Cluster L

Ports	Attack port Ports 139 (100%) 1027 (67%) 1028 (67%)
Files	Drops Processes hqghumea.dll (98%) cmd.exe (75%) csrss.exe (75%) explorer.exe (75%) lsass.exe (75%) services.exe (75%) spoolsv.exe (75%) full list
Snort	Snort IDs Snort Egg IDs Snort Outbound IDs 1:21390:5 (100%) 1:299998:1 (100%) 1:32000004:99 (100%) 1:2001683:3 (97%) 1:5001684:99 (97%) -
Registry	Registry keys Registry values - -
Servers	Failed connections -
Chatter	FTP chatter HTTP chatter IRC chatter pass=x (100%) user=x (100%) exec=hqghumea.dll (100%) - -
Static Analysis	Antivirus labels Packed MD5 Unpacked MD5 sdbot (100%) sophos (98%) rbot (97%) antivir (86%) webwasher (86%) kaspersky (85%) full list 0f143d... (55%) f7f466... (21%) b65a42... (13%) diversity: 3.7% full list diversity: N/A