File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
666673253bdab74ca47c6b09a573509d | 41c962fb0862bb3557d71569d5d9e84749f501ca | 6be3ea0598a03280abccee96d6a2c347fb7bcb92ab7d683ea29f294a870535d2 | 1536:bNP7b+npR5UfgLli3D6sg/fUCcGVC7QqzrncN0eJWwum/3Qwd2mVYpOU:Rf4RKfk+DyU9uC7QcY | 62976 |
File Name |
---|
kp.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | E8 2A 64 3D 46 EA E3 2C 49 F7 6A 67 1C 70 39 AB 7A C9 E9 89 48 62 DD 4C A2 DE 60 | 40 25 69 0C D1 72 B2 21 88 7D DA CA 90 05 8F 3E A6 9B 20 4B 79 E8 3E E7 CC 88 A |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT | EventMessageFile | c:windowssystem32ESENT.dll | "C |
modified | HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT | CategoryMessageFile | c:windowssystem32ESENT.dll | "C |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT | EventMessageFile | c:windowssystem32ESENT.dll | "C |
modified | HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT | CategoryMessageFile | c:windowssystem32ESENT.dll | "C |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
w.nucleardiscover.com | Standard query response A 60.190.223.75 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 60 | 56 | 4871 | 3368 |
17 | 1 | 0 | 175 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
888 | 6 | 60 | 56 | 4871 | 3368 |
1900 | 17 | 1 | 0 | 175 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
18:07:56 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 439 | 888 | 14 | 1160 |
18:08:01 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 439 | 888 | 11 | 660 |
18:08:07 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 439 | 888 | 4 | 240 |
18:09:10 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 569 | 888 | 13 | 1099 |
18:09:15 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 569 | 888 | 11 | 660 |
18:09:20 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 569 | 888 | 5 | 300 |
18:10:23 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 356 | 888 | 13 | 1100 |
18:10:28 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 356 | 888 | 11 | 660 |
18:10:33 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 356 | 888 | 5 | 300 |
18:11:36 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 809 | 888 | 13 | 1100 |
18:11:41 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 809 | 888 | 11 | 660 |
18:11:46 | 2011-07-02 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 809 | 888 | 5 | 300 |
18:13:23 | 2011-07-02 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 1 | 175 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|