{"id":1732,"date":"2013-03-04T14:29:46","date_gmt":"2013-03-04T14:29:46","guid":{"rendered":"http:\/\/www.hexacorn.com\/blog\/?p=1732"},"modified":"2013-07-03T07:59:19","modified_gmt":"2013-07-03T07:59:19","slug":"clustering-and-batch-analysis-of-apt1-sampleset1","status":"publish","type":"post","link":"https:\/\/www.hexacorn.com\/blog\/2013\/03\/04\/clustering-and-batch-analysis-of-apt1-sampleset1\/","title":{"rendered":"Clustering and Batch Analysis of APT1 sampleset"},"content":{"rendered":"<p><a title=\"Clustering and Batch Analysis of APT1 sampleset\" href=\"https:\/\/www.hexacorn.com\/blog\/2013\/03\/04\/clustering-and-batch-analysis-of-apt1-sampleset1\/\">Part 1<\/a>, <a title=\"Clustering and Batch Analysis of APT1 sampleset, part 2\" href=\"https:\/\/www.hexacorn.com\/blog\/2013\/03\/05\/clustering-and-batch-analysis-of-apt1-sampleset-part-2\/\">Part 2<\/a>, <a title=\"Clustering and Batch Analysis of APT1 sampleset, part 3\" href=\"https:\/\/www.hexacorn.com\/blog\/2013\/03\/12\/clustering-and-batch-analysis-of-apt1-sampleset-part-3\/\">Part 3<\/a><\/p>\n<p>As I mentioned in my previous <a title=\"Clustering and Batch Analysis\" href=\"https:\/\/www.hexacorn.com\/blog\/2013\/03\/04\/clustering-and-batch-analysis\/\">post<\/a>, I was toying around with various samplesets (e.g. zero access, APT1, etc.) and since the APT1 sampleset is all over the news, I took a stab at it and sandboxed the samples + attempted to cluster the results to see if I any patterns emerge&#8230;<\/p>\n<h3>The sampleset &#8211; batch analysis<\/h3>\n<h4>Encryption<\/h4>\n<p>Some of the samples use DES and the following passwords:<\/p>\n<ul>\n<li>Hello@)!0<\/li>\n<li>!b=z&amp;7?cc,MQ<\/li>\n<li>1b=z7\/lx+WK!<\/li>\n<li>!b=z&amp;7?cc,MQ&gt;<\/li>\n<\/ul>\n<h4>File names \/ locations:<\/h4>\n<ul>\n<li>%USERPROFILE%\\Application Data\\Adobe8.0.0\\update.exe<\/li>\n<li>%USERPROFILE%\\Application Data\\Adobe\\Reader 9.0\\Esl\\reader_sl.exe<\/li>\n<li>%USERPROFILE%\\Application Data\\Adobe\\reader_sl.exe<\/li>\n<li>%USERPROFILE%\\Application Data\\Help\\svchost.exe<\/li>\n<li>%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\svchost.exe<\/li>\n<li>%USERPROFILE%\\Local Settings\\Application Data\\Microsoft\\wuauclt.exe<\/li>\n<li>%USERPROFILE%\\Local Settings\\spoolsvr.exe<\/li>\n<li>%USERPROFILE%\\Local Settings\\Temp\\AcroRD32.exe<\/li>\n<li>%USERPROFILE%\\Local Settings\\Temp\\AdobeARM.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17DC75.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17DC85.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17DD6F.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17DD9E.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17DDEC.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17E7CF.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\17EE48.dmp<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\AdobeUpdate.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\AdobeUpdater.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\BP Makes Two Gas Discoveries in Egypt&#8217;s Nile Delta.doc<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\ctfmon.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\ctfmon.exe\\svchost.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\em.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\Halliburton to Present at Dahlman Rose &amp; Co. Ultimate Oil Services And E&amp;P Conference.pdf<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\iTunesHelper.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\Material Type Ore 20160605.pdf<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\Open letter of Dow Corning Corp.pdf<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\POWER_GEN_2012.pdf<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\runinfo.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\svchost.exe<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\Top Stock Alerts for Day Traders &#8211; Facebook, Freeport-McMoRan Copper &amp; Gold, Fastenal, Research In Motion, EnCana, and Dollar General.doc<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\US hesitant in condemning North Korean launch.pdf<\/li>\n<li>%USERPROFILE%\\LOCALS~1\\Temp\\WINWORD.EXE<\/li>\n<li>%USERPROFILE%\\Start Menu\\Programs\\Startup\\adobe_sl.lnk<\/li>\n<li>%USERPROFILE%\\Start Menu\\Programs\\Startup\\AdobeRe.exe<\/li>\n<li>%USERPROFILE%\\Start Menu\\Programs\\Startup\\ctfmon.exe<\/li>\n<li>%USERPROFILE%\\Templates\\adobe_sl.exe<\/li>\n<li>c:\\WINDOWS\\ntshrui.dll<\/li>\n<li>C:\\WINDOWS\\ntshrui.dll1<\/li>\n<li>C:\\WINDOWS\\svchost.exe<\/li>\n<li>C:\\WINDOWS\\System32\\Nwsapagent.dll<\/li>\n<li>C:\\WINDOWS\\system\\ersvc.dll<\/li>\n<li>c:\\WINDOWS\\system\\ersvc.dll<\/li>\n<\/ul>\n<h4>Mutexes:<\/h4>\n<ul>\n<li>!@ADS@#$<\/li>\n<li>1234<\/li>\n<li>1qaz@WSX<\/li>\n<li>COPYRIGHTMM2011V2<\/li>\n<li>fire<\/li>\n<li>Geman.do<\/li>\n<li>Global\\AdobeReaderX<\/li>\n<li>GLOBAL\\ADR32<\/li>\n<li>GLOBAL\\ADR64<\/li>\n<li>GLOBAL\\MSFT64<\/li>\n<li>Globxxxxxxxxssssseeeeeeal\\ADReeeerrttyyyy64<\/li>\n<li>hackersuck<\/li>\n<li>ijnrfv<\/li>\n<li>letusgohtppmmv1.0<\/li>\n<li>letusgohtppmmv2.0.0.1<\/li>\n<\/ul>\n<h4>Services:<\/h4>\n<ul>\n<li>.Net CLR (Microsoft .Net Framework COM+ Support)<\/li>\n<li>DevFS (Device File System)<\/li>\n<li>DevFS (Device File System)<\/li>\n<li>DevSec (Rpc Device Management)<\/li>\n<li>InfMon (Infrared Monitor)<\/li>\n<li>Nwsapagent (Gateway Service for Netware)<\/li>\n<li>RasAuto (Remote Access Auto Connection Manager)<\/li>\n<li>tcpguard (tcpguard)<\/li>\n<\/ul>\n<h4>Connections (note, may contain clean IPs\/URLs):<\/h4>\n<ul>\n<li>10.166.1.182<\/li>\n<li>127.0.0.1<\/li>\n<li>140.116.70.8<\/li>\n<li>143.89.35.19<\/li>\n<li>202.105.39.39<\/li>\n<li>202.39.61.136<\/li>\n<li>202.6.235.83<\/li>\n<li>203.200.205.245<\/li>\n<li>204.111.73.150<\/li>\n<li>205.159.83.91<\/li>\n<li>208.239.156.123<\/li>\n<li>209.124.51.194<\/li>\n<li>209.124.51.219<\/li>\n<li>209.151.145.185<\/li>\n<li>209.161.249.125<\/li>\n<li>209.208.114.83<\/li>\n<li>209.233.16.84<\/li>\n<li>209.253.17.229<\/li>\n<li>211.232.57.235<\/li>\n<li>212.130.19.154<\/li>\n<li>216.15.210.68<\/li>\n<li>218.232.105.200<\/li>\n<li>218.232.66.12<\/li>\n<li>218.233.206.2<\/li>\n<li>218.234.17.30<\/li>\n<li>24.73.192.154<\/li>\n<li>60.248.52.95<\/li>\n<li>61.219.67.1<\/li>\n<li>64.80.153.108<\/li>\n<li>65.105.157.228<\/li>\n<li>65.110.1.32<\/li>\n<li>65.114.195.226<\/li>\n<li>65.89.173.68<\/li>\n<li>66.151.16.30<\/li>\n<li>66.155.114.145<\/li>\n<li>66.170.3.43<\/li>\n<li>66.228.132.53<\/li>\n<li>68.17.104.162<\/li>\n<li>68.96.31.136<\/li>\n<li>69.20.5.219<\/li>\n<li>69.25.50.10<\/li>\n<li>69.28.168.10<\/li>\n<li>69.74.43.87<\/li>\n<li>69.90.123.6<\/li>\n<li>69.90.18.22<\/li>\n<li>69.90.18.23<\/li>\n<li>69.90.65.240<\/li>\n<li>70.62.232.98<\/li>\n<li>74.86.197.56<\/li>\n<li>75.145.139.18<\/li>\n<li>admin.datastorage01.org<\/li>\n<li>AdobeFlash.info.tm<\/li>\n<li>cas.ibooks.tk<\/li>\n<li>cas.m-e.org.ru<\/li>\n<li>code.mcafeepaying.com<\/li>\n<li>Colville.com<\/li>\n<li>conference.ddns.us<\/li>\n<li>ctcs.bigdepression.net<\/li>\n<li>ctx.comrepair.net<\/li>\n<li>dev.teamattire.com<\/li>\n<li>documents.downloadsite.me<\/li>\n<li>eclipsecti.infobusinessus.org<\/li>\n<li>exactearth.info.tm<\/li>\n<li>fasa.arrowservice.net<\/li>\n<li>fasa.bigish.net<\/li>\n<li>fasa.newsonet.net<\/li>\n<li>flash.aoldaily.com<\/li>\n<li>flash.aunewsonline.com<\/li>\n<li>flash.cnndaily.com<\/li>\n<li>flash.mcafeepaying.com<\/li>\n<li>flash.usnewssite.com<\/li>\n<li>fni.bigish.net<\/li>\n<li>help.purpledaily.com<\/li>\n<li>hint.happyforever.com<\/li>\n<li>hojutsu.com<\/li>\n<li>japan.yahoodaily.com<\/li>\n<li>jimnaugle.com<\/li>\n<li>johnford985.appspot.com<\/li>\n<li>ks.aoldaily.com<\/li>\n<li>ks.cnndaily.com<\/li>\n<li>ks.jaimeastorga.mx<\/li>\n<li>ks.manguvaljak.ee<\/li>\n<li>ks.petrotdl.com.ar<\/li>\n<li>ks.utworld.ch<\/li>\n<li>media.finanstalk.ru<\/li>\n<li>meeting.toh.info<\/li>\n<li>moto.purpledaily.com<\/li>\n<li>moto1.newsonet.net<\/li>\n<li>moto2.earthsolution.org<\/li>\n<li>news.canadatvsite.com<\/li>\n<li>news.micyuisyahooapis.com<\/li>\n<li>news.msnhome.org<\/li>\n<li>olmusic100.com<\/li>\n<li>portal.itsaol.com<\/li>\n<li>public.ddns.us<\/li>\n<li>qhun-mons.businessformars.com<\/li>\n<li>report.crabdance.com<\/li>\n<li>safety.canadatvsite.com<\/li>\n<li>share.canoedaily.com<\/li>\n<li>software.myftp.info<\/li>\n<li>sports.canoedaily.com<\/li>\n<li>stratos.aoldaily.com<\/li>\n<li>stratos.mcafeepaying.com<\/li>\n<li>tcw.homier.com<\/li>\n<li>thecrownsgolf.org<\/li>\n<li>time.mediaxsds.net<\/li>\n<li>ttl.tfxdccssl.net<\/li>\n<li>un.linuxd.org<\/li>\n<li>update.dnepr.com<\/li>\n<li>update.sektori.org<\/li>\n<li>update.slowblog.com<\/li>\n<li>us.gnpes.org<\/li>\n<li>vop.earthsolution.org<\/li>\n<li>wikileaks.ddns.us<\/li>\n<li>www.bigish.net<\/li>\n<li>www.bluecoate.com<\/li>\n<li>www.businessformars.com<\/li>\n<li>www.competrip.com<\/li>\n<li>www.cvba.com<\/li>\n<li>www.deebeedesigns.ca<\/li>\n<li>www.doversolutions.co.in<\/li>\n<li>www.drgeorges.com<\/li>\n<li>www.dsds.co.kr<\/li>\n<li>www.fbrshop.com<\/li>\n<li>www.freelanceindy.com<\/li>\n<li>www.gobroadreach.com<\/li>\n<li>www.heliospartners.com<\/li>\n<li>www.jiangmin.com.tw<\/li>\n<li>www.kayauto.net<\/li>\n<li>www.keenathomas.com<\/li>\n<li>www.microsoft.com<\/li>\n<li>www.mountainvalley.americanunfinished.com<\/li>\n<li>www.mwa.net<\/li>\n<li>www.newsesport.com<\/li>\n<li>www.olmusic100.com<\/li>\n<li>www.omegalogos.org<\/li>\n<li>www.pastorsrest.com<\/li>\n<li>www.pcs157.com<\/li>\n<li>www.rbaparts.com<\/li>\n<li>www.smilecare.com<\/li>\n<li>www.spmiller.org<\/li>\n<li>www.uszzcs.com<\/li>\n<li>www.vwrm.com<\/li>\n<li>www.woodagency.com<\/li>\n<li>zh.lksoftvc.net<\/li>\n<\/ul>\n<h4>URLs and URL-like patterns (from static analysis; may contain errors)<\/h4>\n<ul>\n<li>2.earthsolution.org<\/li>\n<li>AdobeFlash.info.tm<\/li>\n<li>www.mevatec.com<\/li>\n<li>Colville.com<\/li>\n<li>americanunfinished.com<\/li>\n<li>aoldaily.com<\/li>\n<li>appspot.com<\/li>\n<li>aunewsonline.com<\/li>\n<li>bigdepression.net<\/li>\n<li>bluecoate.com<\/li>\n<li>businessformars.com<\/li>\n<li>canadatvsite.com<\/li>\n<li>canoedaily.com<\/li>\n<li>cnndaily.com<\/li>\n<li>colville.com<\/li>\n<li>com.tw<\/li>\n<li>competrip.com<\/li>\n<li>crabdance.com<\/li>\n<li>cvba.com<\/li>\n<li>datastorage01.org<\/li>\n<li>ddns.us<\/li>\n<li>deebeedesigns.ca<\/li>\n<li>dnepr.com<\/li>\n<li>doversolutions.co.in<\/li>\n<li>drgeorges.com<\/li>\n<li>dsds.co.kr<\/li>\n<li>earthsolution.org<\/li>\n<li>fbrshop.com<\/li>\n<li>finanstalk.ru<\/li>\n<li>freelanceindy.com<\/li>\n<li>gnpes.org<\/li>\n<li>gobroadreach.com<\/li>\n<li>happyforever.com<\/li>\n<li>hojutsu.com<\/li>\n<li>homier.com<\/li>\n<li>ibooks.tk<\/li>\n<li>info.tm<\/li>\n<li>itsaol.com<\/li>\n<li>jimnaugle.com<\/li>\n<li>kayauto.net<\/li>\n<li>keenathomas.com<\/li>\n<li>lksoftvc.net<\/li>\n<li>mcafeepaying.com<\/li>\n<li>mediaxsds.net<\/li>\n<li>microsoft.com<\/li>\n<li>micyuisyahooapis.com<\/li>\n<li>msnhome.org<\/li>\n<li>mwa.net<\/li>\n<li>newsesport.com<\/li>\n<li>newsonet.net<\/li>\n<li>omegalogos.org<\/li>\n<li>org.ru<\/li>\n<li>pastorsrest.com<\/li>\n<li>pcs157.com<\/li>\n<li>purpledaily.com<\/li>\n<li>rbaparts.com<\/li>\n<li>sektori.org<\/li>\n<li>slowblog.com<\/li>\n<li>smilecare.com<\/li>\n<li>spmiller.org<\/li>\n<li>teamattire.com<\/li>\n<li>tfxdccssl.net<\/li>\n<li>thecrownsgolf.org<\/li>\n<li>toh.info<\/li>\n<li>usnewssite.com<\/li>\n<li>uszzcs.com<\/li>\n<li>vwrm.com<\/li>\n<li>woodagency.com<\/li>\n<li>yahoodaily.com<\/li>\n<li>Hojutsu.com<\/li>\n<li>Colville.com<\/li>\n<li>Hojutsu.com<\/li>\n<li>admin.datastorage01.org<\/li>\n<li>cas.ibooks.tk<\/li>\n<li>conference.ddns.us<\/li>\n<li>ctcs.bigdepression.net<\/li>\n<li>dev.teamattire.com<\/li>\n<li>fasa.arrowservice.net<\/li>\n<li>fasa.newsonet.net<\/li>\n<li>fni.bigish.net<\/li>\n<li>japan.yahoodaily.com<\/li>\n<li>jimnaugle.com<\/li>\n<li>media.finanstalk.ru<\/li>\n<li>meeting.toh.info<\/li>\n<li>moto.purpledaily.com<\/li>\n<li>moto2.earthsolution.org<\/li>\n<li>news.canadatvsite.com<\/li>\n<li>news.micyuisyahooapis.com<\/li>\n<li>news.msnhome.org<\/li>\n<li>public.ddns.us<\/li>\n<li>safety.canadatvsite.com<\/li>\n<li>share.canoedaily.com<\/li>\n<li>thecrownsgolf.org<\/li>\n<li>time.mediaxsds.net<\/li>\n<li>ttl.tfxdccssl.net<\/li>\n<li>un.linuxd.org<\/li>\n<li>update.dnepr.com<\/li>\n<li>update.sektori.org<\/li>\n<li>update.slowblog.com<\/li>\n<li>us.gnpes.org<\/li>\n<li>wikileaks.ddns.us<\/li>\n<li>www.BusinessForMars.com<\/li>\n<li>www.bigish.net<\/li>\n<li>www.bluecoate.com<\/li>\n<li>www.competrip.com<\/li>\n<li>www.cvba.com<\/li>\n<li>www.deebeedesigns.ca<\/li>\n<li>www.doversolutions.co.in<\/li>\n<li>www.drgeorges.com<\/li>\n<li>www.dsds.co.kr<\/li>\n<li>www.fbrshop.com<\/li>\n<li>www.freelanceindy.com<\/li>\n<li>www.gobroadreach.com<\/li>\n<li>www.kayauto.net<\/li>\n<li>www.keenathomas.com<\/li>\n<li>www.microsoft.com<\/li>\n<li>www.mountainvalley.americanunfinished.com<\/li>\n<li>www.mwa.net<\/li>\n<li>www.omegalogos.org<\/li>\n<li>www.pastorsrest.com<\/li>\n<li>www.rbaparts.com<\/li>\n<li>www.smilecare.com<\/li>\n<li>www.spmiller.org<\/li>\n<li>www.vwrm.com<\/li>\n<li>www.woodagency.com<\/li>\n<li>zh.lksoftvc.net<\/li>\n<li>K4Pu.ht<\/li>\n<li>Olmusic100.com<\/li>\n<li>Sdv.gf<\/li>\n<li>Sh.sd<\/li>\n<li>americanunfinished.com<\/li>\n<li>aoldaily.com<\/li>\n<li>appspot.com<\/li>\n<li>aunewsonline.com<\/li>\n<li>bigdepression.net<\/li>\n<li>bluecoate.com<\/li>\n<li>businessformars.com<\/li>\n<li>canadatvsite.com<\/li>\n<li>canoedaily.com<\/li>\n<li>cnndaily.com<\/li>\n<li>colville.com<\/li>\n<li>com.tw<\/li>\n<li>competrip.com<\/li>\n<li>crabdance.com<\/li>\n<li>cvba.com<\/li>\n<li>datastorage01.org<\/li>\n<li>ddns.us<\/li>\n<li>deebeedesigns.ca<\/li>\n<li>dnepr.com<\/li>\n<li>doversolutions.co.in<\/li>\n<li>drgeorges.com<\/li>\n<li>dsds.co.kr<\/li>\n<li>earthsolution.org<\/li>\n<li>fbrshop.com<\/li>\n<li>finanstalk.ru<\/li>\n<li>freelanceindy.com<\/li>\n<li>gnpes.org<\/li>\n<li>gobroadreach.com<\/li>\n<li>happyforever.com<\/li>\n<li>hojutsu.com<\/li>\n<li>homier.com<\/li>\n<li>ibooks.tk<\/li>\n<li>info.tm<\/li>\n<li>itsaol.com<\/li>\n<li>jimnaugle.com<\/li>\n<li>kayauto.net<\/li>\n<li>keenathomas.com<\/li>\n<li>lksoftvc.net<\/li>\n<li>mcafeepaying.com<\/li>\n<li>mediaxsds.net<\/li>\n<li>microsoft.com<\/li>\n<li>micyuisyahooapis.com<\/li>\n<li>msnhome.org<\/li>\n<li>mwa.net<\/li>\n<li>newsesport.com<\/li>\n<li>newsonet.net<\/li>\n<li>omegalogos.org<\/li>\n<li>org.ru<\/li>\n<li>pastorsrest.com<\/li>\n<li>pcs157.com<\/li>\n<li>purpledaily.com<\/li>\n<li>rbaparts.com<\/li>\n<li>sektori.org<\/li>\n<li>slowblog.com<\/li>\n<li>smilecare.com<\/li>\n<li>spmiller.org<\/li>\n<li>teamattire.com<\/li>\n<li>tfxdccssl.net<\/li>\n<li>thecrownsgolf.org<\/li>\n<li>toh.info<\/li>\n<li>usnewssite.com<\/li>\n<li>uszzcs.com<\/li>\n<li>vwrm.com<\/li>\n<li>woodagency.com<\/li>\n<li>yahoodaily.com<\/li>\n<li>X:\\command.com<\/li>\n<li>admin.datastorage01.org<\/li>\n<li>adobeflash.info.tm<\/li>\n<li>asa.bigish.net<\/li>\n<li>aspjk07@hotmail.com<\/li>\n<li>att.infosupports.com<\/li>\n<li>augle.com<\/li>\n<li>bigdepression.net<\/li>\n<li>bluecoate.com<\/li>\n<li>businessus.org<\/li>\n<li>canadatvsite.com<\/li>\n<li>cas.ibooks.tk<\/li>\n<li>cas.m-e.org.ru<\/li>\n<li>code.mcafeepaying.com<\/li>\n<li>colville.com<\/li>\n<li>command.com<\/li>\n<li>competrip.com<\/li>\n<li>conference.ddns.us<\/li>\n<li>content.ie<\/li>\n<li>crz.dnsweb.org<\/li>\n<li>ctcs.bigdepression.net<\/li>\n<li>ctcs.earthsolution.org<\/li>\n<li>ctx.comrepair.net<\/li>\n<li>deebeedesigns.ca<\/li>\n<li>dev.teamattire.com<\/li>\n<li>dns.progammerli.com<\/li>\n<li>dove.blackcake.net<\/li>\n<li>drgeorges.com<\/li>\n<li>e.canoedaily.com<\/li>\n<li>eclipsecti.infobusinessus.org<\/li>\n<li>eds1.infosupports.com<\/li>\n<li>erence.ddns.us<\/li>\n<li>essformars.com<\/li>\n<li>exactearth.info.tm<\/li>\n<li>fasa.arrowservice.net<\/li>\n<li>fasa.bigish.net<\/li>\n<li>fasa.newsonet.net<\/li>\n<li>fbrshop.com<\/li>\n<li>fetch.py<\/li>\n<li>flash.aoldaily.com<\/li>\n<li>flash.aunewsonline.com<\/li>\n<li>flash.cnndaily.com<\/li>\n<li>flash.mcafeepaying.com<\/li>\n<li>flash.usnewssite.com<\/li>\n<li>fni.bigish.net<\/li>\n<li>freelanceindy.com<\/li>\n<li>gateway.messenger.hotmail.com<\/li>\n<li>gobroadreach.com<\/li>\n<li>gro.sepng.su<\/li>\n<li>h.lk<\/li>\n<li>h:mm:ss.tt<\/li>\n<li>help.purpledaily.com<\/li>\n<li>hint.happyforever.com<\/li>\n<li>hojutsu.co<\/li>\n<li>hojutsu.com<\/li>\n<li>hotmail.com<\/li>\n<li>safety.canadatvsite.com<\/li>\n<li>www.microsoft.com<\/li>\n<li>admin.datastorage01.org<\/li>\n<li>adobeflash.info.tm<\/li>\n<li>cas.ibooks.tk<\/li>\n<li>cas.m-e.org.ru<\/li>\n<li>colville.com<\/li>\n<li>conference.ddns.us<\/li>\n<li>dev.teamattire.com<\/li>\n<li>hint.happyforever.com<\/li>\n<li>hojutsu.com<\/li>\n<li>japan.yahoodaily.com<\/li>\n<li>jimnaugle.com<\/li>\n<li>media.finanstalk.ru<\/li>\n<li>meeting.toh.info<\/li>\n<li>news.canadatvsite.com<\/li>\n<li>news.micyuisyahooapis.com<\/li>\n<li>news.msnhome.org<\/li>\n<li>portal.itsaol.com<\/li>\n<li>public.ddns.us<\/li>\n<li>report.crabdance.com<\/li>\n<li>safety.canadatvsite.com<\/li>\n<li>share.canoedaily.com<\/li>\n<li>sports.canoedaily.com<\/li>\n<li>tcw.homier.com<\/li>\n<li>thecrownsgolf.org<\/li>\n<li>time.mediaxsds.net<\/li>\n<li>ttl.tfxdccssl.net<\/li>\n<li>update.dnepr.com<\/li>\n<li>update.sektori.org<\/li>\n<li>update.slowblog.com<\/li>\n<li>us.gnpes.org<\/li>\n<li>wikileaks.ddns.us<\/li>\n<li>www.bluecoate.com<\/li>\n<li>www.businessformars.com<\/li>\n<li>www.competrip.com<\/li>\n<li>www.cvba.com<\/li>\n<li>www.deebeedesigns.ca<\/li>\n<li>www.doversolutions.co.in<\/li>\n<li>www.drgeorges.com<\/li>\n<li>www.dsds.co.kr<\/li>\n<li>www.fbrshop.com<\/li>\n<li>www.freelanceindy.com<\/li>\n<li>www.gobroadreach.com<\/li>\n<li>www.jiangmin.com.tw<\/li>\n<li>www.kayauto.net<\/li>\n<li>www.keenathomas.com<\/li>\n<li>www.microsoft.com<\/li>\n<li>www.mountainvalley.americanunfinished.com<\/li>\n<li>www.mwa.net<\/li>\n<li>www.newsesport.com<\/li>\n<li>www.omegalogos.org<\/li>\n<li>www.pastorsrest.com<\/li>\n<li>www.pcs157.com<\/li>\n<li>www.rbaparts.com<\/li>\n<li>www.smilecare.com<\/li>\n<li>www.spmiller.org<\/li>\n<li>www.uszzcs.com<\/li>\n<li>www.vwrm.com<\/li>\n<li>www.woodagency.com<\/li>\n<li>zh.lksoftvc.net<\/li>\n<li>johnford985.appspot.com\/fetch.py<\/li>\n<li>code.mcafeepaying.com<\/li>\n<li>ctcs.bigdepression.net<\/li>\n<li>flash.aoldaily.com<\/li>\n<li>flash.aunewsonline.com<\/li>\n<li>flash.cnndaily.com<\/li>\n<li>flash.mcafeepaying.com<\/li>\n<li>flash.usnewssite.com<\/li>\n<li>johnford985.appspot.com<\/li>\n<li>ks.cnndaily.com<\/li>\n<li>moto.purpledaily.com<\/li>\n<li>moto1.newsonet.net<\/li>\n<li>moto2.earthsolution.org<\/li>\n<li>stratos.aoldaily.com<\/li>\n<li>stratos.mcafeepaying.com<\/li>\n<li>ic.ddns.us<\/li>\n<li>ice.net<\/li>\n<li>ille.com<\/li>\n<li>ily.com<\/li>\n<li>ing.toh.info<\/li>\n<li>japan.yahoodaily.com<\/li>\n<li>jimnaugle.com<\/li>\n<li>johnford985.appspot.com<\/li>\n<li>k.ca<\/li>\n<li>kayauto.net<\/li>\n<li>keenathomas.com<\/li>\n<li>ks.aoldaily.com<\/li>\n<li>ks.cnndaily.com<\/li>\n<li>ks.jaimeastorga.mx<\/li>\n<li>ks.manguvaljak.ee<\/li>\n<li>ks.petrotdl.com.ar<\/li>\n<li>ks.utworld.ch<\/li>\n<li>m.ms<\/li>\n<li>media.finanstalk.ru<\/li>\n<li>meeting.toh.info<\/li>\n<li>messenger.hotmail.com<\/li>\n<li>microsoft.com<\/li>\n<li>micyuisyahooapis.com<\/li>\n<li>moc.yliadnnc.sk<\/li>\n<li>moto.purpledaily.com<\/li>\n<li>moto1.newsonet.net<\/li>\n<li>moto2.earthsolution.org<\/li>\n<li>mountainvalley.americanunfinished.com<\/li>\n<li>msn.com<\/li>\n<li>msnhome.org<\/li>\n<li>mwa.net<\/li>\n<li>n.datastorage01.org<\/li>\n<li>n.linuxd.org<\/li>\n<li>n.yahoodaily.com<\/li>\n<li>news.canadatvsite.com<\/li>\n<li>news.micyuisyahooapis.com<\/li>\n<li>news.msnhome.org<\/li>\n<li>nexus.passport.com<\/li>\n<li>ni.bigish.net<\/li>\n<li>nic.safalife.com<\/li>\n<li>ntdetect.com<\/li>\n<li>olmusic100.com<\/li>\n<li>omegalogos.org<\/li>\n<li>owservice.ne<\/li>\n<li>pastorsrest.com<\/li>\n<li>portal.itsaol.com<\/li>\n<li>public.ddns.us<\/li>\n<li>purpledaily.com<\/li>\n<li>qhun-mons.businessformars.com<\/li>\n<li>qusc12.infosupports.com<\/li>\n<li>rbaparts.com<\/li>\n<li>report.crabdance.com<\/li>\n<li>rownsgolf.org<\/li>\n<li>s.org<\/li>\n<li>safety.canadatvsite.com<\/li>\n<li>share.canoedaily.com<\/li>\n<li>smilecare.com<\/li>\n<li>sonet.net<\/li>\n<li>sports.canoedaily.com<\/li>\n<li>sra.blackcake.net<\/li>\n<li>sra.infosupports.com<\/li>\n<li>ssus.org<\/li>\n<li>stratos.aoldaily.com<\/li>\n<li>stratos.mcafeepaying.com<\/li>\n<li>tcw.homier.com<\/li>\n<li>te.dnepr.com<\/li>\n<li>teamattire.com<\/li>\n<li>thecrownsgolf.org<\/li>\n<li>time.mediaxsds.net<\/li>\n<li>tsu.com<\/li>\n<li>ttl.tfxdccssl.net<\/li>\n<li>ty.canadatvsite.com<\/li>\n<li>un.linuxd.org<\/li>\n<li>update.dnepr.com<\/li>\n<li>update.mcafeepaying.com<\/li>\n<li>update.sektori.org<\/li>\n<li>update.slowblog.com<\/li>\n<li>us.gnpes.org<\/li>\n<li>usc12.blackcake.net<\/li>\n<li>vop.earthsolution.org<\/li>\n<li>vwrm.com<\/li>\n<li>w.com<\/li>\n<li>us.gn<\/li>\n<li>wikileaks.ddns.us<\/li>\n<li>woodagency.com<\/li>\n<li>ww.bigish.net<\/li>\n<li>www.BusinessForMars.com<\/li>\n<li>www.bigish.net<\/li>\n<li>www.bluecoate.com<\/li>\n<li>www.businessformars.com<\/li>\n<li>www.competrip.com<\/li>\n<li>www.cvba.com<\/li>\n<li>www.deebeedesigns.ca<\/li>\n<li>www.doversolutions.co.in<\/li>\n<li>www.drgeorges.com<\/li>\n<li>www.dsds.co.kr<\/li>\n<li>www.fbrshop.com<\/li>\n<li>www.freelanceindy.com<\/li>\n<li>www.gobroadreach.com<\/li>\n<li>www.heliospartners.com<\/li>\n<li>www.holdent.com.au<\/li>\n<li>www.inkscape.org<\/li>\n<li>www.jiangmin.com.tw<\/li>\n<li>www.kayauto.net<\/li>\n<li>www.keenathomas.com<\/li>\n<li>www.microsoft.com<\/li>\n<li>www.mountainvalley.americanunfinished.com<\/li>\n<li>www.mwa.ne<\/li>\n<li>www.mwa.net<\/li>\n<li>www.newsesport.com<\/li>\n<li>www.olmusic100.com<\/li>\n<li>www.omegalogos.org<\/li>\n<li>www.pastorsrest.com<\/li>\n<li>www.pcs157.com<\/li>\n<li>www.rbaparts.com<\/li>\n<li>www.smilecare.com<\/li>\n<li>www.spmiller.org<\/li>\n<li>www.uszzcs.com<\/li>\n<li>www.vwrm.com<\/li>\n<li>www.woodagency.com<\/li>\n<li>zh.lksoftvc.net<\/li>\n<\/ul>\n<h4>HTTP Requests:<\/h4>\n<ul>\n<li>CONNECT\u00a0 HTTP\/1.0<\/li>\n<li>CONNECT \/index.asp HTTP\/1.1<\/li>\n<li>GET\u00a0 HTTP\/1.1<\/li>\n<li>GET \/1.asp?rands=FXMJVXGOJJ&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;FXMJVXGOJJ&#8217; HTTP\/1.0<\/li>\n<li>GET \/197.1.16.3_7.html HTTP\/1.1<\/li>\n<li>GET \/2011\/n325423.shtml?pvid=fAAAACIkAOyJMGjxiYadwRyN9buY2MAeOtQPGgD7e0CsZAFTwA8txDliAAA= HTTP\/1.0<\/li>\n<li>GET \/2651.asp HTTP\/1.1<\/li>\n<li>GET \/3491.asp HTTP\/1.1<\/li>\n<li>GET \/4823.asp HTTP\/1.1<\/li>\n<li>GET \/4981.asp HTTP\/1.1<\/li>\n<li>GET \/5310.asp HTTP\/1.1<\/li>\n<li>GET \/5712.html HTTP\/1.1<\/li>\n<li>GET \/6212.html HTTP\/1.1<\/li>\n<li>GET \/6958.html HTTP\/1.1<\/li>\n<li>GET \/_borders\/top.htm HTTP\/1.1<\/li>\n<li>GET \/A2\/front\/lm\/mini\/noborder\/?AQB=1&amp;ndh=1&amp;t=480&amp;lv=VDipXNKF&amp;pageName=About&amp;ss=ipWHkqSl&amp;g=Council&amp;cid=225&amp;v1=c25&amp;hp=N&amp;tal=&amp;AQE=1 HTTP\/1.0<\/li>\n<li>GET \/aboutus_ohs.html HTTP\/1.1<\/li>\n<li>GET \/adobe.html HTTP\/1.1<\/li>\n<li>GET \/api\/get_attention_num\/adfshow?slot=7cLLvm4e&amp;p=F&amp;may=128&amp;g=4363&amp;n=0&amp;i=Home HTTP\/1.0<\/li>\n<li>GET \/aspnet_client\/system_web\/1_0_3705_0\/SmartNav.jpg HTTP\/1.1<\/li>\n<li>GET \/attachments\/C262-240.jpg HTTP\/1.1<\/li>\n<li>GET \/bbs\/db\/1.asp?rands=KKIJLONGAP&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;KKIJLONGAP&#8217; order by id asc HTTP\/1.0<\/li>\n<li>GET \/bbs\/db\/1.asp?rands=SEXGJLSSXM&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;SEXGJLSSXM&#8217; order by id asc HTTP\/1.0<\/li>\n<li>GET \/BerwickFire\/rental.html HTTP\/1.1<\/li>\n<li>GET \/css\/about.htm HTTP\/1.1<\/li>\n<li>GET \/css\/style.html HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=CGPEHQURTR HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=EIGHIZHOMM HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=EYZALCJEKE HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=GIOJJREGBY HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=IHPSYRANKA HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=IPESEDUTED HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=JBVUQETDVA HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=MAJVUXJDAQ HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=QFBMPJCWAL HTTP\/1.1<\/li>\n<li>GET \/Default.aspx?INDEX=XMDOFYNHDY HTTP\/1.1<\/li>\n<li>GET \/default.htm HTTP\/1.1<\/li>\n<li>GET \/default.html HTTP\/1.1<\/li>\n<li>GET \/download.htm HTTP\/1.1<\/li>\n<li>GET \/download\/confere.html HTTP\/1.1<\/li>\n<li>GET \/download\/device_ad.asp?device_t=2928269924&amp;key=dxrqdgct&amp;device_id=ad&amp;cv=dxrqdgctnynmgjjfn HTTP\/1.0<\/li>\n<li>GET \/downloadsoft.htm HTTP\/1.1<\/li>\n<li>GET \/fax.html HTTP\/1.1<\/li>\n<li>GET \/file\/yahootemp.html HTTP\/1.1<\/li>\n<li>GET \/Gallery\/Winterfest\/2.jpg HTTP\/1.1<\/li>\n<li>GET \/html\/proe_tcp.html HTTP\/1.1<\/li>\n<li>GET \/images\/1.asp?rands=HOWBTFQLOZ&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;HOWBTFQLOZ&#8217; order by id asc HTTP\/1.0<\/li>\n<li>GET \/images\/_vti_img\/index.asp HTTP\/1.1<\/li>\n<li>GET \/images\/bs.gif HTTP\/1.1<\/li>\n<li>GET \/images\/btn_info.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/button.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/colt_defense.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/db\/1.asp?rands=BWFIMNAJEE&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;BWFIMNAJEE&#8217; order by id asc HTTP\/1.0<\/li>\n<li>GET \/images\/device_index.asp?device_t=5962704463&amp;key=odnnmvgr&amp;device_id=index&amp;cv=odnnmvgrmftvujsyg HTTP\/1.0<\/li>\n<li>GET \/images\/error.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/head_left.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/icons\/3224?meth=gc&amp;tid=2005614&amp;cqe=3884550&amp;inif=tLu3v8eD3Lu+vqjHy8PI1MvMwtTCytTLycnct7uosceUkZzXgNy1qarHz9TL3LK+qbTHy8+fnw==&amp;syun=250 HTTP\/1.1<\/li>\n<li>GET \/images\/index_0_02.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/leftnav_prog_bg.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/li.gif HTTP\/1.1<\/li>\n<li>GET \/images\/logo.png HTTP\/1.1<\/li>\n<li>GET \/images\/reach1.jpg HTTP\/1.1<\/li>\n<li>GET \/images\/record.asp?device_t=3134688572&amp;key=ywbyftdd&amp;device_id=index&amp;cv=ywbyftddoirafvbak&amp;result=no%20command%0D%0A%0D%0ANext%3ASun%20Feb%2024%2009%3A50%3A15%202013%0Adelay%3A3600%20sec%0D%0A HTTP\/1.0<\/li>\n<li>GET \/images\/title.png HTTP\/1.1<\/li>\n<li>GET \/index.htm HTTP\/1.1<\/li>\n<li>GET \/index.html HTTP\/1.1<\/li>\n<li>GET \/index.html HTTP\/1.1<\/li>\n<li>GET \/index\/default.htm HTTP\/1.1<\/li>\n<li>GET \/index01.htm HTTP\/1.1<\/li>\n<li>GET \/info\/2013.html?1361695580 HTTP\/1.0<\/li>\n<li>GET \/info\/2013.html?1361695600 HTTP\/1.0<\/li>\n<li>GET \/info\/sh1\/search.asp HTTP\/1.1<\/li>\n<li>GET \/info\/sh3\/search.asp HTTP\/1.1<\/li>\n<li>GET \/java\/careers.html HTTP\/1.1<\/li>\n<li>GET \/loa\/database3\/sun.html?a=1317&amp;b=10043&amp;typ=ntWVDtQM&amp;user=home_page|homepage_2nd_banner_820x90&amp;pagei=\/8LfwOjw&amp;border=0&amp;local=yes&amp;psi=170&amp;f=1&amp;form=&amp;h=&amp;i=100 HTTP\/1.0<\/li>\n<li>GET \/logo.html HTTP\/1.1<\/li>\n<li>GET \/logs\/login.asp HTTP\/1.1<\/li>\n<li>GET \/M&amp;A_alliances.htm HTTP\/1.1<\/li>\n<li>GET \/main\/1.asp?rands=TGPJQNYBQY&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;TGPJQNYBQY&#8217; order by id asc HTTP\/1.0<\/li>\n<li>GET \/marq.htm HTTP\/1.1<\/li>\n<li>GET \/NET\/kappa.jpg HTTP\/1.1<\/li>\n<li>GET \/order.htm HTTP\/1.1<\/li>\n<li>GET \/Ouo4f045.asp HTTP\/1.1<\/li>\n<li>GET \/pop.htm HTTP\/1.1<\/li>\n<li>GET \/postinfo.html?1361694906 HTTP\/1.0<\/li>\n<li>GET \/postinfo.html HTTP\/1.1<\/li>\n<li>GET \/pp\/core\/cgi\/wor.asp?category=qiu&amp;ace=i9t2&amp;newText=&amp;amer=160&amp;eur=&amp;mm=love HTTP\/1.0<\/li>\n<li>GET \/public.html HTTP\/1.1<\/li>\n<li>GET \/report\/news.html HTTP\/1.1<\/li>\n<li>GET \/Resource\/device_Tr.asp?device_t=1626586307&amp;key=wuagysqk&amp;device_id=Tr&amp;cv=wuagysqkptijnsayv HTTP\/1.0<\/li>\n<li>GET \/Resource\/record.asp?device_t=2620185844&amp;key=majccsyr&amp;device_id=Tr&amp;cv=majccsyrufwyqrdkg&amp;result=no%20command%0D%0A%0D%0ANext%3ASun%20Feb%2024%2009%3A57%3A53%202013%0Adelay%3A3600%20sec%0D%0A HTTP\/1.0<\/li>\n<li>GET \/Rossini.jpg HTTP\/1.1<\/li>\n<li>GET \/s\/asp?XAAAANoRA_U9K_o8YmGncEcjfW7mNjAHjrUDxoA8sgB_SAA=p=1 HTTP\/1.0<\/li>\n<li>GET \/safe\/1.asp?rands=LYWWLWYPSW&amp;acc=&amp;str=select id from tab_online where regcode = &#8216;LYWWLWYPSW&#8217; order by id asc HTTP\/1.0<\/li>\n<li>GET \/saler.gif HTTP\/1.1<\/li>\n<li>GET \/staff.htm HTTP\/1.1<\/li>\n<li>GET \/study.htm HTTP\/1.1<\/li>\n<li>GET \/sun\/moto.htm HTTP\/1.1<\/li>\n<li>GET \/top.htm HTTP\/1.1<\/li>\n<li>GET \/uc\/myshow\/blog\/misc\/gif\/show.asp?a=mmRCP0L&amp;p=2Fregion2F&amp;u=n5vh8rmrnlopo1ec&amp;b=vY6HjJ2C&amp;n=0&amp;c=233&amp;x=400&amp;y=4153&amp;e=&amp;wt=30q00dn00ei76hc9 HTTP\/1.0<\/li>\n<li>GET \/update.jpg HTTP\/1.1<\/li>\n<li>GET \/update.jpg HTTP\/1.1<\/li>\n<li>GET \/update.png HTTP\/1.1<\/li>\n<li>GET \/uwire\/index.html HTTP\/1.1<\/li>\n<li>GET \/windows.html HTTP\/1.1<\/li>\n<li>GET \/word\/display.asp HTTP\/1.1<\/li>\n<li>GET \/worlda.html HTTP\/1.1<\/li>\n<li>GET \/worldb.html HTTP\/1.1<\/li>\n<li>GET \/Y\/ HTTP\/1.1<\/li>\n<li>GET Default.asp HTTP\/1.1<\/li>\n<li>GET Default.asp?uid=86893&amp;do=friend&amp;view=41&amp;_lgmode=pri&amp;from=bkT7i2 HTTP\/1.1<\/li>\n<li>GET Default.asp?uid=86893&amp;do=friend&amp;view=toms HTTP\/1.1<\/li>\n<li>GET index.html HTTP\/1.1<\/li>\n<li>GET\u00a0 HTTP\/1.1<\/li>\n<li>POST \/fetch.py HTTP\/1.1<\/li>\n<li>POST 404error.asp HTTP\/1.1<\/li>\n<li>POST aspnet_client\/report.asp HTTP\/1.1<\/li>\n<li>POST aspnet_client\/system_web\/1_0_3705_0\/addCats.asp HTTP\/1.1<\/li>\n<li>POST index.asp HTTP\/1.1<\/li>\n<\/ul>\n<h4>User Agents:<\/h4>\n<ul>\n<li>08:52:09+[HOSTNAME]<\/li>\n<li>08:52:27+[HOSTNAME]<\/li>\n<li>10:03:44+[HOSTNAME]<\/li>\n<li>10:04:02+[HOSTNAME]<\/li>\n<li>5.1 04:15 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 04:19 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 04:45 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 04:46 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 04:47 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 07:43 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 09:35 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 09:36 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 09:38 [HOSTNAME]\\[USERNAME]<\/li>\n<li>5.1 09:39 [HOSTNAME]\\[USERNAME]<\/li>\n<li>Google+page<\/li>\n<li>HTTP 1.1<\/li>\n<li>HTTP Mozilla\/5.0(compatible+MSIE<\/li>\n<li>IPHONE8.5(host:[HOSTNAME],ip:[IP]<\/li>\n<li>IPHONE8.5(host:[HOSTNAME],ip:[IP]ct:Sun Feb 24 08:46:20 2013<\/li>\n<li>IPHONE8.5(host:[HOSTNAME],ip:[IP]ct:Sun Feb 24 08:46:40 2013<\/li>\n<li>Internet SurfBear<\/li>\n<li>Microsoft Internet Explorer 6.0<\/li>\n<li>Microsoft Internet Explorer Exelon [HOSTNAME]<\/li>\n<li>Mozilla\/4.0 (compatible;<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Win32<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Win32&#8211;[HOSTNAME]<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Win32;<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Win32;Ali;<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Win32;Fly;<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Win32;Google;<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; EmbeddedWB 14.52 from<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.0; Windows NT 5.2; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 6.1; Windows NT 5.1; SV1<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Win32<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\/4.0<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\/4.0; Cxdp.BMWCN<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\/4.0; Cxdp.BMWUS<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident\/4.0; Cxdp.NSF<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.004:48<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.008:36<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.008:37<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.008:47<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.008:48<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.009:07<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.009:13<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.009:27<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.009:50<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 5.1; [HOSTNAME];Trident\/4.010:19<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident\/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0<\/li>\n<li>Mozilla\/4.0 (compatible; MSIE7.0; Windows NT 5.1<\/li>\n<li>Mozilla\/4.0 (compatible; Windows NT 5.1; MSIE 7.0<\/li>\n<li>Mozilla\/4.0<\/li>\n<li>Mozilla\/5.0 (compatible; MSIE 7.1; Windows NT 5.1; SV1<\/li>\n<li>Mozilla\/5.0 (compatible; MSIE 8.0; Win32<\/li>\n<li>Mozilla\/5.0<\/li>\n<li>Win32<\/li>\n<li>[HOSTNAME]+Mozilla\/4.0 (compatible; MSIE 8.0; Win32<\/li>\n<li>[HOSTNAME]<\/li>\n<li>yahoo html<\/li>\n<\/ul>\n<h4>Delays in ms<\/h4>\n<ul>\n<li>100<\/li>\n<li>1000<\/li>\n<li>2000<\/li>\n<li>3000<\/li>\n<li>4000<\/li>\n<li>5000<\/li>\n<li>6000<\/li>\n<li>10000<\/li>\n<li>30000<\/li>\n<li>60000<\/li>\n<li>100000<\/li>\n<li>120000<\/li>\n<li>127000<\/li>\n<li>300000<\/li>\n<li>600000<\/li>\n<li>900000<\/li>\n<li>1500000<\/li>\n<li>1620000<\/li>\n<li>174000<\/li>\n<li>1740000<\/li>\n<li>1800000<\/li>\n<li>2100000<\/li>\n<\/ul>\n<h4>Compilation timestamps:<\/h4>\n<ul>\n<li>2001-07-17 00:22:56 Tuesday 995329376<\/li>\n<li>2003-08-06 18:34:23 Wednesday 1060194863<\/li>\n<li>2003-10-16 03:41:02 Thursday 1066275662<\/li>\n<li>2004-01-23 23:39:42 Friday 1074901182<\/li>\n<li>2004-05-15 01:06:23 Saturday 1084583183<\/li>\n<li>2004-07-07 02:17:12 Wednesday 1089166632<\/li>\n<li>2004-08-04 06:02:53 Wednesday 1091599373<\/li>\n<li>2004-08-04 06:10:04 Wednesday 1091599804<\/li>\n<li>2004-08-04 06:14:22 Wednesday 1091600062<\/li>\n<li>2004-08-04 06:14:38 Wednesday 1091600078<\/li>\n<li>2004-08-04 07:56:01 Wednesday 1091606161<\/li>\n<li>2004-08-04 07:56:07 Wednesday 1091606167<\/li>\n<li>2004-08-04 07:56:21 Wednesday 1091606181<\/li>\n<li>2004-08-04 07:56:23 Wednesday 1091606183<\/li>\n<li>2004-08-04 07:56:26 Wednesday 1091606186<\/li>\n<li>2004-08-04 07:56:30 Wednesday 1091606190<\/li>\n<li>2004-08-04 07:56:36 Wednesday 1091606196<\/li>\n<li>2004-08-04 07:56:37 Wednesday 1091606197<\/li>\n<li>2004-08-04 07:56:39 Wednesday 1091606199<\/li>\n<li>2004-08-04 07:56:40 Wednesday 1091606200<\/li>\n<li>2004-08-04 07:56:42 Wednesday 1091606202<\/li>\n<li>2004-08-04 07:56:44 Wednesday 1091606204<\/li>\n<li>2004-08-04 07:56:58 Wednesday 1091606218<\/li>\n<li>2004-08-04 07:57:08 Wednesday 1091606228<\/li>\n<li>2004-08-04 07:57:38 Wednesday 1091606258<\/li>\n<li>2004-08-04 07:59:14 Wednesday 1091606354<\/li>\n<li>2006-08-03 12:45:02 Thursday 1154609102<\/li>\n<li>2006-09-13 18:20:18 Wednesday 1158171618<\/li>\n<li>2006-09-14 02:28:46 Thursday 1158200926<\/li>\n<li>2007-06-29 15:18:22 Friday 1183130302<\/li>\n<li>2007-07-25 17:44:33 Wednesday 1185385473<\/li>\n<li>2007-08-08 03:16:50 Wednesday 1186543010<\/li>\n<li>2007-09-17 09:21:03 Monday 1190020863<\/li>\n<li>2007-11-18 23:50:13 Sunday 1195429813<\/li>\n<li>2008-03-12 12:39:30 Wednesday 1205325570<\/li>\n<li>2008-04-13 19:14:55 Sunday 1208114095<\/li>\n<li>2008-06-17 01:20:04 Tuesday 1213665604<\/li>\n<li>2008-07-30 03:25:13 Wednesday 1217388313<\/li>\n<li>2008-08-22 00:43:16 Friday 1219365796<\/li>\n<li>2008-08-27 08:41:19 Wednesday 1219826479<\/li>\n<li>2008-09-16 08:40:03 Tuesday 1221554403<\/li>\n<li>2008-09-16 08:42:05 Tuesday 1221554525<\/li>\n<li>2008-09-16 09:20:31 Tuesday 1221556831<\/li>\n<li>2008-10-22 00:12:21 Wednesday 1224634341<\/li>\n<li>2008-10-27 02:18:16 Monday 1225073896<\/li>\n<li>2008-10-27 08:31:43 Monday 1225096303<\/li>\n<li>2008-10-27 13:48:37 Monday 1225115317<\/li>\n<li>2008-11-10 08:29:48 Monday 1226305788<\/li>\n<li>2008-11-10 08:30:00 Monday 1226305800<\/li>\n<li>2008-11-21 07:46:32 Friday 1227253592<\/li>\n<li>2009-01-07 08:09:33 Wednesday 1231315773<\/li>\n<li>2009-01-15 03:30:11 Thursday 1231990211<\/li>\n<li>2009-02-05 07:14:01 Thursday 1233818041<\/li>\n<li>2009-02-05 07:16:28 Thursday 1233818188<\/li>\n<li>2009-02-05 07:20:22 Thursday 1233818422<\/li>\n<li>2009-02-17 09:40:38 Tuesday 1234863638<\/li>\n<li>2009-03-02 09:52:20 Monday 1235987540<\/li>\n<li>2009-03-06 14:10:18 Friday 1236348618<\/li>\n<li>2009-03-16 13:30:51 Monday 1237210251<\/li>\n<li>2009-03-17 03:34:24 Tuesday 1237260864<\/li>\n<li>2009-03-17 13:21:25 Tuesday 1237296085<\/li>\n<li>2009-03-25 13:11:56 Wednesday 1237986716<\/li>\n<li>2009-04-12 09:14:38 Sunday 1239527678<\/li>\n<li>2009-05-14 17:12:40 Thursday 1242321160<\/li>\n<li>2009-05-26 07:37:57 Tuesday 1243323477<\/li>\n<li>2009-06-08 10:17:38 Monday 1244456258<\/li>\n<li>2009-07-08 13:30:46 Wednesday 1247059846<\/li>\n<li>2009-07-16 15:04:29 Thursday 1247756669<\/li>\n<li>2009-07-20 08:33:01 Monday 1248078781<\/li>\n<li>2009-07-20 09:02:46 Monday 1248080566<\/li>\n<li>2009-07-25 03:44:04 Saturday 1248493444<\/li>\n<li>2009-07-29 14:34:24 Wednesday 1248878064<\/li>\n<li>2009-07-30 09:20:04 Thursday 1248945604<\/li>\n<li>2009-08-03 08:29:29 Monday 1249288169<\/li>\n<li>2009-08-11 08:38:40 Tuesday 1249979920<\/li>\n<li>2009-08-16 11:05:43 Sunday 1250420743<\/li>\n<li>2009-08-24 13:16:23 Monday 1251119783<\/li>\n<li>2009-08-28 02:17:30 Friday 1251425850<\/li>\n<li>2009-11-11 06:33:02 Wednesday 1257921182<\/li>\n<li>2009-11-17 22:13:19 Tuesday 1258495999<\/li>\n<li>2009-12-01 00:40:09 Tuesday 1259628009<\/li>\n<li>2009-12-21 01:39:02 Monday 1261359542<\/li>\n<li>2010-01-15 17:20:56 Friday 1263576056<\/li>\n<li>2010-02-03 08:22:33 Wednesday 1265185353<\/li>\n<li>2010-02-03 08:22:50 Wednesday 1265185370<\/li>\n<li>2010-02-09 08:29:43 Tuesday 1265704183<\/li>\n<li>2010-02-11 03:27:04 Thursday 1265858824<\/li>\n<li>2010-02-11 06:44:46 Thursday 1265870686<\/li>\n<li>2010-02-25 00:49:53 Thursday 1267058993<\/li>\n<li>2010-03-15 06:27:58 Monday 1268634478<\/li>\n<li>2010-04-12 09:09:29 Monday 1271063369<\/li>\n<li>2010-04-14 17:18:20 Wednesday 1271265500<\/li>\n<li>2010-04-20 03:39:27 Tuesday 1271734767<\/li>\n<li>2010-04-23 07:51:28 Friday 1272009088<\/li>\n<li>2010-05-20 07:01:21 Thursday 1274338881<\/li>\n<li>2010-06-23 01:24:31 Wednesday 1277256271<\/li>\n<li>2010-06-25 09:26:47 Friday 1277458007<\/li>\n<li>2010-06-29 00:31:41 Tuesday 1277771501<\/li>\n<li>2010-08-23 02:17:20 Monday 1282529840<\/li>\n<li>2010-09-19 08:34:11 Sunday 1284885251<\/li>\n<li>2010-09-27 02:06:31 Monday 1285553191<\/li>\n<li>2010-09-28 01:00:25 Tuesday 1285635625<\/li>\n<li>2010-09-28 08:09:41 Tuesday 1285661381<\/li>\n<li>2010-10-19 08:15:54 Tuesday 1287476154<\/li>\n<li>2010-10-21 06:51:09 Thursday 1287643869<\/li>\n<li>2010-10-29 06:50:40 Friday 1288335040<\/li>\n<li>2010-10-29 06:51:08 Friday 1288335068<\/li>\n<li>2010-11-02 08:35:56 Tuesday 1288686956<\/li>\n<li>2010-11-04 06:07:11 Thursday 1288850831<\/li>\n<li>2010-11-06 08:08:37 Saturday 1289030917<\/li>\n<li>2010-11-17 13:37:00 Wednesday 1290001020<\/li>\n<li>2010-11-18 01:54:57 Thursday 1290045297<\/li>\n<li>2010-12-02 08:05:26 Thursday 1291277126<\/li>\n<li>2010-12-16 03:14:07 Thursday 1292469247<\/li>\n<li>2010-12-16 03:16:48 Thursday 1292469408<\/li>\n<li>2010-12-18 08:10:11 Saturday 1292659811<\/li>\n<li>2010-12-22 08:02:25 Wednesday 1293004945<\/li>\n<li>2011-01-11 02:12:48 Tuesday 1294711968<\/li>\n<li>2011-01-11 02:24:30 Tuesday 1294712670<\/li>\n<li>2011-01-11 03:22:02 Tuesday 1294716122<\/li>\n<li>2011-03-02 07:40:24 Wednesday 1299051624<\/li>\n<li>2011-03-03 13:41:14 Thursday 1299159674<\/li>\n<li>2011-03-07 09:42:59 Monday 1299490979<\/li>\n<li>2011-03-08 02:36:50 Tuesday 1299551810<\/li>\n<li>2011-03-16 19:26:23 Wednesday 1300303583<\/li>\n<li>2011-03-22 12:59:55 Tuesday 1300798795<\/li>\n<li>2011-03-23 14:34:10 Wednesday 1300890850<\/li>\n<li>2011-03-23 14:36:19 Wednesday 1300890979<\/li>\n<li>2011-03-28 13:35:35 Monday 1301319335<\/li>\n<li>2011-03-29 08:40:16 Tuesday 1301388016<\/li>\n<li>2011-04-02 09:07:51 Saturday 1301735271<\/li>\n<li>2011-04-08 08:04:50 Friday 1302249890<\/li>\n<li>2011-04-20 13:13:08 Wednesday 1303305188<\/li>\n<li>2011-04-21 07:16:51 Thursday 1303370211<\/li>\n<li>2011-04-21 07:51:21 Thursday 1303372281<\/li>\n<li>2011-04-26 01:53:58 Tuesday 1303782838<\/li>\n<li>2011-04-28 01:22:03 Thursday 1303953723<\/li>\n<li>2011-05-17 07:45:35 Tuesday 1305618335<\/li>\n<li>2011-05-17 12:37:22 Tuesday 1305635842<\/li>\n<li>2011-05-20 01:14:53 Friday 1305854093<\/li>\n<li>2011-05-30 08:29:29 Monday 1306744169<\/li>\n<li>2011-06-28 22:39:19 Tuesday 1309300759<\/li>\n<li>2011-07-11 03:38:22 Monday 1310355502<\/li>\n<li>2011-07-18 03:10:56 Monday 1310958656<\/li>\n<li>2011-07-19 01:55:13 Tuesday 1311040513<\/li>\n<li>2011-07-28 04:50:57 Thursday 1311828657<\/li>\n<li>2011-07-28 14:49:46 Thursday 1311864586<\/li>\n<li>2011-07-29 07:10:31 Friday 1311923431<\/li>\n<li>2011-08-09 08:15:29 Tuesday 1312877729<\/li>\n<li>2011-08-11 13:15:49 Thursday 1313068549<\/li>\n<li>2011-08-19 02:34:16 Friday 1313721256<\/li>\n<li>2011-08-19 03:07:37 Friday 1313723257<\/li>\n<li>2011-09-20 03:40:51 Tuesday 1316490051<\/li>\n<li>2011-09-20 03:50:48 Tuesday 1316490648<\/li>\n<li>2011-09-25 13:42:51 Sunday 1316958171<\/li>\n<li>2011-09-25 13:43:28 Sunday 1316958208<\/li>\n<li>2011-09-27 13:07:55 Tuesday 1317128875<\/li>\n<li>2011-09-27 13:09:16 Tuesday 1317128956<\/li>\n<li>2011-10-10 14:16:57 Monday 1318256217<\/li>\n<li>2011-10-11 13:02:38 Tuesday 1318338158<\/li>\n<li>2011-10-12 01:58:10 Wednesday 1318384690<\/li>\n<li>2011-10-13 08:47:13 Thursday 1318495633<\/li>\n<li>2011-10-14 08:42:16 Friday 1318581736<\/li>\n<li>2011-10-14 11:58:04 Friday 1318593484<\/li>\n<li>2011-10-18 00:58:17 Tuesday 1318899497<\/li>\n<li>2011-10-19 09:16:10 Wednesday 1319015770<\/li>\n<li>2011-10-19 09:17:10 Wednesday 1319015830<\/li>\n<li>2011-10-19 09:19:09 Wednesday 1319015949<\/li>\n<li>2011-10-24 08:19:05 Monday 1319444345<\/li>\n<li>2011-11-01 02:43:26 Tuesday 1320115406<\/li>\n<li>2011-11-05 09:27:34 Saturday 1320485254<\/li>\n<li>2011-11-07 14:59:20 Monday 1320677960<\/li>\n<li>2011-11-17 07:22:44 Thursday 1321514564<\/li>\n<li>2011-11-21 12:36:14 Monday 1321878974<\/li>\n<li>2011-11-21 12:36:51 Monday 1321879011<\/li>\n<li>2011-11-22 01:15:22 Tuesday 1321924522<\/li>\n<li>2011-11-28 12:32:07 Monday 1322483527<\/li>\n<li>2011-12-12 03:28:15 Monday 1323660495<\/li>\n<li>2011-12-20 02:23:38 Tuesday 1324347818<\/li>\n<li>2012-01-19 00:50:11 Thursday 1326934211<\/li>\n<li>2012-01-20 03:14:28 Friday 1327029268<\/li>\n<li>2012-02-09 00:47:28 Thursday 1328748448<\/li>\n<li>2012-02-09 00:47:52 Thursday 1328748472<\/li>\n<li>2012-02-16 08:22:06 Thursday 1329380526<\/li>\n<li>2012-02-17 14:55:21 Friday 1329490521<\/li>\n<li>2012-02-23 07:20:31 Thursday 1329981631<\/li>\n<li>2012-02-28 11:48:43 Tuesday 1330429723<\/li>\n<li>2012-02-28 15:35:51 Tuesday 1330443351<\/li>\n<li>2012-03-02 06:27:21 Friday 1330669641<\/li>\n<li>2012-03-02 07:20:27 Friday 1330672827<\/li>\n<li>2012-03-02 08:45:11 Friday 1330677911<\/li>\n<li>2012-03-07 08:41:30 Wednesday 1331109690<\/li>\n<li>2012-03-12 01:34:56 Monday 1331516096<\/li>\n<li>2012-03-13 02:21:54 Tuesday 1331605314<\/li>\n<li>2012-03-13 03:47:57 Tuesday 1331610477<\/li>\n<li>2012-03-16 07:10:50 Friday 1331881850<\/li>\n<li>2012-03-20 09:24:33 Tuesday 1332235473<\/li>\n<li>2012-03-22 08:45:38 Thursday 1332405938<\/li>\n<li>2012-03-28 15:39:00 Wednesday 1332949140<\/li>\n<li>2012-04-12 15:02:26 Thursday 1334242946<\/li>\n<li>2012-04-17 08:29:00 Tuesday 1334651340<\/li>\n<li>2012-04-17 08:30:01 Tuesday 1334651401<\/li>\n<li>2012-04-17 09:32:54 Tuesday 1334655174<\/li>\n<li>2012-04-24 08:24:45 Tuesday 1335255885<\/li>\n<li>2012-05-07 03:19:17 Monday 1336360757<\/li>\n<li>2012-05-14 14:16:53 Monday 1337005013<\/li>\n<li>2012-05-28 08:12:40 Monday 1338192760<\/li>\n<li>2012-05-29 14:39:47 Tuesday 1338302387<\/li>\n<li>2012-06-04 12:57:35 Monday 1338814655<\/li>\n<li>2012-06-09 13:19:49 Saturday 1339247989<\/li>\n<li>2012-06-09 13:19:53 Saturday 1339247993<\/li>\n<li>2012-06-11 12:37:20 Monday 1339418240<\/li>\n<li>2012-06-26 03:30:05 Tuesday 1340681405<\/li>\n<li>2012-08-08 23:27:53 Wednesday 1344468473<\/li>\n<li>2012-08-10 02:10:53 Friday 1344564653<\/li>\n<li>2012-08-16 07:53:11 Thursday 1345103591<\/li>\n<li>2012-08-20 12:56:12 Monday 1345467372<\/li>\n<li>2012-08-20 12:59:08 Monday 1345467548<\/li>\n<li>2012-08-20 14:06:56 Monday 1345471616<\/li>\n<li>2012-08-20 15:16:12 Monday 1345475772<\/li>\n<li>2012-08-21 13:46:15 Tuesday 1345556775<\/li>\n<li>2012-08-22 15:50:16 Wednesday 1345650616<\/li>\n<li>2012-08-28 07:34:32 Tuesday 1346139272<\/li>\n<li>2012-08-28 13:40:13 Tuesday 1346161213<\/li>\n<li>2012-08-30 13:06:09 Thursday 1346331969<\/li>\n<li>2012-09-06 15:34:30 Thursday 1346945670<\/li>\n<li>2012-09-10 14:25:34 Monday 1347287134<\/li>\n<li>2012-11-07 14:12:48 Wednesday 1352297568<\/li>\n<li>2012-11-13 14:55:39 Tuesday 1352818539<\/li>\n<li>2012-11-14 07:58:27 Wednesday 1352879907<\/li>\n<li>2012-11-16 07:35:22 Friday 1353051322<\/li>\n<li>2012-12-06 13:09:40 Thursday 1354799380<\/li>\n<li>2012-12-25 13:07:50 Tuesday 1356440870<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<h3>The sampleset &#8211; clustering<\/h3>\n<p>Quite frankly, there is not so much to write about it here.<\/p>\n<p>I do not find obvious distribution or significant spikes of specific patterns and the results are not very presentable &#8211; to provide a few specific examples &#8211; out of 285 samples:<\/p>\n<p>The following samples use DES:<\/p>\n<ul>\n<li>0CF9E999C574EC89595263446978DC9F<\/li>\n<li>24259AE8B0018B0CE9992FB1D9B69E2A<\/li>\n<li>468FF2C12CFFC7E5B2FE0EE6BB3B239E<\/li>\n<li>476FEA8761A03BEF16E322996C2F6666<\/li>\n<li>7AECB34616245EB6B2906358151BE55B<\/li>\n<li>7F1A4BC267ACE340A5AA7A0B79CBF349<\/li>\n<li>8E8622C393D7E832D39E620EAD5D3B49<\/li>\n<li>929802A27737CEBC59D19DA724FDF30A<\/li>\n<li>C04C796EF126AD7429BE7D55720FE392<\/li>\n<li>CF9C2D5A8FBDD1C5ADC20CFC5E663C21<\/li>\n<li>D0D5A20C5A6C4FDDAB4D43B85632B6A9<\/li>\n<li>D34E357461C55D90C52309C1FF952B4C<\/li>\n<li>DD21D1EA2146861A4219B1CBDAEFE59B<\/li>\n<\/ul>\n<p>The following files run runinfo.exe:<\/p>\n<ul>\n<li>09531F851EF74A7238685FD287A395BD<\/li>\n<li>0CA6E2AD69826C8E3287FC8576112814<\/li>\n<li>C3E5603A38E700274D1AB30CE93D08B9<\/li>\n<\/ul>\n<p>The following samples use mutex !@ADS@#$<\/p>\n<ul>\n<li>6B3D19CC86D82B06F5DB3AE9D5BA8A5F<\/li>\n<li>831A67DC75E2D4505180888747BC8EA9<\/li>\n<\/ul>\n<p>The following samples connect to 69.28.168.10:443<\/p>\n<ul>\n<li>1F2EB7B090018D975E6D9B40868C94CA<\/li>\n<li>D9FBF759F527AF373E34673DC3ACA462<\/li>\n<\/ul>\n<p>The conclusion?<\/p>\n<p>Diplomatically speaking &#8211; my clustering efforts are far from being actionable at this stage :-).<\/p>\n<p>Sandboxing samples provides a good data for toying around, but w\/o some normalization of this data and w\/o ability to establish links between smaller clusters, it&#8217;s hard to draw any significant conclusion.<\/p>\n<p>Sad, but watch this space \ud83d\ude42<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Part 1, Part 2, Part 3 As I mentioned in my previous post, I was toying around with various samplesets (e.g. zero access, APT1, etc.) and since the APT1 sampleset is all over the news, I took a stab at &hellip; <a href=\"https:\/\/www.hexacorn.com\/blog\/2013\/03\/04\/clustering-and-batch-analysis-of-apt1-sampleset1\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[28,15,9],"tags":[],"_links":{"self":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/1732"}],"collection":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/comments?post=1732"}],"version-history":[{"count":9,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/1732\/revisions"}],"predecessor-version":[{"id":1972,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/posts\/1732\/revisions\/1972"}],"wp:attachment":[{"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/media?parent=1732"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/categories?post=1732"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hexacorn.com\/blog\/wp-json\/wp\/v2\/tags?post=1732"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}