File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
4c806459c744620b84cc6dceb838ef64 | 6ec805f13214a93d3b615e8cc614a6cc734966a1 | 5053bef3c6b22cb1ac90d124f8794d3f8541119b35b26edd2e221e3b38c52aa5 | 3072:ZYhrihSYup/A1kgDwWHUzEfY18miNLrV/LKL9XWyaWWKRp6a6Q8qqoXVUFfDU3eR:yhR9vJoYNi | 281600 |
File Name |
---|
show.php.exe |
4.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 76 AC F7 94 5F 99 33 45 87 54 77 27 83 3F 5B 58 C9 05 A5 00 43 7F 1E CC 7F BC 9C | 21 32 D9 E3 69 1B 4A 0D 34 90 BA C2 4A 40 F2 FD 20 99 9C BB 6F 1A A2 9E 0A D3 E |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 79 11 5E 7B 2F 80 C5 21 6B 88 D9 44 AB 5D C2 6F A7 C7 DB BF E8 63 F1 11 59 46 46 | 99 92 8B 6B 50 57 A9 72 AC 16 D5 02 8C 48 4F 76 2E 9B 9B 99 1F 4F A7 D3 26 46 C |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
77.78.240.80 | drivers-win-x4442124.com | /vk/get_ip_pay_needblock_lite.php | 0x06 | |
77.78.240.80 | drivers-win-x4442124.com | /vk/1-md5 | 0x06 | |
77.78.240.80 | drivers-win-x4442124.com | /vk/1-encode | 0x06 | |
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 90 | 84 | 5892 | 21432 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 90 | 84 | 5892 | 21432 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
07:55:46 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 224 | 80 | 13 | 1971 |
07:55:51 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 224 | 80 | 10 | 1965 |
07:55:56 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 224 | 80 | 6 | 633 |
07:55:57 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 284 | 80 | 13 | 1947 |
07:56:02 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 284 | 80 | 10 | 1965 |
07:56:07 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 284 | 80 | 6 | 633 |
07:56:08 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 511 | 80 | 13 | 1950 |
07:56:13 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 511 | 80 | 11 | 2298 |
07:56:18 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 511 | 80 | 5 | 300 |
07:58:19 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 619 | 80 | 13 | 1971 |
07:58:24 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 619 | 80 | 11 | 2298 |
07:58:29 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 619 | 80 | 5 | 300 |
07:58:30 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 668 | 80 | 13 | 1947 |
07:58:35 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 668 | 80 | 11 | 2298 |
07:58:41 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 668 | 80 | 5 | 300 |
07:58:41 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 461 | 80 | 13 | 1950 |
07:58:46 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 461 | 80 | 11 | 2298 |
07:58:51 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 461 | 80 | 5 | 300 |
08:01:10 | 2010-09-25 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
20:09:14 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 222 | 80 | 13 | 1971 |
20:09:19 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e d | 222 | 80 | 12 | 2631 |
20:09:25 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 222 | 80 | 5 | 300 |
20:09:25 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 223 | 80 | 13 | 1947 |
20:09:31 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 223 | 80 | 11 | 2298 |
20:09:36 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 223 | 80 | 5 | 300 |
20:09:36 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 400 | 80 | 13 | 1950 |
20:09:42 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 400 | 80 | 10 | 1965 |
20:09:47 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 400 | 80 | 6 | 633 |
20:11:48 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 299 | 80 | 13 | 1971 |
20:11:53 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 299 | 80 | 10 | 1965 |
20:11:58 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 299 | 80 | 6 | 633 |
20:11:59 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 714 | 80 | 14 | 2280 |
20:12:04 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 714 | 80 | 11 | 2025 |
20:12:10 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 756 | 80 | 13 | 1950 |
20:12:10 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 714 | 80 | 4 | 240 |
20:12:15 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 756 | 80 | 11 | 2298 |
20:12:20 | 2010-09-25 | 6 | 10.10.10.7 | 77.78.240.80 | -> | e | 756 | 80 | 5 | 300 |
20:14:39 | 2010-09-25 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|