I'm running capture-hpc on a core2 quad machine with 4gigs of ram and
windows 64 bit. Vmware server is version 1.0.5. The problem is that
when the machine is running and the logs are showing that urls are
being inspected I don't see IEXPLORER opening a windows. Another
problem - when I'm using more than 1 VM, the others VM don't crawl
URLs. Here is a log from the command prompt.
Option added: server-listen-port => 7070
Option added: server-listen-address => 10.10.10.11
Option added: input_urls => new.txt
CaptureServer: Listening for connections
Validating config.xml ...
config.xml successfully validated
Option added: capture-network-packets-benign => false
Option added: capture-network-packets-malicious => false
Option added: client-default-visit-time => 30
Option added: collect-modified-files => false
Option added: p_m => 0.009
Option added: send-exclusion-lists => false
ExclusionList added: for file monitor
ExclusionList added: for process monitor
ExclusionList: WARNING Error in exclusion list, line 97 in RegistryMonitor.exl
ExclusionList: WARNING Error in exclusion list, line 98 in RegistryMonitor.exl
ExclusionList added: for registry monitor
[127.0.0.1:902] VM added
[VIII 6, 2008 2:16:40 PM-127.0.0.1:902-12755250] VMSetState:
WAITING_TO_BE_REVERTED
[127.0.0.1:902] VM added
[VIII 6, 2008 2:16:40 PM-127.0.0.1:902-8451275] VMSetState:
WAITING_TO_BE_REVERTED
[VIII 6, 2008 2:16:42 PM-127.0.0.1:902-12755250] VMSetState: REVERTING
[VIII 6, 2008 2:17:05 PM-127.0.0.1:902-12755250] VMSetState: RUNNING
[VIII 6, 2008 2:17:05 PM-127.0.0.1:902-8451275] VMSetState: REVERTING
[VIII 6, 2008 2:17:15 PM-127.0.0.1:902-8451275] VMSetState: RUNNING
<connect vm-server-id="8029412" vm-id="12755250"/>
[VIII 6, 2008 2:17:47 PM-127.0.0.1:902-12755250] ClientSetState: CONNECTED
[VIII 6, 2008 2:17:47 PM-127.0.0.1:902-12755250] ClientSetState: WAITING
<visit-event identifier="-1742166172" program="iexplore"
time="6/8/2008 14:17:0.436" type="start" malicious="0"><item
url="http%3a%2f%2fwww.perfekt.si%2fflash.exe" program="iexplore"
major-error-code="0" minor-error-code="0" time="6/8/2008 14:17:0.436"
visited="0"></item><item
url="http%3a%2f%2fvoxinterna.de%2findex2.html" program="iexplore"
major-error-code="0" minor-error-code="0" time="6/8/2008 14:17:0.436"
visited="0"></item><item url="http%3a%2f%2famuse.cz%2fflash.exe"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fnewtokyo.ipower.com%2f1.html" program="iexplore"
major-error-code="0" minor-error-code="0" time="6/8/2008 14:17:0.436"
visited="0"></item><item
url="http%3a%2f%2fspringrunner54.com%2fvideos%2flive1.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fhk-rc.com%2f1.html" program="iexplore"
major-error-code="0" minor-error-code="0" time="6/8/2008 14:17:0.436"
visited="0"></item><item
url="http%3a%2f%2fwww.akarkent.com%2ffolderz%2fready.php"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fwww.raeucherkahn.de%2ffolderz%2fready.php"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fwww.google.com%2fnotebook%2fpublic%2f03592248685823518483%2fBDQE8SgoQ6d2GhLYj"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesjuyyij%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d24"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesqkeqqs%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d24"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesrwfbwx%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d94"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieskxilbr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d97"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieslnkgbx%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d59"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxkrtxc%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d99"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesnzzurl%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d66"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieswavwfc%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d90"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.436" visited="0"></item><item
url="http%3a%2f%2fwww.google.com%2fnotebook%2fpublic%2f14890867430588751385%2fBDQJ-SgoQqJjq-bUj"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesqjkvun%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d39"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriessflgpm%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d7"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxkrtxc%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d71"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieszoztsp%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d27"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxgftqb%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d34"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxdkkat%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d30"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieskxilbr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d67"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesjkqizc%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d8"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriespnzulr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d5"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesgefcrr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d5"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.452" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesqbjsvv%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d69"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesdlzwqy%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d93"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fwww.google.com%2fnotebook%2fpublic%2f13205868031131501818%2fBDQfxSgoQiKPw_rUj"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesnzzurl%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d27"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fdoxazosin.topnetworks.co.cc%2fmap.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fdigoxin.topteaching.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fcondylox.topexchanges.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fsuetjboc.9cy.com%2fadvancew19%2fnew-jersey-cash-advance-and-payday-loans.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2fselczaob.012webpages.com%2fadvancemb2%2fadvance-snco-academy-honor.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item><item
url="http%3a%2f%2florenafoley.justfree.com%2fblender-aa%2fset-background-in-blender.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:17:0.467" visited="0"></item></visit-event>
[VIII 6, 2008 2:17:47 PM-127.0.0.1:902-12755250] Visiting group -1742166172
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
[VIII 6, 2008 2:17:47 PM-127.0.0.1:902-12755250] ClientSetState: VISITING
<pong/>
[VIII 6, 2008 2:17:50 PM-127.0.0.1:902-12755250] Got pong
<system-event time="6/8/2008 14:17:4.249" type="registry"
process="C:\Program Files\Internet Explorer\IEXPLORE.EXE"
action="SetValueKey"
object="HKCR\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}"/>
[VIII 6, 2008 2:17:55 PM-127.0.0.1:902-12755250] Visited group
-1742166172 MALICIOUS
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
[VIII 6, 2008 2:17:55 PM-127.0.0.1:902-12755250] ClientSetState: DISCONNECTED
[VIII 6, 2008 2:17:55 PM-127.0.0.1:902-12755250] VMSetState:
WAITING_TO_BE_REVERTED
[VIII 6, 2008 2:17:55 PM-127.0.0.1:902-12755250] socket closed
[VIII 6, 2008 2:17:55 PM-127.0.0.1:902-12755250] VMSetState: REVERTING
[VIII 6, 2008 2:18:04 PM-127.0.0.1:902-12755250] VMSetState: RUNNING
<connect vm-server-id="8029412" vm-id="12755250"/>
[VIII 6, 2008 2:18:05 PM-127.0.0.1:902-12755250] ClientSetState: CONNECTED
[VIII 6, 2008 2:18:05 PM-127.0.0.1:902-12755250] ClientSetState: WAITING
<visit-event identifier="-2033297905" program="iexplore"
time="6/8/2008 14:18:5.671" type="start" malicious="0"><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriessflgpm%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d7"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxkrtxc%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d71"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieszoztsp%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d27"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxgftqb%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d34"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesxdkkat%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d30"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstorieskxilbr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d67"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesjkqizc%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d8"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriespnzulr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d5"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesgefcrr%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d5"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesqbjsvv%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d69"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesdlzwqy%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d93"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fwww.google.com%2fnotebook%2fpublic%2f13205868031131501818%2fBDQfxSgoQiKPw_rUj"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesnzzurl%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d27"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fdoxazosin.topnetworks.co.cc%2fmap.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fdigoxin.topteaching.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fcondylox.topexchanges.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fsuetjboc.9cy.com%2fadvancew19%2fnew-jersey-cash-advance-and-payday-loans.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2fselczaob.012webpages.com%2fadvancemb2%2fadvance-snco-academy-honor.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item><item
url="http%3a%2f%2florenafoley.justfree.com%2fblender-aa%2fset-background-in-blender.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:5.671" visited="0"></item></visit-event>
[VIII 6, 2008 2:18:05 PM-127.0.0.1:902-12755250] Visiting group -2033297905
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
[VIII 6, 2008 2:18:05 PM-127.0.0.1:902-12755250] ClientSetState: VISITING
<system-event time="6/8/2008 14:18:6.280" type="registry"
process="C:\Program Files\Internet Explorer\IEXPLORE.EXE"
action="SetValueKey"
object="HKCR\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}"/>
[VIII 6, 2008 2:18:07 PM-127.0.0.1:902-12755250] Visited group
-2033297905 MALICIOUS
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
[VIII 6, 2008 2:18:07 PM-127.0.0.1:902-12755250] ClientSetState: DISCONNECTED
[VIII 6, 2008 2:18:07 PM-127.0.0.1:902-12755250] VMSetState:
WAITING_TO_BE_REVERTED
[VIII 6, 2008 2:18:07 PM-127.0.0.1:902-12755250] socket closed
[VIII 6, 2008 2:18:07 PM-127.0.0.1:902-12755250] VMSetState: REVERTING
[127.0.0.1:902-8451275] Client inactivity, reverting VM
[VIII 6, 2008 2:18:16 PM-127.0.0.1:902-8451275] VMSetState:
WAITING_TO_BE_REVERTED
[VIII 6, 2008 2:19:01 PM-127.0.0.1:902-12755250] VMSetState: RUNNING
[VIII 6, 2008 2:19:01 PM-127.0.0.1:902-8451275] VMSetState: REVERTING
[VIII 6, 2008 2:19:11 PM-127.0.0.1:902-8451275] VMSetState: RUNNING
<connect vm-server-id="8029412" vm-id="12755250"/>
[VIII 6, 2008 2:19:38 PM-127.0.0.1:902-12755250] ClientSetState: CONNECTED
[VIII 6, 2008 2:19:38 PM-127.0.0.1:902-12755250] ClientSetState: WAITING
<visit-event identifier="-580246983" program="iexplore" time="6/8/2008
14:18:48.547" type="start" malicious="0"><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesqbjsvv%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d69"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesdlzwqy%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d93"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fwww.google.com%2fnotebook%2fpublic%2f13205868031131501818%2fBDQfxSgoQiKPw_rUj"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fgroups.msn.com%2ftopstoriesnzzurl%2fgeneral.msnw%3faction%3dget_message%26mview%3d0%26ID_Message%3d27"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fdoxazosin.topnetworks.co.cc%2fmap.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fdigoxin.topteaching.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fcondylox.topexchanges.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fsuetjboc.9cy.com%2fadvancew19%2fnew-jersey-cash-advance-and-payday-loans.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2fselczaob.012webpages.com%2fadvancemb2%2fadvance-snco-academy-honor.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item><item
url="http%3a%2f%2florenafoley.justfree.com%2fblender-aa%2fset-background-in-blender.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:18:48.547" visited="0"></item></visit-event>
[VIII 6, 2008 2:19:38 PM-127.0.0.1:902-12755250] Visiting group -580246983
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
[VIII 6, 2008 2:19:38 PM-127.0.0.1:902-12755250] ClientSetState: VISITING
<pong/>
[VIII 6, 2008 2:19:40 PM-127.0.0.1:902-12755250] Got pong
<pong/>
[VIII 6, 2008 2:19:50 PM-127.0.0.1:902-12755250] Got pong
<system-event time="6/8/2008 14:18:52.31" type="registry"
process="C:\Program Files\Internet Explorer\IEXPLORE.EXE"
action="SetValueKey"
object="HKCR\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}"/>
[VIII 6, 2008 2:19:54 PM-127.0.0.1:902-12755250] Visited group
-580246983 MALICIOUS
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
[VIII 6, 2008 2:19:54 PM-127.0.0.1:902-12755250] ClientSetState: DISCONNECTED
[VIII 6, 2008 2:19:54 PM-127.0.0.1:902-12755250] VMSetState:
WAITING_TO_BE_REVERTED
[VIII 6, 2008 2:19:54 PM-127.0.0.1:902-12755250] socket closed
[VIII 6, 2008 2:19:56 PM-127.0.0.1:902-12755250] VMSetState: REVERTING
[VIII 6, 2008 2:20:04 PM-127.0.0.1:902-12755250] VMSetState: RUNNING
<connect vm-server-id="8029412" vm-id="12755250"/>
[VIII 6, 2008 2:20:06 PM-127.0.0.1:902-12755250] ClientSetState: CONNECTED
[VIII 6, 2008 2:20:06 PM-127.0.0.1:902-12755250] ClientSetState: WAITING
<visit-event identifier="406608015" program="iexplore" time="6/8/2008
14:20:6.530" type="start" malicious="0"><item
url="http%3a%2f%2fdigoxin.topteaching.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:20:6.530" visited="0"></item><item
url="http%3a%2f%2fcondylox.topexchanges.co.cc%2findex.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:20:6.530" visited="0"></item><item
url="http%3a%2f%2fsuetjboc.9cy.com%2fadvancew19%2fnew-jersey-cash-advance-and-payday-loans.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:20:6.530" visited="0"></item><item
url="http%3a%2f%2fselczaob.012webpages.com%2fadvancemb2%2fadvance-snco-academy-honor.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:20:6.530" visited="0"></item><item
url="http%3a%2f%2florenafoley.justfree.com%2fblender-aa%2fset-background-in-blender.html"
program="iexplore" major-error-code="0" minor-error-code="0"
time="6/8/2008 14:20:6.530" visited="0"></item></visit-event>
[VIII 6, 2008 2:20:06 PM-127.0.0.1:902-12755250] Visiting group 406608015
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
UrlSetState: VISITING
[VIII 6, 2008 2:20:06 PM-127.0.0.1:902-12755250] ClientSetState: VISITING
<system-event time="6/8/2008 14:20:7.155" type="registry"
process="C:\Program Files\Internet Explorer\IEXPLORE.EXE"
action="SetValueKey"
object="HKCR\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}"/>
[VIII 6, 2008 2:20:07 PM-127.0.0.1:902-12755250] Visited group
406608015 MALICIOUS
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
UrlSetState: VISITED
[VIII 6, 2008 2:20:07 PM-127.0.0.1:902-12755250] ClientSetState: DISCONNECTED
[VIII 6, 2008 2:20:07 PM-127.0.0.1:902-12755250] VMSetState:
WAITING_TO_BE_REVERTED
[VIII 6, 2008 2:20:07 PM-127.0.0.1:902-12755250] socket closed
[VIII 6, 2008 2:20:09 PM-127.0.0.1:902-12755250] VMSetState: REVERTING
[127.0.0.1:902-8451275] Client inactivity, reverting VM
[VIII 6, 2008 2:20:12 PM-127.0.0.1:902-8451275] VMSetState:
WAITING_TO_BE_REVERTED
As you can see there are 2 VM running, but only 1 is crawling - how
can I fix this or am I missing something? THanks in advance.
_______________________________________________
Capture-HPC mailing list
Capture-HPC@public.honeynet.org
https://public.honeynet.org/mailman/listinfo/capture-hpc
