Multiperspective Malware Analysis Page

Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

04 February 2011
<prev> <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.

Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]

Time
Victim
OS
Infection
Source
C&C
Server
DNS Lookups &
Failed Connects Infection
Port
Packet
Trace
Detection
Signatures
Infection
Chatter
BotHunter
Analysis
Behavioral
Cluster
Forensic
Logs
Antivirus
Labels
Packed Malware_Binary Unpacked egg.exe
Unpacked egg.asm
Packer PEID
Data Strings
Syscall Trace

T:00:26:00 Win2K-f 96.10.152.215 (RR.COM):
ROAD RUNNER HOLDCO LLC,
CHARLOTTE, NORTH CAROLINA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:00:30:00 WinXP 113.210.145.5 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

01:43:00 Win2K-f 220.231.117.26 (LOCALHOST):
ADSLDEFINITEIP-NET,
HO CHI MINH CITY, HO CHI MINH, VN. (DSL) n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 28 of 39 847cce8313
NEW none[none] none:none
none|none none none

T:05:50:00 WinXP 110.11.178.4 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 83.133.119.197:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:lb.perfectexe.com
CN:dick.perfectexe.com
CN:hn.yigeyuming.com
:a.95622.com
:1.95622.com
CN:2b.perfectexe.com
CN:222.170.127.203:88 135 pcap raw alerts
ruleset irc
http
130 lines Yeah : 1.8
profile none summary
tarball 28 of 42
34 of 36
29 of 32
29 of 43
24 of 42 8809b6417c
NEW
99b248336f
NEW
9d677c3f70
NEW
b34e640329
NEW
c413ca56c4
NEW none[none]
c64bd1a776[0]
77e75ff10f[0]
none [none]
none [none] none:none
ASM:Graph
ASM:Graph
none:none
none:none
none|none
Armadillo|
tElock|
none|none
none|none none
lines=91
lines=120
embedded dns
none
none none
trace
trace
none
none

T:06:38:00 WinXP 59.116.104.146 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:06:55:00 Win2K-f 96.10.99.189 (RR.COM):
ROAD RUNNER HOLDCO LLC,
COLUMBIA, SOUTH CAROLINA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:06:58:00 WinXP 204.111.67.241 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
WOODSTOCK, VIRGINIA, US. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

07:01:00 WinXP 123.193.213.34 (KBRONET.COM.TW):
TUNG HO MULTIMEDIA CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 43 60c4a8055b
NEW none[none] none:none
none|none none none

T:07:10:00 Win2K-f 211.124.230.159 (ZAQ.NE.JP):
K CABLE TELEVISION CORPORATION INC,
TOKYO, TOKYO, JP. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 0 of 32
33 of 33 07fabc79ef
NEW
53bfe15e91
NEW none[0]
1473091351[0] none:none
ASM:Graph
Armadillo|
tElock| lines=90
lines=75
embedded dns trace
trace

T:07:19:00 WinXP 121.123.48.42 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 43 60c4a8055b
NEW none[none] none:none
none|none none none

T:07:37:00 Win2K-f 123.111.111.32 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 60.190.222.139:65520 DE:proxim.ircgalaxy.pl
US:microsoft.com
CN:lb.perfectexe.com
CN:dick.perfectexe.com
CN:hn.yigeyuming.com
:a.95622.com
:1.95622.com
CN:2b.perfectexe.com
CN:122.224.6.48:888
174.133.57.141:80
CN:222.170.127.203:88 135 pcap raw alerts
ruleset irc
http
174 lines Yeah : 1.8
profile none summary
tarball 28 of 42
38 of 40
38 of 40
29 of 43
24 of 42 8809b6417c
NEW
89f410e7cc
NEW
909270c172
NEW
b34e640329
NEW
c413ca56c4
NEW none[none]
2593cbda62[0]
55c25968a5[0]
none [none]
none [none] none:none
ASM:Graph
ASM:Graph
none:none
none:none
none|none
Armadillo|
tElock|
none|none
none|none none
lines=91
lines=125
embedded dns
none
none none
trace
trace
none
none

T:08:08:00 Win2K-f 79.163.81.37 (CENTERTEL.PL):
PTK CENTERTEL BROADBAND SERVICES,
WARSAW, WARSZAWA, PL. (DSL) 91.193.194.67:65520 :1.95622.com
:a.95622.com
CN:dick.perfectexe.com
DE:proxim.ircgalaxy.pl
CN:lb.perfectexe.com
CN:122.224.6.48:88
CN:122.224.6.48:888
173.243.126.71:80
174.123.157.154:80
EU:91.193.194.67:65520 445 pcap raw alerts
ruleset http
irc
11 lines Yeah : 0.8
profile none summary
tarball none none none none none none none

T:08:13:00 Win2K-f 65.50.52.192 (BILTMORECOMMUNICATIONS.NET):
DIRECPATH LLC,
ATLANTA, GEORGIA, US. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
113 lines Yeah : 1.3
profile none summary
tarball 39 of 41
37 of 40 5d445c59d8
NEW
8a54950abb
NEW 892e12db7b [0]
f6b9e43917[0] ASM:Graph
ASM:Graph
tElock|
Armadillo| lines=64
embedded dns
lines=91 trace
trace

T:08:16:00 WinXP 76.186.66.230 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FLOWER MOUND, TEXAS, US. (DSL) n/a 135 pcap raw alerts
ruleset other
1008 lines Yeah : 1.3
profile none summary
tarball 31 of 41 682a384fe9
NEW none[3] none:none
none|none none trace

T:08:41:00 WinXP 209.42.179.197 (WISPNET.NET):
WISPNET LLC,
DAWSON SPRINGS, KENTUCKY, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:08:48:00 WinXP 50.9.52.33 (-):
. 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:09:23:00 WinXP 115.81.159.6 (TAIWANMOBILE.NET):
TAIWAN MOBILE CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 8015c2d45f
NEW 749cbc2739 [0] ASM:Graph
PolyEnE| lines=68 trace

T:09:39:00 Win2K-f 211.210.72.115 (-):
HANANET-LLINE-SHINHWA,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
133 lines Yeah : 1.3
profile none summary
tarball 40 of 41
39 of 43 14f47ffd1e
NEW
2489e4e552
NEW 90bf4b99ff [0]
none [none] ASM:Graph
none:none
tElock|
none|none lines=56
embedded dns
none trace
none

T:09:41:00 Win2K-f 116.126.215.27 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 40 of 41
38 of 41 3dc6500eb1
NEW
ff3843f312
NEW none[none]
30a7e641cf[0] none:none
ASM:Graph
none|none
Armadillo| none
lines=90 none
trace

T:09:48:00 WinXP 121.121.174.102 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 42 of 43 b269b15ffd
NEW none[none] none:none
none|none none none

T:09:59:00 Win2K-f 114.201.165.117 (-):
HANARO TELECOM,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) 91.193.194.67:65520 CN:proxima.ircgalaxy.pl
US:microsoft.com
CN:lb.perfectexe.com
EU:www.derquda.com
CN:dick.perfectexe.com
CN:hn.yigeyuming.com
:a.95622.com
:1.95622.com
CN:2b.perfectexe.com
CN:222.170.127.203:88
EU:91.193.194.114:80 135 pcap raw alerts
ruleset irc
http
137 lines Yeah : 1.8
profile none summary
tarball 28 of 42
34 of 36
29 of 32
29 of 43
24 of 42 8809b6417c
NEW
99b248336f
NEW
9d677c3f70
NEW
b34e640329
NEW
c413ca56c4
NEW none[none]
c64bd1a776[0]
77e75ff10f[0]
none [none]
none [none] none:none
ASM:Graph
ASM:Graph
none:none
none:none
none|none
Armadillo|
tElock|
none|none
none|none none
lines=91
lines=120
embedded dns
none
none none
trace
trace
none
none

T:10:11:00 Win2K-f 93.102.32.211 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
GUIMARãES, BRAGA, PT. (DSL) n/a CN:2b.perfectexe.com
:1.95622.com
US:microsoft.com
173.243.126.71:80
CN:222.170.127.203:88 445 pcap raw alerts
ruleset http
irc
27 lines Argh : 0.3
profile none summary
tarball none none none none none none none

T:10:13:00 WinXP 151.20.167.94 (20-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
BOLOGNA, EMILIA-ROMAGNA, IT. (DIAL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 41 d11b1f56f9
NEW none[none] none:none
none|none none none

T:10:13:00 WinXP 109.52.232.17 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:10:52:00 Win2K-f 95.88.100.132 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) 60.190.222.139:65520 :a.95622.com
CN:dick.perfectexe.com
CN:proxima.ircgalaxy.pl
CN:lb.perfectexe.com
CN:2b.perfectexe.com
EU:www.derquda.com
:uploadpic.org
173.243.126.71:80
CN:222.170.127.203:88
EU:91.193.194.114:80 445 pcap raw alerts
ruleset http
irc
16 lines Yeah : 1.3
profile none summary
tarball 24 of 42 c413ca56c4
NEW none[none] none:none
none|none none none

T:11:32:00 WinXP 95.74.255.150 (-):
TELECOM ITALIA MOBILE,
IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 39 of 41 d8040f84d4
NEW d683995e84 [0] ASM:Graph
PolyEnE| lines=73 trace

T:11:36:00 WinXP 207.138.198.33 (HBCI.COM):
GLOBAL CROSSING,
WINONA, MINNESOTA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
111 lines Yeah : 1.3
profile none summary
tarball 38 of 41
38 of 41 68b5e580f0
NEW
b475ce7c0b
NEW none[none]
none [none] none:none
none:none
none|none
none|none none
none none
none

T:11:52:00 WinXP 4.159.229.40 (LEVEL3.NET):
LEVEL 3 COMMUNICATIONS INC,
ORLAND PARK, ILLINOIS, US. (DIAL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:12:24:00 Win2K-f 24.123.239.226 (RR.COM):
ROAD RUNNER HOLDCO LLC,
GERMANTOWN, OHIO, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:13:40:00 WinXP 109.52.147.192 (JWS.COM):
EU-ZZ,
UK. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 40 of 42 fbe753efa2
NEW none[none] none:none
none|none none none

T:13:57:00 WinXP 92.251.226.202 (NETWORK-IE.NET):
PROVIDER LOCAL REGISTRY,
IE. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:14:03:00 WinXP 217.202.251.110 (-):
TELECOM ITALIA MOBILE,
ROME, LAZIO, IT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:14:14:00 WinXP 190.58.21.126 (TSTT.NET.TT):
TELECOMMUNICATION SERVICES OF TRINIDAD AND TOBAGO,
TT. (DSL) 213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

14:19:00 WinXP 93.102.1.220 (REV.OPTIMUS.PT):
OPTIMUS PORTUGAL,
COIMBRA, COIMBRA, PT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:14:57:00 WinXP 151.66.57.105 (51-151.NET24.IT):
IUNET-BNET,
PAVIA, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:14:58:00 WinXP 203.114.106.149 (-):
BAMNETNARONGWITAYAKOMSCHOOL,
BANGKOK, KRUNG THEP, TH. (100Mbps) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:16:20:00 WinXP 186.219.13.42 (-):
. n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 42 of 42 4aa9b2104a
NEW none[none] none:none
none|none none none

T:16:43:00 WinXP 186.25.166.3 (-):
. n/a :moscow-advokat.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 34 of 41 c03073f6e7
NEW none[none] none:none
none|none none none

T:18:03:00 WinXP 114.137.179.133 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:18:11:00 Win2K-f 211.203.39.188 (HANANET.NET):
HANARO TELECOM INC,
SEOUL, SEOUL-T'UKPYOLSI, KR. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
95 lines Yeah : 1.3
profile none summary
tarball 40 of 41
38 of 41 3dc6500eb1
NEW
ff3843f312
NEW none[none]
30a7e641cf[0] none:none
ASM:Graph
none|none
Armadillo| none
lines=90 none
trace

18:42:00 WinXP 114.137.179.133 (HINET.NET):
MOBILE BUSINESS GROUP CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace

T:19:03:00 WinXP 164.132.36.27 (-):
IUNET S.P.A,
MILANO, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 42 of 43 ce57bc6d5e
NEW none[none] none:none
none|none none none

T:19:36:00 Win2K-f 72.45.25.195 (ATLANTICBB.NET):
ATLANTIC BROADBAND,
SMYRNA, DELAWARE, US. (DSL) n/a 135 pcap raw alerts
ruleset other
186 lines Yeah : 1.3
profile none summary
tarball 40 of 41 0b095f0cef
NEW none[none] none:none
none|none none none

20:08:00 WinXP 151.66.57.105 (51-151.NET24.IT):
IUNET-BNET,
PAVIA, LOMBARDIA, IT. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 41 of 43 fb486908b0
NEW none[none] none:none
none|none none none

T:20:51:00 WinXP 113.210.46.233 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
2 lines Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

21:01:00 WinXP 204.111.186.88 (SHENTEL.NET):
SHENTEL SERVICE COMPANY,
BLACKSBURG, VIRGINIA, US. (DSL) n/a DE:citi-bank.ru
DE:213.155.0.224:80 445 pcap raw alerts
ruleset http
1 line Yeah : 0.8
profile none summary
tarball 40 of 41 1096ba143e
NEW none[none] none:none
none|none none none

T:21:42:00 WinXP 119.244.64.112 (MESH.AD.JP):
NEC BIGLOBE LTD,
TOKYO, TOKYO, JP. (DSL) n/a 445 pcap raw alerts
ruleset shell
ftp
15 lines Yeah : 1.3
profile none summary
tarball 37 of 40 5285741560
NEW 60590b8b67 [0] ASM:Graph
none|none lines=59 trace

T:23:14:00 Win2K-f 202.162.219.218 (ICONPLN.NET.ID):
PT INDONESIA COMNETS PLUS,
SEMARANG, JAWA TENGAH, ID. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
79 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 32 53bfe15e91
NEW
73f1082158
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:15:00 WinXP 69.193.78.147 (RR.COM):
ROAD RUNNER HOLDCO LLC,
HERNDON, VIRGINIA, US. (DSL) n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:24:00 Win2K-f 184.74.109.228 (-):
. n/a US:microsoft.com 135 pcap raw alerts
ruleset other
75 lines Yeah : 1.3
profile none summary
tarball 33 of 33
0 of 33 53bfe15e91
NEW
a08f3b74a4
NEW 1473091351 [0]
none [0] ASM:Graph
none:none
tElock|
Armadillo| lines=75
embedded dns
lines=90 trace
trace

T:23:31:00 WinXP 218.175.155.86 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset http
1 line Yeah : 1.3
profile none summary
tarball 26 of 28 7d99b0e910
NEW none[0] none:none
PolyEnE| lines=68 trace