Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

22 August 2009
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:48:00 WinXP 70.233.93.15 (SBCGLOBAL.NET):
PPPOX POOL - BRAS12.MRDNCT,
CONNECTICUT, US. (DSL) 		n/a US:www.altavista.com
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		32 of 32 bb7681eca8
NEW 		none[3] none:none
 tElock| none trace
T:00:48:00 Win2K-f 174.6.21.151 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:34:00 WinXP 71.97.11.146 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
GRAPEVINE, TEXAS, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 32		 53bfe15e91
NEW
73f1082158
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:02:41:00 Win2K-f 114.203.72.50 (-):
. 		91.121.221.157:65520 EU:proxima.ircgalaxy.pl
US:microsoft.com
CN:gidromash.cn
CN:ottopay.cn 		135 pcap raw alerts
ruleset 		irc
http
121 lines 		Yeah : 1.8
profile 		none summary
tarball 		34 of 36
29 of 32
8 of 41		 99b248336f
NEW
9d677c3f70
NEW
dedb9bcef0
NEW 		c64bd1a776 [0]
77e75ff10f[0]
23233d4cd8[0] 		none:none
none:none
none:none
 Armadillo|
tElock|
Xtreme-Pr| 		none
none
none 		trace
trace
trace
T:04:04:00 Win2K-f 118.171.100.108 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:04:08:00 WinXP 95.90.71.33 (-):
. 		n/a US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
14 lines 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 4720a9e8e1
NEW 		14ce89722f [0] none:none
 none|none none trace
T:04:25:00 Win2K-f 78.8.193.131 (NET.PL):
DIALOG,
WROCLAW, DOLNOSLASKIE, PL. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 41 6fb044ef43
NEW 		15fab32ab4 [0] none:none
 none|none none trace
T:04:26:00 WinXP 78.54.192.185 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		91.121.221.157:65520 FR:proxim.ircgalaxy.pl
CN:gidromash.cn
:onuka.cn
CN:211.95.79.170:80
93.174.92.197:80 		445 pcap raw alerts
ruleset 		ftp
irc
47 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 56af7cda64
NEW 		59a8ecf27a [0] none:none
 EXECrypto| none trace
T:04:32:00 Win2K-f 118.160.152.192 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
33 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:04:41:00 WinXP 187.3.227.151 (-):
. 		66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 40 f3393f124f
NEW 		fe7a78a0d4 [0] none:none
 Xtreme-Pr| none trace
T:04:58:00 WinXP 95.88.222.108 (-):
. 		66.252.13.214:2081 US:s.unicat.org
US:66.252.13.214:2081 		445 pcap raw alerts
ruleset 		ftp
irc
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:05:00:00 WinXP 78.234.198.161 (PRESTONAUTO.COM):
PROXAD INTERNET SERVICE PROVIDER IN FRANCE,
PARIS, ILE-DE-FRANCE, FR. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:05:15:00 WinXP 94.251.147.21 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
31 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41 cb54b4a23f
NEW 		e535663426 [0] none:none
 none|none none trace
T:05:20:00 WinXP 118.161.76.182 (-):
. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41 67a66839f7
NEW 		7b1fc808a3 [0] none:none
 none|none none trace
T:05:26:00 Win2K-f 91.66.0.29 (SUPERKABEL.DE):
KABEL DEUTSCHLAND BREITBAND SERVICE GMBH,
DE. 		66.252.13.214:2081 US:s.unicat.org 445 pcap raw alerts
ruleset 		ftp
irc
30 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 4bfbff7c4f
NEW 		174b1c6ae6 [0] none:none
 none|none none trace
T:05:29:00 WinXP 78.58.121.254 (ZEBRA.LT):
LIETUVOS,
LT. 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:06:33:00 Win2K-f 63.246.125.200 (SPEAKEASY.NET):
US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:07:02:00 WinXP 125.58.94.139 (-):
. 		61.120.62.28:3305 TH:cx10man.weedns.com
JP:fx010413.whyI.org
JP:gynoman.weedns.com
JP:61.120.62.28:3305 		135 pcap raw alerts
ruleset 		irc
875 lines 		Yeah : 1.8
profile 		none summary
tarball 		39 of 41 dba298277c
NEW 		e499a208a6 [0] none:none
 StarForce| none trace
T:07:04:00 WinXP 200.209.168.230 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		39 of 41 0505ea7e51
NEW 		6fde8a0b6c [0] none:none
 PolyEnE| none trace
T:07:19:00 WinXP 89.247.150.69 (VERSANET.DE):
VERSATEL NORD-DEUTSCHLAND GMBH,
DE. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
NEW 		none[0] none:none
 none|none lines=61 trace
T:09:05:00 WinXP 4.174.133.15 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BLOOMSBURG, PENNSYLVANIA, US. (DIAL) 		n/a   135 pcap raw alerts
ruleset 		other
106 lines 		Yeah : 1.3
profile 		none summary
tarball 		13 of 41
39 of 41		 18bf5d4bfa
NEW
a38e89b47b
NEW 		none[3]
3b422ec4b8[0] 		none:none
none:none
 none|none
Armadillo| 		none
none 		trace
trace
T:10:24:00 WinXP 69.201.152.203 (RR.COM):
ROAD RUNNER HOLDCO LLC,
NEW YORK, NEW YORK, US. 		n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:10:26:00 Win2K-f 66.63.82.207 (SUSCOM-MAINE.NET):
GREAT WORKS INTERNET,
BRUNSWICK, MAINE, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
60 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
8 of 33		 53bfe15e91
NEW
b7082104e4
NEW 		1473091351 [0]
c5b49e7b82[0] 		ASM:Graph
ASM:Graph
 tElock|
tElock| 		lines=75
embedded dns
lines=41 		trace
trace
T:10:42:00 WinXP 94.245.206.73 (-):
. 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 74c3429921
NEW 		1265c25f7f [0] none:none
 PolyEnE| none trace
T:12:10:00 WinXP 68.207.156.161 (RR.COM):
ROAD RUNNER HOLDCO LLC,
BRADENTON, FLORIDA, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
111 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 40
38 of 41		 2af52db3b1
NEW
b7f678bb46
NEW 		19058c064c [0]
241640c9af[0] 		none:none
none:none
 tElock|
Armadillo| 		none
none 		trace
trace
T:12:37:00 Win2K-f 71.121.197.170 (VERIZON.NET):
VERIZON INTERNET SERVICES INC,
FERNDALE, WASHINGTON, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 9689955972
NEW
dd4ce370d6
NEW 		ee0e757aa0 [0]
d78fee1b64[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:12:44:00 WinXP 78.38.64.74 (-):
INFORMATION TECHNOLOGY COMPANY (ITC),
IR. 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:12:46:00 WinXP 76.175.123.142 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHINO HILLS, CALIFORNIA, US. 		n/a   135 pcap raw alerts
ruleset 		other
1009 lines 		Yeah : 1.3
profile 		none summary
tarball 		30 of 41 59e1723b67
NEW 		none[3] none:none
 none|none none trace
T:13:46:00 Win2K-f 130.13.51.139 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 41 894e794b2b
NEW 		aeb41eb7b9 [0] none:none
 Obsidium| none trace
14:07:00 Win2K-f 130.13.51.139 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
16 lines 		Yeah : 1.3
profile 		none summary
tarball 		36 of 41 894e794b2b
NEW 		aeb41eb7b9 [0] none:none
 Obsidium| none trace
T:14:15:00 WinXP 61.221.250.18 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TW. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
79 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
57ce4acac2
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:15:07:00 WinXP 76.15.116.142 (-):
. 		n/a RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 d42c1cc7c0
NEW 		none[0] ASM:Graph
 PolyEnE| lines=54 trace
T:15:08:00 Win2K-f 222.158.77.7 (INFOWEB.NE.JP):
INFOWEB(FUJITSU LTD.),
TOKYO, TOKYO, JP. (DIAL) 		n/a CZ:qtas.net 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		17 of 41 d92a274b45
NEW 		77e666b997 [0] none:none
 FSG| none trace
T:15:30:00 WinXP 4.153.207.244 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
BIRMINGHAM, ALABAMA, US. (DIAL) 		82.98.86.170:80 DE:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
DE:ebookfinaltrash.ru
:wpad
US:spt.information.com 		445 pcap raw alerts
ruleset 		http
http
http
http
http
32 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:15:47:00 WinXP 61.221.119.126 (HINET.NET):
DATA COMMUNICATION BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (100Mbps) 		n/a   135 pcap raw alerts
ruleset 		other
55 lines 		Yeah : 1.3
profile 		none summary
tarball 		0 of 33 57ce4acac2
NEW 		none[0] none:none
 Armadillo| lines=90 trace
T:15:52:00 Win2K-f 196.208.48.2 (TELKOM-IPNET.CO.ZA):
AFRINIC,
PIETERMARITZBURG, KWAZULU-NATAL, ZA. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
158 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
57ce4acac2
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:16:32:00 WinXP 187.3.233.208 (-):
. 		91.121.83.177:6668 FR:2ch.pass.as 445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41 e60f0e8b8d
NEW 		c32885aa0e [0] none:none
 tElock| none trace
T:16:40:00 WinXP 118.20.55.210 (-):
. 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 32 741e3b03b3
NEW 		none[0] none:none
 none|none lines=61 trace
T:16:40:00 Win2K-f 201.17.189.239 (STERLINGSTUDENTS.NET):
COMITE GESTOR DA INTERNET NO BRASIL,
BR. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 41 7466a3e142
NEW 		c32885aa0e [0] none:none
 tElock| none trace
17:19:00 Win2K-f 60.173.92.88 (AH163.NET):
CHINANET ANHUI PROVINCE NETWORK,
BEIJING, BEIJING, CN. 		n/a US:www.maxmind.com
US:www.getmyip.org
US:getmyip.co.uk
:checkip.dyndns.org
US:65.254.39.170:80
US:67.15.94.80:80 		445 pcap raw alerts
ruleset 		http
3 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:17:42:00 WinXP 78.54.120.106 (ALICEDSL.DE):
HANSENET TELEKOMMUNIKATION GMBH,
HAMBURG, HAMBURG, DE. (DSL) 		91.121.83.177:6667 FR:mssql.pass.as 445 pcap raw alerts
ruleset 		ftp
irc
41 lines 		Yeah : 1.3
profile 		none summary
tarball 		22 of 41 063cd6b348
NEW 		2e70168b39 [0] none:none
 StarForce| none trace
T:17:53:00 WinXP 24.242.249.16 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HOUSTON, TEXAS, US. 		n/a EU:siliconfireware.ru
US:searchportal.information.com
US:spi.domainsponsor.com
:wpad
EU:78.47.200.154:80 		445 pcap raw alerts
ruleset 		http
http
http
29 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29
0 of 41		 df17a625ee
NEW
eb4c22a23b
NEW 		none[0]
none [4] 		none:none
none:none
 ASPack|
none|none 		lines=298
embedded dns
none 		trace
trace
T:18:44:00 Win2K-f 92.225.193.175 (APEXCOVANTAGE.COM):
EU-ZZ,
UK. 		91.121.83.177:6668 FR:2ch.pass.as 445 pcap raw alerts
ruleset 		ftp
irc
29 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41 3c149ef467
NEW 		c32885aa0e [0] none:none
 tElock| none trace
T:18:58:00 Win2K-f 4.226.171.14 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
NASHVILLE, TENNESSEE, US. (DIAL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:19:03:00 Win2K-f 67.79.122.204 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CLEARWATER, FLORIDA, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		none none none none none none none
T:19:03:00 WinXP 92.41.90.107 (IKBCC.COM):
EU-ZZ,
UK. 		n/a RU:citi-bank.ru
RU:213.219.245.212:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:19:32:00 Win2K-f 190.174.51.127 (-):
. 		n/a   445 pcap raw alerts
ruleset 		ftp
12 lines 		Yeah : 0.8
profile 		none summary
tarball 		17 of 41 d135daee79
NEW 		87c951bc6a [0] none:none
 StarForce| none trace
T:20:07:00 WinXP 130.13.39.100 (QWEST.NET):
QWEST BROADBAND SERVICES INC,
PHOENIX, ARIZONA, US. 		213.219.245.212:80 RU:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 b062182bb1
NEW 		1fb7e59bf8 [0] none:none
 PolyEnE| none trace
T:20:24:00 Win2K-f 221.139.99.127 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, KYONGGI-DO, KR. 		91.121.221.157:65520 US:microsoft.com
FR:proxim.ircgalaxy.pl
CN:gidromash.cn
CN:211.95.79.170:80 		135 pcap raw alerts
ruleset 		irc
131 lines 		Yeah : 1.8
profile 		none summary
tarball 		30 of 33
28 of 33		 533d15b5ce
NEW
58c343a8d8
NEW 		c67adf46e2 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=126
embedded dns
lines=91 		trace
trace
T:20:48:00 WinXP 124.66.254.219 (FCH.NE.JP):
FUREAI CHANNEL INC,
HIROSHIMA, HIROSHIMA, JP. 		n/a US:www.altavista.com
US:www.yahoo.com
:jbeegvia.ru 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		31 of 32 17028f1eda
NEW 		none[3] none:none
 tElock| none trace
T:21:55:00 WinXP 24.31.221.225 (RR.COM):
ROAD RUNNER HOLDCO LLC,
MYRTLE BEACH, SOUTH CAROLINA, US. 		n/a DE:siliconfireware.ru
US:searchportal.information.com
US:spt.information.com
US:spi.domainsponsor.com
GB:welcome3.smile.co.uk
:wpad
GB:195.92.84.198:80
US:208.73.210.123:80
DE:212.227.111.29:80 		445 pcap raw alerts
ruleset 		http
http
http
17 lines 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 a12cab51ef
NEW 		none[0] none:none
 ASPack| lines=281
embedded dns 		trace
T:22:47:00 WinXP 96.53.222.120 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
39 of 41		 6fd48852e9
NEW
f53517274a
NEW 		2e7246931f [0]
6b9036f578[0] 		none:none
none:none
 Armadillo|
tElock| 		none
none 		trace
trace
T:23:04:00 Win2K-f 70.182.172.62 (COX.NET):
COX COMMUNICATIONS,
ATLANTA, GEORGIA, US. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace