File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
1eae79ded7d781544ea19322fda94b83 | 774ca8b1e70432710a2ee734b38f8f02decd906d | 9aee797eecce523892976c1605fa37c45b59d05bc4f6f35355ad6de59d3b2217 | 768:5uRufd/4gDUq5uy9JICB3kO4lAVf6zEGbRydpExyq1I7kbmGovyy:QRyR4gDxpyC9UOczEG0TEv1 | 43741 |
File Name |
---|
v62pipe.php%3Fspl%3DJWS%26fh%3B%3D.exe |
l.php%3Fwm%5Fid%3Dacc0047.exe |
Snort Class | Snort Alert | Count |
---|---|---|
Misc Attack | ET RBN Known Russian Business Network IP TCP (280) | 1 |
AV Alert | AV Vendor |
---|---|
N/A | Symantec |
N/A | McAfee |
N/A | Kaspersky |
Artemis!1EAE79DED7D7 | McAfee |
Path | Folder Name |
---|---|
c:/Documents and Settings/dmc73144/Local Settings/Temp | f3f5d276-7d5b-42f7-aa93-08b2cf090d83 |
c:/Documents and Settings/dmc73144/Local Settings/Temp | 9d29c144-402f-4a81-9930-076a82e037ae |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 8D 53 25 5E A4 1F 56 4C F5 C8 8A 60 8D 61 6A 79 F1 52 CE 0E 60 9F 01 C3 FA CA E3 | 85 36 AB 96 A8 A3 A4 17 21 29 56 AA BE 40 5C CB 3C 43 6A 3E 40 87 EE 41 24 99 E |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 82 FF 04 F2 CA 7B 22 7A 4C 53 D1 A6 80 32 E7 FD 48 45 02 04 05 2D D2 8D 4F DC FA | 51 22 1D 5D 7D 54 BB 24 37 5A 98 FA AF 79 6D F5 00 E3 63 57 9D 13 00 61 69 87 5 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
91.188.60.5 | 91.188.60.5 | /hit.php?v=46&app_type_id=1&wm_id=acc0047&u=f3f5d276-7d5b-42f7-aa93-08b2cf090d83&t=2 | 0x06 | |
91.188.60.5 | 91.188.60.5 | /hit.php?v=46&app_type_id=1&wm_id=acc0047&u=9d29c144-402f-4a81-9930-076a82e037ae&t=2 | 0x06 | |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 5 | 4 | 441 | 515 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 5 | 4 | 441 | 515 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
10:00:34 | 2010-07-24 | 6 | 10.10.10.7 | 91.188.60.5 | -> | e | 20 | 80 | 9 | 956 |
10:06:00 | 2010-07-24 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
22:17:25 | 2010-07-24 | 6 | 10.10.10.7 | 91.188.60.5 | -> | e | 6 | 80 | 9 | 956 |
22:22:46 | 2010-07-24 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|