Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =41c97d0a16a0159923dd2ff69347cf81

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
41c97d0a16a0159923dd2ff69347cf81	2ea2469d04525326b8c19a0c1a7c20b78a92618c	f8223c26ec797be75c580fb9f6b5559ad8c3fcb0623771028f229042ba654f5c	1536:LYi0JdI8Yrm+soQ08gJoujhLh3QdeRYWaUjSuA1f3jw8dkLU3kC:+I8CYoQ08ojVhgOpauS9a8S	79528

File Results

File Name
l.php.exe
exe.exe

SNORT Results

Snort Class	Snort Alert	Count
N/A	No snort alerts generated	0

AV Results

AV Alert	AV Vendor
N/A	Symantec
N/A	McAfee
N/A	Kaspersky
Artemis!BC8FD236A76F	McAfee
Trojan	Symantec

Folders (Added) - ICC Results

Path	Folder Name

Files (Added) - ICC Results

Path	File Name
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/WINDOWS/system32	hosts
c:	netstat_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CYGRUNSRV.EXE-01BF82AE.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CYGRUNSRV.EXE-01BF82AE.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/SoftwareDistribution/DataStore/Logs	edb.chk
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	HSTART.EXE-221D72BF.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Program Files/OpenSSH/var/run	sshd.pid
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	98 83 32 D6 35 6E BD 89 3C 70 B3 F3 CB 9D 3B 8E 1F 12 5B 2B 82 D6 BA D7 BE 2F 50	4D 30 95 C8 5D B6 E0 C7 AB 04 F7 41 29 6E B4 29 44 73 89 90 BA 4D E3 0D 36 A7 3
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	69 35 AB E0 27 BA 23 62 98 24 B6 FE 3F 3A 66 F9 64 D2 71 F4 40 00 47 17 82 88 DD	8C ED 3C F5 0D 55 6B E4 61 19 BF F1 E0 41 9F F6 81 F1 BA 57 9A 8C 58 26 7D A7 E
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	64 87 0A 09 DE DB B2 CC AA 5B 02 9E 87 A8 88 25 66 E2 D4 38 FB F3 D8 19 EF 30 94	7A F7 35 66 6E 99 4E 5D 48 4B C7 37 89 7E 04 E9 E3 70 E0 A9 E4 34 7E 29 2A 51 1
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	10 4E 72 B1 C7 B9 54 91 7F 62 54 D0 9E 42 15 E1 17 BD EF 90 B4 F1 79 7B 54 A5 A7	F3 B7 5C 28 C3 69 B4 18 66 01 FE 7D 06 74 22 D1 38 DF 4B 25 0B F5 C7 AA 95 37 3
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	80 5C 0A 26 F0 6B BC D7 C4 04 14 40 C9 27 55 36 B8 1B CA F0 A2 24 3A CC D4 4B 0D	3F D1 53 61 73 9A B7 27 16 82 23 27 09 FE 0F 80 D0 BE DA D9 A1 52 72 BF 28 2F 8
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	6F BA 2F 78 E5 C1 3C 5A D5 00 8E 3B E6 FA B4 1F F4 71 0F C3 72 9C 6F 3C 20 6F 4D	8E 96 2C 5D 05 39 6E B6 13 96 99 04 BC F8 FE D4 63 C0 A8 42 BC 18 4E 57 E3 6F C
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	ED D0 EA D9 FC 68 76 CF F8 27 10 EA 2E F8 CF 0E 1B 5E 55 A1 E0 AF 85 39 AC 0F B5	C4 00 77 75 82 4E 77 F4 9F 67 08 58 9B 26 11 7A DD 5E 7E C1 21 5A B1 8C B1 AC 2
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	DD 68 72 1A 63 B3 34 0A E5 87 09 0D 70 52 1A FD 9D BE 92 24 8C C0 7F 4D 7E B2 B6	C2 A6 C7 43 FC BA 26 42 35 E0 69 CF CF BB CB FE CB 4F FC 58 32 8A 42 B3 62 8C 9
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	F9 EF DD 17 BF 29 B4 10 36 F0 11 CE 47 68 A0 C7 20 A8 0B 74 5A 76 C7 E8 FB 6C 78	D5 F1 62 E9 53 50 29 F2 17 27 A9 2C 5E CA F0 E7 D3 4A C3 DB 43 24 E4 01 47 B5 2
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	4E 4B B4 16 5D FD 3E 0F 31 80 A5 90 C3 EA 27 B3 9C 06 C2 D7 9D 42 09 A7 52 C0 29	13 A1 80 32 AF 0C D6 28 A8 3F BD 81 B0 CA C4 98 C9 FD 01 B8 1C 85 F4 B2 C0 51 7
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	E4 A5 5B 9D 2D ED 64 35 13 1A 57 FE DB 05 0B 2E 2B 77 8A E7 44 0A 90 E8 CA F8 C4	E7 1F C2 53 B1 0B 04 4A B8 36 4B 32 D9 F3 39 17 76 CD D8 42 72 AB 5A F7 06 46 E
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	9B A5 08 93 AB 79 AB F0 E7 91 5D F9 39 4A EB C1 F0 BD 92 0F F8 91 08 D6 54 62 23	20 B5 D2 34 5B 9A F5 B0 EC 0D 87 AE 0E 06 CB 36 EC B8 D5 CE 59 A6 DB DD 8E 5D 8
modified	HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	AB 6B 94 8D A1 4E 55 5D 50 D6 CE D3 27 B7 63 79 90 29 6C 5F FE 4F 7D AF CD 63 BF	A2 BE 2B 6B 47 6B 67 F4 91 CB E9 D5 16 F2 B3 F2 20 FE EC 44 CC 0C 77 27 A4 16 C
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	13 EB 4C 5A 19 80 B8 56 11 17 F4 95 17 1B 25 46 CA 68 DF 8A 99 4F B9 F2 1C 53 AE	91 DD D3 3F 8F 3C 85 59 E9 A9 FD FE DA AE FF 0E 57 C0 D1 06 79 83 2A 4A A9 44 9
modified	HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	C0 4F 91 60 12 B8 4F BE 00 A0 13 3E B1 F0 E8 F6 01 D1 82 9A 7B 52 05 DD 1B 98 FF	06 AC 1C AD 64 58 4C CD B6 3E 9E 52 F7 F6 6E BA A6 B4 59 3C 12 C7 5C 48 A8 F0 D
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001

DNS Results

DNS	DNS Response

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
09:29:02	2010-08-09	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
13:31:37	2010-08-09	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
21:59:02	2010-08-09	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
08:22:27	2010-08-10	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
11:10:43	2010-08-10	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
01:07:24	2010-08-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
06:48:44	2010-08-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
18:40:06	2010-08-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
06:33:54	2010-08-12	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
13:29:46	2010-08-12	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
01:08:50	2010-08-13	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175
00:40:22	2010-08-19	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
07:25:58	2010-08-19	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175
12:07:05	2010-08-20	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
16:14:40	2010-08-21	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location