Analysis Report for 72992ab286ef3e4329890029303d570c-651ee1f8de21378db4d49ece4d2776f7-1359381592

Comment on this report

Table of Contents
expand all	collapse all
General information 72992ab286.exe C:\72992ab286.exe Primary Analysis Subject General Information a) Registry Activities b) File Activities c) Process Activities d) Other Activities 72992ab286.exe c:\72992ab286.exe Started by 72992ab286.exe General Information a) Registry Activities b) File Activities c) Network Activities

1. General Information

	- Information about Anubis' invocation

Time needed:	249 s
Report created:	01/28/13, 14:03:01 UTC
Termination reason:	Timeout
Program version:	1.76.3886

1.a) - Network Activity

	- HTTP Conversations:

From ANUBIS:1087 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"

2. 72992ab286.exe

	- General information about this executable

Analysis Reason:	Primary Analysis Subject
Filename:	72992ab286.exe
MD5:	b83a6d31726c6f790772ad885f5ba69c
SHA-1:	81e366767ff77f42f52a56e61d81e7d14091f6bc
File Size:	40448 Bytes
Command Line:	"C:\72992ab286.exe"
Process-status at analysis end:	dead
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000
C:\WINDOWS\system32\MSVCRT.dll	0x77C10000	0x00058000
C:\WINDOWS\system32\USER32.DLL	0x7E410000	0x00091000
C:\WINDOWS\system32\GDI32.dll	0x77F10000	0x00049000
C:\WINDOWS\system32\WSOCK32.DLL	0x71AD0000	0x00009000
C:\WINDOWS\system32\WS2_32.dll	0x71AB0000	0x00017000
C:\WINDOWS\system32\ADVAPI32.dll	0x77DD0000	0x0009B000
C:\WINDOWS\system32\RPCRT4.dll	0x77E70000	0x00092000
C:\WINDOWS\system32\Secur32.dll	0x77FE0000	0x00011000
C:\WINDOWS\system32\WS2HELP.dll	0x71AA0000	0x00008000
C:\WINDOWS\system32\WINMM.DLL	0x76B40000	0x0002D000

	- Run-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\uxtheme.dll	0x5AD70000	0x00038000
C:\WINDOWS\system32\COMCTL32.DLL	0x5D090000	0x0009A000
C:\WINDOWS\system32\msimg32.dll	0x76380000	0x00005000

2.a) 72992ab286.exe - Registry Activities

	- Registry Values Read:

Key	Name	Value	Times
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows	AppInit_DLLs		1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	AuthenticodeEnabled	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	DefaultLevel	262144	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	PolicyScope	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	TransparentEnabled	1	2
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	ItemData	0x5eab304f957a49896a006c1c31154015	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	ItemSize	779	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	ItemData	0x67b0d48b343a3fd3bce9dc646704f394	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	ItemSize	517	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	ItemData	0x327802dcfef8c893dc8ab006dd847d1d	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	ItemSize	918	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	ItemData	0xbd9a2adb42ebd8560e250e4df8162f67	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	ItemSize	229	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	ItemData	0x386b085f84ecf669d36b956a22c01e80	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	ItemSize	370	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}	ItemData	%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}	SaferFlags	0	1
HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	wheel	1	1
HKLM\System\CurrentControlSet\Control\Terminal Server	TSAppCompat	0	3
HKLM\System\CurrentControlSet\Control\Terminal Server	TSUserEnabled	0	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Cache	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files	1

2.b) 72992ab286.exe - File Activities

	- Files Read:

c:\72992ab286.exe

	- File System Control Communication:

File	Control Code	Times
C:\Program Files\Common Files\	0x00090028	1

	- Memory Mapped Files:

File Name

C:\WINDOWS\system32\COMCTL32.DLL

C:\WINDOWS\system32\WINMM.DLL

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\WSOCK32.DLL

C:\WINDOWS\system32\msimg32.dll

C:\WINDOWS\system32\uxtheme.dll

c:\72992ab286.exe

2.c) 72992ab286.exe - Process Activities

	- Processes Created:

Executable	Command Line
c:\72992ab286.exe
c:\72992ab286.exe

	- Remote Threads Created:

Affected Process

c:\72992ab286.exe

	- Foreign Memory Regions Read:

Process: c:\72992ab286.exe

	- Foreign Memory Regions Written:

Process: c:\72992ab286.exe

2.d) 72992ab286.exe - Other Activities

	- Windows SEH exceptions:

Description	Times
Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x77c47613	1

3. 72992ab286.exe

	- General information about this executable

Analysis Reason:	Started by 72992ab286.exe
Filename:	72992ab286.exe
MD5:	b83a6d31726c6f790772ad885f5ba69c
SHA-1:	81e366767ff77f42f52a56e61d81e7d14091f6bc
File Size:	40448 Bytes
Command Line:	"c:\72992ab286.exe"
Process-status at analysis end:	alive
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000

	- Run-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\NETAPI32.dll	0x5B860000	0x00055000
C:\WINDOWS\system32\comctl32.dll	0x5D090000	0x0009A000
C:\WINDOWS\system32\hnetcfg.dll	0x662B0000	0x00058000
C:\WINDOWS\System32\mswsock.dll	0x71A50000	0x0003F000
C:\WINDOWS\System32\wshtcpip.dll	0x71A90000	0x00008000
C:\WINDOWS\system32\WS2HELP.dll	0x71AA0000	0x00008000
C:\WINDOWS\system32\WS2_32.dll	0x71AB0000	0x00017000
C:\WINDOWS\system32\wsock32.dll	0x71AD0000	0x00009000
C:\WINDOWS\system32\sensapi.dll	0x722B0000	0x00005000
C:\WINDOWS\system32\USERENV.dll	0x769C0000	0x000B4000
C:\WINDOWS\system32\WINMM.dll	0x76B40000	0x0002D000
C:\WINDOWS\system32\rtutils.dll	0x76E80000	0x0000E000
C:\WINDOWS\system32\rasman.dll	0x76E90000	0x00012000
C:\WINDOWS\system32\TAPI32.dll	0x76EB0000	0x0002F000
C:\WINDOWS\system32\RASAPI32.DLL	0x76EE0000	0x0003C000
C:\WINDOWS\system32\DNSAPI.dll	0x76F20000	0x00027000
C:\WINDOWS\system32\rasadhlp.dll	0x76FC0000	0x00006000
C:\WINDOWS\system32\OLEAUT32.dll	0x77120000	0x0008B000
C:\WINDOWS\system32\wininet.dll	0x771B0000	0x000AA000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll	0x773D0000	0x00103000
C:\WINDOWS\system32\ole32.dll	0x774E0000	0x0013D000
C:\WINDOWS\system32\CRYPT32.dll	0x77A80000	0x00095000
C:\WINDOWS\system32\MSASN1.dll	0x77B20000	0x00012000
C:\WINDOWS\system32\VERSION.dll	0x77C00000	0x00008000
C:\WINDOWS\system32\msvcrt.dll	0x77C10000	0x00058000
C:\WINDOWS\system32\ADVAPI32.dll	0x77DD0000	0x0009B000
C:\WINDOWS\system32\RPCRT4.dll	0x77E70000	0x00092000
C:\WINDOWS\system32\GDI32.dll	0x77F10000	0x00049000
C:\WINDOWS\system32\SHLWAPI.dll	0x77F60000	0x00076000
C:\WINDOWS\system32\Secur32.dll	0x77FE0000	0x00011000
C:\WINDOWS\system32\shell32.dll	0x7C9C0000	0x00817000
C:\WINDOWS\system32\urlmon.dll	0x7E1E0000	0x000A2000
C:\WINDOWS\system32\USER32.dll	0x7E410000	0x00091000

3.a) 72992ab286.exe - Registry Activities

	- Registry Values Modified:

Key	Name	New Value
HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings	ProxyEnable	0
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Common AppData	C:\Documents and Settings\All Users\Application Data
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths	Directory	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths	Paths	4
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1	CacheLimit	40852
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1	CachePath	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2	CacheLimit	40852
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2	CachePath	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3	CacheLimit	40852
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3	CachePath	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4	CacheLimit	40852
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4	CachePath	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	AppData	C:\Documents and Settings\Administrator\Application Data
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Cache	C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Cookies	C:\Documents and Settings\Administrator\Cookies
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	History	C:\Documents and Settings\Administrator\Local Settings\History
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	IntranetName	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ProxyBypass	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	UNCAsIntranet	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings	MigrateProxy	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings	ProxyEnable	0
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	SavedLegacySettings	0x3c0000001600000001000000000000000000000000000000040000000000

	- Registry Values Read:

Key	Name	Value	Times
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	UrlEncoding	0x00000000	2
HKLM\SYSTEM\CurrentControlSet\Control\Session Manager	CriticalSectionTimeout	2592000	1
HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters	Transports	0x5400630070006900700000004e0065007400420049004f00530000000000	2
HKLM\SYSTEM\Setup	SystemSetupInProgress	0	1
HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS	*	1	1
HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL	*	1	1
HKLM\Software\Microsoft\Tracing	EnableConsoleTracing	0	1
HKLM\Software\Microsoft\Tracing\RASAPI32	ConsoleTracingMask	4294901760	3
HKLM\Software\Microsoft\Tracing\RASAPI32	EnableConsoleTracing	0	3
HKLM\Software\Microsoft\Tracing\RASAPI32	EnableFileTracing	0	3
HKLM\Software\Microsoft\Tracing\RASAPI32	FileDirectory	%windir%\tracing	6
HKLM\Software\Microsoft\Tracing\RASAPI32	FileTracingMask	4294901760	3
HKLM\Software\Microsoft\Tracing\RASAPI32	MaxFileSize	1048576	3
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList	AllUsersProfile	All Users	2
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList	DefaultUserProfile	Default User	2
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList	ProfilesDirectory	%SystemDrive%\Documents and Settings	4
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-842925246-1425521274-308236825-500	ProfileImagePath	%SystemDrive%\Documents and Settings\Administrator	2
HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows	AppInit_DLLs		1
HKLM\Software\Microsoft\Windows\CurrentVersion	CommonFilesDir	C:\Program Files\Common Files	2
HKLM\Software\Microsoft\Windows\CurrentVersion	ProgramFilesDir	C:\Program Files	2
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Common AppData	%ALLUSERSPROFILE%\Application Data	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	TransparentEnabled	1	1
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName	ComputerName	PC	4
HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm	wheel	1	1
HKLM\System\CurrentControlSet\Control\ProductOptions	ProductType	WinNT	1
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	ComSpec	%SystemRoot%\system32\cmd.exe	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	FP_NO_HOST_CHECK	NO	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	NUMBER_OF_PROCESSORS	1	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	OS	Windows_NT	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_ARCHITECTURE	x86	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_IDENTIFIER	x86 Family 6 Model 3 Stepping 3, GenuineIntel	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_LEVEL	6	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_REVISION	0303	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	Path	%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	TEMP	%SystemRoot%\TEMP	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	TMP	%SystemRoot%\TEMP	4
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	windir	%SystemRoot%	4
HKLM\System\CurrentControlSet\Control\Terminal Server	TSAppCompat	0	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters	Domain		2
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters	Hostname	pc	2
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters	UseDomainNameDevolution	0	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	HelperDllName	%SystemRoot%\System32\wshtcpip.dll	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	Mapping	0x0b0000000300000002000000010000000600000002000000010000000000	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	MaxSockaddrLength	16	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	MinSockaddrLength	16	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	UseDelayedAcceptance	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters	WinSock_Registry_Version	2.0	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5	Num_Catalog_Entries	3	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5	Serial_Access_Num	4	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	DisplayString	Tcpip	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	Enabled	1	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	LibraryPath	%SystemRoot%\System32\mswsock.dll	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	ProviderId	0x409d05229e7ecf11ae5a00aa00a7112b	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	StoresServiceClassInfo	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	SupportedNameSpace	12	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	Version	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	DisplayString	NTDS	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	Enabled	1	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	LibraryPath	%SystemRoot%\System32\winrnr.dll	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	ProviderId	0xee37263b80e5cf11a55500c04fd8d4ac	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	StoresServiceClassInfo	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	SupportedNameSpace	32	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	Version	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	DisplayString	Network Location Awareness (NLA) Namespace	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	Enabled	1	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	LibraryPath	%SystemRoot%\System32\mswsock.dll	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	ProviderId	0x3a244266a83ba64abaa52e0bd71fdd83	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	StoresServiceClassInfo	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	SupportedNameSpace	15	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	Version	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	Next_Catalog_Entry_ID	1020	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	Num_Catalog_Entries	13	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	Serial_Access_Num	6	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004	PackedCatalogItem	%SystemRoot%\system32\rsvpsp.d	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005	PackedCatalogItem	%SystemRoot%\system32\rsvpsp.d	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\Setup	SystemSetupInProgress	0	3
HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment	TEMP	%USERPROFILE%\Local Settings\Temp	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment	TMP	%USERPROFILE%\Local Settings\Temp	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	EnableHttp1_1	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	EnableNegotiate	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	MimeExclusionListForCache	multipart/mixed multipart/x-mixed-replace multipart/x-byteranges	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	WarnOnPost	0x01000000	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	ParseAutoexec	1	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	AppData	%USERPROFILE%\Application Data	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Cache	%USERPROFILE%\Local Settings\Temporary Internet Files	3
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Cookies	%USERPROFILE%\Cookies	3
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	History	%USERPROFILE%\Local Settings\History	3
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Local Settings	%USERPROFILE%\Local Settings	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Personal	%USERPROFILE%\My Documents	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache	Signature	Client UrlCache MMF Ver 5.2	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	CacheLimit	163410	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	CachePrefix		2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	PerUserItem	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	CacheLimit	8192	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	CachePrefix	Cookie:	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	PerUserItem	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218	CacheLimit	8192	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218	CacheOptions	11	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218	CachePath	%USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021720110218\	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218	CachePrefix	:2011021720110218:	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218	CacheRepair	0	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219	CacheLimit	8192	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219	CacheOptions	11	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219	CachePath	%USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021820110219\	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219	CachePrefix	:2011021820110219:	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219	CacheRepair	0	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	CacheLimit	8192	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	CachePrefix	Visited:	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	PerUserItem	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	IntranetName	1	16
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ProxyBypass	1	16
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	http	3	16
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0	Flags	33	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1	Flags	219	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2	Flags	71	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3	1A10	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3	Flags	1	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4	Flags	3	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings	MigrateProxy	1	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings	ProxyEnable	0	1
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	DefaultConnectionSettings	0x3c0000000300000001000000000000000000000000000000040000000000	2
HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	SavedLegacySettings	0x3c0000001500000001000000000000000000000000000000040000000000	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	APPDATA	C:\Documents and Settings\Administrator\Application Data	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	CLIENTNAME	Console	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	HOMEDRIVE	C:	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	HOMEPATH	\Documents and Settings\Administrator	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	HOMESHARE		4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	LOGONSERVER	\\PC	4
HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment	SESSIONNAME	Console	4

	- Monitored Registry Keys:

Key Name	Watch subtree	Notify Filter	Count
HKLM\Software\Microsoft\Tracing\RASAPI32	0	Attributes Change,Value Change,Security Descriptor Change	3
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5	0	Key Change	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	0	Key Change	1

3.b) 72992ab286.exe - File Activities

	- Files Read:

PIPE\lsarpc

c:\72992ab286.exe

c:\autoexec.bat

	- Files Modified:

PIPE\lsarpc

\Device\Afd\Endpoint

\Device\RasAcd

	- File System Control Communication:

File	Control Code	Times
C:\Program Files\Common Files\	0x00090028	1
PIPE\lsarpc	0x0011C017	19

	- Device Control Communication:

File	Control Code	Times
\Device\KsecDD	0x00390008	8
\Device\Afd\Endpoint	AFD_GET_INFO (0x0001207B)	2
\Device\Afd\Endpoint	AFD_SET_CONTEXT (0x00012047)	394
\Device\Afd\Endpoint	AFD_BIND (0x00012003)	59
\Device\Afd\Endpoint	AFD_GET_TDI_HANDLES (0x00012037)	118
\Device\Afd\Endpoint	AFD_GET_SOCK_NAME (0x0001202F)	59
\Device\Afd\Endpoint	AFD_CONNECT (0x00012007)	59
unnamed file	0x00120028	59
\Device\Afd\Endpoint	AFD_SEND (0x0001201F)	90
\Device\Afd\Endpoint	AFD_RECV (0x00012017)	196
\Device\Afd\Endpoint	AFD_SET_INFO (0x0001203B)	217
\Device\Afd\Endpoint	AFD_DISCONNECT (0x0001202B)	28

	- Memory Mapped Files:

File Name

C:\WINDOWS\System32\mswsock.dll

C:\WINDOWS\System32\wshtcpip.dll

C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll

C:\WINDOWS\WindowsShell.Manifest

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\system32\RASAPI32.DLL

C:\WINDOWS\system32\TAPI32.dll

C:\WINDOWS\system32\WINMM.dll

C:\WINDOWS\system32\WS2HELP.dll

C:\WINDOWS\system32\WS2_32.dll

C:\WINDOWS\system32\comctl32.dll

C:\WINDOWS\system32\hnetcfg.dll

C:\WINDOWS\system32\rasadhlp.dll

C:\WINDOWS\system32\rasman.dll

C:\WINDOWS\system32\rtutils.dll

C:\WINDOWS\system32\sensapi.dll

C:\WINDOWS\system32\shell32.dll

C:\WINDOWS\system32\urlmon.dll

C:\WINDOWS\system32\wininet.dll

C:\WINDOWS\system32\wsock32.dll

3.c) 72992ab286.exe - Network Activity

	- DNS Queries:

Name	Query Type	Query Result	Successful	Protocol
thueringen.bdlo.de	DNS_TYPE_A	82.165.90.252	YES	udp
houstongeneraltradinggroup.com	DNS_TYPE_A	184.173.23.142	YES	udp
instructivodogui.com.ar	DNS_TYPE_A	205.186.175.142	YES	udp
piano-secrets.com	DNS_TYPE_A	67.222.51.191	YES	udp
mytamilmagazine.net	DNS_TYPE_A	50.116.103.67	YES	udp

	- HTTP Conversations:

From ANUBIS:1028 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1029 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1030 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1031 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1032 to 67.222.51.191:80 - [piano-secrets.com]
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
From ANUBIS:1033 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1034 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1035 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
From ANUBIS:1036 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1037 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1038 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1039 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1040 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1041 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1042 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
From ANUBIS:1043 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1044 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1045 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1046 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: <no reply>
From ANUBIS:1047 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1048 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1049 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1050 to 67.222.51.191:80 - [piano-secrets.com]
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
From ANUBIS:1051 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1052 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1053 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1054 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1055 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1056 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
From ANUBIS:1057 to 67.222.51.191:80 - [piano-secrets.com]
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
From ANUBIS:1058 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1059 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1060 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1061 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1062 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1063 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
From ANUBIS:1064 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1065 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1066 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1067 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1068 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
From ANUBIS:1069 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1070 to 67.222.51.191:80 - [piano-secrets.com]
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
From ANUBIS:1071 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1072 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1073 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: <no reply>
From ANUBIS:1074 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1075 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: <no reply>
From ANUBIS:1076 to 184.173.23.142:80 - [houstongeneraltradinggroup.com]
Request: GET /x.htm?rGZMsFSJ5J6blYJUPL7X
Response: 404 "Not Found"
From ANUBIS:1077 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1078 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1079 to 67.222.51.191:80 - [piano-secrets.com]
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
Request: GET /i.htm?7tEhYb3repxi4DthjGlUdzE1fcHEPHgiz
Response: 404 "Not Found"
From ANUBIS:1080 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: <no reply>
From ANUBIS:1081 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1082 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
From ANUBIS:1083 to 50.116.103.67:80 - [mytamilmagazine.net]
Request: GET /q.htm?uT5JYibIM7F26CWJMrIHJK7Rjg4s5xD
Response: 404 "Not Found"
From ANUBIS:1084 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"
From ANUBIS:1085 to 205.186.175.142:80 - [instructivodogui.com.ar]
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: 404 "Not Found"
Request: GET /b.htm?heZg4KzGMWwfIcWcP4DsYikrdlb
Response: <no reply>
From ANUBIS:1086 to 82.165.90.252:80 - [thueringen.bdlo.de]
Request: GET /d.htm?zv6KZ1T6WKphAp6nLllJQRXVnOlG9sVc
Response: 404 "Not Found"

Analysis Report for 72992ab286ef3e4329890029303d570c-651ee1f8de21378db4d49ece4d2776f7-1359381592

Table of Contents