Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
  • MD5 =a7378d8c35b67738f9f81a642f02c09e

    • Malware Report - Results

    File MD5SumSHA1SUMSHA256SUMFUZZY HASHFile Size
    a7378d8c35b67738f9f81a642f02c09e4ed1297e88af67ede033303abbe383e7509275f2fe2cd65c93bfc8db4fef11074a739fad1bf2fa938ef8b7b776634e9163abb8c31536:TUN5W4fcYqVJ5djn21N8VrnAu/X6FFggE2JfqpgtnyvKIyU8OB:W5bfcfV3dPVEuUBJfqmtgtA122880

    File Results

    File Name
    hpsrvui.exe

    SNORT Results

    Snort ClassSnort AlertCount
    A Network Trojan was DetectedET ATTACK_RESPONSE IRC - Nick change on non-std port6

    AV Results

    AV AlertAV Vendor
    W32.Bobax!drSymantec
    W32/Bobax.worm.genMcAfee
    Backdoor.Win32.Donbot.pKaspersky

    Folders (Added) - ICC Results

    PathFolder Name
    c:/Documents and Settings/dmc73144/Local Settings/TempCookies
    c:/Documents and Settings/dmc73144/Local Settings/TempHistory
    c:/Documents and Settings/dmc73144/Local Settings/Temp/HistoryHistory.IE5
    c:/Documents and Settings/dmc73144/Local Settings/TempTemporary Internet Files
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet FilesContent.IE5
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE53FILPG4S
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5DJW1OE7H
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5QR6TCDWF
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5R9D3T4AA

    Files (Added) - ICC Results

    PathFile Name
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Cookiesindex.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp/History/History.IE5desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/History/History.IE5index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/3FILPG4Sdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5desktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/DJW1OE7Hdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5index.dat
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/QR6TCDWFdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp/Temporary Internet Files/Content.IE5/R9D3T4AAdesktop.ini
    c:/Documents and Settings/dmc73144/Local Settings/Temp~1.tmp
    c:/Documents and Settings/dmc73144/Local Settings/Temp~DF2.tmp
    c:/WINDOWS/PrefetchNETSH.EXE-085CFFDE.pf
    c:/WINDOWS/PrefetchSANDNET.EXE-2012C478.pf
    c:/WINDOWS/PrefetchSC.EXE-012262AF.pf
    c:/WINDOWS/Prefetch~1.TMP.EXE-0B3B52A3.pf
    c:/WINDOWS/system32zckuon.exe
    c:netstat_post.txt
    c:taskv_post.txt

    Files (Deleted) - ICC Results

    ActionPathFile Name

    Files (Changed) - ICC Results

    ActionPathFile Name
    modifiedc:/Documents and Settings/dmc73144/Cookiesindex.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/History/History.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5index.dat
    modifiedc:/Documents and Settings/dmc73144ntuser.dat.LOG
    modifiedc:/Program Files/Adobe/Reader 8.0/ReaderAdobeCollabSync.exe
    modifiedc:/Program Files/OpenSSH/binsh.exe
    modifiedc:/Program Files/OpenSSH/binswitch.exe
    modifiedc:/WINDOWS/PrefetchCMD.EXE-087B4001.pf
    modifiedc:/WINDOWS/PrefetchHSTART.EXE-221D72BF.pf
    modifiedc:/WINDOWS/PrefetchNETSTAT.EXE-2B2B4428.pf
    modifiedc:/WINDOWS/PrefetchSH.EXE-00254D2B.pf
    modifiedc:/WINDOWS/PrefetchSLEEP.EXE-094A3D2A.pf
    modifiedc:/WINDOWS/PrefetchSSHD.EXE-298CA236.pf
    modifiedc:/WINDOWS/PrefetchSWITCH.EXE-0496EC21.pf
    modifiedc:/WINDOWS/PrefetchTASKLIST.EXE-10D94B23.pf
    modifiedc:/WINDOWS/system32/configdefault.LOG
    modifiedc:/WINDOWS/system32/configsoftware.LOG
    modifiedc:/WINDOWS/system32/configsystem.LOG
    modifiedc:/WINDOWS/system32/drivers/etchosts
    modifiedc:/WINDOWS/system32netsh.exe
    modifiedc:/WINDOWS/system32netstat.exe
    modifiedc:/WINDOWS/system32sc.exe
    modifiedc:/WINDOWS/system32tasklist.exe
    modifiedc:/WINDOWS/system32/wbem/Logswmiprov.log
    modifiedc:/WINDOWS/system32/wbem/Repository/FSINDEX.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING.VER
    modifiedc:/WINDOWS/system32/wbem/Repository/FSMAPPING2.MAP
    modifiedc:/WINDOWS/system32/wbem/Repository/FSOBJECTS.MAP

    Registry Keys (Added) - ICC Results

    ActionPath

    Registry Values (Added) - ICC Results

    ActionPathVal_NameVal_Data

    Registry Values (Deleted) - ICC Results

    ActionPathVal_NameVal_TypeMod_Val_TypeVal_DataMod_Val_Data

    Registry Values (Changed) - ICC Results

    ActionPathVal_NameVal_DataMod_Val_Data
    modifiedHKLM/SOFTWARE/Microsoft/Cryptography/RNGSeed8E F3 7A D4 03 1E 96 FA E7 A4 1D FB A8 A9 F1 83 8B 08 E3 2C CE 54 A1 68 CE 3E C5 A2 A6 06 E9 F6 39 F3 BE BF 04 43 B9 F2 AC 8E AF 9E 59 A1 0C C0 20 F0 38 D4 B3 F
    modifiedHKLM/SOFTWARE/Microsoft/Security CenterAntiVirusOverride0x00000000 0x00000001
    modifiedHKLM/SOFTWARE/Microsoft/Security CenterFirewallOverride0x00000000 0x00000001
    modifiedHKLM/SYSTEM/ControlSet001/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKLM/SYSTEM/CurrentControlSet/Services/SharedAccessStart0x00000002 0x00000004
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/ConnectionsSavedLegacySettings3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00 3C 00 00 00 16 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
    modifiedHKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformationProgramCount0x00000002 0x00000001
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCookiesC:Documents and SettingsDefault UserCookies "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersCacheC:Documents and SettingsDefault UserLocal SettingsTemporary Internet Files "C
    modifiedHKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Explorer/Shell FoldersHistoryC:Documents and SettingsDefault UserLocal SettingsHistory "C

    DNS Results

    DNSDNS Response
    mx1.hotmail.comStandard query response A 65.55.37.104 A 65.55.37.120 A 65.55.92.136 A 65.55.92.152 A 65.55.92.168 A 65.55.92.184 A 65.54.188.72 A 65.54.188.94 A 65.54.188.110 A 65.54.188.126 A 65.55.37.72 A 65.55.37.88
    mailin-04.mx.aol.comStandard query response A 64.12.90.66 A 64.12.138.161 A 205.188.103.2 A 205.188.146.194 A 64.12.90.34
    proxim.ircgalaxy.plStandard query response A 94.63.149.150
    ftp.icq.comStandard query response CNAME ftp.orange.icq.com A 178.237.25.52
    mailin-01.mx.aol.comStandard query response A 64.12.90.98 A 205.188.59.194 A 205.188.146.193 A 205.188.159.42 A 64.12.90.1
    yutunrz.1dumb.comStandard query response A 127.0.0.1
    mcduii.3-a.netStandard query response A 127.0.0.1
    jdjsloy.dynserv.comStandard query response, No such name
    wyqggvow.afraid.orgStandard query response A 127.0.0.2
    nttstziinpa.hn.orgStandard query response A 127.0.0.1
    fcnhysydw.yi.orgStandard query response A 143.215.15.60
    dlivmg.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    neytteybbo.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    fzzdik.dynserv.comStandard query response, No such name
    pkvgzaecagx.afraid.orgStandard query response, No such name
    yraqztt.hn.orgStandard query response A 127.0.0.1
    kpxvrvdefs.yi.orgStandard query response A 143.215.15.60
    qeqfsvxousx.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    imtoey.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    jrscqsshxs.dynserv.comStandard query response, No such name
    yjjtuvsro.afraid.orgStandard query response, No such name
    firradbqzku.hn.orgStandard query response A 127.0.0.1
    dgwigom.yi.orgStandard query response A 143.215.15.60
    mfltoqgqt.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    ksfvgfrf.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    uhqoyjlu.dynserv.comStandard query response, No such name
    bdtjkffl.afraid.orgStandard query response, No such name
    ipurfbqpsdj.hn.orgStandard query response A 127.0.0.1
    orugtuapnzu.yi.orgStandard query response A 143.215.15.60
    gyssafafiq.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    ihhyzby.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    pvxkideqlen.dynserv.comStandard query response, No such name
    bhlnklify.afraid.orgStandard query response, No such name
    tsyunetwmi.hn.orgStandard query response A 127.0.0.1
    exrjbk.yi.orgStandard query response A 143.215.15.60
    fndvrix.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    ryhszzinxss.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    ooyvsk.dynserv.comStandard query response, No such name
    qujuvukbvbq.afraid.orgStandard query response, No such name
    ichyig.hn.orgStandard query response A 127.0.0.1
    gtyeywobh.yi.orgStandard query response A 143.215.15.60
    vfpqyv.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    cnntzas.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    lslpcl.dynserv.comStandard query response, No such name
    qqycilcd.afraid.orgStandard query response, No such name
    aflnxlpko.hn.orgStandard query response A 127.0.0.1
    yeaigapqs.yi.orgStandard query response A 143.215.15.60
    eivysjix.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    aazuxmmqqkq.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    rzstdrbnzs.dynserv.comStandard query response, No such name
    jqevnl.afraid.orgStandard query response, No such name
    yrztpzjou.hn.orgStandard query response A 127.0.0.1
    rdjqleu.yi.orgStandard query response A 143.215.15.60
    yldgjpojof.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    qjdvlkr.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    yxnhwhmrckk.dynserv.comStandard query response, No such name
    idgucupep.afraid.orgStandard query response, No such name
    dkpkkvkvdzm.hn.orgStandard query response A 127.0.0.1
    lvzxlhmjfje.yi.orgStandard query response, No such name
    sfowpix.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    fuyofzgrbdj.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    rjzjxmnvxcu.dynserv.comStandard query response, No such name
    njpwrj.afraid.orgStandard query response, No such name
    kkqsox.hn.orgStandard query response A 127.0.0.1
    wrompw.yi.orgStandard query response A 143.215.15.60
    tnwuaqh.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    xypvxdnurje.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    ajfgffpjh.dynserv.comStandard query response, No such name
    bxffhm.afraid.orgStandard query response, No such name
    opdyes.hn.orgStandard query response A 127.0.0.1
    ddujmhzyhlg.yi.orgStandard query response, No such name
    wovygce.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    druuvb.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    yleamly.dynserv.comStandard query response, No such name
    cludphxadw.afraid.orgStandard query response, No such name
    xeulvjqoyup.hn.orgStandard query response A 127.0.0.1
    uvotww.yi.orgStandard query response, No such name
    utnmaalui.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    gzyaymegja.3-a.netStandard query response A 63.251.179.57 A 64.158.56.57
    rapirpixlwo.dynserv.comStandard query response, No such name
    ivrzxfebv.afraid.orgStandard query response, No such name
    xmutobdw.hn.orgStandard query response A 127.0.0.1
    oawdzeux.yi.orgStandard query response, No such name
    ywrepa.1dumb.comStandard query response A 63.251.179.57 A 64.158.56.57
    proxim.ircgalaxy.plStandard query response A 60.190.222.139
    dvblqvgnmgg.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    vmwovxidv.dynserv.comStandard query response, No such name
    likhmmkgo.afraid.orgStandard query response, No such name
    hbotqdnejfx.hn.orgStandard query response A 127.0.0.1
    mzlbom.yi.orgStandard query response, No such name
    kzpshxi.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    ckmknwzcmn.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    pomwfvizn.dynserv.comStandard query response, No such name
    goswkcozwpb.afraid.orgStandard query response, No such name
    vubwaxcjy.hn.orgStandard query response A 127.0.0.1
    bkqlwznbxa.yi.orgStandard query response, No such name
    qiilumf.1dumb.comStandard query response A 64.158.56.57 A 63.251.179.57
    xictoed.3-a.netStandard query response A 64.158.56.57 A 63.251.179.57
    qmdcva.dynserv.comStandard query response, No such name
    nmgpoqqiwmh.afraid.orgStandard query response A 127.0.0.2

    URL Results

    DstIPHTTP_HOSTHTTP_REQUEST_URIHTTP_USER_AGENTPROTOCOL
    178.237.25.52ftp.icq.com/pub/ICQ_Win95_98_NT4/ICQ_4/Lite_Edition/icq4_setup.exeMozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60fcnhysydw.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57dlivmg.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57neytteybbo.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60kpxvrvdefs.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57qeqfsvxousx.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57imtoey.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60dgwigom.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57mfltoqgqt.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57ksfvgfrf.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60orugtuapnzu.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57gyssafafiq.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57ihhyzby.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60exrjbk.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57fndvrix.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57ryhszzinxss.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60gtyeywobh.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57vfpqyv.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57cnntzas.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60yeaigapqs.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57eivysjix.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57aazuxmmqqkq.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60rdjqleu.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57yldgjpojof.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57qjdvlkr.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57sfowpix.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57fuyofzgrbdj.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    143.215.15.60wrompw.yi.org/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57tnwuaqh.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57xypvxdnurje.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57wovygce.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57druuvb.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57utnmaalui.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57gzyaymegja.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    63.251.179.57ywrepa.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57dvblqvgnmgg.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57kzpshxi.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57ckmknwzcmn.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57qiilumf.1dumb.com/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    64.158.56.57xictoed.3-a.net/reg?u=712EBAD9&v=187&s=1896&su=123419&p=1&e=0&o=0&a=0&wr=75Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)0x06
    239.255.255.250239.255.255.250:1900*--blank--0x11

    ARGUS PROTOCOL Results

    PROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    657546611515049727
    17101750

    ARGUS DPORT Results

    DPORTPROTOCOLSRC_PKTSDST_PKTSSRC_BYTESDST_BYTES
    2561511948688
    80646436510814243627
    655206969060605412
    190017101750

    ARGUS DATA Results

    TimeDateProtocolSrcIPDstIPDirFlagsSportDportPktsBytes
    22:57:232011-07-26610.10.10.765.55.37.104-> e 56256364
    22:57:232011-07-26610.10.10.764.12.90.66-> e 44259554
    22:57:242011-07-26610.10.10.794.63.149.150-> e 206552013832
    22:57:242011-07-26610.10.10.7178.237.25.52-> e 1088011872634
    22:57:262011-07-26610.10.10.764.12.90.98-> e 3162511718
    22:57:262011-07-26610.10.10.7178.237.25.52-> e 311809991
    22:57:292011-07-26610.10.10.794.63.149.150-> e 206552011660
    22:57:342011-07-26610.10.10.794.63.149.150-> e 20655207420
    22:58:062011-07-26610.10.10.794.63.149.150-> e 5166552015952
    22:58:112011-07-26610.10.10.794.63.149.150-> e 5166552011660
    22:58:162011-07-26610.10.10.794.63.149.150-> e 516655205300
    22:58:172011-07-26610.10.10.7143.215.15.60-> e 5458091001
    22:58:182011-07-26610.10.10.7143.215.15.60-> e 4538091001
    22:58:202011-07-26610.10.10.763.251.179.57-> e 5468091001
    22:58:212011-07-26610.10.10.763.251.179.57-> e 5478091001
    22:58:222011-07-26610.10.10.763.251.179.57-> e 5488091003
    22:58:242011-07-26610.10.10.763.251.179.57-> e 5498091003
    22:58:282011-07-26610.10.10.7143.215.15.60-> e 5528091002
    22:58:302011-07-26610.10.10.7143.215.15.60-> e 5538091002
    22:58:312011-07-26610.10.10.764.158.56.57-> e 5548091006
    22:58:322011-07-26610.10.10.764.158.56.57-> e 5558091006
    22:58:342011-07-26610.10.10.764.158.56.57-> e 556809999
    22:58:352011-07-26610.10.10.764.158.56.57-> e 557809999
    22:58:402011-07-26610.10.10.7143.215.15.60-> e 368809999
    22:58:412011-07-26610.10.10.7143.215.15.60-> e 599809999
    22:58:432011-07-26610.10.10.763.251.179.57-> e 6008091004
    22:58:442011-07-26610.10.10.763.251.179.57-> e 2568091004
    22:58:452011-07-26610.10.10.763.251.179.57-> e 2558091001
    22:58:472011-07-26610.10.10.763.251.179.57-> e 6018091001
    22:58:472011-07-26610.10.10.794.63.149.150-> e 3226552015952
    22:58:522011-07-26610.10.10.7143.215.15.60-> e 6048091003
    22:58:522011-07-26610.10.10.794.63.149.150-> e 3226552011660
    22:58:532011-07-26610.10.10.7143.215.15.60-> e 6058091003
    22:58:542011-07-26610.10.10.764.158.56.57-> e 6068091005
    22:58:562011-07-26610.10.10.764.158.56.57-> e 3908091005
    22:58:572011-07-26610.10.10.764.158.56.57-> e 1608091000
    22:58:582011-07-26610.10.10.794.63.149.150-> e 322655205300
    22:58:582011-07-26610.10.10.764.158.56.57-> e 1618091000
    22:59:032011-07-26610.10.10.7143.215.15.60-> e 22809998
    22:59:052011-07-26610.10.10.7143.215.15.60-> e 323809998
    22:59:062011-07-26610.10.10.763.251.179.57-> e 4038091002
    22:59:082011-07-26610.10.10.763.251.179.57-> e 6288091002
    22:59:092011-07-26610.10.10.763.251.179.57-> e 6298091004
    22:59:102011-07-26610.10.10.763.251.179.57-> e 2928091004
    22:59:152011-07-26610.10.10.7143.215.15.60-> e 1938091001
    22:59:162011-07-26610.10.10.7143.215.15.60-> e 498091001
    22:59:182011-07-26610.10.10.764.158.56.57-> e 238091001
    22:59:192011-07-26610.10.10.764.158.56.57-> e 78091001
    22:59:202011-07-26610.10.10.764.158.56.57-> e 2218091000
    22:59:222011-07-26610.10.10.764.158.56.57-> e 4118091000
    22:59:262011-07-26610.10.10.7143.215.15.60-> e 6308091001
    22:59:282011-07-26610.10.10.7143.215.15.60-> e 4558091001
    22:59:282011-07-26610.10.10.794.63.149.150-> e 63165520161012
    22:59:292011-07-26610.10.10.763.251.179.57-> e 4568091003
    22:59:302011-07-26610.10.10.763.251.179.57-> e 6328091003
    22:59:322011-07-26610.10.10.763.251.179.57-> e 1778091004
    22:59:332011-07-26610.10.10.763.251.179.57-> e 6438091004
    22:59:332011-07-26610.10.10.794.63.149.150-> e 6316552010600
    22:59:382011-07-26610.10.10.794.63.149.150-> e 631655205300
    22:59:392011-07-26610.10.10.7143.215.15.60-> e 459809999
    22:59:412011-07-26610.10.10.7143.215.15.60-> e 645809999
    22:59:432011-07-26610.10.10.764.158.56.57-> e 4608091005
    22:59:452011-07-26610.10.10.764.158.56.57-> e 6468091005
    22:59:482011-07-26610.10.10.764.158.56.57-> e 6478091000
    22:59:502011-07-26610.10.10.764.158.56.57-> e 6488091000
    22:59:562011-07-26610.10.10.764.158.56.57-> e 6528091002
    22:59:582011-07-26610.10.10.764.158.56.57-> e 6538091002
    22:59:592011-07-26610.10.10.764.158.56.57-> e 6558091004
    23:00:002011-07-26610.10.10.764.158.56.57-> e 6568091004
    23:00:072011-07-26610.10.10.7143.215.15.60-> e 673809998
    23:00:082011-07-26610.10.10.7143.215.15.60-> e 766809998
    23:00:092011-07-26610.10.10.794.63.149.150-> e 7676552015952
    23:00:102011-07-26610.10.10.763.251.179.57-> e 7688091002
    23:00:112011-07-26610.10.10.763.251.179.57-> e 7698091002
    23:00:122011-07-26610.10.10.763.251.179.57-> e 7708091004
    23:00:142011-07-26610.10.10.763.251.179.57-> e 7718091004
    23:00:142011-07-26610.10.10.794.63.149.150-> e 7676552011660
    23:00:192011-07-26610.10.10.794.63.149.150-> e 767655205300
    23:00:222011-07-26610.10.10.763.251.179.57-> e 7748091002
    23:00:232011-07-26610.10.10.763.251.179.57-> e 7758091002
    23:00:242011-07-26610.10.10.763.251.179.57-> e 816809999
    23:00:262011-07-26610.10.10.763.251.179.57-> e 819809999
    23:00:352011-07-26610.10.10.763.251.179.57-> e 8228091004
    23:00:372011-07-26610.10.10.763.251.179.57-> e 8238091004
    23:00:382011-07-26610.10.10.763.251.179.57-> e 8248091003
    23:00:392011-07-26610.10.10.763.251.179.57-> e 8258091003
    23:00:492011-07-26610.10.10.763.251.179.57-> e 8338091001
    23:00:512011-07-26610.10.10.760.190.222.139-> e 8726552015952
    23:00:512011-07-26610.10.10.763.251.179.57-> e 8718091001
    23:00:522011-07-26610.10.10.764.158.56.57-> e 8738091004
    23:00:532011-07-26610.10.10.764.158.56.57-> e 8748091004
    23:00:562011-07-26610.10.10.760.190.222.139-> e 8726552011660
    23:01:012011-07-26610.10.10.760.190.222.139-> e 872655205300
    23:01:032011-07-26610.10.10.764.158.56.57-> e 8778091002
    23:01:052011-07-26610.10.10.764.158.56.57-> e 8788091002
    23:01:062011-07-26610.10.10.764.158.56.57-> e 8798091003
    23:01:072011-07-26610.10.10.764.158.56.57-> e 8808091003
    23:01:132011-07-26610.10.10.764.158.56.57-> e 8838091002
    23:01:142011-07-26610.10.10.764.158.56.57-> e 8848091002
    23:01:152011-07-26610.10.10.764.158.56.57-> e 8858091000
    23:01:172011-07-26610.10.10.764.158.56.57-> e 8868091000
    23:02:562011-07-261710.10.10.7239.255.255.250-> e 819001175

    Packer Results

    Packer Name

    HoneyTrap Results

    Honey Trap Log File Location

    PTFB Results

    PTFB Log File Location