**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =1685de687627bc33d910cda1dd19c5f9

**** Malware_Report_-_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH___________________________________________________|File_Size|
|1685de687627bc33d910cda1dd19c5f9|190e234144f9f03d83ccbe54137845185feee724|705118dec104119447587acdc34393f6e72ba9118b1ca837a280a618c6c01ab7|1536:yOhplcsHv1X6n0BQnouy8SaHNnj6jBLEMxqEWw:yOXpHv1O0GoutS6Nj|53248____|
**** File_Results ****
 _____________________________________
|File_Name____________________________|
|win%5F7%5Fwinsock%5Freeninstaller.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
|N/A_____|Symantec_|
|N/A_____|McAfee___|
|N/A_____|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________________________
|Path__________________________________________|File_Name_______________|
|c:/WINDOWS/Prefetch___________________________|AUTOIT3.EXE-32361418.pf_|
|c:/WINDOWS/Prefetch___________________________|IPCONFIG.EXE-2395F30B.pf|
|c:/WINDOWS/Prefetch___________________________|MSG.EXE-0A99DAA3.pf_____|
|c:/WINDOWS/Prefetch___________________________|NBTSTAT.EXE-050A2164.pf_|
|c:/WINDOWS/Prefetch___________________________|NETSH.EXE-085CFFDE.pf___|
|c:/WINDOWS/Prefetch___________________________|REG.EXE-0D2A95F7.pf_____|
|c:/WINDOWS/Prefetch___________________________|REGSHOT.EXE-010A5EE6.pf_|
|c:/WINDOWS/Prefetch___________________________|ROUTE.EXE-371D32DE.pf___|
|c:/WINDOWS/Prefetch___________________________|SANDNET.EXE-2012C478.pf_|
|c:/WINDOWS/Prefetch___________________________|XCOPY.EXE-21FC761A.pf___|
|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|tmp.edb_________________|
|c:/WINDOWS/Temp_______________________________|Perflib_Perfdata_258.dat|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________
|Action__|Path__________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WUAUCLT.EXE-399A8E72.pf_|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore_____|DataStore.edb___________|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|edb.chk_________________|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|edb.log_________________|
|modified|c:/WINDOWS/system32/config____________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________|SYSTEM__________________|
|modified|c:/WINDOWS/system32/config____________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS____________________________________|WindowsUpdate.log_______|
**** Registry_Keys_(Added)_-_ICC_Results ****
 _________________________________________________________________________________________________________________
|Action|Path______________________________________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Winsock/Setup_Migration/Providers/Tcpip6_______________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012_____|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013_____|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014_____|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog______________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1_____________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651____________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0____________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA____________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0____________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/343305C9_____________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Linkage_________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters______________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Interfaces___________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Winsock/Setup_Migration/Providers/Tcpip6___________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012_|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013_|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014_|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog__________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1_________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/343305C9_________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Linkage_____________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters__________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Interfaces_______________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock__________________________________________|
**** Registry_Values_(Added)_-_ICC_Results ****
 _________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action|Path______________________________________________________________________________________________________|Val_Name______________________________________________________________________|Val_Data________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|EnableFileTracing_____________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|EnableConsoleTracing__________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|FileTracingMask_______________________________________________________________|0xFFFF0000______________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|ConsoleTracingMask____________________________________________________________|0xFFFF0000______________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|MaxFileSize___________________________________________________________________|0x00100000______________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Tracing/FWCFG_____________________________________________________________________|FileDirectory_________________________________________________________________|"%windir%tracing"_______________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|BootFlags_____________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|NdisMajorVersion______________________________________________________________|0x00000006______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|NdisMinorVersion______________________________________________________________|0x00000014______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Performance______________________________________________________|Library_______________________________________________________________________|"%SystemRoot%System32Perfctrs.dll"______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Winsock/Setup_Migration/Providers/Tcpip6_______________________________|WinSock_1.1_Provider_Data_____________________________________________________|66_10_00_00_17_00_00_00_1C_00_00_00_1C_00_00_00_01_00_00_00_06_00_00_00_00_00_00|
|added_|HKLM/SYSTEM/ControlSet001/Services/Winsock/Setup_Migration/Providers/Tcpip6_______________________________|WinSock_2.0_Provider_ID_______________________________________________________|C0_B0_EA_F9_D4_26_D0_11_BB_BF_00_AA_00_6C_34_E4_________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters____________________________________________________|NameSpace_Callout_____________________________________________________________|"%SystemRoot%System32fwpuclnt.dll"______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters____________________________________________________|AutodialDLL___________________________________________________________________|"rasadhlp.dll"__________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001____|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002____|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003____|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|LibraryPath___________________________________________________________________|"%SystemRoot%system32napinsp.dll"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|DisplayString_________________________________________________________________|"@%SystemRoot%system32napinsp.dll,-1000"________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|ProviderId____________________________________________________________________|A2_CB_4A_96_BC_B2_EB_40_8C_6A_A6_DB_40_16_1C_AE_________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|SupportedNameSpace____________________________________________________________|0x00000025______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|Enabled_______________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|Version_______________________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|StoresServiceClassInfo________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004____|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|LibraryPath___________________________________________________________________|"%SystemRoot%system32pnrpnsp.dll"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|DisplayString_________________________________________________________________|"@%SystemRoot%system32pnrpnsp.dll,-1000"________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|ProviderId____________________________________________________________________|CE_89_FE_03_6D_76_76_49_B9_C1_BB_9B_C4_2C_7B_4D_________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|SupportedNameSpace____________________________________________________________|0x00000027______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|Enabled_______________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|Version_______________________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|StoresServiceClassInfo________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005____|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|LibraryPath___________________________________________________________________|"%SystemRoot%system32pnrpnsp.dll"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|DisplayString_________________________________________________________________|"@%SystemRoot%system32pnrpnsp.dll,-1001"________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|ProviderId____________________________________________________________________|CD_89_FE_03_6D_76_76_49_B9_C1_BB_9B_C4_2C_7B_4D_________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|SupportedNameSpace____________________________________________________________|0x00000026______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|Enabled_______________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|Version_______________________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|StoresServiceClassInfo________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006____|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012_____|PackedCatalogItem_____________________________________________________________|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013_____|PackedCatalogItem_____________________________________________________________|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014_____|PackedCatalogItem_____________________________________________________________|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/343305C9_____________________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/lsass.exe"_________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/343305C9_____________________________|PermittedLspCategories________________________________________________________|0x80000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0____________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0____________________|AppArgs_______________________________________________________________________|"-k_LocalService"_______________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0____________________|PermittedLspCategories________________________________________________________|0x80000044______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA____________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA____________________|AppArgs_______________________________________________________________________|"-k_LocalServiceAndNoImpersonation"_____________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA____________________|PermittedLspCategories________________________________________________________|0x80000044______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0____________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0____________________|AppArgs_______________________________________________________________________|"-k_LocalServiceNetworkRestricted"______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0____________________|PermittedLspCategories________________________________________________________|0x80000040______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651____________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651____________________|AppArgs_______________________________________________________________________|"-k_NetworkService"_____________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651____________________|PermittedLspCategories________________________________________________________|0x80000044______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1_____________________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/wininit.exe"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1_____________________________|PermittedLspCategories________________________________________________________|0x80000040______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock______________________________________________|UseDelayedAcceptance__________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock______________________________________________|HelperDllName_________________________________________________________________|"%SystemRoot%System32wship6.dll"________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock______________________________________________|MaxSockAddrLength_____________________________________________________________|0x0000001C______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock______________________________________________|MinSockAddrLength_____________________________________________________________|0x0000001C______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters/Winsock______________________________________________|Mapping_______________________________________________________________________|08_00_00_00_03_00_00_00_17_00_00_00_01_00_00_00_06_00_00_00_17_00_00_00_01_00_00|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Parameters______________________________________________________|Dhcpv6DUID____________________________________________________________________|00_01_00_01_15_30_57_6B_08_00_27_10_1D_D9_______________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6/Linkage_________________________________________________________|Route_________________________________________________________________________|{9CB52EDF-596B-47D0-A4D4-DB97F0D73500}{40460492-6FD8-4919-A298-6B49AC95B3AD}{9E7|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|NdisMajorVersion______________________________________________________________|0x00000006______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|NdisMinorVersion______________________________________________________________|0x00000014______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|Type__________________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|Start_________________________________________________________________________|0x00000003______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|ErrorControl__________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|ImagePath_____________________________________________________________________|"system32DRIVERStcpip.sys"______________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TCPIP6_________________________________________________________________|TextModeFlags_________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|BootFlags_____________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|NdisMajorVersion______________________________________________________________|0x00000006______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|NdisMinorVersion______________________________________________________________|0x00000014______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Performance__________________________________________________|Library_______________________________________________________________________|"%SystemRoot%System32Perfctrs.dll"______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Winsock/Setup_Migration/Providers/Tcpip6___________________________|WinSock_1.1_Provider_Data_____________________________________________________|66_10_00_00_17_00_00_00_1C_00_00_00_1C_00_00_00_01_00_00_00_06_00_00_00_00_00_00|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Winsock/Setup_Migration/Providers/Tcpip6___________________________|WinSock_2.0_Provider_ID_______________________________________________________|C0_B0_EA_F9_D4_26_D0_11_BB_BF_00_AA_00_6C_34_E4_________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters________________________________________________|NameSpace_Callout_____________________________________________________________|"%SystemRoot%System32fwpuclnt.dll"______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters________________________________________________|AutodialDLL___________________________________________________________________|"rasadhlp.dll"__________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|LibraryPath___________________________________________________________________|"%SystemRoot%system32napinsp.dll"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|DisplayString_________________________________________________________________|"@%SystemRoot%system32napinsp.dll,-1000"________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|ProviderId____________________________________________________________________|A2_CB_4A_96_BC_B2_EB_40_8C_6A_A6_DB_40_16_1C_AE_________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|SupportedNameSpace____________________________________________________________|0x00000025______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|Enabled_______________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|Version_______________________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|StoresServiceClassInfo________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000004|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|LibraryPath___________________________________________________________________|"%SystemRoot%system32pnrpnsp.dll"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|DisplayString_________________________________________________________________|"@%SystemRoot%system32pnrpnsp.dll,-1000"________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|ProviderId____________________________________________________________________|CE_89_FE_03_6D_76_76_49_B9_C1_BB_9B_C4_2C_7B_4D_________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|SupportedNameSpace____________________________________________________________|0x00000027______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|Enabled_______________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|Version_______________________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|StoresServiceClassInfo________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000005|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|LibraryPath___________________________________________________________________|"%SystemRoot%system32pnrpnsp.dll"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|DisplayString_________________________________________________________________|"@%SystemRoot%system32pnrpnsp.dll,-1001"________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|ProviderId____________________________________________________________________|CD_89_FE_03_6D_76_76_49_B9_C1_BB_9B_C4_2C_7B_4D_________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|SupportedNameSpace____________________________________________________________|0x00000026______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|Enabled_______________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|Version_______________________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|StoresServiceClassInfo________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000006|ProviderInfo__________________________________________________________________|________________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000012_|PackedCatalogItem_____________________________________________________________|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000013_|PackedCatalogItem_____________________________________________________________|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000014_|PackedCatalogItem_____________________________________________________________|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/343305C9_________________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/lsass.exe"_________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/343305C9_________________________|PermittedLspCategories________________________________________________________|0x80000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0________________|AppArgs_______________________________________________________________________|"-k_LocalService"_______________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-34FFF7C0________________|PermittedLspCategories________________________________________________________|0x80000044______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA________________|AppArgs_______________________________________________________________________|"-k_LocalServiceAndNoImpersonation"_____________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-215FDCCA________________|PermittedLspCategories________________________________________________________|0x80000044______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0________________|AppArgs_______________________________________________________________________|"-k_LocalServiceNetworkRestricted"______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-1F4968A0________________|PermittedLspCategories________________________________________________________|0x80000040______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/svchost.exe"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651________________|AppArgs_______________________________________________________________________|"-k_NetworkService"_____________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/2C69D9F1-0F0A6651________________|PermittedLspCategories________________________________________________________|0x80000044______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1_________________________|AppFullPath___________________________________________________________________|"C:/Windows/system32/wininit.exe"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/AppId_Catalog/06EBDCB1_________________________|PermittedLspCategories________________________________________________________|0x80000040______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock__________________________________________|UseDelayedAcceptance__________________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock__________________________________________|HelperDllName_________________________________________________________________|"%SystemRoot%System32wship6.dll"________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock__________________________________________|MaxSockAddrLength_____________________________________________________________|0x0000001C______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock__________________________________________|MinSockAddrLength_____________________________________________________________|0x0000001C______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters/Winsock__________________________________________|Mapping_______________________________________________________________________|08_00_00_00_03_00_00_00_17_00_00_00_01_00_00_00_06_00_00_00_17_00_00_00_01_00_00|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Parameters__________________________________________________|Dhcpv6DUID____________________________________________________________________|00_01_00_01_15_30_57_6B_08_00_27_10_1D_D9_______________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6/Linkage_____________________________________________________|Route_________________________________________________________________________|{9CB52EDF-596B-47D0-A4D4-DB97F0D73500}{40460492-6FD8-4919-A298-6B49AC95B3AD}{9E7|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|NdisMajorVersion______________________________________________________________|0x00000006______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|NdisMinorVersion______________________________________________________________|0x00000014______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|Type__________________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|Start_________________________________________________________________________|0x00000003______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|ErrorControl__________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|ImagePath_____________________________________________________________________|"system32DRIVERStcpip.sys"______________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TCPIP6_____________________________________________________________|TextModeFlags_________________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache__________|C://Documents_and_Settings//dmc73144//Local_Settings//Temp//1.tmp//winsock.bat|"winsock"_______________________________________________________________________|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 _____________________________________________________________________________________________________________________________________________
|Action_|Path____________________________________________________________________________|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
|deleted|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Performance/Library:_"Perfctrs.dll"____|________|N/A_____|____________|
|deleted|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Performance/Library:_"Perfctrs.dll"|________|N/A_____|____________|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path______________________________________________________________________________________________________|Val_Name______________|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG__________________________________________________________________|Seed__________________|72_94_74_79_6A_B3_E3_04_38_95_AF_7C_A3_61_51_3F_6E_43_8A_3F_50_EB_2F_5F_99_96_87|66_5C_9B_6B_04_B6_6C_E3_98_7F_36_37_BB_6A_89_85_99_B0_4D_7A_28_95_79_8A_18_75_DA|
|modified|HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT_____________________________________________|EventMessageFile______|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT_____________________________________________|CategoryMessageFile___|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|Start_________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|ImagePath_____________|"system32DRIVERStcpip.sys"______________________________________________________|"System32driverstcpip.sys"______________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|DisplayName___________|"TCP/IP_Protocol_Driver"________________________________________________________|"@%SystemRoot%system32tcpipcfg.dll,-50003"______________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip__________________________________________________________________|Description___________|"TCP/IP_Protocol_Driver"________________________________________________________|"@%SystemRoot%system32tcpipcfg.dll,-50003"______________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Linkage__________________________________________________________|Route_________________|{9B7E3E9B-6887-4894-8EE4-B4EFDC3EBE75}NdisWanIp_________________________________|{9E702D9C-6C82-499E-A802-29EC61B09C31}__________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Parameters/Winsock_______________________________________________|Mapping_______________|0B_00_00_00_03_00_00_00_02_00_00_00_01_00_00_00_06_00_00_00_02_00_00_00_01_00_00|08_00_00_00_03_00_00_00_02_00_00_00_01_00_00_00_06_00_00_00_02_00_00_00_01_00_00|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Performance______________________________________________________|Object_List___________|"502_510_546_582_638_658"_______________________________________________________|"502_510_546_548_582_638_658_1530_1532_1534"____________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5_________________________________|Num_Catalog_Entries___|0x00000003______________________________________________________________________|0x00000006______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5_________________________________|Serial_Access_Num_____|0x00000004______________________________________________________________________|0x00000008______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001____|LibraryPath___________|"%SystemRoot%System32mswsock.dll"_______________________________________________|"%SystemRoot%system32NLAapi.dll"________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001____|DisplayString_________|"Tcpip"_________________________________________________________________________|"@%SystemRoot%system32nlasvc.dll,-1000"_________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001____|ProviderId____________|40_9D_05_22_9E_7E_CF_11_AE_5A_00_AA_00_A7_11_2B_________________________________|3A_24_42_66_A8_3B_A6_4A_BA_A5_2E_0B_D7_1F_DD_83_________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001____|SupportedNameSpace____|0x0000000C______________________________________________________________________|0x0000000F______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002____|LibraryPath___________|"%SystemRoot%System32winrnr.dll"________________________________________________|"%SystemRoot%System32mswsock.dll"_______________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002____|DisplayString_________|"NTDS"__________________________________________________________________________|"@%SystemRoot%system32wshtcpip.dll,-60103"______________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002____|ProviderId____________|EE_37_26_3B_80_E5_CF_11_A5_55_00_C0_4F_D8_D4_AC_________________________________|40_9D_05_22_9E_7E_CF_11_AE_5A_00_AA_00_A7_11_2B_________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002____|SupportedNameSpace____|0x00000020______________________________________________________________________|0x0000000C______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002____|StoresServiceClassInfo|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003____|LibraryPath___________|"%SystemRoot%System32mswsock.dll"_______________________________________________|"%SystemRoot%System32winrnr.dll"________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003____|DisplayString_________|"Network_Location_Awareness_(NLA)_Namespace"____________________________________|"NTDS"__________________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003____|ProviderId____________|3A_24_42_66_A8_3B_A6_4A_BA_A5_2E_0B_D7_1F_DD_83_________________________________|EE_37_26_3B_80_E5_CF_11_A5_55_00_C0_4F_D8_D4_AC_________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003____|SupportedNameSpace____|0x0000000F______________________________________________________________________|0x00000020______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9__________________________________|Num_Catalog_Entries___|0x0000000B______________________________________________________________________|0x0000000E______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9__________________________________|Next_Catalog_Entry_ID_|0x000003F4______________________________________________________________________|0x000003F7______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9__________________________________|Serial_Access_Num_____|0x00000004______________________________________________________________________|0x00000005______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000001_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000002_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000003_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000004_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000005_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000006_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000007_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000008_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000009_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000010_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/ControlSet001/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000011_____|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT_________________________________________|EventMessageFile______|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT_________________________________________|CategoryMessageFile___|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|Start_________________|0x00000001______________________________________________________________________|0x00000000______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|ImagePath_____________|"system32DRIVERStcpip.sys"______________________________________________________|"System32driverstcpip.sys"______________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|DisplayName___________|"TCP/IP_Protocol_Driver"________________________________________________________|"@%SystemRoot%system32tcpipcfg.dll,-50003"______________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip______________________________________________________________|Description___________|"TCP/IP_Protocol_Driver"________________________________________________________|"@%SystemRoot%system32tcpipcfg.dll,-50003"______________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Linkage______________________________________________________|Route_________________|{9B7E3E9B-6887-4894-8EE4-B4EFDC3EBE75}NdisWanIp_________________________________|{9E702D9C-6C82-499E-A802-29EC61B09C31}__________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Winsock___________________________________________|Mapping_______________|0B_00_00_00_03_00_00_00_02_00_00_00_01_00_00_00_06_00_00_00_02_00_00_00_01_00_00|08_00_00_00_03_00_00_00_02_00_00_00_01_00_00_00_06_00_00_00_02_00_00_00_01_00_00|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Performance__________________________________________________|Object_List___________|"502_510_546_582_638_658"_______________________________________________________|"502_510_546_548_582_638_658_1530_1532_1534"____________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5_____________________________|Num_Catalog_Entries___|0x00000003______________________________________________________________________|0x00000006______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5_____________________________|Serial_Access_Num_____|0x00000004______________________________________________________________________|0x00000008______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001|LibraryPath___________|"%SystemRoot%System32mswsock.dll"_______________________________________________|"%SystemRoot%system32NLAapi.dll"________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001|DisplayString_________|"Tcpip"_________________________________________________________________________|"@%SystemRoot%system32nlasvc.dll,-1000"_________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001|ProviderId____________|40_9D_05_22_9E_7E_CF_11_AE_5A_00_AA_00_A7_11_2B_________________________________|3A_24_42_66_A8_3B_A6_4A_BA_A5_2E_0B_D7_1F_DD_83_________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000001|SupportedNameSpace____|0x0000000C______________________________________________________________________|0x0000000F______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002|LibraryPath___________|"%SystemRoot%System32winrnr.dll"________________________________________________|"%SystemRoot%System32mswsock.dll"_______________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002|DisplayString_________|"NTDS"__________________________________________________________________________|"@%SystemRoot%system32wshtcpip.dll,-60103"______________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002|ProviderId____________|EE_37_26_3B_80_E5_CF_11_A5_55_00_C0_4F_D8_D4_AC_________________________________|40_9D_05_22_9E_7E_CF_11_AE_5A_00_AA_00_A7_11_2B_________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002|SupportedNameSpace____|0x00000020______________________________________________________________________|0x0000000C______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000002|StoresServiceClassInfo|0x00000000______________________________________________________________________|0x00000001______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003|LibraryPath___________|"%SystemRoot%System32mswsock.dll"_______________________________________________|"%SystemRoot%System32winrnr.dll"________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003|DisplayString_________|"Network_Location_Awareness_(NLA)_Namespace"____________________________________|"NTDS"__________________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003|ProviderId____________|3A_24_42_66_A8_3B_A6_4A_BA_A5_2E_0B_D7_1F_DD_83_________________________________|EE_37_26_3B_80_E5_CF_11_A5_55_00_C0_4F_D8_D4_AC_________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/NameSpace_Catalog5/Catalog_Entries/000000000003|SupportedNameSpace____|0x0000000F______________________________________________________________________|0x00000020______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9______________________________|Num_Catalog_Entries___|0x0000000B______________________________________________________________________|0x0000000E______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9______________________________|Next_Catalog_Entry_ID_|0x000003F4______________________________________________________________________|0x000003F7______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9______________________________|Serial_Access_Num_____|0x00000004______________________________________________________________________|0x00000005______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000001_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000002_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000003_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000004_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000005_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_72_73_76_70_73|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000006_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000007_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000008_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000009_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000010_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/WinSock2/Parameters/Protocol_Catalog9/Catalog_Entries/000000000011_|PackedCatalogItem_____|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|25_53_79_73_74_65_6D_52_6F_6F_74_25_5C_73_79_73_74_65_6D_33_32_5C_6D_73_77_73_6F|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 _________________________________________________________
|DstIP|HTTP_HOST|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
**** ARGUS_DATA_Results ****
 _______________________________________________________________
|Time|Date|Protocol|SrcIP|DstIP|Dir|Flags|Sport|Dport|Pkts|Bytes|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|