File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
6ea0d19989880ae5d7ce527f07d9b333 | ec6ba380b03c0fb46cac9fff8a555a782b9f80e7 | f1d47e22b879d9ae266a3fddc85f061ed9b4f1f2efe53f0ed8761259cc86d2ae | 1536:mOhplcsHv1X6n0+Whng9G5+MpJQPBPg4JnBnNpV8byTohSTRToNiVYk2KInuEHvr:mOXpHv1O0L | 98304 |
File Name |
---|
loader.exe |
Snort Class | Snort Alert | Count |
---|
AV Alert | AV Vendor |
---|---|
Suspicious.Cloud.5 | Symantec |
Artemis!6EA0D1998988 | McAfee |
N/A | Kaspersky |
Trojan.Gen | Symantec |
Trojan-Downloader.BAT.Banload.b | Kaspersky |
Path | Folder Name |
---|
Path | File Name |
---|---|
c:/WINDOWS/Prefetch | SANDNET.EXE-2012C478.pf |
c:/WINDOWS/Prefetch | WGET.EXE-32C287FB.pf |
c: | netstat_post.txt |
c: | tasksvc_post.txt |
c: | taskv_post.txt |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | 69 25 88 F4 88 FD CF 52 05 2C 05 DA 42 F7 2F 09 88 B1 25 2A D1 3D 9F AF E4 BC F5 | 8A 85 C7 DB F7 41 75 75 59 5F C7 86 FF 1B 28 30 39 35 7D 50 D6 27 CF 6E 62 80 7 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|