So you don't see any possibility in the data presented, that there were communications of any type/frequency registered between systems in China etc and here? Then what exactly are they showing, or are you saying they just made the remote addresses up?
Sorry, I must have misunderstood your original post. My point was that I would be more comfortable with an expert witness whose background was computer/device/network security rather than SAM intel.