Welcome to the Cyber-TA
SRI's Multiperspective Malware Infection Analysis Page

UNCENSORED PAGE

<Click here: to download BotHunter>

20 March 2011
<prev>   <next>

All data collection and analyses summarized in this page were 100% AUTO-GENERATED.

DEVELOPERS: Vinod Yegneswaran (SRI), Phillip Porras (SRI), Hassen Saidi (SRI)
Monirul Sharif (Georgia-Tech), Arvind Narayanan (University of Texas at Austin)

The data on this website is provided for research purposes only. It is provided
for your personal use only and is supplied AS IS, WITHOUT WARRANTY OF ANY KIND.
Use or reliance on this data is at your own risk.


Daily Summary Files: [DNS Lookups & Failed Connects] [ Attacker IPs ] [C&C Servers] [Binary Digests]
Cumulative Summary Files: [DNS Lookup Log] [Attacker IP Log] [C&C Server Log] [Antivirus Detection] [Code Segment Overlap]
[Behavioral Clusters] [Binary Digest Log]

[See Country Codes ]
Time
 		Victim
OS
 		Infection
Source
 		C&C
Server
 		DNS Lookups &
Failed Connects 		Infection
Port
 		Packet
Trace
 		Detection
Signatures
 		Infection
Chatter
 		BotHunter
Analysis
 		Behavioral
Cluster
 		Forensic
Logs
 		Antivirus
Labels
 		Packed Malware_Binary Unpacked egg.exe
 		Unpacked egg.asm
 		Packer PEID
 		Data Strings
 		Syscall Trace
T:00:30:00 WinXP 89.36.208.118 (TVAS.RO):
SC TV ADLER TRADING SRL,
RO. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1595515522
NEW 		none[none] none:none
 none|none none none
T:00:34:00 WinXP 174.39.179.32 (WINDSTREAM.NET):
ALLTEL MIP CUSTOMERS - OMAHA,
NORTH PLATTE, NEBRASKA, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 53aa804019
NEW
95ddd4a823
NEW 		29c6cdbf45 [0]
9e78315a6d[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=64
embedded dns
lines=91 		trace
trace
T:00:47:00 Win2K-f 175.117.43.189 (-):
. 		n/a US:microsoft.com
CN:irc.zief.pl
CN:88.perfectexe.com
EU:ii.derquda.com
CN:218.10.17.178:88 		135 pcap raw alerts
ruleset 		irc
http
528 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 41
40 of 41
29 of 43		 34cd9e2f76
NEW
376a6b6ecd
NEW
b72e4dba89
NEW 		none[none]
none [none]
none [none] 		none:none
none:none
none:none
 none|none
none|none
none|none 		none
none
none 		none
none
none
T:01:23:00 Win2K-f 85.108.229.52 (TTNET.NET.TR):
TURK TELEKOM ADSL-ALCATEL,
IZMIR, IZMIR, TR. (DSL) 		n/a CN:irc.zief.pl
CN:88.perfectexe.com
CN:218.10.17.178:88 		445 pcap raw alerts
ruleset 		irc
11 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
01:23:00 WinXP 89.36.208.118 (TVAS.RO):
SC TV ADLER TRADING SRL,
RO. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 36 1595515522
NEW 		none[none] none:none
 none|none none none
T:01:24:00 WinXP 114.51.183.53 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
14 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:01:56:00 WinXP 115.164.188.208 (-):
DIGI TELECOMMUNICATIONS SDN BHD,
SHAH ALAM, SELANGOR, MY. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:02:07:00 Win2K-f 220.130.190.124 (HINET.NET):
CHUNGHWA TELECOM DATA COMMUNICATION BUSINESS GROUP,
TAIPEI, T'AI-PEI, TW. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41
none		 2bc8f15054
NEW
964911406f
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:02:20:00 WinXP 114.36.223.151 (HINET.NET):
CHTD CHUNGHWA TELECOM CO. LTD,
TAIPEI, T'AI-PEI, TW. (DSL) 		213.155.0.224:80 DE:citi-bank.ru
:cikmayedekparca.com 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 42 8a2553433c
NEW 		none[none] none:none
 none|none none none
T:04:02:00 WinXP 114.48.179.56 (E-MOBILE.NE.JP):
EMOBILE LTD,
KAWASAKI, KANAGAWA, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:04:25:00 WinXP 186.180.4.161 (-):
. 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		38 of 43 0ddbd461f2
NEW 		none[none] none:none
 none|none none none
T:04:38:00 WinXP 87.61.129.214 (DSL.TELE.DK):
TDC-TELEDANMARK-BREDBAANDSADSL-NET,
COPENHAGEN, KOBENHAVN, DK. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 43 fb486908b0
NEW 		none[none] none:none
 none|none none none
T:05:03:00 WinXP 199.117.151.216 (TRANQUILITY.NET):
CORAL WIRELESS LLC,
HONOLULU, HAWAII, US. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 42 4d2e6901fc
NEW 		none[none] none:none
 none|none none none
T:05:29:00 Win2K-f 75.38.87.130 (-):
HAVANA HOUSE,
BAKERSFIELD, CALIFORNIA, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:05:34:00 WinXP 58.188.204.181 (EONET.NE.JP):
K-OPTICOM CORPORATION,
OSAKA, OSAKA, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		29 of 29 831f4ee0a7
NEW 		none[0] none:none
 none|none lines=60 trace
T:05:49:00 WinXP 91.64.42.45 (SUPERKABEL.DE):
KABEL-DEUTSCHLAND-CUSTOMER-SERVICES,
BERLIN, BERLIN, DE. (DSL) 		n/a DE:moscow-advokat.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		42 of 43 1511a3f219
NEW 		none[none] none:none
 none|none none none
T:06:41:00 WinXP 202.233.235.244 (INFOWEB.NE.JP):
INFOWEB-CIDR-BLK,
KYOTO, KYOTO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 eb33ccfff8
NEW 		e732a43be0 [0] ASM:Graph
 none|none lines=58 trace
T:06:48:00 WinXP 113.210.10.15 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 43 0f77d6439f
NEW 		none[none] none:none
 none|none none none
T:07:40:00 WinXP 223.139.160.249 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 d11b1f56f9
NEW 		none[none] none:none
 none|none none none
T:07:44:00 WinXP 59.161.112.42 (VSNL.NET.IN):
INTERNET SERVICE PROVIDER,
NEW DELHI, DELHI, IN. (DIAL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:08:04:00 WinXP 121.120.45.2 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		38 of 42 8a2553433c
NEW 		none[none] none:none
 none|none none none
T:08:46:00 WinXP 114.48.154.127 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		ftp
13 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 43 729d50c7a5
NEW 		none[none] none:none
 none|none none none
T:09:59:00 WinXP 27.97.185.71 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
4 lines 		Yeah : 1.3
profile 		none summary
tarball 		42 of 43 ef96217736
NEW 		none[none] none:none
 none|none none none
T:10:30:00 WinXP 67.110.215.238 (XO.NET):
STAT NETWORK SOLUTIONS LLC,
CHENEY, WASHINGTON, US. (100Mbps) 		n/a DE:moscow-advokat.ru
DE:82.98.86.164:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:10:44:00 Win2K-f 72.45.23.102 (ATLANTICBB.NET):
ATLANTIC BROADBAND,
SMYRNA, DELAWARE, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
110 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 41
38 of 41		 d031b42d3f
NEW
fa14802705
NEW 		none[none]
none [none] 		none:none
none:none
 none|none
none|none 		none
none 		none
none
T:11:05:00 WinXP 151.20.166.11 (20-151.LIBERO.IT):
FREE INTERNET DIAL-UP SERVICES,
BOLOGNA, EMILIA-ROMAGNA, IT. (DIAL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 d11b1f56f9
NEW 		none[none] none:none
 none|none none none
T:11:20:00 WinXP 88.31.28.108 (RIMA-TDE.NET):
TELEFONICA MOVILES ESPANA (NCC#2007041930),
BERGARA, PAIS VASCO, ES. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 0.8
profile 		none summary
tarball 		41 of 43 fb486908b0
NEW 		none[none] none:none
 none|none none none
T:11:29:00 WinXP 109.83.72.102 (JWS.COM):
EU-ZZ,
UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:12:01:00 WinXP 173.18.149.187 (MCHSI.COM):
MEDIACOM COMMUNICATIONS CORP,
GULF BREEZE, FLORIDA, US. (DSL) 		n/a DE:moscow-advokat.ru
:lulea.se.eu.undernet.org
SE:ced.dal.net
NL:london.uk.eu.undernet.org
SE:qis.md.us.dal.net
:los-angeles.ca.us.undernet.org
NL:diemen.nl.eu.undernet.org
:caen.fr.eu.undernet.org
:gaspode.zanet.org.za
SE:broadway.ny.us.dal.net
DE:82.98.86.164:6667 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		25 of 25 7f60162c2c
NEW 		none[0] none:none
 PolyEnE| lines=93
embedded dns 		trace
T:12:07:00 WinXP 174.116.2.50 (ROGERS.COM):
ROGERS CABLE COMMUNICATIONS INC,
ST. JOHN'S, NEWFOUNDLAND AND LABRADOR, CA. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
12:17:00 Win2K-f 85.17.81.32 (LEASEWEB.COM):
LEASEWEB,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) 		n/a US:www.maxmind.com
:www.getmyip.org
US:checkip.dyndns.org
EU:getmyip.co.uk
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:12:26:00 Win2K-f 85.17.81.32 (LEASEWEB.COM):
LEASEWEB,
AMSTERDAM, NOORD-HOLLAND, NL. (DSL) 		n/a US:www.maxmind.com
EU:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
5 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:12:40:00 Win2K-f 1.230.89.211 (-):
. 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
77 lines 		Yeah : 1.3
profile 		none summary
tarball 		3 of 41
33 of 33		 8b41cb7a41
NEW
97fef473b9
NEW 		ef18d720f3 [0]
ff4e7d6992[0] 		ASM:Graph
ASM:Graph
 Armadillo|
tElock| 		lines=90
lines=64
embedded dns 		trace
trace
T:12:54:00 WinXP 75.37.173.251 (SBCGLOBAL.NET):
JASON LEE,
PLANO, TEXAS, US. (100Mbps) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
75 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:13:10:00 WinXP 46.134.251.209 (-):
. 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		42 of 43 c19c8a2776
NEW 		none[none] none:none
 none|none none none
13:24:00 WinXP 50.9.214.202 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:13:54:00 WinXP 113.210.216.160 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 		n/a   445 pcap raw alerts
ruleset 		other
0 lines 		Argh : 0.3
profile 		none summary
tarball 		none none none none none none none
T:14:13:00 WinXP 109.55.118.83 (JWS.COM):
EU-ZZ,
UK. (DSL) 		n/a   445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		29 of 29 0cfab99612
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:14:40:00 WinXP 121.123.74.65 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
KUALA LUMPUR, WILAYAH PERSEKUTUAN, MY. (DSL) 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		38 of 42 8a2553433c
NEW 		none[none] none:none
 none|none none none
T:15:27:00 WinXP 68.147.8.2 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
CALGARY, ALBERTA, CA. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
189 lines 		Yeah : 1.3
profile 		none summary
tarball 		41 of 41 916752f248
NEW 		4e604fc8cb [0] ASM:Graph
 none|none lines=546 trace
16:50:00 WinXP 95.125.199.201 (-):
1AND,
DE. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 43 fb486908b0
NEW 		none[none] none:none
 none|none none none
17:00:00 WinXP 95.127.117.83 (-):
1AND,
DE. (DSL) 		n/a DE:citi-bank.ru
DE:213.155.0.224:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		40 of 41 d11b1f56f9
NEW 		none[none] none:none
 none|none none none
17:53:00 WinXP 84.224.6.217 (PGSM.HU):
PANNON GSM TELECOMMUNICATIONS INC,
BUDAPEST, BUDAPEST, HU. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 34 d20f157117
NEW 		738f555183 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:18:08:00 Win2K-f 66.248.24.162 (WANDWPR.NET):
PAETEC COMMUNICATIONS INC,
SANTA MARIA, CALIFORNIA, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
318 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 42 e1c725e2cc
NEW 		none[none] none:none
 none|none none none
T:18:21:00 WinXP 186.93.143.206 (-):
. 		213.155.0.224:80 DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
2 lines 		Yeah : 1.3
profile 		none summary
tarball 		26 of 28 7d99b0e910
NEW 		none[0] none:none
 PolyEnE| lines=68 trace
T:18:26:00 WinXP 124.47.117.207 (KCT.AD.JP):
KURASHIKI CABLE TV CORPORATION,
KURASHIKI, OKAYAMA, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41 3363b16793
NEW 		none[none] none:none
 none|none none none
T:18:47:00 WinXP 114.48.47.92 (E-MOBILE.NE.JP):
EMOBILE LTD,
TOKYO, TOKYO, JP. (DSL) 		n/a   445 pcap raw alerts
ruleset 		shell
ftp
15 lines 		Yeah : 1.3
profile 		none summary
tarball 		37 of 40 5285741560
NEW 		60590b8b67 [0] ASM:Graph
 none|none lines=59 trace
T:19:05:00 Win2K-f 76.186.66.204 (RR.COM):
ROAD RUNNER HOLDCO LLC,
FLOWER MOUND, TEXAS, US. (DSL) 		n/a   135 pcap raw alerts
ruleset 		other
1012 lines 		Yeah : 1.3
profile 		none summary
tarball 		31 of 41 682a384fe9
NEW 		none[3] none:none
 none|none none trace
T:20:16:00 Win2K-f 202.124.5.216 (TAKAMORI.NE.JP):
TAKAMORI CABLE INTERNET SERVICE,
TOKYO, TOKYO, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
76 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
20:23:00 WinXP 218.47.101.61 (PLALA.OR.JP):
NTT PLALA INC,
TOKYO, TOKYO, JP. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 43 fb486908b0
NEW 		none[none] none:none
 none|none none none
T:21:17:00 WinXP 70.67.5.199 (SHAWCABLE.NET):
SHAW COMMUNICATIONS INC,
POWELL RIVER, BRITISH COLUMBIA, CA. (DSL) 		n/a :gg.arrancar.org 135 pcap raw alerts
ruleset 		other
100 lines 		Yeah : 1.3
profile 		none summary
tarball 		40 of 41 1e4f8f9259
NEW 		e73db583fd [0] ASM:Graph
 none|none lines=546 trace
21:41:00 Win2K-f 193.1.8.26 (TSSG.ORG):
IP MULTIMEDIA SUBSYSTEM RESEARCH,
DUBLIN, DUBLIN, IE. (100Mbps) 		n/a US:www.maxmind.com
:www.getmyip.org
EU:getmyip.co.uk
EU:checkip.dyndns.org
US:208.43.124.51:80
EU:78.40.35.134:80
EU:91.198.22.70:80 		445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:47:00 Win2K-f 219.96.34.31 (THN.NE.JP):
TOKAI CORPORATION,
NUMAZU, SHIZUOKA, JP. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
112 lines 		Yeah : 1.3
profile 		none summary
tarball 		39 of 41
39 of 41		 6b315f5dbc
NEW
7938865f8c
NEW 		7604b94520 [0]
a9b9e4904b[0] 		ASM:Graph
ASM:Graph
 tElock|
Armadillo| 		lines=64
embedded dns
lines=91 		trace
trace
T:21:48:00 WinXP 66.53.81.247 (MDSG-PACWEST.COM):
PAC-WEST MANAGED MODEM NAS POOL,
DALLAS, TEXAS, US. (DSL) 		n/a US:microsoft.com 135 pcap raw alerts
ruleset 		other
153 lines 		Yeah : 1.3
profile 		none summary
tarball 		33 of 33
0 of 33		 53bfe15e91
NEW
a08f3b74a4
NEW 		1473091351 [0]
none [0] 		ASM:Graph
none:none
 tElock|
Armadillo| 		lines=75
embedded dns
lines=90 		trace
trace
T:21:49:00 Win2K-f 193.1.8.26 (TSSG.ORG):
IP MULTIMEDIA SUBSYSTEM RESEARCH,
DUBLIN, DUBLIN, IE. (100Mbps) 		n/a US:www.maxmind.com
:checkip.dyndns.org
DE:131.220.6.26:80 		445 pcap raw alerts
ruleset 		http
6 lines 		Yeah : 0.8
profile 		none summary
tarball 		3 of 37 d9cb288f31
NEW 		45603a001c [0] ASM:Graph
 UPX| lines=174
embedded dns 		trace
T:21:52:00 WinXP 113.210.208.165 (MAXIS.NET.MY):
MAXIS BROADBAND SDN BHD,
MY. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		34 of 34 d20f157117
NEW 		738f555183 [0] ASM:Graph
 PolyEnE| lines=68 trace
T:22:55:00 WinXP 118.111.224.139 (MESH.AD.JP):
NEC BIGLOBE LTD,
OSAKA, OSAKA, JP. (DSL) 		n/a DE:citi-bank.ru 445 pcap raw alerts
ruleset 		http
1 line 		Yeah : 0.8
profile 		none summary
tarball 		41 of 41 6b04d043c3
NEW 		none[none] none:none
 none|none none none