**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =41c97d0a16a0159923dd2ff69347cf81

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|41c97d0a16a0159923dd2ff69347cf81|2ea2469d04525326b8c19a0c1a7c20b78a92618c|f8223c26ec797be75c580fb9f6b5559ad8c3fcb0623771028f229042ba654f5c|1536:LYi0JdI8Yrm+soQ08gJoujhLh3QdeRYWaUjSuA1f3jw8dkLU3kC:+I8CYoQ08ojVhgOpauS9a8S|79528____|
**** File_Results ****
 _________
|File_Name|
|l.php.exe|
|exe.exe__|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 ______________________________
|AV_Alert____________|AV_Vendor|
|N/A_________________|Symantec_|
|N/A_________________|McAfee___|
|N/A_________________|Kaspersky|
|Artemis!BC8FD236A76F|McAfee___|
|Trojan______________|Symantec_|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ______________________________________________
|Path________________|File_Name________________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________
|Action__|Path__________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|edb.chk_________________|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Program_Files/OpenSSH/var/run______________|sshd.pid________________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|98_83_32_D6_35_6E_BD_89_3C_70_B3_F3_CB_9D_3B_8E_1F_12_5B_2B_82_D6_BA_D7_BE_2F_50|4D_30_95_C8_5D_B6_E0_C7_AB_04_F7_41_29_6E_B4_29_44_73_89_90_BA_4D_E3_0D_36_A7_3|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|69_35_AB_E0_27_BA_23_62_98_24_B6_FE_3F_3A_66_F9_64_D2_71_F4_40_00_47_17_82_88_DD|8C_ED_3C_F5_0D_55_6B_E4_61_19_BF_F1_E0_41_9F_F6_81_F1_BA_57_9A_8C_58_26_7D_A7_E|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|64_87_0A_09_DE_DB_B2_CC_AA_5B_02_9E_87_A8_88_25_66_E2_D4_38_FB_F3_D8_19_EF_30_94|7A_F7_35_66_6E_99_4E_5D_48_4B_C7_37_89_7E_04_E9_E3_70_E0_A9_E4_34_7E_29_2A_51_1|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|10_4E_72_B1_C7_B9_54_91_7F_62_54_D0_9E_42_15_E1_17_BD_EF_90_B4_F1_79_7B_54_A5_A7|F3_B7_5C_28_C3_69_B4_18_66_01_FE_7D_06_74_22_D1_38_DF_4B_25_0B_F5_C7_AA_95_37_3|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|80_5C_0A_26_F0_6B_BC_D7_C4_04_14_40_C9_27_55_36_B8_1B_CA_F0_A2_24_3A_CC_D4_4B_0D|3F_D1_53_61_73_9A_B7_27_16_82_23_27_09_FE_0F_80_D0_BE_DA_D9_A1_52_72_BF_28_2F_8|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|6F_BA_2F_78_E5_C1_3C_5A_D5_00_8E_3B_E6_FA_B4_1F_F4_71_0F_C3_72_9C_6F_3C_20_6F_4D|8E_96_2C_5D_05_39_6E_B6_13_96_99_04_BC_F8_FE_D4_63_C0_A8_42_BC_18_4E_57_E3_6F_C|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|ED_D0_EA_D9_FC_68_76_CF_F8_27_10_EA_2E_F8_CF_0E_1B_5E_55_A1_E0_AF_85_39_AC_0F_B5|C4_00_77_75_82_4E_77_F4_9F_67_08_58_9B_26_11_7A_DD_5E_7E_C1_21_5A_B1_8C_B1_AC_2|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|DD_68_72_1A_63_B3_34_0A_E5_87_09_0D_70_52_1A_FD_9D_BE_92_24_8C_C0_7F_4D_7E_B2_B6|C2_A6_C7_43_FC_BA_26_42_35_E0_69_CF_CF_BB_CB_FE_CB_4F_FC_58_32_8A_42_B3_62_8C_9|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|F9_EF_DD_17_BF_29_B4_10_36_F0_11_CE_47_68_A0_C7_20_A8_0B_74_5A_76_C7_E8_FB_6C_78|D5_F1_62_E9_53_50_29_F2_17_27_A9_2C_5E_CA_F0_E7_D3_4A_C3_DB_43_24_E4_01_47_B5_2|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|4E_4B_B4_16_5D_FD_3E_0F_31_80_A5_90_C3_EA_27_B3_9C_06_C2_D7_9D_42_09_A7_52_C0_29|13_A1_80_32_AF_0C_D6_28_A8_3F_BD_81_B0_CA_C4_98_C9_FD_01_B8_1C_85_F4_B2_C0_51_7|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|E4_A5_5B_9D_2D_ED_64_35_13_1A_57_FE_DB_05_0B_2E_2B_77_8A_E7_44_0A_90_E8_CA_F8_C4|E7_1F_C2_53_B1_0B_04_4A_B8_36_4B_32_D9_F3_39_17_76_CD_D8_42_72_AB_5A_F7_06_46_E|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|9B_A5_08_93_AB_79_AB_F0_E7_91_5D_F9_39_4A_EB_C1_F0_BD_92_0F_F8_91_08_D6_54_62_23|20_B5_D2_34_5B_9A_F5_B0_EC_0D_87_AE_0E_06_CB_36_EC_B8_D5_CE_59_A6_DB_DD_8E_5D_8|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|AB_6B_94_8D_A1_4E_55_5D_50_D6_CE_D3_27_B7_63_79_90_29_6C_5F_FE_4F_7D_AF_CD_63_BF|A2_BE_2B_6B_47_6B_67_F4_91_CB_E9_D5_16_F2_B3_F2_20_FE_EC_44_CC_0C_77_27_A4_16_C|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|13_EB_4C_5A_19_80_B8_56_11_17_F4_95_17_1B_25_46_CA_68_DF_8A_99_4F_B9_F2_1C_53_AE|91_DD_D3_3F_8F_3C_85_59_E9_A9_FD_FE_DA_AE_FF_0E_57_C0_D1_06_79_83_2A_4A_A9_44_9|
|modified|HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent___________________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|C0_4F_91_60_12_B8_4F_BE_00_A0_13_3E_B1_F0_E8_F6_01_D1_82_9A_7B_52_05_DD_1B_98_FF|06_AC_1C_AD_64_58_4C_CD_B6_3E_9E_52_F7_F6_6E_BA_A6_B4_59_3C_12_C7_5C_48_A8_F0_D|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|09:29:02|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|13:31:37|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|21:59:02|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|08:22:27|2010-08-10|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|11:10:43|2010-08-10|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|01:07:24|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|06:48:44|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|18:40:06|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|06:33:54|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|13:29:46|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|01:08:50|2010-08-13|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|00:40:22|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:25:58|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|12:07:05|2010-08-20|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|16:14:40|2010-08-21|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|