Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =881e21645e5ffe1ffb959835f8fdf71d

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
881e21645e5ffe1ffb959835f8fdf71d	1855412a717f4b74c9227772c48aaba694568e81	e35d4f4d6e3329f92af6acb5ad8b6ff9f90915b89bc066feb4e69cbcd4469451	49152:1rVYlfBUDiZx8Fa/Q0NuB1ripj2YcWlT2f/E9gfpx:1OPUDQmso0NuBI2YLlT2f/E	2219008

File Results

File Name
a.exe

SNORT Results

Snort Class	Snort Alert	Count
A Network Trojan was detected	ET TROJAN Suspicious User-Agent - Possible Trojan Downloader (ver18/ver19, etc)	4
A Network Trojan was detected	ET TROJAN Tibs/Harnig Downloader Activity	1
Misc Attack	ET RBN Known Russian Business Network IP TCP (28)	1

AV Results

AV Alert	AV Vendor
Downloader	Symantec
Artemis!881E21645E5F	McAfee
HackTool.Win32.Binder.bs	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	87IMY4XV
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	MILJGV5B
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	WO4JPI86

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Application Data/Microsoft	conhost.exe
c:/Documents and Settings/dmc73144/Application Data	C31A.001
c:/Documents and Settings/dmc73144/Local Settings/Temp	4.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp	av.exe
c:/Documents and Settings/dmc73144/Local Settings/Temp	AVS
c:/Documents and Settings/dmc73144/Local Settings/Temp	GB.EXE
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XV	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/87IMY4XV	zdlfahcaip[1].htm
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	ubsnltn[1].htm
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/MILJGV5B	desktop.ini
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/MILJGV5B	dhpjelxr[1].htm
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86	ctbidkjq[1].htm
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/WO4JPI86	desktop.ini
c:/Documents and Settings	dmc73144xplore.exe
c:/WINDOWS/Prefetch	AUTOIT3.EXE-32361418.pf
c:/WINDOWS/Prefetch	AV.EXE-2BB28644.pf
c:/WINDOWS/Prefetch	AVS.EXE-273CB218.pf
c:/WINDOWS/Prefetch	DB.EXE-1938CF3D.pf
c:/WINDOWS/Prefetch	EN.EXE-2EB83C39.pf
c:/WINDOWS/Prefetch	GB.EXE-3A422BAF.pf
c:/WINDOWS/Prefetch	IPCONFIG.EXE-2395F30B.pf
c:/WINDOWS/Prefetch	NTVDM.EXE-1A10A423.pf
c:/WINDOWS/Prefetch	PERFMON8.EXE-3A9640FE.pf
c:/WINDOWS/Prefetch	REGSHOT.EXE-010A5EE6.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	SB.EXE-12312C77.pf
c:/WINDOWS/Prefetch	SVCHOST.EXE-3530F672.pf
c:/WINDOWS/system32	perfmon8.exe

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Application Data/Mozilla/Firefox/Profiles/ektregxy.default	prefs.js
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	NTUSER.DAT
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/Program Files/OpenSSH/var/log	OpenSSHd.log
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/system32/config	default.LOG
modified	c:/WINDOWS/system32/config	software
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	SYSTEM
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run
added	HKLM/SOFTWARE/YICGGIOWP
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000/Control
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000/Control
added	HKU/.DEFAULT/Software/Microsoft/Internet Explorer/Main/featurecontrol
added	HKU/.DEFAULT/Software/Microsoft/Internet Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION
added	HKU/.DEFAULT/Software/Microsoft/Internet Explorer/international
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/YICGGIOWP
added	HKU/S-1-5-18/Software/Microsoft/Internet Explorer/Main/featurecontrol
added	HKU/S-1-5-18/Software/Microsoft/Internet Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION
added	HKU/S-1-5-18/Software/Microsoft/Internet Explorer/international

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet Settings	6	CA 45 8D 7A 61 F6
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run	oxtosr	"C:/WINDOWS/system32/perfmon8.exe"
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run	conhost	"C:/Documents and Settings/dmc73144/Application Data/Microsoft/conhost.exe"
added	HKLM/SYSTEM/ControlSet001/Control/Session Manager	PendingFileRenameOperations	5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 64 6D 63 37 33 31 34 34 5C 4C 4F
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000/Control	NewlyCreated	0x00000000
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000/Control	ActiveService	"3bba44c8"
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000	Service	"3bba44c8"
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000	Legacy	0x00000001
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000	ConfigFlags	0x00000000
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000	Class	"LegacyDriver"
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000	ClassGUID	"{8ECC055D-047F-11D1-A537-0000F8753ED1}"
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000	DeviceDesc	"3bba44c8"
added	HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8	NextInstance	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Control/Session Manager	PendingFileRenameOperations	5C 3F 3F 5C 43 3A 5C 44 4F 43 55 4D 45 7E 31 5C 64 6D 63 37 33 31 34 34 5C 4C 4F
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000/Control	NewlyCreated	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000/Control	ActiveService	"3bba44c8"
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000	Service	"3bba44c8"
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000	Legacy	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000	ConfigFlags	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000	Class	"LegacyDriver"
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000	ClassGUID	"{8ECC055D-047F-11D1-A537-0000F8753ED1}"
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000	DeviceDesc	"3bba44c8"
added	HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8	NextInstance	0x00000001
added	HKU/.DEFAULT/Software/Microsoft/Internet Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION	svchost.exe	0x000022B8
added	HKU/.DEFAULT/Software/Microsoft/Internet Explorer/international	acceptlanguage	"en-us"
added	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings	maxhttpredirects	0x0000270F
added	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings	enablehttp1_1	0x00000001
added	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	{AEBA21FA-782A-4A90-978D-B72164C80120}	1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 13 37 13 12 14 1A 15
added	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	{A8A88C49-5EB2-4990-A1A2-0876022C854F}	1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 13 37 13 12 14 1A 15
added	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1208	0x00000000
added	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1209	0x00000000
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings	ProxyServer	"http=127.0.0.1
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings	6	CA 45 8D 7A 61 F6
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//AV.EXE	"Realtek Audio Driver"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//AVS.EXE	"AVS"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//DB.EXE	"Snapin using common base classes"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//EN.EXE	"EN"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//GB.EXE	"GB"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//SB.EXE	"SB"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://WINDOWS//system32//ipconfig.exe	"IP Configuration Utility"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://DOCUME~1//dmc73144//LOCALS~1//Temp//EUO1FFC.tmp.cmd	"EUO1FFC.tmp"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://Documents and Settings//dmc73144xplore.exe	"dmc73144xplore"
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://WINDOWS//system32//ntvdm.exe	"NTVDM.EXE"
added	HKU/S-1-5-18/Software/Microsoft/Internet Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION	svchost.exe	0x000022B8
added	HKU/S-1-5-18/Software/Microsoft/Internet Explorer/international	acceptlanguage	"en-us"
added	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings	maxhttpredirects	0x0000270F
added	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings	enablehttp1_1	0x00000001
added	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	{AEBA21FA-782A-4A90-978D-B72164C80120}	1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 13 37 13 12 14 1A 15
added	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	{A8A88C49-5EB2-4990-A1A2-0876022C854F}	1A 37 61 59 23 52 35 0C 7A 5F 20 17 2F 1E 1A 19 0E 2B 01 73 13 37 13 12 14 1A 15
added	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1208	0x00000000
added	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1209	0x00000000

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	E3 E9 35 DE C1 21 D3 29 2B B2 1F C8 D7 22 76 12 7B 0D 1E C2 19 DE 41 27 B8 63 7A	70 3A 68 51 20 E2 3E 81 A5 8E D3 DB 3E 9E 1D 2C C5 D4 3B 7F CD DE FC 8F 66 5E AE
modified	HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication	Name	"msoobe.exe"	"svchost.exe"
modified	HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication	ID	0x3B7D853E	0x41107ED6
modified	HKLM/SYSTEM/ControlSet001/Hardware Profiles/0001/Software/Microsoft/windows/CurrentVersion/Internet Settings	ProxyEnable	0x00000000	0x00000001
modified	HKLM/SYSTEM/ControlSet001/Hardware Profiles/Current/Software/Microsoft/windows/CurrentVersion/Internet Settings	ProxyEnable	0x00000000	0x00000001
modified	HKLM/SYSTEM/CurrentControlSet/Hardware Profiles/0001/Software/Microsoft/windows/CurrentVersion/Internet Settings	ProxyEnable	0x00000000	0x00000001
modified	HKLM/SYSTEM/CurrentControlSet/Hardware Profiles/Current/Software/Microsoft/windows/CurrentVersion/Internet Settings	ProxyEnable	0x00000000	0x00000001
modified	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	CurrentLevel	0x00011000	0x00000000
modified	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1001	0x00000001	0x00000000
modified	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1601	0x00000001	0x00000000
modified	HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1A10	0x00000001	0x00000000
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings	ProxyEnable	0x00000000	0x00000001
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	DefaultConnectionSettings	3C 00 00 00 02 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 03 00 00 00 03 00 00 00 14 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 1A 00 00 00 03 00 00 00 14 00 00 00 68 74 74 70 3D 31 32 37 2E 30 2E
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000004
modified	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	CurrentLevel	0x00011000	0x00000000
modified	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1001	0x00000001	0x00000000
modified	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1601	0x00000001	0x00000000
modified	HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3	1A10	0x00000001	0x00000000

DNS Results

DNS	DNS Response
onlinebizdirectory.com	Standard query response A 173.203.101.8
freshmediaportal.com	Standard query response A 63.251.179.57 A 64.158.56.57
contactfriendly.com	Standard query response A 95.211.130.162
aeravine.com	Standard query response A 193.27.246.60
imagehut4.cn	Standard query response A 64.158.56.57 A 63.251.179.57
resetmymemory.com	Standard query response A 64.158.56.57 A 63.251.179.57
zonedg.com	Standard query response A 96.9.169.85
www.google.com	Standard query response CNAME www.l.google.com A 72.14.204.99 A 72.14.204.103 A 72.14.204.104 A 72.14.204.105 A 72.14.204.147
freshmediaportal.com	Standard query response A 64.158.56.57 A 63.251.179.57

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
63.251.179.57	freshmediaportal.com	/blog/images/3521.jpg?v67=41&tq=gL5HtzyMv5rJsxG1J4Xo2rCyDvEpwr7UxUrEgPiWW1cg	mozilla/2.0	0x06
64.158.56.57	imagehut4.cn	/update/utu.dat	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.2; SV1)	0x06
193.27.246.60	aeravine.com	/dpxezto/ubsnltn.php?adv=adv610&id=82799957&c=10331881	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver76	0x06
193.27.246.60	aeravine.com	/dpxezto/ctbidkjq.php?adv=adv610&id=82799957&c=10331881	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver76	0x06
193.27.246.60	aeravine.com	/dpxezto/zdlfahcaip.php?adv=adv610&id=82799957&c=10331881	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver76	0x06
193.27.246.60	aeravine.com	/dpxezto/dhpjelxr.php?adv=adv610&code1=HOLC&code2=3201&id=82799957&p=1&b=1&c=10331881	Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)ver76	0x06
64.158.56.57	resetmymemory.com	/blog/images/3521.jpg?v83=96&tq=gKZEtzyMv5rJqxG1J42pzMffBv0v1%2BjbwvgS917W65rJqlLfgPiWW1cg	mozilla/2.0	0x06
96.9.169.85	zonedg.com	/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gGg%2Fl%2F2wrnKCGkrg%2B8Wrd%2FUfSeCK0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqpSr%2Fe%2BV5ZuRg%3D%3D	mozilla/2.0	0x06
96.9.169.85	zonedg.com	/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gGg%2Fl%2F2wrnKCGkrg%2B8Wrd%2FUfSeCK0alxtygbpb6HvnSAOQij%2B8yjYvEaS%2FT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D	mozilla/2.0	0x06
72.14.204.99	www.google.com	/		0x06
64.158.56.57	freshmediaportal.com	/blog/images/3521.jpg?v82=71&tq=gKZEtzyMv5rJqxG1J42pzMffBv0v1%2BjbwvgS917W65rJqlLfgPiWW1cg	mozilla/2.0	0x06
96.9.169.85	zonedg.com	/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gGg%2Fl%2F2wrnKCGkrg%2B8Wrd%2FUfSeCK0alxtygbpb6HvnSAOQij%2BsSrf%2BFpPOHuwd0i9Goe5vjCqFKv975Xlm5G	mozilla/2.0	0x06

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	156	138	15349	30156

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	156	138	15349	30156

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
18:23:32	2011-10-10	6	10.10.10.7	173.203.101.8	->	e	469	80	14	2727
18:23:32	2011-10-10	6	10.10.10.7	95.211.130.162	->	e	598	80	9	1752
18:23:34	2011-10-10	6	10.10.10.7	95.211.130.162	->	e	600	80	9	2216
18:23:35	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	256	80	9	932
18:23:35	2011-10-10	6	10.10.10.7	193.27.246.60	->	e	255	80	13	1781
18:23:36	2011-10-10	6	10.10.10.7	193.27.246.60	->	e	602	80	13	1784
18:23:37	2011-10-10	6	10.10.10.7	173.203.101.8	->	e	469	80	10	1965
18:23:42	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	605	80	13	2059
18:23:42	2011-10-10	6	10.10.10.7	173.203.101.8	->	e	469	80	5	300
18:23:43	2011-10-10	6	10.10.10.7	96.9.169.85	->	e	606	80	9	1131
18:23:47	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	605	80	10	1965
18:23:52	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	605	80	4	513
18:24:33	2011-10-10	6	10.10.10.7	72.14.204.99	->	e	148	80	13	1942
18:24:38	2011-10-10	6	10.10.10.7	72.14.204.99	->	e	148	80	11	2298
18:24:43	2011-10-10	6	10.10.10.7	72.14.204.99	->	e	148	80	5	300
18:24:44	2011-10-10	6	10.10.10.7	72.14.204.99	->	e	611	80	14	2280
18:24:49	2011-10-10	6	10.10.10.7	72.14.204.99	->	e	611	80	10	1965
18:24:54	2011-10-10	6	10.10.10.7	72.14.204.99	->	e	611	80	5	300
18:25:58	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	624	80	13	2062
18:25:58	2011-10-10	6	10.10.10.7	96.9.169.85	->	e	162	80	9	1133
18:25:59	2011-10-10	6	10.10.10.7	96.9.169.85	->	e	625	80	9	1131
18:26:03	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	624	80	11	2298
18:26:08	2011-10-10	6	10.10.10.7	64.158.56.57	->	e	624	80	3	180

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location