Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =51642679ae9ca2cd69c7caa68c0b5925

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
51642679ae9ca2cd69c7caa68c0b5925	c2cb1a7e9b65d02746944d7ade9dd1f9ea2b81a0	88311791731faab0883454d3c86b06eea8ebdae40e8c872d80f3a068e8386471	768:HcKTtqOYEym8L5iR4iZtyUyJmJvbcYRaD1ciq8W7Kg4ZdQiX+1enN+dX0fMnM:HcKZHYEn8ds4yk	44497

File Results

File Name
js.js.exe

SNORT Results

Snort Class	Snort Alert	Count
A Network Trojan was detected	ET TROJAN Generic Trojan Checkin (2)	1
Misc Attack	ET RBN Known Russian Business Network IP TCP (74)	1

AV Results

AV Alert	AV Vendor
Trojan.Dropper	Symantec
Generic	McAfee
Trojan-Downloader.Win32.Geral.ssc	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	RAV
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Program Files	RAV

Files (Added) - ICC Results

Path	File Name
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Local Settings/Temp	cc190750.exe
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	Count[1].htm
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/inf	oem0.inf
c:/WINDOWS/inf	oem0.PNF
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CC190750.EXE-0C6519FF.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	REG.EXE-0D2A95F7.pf
c:/WINDOWS/Prefetch	RUNONCE.EXE-2803F297.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	SC.EXE-012262AF.pf
c:/WINDOWS/system32/drivers	CCTest.sys
c:/WINDOWS/system32	jsseting.data
c:/WINDOWS/system32	kav.exe
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Local Settings/Temp	cc170171.exe
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	Count[1].htm
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/inf	oem0.inf
c:/WINDOWS/inf	oem0.PNF
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CC170171.EXE-02F34BBE.pf
c:/WINDOWS/Prefetch	REG.EXE-0D2A95F7.pf
c:/WINDOWS/Prefetch	RUNONCE.EXE-2803F297.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	SC.EXE-012262AF.pf
c:/WINDOWS/system32/drivers	CCTest.sys
c:/WINDOWS/system32	jsseting.data
c:/WINDOWS/system32	kav.exe

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS	setupapi.log
modified	c:/WINDOWS/system32/CatRoot/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	TimeStamp
modified	c:/WINDOWS/system32/CatRoot2	edb.chk
modified	c:/WINDOWS/system32/CatRoot2	edb.log
modified	c:/WINDOWS/system32/CatRoot2	tmp.edb
modified	c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	catdb
modified	c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	TimeStamp
modified	c:/WINDOWS/system32/config	software
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	SysEvent.Evt
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS	setupapi.log
modified	c:/WINDOWS/system32/CatRoot/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	TimeStamp
modified	c:/WINDOWS/system32/CatRoot2	edb.chk
modified	c:/WINDOWS/system32/CatRoot2	edb.log
modified	c:/WINDOWS/system32/CatRoot2	tmp.edb
modified	c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	catdb
modified	c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}	TimeStamp
modified	c:/WINDOWS/system32/config	software
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	70 F8 8F 7D 54 60 FA 93 FC 31 AE 63 F3 21 B2 5B 29 75 F2 D6 B8 9A CE E6 AE D9 3B	58 E5 9E 92 CD 81 86 60 52 A8 A0 DF E7 30 9B 92 BD 5D 80 ED 1D CB 0E 76 13 6B 3
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	description	"Matches all ICMP packets between this computer and any other computer."	"??????????????????? ICMP ??"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	ipsecName	"All ICMP Traffic"	"?? ICMP ???"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	ipsecData	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 52 00 00 00 01 00 00 00 02 00 00	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 52 00 00 00 01 00 00 00 02 00 0
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	description	"Matches all IP packets from this computer to any other computer, except broadca	"??????????????????? ICMP ?,????????Kerberos?RSVP ? ISAKMP (IKE)?"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	ipsecName	"All IP Traffic"	"?? IP ???"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	ipsecData	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 4A 00 00 00 01 00 00 00 02 00 00	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 4A 00 00 00 01 00 00 00 02 00 0
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436156	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}	description	"Accepts unsecured communication, but requests clients to establish trust and se	"????????,?????????????????????????????????????????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}	ipsecName	"Request Security (Optional)"	"???? (??)"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}	description	"Permit unsecured IP packets to pass through."	"?????? IP ????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}	ipsecName	"Permit"	"??"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}	description	"Accepts unsecured communication, but always requires clients to establish trust	"????????,?????????????????????????????????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}	ipsecName	"Require Security"	"????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SYSTEM/ControlSet001/Control/GroupOrderList	Extended Base	04 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00	05 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 05 00 00 00
modified	HKLM/SYSTEM/CurrentControlSet/Control/GroupOrderList	Extended Base	04 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00	05 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 05 00 00 00
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	23 C7 F8 6E 78 92 C5 71 55 E9 A8 80 59 2E CB 95 BE 7A 0B BF 2C 40 F4 19 11 D5 6B	A3 BA F8 D7 6F 25 6E 8A E5 B1 5F 5A 06 06 20 3C 40 55 86 A7 5A A9 90 96 D9 16 4
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	description	"Matches all ICMP packets between this computer and any other computer."	"??????????????????? ICMP ??"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	ipsecName	"All ICMP Traffic"	"?? ICMP ???"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	ipsecData	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 52 00 00 00 01 00 00 00 02 00 00	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 52 00 00 00 01 00 00 00 02 00 0
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	description	"Matches all IP packets from this computer to any other computer, except broadca	"??????????????????? ICMP ?,????????Kerberos?RSVP ? ISAKMP (IKE)?"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	ipsecName	"All IP Traffic"	"?? IP ???"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	ipsecData	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 4A 00 00 00 01 00 00 00 02 00 00	B5 20 DC 80 C8 2E D1 11 A8 9E 00 A0 24 8D 30 21 4A 00 00 00 01 00 00 00 02 00 0
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436156	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}	description	"Accepts unsecured communication, but requests clients to establish trust and se	"????????,?????????????????????????????????????????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}	ipsecName	"Request Security (Optional)"	"???? (??)"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}	description	"Permit unsecured IP packets to pass through."	"?????? IP ????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}	ipsecName	"Permit"	"??"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}	description	"Accepts unsecured communication, but always requires clients to establish trust	"????????,?????????????????????????????????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}	ipsecName	"Require Security"	"????"
modified	HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}	whenChanged	0x4A436155	0x46EE3DCE
modified	HKLM/SYSTEM/ControlSet001/Control/GroupOrderList	Extended Base	04 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00	05 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 05 00 00 00
modified	HKLM/SYSTEM/CurrentControlSet/Control/GroupOrderList	Extended Base	04 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00	05 00 00 00 01 00 00 00 02 00 00 00 04 00 00 00 03 00 00 00 05 00 00 00
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0

DNS Results

DNS	DNS Response
js.jk136.com	Standard query response A 202.103.221.20
www.yztq.net	Standard query response A 123.196.125.15
www.yztq.net	Standard query response A 61.183.11.242

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
123.196.125.15	www.yztq.net	/tj/count.asp?mac=00c029ebbf39&ver=1.0&os=WindowsXP&dtime=2011-2-2	baidu	0x06
61.183.11.242	www.yztq.net	/tj/count.asp?mac=00c029ebbf39&ver=1.0&os=WindowsXP&dtime=2011-2-2	baidu	0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	44	41	3079	5196
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
10	6	30	28	2096	1684
80	6	14	13	983	3512
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
21:21:37	2011-03-23	6	10.10.10.7	202.103.221.20	->	e	399	10	13	928
21:21:37	2011-03-23	6	10.10.10.7	123.196.125.15	->	e	400	80	13	2017
21:21:38	2011-03-23	6	10.10.10.7	202.103.221.20	->	e	509	10	13	932
21:21:42	2011-03-23	6	10.10.10.7	202.103.221.20	->	e	399	10	10	600
21:21:42	2011-03-23	6	10.10.10.7	123.196.125.15	->	e	400	80	11	2298
21:21:43	2011-03-23	6	10.10.10.7	202.103.221.20	->	e	509	10	10	600
21:21:47	2011-03-23	6	10.10.10.7	202.103.221.20	->	e	399	10	6	360
21:21:48	2011-03-23	6	10.10.10.7	123.196.125.15	->	e	400	80	3	180
21:21:48	2011-03-23	6	10.10.10.7	202.103.221.20	->	e	509	10	6	360
01:59:18	2011-05-08	6	10.10.10.7	202.103.221.20	->	e	513	10	13	928
01:59:19	2011-05-08	6	10.10.10.7	61.183.11.242	->	e	514	80	13	2017
01:59:20	2011-05-08	6	10.10.10.7	202.103.221.20	->	e	452	10	13	932
01:59:23	2011-05-08	6	10.10.10.7	202.103.221.20	->	e	513	10	10	600
01:59:24	2011-05-08	6	10.10.10.7	61.183.11.242	->	e	514	80	10	1965
01:59:25	2011-05-08	6	10.10.10.7	202.103.221.20	->	e	452	10	10	600
01:59:28	2011-05-08	6	10.10.10.7	202.103.221.20	->	e	513	10	6	360
01:59:29	2011-05-08	6	10.10.10.7	61.183.11.242	->	e	514	80	4	513
01:59:30	2011-05-08	6	10.10.10.7	202.103.221.20	->	e	452	10	6	360
02:04:21	2011-05-08	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location