2012-10-09 01:41:16 -0000\r\nitsec.eicp.net. A 115.170.114.17\r\ncount 30\r\nfirst seen 2012-05-14 11:08:56 -0000\r\nlast seen 2012-05-14 15:36:08 -0000\r\nitsec.eicp.net. A 115.170.114.108\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 38 of 71\n\ncount 102\r\nfirst seen 2012-04-13 11:28:25 -0000\r\nlast seen 2012-04-13 16:51:11 -0000\r\nitsec.eicp.net. A 115.170.115.199\r\ncount 106\r\nfirst seen 2012-04-16 10:32:47 -0000\r\nlast seen 2012-04-16 15:16:54 -0000\r\nitsec.eicp.net. A 115.170.117.59\r\ncount 5\r\nfirst seen 2012-05-13 15:45:51 -0000\r\nlast seen 2012-05-13 15:53:24 -0000\r\nitsec.eicp.net. A 115.170.118.48\r\ncount 0\r\nfirst seen 2011-12-12 16:31:31 -0000\r\nlast seen 2011-12-12 16:31:31 -0000\r\nitsec.eicp.net. A 115.170.120.127\r\ncount 4\r\nfirst seen 2012-07-18 14:30:06 -0000\r\nlast seen 2012-07-18 16:00:06 -0000\r\nitsec.eicp.net. A 115.170.122.87\r\ncount 5\r\nfirst seen 2012-10-12 04:04:33 -0000\r\nlast seen 2012-10-12 08:40:15 -0000\r\nitsec.eicp.net. A 115.170.124.23\r\ncount 6\r\nfirst seen 2012-08-23 05:20:06 -0000\r\nlast seen 2012-08-23 08:20:09 -0000\r\nitsec.eicp.net. A 115.170.125.97\r\ncount 2063\r\nfirst seen 2012-08-23 09:20:06 -0000\r\nlast seen 2012-08-27 00:12:31 -0000\r\nitsec.eicp.net. A 115.170.126.173\r\ncount 3\r\nfirst seen 2012-05-23 04:15:56 -0000\r\nlast seen 2012-05-23 05:49:21 -0000\r\nitsec.eicp.net. A 115.170.128.43\r\ncount 2\r\nfirst seen 2012-07-20 04:30:06 -0000\r\nlast seen 2012-07-20 06:00:06 -0000\r\nitsec.eicp.net. A 115.170.128.72\r\ncount 19\r\nfirst seen 2012-11-02 04:20:07 -0000\r\nlast seen 2012-11-02 18:00:13 -0000\r\nitsec.eicp.net. A 115.170.128.140\r\ncount 2\r\nfirst seen 2012-09-20 04:19:43 -0000\r\nlast seen 2012-09-20 04:40:08 -0000\r\nitsec.eicp.net. A 115.170.129.116\r\ncount 8\r\nfirst seen 2012-05-19 11:49:24 -0000\r\nlast seen 2012-05-19 16:11:29 -0000\r\nitsec.eicp.net. A 115.170.129.176\r\ncount 380\r\nfirst seen 2012-06-01 04:49:15 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 39 of 71\n\nlast seen 2012-06-02 00:45:26 -0000\r\nitsec.eicp.net. A 115.170.129.181\r\ncount 1\r\nfirst seen 2011-08-23 14:35:18 -0000\r\nlast seen 2011-08-23 14:35:18 -0000\r\nitsec.eicp.net. A 115.170.129.183\r\ncount 16\r\nfirst seen 2012-11-04 13:20:05 -0000\r\nlast seen 2012-11-04 23:20:06 -0000\r\nitsec.eicp.net. A 115.170.130.74\r\ncount 1\r\nfirst seen 2012-05-22 14:19:20 -0000\r\nlast seen 2012-05-22 14:19:20 -0000\r\nitsec.eicp.net. A 115.170.131.4\r\ncount 108\r\nfirst seen 2012-09-19 12:40:09 -0000\r\nlast seen 2012-09-20 00:07:44 -0000\r\nitsec.eicp.net. A 115.170.131.191\r\ncount 7\r\nfirst seen 2012-05-23 15:49:23 -0000\r\nlast seen 2012-05-23 21:49:18 -0000\r\nitsec.eicp.net. A 115.170.132.122\r\ncount 12\r\nfirst seen 2012-06-19 04:23:58 -0000\r\nlast seen 2012-06-19 04:50:04 -0000\r\nitsec.eicp.net. A 115.170.132.123\r\ncount 6\r\nfirst seen 2012-10-14 05:49:38 -0000\r\nlast seen 2012-10-14 09:40:14 -0000\r\nitsec.eicp.net. A 115.170.133.151\r\ncount 2\r\nfirst seen 2012-02-04 00:35:03 -0000\r\nlast seen 2012-02-04 02:34:21 -0000\r\nitsec.eicp.net. A 115.170.133.165\r\ncount 12\r\nfirst seen 2012-03-02 15:38:25 -0000\r\nlast seen 2012-03-02 16:51:22 -0000\r\nitsec.eicp.net. A 115.170.133.245\r\ncount 70\r\nfirst seen 2012-10-07 00:04:14 -0000\r\nlast seen 2012-10-07 06:40:03 -0000\r\nitsec.eicp.net. A 115.170.134.107\r\ncount 7\r\nfirst seen 2012-11-06 09:20:03 -0000\r\nlast seen 2012-11-06 13:00:07 -0000\r\nitsec.eicp.net. A 115.170.134.136\r\ncount 8\r\nfirst seen 2012-07-10 04:45:00 -0000\r\nlast seen 2012-07-10 07:45:00 -0000\r\nitsec.eicp.net. A 115.170.134.225\r\ncount 2\r\nfirst seen 2012-04-24 14:45:39 -0000\r\nlast seen 2012-04-24 14:56:05 -0000\r\nitsec.eicp.net. A 115.170.135.90\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 40 of 71\n\ncount 196\r\nfirst seen 2012-06-16 01:14:30 -0000\r\nlast seen 2012-06-16 08:50:05 -0000\r\nitsec.eicp.net. A 115.170.136.213\r\ncount 16\r\nfirst seen 2012-11-10 11:00:01 -0000\r\nlast seen 2012-11-10 23:00:00 -0000\r\nitsec.eicp.net. A 115.170.137.130\r\ncount 51\r\nfirst seen 2012-05-04 15:11:02 -0000\r\nlast seen 2012-05-04 18:18:19 -0000\r\nitsec.eicp.net. A 115.170.138.16\r\ncount 470\r\nfirst seen 2012-06-22 01:49:51 -0000\r\nlast seen 2012-06-22 13:54:33 -0000\r\nitsec.eicp.net. A 115.170.138.132\r\ncount 1\r\nfirst seen 2012-06-27 04:50:02 -0000\r\nlast seen 2012-06-27 04:50:02 -0000\r\nitsec.eicp.net. A 115.170.139.90\r\ncount 1\r\nfirst seen 2012-06-28 06:20:01 -0000\r\nlast seen 2012-06-28 06:20:01 -0000\r\nitsec.eicp.net. A 115.170.140.232\r\ncount 105\r\nfirst seen 2012-05-24 18:49:19 -0000\r\nlast seen 2012-05-25 00:28:11 -0000\r\nitsec.eicp.net. A 115.170.142.183\r\ncount 204\r\nfirst seen 2012-06-02 00:46:39 -0000\r\nlast seen 2012-06-03 06:19:13 -0000\r\nitsec.eicp.net. A 115.170.146.231\r\ncount 9\r\nfirst seen 2012-06-21 04:06:20 -0000\r\nlast seen 2012-06-21 05:50:02 -0000\r\nitsec.eicp.net. A 115.170.146.253\r\ncount 17\r\nfirst seen 2012-06-22 13:55:37 -0000\r\nlast seen 2012-06-22 16:13:33 -0000\r\nitsec.eicp.net. A 115.170.153.134\r\ncount 1\r\nfirst seen 2012-06-25 04:20:03 -0000\r\nlast seen 2012-06-25 04:20:03 -0000\r\nitsec.eicp.net. A 115.170.153.135\r\ncount 54\r\nfirst seen 2012-03-06 16:49:44 -0000\r\nlast seen 2012-03-06 23:20:30 -0000\r\nitsec.eicp.net. A 115.170.157.205\r\ncount 17\r\nfirst seen 2012-09-21 23:51:18 -0000\r\nlast seen 2012-09-22 13:00:08 -0000\r\nitsec.eicp.net. A 115.170.162.122\r\ncount 13\r\nfirst seen 2012-06-25 11:50:02 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 41 of 71\n\nlast seen 2012-06-25 23:20:02 -0000\r\nitsec.eicp.net. A 115.170.163.131\r\ncount 2\r\nfirst seen 2012-06-26 04:50:02 -0000\r\nlast seen 2012-06-26 05:20:04 -0000\r\nitsec.eicp.net. A 115.170.163.155\r\ncount 165\r\nfirst seen 2012-08-31 11:00:03 -0000\r\nlast seen 2012-08-31 21:26:31 -0000\r\nitsec.eicp.net. A 115.170.166.32\r\ncount 12\r\nfirst seen 2012-07-07 07:45:00 -0000\r\nlast seen 2012-07-07 12:29:59 -0000\r\nitsec.eicp.net. A 115.170.166.132\r\ncount 1\r\nfirst seen 2012-07-09 04:14:59 -0000\r\nlast seen 2012-07-09 04:14:59 -0000\r\nitsec.eicp.net. A 115.170.166.133\r\ncount 1\r\nfirst seen 2011-09-19 15:58:28 -0000\r\nlast seen 2011-09-19 15:58:28 -0000\r\nitsec.eicp.net. A 115.170.168.33\r\ncount 39\r\nfirst seen 2012-05-10 04:17:06 -0000\r\nlast seen 2012-05-10 06:11:55 -0000\r\nitsec.eicp.net. A 115.170.170.122\r\ncount 26\r\nfirst seen 2012-07-05 10:45:00 -0000\r\nlast seen 2012-07-06 02:15:00 -0000\r\nitsec.eicp.net. A 115.170.171.171\r\ncount 2\r\nfirst seen 2012-05-22 04:49:20 -0000\r\nlast seen 2012-05-22 05:19:21 -0000\r\nitsec.eicp.net. A 115.170.172.161\r\ncount 8\r\nfirst seen 2012-05-01 06:19:38 -0000\r\nlast seen 2012-05-01 12:49:38 -0000\r\nitsec.eicp.net. A 115.170.173.8\r\ncount 1\r\nfirst seen 2012-07-07 00:45:00 -0000\r\nlast seen 2012-07-07 00:45:00 -0000\r\nitsec.eicp.net. A 115.170.173.42\r\ncount 18\r\nfirst seen 2012-11-06 13:40:04 -0000\r\nlast seen 2012-11-06 23:40:03 -0000\r\nitsec.eicp.net. A 115.170.173.75\r\ncount 60\r\nfirst seen 2012-09-08 00:00:08 -0000\r\nlast seen 2012-09-08 14:14:33 -0000\r\nitsec.eicp.net. A 115.170.174.85\r\ncount 14\r\nfirst seen 2012-11-25 13:39:54 -0000\r\nlast seen 2012-11-25 23:39:54 -0000\r\nitsec.eicp.net. A 115.170.174.246\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 42 of 71\n\ncount 2\r\nfirst seen 2012-04-29 02:09:53 -0000\r\nlast seen 2012-04-29 02:49:35 -0000\r\nitsec.eicp.net. A 115.170.175.206\r\ncount 6\r\nfirst seen 2012-11-14 12:39:59 -0000\r\nlast seen 2012-11-14 16:19:59 -0000\r\nitsec.eicp.net. A 115.170.176.233\r\ncount 39\r\nfirst seen 2012-11-24 03:59:55 -0000\r\nlast seen 2012-11-25 09:39:54 -0000\r\nitsec.eicp.net. A 115.170.177.113\r\ncount 2\r\nfirst seen 2012-09-28 04:22:53 -0000\r\nlast seen 2012-09-28 04:23:53 -0000\r\nitsec.eicp.net. A 115.170.177.198\r\ncount 1\r\nfirst seen 2012-07-27 05:40:03 -0000\r\nlast seen 2012-07-27 05:40:03 -0000\r\nitsec.eicp.net. A 115.170.183.100\r\ncount 3\r\nfirst seen 2012-07-26 04:40:03 -0000\r\nlast seen 2012-07-26 06:20:03 -0000\r\nitsec.eicp.net. A 115.170.185.163\r\ncount 3\r\nfirst seen 2012-09-05 13:00:10 -0000\r\nlast seen 2012-09-05 14:40:10 -0000\r\nitsec.eicp.net. A 115.170.187.43\r\ncount 322\r\nfirst seen 2012-09-07 04:33:24 -0000\r\nlast seen 2012-09-07 23:30:01 -0000\r\nitsec.eicp.net. A 115.170.188.46\r\ncount 2\r\nfirst seen 2012-07-12 04:44:59 -0000\r\nlast seen 2012-07-12 05:14:58 -0000\r\nitsec.eicp.net. A 115.170.188.77\r\ncount 21\r\nfirst seen 2012-05-06 03:49:35 -0000\r\nlast seen 2012-05-06 15:19:35 -0000\r\nitsec.eicp.net. A 115.170.189.57\r\ncount 21\r\nfirst seen 2012-05-02 14:35:48 -0000\r\nlast seen 2012-05-02 15:41:43 -0000\r\nitsec.eicp.net. A 115.170.191.71\r\ncount 13\r\nfirst seen 2012-07-25 11:40:03 -0000\r\nlast seen 2012-07-25 23:40:03 -0000\r\nitsec.eicp.net. A 115.170.191.95\r\ncount 1\r\nfirst seen 2012-04-29 14:49:34 -0000\r\nlast seen 2012-04-29 14:49:34 -0000\r\nitsec.eicp.net. A 115.170.194.66\r\ncount 29\r\nfirst seen 2012-04-05 14:01:21 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 43 of 71\n\nlast seen 2012-04-05 15:29:45 -0000\r\nitsec.eicp.net. A 115.170.194.179\r\ncount 361\r\nfirst seen 2012-10-13 11:20:14 -0000\r\nlast seen 2012-10-13 20:09:55 -0000\r\nitsec.eicp.net. A 115.170.195.248\r\ncount 6\r\nfirst seen 2012-07-05 04:15:00 -0000\r\nlast seen 2012-07-05 06:15:00 -0000\r\nitsec.eicp.net. A 115.170.197.19\r\ncount 13\r\nfirst seen 2012-07-20 10:30:06 -0000\r\nlast seen 2012-07-21 00:00:06 -0000\r\nitsec.eicp.net. A 115.170.197.38\r\ncount 59\r\nfirst seen 2012-10-17 10:27:47 -0000\r\nlast seen 2012-10-17 16:46:18 -0000\r\nitsec.eicp.net. A 115.170.197.82\r\ncount 18\r\nfirst seen 2012-05-14 04:13:01 -0000\r\nlast seen 2012-05-14 05:44:50 -0000\r\nitsec.eicp.net. A 115.170.199.39\r\ncount 13\r\nfirst seen 2012-08-04 05:39:59 -0000\r\nlast seen 2012-08-04 14:19:59 -0000\r\nitsec.eicp.net. A 115.170.200.88\r\ncount 1\r\nfirst seen 2012-08-30 16:28:22 -0000\r\nlast seen 2012-08-30 16:28:22 -0000\r\nitsec.eicp.net. A 115.170.202.130\r\ncount 1\r\nfirst seen 2012-01-29 02:34:32 -0000\r\nlast seen 2012-01-29 02:34:32 -0000\r\nitsec.eicp.net. A 115.170.203.242\r\ncount 10\r\nfirst seen 2012-09-14 04:20:10 -0000\r\nlast seen 2012-09-14 13:00:10 -0000\r\nitsec.eicp.net. A 115.170.204.136\r\ncount 6\r\nfirst seen 2012-07-11 10:59:59 -0000\r\nlast seen 2012-07-11 13:14:59 -0000\r\nitsec.eicp.net. A 115.170.205.46\r\ncount 7\r\nfirst seen 2012-05-05 01:49:36 -0000\r\nlast seen 2012-05-05 08:19:36 -0000\r\nitsec.eicp.net. A 115.170.206.142\r\ncount 93\r\nfirst seen 2012-03-26 14:49:55 -0000\r\nlast seen 2012-03-27 01:01:52 -0000\r\nitsec.eicp.net. A 115.170.209.192\r\ncount 114\r\nfirst seen 2012-10-26 23:01:38 -0000\r\nlast seen 2012-10-27 00:53:45 -0000\r\nitsec.eicp.net. A 115.170.209.203\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 44 of 71\n\ncount 1\r\nfirst seen 2012-02-01 04:50:49 -0000\r\nlast seen 2012-02-01 04:50:49 -0000\r\nitsec.eicp.net. A 115.170.210.246\r\ncount 2\r\nfirst seen 2012-09-01 09:00:02 -0000\r\nlast seen 2012-09-01 12:20:02 -0000\r\nitsec.eicp.net. A 115.170.211.51\r\ncount 1476\r\nfirst seen 2012-09-14 23:30:11 -0000\r\nlast seen 2012-09-16 23:59:25 -0000\r\nitsec.eicp.net. A 115.170.211.134\r\ncount 2\r\nfirst seen 2012-07-11 05:29:59 -0000\r\nlast seen 2012-07-11 06:44:59 -0000\r\nitsec.eicp.net. A 115.170.212.68\r\ncount 4\r\nfirst seen 2012-07-21 11:30:06 -0000\r\nlast seen 2012-07-21 13:30:05 -0000\r\nitsec.eicp.net. A 115.170.212.70\r\ncount 238\r\nfirst seen 2012-08-23 01:18:55 -0000\r\nlast seen 2012-08-23 04:49:44 -0000\r\nitsec.eicp.net. A 115.170.212.86\r\ncount 16\r\nfirst seen 2012-11-29 15:19:53 -0000\r\nlast seen 2012-11-30 01:59:52 -0000\r\nitsec.eicp.net. A 115.170.212.115\r\ncount 1\r\nfirst seen 2012-02-04 08:48:54 -0000\r\nlast seen 2012-02-04 08:48:54 -0000\r\nitsec.eicp.net. A 115.170.212.157\r\ncount 65\r\nfirst seen 2012-04-04 14:21:15 -0000\r\nlast seen 2012-04-04 21:09:00 -0000\r\nitsec.eicp.net. A 115.170.215.138\r\ncount 350\r\nfirst seen 2012-10-24 12:20:10 -0000\r\nlast seen 2012-10-25 02:41:44 -0000\r\nitsec.eicp.net. A 115.170.217.225\r\ncount 29\r\nfirst seen 2012-10-26 18:20:08 -0000\r\nlast seen 2012-10-26 19:37:15 -0000\r\nitsec.eicp.net. A 115.170.219.89\r\ncount 17\r\nfirst seen 2012-07-02 11:00:02 -0000\r\nlast seen 2012-07-02 18:15:01 -0000\r\nitsec.eicp.net. A 115.170.219.235\r\ncount 3\r\nfirst seen 2012-10-03 11:40:04 -0000\r\nlast seen 2012-10-03 13:40:04 -0000\r\nitsec.eicp.net. A 115.170.221.125\r\ncount 1\r\nfirst seen 2011-08-25 04:35:29 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 45 of 71\n\nlast seen 2011-08-25 04:35:29 -0000\r\nitsec.eicp.net. A 115.170.231.191\r\ncount 46\r\nfirst seen 2012-05-09 14:33:03 -0000\r\nlast seen 2012-05-09 16:33:13 -0000\r\nitsec.eicp.net. A 115.170.236.178\r\ncount 1\r\nfirst seen 2012-04-30 02:19:41 -0000\r\nlast seen 2012-04-30 02:19:41 -0000\r\nitsec.eicp.net. A 115.170.237.235\r\ncount 31\r\nfirst seen 2012-04-11 04:32:02 -0000\r\nlast seen 2012-04-11 06:05:00 -0000\r\nitsec.eicp.net. A 115.170.238.56\r\ncount 151\r\nfirst seen 2012-03-10 15:52:54 -0000\r\nlast seen 2012-03-12 01:29:13 -0000\r\nitsec.eicp.net. A 115.171.4.134\r\ncount 44\r\nfirst seen 2012-04-20 13:58:49 -0000\r\nlast seen 2012-04-20 15:19:12 -0000\r\nitsec.eicp.net. A 115.171.4.239\r\ncount 63\r\nfirst seen 2012-04-09 11:21:31 -0000\r\nlast seen 2012-04-09 14:56:01 -0000\r\nitsec.eicp.net. A 115.171.5.76\r\ncount 160\r\nfirst seen 2012-03-28 04:29:32 -0000\r\nlast seen 2012-03-28 11:51:35 -0000\r\nitsec.eicp.net. A 115.171.10.216\r\ncount 8\r\nfirst seen 2012-03-01 17:49:47 -0000\r\nlast seen 2012-03-02 01:19:47 -0000\r\nitsec.eicp.net. A 115.171.15.22\r\ncount 5\r\nfirst seen 2012-02-27 18:19:50 -0000\r\nlast seen 2012-02-27 22:49:49 -0000\r\nitsec.eicp.net. A 115.171.15.58\r\ncount 10\r\nfirst seen 2012-02-29 17:19:47 -0000\r\nlast seen 2012-03-01 02:19:49 -0000\r\nitsec.eicp.net. A 115.171.17.183\r\ncount 1\r\nfirst seen 2011-08-28 09:30:45 -0000\r\nlast seen 2011-08-28 09:30:45 -0000\r\nitsec.eicp.net. A 115.171.18.98\r\ncount 56\r\nfirst seen 2012-03-28 13:58:12 -0000\r\nlast seen 2012-03-28 22:19:53 -0000\r\nitsec.eicp.net. A 115.171.34.145\r\ncount 4\r\nfirst seen 2012-03-13 16:04:13 -0000\r\nlast seen 2012-03-13 16:24:48 -0000\r\nitsec.eicp.net. A 115.171.37.32\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 46 of 71\n\ncount 202\r\nfirst seen 2012-04-17 15:11:11 -0000\r\nlast seen 2012-04-18 00:49:43 -0000\r\nitsec.eicp.net. A 115.171.37.160\r\ncount 421\r\nfirst seen 2012-04-01 13:28:25 -0000\r\nlast seen 2012-04-02 13:53:19 -0000\r\nitsec.eicp.net. A 115.171.38.40\r\ncount 417\r\nfirst seen 2012-04-06 04:32:58 -0000\r\nlast seen 2012-04-07 08:26:20 -0000\r\nitsec.eicp.net. A 115.171.40.114\r\ncount 1\r\nfirst seen 2012-01-18 10:34:52 -0000\r\nlast seen 2012-01-18 10:34:52 -0000\r\nitsec.eicp.net. A 115.171.41.235\r\ncount 170\r\nfirst seen 2012-03-17 13:27:57 -0000\r\nlast seen 2012-03-19 01:50:00 -0000\r\nitsec.eicp.net. A 115.171.45.117\r\ncount 165\r\nfirst seen 2012-04-10 13:56:18 -0000\r\nlast seen 2012-04-11 00:18:44 -0000\r\nitsec.eicp.net. A 115.171.46.36\r\ncount 33\r\nfirst seen 2012-04-16 04:24:33 -0000\r\nlast seen 2012-04-16 06:02:55 -0000\r\nitsec.eicp.net. A 115.171.47.8\r\ncount 1\r\nfirst seen 2012-05-03 04:49:37 -0000\r\nlast seen 2012-05-03 04:49:37 -0000\r\nitsec.eicp.net. A 115.171.47.154\r\ncount 274\r\nfirst seen 2012-04-12 04:24:01 -0000\r\nlast seen 2012-04-12 16:25:03 -0000\r\nitsec.eicp.net. A 115.171.49.46\r\ncount 1\r\nfirst seen 2011-10-25 05:34:55 -0000\r\nlast seen 2011-10-25 05:34:55 -0000\r\nitsec.eicp.net. A 115.171.51.175\r\ncount 2\r\nfirst seen 2012-01-06 00:33:42 -0000\r\nlast seen 2012-01-06 04:54:23 -0000\r\nitsec.eicp.net. A 115.171.61.159\r\ncount 1\r\nfirst seen 2011-08-24 12:34:23 -0000\r\nlast seen 2011-08-24 12:34:23 -0000\r\nitsec.eicp.net. A 115.171.100.183\r\ncount 17\r\nfirst seen 2012-04-25 13:29:17 -0000\r\nlast seen 2012-04-25 15:08:09 -0000\r\nitsec.eicp.net. A 115.171.112.80\r\ncount 2\r\nfirst seen 2012-02-15 14:39:28 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 47 of 71\n\nlast seen 2012-02-15 22:35:13 -0000\r\nitsec.eicp.net. A 115.171.114.160\r\ncount 126\r\nfirst seen 2012-05-10 14:11:59 -0000\r\nlast seen 2012-05-10 23:49:32 -0000\r\nitsec.eicp.net. A 115.171.116.27\r\ncount 1\r\nfirst seen 2012-01-01 12:46:09 -0000\r\nlast seen 2012-01-01 12:46:09 -0000\r\nitsec.eicp.net. A 115.171.118.227\r\ncount 34\r\nfirst seen 2012-02-25 19:19:53 -0000\r\nlast seen 2012-02-27 02:19:52 -0000\r\nitsec.eicp.net. A 115.171.119.50\r\ncount 21\r\nfirst seen 2012-03-16 14:05:50 -0000\r\nlast seen 2012-03-16 16:25:27 -0000\r\nitsec.eicp.net. A 115.171.121.27\r\ncount 51\r\nfirst seen 2012-04-20 04:20:46 -0000\r\nlast seen 2012-04-20 06:11:42 -0000\r\nitsec.eicp.net. A 115.171.124.245\r\ncount 51\r\nfirst seen 2012-04-17 04:22:55 -0000\r\nlast seen 2012-04-17 06:04:51 -0000\r\nitsec.eicp.net. A 115.171.127.215\r\ncount 5\r\nfirst seen 2012-03-22 16:00:36 -0000\r\nlast seen 2012-03-22 16:35:24 -0000\r\nitsec.eicp.net. A 115.171.128.17\r\ncount 1\r\nfirst seen 2011-09-05 04:36:11 -0000\r\nlast seen 2011-09-05 04:36:11 -0000\r\nitsec.eicp.net. A 115.171.132.26\r\ncount 4\r\nfirst seen 2012-02-18 06:40:54 -0000\r\nlast seen 2012-02-18 16:34:15 -0000\r\nitsec.eicp.net. A 115.171.132.46\r\ncount 6\r\nfirst seen 2012-01-21 04:33:13 -0000\r\nlast seen 2012-01-21 07:58:11 -0000\r\nitsec.eicp.net. A 115.171.135.11\r\ncount 1\r\nfirst seen 2011-10-11 12:15:43 -0000\r\nlast seen 2011-10-11 12:15:43 -0000\r\nitsec.eicp.net. A 115.171.138.110\r\ncount 9\r\nfirst seen 2012-03-12 16:12:28 -0000\r\nlast seen 2012-03-12 17:11:57 -0000\r\nitsec.eicp.net. A 115.171.139.104\r\ncount 1\r\nfirst seen 2011-08-19 04:17:00 -0000\r\nlast seen 2011-08-19 04:17:00 -0000\r\nitsec.eicp.net. A 115.171.141.206\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 48 of 71\n\ncount 190\r\nfirst seen 2012-04-03 14:08:15 -0000\r\nlast seen 2012-04-04 01:47:55 -0000\r\nitsec.eicp.net. A 115.171.143.109\r\ncount 5\r\nfirst seen 2010-12-01 15:20:29 -0000\r\nlast seen 2010-12-01 15:36:54 -0000\r\nitsec.eicp.net. A 116.69.44.161\r\ncount 4\r\nfirst seen 2010-12-02 05:41:35 -0000\r\nlast seen 2010-12-02 05:58:30 -0000\r\nitsec.eicp.net. A 116.69.194.241\r\ncount 131\r\nfirst seen 2010-12-02 07:37:35 -0000\r\nlast seen 2012-10-23 08:20:10 -0000\r\nitsec.eicp.net. A 120.50.35.60\r\ncount 18\r\nfirst seen 2012-03-27 08:45:05 -0000\r\nlast seen 2012-04-18 09:44:26 -0000\r\nitsec.eicp.net. A 122.147.136.56\r\ncount 30\r\nfirst seen 2012-03-02 01:49:47 -0000\r\nlast seen 2012-03-02 15:05:01 -0000\r\nitsec.eicp.net. A 123.117.16.92\r\ncount 16\r\nfirst seen 2012-03-27 23:59:35 -0000\r\nlast seen 2012-03-28 00:28:31 -0000\r\nitsec.eicp.net. A 123.117.16.231\r\ncount 20\r\nfirst seen 2012-03-27 06:26:59 -0000\r\nlast seen 2012-03-27 08:25:18 -0000\r\nitsec.eicp.net. A 123.117.19.168\r\ncount 42\r\nfirst seen 2012-03-23 15:00:45 -0000\r\nlast seen 2012-03-23 18:01:57 -0000\r\nitsec.eicp.net. A 123.117.20.202\r\ncount 10\r\nfirst seen 2012-02-24 04:43:32 -0000\r\nlast seen 2012-02-24 11:19:52 -0000\r\nitsec.eicp.net. A 123.117.22.18\r\ncount 43\r\nfirst seen 2012-10-25 23:51:08 -0000\r\nlast seen 2012-10-26 00:30:12 -0000\r\nitsec.eicp.net. A 123.120.96.128\r\ncount 4\r\nfirst seen 2012-07-26 07:00:03 -0000\r\nlast seen 2012-07-26 10:20:04 -0000\r\nitsec.eicp.net. A 123.120.96.150\r\ncount 78\r\nfirst seen 2012-05-25 00:29:26 -0000\r\nlast seen 2012-05-25 04:19:17 -0000\r\nitsec.eicp.net. A 123.120.96.159\r\ncount 3\r\nfirst seen 2012-11-23 01:19:55 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 49 of 71\n\nlast seen 2012-11-23 02:59:55 -0000\r\nitsec.eicp.net. A 123.120.96.235\r\ncount 26\r\nfirst seen 2012-04-19 00:18:16 -0000\r\nlast seen 2012-04-19 03:22:14 -0000\r\nitsec.eicp.net. A 123.120.97.27\r\ncount 136\r\nfirst seen 2012-09-26 03:03:29 -0000\r\nlast seen 2012-09-26 06:20:06 -0000\r\nitsec.eicp.net. A 123.120.97.101\r\ncount 405\r\nfirst seen 2012-06-07 07:49:10 -0000\r\nlast seen 2012-06-08 03:22:56 -0000\r\nitsec.eicp.net. A 123.120.97.156\r\ncount 12\r\nfirst seen 2012-04-12 01:06:41 -0000\r\nlast seen 2012-04-12 01:48:41 -0000\r\nitsec.eicp.net. A 123.120.97.193\r\ncount 341\r\nfirst seen 2012-10-10 18:38:52 -0000\r\nlast seen 2012-10-10 23:44:29 -0000\r\nitsec.eicp.net. A 123.120.98.22\r\ncount 1\r\nfirst seen 2012-05-31 06:49:15 -0000\r\nlast seen 2012-05-31 06:49:15 -0000\r\nitsec.eicp.net. A 123.120.98.116\r\ncount 219\r\nfirst seen 2012-09-13 00:52:22 -0000\r\nlast seen 2012-09-13 04:13:08 -0000\r\nitsec.eicp.net. A 123.120.98.161\r\ncount 164\r\nfirst seen 2012-06-18 00:19:40 -0000\r\nlast seen 2012-06-18 06:11:04 -0000\r\nitsec.eicp.net. A 123.120.99.30\r\ncount 2\r\nfirst seen 2012-09-02 23:44:23 -0000\r\nlast seen 2012-09-03 01:07:04 -0000\r\nitsec.eicp.net. A 123.120.99.39\r\ncount 4\r\nfirst seen 2012-12-05 01:00:19 -0000\r\nlast seen 2012-12-05 02:40:19 -0000\r\nitsec.eicp.net. A 123.120.99.74\r\ncount 42\r\nfirst seen 2012-09-16 23:59:53 -0000\r\nlast seen 2012-09-17 04:17:23 -0000\r\nitsec.eicp.net. A 123.120.99.86\r\ncount 1\r\nfirst seen 2012-08-27 00:20:04 -0000\r\nlast seen 2012-08-27 00:20:04 -0000\r\nitsec.eicp.net. A 123.120.99.110\r\ncount 1\r\nfirst seen 2012-05-29 06:49:18 -0000\r\nlast seen 2012-05-29 06:49:18 -0000\r\nitsec.eicp.net. A 123.120.99.151\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 50 of 71\n\ncount 56\r\nfirst seen 2012-04-19 23:46:33 -0000\r\nlast seen 2012-04-20 03:36:24 -0000\r\nitsec.eicp.net. A 123.120.99.159\r\ncount 2\r\nfirst seen 2012-07-13 00:14:58 -0000\r\nlast seen 2012-07-13 00:29:57 -0000\r\nitsec.eicp.net. A 123.120.99.190\r\ncount 17\r\nfirst seen 2012-08-29 23:49:04 -0000\r\nlast seen 2012-08-30 09:40:03 -0000\r\nitsec.eicp.net. A 123.120.100.41\r\ncount 17\r\nfirst seen 2012-09-26 23:41:23 -0000\r\nlast seen 2012-09-27 03:52:35 -0000\r\nitsec.eicp.net. A 123.120.100.90\r\ncount 42\r\nfirst seen 2012-10-16 23:49:02 -0000\r\nlast seen 2012-10-17 10:26:46 -0000\r\nitsec.eicp.net. A 123.120.100.101\r\ncount 42\r\nfirst seen 2012-04-20 06:49:48 -0000\r\nlast seen 2012-04-20 08:44:04 -0000\r\nitsec.eicp.net. A 123.120.100.205\r\ncount 8\r\nfirst seen 2012-09-18 00:34:23 -0000\r\nlast seen 2012-09-18 03:43:33 -0000\r\nitsec.eicp.net. A 123.120.101.23\r\ncount 9\r\nfirst seen 2012-07-24 07:20:04 -0000\r\nlast seen 2012-07-24 15:20:04 -0000\r\nitsec.eicp.net. A 123.120.101.94\r\ncount 29\r\nfirst seen 2012-05-07 23:47:17 -0000\r\nlast seen 2012-05-08 03:49:34 -0000\r\nitsec.eicp.net. A 123.120.101.100\r\ncount 1\r\nfirst seen 2012-10-30 08:40:07 -0000\r\nlast seen 2012-10-30 08:40:07 -0000\r\nitsec.eicp.net. A 123.120.101.162\r\ncount 11\r\nfirst seen 2012-07-02 00:09:49 -0000\r\nlast seen 2012-07-02 03:30:05 -0000\r\nitsec.eicp.net. A 123.120.101.189\r\ncount 17\r\nfirst seen 2012-10-23 23:59:06 -0000\r\nlast seen 2012-10-24 09:47:21 -0000\r\nitsec.eicp.net. A 123.120.101.204\r\ncount 1\r\nfirst seen 2012-07-11 02:14:59 -0000\r\nlast seen 2012-07-11 02:14:59 -0000\r\nitsec.eicp.net. A 123.120.102.25\r\ncount 1\r\nfirst seen 2011-10-10 06:09:30 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 51 of 71\n\nlast seen 2011-10-10 06:09:30 -0000\r\nitsec.eicp.net. A 123.120.102.114\r\ncount 5\r\nfirst seen 2012-05-30 06:19:15 -0000\r\nlast seen 2012-05-30 13:19:18 -0000\r\nitsec.eicp.net. A 123.120.102.160\r\ncount 2\r\nfirst seen 2012-05-09 01:04:11 -0000\r\nlast seen 2012-05-09 01:16:46 -0000\r\nitsec.eicp.net. A 123.120.102.212\r\ncount 1\r\nfirst seen 2012-12-04 03:40:20 -0000\r\nlast seen 2012-12-04 03:40:20 -0000\r\nitsec.eicp.net. A 123.120.102.252\r\ncount 2\r\nfirst seen 2012-11-07 23:40:04 -0000\r\nlast seen 2012-11-08 02:00:02 -0000\r\nitsec.eicp.net. A 123.120.103.6\r\ncount 5\r\nfirst seen 2012-07-25 00:20:04 -0000\r\nlast seen 2012-07-25 04:00:03 -0000\r\nitsec.eicp.net. A 123.120.103.8\r\ncount 15\r\nfirst seen 2012-09-04 00:18:43 -0000\r\nlast seen 2012-09-04 00:32:12 -0000\r\nitsec.eicp.net. A 123.120.103.50\r\ncount 1\r\nfirst seen 2012-07-20 07:00:06 -0000\r\nlast seen 2012-07-20 07:00:06 -0000\r\nitsec.eicp.net. A 123.120.103.147\r\ncount 2\r\nfirst seen 2012-06-01 01:53:59 -0000\r\nlast seen 2012-06-01 02:49:14 -0000\r\nitsec.eicp.net. A 123.120.103.242\r\ncount 3\r\nfirst seen 2012-07-06 12:45:00 -0000\r\nlast seen 2012-07-06 14:15:00 -0000\r\nitsec.eicp.net. A 123.120.104.16\r\ncount 5\r\nfirst seen 2012-07-03 06:45:01 -0000\r\nlast seen 2012-07-03 09:30:01 -0000\r\nitsec.eicp.net. A 123.120.104.49\r\ncount 13\r\nfirst seen 2012-11-08 03:00:02 -0000\r\nlast seen 2012-11-08 11:00:03 -0000\r\nitsec.eicp.net. A 123.120.104.77\r\ncount 2\r\nfirst seen 2012-07-26 01:20:03 -0000\r\nlast seen 2012-07-26 03:00:03 -0000\r\nitsec.eicp.net. A 123.120.104.93\r\ncount 1\r\nfirst seen 2012-01-25 04:33:52 -0000\r\nlast seen 2012-01-25 04:33:52 -0000\r\nitsec.eicp.net. A 123.120.105.159\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 52 of 71\n\ncount 5\r\nfirst seen 2012-07-12 06:44:59 -0000\r\nlast seen 2012-07-12 09:29:59 -0000\r\nitsec.eicp.net. A 123.120.106.70\r\ncount 3\r\nfirst seen 2012-11-06 01:40:03 -0000\r\nlast seen 2012-11-06 03:40:05 -0000\r\nitsec.eicp.net. A 123.120.106.92\r\ncount 32\r\nfirst seen 2012-05-17 23:44:22 -0000\r\nlast seen 2012-05-18 03:42:27 -0000\r\nitsec.eicp.net. A 123.120.106.139\r\ncount 40\r\nfirst seen 2012-05-11 00:10:12 -0000\r\nlast seen 2012-05-14 10:04:49 -0000\r\nitsec.eicp.net. A 123.120.106.234\r\ncount 1\r\nfirst seen 2012-05-03 03:19:38 -0000\r\nlast seen 2012-05-03 03:19:38 -0000\r\nitsec.eicp.net. A 123.120.107.6\r\ncount 3\r\nfirst seen 2012-09-24 02:37:53 -0000\r\nlast seen 2012-09-24 02:40:06 -0000\r\nitsec.eicp.net. A 123.120.107.63\r\ncount 51\r\nfirst seen 2012-04-10 06:18:58 -0000\r\nlast seen 2012-04-10 09:54:24 -0000\r\nitsec.eicp.net. A 123.120.107.82\r\ncount 30\r\nfirst seen 2012-09-07 03:02:48 -0000\r\nlast seen 2012-09-07 04:29:57 -0000\r\nitsec.eicp.net. A 123.120.107.130\r\ncount 5\r\nfirst seen 2012-07-03 00:30:02 -0000\r\nlast seen 2012-07-03 03:15:01 -0000\r\nitsec.eicp.net. A 123.120.107.173\r\ncount 41\r\nfirst seen 2012-08-31 00:00:03 -0000\r\nlast seen 2012-08-31 00:44:18 -0000\r\nitsec.eicp.net. A 123.120.107.211\r\ncount 29\r\nfirst seen 2012-10-29 00:00:07 -0000\r\nlast seen 2012-10-29 23:20:07 -0000\r\nitsec.eicp.net. A 123.120.108.2\r\ncount 3\r\nfirst seen 2012-04-17 06:41:26 -0000\r\nlast seen 2012-04-17 06:43:28 -0000\r\nitsec.eicp.net. A 123.120.108.46\r\ncount 10\r\nfirst seen 2012-07-31 01:20:01 -0000\r\nlast seen 2012-07-31 06:20:01 -0000\r\nitsec.eicp.net. A 123.120.108.71\r\ncount 3\r\nfirst seen 2012-06-25 07:20:02 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 53 of 71\n\nlast seen 2012-06-25 08:20:02 -0000\r\nitsec.eicp.net. A 123.120.108.75\r\ncount 4\r\nfirst seen 2012-09-28 08:20:06 -0000\r\nlast seen 2012-09-28 12:20:06 -0000\r\nitsec.eicp.net. A 123.120.108.98\r\ncount 162\r\nfirst seen 2012-06-05 23:34:12 -0000\r\nlast seen 2012-06-06 08:49:11 -0000\r\nitsec.eicp.net. A 123.120.108.147\r\ncount 2\r\nfirst seen 2012-05-28 07:19:16 -0000\r\nlast seen 2012-05-28 08:49:16 -0000\r\nitsec.eicp.net. A 123.120.108.176\r\ncount 51\r\nfirst seen 2012-05-23 23:54:19 -0000\r\nlast seen 2012-05-24 04:20:30 -0000\r\nitsec.eicp.net. A 123.120.108.180\r\ncount 74\r\nfirst seen 2012-10-09 23:31:16 -0000\r\nlast seen 2012-10-10 04:45:37 -0000\r\nitsec.eicp.net. A 123.120.108.212\r\ncount 2\r\nfirst seen 2012-08-31 08:20:02 -0000\r\nlast seen 2012-08-31 10:00:03 -0000\r\nitsec.eicp.net. A 123.120.108.245\r\ncount 43\r\nfirst seen 2012-10-10 23:45:30 -0000\r\nlast seen 2012-10-11 00:45:40 -0000\r\nitsec.eicp.net. A 123.120.109.88\r\ncount 13\r\nfirst seen 2012-07-06 06:15:00 -0000\r\nlast seen 2012-07-06 12:00:00 -0000\r\nitsec.eicp.net. A 123.120.109.150\r\ncount 2\r\nfirst seen 2012-06-27 07:20:01 -0000\r\nlast seen 2012-06-27 09:20:01 -0000\r\nitsec.eicp.net. A 123.120.109.158\r\ncount 5\r\nfirst seen 2012-09-05 02:47:12 -0000\r\nlast seen 2012-09-05 04:00:10 -0000\r\nitsec.eicp.net. A 123.120.110.4\r\ncount 3\r\nfirst seen 2012-12-04 00:54:51 -0000\r\nlast seen 2012-12-04 01:40:20 -0000\r\nitsec.eicp.net. A 123.120.110.25\r\ncount 1\r\nfirst seen 2012-05-17 06:49:24 -0000\r\nlast seen 2012-05-17 06:49:24 -0000\r\nitsec.eicp.net. A 123.120.110.49\r\ncount 2\r\nfirst seen 2012-09-17 23:45:23 -0000\r\nlast seen 2012-09-17 23:54:30 -0000\r\nitsec.eicp.net. A 123.120.110.52\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 54 of 71\n\ncount 1\r\nfirst seen 2012-08-31 07:00:03 -0000\r\nlast seen 2012-08-31 07:00:03 -0000\r\nitsec.eicp.net. A 123.120.110.78\r\ncount 9\r\nfirst seen 2012-11-25 23:59:54 -0000\r\nlast seen 2012-11-26 10:19:54 -0000\r\nitsec.eicp.net. A 123.120.110.172\r\ncount 6\r\nfirst seen 2012-11-30 02:59:53 -0000\r\nlast seen 2012-11-30 08:39:54 -0000\r\nitsec.eicp.net. A 123.120.110.212\r\ncount 5\r\nfirst seen 2012-07-02 07:45:01 -0000\r\nlast seen 2012-07-02 08:30:03 -0000\r\nitsec.eicp.net. A 123.120.110.233\r\ncount 11\r\nfirst seen 2012-04-18 03:22:00 -0000\r\nlast seen 2012-04-18 03:53:05 -0000\r\nitsec.eicp.net. A 123.120.111.168\r\ncount 9\r\nfirst seen 2012-10-11 23:40:15 -0000\r\nlast seen 2012-10-12 02:59:31 -0000\r\nitsec.eicp.net. A 123.120.111.201\r\ncount 6\r\nfirst seen 2012-07-06 02:30:00 -0000\r\nlast seen 2012-07-06 06:00:00 -0000\r\nitsec.eicp.net. A 123.120.112.147\r\ncount 1\r\nfirst seen 2012-06-11 02:46:56 -0000\r\nlast seen 2012-06-11 02:46:56 -0000\r\nitsec.eicp.net. A 123.120.112.180\r\ncount 102\r\nfirst seen 2012-09-25 23:43:34 -0000\r\nlast seen 2012-09-26 02:47:11 -0000\r\nitsec.eicp.net. A 123.120.112.218\r\ncount 10\r\nfirst seen 2012-11-01 03:20:07 -0000\r\nlast seen 2012-11-01 14:40:10 -0000\r\nitsec.eicp.net. A 123.120.113.17\r\ncount 7\r\nfirst seen 2012-07-17 00:14:57 -0000\r\nlast seen 2012-07-17 03:14:58 -0000\r\nitsec.eicp.net. A 123.120.113.45\r\ncount 155\r\nfirst seen 2012-10-26 00:31:27 -0000\r\nlast seen 2012-10-26 02:55:06 -0000\r\nitsec.eicp.net. A 123.120.113.120\r\ncount 9\r\nfirst seen 2012-10-25 06:20:09 -0000\r\nlast seen 2012-10-25 09:20:09 -0000\r\nitsec.eicp.net. A 123.120.113.245\r\ncount 27\r\nfirst seen 2012-09-24 02:15:59 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 55 of 71\n\nlast seen 2012-09-24 02:36:38 -0000\r\nitsec.eicp.net. A 123.120.113.251\r\ncount 10\r\nfirst seen 2012-05-28 00:49:19 -0000\r\nlast seen 2012-05-28 06:04:50 -0000\r\nitsec.eicp.net. A 123.120.114.46\r\ncount 108\r\nfirst seen 2012-04-11 07:21:58 -0000\r\nlast seen 2012-04-11 13:45:41 -0000\r\nitsec.eicp.net. A 123.120.114.90\r\ncount 2\r\nfirst seen 2012-08-02 08:00:07 -0000\r\nlast seen 2012-08-02 09:40:02 -0000\r\nitsec.eicp.net. A 123.120.114.185\r\ncount 18\r\nfirst seen 2012-10-21 23:47:27 -0000\r\nlast seen 2012-10-22 10:40:11 -0000\r\nitsec.eicp.net. A 123.120.114.207\r\ncount 75\r\nfirst seen 2012-05-10 06:18:35 -0000\r\nlast seen 2012-05-10 09:19:15 -0000\r\nitsec.eicp.net. A 123.120.114.208\r\ncount 4\r\nfirst seen 2012-07-05 07:15:01 -0000\r\nlast seen 2012-07-05 08:45:00 -0000\r\nitsec.eicp.net. A 123.120.114.228\r\ncount 1\r\nfirst seen 2012-11-15 00:39:59 -0000\r\nlast seen 2012-11-15 00:39:59 -0000\r\nitsec.eicp.net. A 123.120.114.242\r\ncount 85\r\nfirst seen 2012-06-13 23:40:45 -0000\r\nlast seen 2012-06-14 04:18:43 -0000\r\nitsec.eicp.net. A 123.120.115.194\r\ncount 1\r\nfirst seen 2012-06-19 08:50:03 -0000\r\nlast seen 2012-06-19 08:50:03 -0000\r\nitsec.eicp.net. A 123.120.115.210\r\ncount 5\r\nfirst seen 2012-09-21 03:12:19 -0000\r\nlast seen 2012-09-21 04:40:07 -0000\r\nitsec.eicp.net. A 123.120.116.52\r\ncount 10\r\nfirst seen 2012-05-21 07:19:20 -0000\r\nlast seen 2012-12-04 13:00:19 -0000\r\nitsec.eicp.net. A 123.120.116.95\r\ncount 17\r\nfirst seen 2012-11-15 04:00:00 -0000\r\nlast seen 2012-11-15 22:59:58 -0000\r\nitsec.eicp.net. A 123.120.116.168\r\ncount 180\r\nfirst seen 2012-08-29 00:40:04 -0000\r\nlast seen 2012-08-29 06:27:10 -0000\r\nitsec.eicp.net. A 123.120.116.181\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 56 of 71\n\ncount 13\r\nfirst seen 2012-04-09 09:07:53 -0000\r\nlast seen 2012-04-09 09:49:46 -0000\r\nitsec.eicp.net. A 123.120.116.185\r\ncount 1\r\nfirst seen 2012-02-03 00:35:25 -0000\r\nlast seen 2012-02-03 00:35:25 -0000\r\nitsec.eicp.net. A 123.120.117.47\r\ncount 1\r\nfirst seen 2012-11-08 23:51:19 -0000\r\nlast seen 2012-11-08 23:51:19 -0000\r\nitsec.eicp.net. A 123.120.117.74\r\ncount 16\r\nfirst seen 2012-04-26 23:39:38 -0000\r\nlast seen 2012-04-27 02:49:36 -0000\r\nitsec.eicp.net. A 123.120.117.83\r\ncount 38\r\nfirst seen 2012-04-12 23:35:39 -0000\r\nlast seen 2012-04-13 02:31:53 -0000\r\nitsec.eicp.net. A 123.120.117.100\r\ncount 9\r\nfirst seen 2012-04-16 06:25:44 -0000\r\nlast seen 2012-04-16 06:48:33 -0000\r\nitsec.eicp.net. A 123.120.117.189\r\ncount 3\r\nfirst seen 2012-06-27 00:50:04 -0000\r\nlast seen 2012-06-27 02:20:40 -0000\r\nitsec.eicp.net. A 123.120.117.214\r\ncount 64\r\nfirst seen 2012-05-21 00:01:22 -0000\r\nlast seen 2012-05-21 05:51:13 -0000\r\nitsec.eicp.net. A 123.120.118.98\r\ncount 5\r\nfirst seen 2012-10-30 03:20:07 -0000\r\nlast seen 2012-10-30 05:00:08 -0000\r\nitsec.eicp.net. A 123.120.118.101\r\ncount 2\r\nfirst seen 2012-10-07 23:58:23 -0000\r\nlast seen 2012-10-07 23:58:23 -0000\r\nitsec.eicp.net. A 123.120.118.107\r\ncount 1\r\nfirst seen 2012-06-08 03:23:26 -0000\r\nlast seen 2012-06-08 03:23:26 -0000\r\nitsec.eicp.net. A 123.120.118.127\r\ncount 14\r\nfirst seen 2012-09-23 23:44:26 -0000\r\nlast seen 2012-09-23 23:57:00 -0000\r\nitsec.eicp.net. A 123.120.118.132\r\ncount 1\r\nfirst seen 2012-07-19 07:30:07 -0000\r\nlast seen 2012-07-19 07:30:07 -0000\r\nitsec.eicp.net. A 123.120.118.139\r\ncount 38\r\nfirst seen 2012-05-13 23:52:08 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 57 of 71\n\nlast seen 2012-05-14 03:42:16 -0000\r\nitsec.eicp.net. A 123.120.118.155\r\ncount 397\r\nfirst seen 2012-09-06 06:40:09 -0000\r\nlast seen 2012-09-07 03:02:32 -0000\r\nitsec.eicp.net. A 123.120.118.180\r\ncount 4\r\nfirst seen 2012-08-03 00:00:00 -0000\r\nlast seen 2012-08-03 02:40:00 -0000\r\nitsec.eicp.net. A 123.120.118.225\r\ncount 5\r\nfirst seen 2012-04-09 01:25:33 -0000\r\nlast seen 2012-04-09 01:44:01 -0000\r\nitsec.eicp.net. A 123.120.119.41\r\ncount 1\r\nfirst seen 2012-09-10 23:41:16 -0000\r\nlast seen 2012-09-10 23:41:16 -0000\r\nitsec.eicp.net. A 123.120.119.62\r\ncount 9\r\nfirst seen 2012-11-14 03:00:00 -0000\r\nlast seen 2012-11-14 11:59:59 -0000\r\nitsec.eicp.net. A 123.120.119.82\r\ncount 1\r\nfirst seen 2012-07-18 00:30:06 -0000\r\nlast seen 2012-07-18 00:30:06 -0000\r\nitsec.eicp.net. A 123.120.119.128\r\ncount 0\r\nfirst seen 2012-06-05 01:38:46 -0000\r\nlast seen 2012-06-05 01:38:46 -0000\r\nitsec.eicp.net. A 123.120.119.144\r\ncount 11\r\nfirst seen 2012-04-25 02:19:37 -0000\r\nlast seen 2012-04-25 09:38:57 -0000\r\nitsec.eicp.net. A 123.120.120.3\r\ncount 10\r\nfirst seen 2012-09-12 02:09:37 -0000\r\nlast seen 2012-09-12 03:46:55 -0000\r\nitsec.eicp.net. A 123.120.120.35\r\ncount 32\r\nfirst seen 2012-04-18 01:21:13 -0000\r\nlast seen 2012-04-18 03:19:42 -0000\r\nitsec.eicp.net. A 123.120.120.79\r\ncount 1\r\nfirst seen 2011-12-28 02:31:43 -0000\r\nlast seen 2011-12-28 02:31:43 -0000\r\nitsec.eicp.net. A 123.120.120.82\r\ncount 1\r\nfirst seen 2012-04-27 08:19:35 -0000\r\nlast seen 2012-04-27 08:19:35 -0000\r\nitsec.eicp.net. A 123.120.120.86\r\ncount 276\r\nfirst seen 2012-06-05 10:49:13 -0000\r\nlast seen 2012-06-05 23:32:56 -0000\r\nitsec.eicp.net. A 123.120.120.154\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 58 of 71\n\ncount 16\r\nfirst seen 2012-04-26 07:19:36 -0000\r\nlast seen 2012-11-07 12:40:03 -0000\r\nitsec.eicp.net. A 123.120.120.174\r\ncount 5\r\nfirst seen 2012-10-15 23:45:45 -0000\r\nlast seen 2012-10-16 00:59:19 -0000\r\nitsec.eicp.net. A 123.120.120.235\r\ncount 6\r\nfirst seen 2012-07-19 00:30:07 -0000\r\nlast seen 2012-07-19 05:30:07 -0000\r\nitsec.eicp.net. A 123.120.120.252\r\ncount 9\r\nfirst seen 2012-08-27 00:54:34 -0000\r\nlast seen 2012-08-27 03:40:04 -0000\r\nitsec.eicp.net. A 123.120.121.6\r\ncount 3\r\nfirst seen 2012-07-09 02:59:59 -0000\r\nlast seen 2012-07-09 03:59:59 -0000\r\nitsec.eicp.net. A 123.120.121.51\r\ncount 62\r\nfirst seen 2012-06-20 23:37:13 -0000\r\nlast seen 2012-06-21 03:37:11 -0000\r\nitsec.eicp.net. A 123.120.121.53\r\ncount 1\r\nfirst seen 2012-05-29 02:49:16 -0000\r\nlast seen 2012-05-29 02:49:16 -0000\r\nitsec.eicp.net. A 123.120.121.56\r\ncount 4\r\nfirst seen 2012-09-13 06:20:10 -0000\r\nlast seen 2012-09-13 09:00:10 -0000\r\nitsec.eicp.net. A 123.120.121.80\r\ncount 10\r\nfirst seen 2012-11-29 00:19:53 -0000\r\nlast seen 2012-11-29 08:39:53 -0000\r\nitsec.eicp.net. A 123.120.121.149\r\ncount 1\r\nfirst seen 2011-12-26 02:31:38 -0000\r\nlast seen 2011-12-26 02:31:38 -0000\r\nitsec.eicp.net. A 123.120.121.164\r\ncount 29\r\nfirst seen 2012-04-16 00:36:01 -0000\r\nlast seen 2012-04-16 04:19:43 -0000\r\nitsec.eicp.net. A 123.120.122.3\r\ncount 35\r\nfirst seen 2012-05-15 06:03:10 -0000\r\nlast seen 2012-05-15 09:43:28 -0000\r\nitsec.eicp.net. A 123.120.122.46\r\ncount 4\r\nfirst seen 2012-04-28 07:19:34 -0000\r\nlast seen 2012-04-28 08:14:00 -0000\r\nitsec.eicp.net. A 123.120.122.88\r\ncount 43\r\nfirst seen 2012-10-12 03:00:01 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 59 of 71\n\nlast seen 2012-10-12 03:37:02 -0000\r\nitsec.eicp.net. A 123.120.122.102\r\ncount 5\r\nfirst seen 2012-07-29 02:20:03 -0000\r\nlast seen 2012-07-29 06:40:01 -0000\r\nitsec.eicp.net. A 123.120.122.118\r\ncount 4\r\nfirst seen 2012-07-16 01:15:01 -0000\r\nlast seen 2012-07-16 03:29:59 -0000\r\nitsec.eicp.net. A 123.120.122.141\r\ncount 117\r\nfirst seen 2012-04-13 02:38:31 -0000\r\nlast seen 2012-04-13 11:23:26 -0000\r\nitsec.eicp.net. A 123.120.122.146\r\ncount 5\r\nfirst seen 2012-09-27 07:20:06 -0000\r\nlast seen 2012-09-27 09:00:07 -0000\r\nitsec.eicp.net. A 123.120.122.158\r\ncount 5\r\nfirst seen 2012-04-12 00:15:21 -0000\r\nlast seen 2012-04-12 00:24:19 -0000\r\nitsec.eicp.net. A 123.120.122.201\r\ncount 9\r\nfirst seen 2012-09-14 02:55:38 -0000\r\nlast seen 2012-09-14 03:40:10 -0000\r\nitsec.eicp.net. A 123.120.123.46\r\ncount 24\r\nfirst seen 2012-05-11 00:22:25 -0000\r\nlast seen 2012-05-11 03:48:51 -0000\r\nitsec.eicp.net. A 123.120.123.82\r\ncount 4\r\nfirst seen 2012-06-13 06:50:05 -0000\r\nlast seen 2012-06-13 11:10:29 -0000\r\nitsec.eicp.net. A 123.120.123.125\r\ncount 61\r\nfirst seen 2012-05-09 23:47:45 -0000\r\nlast seen 2012-05-10 02:58:23 -0000\r\nitsec.eicp.net. A 123.120.123.184\r\ncount 21\r\nfirst seen 2012-08-01 00:20:01 -0000\r\nlast seen 2012-08-01 07:20:01 -0000\r\nitsec.eicp.net. A 123.120.123.186\r\ncount 1\r\nfirst seen 2012-02-17 06:43:29 -0000\r\nlast seen 2012-02-17 06:43:29 -0000\r\nitsec.eicp.net. A 123.120.123.229\r\ncount 29\r\nfirst seen 2012-10-26 02:56:22 -0000\r\nlast seen 2012-10-26 04:16:22 -0000\r\nitsec.eicp.net. A 123.120.124.16\r\ncount 1\r\nfirst seen 2011-10-09 06:06:33 -0000\r\nlast seen 2011-10-09 06:06:33 -0000\r\nitsec.eicp.net. A 123.120.124.33\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 60 of 71\n\ncount 4\r\nfirst seen 2012-07-31 07:00:00 -0000\r\nlast seen 2012-07-31 09:20:01 -0000\r\nitsec.eicp.net. A 123.120.124.41\r\ncount 3\r\nfirst seen 2012-04-09 23:41:17 -0000\r\nlast seen 2012-04-09 23:49:46 -0000\r\nitsec.eicp.net. A 123.120.124.43\r\ncount 2\r\nfirst seen 2012-05-02 02:19:39 -0000\r\nlast seen 2012-05-02 02:49:37 -0000\r\nitsec.eicp.net. A 123.120.124.55\r\ncount 5\r\nfirst seen 2012-10-23 01:02:52 -0000\r\nlast seen 2012-10-23 04:40:09 -0000\r\nitsec.eicp.net. A 123.120.124.74\r\ncount 35\r\nfirst seen 2012-10-18 00:08:44 -0000\r\nlast seen 2012-10-18 10:13:14 -0000\r\nitsec.eicp.net. A 123.120.124.149\r\ncount 2\r\nfirst seen 2012-06-25 00:20:03 -0000\r\nlast seen 2012-06-25 00:50:03 -0000\r\nitsec.eicp.net. A 123.120.124.165\r\ncount 4\r\nfirst seen 2012-07-11 07:29:58 -0000\r\nlast seen 2012-07-11 08:29:59 -0000\r\nitsec.eicp.net. A 123.120.124.168\r\ncount 10\r\nfirst seen 2012-07-29 07:00:12 -0000\r\nlast seen 2012-07-29 12:20:02 -0000\r\nitsec.eicp.net. A 123.120.124.197\r\ncount 6\r\nfirst seen 2012-05-08 07:19:33 -0000\r\nlast seen 2012-05-08 09:49:33 -0000\r\nitsec.eicp.net. A 123.120.125.4\r\ncount 5\r\nfirst seen 2012-08-03 10:20:01 -0000\r\nlast seen 2012-08-03 13:19:59 -0000\r\nitsec.eicp.net. A 123.120.125.156\r\ncount 12\r\nfirst seen 2012-06-12 06:50:06 -0000\r\nlast seen 2012-06-12 13:50:05 -0000\r\nitsec.eicp.net. A 123.120.125.225\r\ncount 10\r\nfirst seen 2012-10-02 00:22:10 -0000\r\nlast seen 2012-10-02 03:43:44 -0000\r\nitsec.eicp.net. A 123.120.125.226\r\ncount 53\r\nfirst seen 2012-04-17 06:47:00 -0000\r\nlast seen 2012-04-17 09:19:42 -0000\r\nitsec.eicp.net. A 123.120.125.245\r\ncount 35\r\nfirst seen 2012-04-09 23:57:04 -0000\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 61 of 71\n\nlast seen 2012-04-10 03:32:06 -0000\r\nitsec.eicp.net. A 123.120.126.23\r\ncount 4\r\nfirst seen 2012-07-27 00:20:02 -0000\r\nlast seen 2012-07-27 03:40:02 -0000\r\nitsec.eicp.net. A 123.120.126.56\r\ncount 17\r\nfirst seen 2012-05-17 07:58:47 -0000\r\nlast seen 2012-05-17 09:49:23 -0000\r\nitsec.eicp.net. A 123.120.126.60\r\ncount 6\r\nfirst seen 2012-06-29 00:50:00 -0000\r\nlast seen 2012-06-29 03:50:00 -0000\r\nitsec.eicp.net. A 123.120.126.86\r\ncount 41\r\nfirst seen 2012-04-27 23:35:11 -0000\r\nlast seen 2012-04-28 02:19:35 -0000\r\nitsec.eicp.net. A 123.120.126.103\r\ncount 16\r\nfirst seen 2012-10-31 02:20:09 -0000\r\nlast seen 2012-10-31 08:20:07 -0000\r\nitsec.eicp.net. A 123.120.126.116\r\ncount 13\r\nfirst seen 2012-11-04 23:57:18 -0000\r\nlast seen 2012-11-05 10:40:04 -0000\r\nitsec.eicp.net. A 123.120.126.127\r\ncount 159\r\nfirst seen 2012-09-21 00:49:28 -0000\r\nlast seen 2012-09-21 03:11:04 -0000\r\nitsec.eicp.net. A 123.120.126.139\r\ncount 14\r\nfirst seen 2012-11-22 00:39:57 -0000\r\nlast seen 2012-11-22 07:39:55 -0000\r\nitsec.eicp.net. A 123.120.126.140\r\ncount 3\r\nfirst seen 2012-07-27 07:40:02 -0000\r\nlast seen 2012-07-27 10:00:03 -0000\r\nitsec.eicp.net. A 123.120.126.163\r\ncount 33\r\nfirst seen 2012-04-23 00:49:38 -0000\r\nlast seen 2012-04-23 15:03:53 -0000\r\nitsec.eicp.net. A 123.120.126.186\r\ncount 5\r\nfirst seen 2012-09-20 07:40:08 -0000\r\nlast seen 2012-09-20 13:40:07 -0000\r\nitsec.eicp.net. A 123.120.126.225\r\ncount 48\r\nfirst seen 2012-06-15 01:20:03 -0000\r\nlast seen 2012-06-15 04:20:03 -0000\r\nitsec.eicp.net. A 123.120.127.23\r\ncount 5\r\nfirst seen 2012-11-12 00:00:01 -0000\r\nlast seen 2012-11-12 06:40:00 -0000\r\nitsec.eicp.net. A 123.120.127.59\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 62 of 71\n\ncount 1\r\nfirst seen 2012-05-25 09:19:18 -0000\r\nlast seen 2012-05-25 09:19:18 -0000\r\nitsec.eicp.net. A 123.120.127.87\r\ncount 2\r\nfirst seen 2012-08-02 00:20:03 -0000\r\nlast seen 2012-08-02 03:20:03 -0000\r\nitsec.eicp.net. A 123.120.127.143\r\ncount 82\r\nfirst seen 2012-11-28 00:19:54 -0000\r\nlast seen 2012-11-28 23:39:54 -0000\r\nitsec.eicp.net. A 123.120.127.160\r\ncount 9\r\nfirst seen 2012-11-20 23:59:56 -0000\r\nlast seen 2012-11-21 09:39:56 -0000\r\nitsec.eicp.net. A 123.120.127.210\r\ncount 44\r\nfirst seen 2012-04-11 00:51:02 -0000\r\nlast seen 2012-04-11 09:14:49 -0000\r\nitsec.eicp.net. A 204.16.193.12\r\ncount 1677\r\nfirst seen 2011-09-01 01:38:29 -0000\r\nlast seen 2012-12-04 05:00:22 -0000\r\nitsec.eicp.net. A 209.11.241.144\r\nThe Windows pcap has October 2012 timestamps due to wrong time / date in the sandbox vm, please disregard, it is actually\r\nNov.30, 2012. \r\nFile: file.tmp\r\nSize: 61435\r\nMD5:  C3432C1BBDF17EBAF1E10392CF630847 \r\nKERNEL32.DLL\r\nButton\r\nAllow\r\nIdentity Protection\r\nAllow for all\r\nAVG Firewall Asks for Confirmation\r\nLoad\r\nSoftware\\Microsoft\\Windows\\CurrentVersion\\Run\r\n0x1A7B4C9F\r\nCorExitProcess\r\nmscoree.dll\r\nruntime error \r\nTLOSS error\r\nSING error\r\nDOMAIN error\r\nR6033\r\n- Attempt to use MSIL code from this assembly during native code initialization\r\nThis indicates a bug in your application. It is most likely the result of calling an MSIL-compiled (/clr) function from a native\r\nconstructor or from DllMain.\r\nR6032\r\n- not enough space for locale information\r\nR6031\r\n- Attempt to initialize the CRT more than once.\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 63 of 71\n\nThis indicates a bug in your application.\r\nR6030\r\n- CRT not initialized\r\nR6028\r\n- unable to initialize heap\r\nR6027\r\n- not enough space for lowio initialization\r\nR6026\r\n- not enough space for stdio initialization\r\nR6025\r\n- pure virtual function call\r\nR6024\r\n- not enough space for _onexit/atexit table\r\nR6019\r\n- unable to open console device\r\nR6018\r\n- unexpected heap error\r\nR6017\r\n- unexpected multithread lock error\r\nR6016\r\n- not enough space for thread data\r\nR6010\r\n- abort() has been called\r\nR6009\r\n- not enough space for environment\r\nR6008\r\n- not enough space for arguments\r\nR6002\r\n- floating point support not loaded\r\n8j@\r\n@i@\r\n@h@\r\nxg@\r\n(g@\r\nHf@\r\nxb@\r\n\\b@\r\n@b@\r\n8b@\r\n@Microsoft Visual C++ Runtime Library\r\n...\r\n\u003cprogram name unknown\u003e\r\nRuntime Error!\r\nProgram: \r\nFlsFree\r\nFlsSetValue\r\nFlsGetValue\r\nFlsAlloc\r\nGetProcessWindowStation\r\nGetUserObjectInformationW\r\nGetLastActivePopup\r\nGetActiveWindow\r\nMessageBoxW\r\nUSER32.DLL\r\nHH:mm:ss\r\ndddd, MMMM dd, yyyy\r\nMM/dd/yy\r\nDecember\r\nNovember\r\nOctober\r\nSeptember\r\nAugust\r\nJuly\r\nJune\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 64 of 71\n\nApril\r\nMarch\r\nFebruary\r\nJanuary\r\nDec\r\nNov\r\nOct\r\nSep\r\nAug\r\nJul\r\nJun\r\nMay\r\nApr\r\nMar\r\nFeb\r\nJan\r\nSaturday\r\nFriday\r\nThursday\r\nWednesday\r\nTuesday\r\nMonday\r\nSunday\r\nSat\r\nFri\r\nThu\r\nWed\r\nTue\r\nMon\r\nSun\r\nHH:mm:ss\r\ndddd, MMMM dd, yyyy\r\nMM/dd/yy\r\nDecember\r\nNovember\r\nOctober\r\nSeptember\r\nAugust\r\nJuly\r\nJune\r\nApril\r\nMarch\r\nFebruary\r\nJanuary\r\nDec\r\nNov\r\nOct\r\nSep\r\nAug\r\nJul\r\nJun\r\nMay\r\nApr\r\nMar\r\nFeb\r\nJan\r\nSaturday\r\nFriday\r\nThursday\r\nWednesday\r\nTuesday\r\nMonday\r\nSunday\r\nSat\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 65 of 71\n\nFri\r\nThu\r\nWed\r\nTue\r\nMon\r\nSun\r\n         (((((                  H\r\n         h((((                  H\r\n                                 H\r\n !\"#$%\u0026'()*+,-./0123456789:;\u003c=\u003e?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\r\n !\"#$%\u0026'()*+,-./0123456789:;\u003c=\u003e?\r\n@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\r\n\"/@\r\n\u0026/@\r\na6@\r\n)@@\r\nqH@\r\nlstrlenA\r\nVirtualFree\r\nReadFile\r\nSetFilePointer\r\nGetFileSize\r\nCreateFileA\r\nCloseHandle\r\nGetLastError\r\nCreateMutexA\r\nKERNEL32.dll\r\nGetCommandLineA\r\nHeapSetInformation\r\nTerminateProcess\r\nGetCurrentProcess\r\nUnhandledExceptionFilter\r\nSetUnhandledExceptionFilter\r\nIsDebuggerPresent\r\nIsProcessorFeaturePresent\r\nGetProcAddress\r\nGetModuleHandleW\r\nExitProcess\r\nDecodePointer\r\nWriteFile\r\nGetStdHandle\r\nGetModuleFileNameW\r\nGetModuleFileNameA\r\nWideCharToMultiByte\r\nSetHandleCount\r\nInitializeCriticalSectionAndSpinCount\r\nGetFileType\r\nGetStartupInfoW\r\nDeleteCriticalSection\r\nEncodePointer\r\nTlsAlloc\r\nTlsGetValue\r\nTlsSetValue\r\nTlsFree\r\nInterlockedIncrement\r\nSetLastError\r\nGetCurrentThreadId\r\nInterlockedDecrement\r\nHeapCreate\r\nQueryPerformanceCounter\r\nGetTickCount\r\nGetCurrentProcessId\r\nGetSystemTimeAsFileTime\r\nLeaveCriticalSection\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 66 of 71\n\nEnterCriticalSection\r\nLoadLibraryW\r\nHeapFree\r\nSleep\r\nGetCPInfo\r\nGetACP\r\nGetOEMCP\r\nIsValidCodePage\r\nRtlUnwind\r\nHeapSize\r\nHeapAlloc\r\nHeapReAlloc\r\nLCMapStringW\r\nMultiByteToWideChar\r\nGetStringTypeW\r\n                          \r\nabcdefghijklmnopqrstuvwxyz\r\nABCDEFGHIJKLMNOPQRSTUVWXYZ\r\n                          \r\nabcdefghijklmnopqrstuvwxyz\r\nABCDEFGHIJKLMNOPQRSTUVWXYZ\r\n|p@\r\ntp@\r\nlp@\r\n`p@\r\nTp@\r\nLp@\r\n@p@\r\n\u003cp@\r\n8p@\r\n4p@\r\n0p@\r\n,p@\r\n(p@\r\n$p@\r\n p@\r\n,p@\r\nto@\r\nlo@\r\ndo@\r\n\\o@\r\nTo@\r\nLo@\r\nDo@\r\n\u003co@\r\n,o@\r\nxn@\r\npn@\r\nhn@\r\n`n@\r\nPn@\r\n\u003cn@\r\n0n@\r\n$n@\r\ndm@\r\nPm@\r\n(v@\r\n\u003cassembly xmlns=\"urn:schemas-microsoft-com:asm.v1\" manifestVersion=\"1.0\"\u003e\r\n  \u003ctrustInfo xmlns=\"urn:schemas-microsoft-com:asm.v3\"\u003e\r\n    \u003csecurity\u003e\r\n      \u003crequestedPrivileges\u003e\r\n        \u003crequestedExecutionLevel level=\"asInvoker\" uiAccess=\"false\"\u003e\u003c/requestedExecutionLevel\u003e\r\n      \u003c/requestedPrivileges\u003e\r\n    \u003c/security\u003e\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 67 of 71\n\n\u003c/trustInfo\u003e\r\n\u003c/assembly\u003ePAPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPAD\r\n1*151@1K1U1Z1k1v1\r\n2 2?2E2{2\r\n3!3@3F3\r\n4#4/4;4C4L4Y4g4w4\r\n555\u003c5I5j5w5\r\n5\u00266?6]6q6\r\n607\r\n8Z8_8i8\r\n8*90969\u003c9B9H9O9V9]9d9k9r9y9\r\n:1;7;D;J;S;Z;|;\r\n\u003c.\u003c8\u003c=\u003cY\u003cc\u003cy\u003c\r\n=A=H=b=i=\r\n=6\u003eI\u003e[\u003e\r\n\u003e/?\u003c?Q?\r\n2 2*2;2F2\r\n4%4*404\r\n425\u003e5X5~5\r\n6V6`6\r\n7'7U7x7~7\r\n8!8-838;8A8M8S8`8j8p8z8\r\n9G9M9S9i9\r\n9!:D:N:\r\n; ;(;/;4;\u003c;E;Q;V;[;a;e;k;p;v;{;\r\n\u003c5\u003cY\u003ce\u003cq\u003c\r\n=N\u003eh\u003e\r\n?\u003c?B?G?S?Z?d?v?\r\n0@0\r\n1#1R1X1`1\r\n2r2{2\r\n3'393\r\n4#404n4u4\r\n5;5N5U5]5\r\n6.6\r\n6H7M7_7}7\r\n9\u00269/9:9?9H9R9]9\r\n\u003c \u003c\r\n=C=L=X=\r\n\u003e$\u003e\r\n0_0g0|0\r\n1A1x1\r\n102M2\r\n3$3\r\n4%4A4J4P4Y4^4m4\r\n4M5\r\n506\r\n6G7u7\r\n8Q8\r\n9::l:\r\n; ;$;(;,;0;z;\r\n\u003c$\u003c(\u003c,\u003cM\u003cw\u003c\r\n= =$=(=\r\n\u003e#\u003e\r\n?$?0?g?\r\n{0K1\r\n2l6~6\r\n7\"747F7X7j7|7\r\n7A8M8\r\n8n:\r\n;$;,;4;\u003c;D;\r\n8$9(9H9h9t9\r\n:4:8:X:x:\r\n3H7H8L8P8T8X8\\8`8d8h8l8p8t8x8|8\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 68 of 71\n\n9 9$9(9,9094989\u003c9@9D9H9L9P9T9X9\\9`9d9h9l9p9t9x9|9\r\n:(:8:H:l:x:|:\r\nu{}r\r\nffhfffofff\r\neffKfffHbffGfff=bff2\r\nffffffgfff\r\nWPH\r\nffffff\r\nffffffffffff\r\nffffffffffff\r\nffffffffff\r\nQffffffffffff\r\nffffffff\r\nffffffff:\"\r\nfffffffffffffffffffffffffffffffffffffffffffffffffffff\r\n\\RRUffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffV\\^VffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffV\\\r\nfffffffffffffO\r\noXZ\r\n4XY\r\n,Sc\r\nff!\r\n!fOff\r\nffFf\r\n!fOffa\r\nff%f\r\n!fOff\r\n!fOff\u003e\r\nff4e\r\n!fOff\r\n!fOff\r\nff.fp\r\nfOf\r\nT#xY\r\n;FC\r\n.]km\r\npB!3\r\n2_ws\r\nM32crsvadt\r\npiva\r\nu32r3semp2\r\nf,Z\r\nfqq\r\nIff\r\nq2.\r\nfqff\r\nqnIq\r\nqvw\r\nq*Iq\r\nf{r\r\nXZY5A\r\ngl]\r\ngsY\r\nVj9\r\n23016A45boB\r\n.iot\r\noniinptpt\r\nf,f\r\nf,f\r\npV,\r\nn[/g\r\nYogjY\r\ngs]\r\nSARTWMiE\\oscrt\\ofndWis\\owrrCutVensier\\Ionerntt nettSegsinro\r\nPEnxyleabro\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 69 of 71\n\nPSexyerrvtt\r\nZ[XYFGDE\r\nHINO\r\n23016745:;89\u003e\r\n!\u0026'$%*S()VWTUBC@A^_\\]bc`afgdejkh\r\nnstlm\r\nqupz\r\nBC@AFGDEJK\"INOLMR\r\n!# H\u0026'$%*+().0,-3/126745:;89\u003e\r\nVWTU\r\n[XZ\r\n\\]bc\r\nhiopmnstqrwxuv\r\n !\"%\r\n\u003c()\u0026',.*+-1/052348967$\u003e:#AB\r\n?DF@C\r\n*j=\r\n*j=\r\n*j=\r\n*j=\r\n*j=\r\n,e5\r\nf,f\r\nf,f\r\n8f,\r\nf,f\r\nf,f\r\nf,f\r\nM_C\r\natreogeLreTh\r\nQ`y\r\n_!$\r\nYa^3r\r\nrnke32elll.dni\r\nIaltieCiztirilScatiec\r\nIZ!f\r\ngnY\r\ngsY/g\r\n[n]gi\r\ngl]\r\n/In\r\nrnke32elll.dni\r\nIaltieCiztirilScatiec\r\nonu\r\nK nh\r\nK nh\r\n[nh\r\n{a_\r\n{Y\u003c\r\ncIvGJe\r\nnlwionogxe.eIN\r\nWGOLOEXN.sfE\r\ndlc.sfl\r\nosc_ll.dRQ\r\nYhj2\r\nCYZ_^\r\nVWRQ\r\nrttaSY %EMSTOTROsy%\\emst\r\nC321.:\\t\r\nba67cdBCB1\r\nhVj\r\nPh3\r\nPjj\r\n3VW\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 70 of 71\n\nG f0f\r\nPA3\r\ne@H\r\n:VWj\r\n^Y]_\r\n0dg@\r\nt2P\r\n3P3\r\n4CX\r\nj=A\r\nV67\r\nOdV\r\ni3gddl2.Crl\r\nteeaA\r\nDCtDGeicevapeCCrs\r\nteeampCoibatDClere\r\nCeCatpaombltiiteBp\r\nmaleSeObctctjeit\r\nBltOGeecbj\r\nGtAStetkOocecbjSet\r\nctlelePae\r\nttalReePizetal\r\nGteDIettsBiel\r\nDeOetecbjDet\r\ntele\r\nDDCPLIS\r\nWAYStin\r\nDa0auef\r\nQ!Jy\r\n,},y\r\nf,f,\r\nf,f\r\nf,f,\r\nYnzKX\r\n!,I\r\n!,]\r\n%,Q\r\n%,m\r\n_3s2dl2.wil\r\nownddls.nol\r\ne0isat.dub\r\nsdas.ret\r\n.dgs\r\nsatr.sgt\r\ndandwis.onl\r\ndlplexerorxe.etf\r\ncn.moe\r\nexnwwim.ore\r\nff1da\r\na\u003cf\r\na\u003cf\r\ne=f\r\na=f\r\nSource: http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nhttp://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html\r\nPage 71 of 71",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"Malpedia"
	],
	"references": [
		"http://contagiodump.blogspot.com/2012/12/osxdockstera-and-win32trojanagentaxmo.html"
	],
	"report_names": [
		"osxdockstera-and-win32trojanagentaxmo.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434015,
	"ts_updated_at": 1775791288,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/39fa5d4aea8b0e20cc087271b8ef1edfd6c3fa2a.pdf",
		"text": "https://archive.orkl.eu/39fa5d4aea8b0e20cc087271b8ef1edfd6c3fa2a.txt",
		"img": "https://archive.orkl.eu/39fa5d4aea8b0e20cc087271b8ef1edfd6c3fa2a.jpg"
	}
}