Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =1685de687627bc33d910cda1dd19c5f9

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
1685de687627bc33d910cda1dd19c5f9	190e234144f9f03d83ccbe54137845185feee724	705118dec104119447587acdc34393f6e72ba9118b1ca837a280a618c6c01ab7	1536:yOhplcsHv1X6n0BQnouy8SaHNnj6jBLEMxqEWw:yOXpHv1O0GoutS6Nj	53248

File Results

File Name
win%5F7%5Fwinsock%5Freeninstaller.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
N/A	McAfee
N/A	Kaspersky

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/WINDOWS/Prefetch	AUTOIT3.EXE-32361418.pf
c:/WINDOWS/Prefetch	IPCONFIG.EXE-2395F30B.pf
c:/WINDOWS/Prefetch	MSG.EXE-0A99DAA3.pf
c:/WINDOWS/Prefetch	NBTSTAT.EXE-050A2164.pf
c:/WINDOWS/Prefetch	NETSH.EXE-085CFFDE.pf
c:/WINDOWS/Prefetch	REG.EXE-0D2A95F7.pf
c:/WINDOWS/Prefetch	REGSHOT.EXE-010A5EE6.pf
c:/WINDOWS/Prefetch	ROUTE.EXE-371D32DE.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/Prefetch	XCOPY.EXE-21FC761A.pf
c:/WINDOWS/SoftwareDistribution/DataStore/Logs	tmp.edb
c:/WINDOWS/Temp	Perflib_Perfdata_258.dat

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/Prefetch	WUAUCLT.EXE-399A8E72.pf
modified	c:/WINDOWS/SoftwareDistribution/DataStore	DataStore.edb
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.chk
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.log
modified	c:/WINDOWS/system32/config	software.LOG
modified	c:/WINDOWS/system32/config	SYSTEM
modified	c:/WINDOWS/system32/config	system.LOG
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS	WindowsUpdate.log

Registry Keys (Added) - ICC Results

Action	Path
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG
added	HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch
added	HKLM/SYSTEM/ControlSet001/Services/Winsock/Setup Migration/Providers/Tcpip6
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/343305C9
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Linkage
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Interfaces
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock
added	HKLM/SYSTEM/CurrentControlSet/Services/Winsock/Setup Migration/Providers/Tcpip6
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/343305C9
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Linkage
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Interfaces
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG	EnableFileTracing	0x00000000
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG	EnableConsoleTracing	0x00000000
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG	FileTracingMask	0xFFFF0000
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG	ConsoleTracingMask	0xFFFF0000
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG	MaxFileSize	0x00100000
added	HKLM/SOFTWARE/Microsoft/Tracing/FWCFG	FileDirectory	"%windir%tracing"
added	HKLM/SYSTEM/ControlSet001/Services/Tcpip	BootFlags	0x00000001
added	HKLM/SYSTEM/ControlSet001/Services/Tcpip	NdisMajorVersion	0x00000006
added	HKLM/SYSTEM/ControlSet001/Services/Tcpip	NdisMinorVersion	0x00000014
added	HKLM/SYSTEM/ControlSet001/Services/Tcpip/Performance	Library	"%SystemRoot%System32Perfctrs.dll"
added	HKLM/SYSTEM/ControlSet001/Services/Winsock/Setup Migration/Providers/Tcpip6	WinSock 1.1 Provider Data	66 10 00 00 17 00 00 00 1C 00 00 00 1C 00 00 00 01 00 00 00 06 00 00 00 00 00 00
added	HKLM/SYSTEM/ControlSet001/Services/Winsock/Setup Migration/Providers/Tcpip6	WinSock 2.0 Provider ID	C0 B0 EA F9 D4 26 D0 11 BB BF 00 AA 00 6C 34 E4
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters	NameSpace_Callout	"%SystemRoot%System32fwpuclnt.dll"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters	AutodialDLL	"rasadhlp.dll"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	ProviderInfo
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	ProviderInfo
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	ProviderInfo
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	LibraryPath	"%SystemRoot%system32napinsp.dll"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	DisplayString	"@%SystemRoot%system32napinsp.dll,-1000"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	ProviderId	A2 CB 4A 96 BC B2 EB 40 8C 6A A6 DB 40 16 1C AE
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	SupportedNameSpace	0x00000025
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	Enabled	0x00000001
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	Version	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	StoresServiceClassInfo	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	ProviderInfo
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	LibraryPath	"%SystemRoot%system32pnrpnsp.dll"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	DisplayString	"@%SystemRoot%system32pnrpnsp.dll,-1000"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	ProviderId	CE 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	SupportedNameSpace	0x00000027
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	Enabled	0x00000001
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	Version	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	StoresServiceClassInfo	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	ProviderInfo
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	LibraryPath	"%SystemRoot%system32pnrpnsp.dll"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	DisplayString	"@%SystemRoot%system32pnrpnsp.dll,-1001"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	ProviderId	CD 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	SupportedNameSpace	0x00000026
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	Enabled	0x00000001
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	Version	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	StoresServiceClassInfo	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	ProviderInfo
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/343305C9	AppFullPath	"C:/Windows/system32/lsass.exe"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/343305C9	PermittedLspCategories	0x80000000
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0	AppArgs	"-k LocalService"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0	PermittedLspCategories	0x80000044
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA	AppArgs	"-k LocalServiceAndNoImpersonation"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA	PermittedLspCategories	0x80000044
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0	AppArgs	"-k LocalServiceNetworkRestricted"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0	PermittedLspCategories	0x80000040
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651	AppArgs	"-k NetworkService"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651	PermittedLspCategories	0x80000044
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1	AppFullPath	"C:/Windows/system32/wininit.exe"
added	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1	PermittedLspCategories	0x80000040
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock	UseDelayedAcceptance	0x00000000
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock	HelperDllName	"%SystemRoot%System32wship6.dll"
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock	MaxSockAddrLength	0x0000001C
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock	MinSockAddrLength	0x0000001C
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock	Mapping	08 00 00 00 03 00 00 00 17 00 00 00 01 00 00 00 06 00 00 00 17 00 00 00 01 00 00
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters	Dhcpv6DUID	00 01 00 01 15 30 57 6B 08 00 27 10 1D D9
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Linkage	Route	{9CB52EDF-596B-47D0-A4D4-DB97F0D73500}{40460492-6FD8-4919-A298-6B49AC95B3AD}{9E7
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	NdisMajorVersion	0x00000006
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	NdisMinorVersion	0x00000014
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	Type	0x00000001
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	Start	0x00000003
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	ErrorControl	0x00000001
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	ImagePath	"system32DRIVERStcpip.sys"
added	HKLM/SYSTEM/ControlSet001/Services/TCPIP6	TextModeFlags	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	BootFlags	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	NdisMajorVersion	0x00000006
added	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	NdisMinorVersion	0x00000014
added	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Performance	Library	"%SystemRoot%System32Perfctrs.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/Winsock/Setup Migration/Providers/Tcpip6	WinSock 1.1 Provider Data	66 10 00 00 17 00 00 00 1C 00 00 00 1C 00 00 00 01 00 00 00 06 00 00 00 00 00 00
added	HKLM/SYSTEM/CurrentControlSet/Services/Winsock/Setup Migration/Providers/Tcpip6	WinSock 2.0 Provider ID	C0 B0 EA F9 D4 26 D0 11 BB BF 00 AA 00 6C 34 E4
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters	NameSpace_Callout	"%SystemRoot%System32fwpuclnt.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters	AutodialDLL	"rasadhlp.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	ProviderInfo
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	ProviderInfo
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	ProviderInfo
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	LibraryPath	"%SystemRoot%system32napinsp.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	DisplayString	"@%SystemRoot%system32napinsp.dll,-1000"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	ProviderId	A2 CB 4A 96 BC B2 EB 40 8C 6A A6 DB 40 16 1C AE
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	SupportedNameSpace	0x00000025
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	Enabled	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	Version	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	StoresServiceClassInfo	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004	ProviderInfo
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	LibraryPath	"%SystemRoot%system32pnrpnsp.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	DisplayString	"@%SystemRoot%system32pnrpnsp.dll,-1000"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	ProviderId	CE 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	SupportedNameSpace	0x00000027
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	Enabled	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	Version	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	StoresServiceClassInfo	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005	ProviderInfo
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	LibraryPath	"%SystemRoot%system32pnrpnsp.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	DisplayString	"@%SystemRoot%system32pnrpnsp.dll,-1001"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	ProviderId	CD 89 FE 03 6D 76 76 49 B9 C1 BB 9B C4 2C 7B 4D
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	SupportedNameSpace	0x00000026
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	Enabled	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	Version	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	StoresServiceClassInfo	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006	ProviderInfo
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/343305C9	AppFullPath	"C:/Windows/system32/lsass.exe"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/343305C9	PermittedLspCategories	0x80000000
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0	AppArgs	"-k LocalService"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0	PermittedLspCategories	0x80000044
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA	AppArgs	"-k LocalServiceAndNoImpersonation"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA	PermittedLspCategories	0x80000044
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0	AppArgs	"-k LocalServiceNetworkRestricted"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0	PermittedLspCategories	0x80000040
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651	AppFullPath	"C:/Windows/system32/svchost.exe"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651	AppArgs	"-k NetworkService"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651	PermittedLspCategories	0x80000044
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1	AppFullPath	"C:/Windows/system32/wininit.exe"
added	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1	PermittedLspCategories	0x80000040
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock	UseDelayedAcceptance	0x00000000
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock	HelperDllName	"%SystemRoot%System32wship6.dll"
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock	MaxSockAddrLength	0x0000001C
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock	MinSockAddrLength	0x0000001C
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock	Mapping	08 00 00 00 03 00 00 00 17 00 00 00 01 00 00 00 06 00 00 00 17 00 00 00 01 00 00
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters	Dhcpv6DUID	00 01 00 01 15 30 57 6B 08 00 27 10 1D D9
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Linkage	Route	{9CB52EDF-596B-47D0-A4D4-DB97F0D73500}{40460492-6FD8-4919-A298-6B49AC95B3AD}{9E7
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	NdisMajorVersion	0x00000006
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	NdisMinorVersion	0x00000014
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	Type	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	Start	0x00000003
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	ErrorControl	0x00000001
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	ImagePath	"system32DRIVERStcpip.sys"
added	HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6	TextModeFlags	0x00000001
added	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache	C://Documents and Settings//dmc73144//Local Settings//Temp//1.tmp//winsock.bat	"winsock"

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data
deleted	HKLM/SYSTEM/ControlSet001/Services/Tcpip/Performance/Library: "Perfctrs.dll"		N/A
deleted	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Performance/Library: "Perfctrs.dll"		N/A

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	72 94 74 79 6A B3 E3 04 38 95 AF 7C A3 61 51 3F 6E 43 8A 3F 50 EB 2F 5F 99 96 87	66 5C 9B 6B 04 B6 6C E3 98 7F 36 37 BB 6A 89 85 99 B0 4D 7A 28 95 79 8A 18 75 DA
modified	HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT	EventMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT	CategoryMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip	Start	0x00000001	0x00000000
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip	ImagePath	"system32DRIVERStcpip.sys"	"System32driverstcpip.sys"
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip	DisplayName	"TCP/IP Protocol Driver"	"@%SystemRoot%system32tcpipcfg.dll,-50003"
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip	Description	"TCP/IP Protocol Driver"	"@%SystemRoot%system32tcpipcfg.dll,-50003"
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip/Linkage	Route	{9B7E3E9B-6887-4894-8EE4-B4EFDC3EBE75}NdisWanIp	{9E702D9C-6C82-499E-A802-29EC61B09C31}
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip/Parameters/Winsock	Mapping	0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00	08 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00
modified	HKLM/SYSTEM/ControlSet001/Services/Tcpip/Performance	Object List	"502 510 546 582 638 658"	"502 510 546 548 582 638 658 1530 1532 1534"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5	Num_Catalog_Entries	0x00000003	0x00000006
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5	Serial_Access_Num	0x00000004	0x00000008
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	LibraryPath	"%SystemRoot%System32mswsock.dll"	"%SystemRoot%system32NLAapi.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	DisplayString	"Tcpip"	"@%SystemRoot%system32nlasvc.dll,-1000"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	ProviderId	40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B	3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	SupportedNameSpace	0x0000000C	0x0000000F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	LibraryPath	"%SystemRoot%System32winrnr.dll"	"%SystemRoot%System32mswsock.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	DisplayString	"NTDS"	"@%SystemRoot%system32wshtcpip.dll,-60103"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	ProviderId	EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC	40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	SupportedNameSpace	0x00000020	0x0000000C
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	StoresServiceClassInfo	0x00000000	0x00000001
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	LibraryPath	"%SystemRoot%System32mswsock.dll"	"%SystemRoot%System32winrnr.dll"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	DisplayString	"Network Location Awareness (NLA) Namespace"	"NTDS"
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	ProviderId	3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83	EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	SupportedNameSpace	0x0000000F	0x00000020
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9	Num_Catalog_Entries	0x0000000B	0x0000000E
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9	Next_Catalog_Entry_ID	0x000003F4	0x000003F7
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9	Serial_Access_Num	0x00000004	0x00000005
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000001	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000002	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000003	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000004	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000005	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000006	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000007	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000008	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000009	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000010	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000011	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT	EventMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT	CategoryMessageFile	"c	"C:WINDOWSsystem32ESENT.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	Start	0x00000001	0x00000000
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	ImagePath	"system32DRIVERStcpip.sys"	"System32driverstcpip.sys"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	DisplayName	"TCP/IP Protocol Driver"	"@%SystemRoot%system32tcpipcfg.dll,-50003"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip	Description	"TCP/IP Protocol Driver"	"@%SystemRoot%system32tcpipcfg.dll,-50003"
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Linkage	Route	{9B7E3E9B-6887-4894-8EE4-B4EFDC3EBE75}NdisWanIp	{9E702D9C-6C82-499E-A802-29EC61B09C31}
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Winsock	Mapping	0B 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00	08 00 00 00 03 00 00 00 02 00 00 00 01 00 00 00 06 00 00 00 02 00 00 00 01 00 00
modified	HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Performance	Object List	"502 510 546 582 638 658"	"502 510 546 548 582 638 658 1530 1532 1534"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5	Num_Catalog_Entries	0x00000003	0x00000006
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5	Serial_Access_Num	0x00000004	0x00000008
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	LibraryPath	"%SystemRoot%System32mswsock.dll"	"%SystemRoot%system32NLAapi.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	DisplayString	"Tcpip"	"@%SystemRoot%system32nlasvc.dll,-1000"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	ProviderId	40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B	3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001	SupportedNameSpace	0x0000000C	0x0000000F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	LibraryPath	"%SystemRoot%System32winrnr.dll"	"%SystemRoot%System32mswsock.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	DisplayString	"NTDS"	"@%SystemRoot%system32wshtcpip.dll,-60103"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	ProviderId	EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC	40 9D 05 22 9E 7E CF 11 AE 5A 00 AA 00 A7 11 2B
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	SupportedNameSpace	0x00000020	0x0000000C
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002	StoresServiceClassInfo	0x00000000	0x00000001
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	LibraryPath	"%SystemRoot%System32mswsock.dll"	"%SystemRoot%System32winrnr.dll"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	DisplayString	"Network Location Awareness (NLA) Namespace"	"NTDS"
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	ProviderId	3A 24 42 66 A8 3B A6 4A BA A5 2E 0B D7 1F DD 83	EE 37 26 3B 80 E5 CF 11 A5 55 00 C0 4F D8 D4 AC
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003	SupportedNameSpace	0x0000000F	0x00000020
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9	Num_Catalog_Entries	0x0000000B	0x0000000E
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9	Next_Catalog_Entry_ID	0x000003F4	0x000003F7
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9	Serial_Access_Num	0x00000004	0x00000005
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000001	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000002	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000003	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000004	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000005	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 72 73 76 70 73	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000006	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000007	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000008	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000009	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000010	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F
modified	HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000011	PackedCatalogItem	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F	25 53 79 73 74 65 6D 52 6F 6F 74 25 5C 73 79 73 74 65 6D 33 32 5C 6D 73 77 73 6F

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location