Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

24 October 2008
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

14:54:00 WinXP 217.203.232.129 (-):
TELECOM ITALIA MOBILE,
IT. n/a RU:moscow-advokat.ru
SE:ozbytes.dal.net
SE:qis.md.us.dal.net
SE:coins.dal.net
:caen.fr.eu.undernet.org
SE:viking.dal.net
:flanders.be.eu.undernet.org
:gaspode.zanet.org.za
SE:broadway.ny.us.dal.net
:washington.dc.us.undernet.org
:los-angeles.ca.us.undernet.org
:lulea.se.eu.undernet.org
SE:vancouver.dal.net
US:lia.zanet.net
NL:diemen.nl.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:22 hits: 10-08 to 10-22] none[none] none:none
none|none none none

T:14:54:00 WinXP 217.203.232.129 (-):
TELECOM ITALIA MOBILE,
IT. n/a RU:moscow-advokat.ru
SE:broadway.ny.us.dal.net
NO:london.uk.eu.undernet.org 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 34 of 36 96d089e522
[Firefox:22 hits: 10-08 to 10-22] none[none] none:none
none|none none none

15:50:00 Win2K-f 4.167.210.75 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WEST PALM BEACH, FLORIDA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

15:51:00 WinXP 87.78.192.140 (NETCOLOGNE.DE):
NETCOLOGNE GMBH,
COLOGNE, NORDRHEIN-WESTFALEN, DE. (DSL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 35 of 36 4ed031d88c
[Firefox: 2 hits: 10-20 to 10-21] none[none] none:none
none|none none none

T:16:00:00 WinXP 4.131.104.232 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
CHICAGO, ILLINOIS, US. (DIAL) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 36 of 36 71b183b0c8
[Firefox:33 hits: 09-17 to 10-22] none[none] none:none
none|none none none

T:16:01:00 WinXP 41.214.180.32 (-):
. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:19 hits: 10-03 to 10-21] none[none] none:none
none|none none none

16:01:00 WinXP 98.175.27.122 (-):
. n/a US:microsoft.com
:parex-bank.ru 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

T:16:06:00 WinXP 4.167.210.75 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
WEST PALM BEACH, FLORIDA, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:15:00 WinXP 130.13.171.126 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:773 hits: 12-31 to 10-22] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

16:15:00 Win2K-f 121.73.21.143 (TELSTRACLEAR.NET):
TELSTRACLEAR WELLINGTON CABLE CUSTOMERS,
WELLINGTON, WELLINGTON, NZ. (DSL) n/a 135 pcap raw alerts
ruleset other
348 lines Yeah : 1.3
profile none summary
tarball 32 of 36
34 of 36 7f89b38665
[Firefox:29 hits: 08-02 to 10-22]
a51a50404e
[Firefox:29 hits: 08-02 to 10-22] none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:16:21:00 WinXP 82.235.26.27 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 7f06d6ebfa
NEW none[none] none:none
none|none none none

T:16:25:00 WinXP 74.232.78.48 (BELLSOUTH.NET):
BELLSOUTH.NET INC,
US. (DSL) n/a US:www.microsoft.com
:wpad
US:runonce.msn.com
US:www.yahoo.com
US:l.yimg.com
US:us.a2.yimg.com
US:us.bc.yahoo.com 445 pcap raw alerts
ruleset http
40 lines Argh : 0.3
profile none summary
tarball none none none none none none none

16:32:00 WinXP 82.235.26.27 (PROXAD.NET):
PROXAD / FREE SAS,
PARIS, ILE-DE-FRANCE, FR. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7f06d6ebfa
NEW none[none] none:none
none|none none none

T:16:36:00 WinXP 65.190.167.117 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 986b59708d
[Firefox:110 hits: 01-14 to 10-20] 8a00217866 [0] ASM:Graph
PolyEnE| lines=57 trace

16:36:00 WinXP 65.190.167.117 (RR.COM):
ROAD RUNNER HOLDCO LLC,
RALEIGH, NORTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 15 of 32 1bda547787
NEW none[none] none:none
none|none none none

T:16:45:00 WinXP 24.79.209.149 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1367 hits: 12-31 to 10-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

16:46:00 WinXP 24.79.209.149 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) 194.54.90.246:80 UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1367 hits: 12-31 to 10-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:16:51:00 WinXP 220.130.194.247 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32
0 of 33 57ce4acac2
[Firefox:286 hits: 06-17 to 10-22]
83f26f5044
[Firefox:30 hits: 06-20 to 10-21]
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22] 57ce4acac2 [1]
none [4]
e07c29c4ae[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
FSG| lines=81
none
lines=92 trace
trace
trace

T:16:58:00 WinXP 99.152.71.150 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

16:58:00 WinXP 70.15.64.55 (PTD.NET):
PENTELEDATA INC. - CABLE,
SELINSGROVE, PENNSYLVANIA, US. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

16:59:00 WinXP 24.144.43.115 (CONWAYCORP.NET):
CONWAY CORPORATION,
CONWAY, ARKANSAS, US. (DSL) 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 33 of 36 0e5f51ee8e
[Firefox: 7 hits: 10-11 to 10-15] none[none] none:none
none|none none none

17:17:00 Win2K-f 60.251.198.97 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
134 lines Yeah : 1.8
profile none summary
tarball 35 of 36
32 of 36
0 of 32 7ca2287333
[Firefox: 2 hits: 10-03 to 10-11]
95ccd6eb89
[Firefox: 2 hits: 10-03 to 10-11]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:17:25:00 WinXP 98.133.78.158 (-):
ALLTEL MIP CUSTOMERS - LITTLE ROCK,
LITTLE ROCK, ARKANSAS, US. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a84ffdf670
[Firefox:17 hits: 09-14 to 10-10] none[none] none:none
none|none none none

T:17:27:00 WinXP 79.163.167.189 (-):
IDEA,
PL. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
3 lines Yeah : 1.3
profile none summary
tarball 35 of 36 6b3beaea1a
[Firefox: 4 hits: 10-21 to 10-22] none[none] none:none
none|none none none

T:17:35:00 WinXP 92.40.23.253 (IKBCC.COM):
EU-ZZ,
UK. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 36 of 36 a0012f058f
[Firefox: 3 hits: 10-20 to 10-22] none[none] none:none
none|none none none

18:03:00 Win2K-f 68.147.151.75 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
677 lines Yeah : 1.3
profile none summary
tarball 32 of 36 074bc0e111
NEW none[none] none:none
none|none none none

18:04:00 WinXP 75.138.114.154 (CHARTER.COM):
CHARTER COMMUNICATIONS,
HICKORY, NORTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 7e8bfa9b49
[Firefox:18 hits: 10-01 to 10-17] none[none] none:none
none|none none none

18:04:00 WinXP 96.49.24.154 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 45d3b6bd28
[Firefox: 2 hits: 10-15 to 10-21] none[none] none:none
none|none none none

18:19:00 WinXP 189.48.105.213 (BRASILTELECOM.NET.BR):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:los-angeles.ca.us.undernet.org
:gaspode.zanet.org.za
US:lia.zanet.net
:caen.fr.eu.undernet.org
AT:graz.at.eu.undernet.org
SE:ozbytes.dal.net 445 pcap raw alerts
ruleset http
irc
12 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b23ffca78e
NEW none[none] none:none
none|none none none

18:19:00 WinXP 115.80.61.201 (-):
. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

T:18:29:00 WinXP 70.15.81.29 (PTD.NET):
PENTELEDATA INC. - CABLE,
MILFORD, PENNSYLVANIA, US. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

18:29:00 WinXP 70.15.81.29 (PTD.NET):
PENTELEDATA INC. - CABLE,
MILFORD, PENNSYLVANIA, US. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
5 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

T:18:46:00 WinXP 190.18.83.203 (-):
. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 32 of 36 519def95b1
NEW none[none] none:none
none|none none none

18:47:00 WinXP 186.9.97.74 (-):
. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1367 hits: 12-31 to 10-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:18:56:00 WinXP 66.153.180.33 (SCCOAST.NET):
HTC COMMUNICATIONS LLC,
CONWAY, SOUTH CAROLINA, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
191 lines Yeah : 1.3
profile none summary
tarball 34 of 36
0 of 33
34 of 36 5555eea43b
NEW
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22]
fe125e6415
NEW none[none]
e07c29c4ae[1]
none [none] none:none
ASM:Graph
none:none
none|none
FSG|
none|none none
lines=92
none none
trace
none

T:18:56:00 Win2K-f 68.74.120.92 (AMERITECH.NET):
PPPOX POOL - RBACK1 EMHRIL,
CHICAGO, ILLINOIS, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

18:59:00 WinXP 117.99.36.133 (XLRI.AC.IN):
BHARTI AIRTEL LTD,
DELHI, DELHI, IN. n/a RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 25 of 25 7f60162c2c
[Firefox:773 hits: 12-31 to 10-22] 1aad8e4632 [0] ASM:Graph
PolyEnE| lines=93
embedded dns trace

T:19:06:00 WinXP 70.15.70.173 (PTD.NET):
PENTELEDATA INC. - CABLE,
SELINSGROVE, PENNSYLVANIA, US. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
10 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

19:06:00 WinXP 70.15.70.173 (PTD.NET):
PENTELEDATA INC. - CABLE,
SELINSGROVE, PENNSYLVANIA, US. 194.54.90.246:80 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

19:09:00 Win2K-f 173.16.128.165 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
8 of 33 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22]
b7082104e4
[Firefox:220 hits: 06-18 to 10-22] none[4]
b5919931fe[1]
none [4] none:none
ASM:Graph
none:none
tElock|
ASProtect|
tElock| none
lines=90
none trace
trace
trace

19:25:00 Win2K-f 220.130.83.3 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
96 lines Yeah : 1.3
profile none summary
tarball 0 of 33
29 of 32
0 of 32 57ce4acac2
[Firefox:286 hits: 06-17 to 10-22]
83f26f5044
[Firefox:30 hits: 06-20 to 10-21]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] 57ce4acac2 [1]
none [4]
b5919931fe[1] ASM:Graph
none:none
ASM:Graph
Armadillo|
tElock|
ASProtect| lines=81
none
lines=90 trace
trace
trace

19:38:00 Win2K-f 68.147.47.150 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
113 lines Yeah : 1.3
profile none summary
tarball 31 of 36
33 of 36
0 of 32 48b1b31d93
NEW
6bd53e0271
NEW
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[none]
none [none]
b5919931fe[1] none:none
none:none
ASM:Graph
none|none
none|none
ASProtect| none
none
lines=90 none
none
trace

T:19:47:00 WinXP 70.15.65.146 (PTD.NET):
PENTELEDATA INC. - CABLE,
SELINSGROVE, PENNSYLVANIA, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
irc
4 lines Yeah : 1.3
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

T:19:50:00 WinXP 68.149.93.69 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
6 lines Yeah : 1.3
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox:13 hits: 08-06 to 10-07] none[none] none:none
none|none none none

19:50:00 WinXP 68.149.93.69 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.8
profile none summary
tarball 35 of 36 c9d01112a8
[Firefox:13 hits: 08-06 to 10-07] none[none] none:none
none|none none none

20:07:00 WinXP 200.216.142.209 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
RU:194.6.222.11:6667 445 pcap raw alerts
ruleset http
irc
3 lines Yeah : 1.3
profile none summary
tarball 34 of 36 a2d01a2465
NEW none[none] none:none
none|none none none

T:20:07:00 WinXP 200.216.142.209 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) n/a 445 pcap raw alerts
ruleset http
6 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

20:18:00 WinXP 222.147.227.85 (OCN.NE.JP):
OPEN COMPUTER NETWORK,
JP. n/a 445 pcap raw alerts
ruleset shell
ftp
16 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:619 hits: 01-01 to 10-22] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:20:29:00 Win2K-f 4.88.84.110 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
US. (DIAL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

20:31:00 WinXP 70.60.10.186 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NASHPORT, OHIO, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 33 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22]
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22] none[4]
73f1082158[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

T:20:47:00 WinXP 24.79.249.21 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b27d73bfcb
NEW none[none] none:none
none|none none none

T:20:52:00 WinXP 24.83.3.82 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
US:do-make-progress.com
:xpas-2009.com
:wpad
115.126.2.121:65520 135 pcap raw alerts
ruleset http
irc
134 lines Yeah : 1.8
profile none summary
tarball none
none
17 of 36
0 of 33
11 of 36 05b1ed9c9c
[Firefox: 4 hits: 09-22 to 10-07]
0c87a74ebe
[Firefox: 4 hits: 09-22 to 10-07]
2bd4f7f555
NEW
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22]
fb8f82fcb3
NEW none[none]
none [none]
none [none]
e07c29c4ae[1]
none [none] none:none
none:none
none:none
ASM:Graph
none:none
none|none
none|none
none|none
FSG|
none|none none
none
none
lines=92
none none
none
none
trace
none

T:20:54:00 Win2K-f 98.175.27.122 (-):
. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

T:21:09:00 WinXP 24.197.139.140 (CHARTER.COM):
CHARTER COMMUNICATIONS,
GREENVILLE, SOUTH CAROLINA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 c91dfdf79a
[Firefox: 2 hits: 10-20 to 10-20] none[none] none:none
none|none none none

T:21:09:00 Win2K-f 125.215.205.184 (IMSBIZ.COM):
PCCW BUSINESS INTERNET ACCESS,
HONG KONG, HONG KONG (SAR), HK. (100Mbps) n/a 135 pcap raw alerts
ruleset other
52 lines Yeah : 1.3
profile none summary
tarball 0 of 33 57ce4acac2
[Firefox:286 hits: 06-17 to 10-22] 57ce4acac2 [1] ASM:Graph
Armadillo| lines=81 trace

21:09:00 WinXP 65.173.141.167 (MAYSVILLEKY.NET):
LIME STONE CABLE,
MAYSVILLE, KENTUCKY, US. (DSL) n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1367 hits: 12-31 to 10-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:21:16:00 WinXP 72.174.70.48 (BRESNAN.NET):
BRESNAN COMMUNICATIONS LLC,
PURCHASE, NEW YORK, US. 115.126.2.121:65520 :proxim.ircgalaxy.pl
115.126.2.121:65520 445 pcap raw alerts
ruleset http
irc
23 lines Yeah : 1.3
profile none summary
tarball 34 of 36 b07d6955cd
NEW none[none] none:none
none|none none none

T:21:17:00 WinXP 203.91.186.214 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
60 lines Yeah : 1.3
profile none summary
tarball 33 of 33
8 of 33
0 of 33 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
b7082104e4
[Firefox:220 hits: 06-18 to 10-22]
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22] none[4]
none [4]
e07c29c4ae[1] none:none
none:none
ASM:Graph
tElock|
tElock|
FSG| none
none
lines=92 trace
trace
trace

21:18:00 WinXP 219.132.160.19 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
GUANGZHOU, GUANGDONG, CN. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 33 of 36 49cf7deac1
NEW none[none] none:none
none|none none none

T:21:20:00 WinXP 219.132.160.19 (163DATA.COM.CN):
CHINANET GUANGDONG PROVINCE NETWORK,
GUANGZHOU, GUANGDONG, CN. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 b52d214d08
[Firefox:21 hits: 10-05 to 10-22] none[none] none:none
none|none none none

21:25:00 WinXP 70.119.51.201 (RR.COM):
ROAD RUNNER HOLDCO LLC,
ORLANDO, FLORIDA, US. n/a 445 pcap raw alerts
ruleset http
1 line Argh : 0.3
profile none summary
tarball none none none none none none none

T:21:34:00 Win2K-f 70.71.77.35 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) n/a :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset irc
http
947 lines Yeah : 1.3
profile none summary
tarball 0 of 32
32 of 36
34 of 36 b5919931fe
[Firefox:899 hits: 06-20 to 10-22]
b6c47a5781
NEW
b9881a6247
NEW b5919931fe [1]
none [none]
none [none] ASM:Graph
none:none
none:none
ASProtect|
none|none
none|none lines=90
none
none trace
none
none

T:21:41:00 WinXP 117.67.61.160 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. n/a :proxim.ircgalaxy.pl
RU:moscow-advokat.ru
:fleshkatera.cn
SE:vancouver.dal.net
SE:ced.dal.net
NL:diemen.nl.eu.undernet.org 445 pcap raw alerts
ruleset http
irc
10 lines Yeah : 0.8
profile none summary
tarball 35 of 36 a8d74af6d5
[Firefox: 3 hits: 10-04 to 10-21] none[none] none:none
none|none none none

22:01:00 WinXP 118.21.14.206 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:619 hits: 01-01 to 10-22] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

T:22:08:00 WinXP 83.167.120.182 (-):
COMCOR-TV_CLIENTS_S04_,
RU. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 f3440caba1
NEW none[none] none:none
none|none none none

22:15:00 Win2K-f 24.84.105.97 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
LANGLEY, BRITISH COLUMBIA, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
:fleshkatera.cn
:lolika.cn
:www.upononjob.cn
:mulfika.cn
115.126.2.121:65520 135 pcap raw alerts
ruleset irc
http
140 lines Yeah : 1.8
profile none summary
tarball none
none
22 of 36
0 of 32
13 of 36
11 of 36 05b1ed9c9c
[Firefox: 4 hits: 09-22 to 10-07]
0c87a74ebe
[Firefox: 4 hits: 09-22 to 10-07]
72f02bd342
NEW
b5919931fe
[Firefox:899 hits: 06-20 to 10-22]
dabddee32a
NEW
fb8f82fcb3
NEW none[none]
none [none]
none [none]
b5919931fe[1]
none [none]
none [none] none:none
none:none
none:none
ASM:Graph
none:none
none:none
none|none
none|none
none|none
ASProtect|
none|none
none|none none
none
none
lines=90
none
none none
none
none
trace
none
none

22:18:00 WinXP 70.64.11.252 (GASOC.COM):
SHAW COMMUNICATIONS INC,
SASKATOON, SASKATCHEWAN, CA. (DSL) 194.54.90.246:80 :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 34 of 36 644ab77c01
NEW none[none] none:none
none|none none none

T:22:24:00 WinXP 118.21.14.206 (-):
. n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 29 of 29 831f4ee0a7
[Firefox:619 hits: 01-01 to 10-22] eb7546c600 [0] ASM:Graph
none|none lines=61 trace

22:31:00 Win2K-f 190.176.132.40 (-):
. 115.126.2.121:65520 :proxim.ircgalaxy.pl 445 pcap raw alerts
ruleset irc
9 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

22:34:00 WinXP 218.164.37.240 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
KAOHSIUNG, KAO-HSIUNG, TW. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:22:41:00 WinXP 59.99.44.247 (10/24.BSNL.IN):
NIB (NATIONAL INTERNET BACKBONE),
DELHI, DELHI, IN. n/a UA:citi-bank.ru
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1367 hits: 12-31 to 10-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

T:22:49:00 WinXP 71.113.77.184 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
LYNNWOOD, WASHINGTON, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
77 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 33 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
a08f3b74a4
[Firefox:1196 hits: 06-18 to 10-22]
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22] none[4]
a08f3b74a4[1]
e07c29c4ae[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
FSG| none
lines=81
lines=92 trace
trace
trace

22:50:00 WinXP 24.83.3.82 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
BURNABY, BRITISH COLUMBIA, CA. (DSL) 115.126.2.121:65520 :proxim.ircgalaxy.pl
US:microsoft.com
US:download.microsoft.com
115.126.2.121:65520
US:205.128.73.126:80 135 pcap raw alerts
ruleset http
irc
123 lines Yeah : 1.8
profile none summary
tarball none
none
0 of 33 05b1ed9c9c
[Firefox: 4 hits: 09-22 to 10-07]
0c87a74ebe
[Firefox: 4 hits: 09-22 to 10-07]
e07c29c4ae
[Firefox:673 hits: 06-19 to 10-22] none[none]
none [none]
e07c29c4ae[1] none:none
none:none
ASM:Graph
none|none
none|none
FSG| none
none
lines=92 none
none
trace

T:22:52:00 WinXP 68.149.65.107 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a 135 pcap raw alerts
ruleset other
621 lines Yeah : 1.3
profile none summary
tarball 24 of 36 a98417e0fd
NEW none[none] none:none
none|none none none

T:22:53:00 WinXP 97.76.75.251 (-):
. n/a :proxim.ircgalaxy.pl
UA:citi-bank.ru
115.126.2.121:65520
UA:194.54.90.246:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 36 of 36 4c934f9489
[Firefox: 5 hits: 10-07 to 10-22] none[none] none:none
none|none none none

22:55:00 WinXP 82.232.109.154 (PROXAD.NET):
PROXAD / FREE SAS,
NICE, PROVENCE-ALPES-COTE D'AZUR, FR. n/a RU:moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 4e14a0bb6c
NEW none[none] none:none
none|none none none

22:57:00 Win2K-f 202.40.179.22 (RANKSITT.NET):
INTERNET AND WAN SERVICE PROVIDER,
DHAKA, DHAKA, BD. n/a 135 pcap raw alerts
ruleset other
18 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:00:00 Win2K-f 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
a08f3b74a4
[Firefox:1196 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

23:04:00 Win2K-f 24.213.224.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
AMSTERDAM, NEW YORK, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
a08f3b74a4
[Firefox:1196 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

23:15:00 Win2K-f 68.149.177.132 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
EDMONTON, ALBERTA, CA. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22] none[4]
73f1082158[1] none:none
ASM:Graph
tElock|
Armadillo| none
lines=81 trace
trace

23:18:00 Win2K-f 68.75.16.245 (AMERITECH.NET):
PPPOX POOL RBACK4.WOTNOH,
COLUMBUS, OHIO, US. (DSL) n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

23:24:00 WinXP 80.64.86.199 (CN.RU):
N-NET 203 ETHERNET DHCP POOL,
NOVOSIBIRSK, NOVOSIBIRSKAYA OBLAST', RU. (100Mbps) n/a UA:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:19 hits: 10-03 to 10-21] none[none] none:none
none|none none none

T:23:24:00 WinXP 80.64.86.199 (CN.RU):
N-NET 203 ETHERNET DHCP POOL,
NOVOSIBIRSK, NOVOSIBIRSKAYA OBLAST', RU. (100Mbps) n/a 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 35 of 36 632e315db2
[Firefox:19 hits: 10-03 to 10-21] none[none] none:none
none|none none none

23:32:00 WinXP 115.80.182.206 (-):
. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 29 of 29 a0139d7ad8
[Firefox:174 hits: 01-03 to 10-22] d9e9662db1 [0] ASM:Graph
PolyEnE| lines=68 trace

23:33:00 WinXP 218.173.139.245 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TW. 194.54.90.246:80 UA:citi-bank.ru
EU:kidos-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 35 of 36 632e315db2
[Firefox:19 hits: 10-03 to 10-21] none[none] none:none
none|none none none

T:23:33:00 WinXP 69.85.106.219 (ELLIJAY.COM):
ELLIJAY COMMUNITY TELEVISION,
BLUE RIDGE, GEORGIA, US. 194.54.90.246:80 UA:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
[Firefox:1367 hits: 12-31 to 10-22] 7a70e1b592 [0] ASM:Graph
PolyEnE| lines=68 trace

23:36:00 WinXP 4.143.17.115 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
MINNEAPOLIS, MINNESOTA, US. (DIAL) n/a 135 pcap raw alerts
ruleset other
145 lines Yeah : 1.3
profile none summary
tarball 32 of 36 0617ab2cf7
[Firefox: 3 hits: 08-05 to 09-29] none[none] none:none
none|none none none

T:23:42:00 WinXP 79.163.138.45 (-):
IDEA,
PL. n/a 445 pcap raw alerts
ruleset shell
ftp
14 lines Yeah : 1.3
profile none summary
tarball none none none none none none none

T:23:44:00 Win2K-f 203.91.191.104 (STARCAT.NE.JP):
KMN CORPORATION,
NAGOYA, AICHI, JP. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
a08f3b74a4
[Firefox:1196 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
a08f3b74a4[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace

23:46:00 Win2K-f 66.88.98.162 (XO.NET):
XO COMMUNICATIONS,
HOLLYWOOD, FLORIDA, US. n/a US:microsoft.com
US:download.microsoft.com 135 pcap raw alerts
ruleset http
76 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32
0 of 32 53bfe15e91
[Firefox:3321 hits: 06-17 to 10-22]
73f1082158
[Firefox:1638 hits: 06-18 to 10-22]
b5919931fe
[Firefox:899 hits: 06-20 to 10-22] none[4]
73f1082158[1]
b5919931fe[1] none:none
ASM:Graph
ASM:Graph
tElock|
Armadillo|
ASProtect| none
lines=81
lines=90 trace
trace
trace