File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
6f1dbf1d8cf205c0fbc08f60117e3b48 | fa448ae304d49bd26424d34fd583d168d3304aa8 | 83e42db2ba9af005f38fdc59974e220249e3ea9a5dd1511c4e1c07901299542d | 768:XFykfqlI/XIYWCguTUqT4UmZCa2YxeaeHgmrzUE4oa3eeJbf1iQ2sVjMx7xmha5:Xf44gGleZSYo | 47616 |
File Name |
---|
kp.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|
Path | Folder Name |
---|
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | BC 65 DC 2B 2F AA A5 18 3A B3 90 D7 7D 3F 6A BF 0F 85 7D D2 97 57 55 3E 85 F9 6E | 54 17 14 12 3D C4 0C B2 C8 58 29 D4 22 EF 64 E8 0A 16 7D 0C 00 46 DE FD 32 EB 6 |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
DNS | DNS Response |
---|---|
w.nucleardiscover.com | Standard query response A 60.190.223.75 |
DstIP | HTTP_HOST | HTTP_REQUEST_URI | HTTP_USER_AGENT | PROTOCOL |
---|---|---|---|---|
239.255.255.250 | 239.255.255.250:1900 | * | --blank-- | 0x11 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 60 | 56 | 4872 | 3368 |
17 | 3 | 0 | 525 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
888 | 6 | 60 | 56 | 4872 | 3368 |
1900 | 17 | 3 | 0 | 525 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
21:45:44 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 11 | 888 | 14 | 1160 |
21:45:49 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 11 | 888 | 11 | 660 |
21:45:55 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 11 | 888 | 4 | 240 |
21:46:57 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 17 | 888 | 14 | 1160 |
21:47:02 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 17 | 888 | 10 | 600 |
21:47:07 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 17 | 888 | 5 | 300 |
21:48:11 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 108 | 888 | 14 | 1160 |
21:48:16 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 108 | 888 | 11 | 660 |
21:48:22 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 108 | 888 | 4 | 240 |
21:49:23 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 637 | 888 | 13 | 1100 |
21:49:28 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 637 | 888 | 10 | 600 |
21:49:33 | 2011-05-26 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 637 | 888 | 6 | 360 |
21:44:37 | 2011-05-26 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 318 | 1900 | 1 | 175 |
21:51:11 | 2011-05-26 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|