Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =7d20f8ab761b73381dd7fae1b49c0d00

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    7d20f8ab761b73381dd7fae1b49c0d00253f1e2ffac16e4277d7f45ccd219069f4bbc3767a3d1315aff8a80e37324296c7c71794d7df143f742c88dd1a289c85a0b992411536:EsA8u7/DT7IkPD3J2zaJstb5JAGiXc21N8VrnAu/X6FFggE2JfqpgtnyvKIyU8OB:NBuHT7IkPD159744

    File Results

    File Name
    hpqcmon.exe

    SNORT Results

    Snort ClassSnort AlertCount
    A Network Trojan was DetectedET ATTACK_RESPONSE IRC - Nick change on non-std port6
    A Network Trojan was DetectedET ATTACK_RESPONSE IRC - Channel JOIN on non-std port1

    AV Results

    AV AlertAV Vendor
    W32.Bobax!drSymantec
    W32/Bobax.worm.genMcAfee
    Backdoor.Win32.Donbot.pKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/TempCookies
    c:/Documents and Settings/dmc73144/Local Settings/TempHistory
    c:/Documents and Settings/dmc73144/Local Settings/Temp/HistoryHistory.IE5
    c:/Documents and Settings/dmc73144/Local Settings/TempTemporary Internet Files
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet FilesContent.IE5
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5ODY7SD23
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5P3L2OLUY
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5V7C4C17S
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5XFCRRRFA

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Cookiesindex.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp/History/History.IE5desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/History/History.IE5index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/ODY7SD23desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/P3L2OLUYdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/V7C4C17Sdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/XFCRRRFAdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp~1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF2.tmp
    c:/WINDOWS/PrefetchAUTOIT3.EXE-32361418.pf
    c:/WINDOWS/PrefetchDIEP.EXE-0B3E1DC8.pf
    c:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    c:/WINDOWS/PrefetchNETSH.EXE-085CFFDE.pf
    c:/WINDOWS/PrefetchREGSHOT.EXE-010A5EE6.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/Prefetch~1.TMP.EXE-0B3B52A3.pf
    c:/WINDOWS/system32entdg.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Program Files/Adobe/Reader 8.0/ReaderAdobeCollabSync.exe
    modifiedc:/Program Files/OpenSSH/binsh.exe
    modifiedc:/Program Files/OpenSSH/binswitch.exe
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchNTOSBOOT-B00DFAAD.pf
    modifiedc:/WINDOWS/PrefetchSCP.EXE-174845DC.pf
    modifiedc:/WINDOWS/PrefetchSENDIT.EXE-34C997E3.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/PrefetchWMIPRVSE.EXE-28F301A9.pf
    modifiedc:/WINDOWS/PrefetchWUAUCLT.EXE-399A8E72.pf
    modifiedc:/WINDOWSSchedLgU.Txt
    modifiedc:/WINDOWS/SoftwareDistribution/DataStore/Logsedb.chk
    modifiedc:/WINDOWS/system32/configdefault.LOG
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32netsh.exe
    modifiedc:/WINDOWS/system32netstat.exe
    modifiedc:/WINDOWS/system32sc.exe
    modifiedc:/WINDOWS/system32tasklist.exe
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed3D E1 C3 E7 4C 72 75 5E 5D C3 7E A5 F7 78 8E 2C 45 27 F8 D5 EC C2 A0 99 23 9D DA 47 44 79 FD DC 7C 3B E0 E8 21 8E 7E E5 75 11 A6 01 6D 57 24 50 9D DD E4 D5 63 9
    modifiedHKLM/SOFTWARE/Microsoft/Security CenterAntiVirusOverride0x00000000 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Security CenterFirewallOverride0x00000000 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C

    DNS Results

    DNSDNS Response
    mx1.hotmail.comStandard query response A 65.55.92.184 A 65.54.188.72 A 65.54.188.94 A 65.54.188.110 A 65.54.188.126 A 65.55.37.72 A 65.55.37.88 A 65.55.37.104 A 65.55.37.120 A 65.55.92.136 A 65.55.92.152 A 65.55.92.168
    mailin-03.mx.aol.comStandard query response A 64.12.90.33 A 64.12.90.97 A 205.188.59.193 A 205.188.156.193 A 205.188.190.2
    proxim.ircgalaxy.plStandard query response A 94.63.149.150
    ftp.scarlet.beStandard query response A 193.74.22.160
    yutunrz.1dumb.comStandard query response A 127.0.0.1
    mailin-01.mx.aol.comStandard query response A 205.188.159.42 A 64.12.90.1 A 64.12.90.98 A 205.188.59.194 A 205.188.146.193
    mcduii.3-a.netStandard query response A 127.0.0.1
    jdjsloy.dynserv.comStandard query response, No such name
    wyqggvow.afraid.orgStandard query response A 127.0.0.2
    nttstziinpa.hn.orgStandard query response A 127.0.0.1
    fcnhysydw.yi.orgStandard query response A 143.215.15.60
    dlivmg.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    neytteybbo.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    fzzdik.dynserv.comStandard query response, No such name
    pkvgzaecagx.afraid.orgStandard query response, No such name
    yraqztt.hn.orgStandard query response A 127.0.0.1
    kpxvrvdefs.yi.orgStandard query response A 143.215.15.60
    qeqfsvxousx.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    imtoey.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    jrscqsshxs.dynserv.comStandard query response, No such name
    yjjtuvsro.afraid.orgStandard query response, No such name
    firradbqzku.hn.orgStandard query response A 127.0.0.1
    dgwigom.yi.orgStandard query response A 143.215.15.60
    mfltoqgqt.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    ksfvgfrf.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    uhqoyjlu.dynserv.comStandard query response, No such name
    bdtjkffl.afraid.orgStandard query response, No such name
    ipurfbqpsdj.hn.orgStandard query response A 127.0.0.1
    orugtuapnzu.yi.orgStandard query response A 143.215.15.60
    gyssafafiq.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    ihhyzby.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    pvxkideqlen.dynserv.comStandard query response, No such name
    bhlnklify.afraid.orgStandard query response, No such name
    tsyunetwmi.hn.orgStandard query response A 127.0.0.1
    exrjbk.yi.orgStandard query response A 143.215.15.60
    fndvrix.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    ryhszzinxss.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    ooyvsk.dynserv.comStandard query response, No such name
    qujuvukbvbq.afraid.orgStandard query response, No such name
    ichyig.hn.orgStandard query response A 127.0.0.1
    gtyeywobh.yi.orgStandard query response A 143.215.15.60
    vfpqyv.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    cnntzas.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    lslpcl.dynserv.comStandard query response, No such name
    qqycilcd.afraid.orgStandard query response, No such name
    aflnxlpko.hn.orgStandard query response A 127.0.0.1
    yeaigapqs.yi.orgStandard query response A 143.215.15.60
    eivysjix.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    aazuxmmqqkq.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    rzstdrbnzs.dynserv.comStandard query response, No such name
    jqevnl.afraid.orgStandard query response, No such name
    yrztpzjou.hn.orgStandard query response A 127.0.0.1
    rdjqleu.yi.orgStandard query response A 143.215.15.60
    yldgjpojof.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    qjdvlkr.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    yxnhwhmrckk.dynserv.comStandard query response, No such name
    idgucupep.afraid.orgStandard query response, No such name
    dkpkkvkvdzm.hn.orgStandard query response A 127.0.0.1
    lvzxlhmjfje.yi.orgStandard query response, No such name
    sfowpix.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    fuyofzgrbdj.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    rjzjxmnvxcu.dynserv.comStandard query response, No such name
    njpwrj.afraid.orgStandard query response, No such name
    kkqsox.hn.orgStandard query response A 127.0.0.1
    wrompw.yi.orgStandard query response A 143.215.15.60
    tnwuaqh.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    xypvxdnurje.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    ajfgffpjh.dynserv.comStandard query response, No such name
    bxffhm.afraid.orgStandard query response, No such name
    opdyes.hn.orgStandard query response A 127.0.0.1
    ddujmhzyhlg.yi.orgStandard query response, No such name
    wovygce.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    druuvb.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    yleamly.dynserv.comStandard query response, No such name
    cludphxadw.afraid.orgStandard query response, No such name
    xeulvjqoyup.hn.orgStandard query response A 127.0.0.1
    uvotww.yi.orgStandard query response, No such name
    utnmaalui.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    gzyaymegja.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    rapirpixlwo.dynserv.comStandard query response, No such name
    ivrzxfebv.afraid.orgStandard query response, No such name
    xmutobdw.hn.orgStandard query response A 127.0.0.1
    oawdzeux.yi.orgStandard query response, No such name
    ywrepa.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    dvblqvgnmgg.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    vmwovxidv.dynserv.comStandard query response, No such name
    likhmmkgo.afraid.orgStandard query response, No such name
    hbotqdnejfx.hn.orgStandard query response A 127.0.0.1
    mzlbom.yi.orgStandard query response, No such name
    kzpshxi.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    ckmknwzcmn.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    pomwfvizn.dynserv.comStandard query response, No such name
    goswkcozwpb.afraid.orgStandard query response, No such name
    vubwaxcjy.hn.orgStandard query response A 127.0.0.1
    bkqlwznbxa.yi.orgStandard query response, No such name
    qiilumf.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    xictoed.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    qmdcva.dynserv.comStandard query response, No such name
    nmgpoqqiwmh.afraid.orgStandard query response A 127.0.0.2

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    193.74.22.160ftp.scarlet.be/pub/mozilla.org/firefox/releases/1.0/win32/en-US/Firefox%20Setup%201.0.exeMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60fcnhysydw.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57dlivmg.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57neytteybbo.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60kpxvrvdefs.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57qeqfsvxousx.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57imtoey.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60dgwigom.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57mfltoqgqt.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57ksfvgfrf.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60orugtuapnzu.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57gyssafafiq.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57ihhyzby.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60exrjbk.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57fndvrix.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57ryhszzinxss.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60gtyeywobh.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57vfpqyv.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57cnntzas.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60yeaigapqs.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57eivysjix.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57aazuxmmqqkq.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60rdjqleu.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57yldgjpojof.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57qjdvlkr.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57sfowpix.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57fuyofzgrbdj.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60wrompw.yi.org/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57tnwuaqh.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57xypvxdnurje.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57wovygce.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57druuvb.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57utnmaalui.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57gzyaymegja.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57ywrepa.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57dvblqvgnmgg.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57kzpshxi.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57ckmknwzcmn.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57qiilumf.1dumb.com/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57xictoed.3-a.net/reg?u=712EBAD9&v=187&s=2000&su=139735&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    657446811510449825
    17203500

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    2561410866606
    80646336710812443747
    655206979161145472
    190017203500

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    00:09:432011-07-27610.10.10.794.63.149.150-> e 636552013832
    00:09:432011-07-27610.10.10.765.55.92.184-> e 32257424
    00:09:432011-07-27610.10.10.764.12.90.33-> e 62259554
    00:09:442011-07-27610.10.10.7193.74.22.160-> e 648011972713
    00:09:452011-07-27610.10.10.7193.74.22.160-> e 658091014
    00:09:452011-07-27610.10.10.7205.188.159.42-> e 33258494
    00:09:492011-07-27610.10.10.794.63.149.150-> e 636552011660
    00:09:542011-07-27610.10.10.794.63.149.150-> e 63655207420
    00:10:262011-07-27610.10.10.794.63.149.150-> e 4416552015952
    00:10:312011-07-27610.10.10.794.63.149.150-> e 4416552010600
    00:10:352011-07-27610.10.10.7143.215.15.60-> e 2098091001
    00:10:362011-07-27610.10.10.794.63.149.150-> e 441655206360
    00:10:362011-07-27610.10.10.7143.215.15.60-> e 4428091001
    00:10:382011-07-27610.10.10.764.158.56.57-> e 4828091001
    00:10:392011-07-27610.10.10.764.158.56.57-> e 3768091001
    00:10:402011-07-27610.10.10.764.158.56.57-> e 2108091003
    00:10:422011-07-27610.10.10.764.158.56.57-> e 4438091003
    00:10:462011-07-27610.10.10.7143.215.15.60-> e 4848091002
    00:10:482011-07-27610.10.10.7143.215.15.60-> e 4458091002
    00:10:492011-07-27610.10.10.763.251.179.57-> e 4858091006
    00:10:502011-07-27610.10.10.763.251.179.57-> e 4868091006
    00:10:512011-07-27610.10.10.763.251.179.57-> e 487809999
    00:10:532011-07-27610.10.10.763.251.179.57-> e 334809999
    00:10:582011-07-27610.10.10.7143.215.15.60-> e 187809999
    00:10:592011-07-27610.10.10.7143.215.15.60-> e 488809999
    00:11:002011-07-27610.10.10.764.158.56.57-> e 1418091004
    00:11:022011-07-27610.10.10.764.158.56.57-> e 4968091004
    00:11:032011-07-27610.10.10.764.158.56.57-> e 4978091001
    00:11:042011-07-27610.10.10.764.158.56.57-> e 1288091001
    00:11:072011-07-27610.10.10.794.63.149.150-> e 396552015952
    00:11:092011-07-27610.10.10.7143.215.15.60-> e 188091003
    00:11:102011-07-27610.10.10.7143.215.15.60-> e 418091003
    00:11:122011-07-27610.10.10.763.251.179.57-> e 198091005
    00:11:122011-07-27610.10.10.794.63.149.150-> e 396552011660
    00:11:132011-07-27610.10.10.763.251.179.57-> e 3158091005
    00:11:142011-07-27610.10.10.763.251.179.57-> e 4208091000
    00:11:162011-07-27610.10.10.763.251.179.57-> e 868091000
    00:11:172011-07-27610.10.10.794.63.149.150-> e 39655205300
    00:11:202011-07-27610.10.10.7143.215.15.60-> e 100809998
    00:11:222011-07-27610.10.10.7143.215.15.60-> e 101809998
    00:11:232011-07-27610.10.10.764.158.56.57-> e 3898091002
    00:11:242011-07-27610.10.10.764.158.56.57-> e 4228091002
    00:11:262011-07-27610.10.10.764.158.56.57-> e 428091004
    00:11:272011-07-27610.10.10.764.158.56.57-> e 908091004
    00:11:322011-07-27610.10.10.7143.215.15.60-> e 4178091001
    00:11:332011-07-27610.10.10.7143.215.15.60-> e 4188091001
    00:11:352011-07-27610.10.10.763.251.179.57-> e 1198091001
    00:11:362011-07-27610.10.10.763.251.179.57-> e 3788091001
    00:11:372011-07-27610.10.10.763.251.179.57-> e 5048091000
    00:11:392011-07-27610.10.10.763.251.179.57-> e 5058091000
    00:11:432011-07-27610.10.10.7143.215.15.60-> e 3678091001
    00:11:452011-07-27610.10.10.7143.215.15.60-> e 4688091001
    00:11:462011-07-27610.10.10.764.158.56.57-> e 2508091003
    00:11:482011-07-27610.10.10.794.63.149.150-> e 2516552015952
    00:11:472011-07-27610.10.10.764.158.56.57-> e 5068091003
    00:11:492011-07-27610.10.10.764.158.56.57-> e 2528091004
    00:11:502011-07-27610.10.10.764.158.56.57-> e 5078091004
    00:11:532011-07-27610.10.10.794.63.149.150-> e 2516552011660
    00:11:552011-07-27610.10.10.7143.215.15.60-> e 520809999
    00:11:562011-07-27610.10.10.7143.215.15.60-> e 521809999
    00:11:582011-07-27610.10.10.794.63.149.150-> e 251655205300
    00:12:002011-07-27610.10.10.763.251.179.57-> e 5228091005
    00:12:022011-07-27610.10.10.763.251.179.57-> e 5238091005
    00:12:042011-07-27610.10.10.763.251.179.57-> e 5248091000
    00:12:062011-07-27610.10.10.763.251.179.57-> e 5258091000
    00:12:132011-07-27610.10.10.763.251.179.57-> e 5278091002
    00:12:142011-07-27610.10.10.763.251.179.57-> e 5288091002
    00:12:152011-07-27610.10.10.763.251.179.57-> e 5298091004
    00:12:172011-07-27610.10.10.763.251.179.57-> e 5308091004
    00:12:222011-07-27610.10.10.7143.215.15.60-> e 569809998
    00:12:232011-07-27610.10.10.7143.215.15.60-> e 570809998
    00:12:252011-07-27610.10.10.764.158.56.57-> e 5728091002
    00:12:262011-07-27610.10.10.764.158.56.57-> e 6118091002
    00:12:272011-07-27610.10.10.764.158.56.57-> e 6378091004
    00:12:292011-07-27610.10.10.794.63.149.150-> e 6396552015952
    00:12:292011-07-27610.10.10.764.158.56.57-> e 6388091004
    00:12:342011-07-27610.10.10.794.63.149.150-> e 6396552010600
    00:12:342011-07-27610.10.10.764.158.56.57-> e 1128091002
    00:12:352011-07-27610.10.10.764.158.56.57-> e 1138091002
    00:12:372011-07-27610.10.10.764.158.56.57-> e 213809999
    00:12:382011-07-27610.10.10.764.158.56.57-> e 177809999
    00:12:392011-07-27610.10.10.794.63.149.150-> e 639655206360
    00:12:482011-07-27610.10.10.764.158.56.57-> e 6588091004
    00:12:492011-07-27610.10.10.764.158.56.57-> e 6598091004
    00:12:512011-07-27610.10.10.764.158.56.57-> e 6608091003
    00:12:522011-07-27610.10.10.764.158.56.57-> e 258091003
    00:13:022011-07-27610.10.10.764.158.56.57-> e 1998091001
    00:13:032011-07-27610.10.10.764.158.56.57-> e 2008091001
    00:13:052011-07-27610.10.10.764.158.56.57-> e 6618091004
    00:13:062011-07-27610.10.10.764.158.56.57-> e 6628091004
    00:13:102011-07-27610.10.10.794.63.149.150-> e 68065520171066
    00:13:152011-07-27610.10.10.794.63.149.150-> e 6806552010600
    00:13:162011-07-27610.10.10.763.251.179.57-> e 6948091002
    00:13:172011-07-27610.10.10.763.251.179.57-> e 6958091002
    00:13:192011-07-27610.10.10.763.251.179.57-> e 6968091003
    00:13:202011-07-27610.10.10.763.251.179.57-> e 6978091003
    00:13:202011-07-27610.10.10.794.63.149.150-> e 680655206360
    00:13:252011-07-27610.10.10.763.251.179.57-> e 7008091002
    00:13:272011-07-27610.10.10.763.251.179.57-> e 7018091002
    00:13:282011-07-27610.10.10.763.251.179.57-> e 7028091000
    00:13:292011-07-27610.10.10.763.251.179.57-> e 7038091000
    00:15:142011-07-271710.10.10.7239.255.255.250-> e 819002350

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location