File MD5Sum | SHA1SUM | SHA256SUM | FUZZY HASH | File Size |
---|---|---|---|---|
8f5173da17f9ba2cb97ded22bf9c40d4 | 3d84525bd591589956689be05cad8de9f985765a | 885d1cbd606b166ecf20132d4a309c46ef6ed27325bbe8600954f62f3e95aa25 | 12288:xTUEMqBOkErRLvUoIUwlr/APWgIw80+rWyd7cx2JCT:NUEM6ErRLFIb1/A+7Kyd3JC | 501155 |
File Name |
---|
ctfmon.exe |
Snort Class | Snort Alert | Count |
---|---|---|
N/A | No snort alerts generated | 0 |
AV Alert | AV Vendor |
---|
Path | Folder Name |
---|---|
c:/Documents and Settings/dmc73144/Local Settings/Temp | nsg3.tmp |
Action | Path | File Name |
---|
Action | Path |
---|
Action | Path | Val_Name | Val_Data |
---|
Action | Path | Val_Name | Val_Type | Mod_Val_Type | Val_Data | Mod_Val_Data |
---|
Action | Path | Val_Name | Val_Data | Mod_Val_Data |
---|---|---|---|---|
modified | HKLM/SOFTWARE/Microsoft/Cryptography/RNG | Seed | BD 93 11 2F EB 00 AF 49 42 10 F3 A6 96 8D F5 EE 78 7E A0 84 46 A3 DB 7B E7 04 21 | 34 66 61 25 BE 1E 71 2E FE 7D 44 A5 F6 92 70 56 6A 38 4B E3 08 74 EA 4D 4E 7B B |
modified | HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication | Name | "msoobe.exe" | "svchost.exe" |
modified | HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication | ID | 0x3B7D853E | 0x41107ED6 |
modified | HKLM/SOFTWARE/Microsoft/Windows NT/CurrentVersion/ProfileList/S-1-5-19 | RefCount | 0x00000002 | 0x00000001 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/ControlSet001/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess | Start | 0x00000002 | 0x00000004 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch | Epoch | 0x00000104 | 0x00000105 |
modified | HKLM/SYSTEM/CurrentControlSet/Services/wscsvc | Start | 0x00000002 | 0x00000004 |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | CurrentLevel | 0x00011000 | 0x00000000 |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | 1601 | 0x00000001 | 0x00000000 |
modified | HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | 1A10 | 0x00000001 | 0x00000000 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections | SavedLegacySettings | 3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 | 3C 00 00 00 19 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0 |
modified | HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation | ProgramCount | 0x00000002 | 0x00000001 |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | CurrentLevel | 0x00011000 | 0x00000000 |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | 1601 | 0x00000001 | 0x00000000 |
modified | HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Zones/3 | 1A10 | 0x00000001 | 0x00000000 |
DNS | DNS Response |
---|---|
ikea.com | Standard query response A 192.71.68.7 |
sitesell.com | Standard query response A 66.43.48.39 |
google.ae | Standard query response A 74.125.93.103 A 74.125.93.104 A 74.125.93.105 A 74.125.93.106 A 74.125.93.147 A 74.125.93.99 |
mymita.in | Standard query response A 78.46.109.174 |
aacartel.com | Standard query response A 127.0.0.1 |
baonsale.com | Standard query response A 127.0.0.1 |
rooftopjam.in | Standard query response A 66.228.54.181 |
jumppack.in | Standard query response A 66.228.54.181 |
w.nucleardiscover.com | Standard query response A 60.190.223.75 |
170407db0816.einfoupdate.net | Standard query response, Server failure |
170407db0818.einfoupdate.net | Standard query response, Server failure |
170407db0818.edataupdate.com | Standard query response, Server failure |
hk9sk2mfmf3h0.com | Standard query response A 194.242.2.62 A 212.36.9.52 |
PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|
6 | 112 | 104 | 9484 | 14446 |
17 | 2 | 0 | 350 | 0 |
DPORT | PROTOCOL | SRC_PKTS | DST_PKTS | SRC_BYTES | DST_BYTES |
---|---|---|---|---|---|
80 | 6 | 45 | 42 | 4323 | 10716 |
443 | 6 | 22 | 20 | 1435 | 1204 |
888 | 6 | 45 | 42 | 3726 | 2526 |
1900 | 17 | 2 | 0 | 350 | 0 |
Time | Date | Protocol | SrcIP | DstIP | Dir | Flags | Sport | Dport | Pkts | Bytes |
---|---|---|---|---|---|---|---|---|---|---|
13:21:31 | 2011-08-04 | 6 | 10.10.10.7 | 78.46.109.174 | -> | e | 311 | 80 | 13 | 2413 |
13:21:36 | 2011-08-04 | 6 | 10.10.10.7 | 78.46.109.174 | -> | e | 311 | 80 | 10 | 1965 |
13:21:42 | 2011-08-04 | 6 | 10.10.10.7 | 78.46.109.174 | -> | e | 311 | 80 | 6 | 633 |
13:21:43 | 2011-08-04 | 6 | 10.10.10.7 | 66.228.54.181 | -> | e | 417 | 80 | 13 | 2417 |
13:21:48 | 2011-08-04 | 6 | 10.10.10.7 | 66.228.54.181 | -> | e | 417 | 80 | 11 | 2298 |
13:21:53 | 2011-08-04 | 6 | 10.10.10.7 | 66.228.54.181 | -> | e | 417 | 80 | 5 | 300 |
13:21:54 | 2011-08-04 | 6 | 10.10.10.7 | 66.228.54.181 | -> | e | 367 | 80 | 13 | 2415 |
13:21:57 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 468 | 888 | 14 | 1184 |
13:21:59 | 2011-08-04 | 6 | 10.10.10.7 | 66.228.54.181 | -> | e | 367 | 80 | 11 | 2298 |
13:22:02 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 468 | 888 | 11 | 660 |
13:22:04 | 2011-08-04 | 6 | 10.10.10.7 | 66.228.54.181 | -> | e | 367 | 80 | 5 | 300 |
13:22:08 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 468 | 888 | 4 | 240 |
13:23:10 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 511 | 888 | 13 | 1124 |
13:23:15 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 511 | 888 | 11 | 660 |
13:23:20 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 511 | 888 | 5 | 300 |
13:24:22 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 110 | 888 | 13 | 1124 |
13:24:27 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 110 | 888 | 11 | 660 |
13:24:32 | 2011-08-04 | 6 | 10.10.10.7 | 60.190.223.75 | -> | e | 110 | 888 | 5 | 300 |
13:24:57 | 2011-08-04 | 6 | 10.10.10.7 | 194.242.2.62 | -> | e | 362 | 443 | 13 | 856 |
13:25:02 | 2011-08-04 | 6 | 10.10.10.7 | 194.242.2.62 | -> | e | 362 | 443 | 11 | 660 |
13:25:07 | 2011-08-04 | 6 | 10.10.10.7 | 194.242.2.62 | -> | e | 362 | 443 | 5 | 300 |
13:25:08 | 2011-08-04 | 6 | 10.10.10.7 | 194.242.2.62 | -> | e | 363 | 443 | 13 | 823 |
13:26:57 | 2011-08-04 | 17 | 10.10.10.7 | 239.255.255.250 | -> | e | 8 | 1900 | 2 | 350 |
Packer Name |
---|
Honey Trap Log File Location |
---|
PTFB Log File Location |
---|