|
Time |
Victim OS |
Infection Source |
C&C Server |
DNS Lookups & Failed Connects |
Infection Port |
Packet Trace |
Detection Signatures |
Infection Chatter |
BotHunter Analysis |
Behavioral Cluster |
Forensic Logs |
Antivirus Labels |
Packed Malware_Binary |
Unpacked egg.exe |
Unpacked egg.asm |
Packer PEID |
Data Strings |
Syscall Trace |
| T:01:17:00 | Win2K-f | 211.243.36.149 (SONICANT.CO.KR): THRUNET CO. LTD, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
88.198.228.238:65520 | US:microsoft.com DE:proxim.ircgalaxy.pl :www.liagand.cn EU:pozeml.com :pozemle.cn EU:streq.cn :horobl.cn CN:down1130.iwillhavesexygirls.com CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc http 142 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 4 of 41 28 of 32 11 of 41 |
8a75955033 NEW 8e7cffa818 NEW 9276c8b36b NEW a2ce42b73d NEW |
2bf3e548b9 [0] none [none] none [0] none [none] |
ASM:Graph none:none ASM:Graph none:none |
tElock| none|none Armadillo| none|none |
lines=126 embedded dns none lines=81 none |
trace none trace none |
| T:01:26:00 | WinXP | 213.76.165.99 (NET.PL): LIQUID SYSTEMS SP. Z O.O, WARSAW, WARSZAWA, PL. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 | 5cf77dd9c4 NEW |
none[none] | none:none |
none|none | none | none |
| T:01:36:00 | Win2K-f | 69.193.23.52 (RR.COM): ROAD RUNNER HOLDCO LLC, HERNDON, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1000 lines |
Yeah : 1.3 profile |
none | summary tarball |
7 of 41 | 38389f6e06 NEW |
none[none] | none:none |
none|none | none | none | |
| T:02:03:00 | Win2K-f | 209.33.46.124 (CEBRIDGE.NET): JASONVILLE IN CUSTOMERS, JASONVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 0 of 33 |
7d20fe8724 NEW a08f3b74a4 NEW |
a879c90084 [0] none [0] |
none:none none:none |
tElock| Armadillo| |
none lines=90 |
trace trace |
| T:02:13:00 | Win2K-f | 110.9.189.143 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
88.198.228.238:65520 193.104.94.11:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com EU:pozeml.com :pozemle.cn CN:down1130.iwillhavesexygirls.com :monstersoftware.info CN:av.lometr.pl CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc http 111 lines |
Yeah : 1.8 profile |
none | summary tarball |
31 of 33 23 of 41 4 of 41 11 of 41 39 of 41 8 of 41 |
168aab35a3 NEW 357486dae7 NEW 8e7cffa818 NEW a2ce42b73d NEW aa6d257461 NEW b3c0c9527b NEW |
60b730b97e [0] none [none] none [none] none [none] none [none] none [none] |
ASM:Graph none:none none:none none:none none:none none:none |
tElock| StarForce| none|none none|none none|none none|none |
lines=120 embedded dns none none none none none |
trace trace none none none none |
| T:02:26:00 | Win2K-f | 172.130.98.145 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:04:00 | Win2K-f | 174.6.21.151 (SHAWCABLE.NET): SHAW COMMUNICATIONS INC, WINNIPEG, MANITOBA, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:03:10:00 | Win2K-f | 61.99.41.160 (SONICANT.CO.KR): THRUNET CO. LTD, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
193.104.94.11:65520 88.198.228.238:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com :monstersoftware.info CN:down1130.iwillhavesexygirls.com EU:pozeml.com :pozemle.cn FR:193.104.94.11:65520 CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc http 170 lines |
Yeah : 1.8 profile |
none | summary tarball |
5 of 41 31 of 33 39 of 41 4 of 41 11 of 41 |
3f9d2019e7 NEW 6e2eaa0359 NEW 71ece09646 NEW 8e7cffa818 NEW a2ce42b73d NEW |
none[none] none [4] 5e74a7c1aa[0] none [none] none [none] |
none:none none:none none:none none:none none:none |
none|none PolyEnE| Armadillo| none|none none|none |
none none none none none |
none trace trace none none |
| 03:25:00 | Win2K-f | 196.44.150.115 (PINNACLE-NETWORKS.COM): AFRINIC, WINDHOEK, WINDHOEK, NA. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | d9cb288f31 NEW |
45603a001c [0] | ASM:Graph |
UPX| | lines=174 embedded dns |
trace |
| T:03:25:00 | WinXP | 112.110.204.13 (-): GPRS VAS SERVICES, IN. (DSL) |
n/a | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
29 of 29 | f502585714 NEW |
none[0] | none:none |
PolyEnE| | lines=63 | trace |
| T:03:43:00 | Win2K-f | 114.207.173.89 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
88.198.228.238:65520 | US:microsoft.com DE:proxim.ircgalaxy.pl CN:av.lometr.pl EU:pozeml.com :pozemle.cn CN:down1130.iwillhavesexygirls.com CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc http 109 lines |
Yeah : 1.8 profile |
none | summary tarball |
23 of 41 30 of 33 4 of 41 11 of 41 2 of 35 |
357486dae7 NEW 6ec2a8994b NEW 8e7cffa818 NEW a2ce42b73d NEW bcf66a38c8 NEW |
none[none] 398aab9636[0] none [none] none [none] 570133b348[0] |
none:none none:none none:none none:none none:none |
StarForce| tElock| none|none none|none Armadillo| |
none none none none none |
trace trace none none trace |
| T:03:59:00 | Win2K-f | 218.210.252.208 (SPARQNET.NET): NEW CENTRY INFOCOM TECH. CO. LTD, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW 57ce4acac2 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:05:46:00 | Win2K-f | 110.12.45.97 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
193.104.94.11:65520 | DE:proxim.ircgalaxy.pl US:microsoft.com EU:pozeml.com :pozemle.cn |
135 | pcap | raw alerts ruleset |
irc http 119 lines |
Yeah : 1.8 profile |
none | summary tarball |
29 of 32 4 of 41 28 of 32 11 of 41 |
8a75955033 NEW 8e7cffa818 NEW 9276c8b36b NEW a2ce42b73d NEW |
2bf3e548b9 [0] none [none] none [0] none [none] |
ASM:Graph none:none ASM:Graph none:none |
tElock| none|none Armadillo| none|none |
lines=126 embedded dns none lines=81 none |
trace none trace none |
| T:05:51:00 | Win2K-f | 113.252.178.151 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 1002 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 41 | 559acaa271 NEW |
none[none] | none:none |
none|none | none | trace | |
| T:06:04:00 | Win2K-f | 113.254.185.76 (HUTCHCITY.COM): HUTCHISON GLOBAL COMMUNICATIONS, HONG KONG, HONG KONG (SAR), HK. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 99 lines |
Yeah : 1.3 profile |
none | summary tarball |
40 of 41 38 of 41 |
a5ceb6c29d NEW adadfc0e1c NEW |
d64cd9d18b [0] 0f57439d82[0] |
none:none ASM:Graph |
tElock| tElock| |
none lines=64 embedded dns |
trace trace |
| T:07:25:00 | Win2K-f | 4.242.235.107 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, PORTLAND, OREGON, US. (DIAL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 105 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:07:26:00 | WinXP | 121.120.53.217 (MAXIS.NET.MY): MAXIS BROADBAND SDN BHD, KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) |
n/a | RU:citi-bank.ru RU:213.219.245.212:80 |
445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 0.8 profile |
none | summary tarball |
38 of 40 | cdfc97be37 NEW |
48cdfeed00 [none] | none:none |
PolyEnE| | none | trace |
| T:07:43:00 | WinXP | 70.167.73.201 (COX.NET): COX COMMUNICATIONS, OCEANSIDE, CALIFORNIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 76 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:08:55:00 | Win2K-f | 98.175.164.74 (COX.NET): COX COMMUNICATIONS, ANNANDALE, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:09:04:00 | WinXP | 208.103.158.223 (CORETEL.NET): CORETEL AMERICA INC, MYERSTOWN, PENNSYLVANIA, US. (DIAL) |
n/a | 135 | pcap | raw alerts ruleset |
other 4 lines |
Yeah : 0.8 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 12:56:00 | WinXP | 97.66.82.28 (-): CROWNE OFFICE SUITES, MARIETTA, GEORGIA, US. (100Mbps) |
n/a | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 1 line |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d42c1cc7c0 NEW |
none[0] | ASM:Graph |
PolyEnE| | lines=54 | trace |
| T:15:55:00 | WinXP | 58.98.194.240 (WAKWAK.NE.JP): XEPHION(NTT-ME CORPORATION), TOKYO, TOKYO, JP. (DIAL) |
n/a | 445 | pcap | raw alerts ruleset |
shell ftp 15 lines |
Yeah : 1.3 profile |
none | summary tarball |
31 of 32 | 741e3b03b3 NEW |
none[0] | none:none |
none|none | lines=61 | trace | |
| T:17:12:00 | Win2K-f | 4.245.75.11 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, ST. LOUIS, MISSOURI, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| 17:20:00 | WinXP | 200.225.171.33 (STERLINGSTUDENTS.NET): COMITE GESTOR DA INTERNET NO BRASIL, BR. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
35 of 36 | b27d73bfcb NEW |
473c6454ce [0] | ASM:Graph |
PolyEnE| | lines=68 | trace |
| T:17:34:00 | WinXP | 174.117.149.211 (ROGERS.COM): ROGERS CABLE COMMUNICATIONS INC, TORONTO, ONTARIO, CA. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:17:53:00 | Win2K-f | 8.15.172.99 (LEVEL3.NET): LEVEL 3 COMMUNICATIONS INC, BURTONSVILLE, MARYLAND, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 123 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 38 of 41 |
479439f411 NEW f8ecc34b1c NEW |
49b5b9f5e7 [none] edea59fd35[none] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:18:07:00 | WinXP | 173.171.120.117 (RR.COM): ROAD RUNNER HOLDCO LLC, TAMPA, FLORIDA, US. (DSL) |
n/a | US:gg.arrancar.org US:72.20.40.25:555 |
135 | pcap | raw alerts ruleset |
other 187 lines |
Yeah : 1.3 profile |
none | summary tarball |
41 of 41 | a4497aa84e NEW |
d1b46a6ff9 [none] | none:none |
none|none | none | trace |
| T:18:28:00 | Win2K-f | 98.141.9.117 (CAVTEL.NET): CAVALIER TELEPHONE, VIRGINIA BEACH, VIRGINIA, US. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 18 lines |
Yeah : 1.3 profile |
none | summary tarball |
none | none | none | none | none | none | none | |
| T:18:47:00 | WinXP | 218.210.68.92 (SPARQNET.NET): THEFAREASTERNGROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:01:00 | Win2K-f | 59.120.228.224 (HINET.NET): CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP, TAIPEI, T'AI-PEI, TW. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 54 lines |
Yeah : 1.3 profile |
none | summary tarball |
0 of 33 | 57ce4acac2 NEW |
none[0] | none:none |
Armadillo| | lines=90 | trace | |
| T:19:37:00 | WinXP | 172.129.59.222 (AOL.COM): AMERICA ONLINE, RESTON, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 138 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 33 |
53bfe15e91 NEW a08f3b74a4 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:19:53:00 | Win2K-f | 110.12.67.222 (-): HANARO TELECOM, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
88.198.228.238:65520 | US:microsoft.com DE:proxim.ircgalaxy.pl EU:pozeml.com CN:down1130.iwillhavesexygirls.com :pozemle.cn CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc http 146 lines |
Yeah : 1.8 profile |
none | summary tarball |
37 of 41 4 of 41 11 of 41 38 of 41 |
598636aa73 NEW 8e7cffa818 NEW a2ce42b73d NEW a57ddcdef0 NEW |
613af3f9a2 [0] none [none] none [none] none [4] |
none:none none:none none:none none:none |
Armadillo| none|none none|none PolyEnE| |
none none none none |
trace none none trace |
| T:20:32:00 | WinXP | 117.254.157.60 (STERLINGSTUDENTS.NET): NIB (NATIONAL INTERNET BACKBONE), NEW DELHI, DELHI, IN. (DSL) |
213.219.245.212:80 | RU:citi-bank.ru | 445 | pcap | raw alerts ruleset |
http 2 lines |
Yeah : 1.3 profile |
none | summary tarball |
29 of 29 | d6df3972a0 NEW |
none[0] | ASM:Graph |
PolyEnE| | lines=65 | trace |
| T:21:19:00 | WinXP | 110.93.96.81 (CABLENET.NE.JP): CABLENET SAITAMA CO. LTD, JP. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 41 |
5bbb57c115 NEW 75ac189d9e NEW |
03e5cb3c4a [none] 705dbaa801[none] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| 21:40:00 | Win2K-f | 222.165.204.149 (VELO.NET.ID): PT NET2CYBER INDONESIA, JAKARTA, JAKARTA RAYA, ID. (DSL) |
n/a | US:www.maxmind.com US:www.getmyip.org EU:getmyip.co.uk GB:www.vouchercodez.com :checkip.dyndns.org DE:131.220.6.26:80 |
445 | pcap | raw alerts ruleset |
http 8 lines |
Yeah : 0.8 profile |
none | summary tarball |
3 of 37 | dc331fb791 NEW |
none[3] | none:none |
UPX| | none | trace |
| T:21:43:00 | Win2K-f | 70.184.216.53 (COX.NET): COX COMMUNICATIONS, OMAHA, NEBRASKA, US. (100Mbps) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 40 of 41 |
3b3a6d7615 NEW b7a694b220 NEW |
ed7beb96f5 [0] 9f0354af30[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:21:50:00 | Win2K-f | 222.165.204.149 (VELO.NET.ID): PT NET2CYBER INDONESIA, JAKARTA, JAKARTA RAYA, ID. (DSL) |
n/a | US:www.maxmind.com EU:getmyip.co.uk GB:www.vouchercodez.com US:www.getmyip.org :checkip.dyndns.org DE:131.220.6.26:80 US:67.15.94.80:80 |
445 | pcap | raw alerts ruleset |
http 6 lines |
Yeah : 0.8 profile |
none | summary tarball |
8 of 38 | c167e4f0ea NEW |
none[3] | none:none |
UPX| | none | trace |
| T:22:04:00 | Win2K-f | 122.2.92.153 (PLDT.NET): MLLC7300I01_CONSUMER, MANILA, MANILA, PH. (DSL) |
n/a | 135 | pcap | raw alerts ruleset |
other 56 lines |
Yeah : 1.3 profile |
none | summary tarball |
3 of 41 | 18727a186e NEW |
1ea861ccfa [0] | none:none |
Armadillo| | none | trace | |
| T:22:05:00 | Win2K-f | 209.33.46.124 (CEBRIDGE.NET): JASONVILLE IN CUSTOMERS, JASONVILLE, INDIANA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 96 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 40 0 of 33 |
7d20fe8724 NEW a08f3b74a4 NEW |
a879c90084 [0] none [0] |
none:none none:none |
tElock| Armadillo| |
none lines=90 |
trace trace |
| T:22:25:00 | WinXP | 222.237.243.236 (HANANET.NET): HANARO TELECOM INC, SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) |
88.198.228.238:65520 193.104.94.11:65520 | DE:proxima.ircgalaxy.pl US:microsoft.com :monstersoftware.info EU:pozeml.com :pozemle.cn CN:down1130.iwillhavesexygirls.com 115.100.250.107:80 CN:210.51.36.215:88 |
135 | pcap | raw alerts ruleset |
irc http 122 lines |
Yeah : 1.8 profile |
none | summary tarball |
4 of 41 34 of 36 29 of 32 11 of 41 |
8e7cffa818 NEW 99b248336f NEW 9d677c3f70 NEW a2ce42b73d NEW |
none[none] c64bd1a776[0] 77e75ff10f[0] none [none] |
none:none none:none none:none none:none |
none|none Armadillo| tElock| none|none |
none none none none |
none trace trace none |
| T:22:31:00 | Win2K-f | 98.175.167.93 (COX.NET): COX COMMUNICATIONS, FREDERICKSBURG, VIRGINIA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 75 lines |
Yeah : 1.3 profile |
none | summary tarball |
33 of 33 0 of 32 |
53bfe15e91 NEW 73f1082158 NEW |
1473091351 [0] none [0] |
ASM:Graph none:none |
tElock| Armadillo| |
lines=75 embedded dns lines=90 |
trace trace |
| T:23:51:00 | WinXP | 96.8.226.199 (GVTC.COM): GUADALUPE VALLEY TELEPHONE COOPERATIVE INC, NEW BRAUNFELS, TEXAS, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 111 lines |
Yeah : 1.3 profile |
none | summary tarball |
39 of 41 39 of 40 |
9bdd2c95b1 NEW cd456ac095 NEW |
d1bbd693ba [0] d75caee680[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |
| T:23:56:00 | Win2K-f | 173.29.253.168 (MCHSI.COM): MEDIACOM COMMUNICATIONS CORP, CHANHASSEN, MINNESOTA, US. (DSL) |
n/a | US:microsoft.com | 135 | pcap | raw alerts ruleset |
other 110 lines |
Yeah : 1.3 profile |
none | summary tarball |
38 of 41 39 of 41 |
10759405e0 NEW d08e00dfaf NEW |
292d343248 [0] 854c49d8c4[0] |
none:none none:none |
Armadillo| tElock| |
none none |
trace trace |