**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =881e21645e5ffe1ffb959835f8fdf71d

**** Malware_Report_-_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH_____________________________________________________________|File_Size|
|881e21645e5ffe1ffb959835f8fdf71d|1855412a717f4b74c9227772c48aaba694568e81|e35d4f4d6e3329f92af6acb5ad8b6ff9f90915b89bc066feb4e69cbcd4469451|49152:1rVYlfBUDiZx8Fa/Q0NuB1ripj2YcWlT2f/E9gfpx:1OPUDQmso0NuBI2YLlT2f/E|2219008__|
**** File_Results ****
 _________
|File_Name|
|a.exe____|
**** SNORT_Results ****
 ___________________________________________________________________________________________________________________
|Snort_Class__________________|Snort_Alert____________________________________________________________________|Count|
|A_Network_Trojan_was_detected|ET_TROJAN_Suspicious_User-Agent_-_Possible_Trojan_Downloader_(ver18/ver19,_etc)|4____|
|A_Network_Trojan_was_detected|ET_TROJAN_Tibs/Harnig_Downloader_Activity______________________________________|1____|
|Misc_Attack__________________|ET_RBN_Known_Russian_Business_Network_IP_TCP_(28)______________________________|1____|
**** AV_Results ****
 __________________________________
|AV_Alert________________|AV_Vendor|
|Downloader______________|Symantec_|
|Artemis!881E21645E5F____|McAfee___|
|HackTool.Win32.Binder.bs|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 __________________________________________________________________________________________________
|Path__________________________________________________________________________________|Folder_Name|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|87IMY4XV___|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|ITB2CJ0C___|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|MILJGV5B___|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|WO4JPI86___|
**** Files_(Added)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Path___________________________________________________________________________________________|File_Name_______________|
|c:/Documents_and_Settings/dmc73144/Application_Data/Microsoft__________________________________|conhost.exe_____________|
|c:/Documents_and_Settings/dmc73144/Application_Data____________________________________________|C31A.001________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp_________________________________________|4.tmp___________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp_________________________________________|av.exe__________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp_________________________________________|AVS_____________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp_________________________________________|GB.EXE__________________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/87IMY4XV|desktop.ini_____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/87IMY4XV|zdlfahcaip[1].htm_______|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|desktop.ini_____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|ubsnltn[1].htm__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/MILJGV5B|desktop.ini_____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/MILJGV5B|dhpjelxr[1].htm_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/WO4JPI86|ctbidkjq[1].htm_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/WO4JPI86|desktop.ini_____________|
|c:/Documents_and_Settings______________________________________________________________________|dmc73144xplore.exe______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|AUTOIT3.EXE-32361418.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|AV.EXE-2BB28644.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|AVS.EXE-273CB218.pf_____|
|c:/WINDOWS/Prefetch____________________________________________________________________________|DB.EXE-1938CF3D.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|EN.EXE-2EB83C39.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|GB.EXE-3A422BAF.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|IPCONFIG.EXE-2395F30B.pf|
|c:/WINDOWS/Prefetch____________________________________________________________________________|NTVDM.EXE-1A10A423.pf___|
|c:/WINDOWS/Prefetch____________________________________________________________________________|PERFMON8.EXE-3A9640FE.pf|
|c:/WINDOWS/Prefetch____________________________________________________________________________|REGSHOT.EXE-010A5EE6.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SANDNET.EXE-2012C478.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SB.EXE-12312C77.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SVCHOST.EXE-3530F672.pf_|
|c:/WINDOWS/system32____________________________________________________________________________|perfmon8.exe____________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 _____________________________________________________________________________________________________________________________
|Action__|Path_________________________________________________________________________________________|File_Name_____________|
|modified|c:/Documents_and_Settings/dmc73144/Application_Data/Mozilla/Firefox/Profiles/ektregxy.default|prefs.js______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies___________________________________________________|index.dat_____________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5________________________|index.dat_____________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5_______|index.dat_____________|
|modified|c:/Documents_and_Settings/dmc73144___________________________________________________________|NTUSER.DAT____________|
|modified|c:/Documents_and_Settings/dmc73144___________________________________________________________|ntuser.dat.LOG________|
|modified|c:/Program_Files/OpenSSH/var/log_____________________________________________________________|OpenSSHd.log__________|
|modified|c:/WINDOWS/Prefetch__________________________________________________________________________|HSTART.EXE-221D72BF.pf|
|modified|c:/WINDOWS/system32/config___________________________________________________________________|default.LOG___________|
|modified|c:/WINDOWS/system32/config___________________________________________________________________|software______________|
|modified|c:/WINDOWS/system32/config___________________________________________________________________|software.LOG__________|
|modified|c:/WINDOWS/system32/config___________________________________________________________________|SYSTEM________________|
|modified|c:/WINDOWS/system32/config___________________________________________________________________|system.LOG____________|
|modified|c:/WINDOWS/system32/drivers/etc______________________________________________________________|hosts_________________|
|modified|c:/WINDOWS/system32/wbem/Logs________________________________________________________________|wmiprov.log___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS_______________________________________________________|INDEX.MAP_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS_______________________________________________________|MAPPING.VER___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS_______________________________________________________|MAPPING1.MAP__________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS_______________________________________________________|OBJECTS.MAP___________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ______________________________________________________________________________________________________
|Action|Path___________________________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer_______________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run___________________________|
|added_|HKLM/SOFTWARE/YICGGIOWP________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8____________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000_______________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000/Control_______________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000___________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000/Control___________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Internet_Explorer/Main/featurecontrol__________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Internet_Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION|
|added_|HKU/.DEFAULT/Software/Microsoft/Internet_Explorer/international________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/YICGGIOWP____________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Internet_Explorer/Main/featurecontrol__________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Internet_Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION|
|added_|HKU/S-1-5-18/Software/Microsoft/Internet_Explorer/international________________________________|
**** Registry_Values_(Added)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action|Path________________________________________________________________________________________________________|Val_Name_______________________________________________|Val_Data________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet_Settings____________________________________________|6______________________________________________________|CA_45_8D_7A_61_F6_______________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run________________________________________|oxtosr_________________________________________________|"C:/WINDOWS/system32/perfmon8.exe"______________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Run__________________________________________________________|conhost________________________________________________|"C:/Documents_and_Settings/dmc73144/Application_Data/Microsoft/conhost.exe"_____|
|added_|HKLM/SYSTEM/ControlSet001/Control/Session_Manager___________________________________________________________|PendingFileRenameOperations____________________________|5C_3F_3F_5C_43_3A_5C_44_4F_43_55_4D_45_7E_31_5C_64_6D_63_37_33_31_34_34_5C_4C_4F|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000/Control____________________________________________|*NewlyCreated*_________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000/Control____________________________________________|ActiveService__________________________________________|"3bba44c8"______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000____________________________________________________|Service________________________________________________|"3bba44c8"______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000____________________________________________________|Legacy_________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000____________________________________________________|ConfigFlags____________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000____________________________________________________|Class__________________________________________________|"LegacyDriver"__________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000____________________________________________________|ClassGUID______________________________________________|"{8ECC055D-047F-11D1-A537-0000F8753ED1}"________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8/0000____________________________________________________|DeviceDesc_____________________________________________|"3bba44c8"______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_3BBA44C8_________________________________________________________|NextInstance___________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Control/Session_Manager_______________________________________________________|PendingFileRenameOperations____________________________|5C_3F_3F_5C_43_3A_5C_44_4F_43_55_4D_45_7E_31_5C_64_6D_63_37_33_31_34_34_5C_4C_4F|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000/Control________________________________________|*NewlyCreated*_________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000/Control________________________________________|ActiveService__________________________________________|"3bba44c8"______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000________________________________________________|Service________________________________________________|"3bba44c8"______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000________________________________________________|Legacy_________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000________________________________________________|ConfigFlags____________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000________________________________________________|Class__________________________________________________|"LegacyDriver"__________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000________________________________________________|ClassGUID______________________________________________|"{8ECC055D-047F-11D1-A537-0000F8753ED1}"________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8/0000________________________________________________|DeviceDesc_____________________________________________|"3bba44c8"______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_3BBA44C8_____________________________________________________|NextInstance___________________________________________|0x00000001______________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Internet_Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION_____________|svchost.exe____________________________________________|0x000022B8______________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Internet_Explorer/international_____________________________________________|acceptlanguage_________________________________________|"en-us"_________________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings____________________________________|maxhttpredirects_______________________________________|0x0000270F______________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings____________________________________|enablehttp1_1__________________________________________|0x00000001______________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|{AEBA21FA-782A-4A90-978D-B72164C80120}_________________|1A_37_61_59_23_52_35_0C_7A_5F_20_17_2F_1E_1A_19_0E_2B_01_73_13_37_13_12_14_1A_15|
|added_|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|{A8A88C49-5EB2-4990-A1A2-0876022C854F}_________________|1A_37_61_59_23_52_35_0C_7A_5F_20_17_2F_1E_1A_19_0E_2B_01_73_13_37_13_12_14_1A_15|
|added_|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|1208___________________________________________________|0x00000000______________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|1209___________________________________________________|0x00000000______________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings|ProxyServer____________________________________________|"http=127.0.0.1_________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings|6______________________________________________________|CA_45_8D_7A_61_F6_______________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//AV.EXE_________|"Realtek_Audio_Driver"__________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//AVS.EXE________|"AVS"___________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//DB.EXE_________|"Snapin_using_common_base_classes"______________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//EN.EXE_________|"EN"____________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//GB.EXE_________|"GB"____________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//SB.EXE_________|"SB"____________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://WINDOWS//system32//ipconfig.exe____________________|"IP_Configuration_Utility"______________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//EUO1FFC.tmp.cmd|"EUO1FFC.tmp"___________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://Documents_and_Settings//dmc73144xplore.exe_________|"dmc73144xplore"________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://WINDOWS//system32//ntvdm.exe_______________________|"NTVDM.EXE"_____________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Internet_Explorer/Main/featurecontrol/FEATURE_BROWSER_EMULATION_____________|svchost.exe____________________________________________|0x000022B8______________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Internet_Explorer/international_____________________________________________|acceptlanguage_________________________________________|"en-us"_________________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings____________________________________|maxhttpredirects_______________________________________|0x0000270F______________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings____________________________________|enablehttp1_1__________________________________________|0x00000001______________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|{AEBA21FA-782A-4A90-978D-B72164C80120}_________________|1A_37_61_59_23_52_35_0C_7A_5F_20_17_2F_1E_1A_19_0E_2B_01_73_13_37_13_12_14_1A_15|
|added_|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|{A8A88C49-5EB2-4990-A1A2-0876022C854F}_________________|1A_37_61_59_23_52_35_0C_7A_5F_20_17_2F_1E_1A_19_0E_2B_01_73_13_37_13_12_14_1A_15|
|added_|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|1208___________________________________________________|0x00000000______________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3____________________________|1209___________________________________________________|0x00000000______________________________________________________________________|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name_________________|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_____________________|E3_E9_35_DE_C1_21_D3_29_2B_B2_1F_C8_D7_22_76_12_7B_0D_1E_C2_19_DE_41_27_B8_63_7A|70_3A_68_51_20_E2_3E_81_A5_8E_D3_DB_3E_9E_1D_2C_C5_D4_3B_7F_CD_DE_FC_8F_66_5E_AE|
|modified|HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication________________________________________________________________|Name_____________________|"msoobe.exe"____________________________________________________________________|"svchost.exe"___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/DirectDraw/MostRecentApplication________________________________________________________________|ID_______________________|0x3B7D853E______________________________________________________________________|0x41107ED6______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Hardware_Profiles/0001/Software/Microsoft/windows/CurrentVersion/Internet_Settings____________|ProxyEnable______________|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Hardware_Profiles/Current/Software/Microsoft/windows/CurrentVersion/Internet_Settings_________|ProxyEnable______________|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Hardware_Profiles/0001/Software/Microsoft/windows/CurrentVersion/Internet_Settings________|ProxyEnable______________|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Hardware_Profiles/Current/Software/Microsoft/windows/CurrentVersion/Internet_Settings_____|ProxyEnable______________|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|CurrentLevel_____________|0x00011000______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|1001_____________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|1601_____________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/.DEFAULT/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|1A10_____________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings____________|ProxyEnable______________|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|DefaultConnectionSettings|3C_00_00_00_02_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_03_00_00_00_03_00_00_00_14_00_00_00_68_74_74_70_3D_31_32_37_2E_30_2E|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings______|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_1A_00_00_00_03_00_00_00_14_00_00_00_68_74_74_70_3D_31_32_37_2E_30_2E|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_____________|0x00000002______________________________________________________________________|0x00000004______________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|CurrentLevel_____________|0x00011000______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|1001_____________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|1601_____________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKU/S-1-5-18/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Zones/3________________________________________|1A10_____________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
**** DNS_Results ****
 ____________________________________________________________________________________________________________________________________________________
|DNS___________________|DNS_Response_________________________________________________________________________________________________________________|
|onlinebizdirectory.com|Standard_query_response_A_173.203.101.8______________________________________________________________________________________|
|freshmediaportal.com__|Standard_query_response_A_63.251.179.57_A_64.158.56.57_______________________________________________________________________|
|contactfriendly.com___|Standard_query_response_A_95.211.130.162_____________________________________________________________________________________|
|aeravine.com__________|Standard_query_response_A_193.27.246.60______________________________________________________________________________________|
|imagehut4.cn__________|Standard_query_response_A_64.158.56.57_A_63.251.179.57_______________________________________________________________________|
|resetmymemory.com_____|Standard_query_response_A_64.158.56.57_A_63.251.179.57_______________________________________________________________________|
|zonedg.com____________|Standard_query_response_A_96.9.169.85________________________________________________________________________________________|
|www.google.com________|Standard_query_response_CNAME_www.l.google.com_A_72.14.204.99_A_72.14.204.103_A_72.14.204.104_A_72.14.204.105_A_72.14.204.147|
|freshmediaportal.com__|Standard_query_response_A_64.158.56.57_A_63.251.179.57_______________________________________________________________________|
**** URL_Results ****
 ________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|DstIP________|HTTP_HOST___________|HTTP_REQUEST_URI_______________________________________________________________________________________________________________________________________________________________________________________________________________|HTTP_USER_AGENT_____________________________________________|PROTOCOL|
|63.251.179.57|freshmediaportal.com|/blog/images/3521.jpg?v67=41&tq=gL5HtzyMv5rJsxG1J4Xo2rCyDvEpwr7UxUrEgPiWW1cg___________________________________________________________________________________________________________________________________________________|mozilla/2.0_________________________________________________|0x06____|
|64.158.56.57_|imagehut4.cn________|/update/utu.dat________________________________________________________________________________________________________________________________________________________________________________________________________________|Mozilla/4.0_(compatible;_MSIE_7.0;_Windows_NT_5.2;_SV1)_____|0x06____|
|193.27.246.60|aeravine.com________|/dpxezto/ubsnltn.php?adv=adv610&id=82799957&c=10331881_________________________________________________________________________________________________________________________________________________________________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)ver76|0x06____|
|193.27.246.60|aeravine.com________|/dpxezto/ctbidkjq.php?adv=adv610&id=82799957&c=10331881________________________________________________________________________________________________________________________________________________________________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)ver76|0x06____|
|193.27.246.60|aeravine.com________|/dpxezto/zdlfahcaip.php?adv=adv610&id=82799957&c=10331881______________________________________________________________________________________________________________________________________________________________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)ver76|0x06____|
|193.27.246.60|aeravine.com________|/dpxezto/dhpjelxr.php?adv=adv610&code1=HOLC&code2=3201&id=82799957&p=1&b=1&c=10331881__________________________________________________________________________________________________________________________________________|Mozilla/4.0_(compatible;_MSIE_6.0;_Windows_NT_5.1;_SV1)ver76|0x06____|
|64.158.56.57_|resetmymemory.com___|/blog/images/3521.jpg?v83=96&tq=gKZEtzyMv5rJqxG1J42pzMffBv0v1%2BjbwvgS917W65rJqlLfgPiWW1cg_____________________________________________________________________________________________________________________________________|mozilla/2.0_________________________________________________|0x06____|
|96.9.169.85__|zonedg.com__________|/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gGg%2Fl%2F2wrnKCGkrg%2B8Wrd%2FUfSeCK0alxtygbpb6HvnSAOQij%2B8OoYvEaSPT%2BsqpSr%2Fe%2BV5ZuRg%3D%3D__|mozilla/2.0_________________________________________________|0x06____|
|96.9.169.85__|zonedg.com__________|/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gGg%2Fl%2F2wrnKCGkrg%2B8Wrd%2FUfSeCK0alxtygbpb6HvnSAOQij%2B8yjYvEaS%2FT%2BsqtSr%2Fe%2BV5ZuRg%3D%3D|mozilla/2.0_________________________________________________|0x06____|
|72.14.204.99_|www.google.com______|/______________________________________________________________________________________________________________________________________________________________________________________________________________________________|____________________________________________________________|0x06____|
|64.158.56.57_|freshmediaportal.com|/blog/images/3521.jpg?v82=71&tq=gKZEtzyMv5rJqxG1J42pzMffBv0v1%2BjbwvgS917W65rJqlLfgPiWW1cg_____________________________________________________________________________________________________________________________________|mozilla/2.0_________________________________________________|0x06____|
|96.9.169.85__|zonedg.com__________|/index.html?tq=gKY0sHoL7L%2BN6yLhbz627sHdMfVsS%2FT5wug%2BtygfvO7H33Hhbj%2Fh7sbedf1sSvT8t65i9hlL9PmxqXH0bF%2FmiMWrdPd5SOeikL50gGg%2Fl%2F2wrnKCGkrg%2B8Wrd%2FUfSeCK0alxtygbpb6HvnSAOQij%2BsSrf%2BFpPOHuwd0i9Goe5vjCqFKv975Xlm5G__|mozilla/2.0_________________________________________________|0x06____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|156_____|138_____|15349____|30156____|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|156_____|138_____|15349____|30156____|
**** ARGUS_DATA_Results ****
 _______________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP_________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|18:23:32|2011-10-10|6_______|10.10.10.7|173.203.101.8_|->_|e____|469__|80___|14__|2727_|
|18:23:32|2011-10-10|6_______|10.10.10.7|95.211.130.162|->_|e____|598__|80___|9___|1752_|
|18:23:34|2011-10-10|6_______|10.10.10.7|95.211.130.162|->_|e____|600__|80___|9___|2216_|
|18:23:35|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|256__|80___|9___|932__|
|18:23:35|2011-10-10|6_______|10.10.10.7|193.27.246.60_|->_|e____|255__|80___|13__|1781_|
|18:23:36|2011-10-10|6_______|10.10.10.7|193.27.246.60_|->_|e____|602__|80___|13__|1784_|
|18:23:37|2011-10-10|6_______|10.10.10.7|173.203.101.8_|->_|e____|469__|80___|10__|1965_|
|18:23:42|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|605__|80___|13__|2059_|
|18:23:42|2011-10-10|6_______|10.10.10.7|173.203.101.8_|->_|e____|469__|80___|5___|300__|
|18:23:43|2011-10-10|6_______|10.10.10.7|96.9.169.85___|->_|e____|606__|80___|9___|1131_|
|18:23:47|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|605__|80___|10__|1965_|
|18:23:52|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|605__|80___|4___|513__|
|18:24:33|2011-10-10|6_______|10.10.10.7|72.14.204.99__|->_|e____|148__|80___|13__|1942_|
|18:24:38|2011-10-10|6_______|10.10.10.7|72.14.204.99__|->_|e____|148__|80___|11__|2298_|
|18:24:43|2011-10-10|6_______|10.10.10.7|72.14.204.99__|->_|e____|148__|80___|5___|300__|
|18:24:44|2011-10-10|6_______|10.10.10.7|72.14.204.99__|->_|e____|611__|80___|14__|2280_|
|18:24:49|2011-10-10|6_______|10.10.10.7|72.14.204.99__|->_|e____|611__|80___|10__|1965_|
|18:24:54|2011-10-10|6_______|10.10.10.7|72.14.204.99__|->_|e____|611__|80___|5___|300__|
|18:25:58|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|624__|80___|13__|2062_|
|18:25:58|2011-10-10|6_______|10.10.10.7|96.9.169.85___|->_|e____|162__|80___|9___|1133_|
|18:25:59|2011-10-10|6_______|10.10.10.7|96.9.169.85___|->_|e____|625__|80___|9___|1131_|
|18:26:03|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|624__|80___|11__|2298_|
|18:26:08|2011-10-10|6_______|10.10.10.7|64.158.56.57__|->_|e____|624__|80___|3___|180__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|