**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =51642679ae9ca2cd69c7caa68c0b5925

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|51642679ae9ca2cd69c7caa68c0b5925|c2cb1a7e9b65d02746944d7ade9dd1f9ea2b81a0|88311791731faab0883454d3c86b06eea8ebdae40e8c872d80f3a068e8386471|768:HcKTtqOYEym8L5iR4iZtyUyJmJvbcYRaD1ciq8W7Kg4ZdQiX+1enN+dX0fMnM:HcKZHYEn8ds4yk|44497____|
**** File_Results ****
 _________
|File_Name|
|js.js.exe|
**** SNORT_Results ****
 _____________________________________________________________________________________
|Snort_Class__________________|Snort_Alert______________________________________|Count|
|A_Network_Trojan_was_detected|ET_TROJAN_Generic_Trojan_Checkin_(2)_____________|1____|
|Misc_Attack__________________|ET_RBN_Known_Russian_Business_Network_IP_TCP_(74)|1____|
**** AV_Results ****
 ___________________________________________
|AV_Alert_________________________|AV_Vendor|
|Trojan.Dropper___________________|Symantec_|
|Generic__________________________|McAfee___|
|Trojan-Downloader.Win32.Geral.ssc|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 __________________________________________________________________________________________________
|Path__________________________________________________________________________________|Folder_Name|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|ITB2CJ0C___|
|c:/Program_Files______________________________________________________________________|RAV________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|ITB2CJ0C___|
|c:/Program_Files______________________________________________________________________|RAV________|
**** Files_(Added)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Path___________________________________________________________________________________________|File_Name_______________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|netstat_base.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|netstat_post.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|tasksvc_base.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|tasksvc_post.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|taskv_base.txt__________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|taskv_post.txt__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp_________________________________________|cc190750.exe____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|Count[1].htm____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|desktop.ini_____________|
|c:/WINDOWS/inf_________________________________________________________________________________|oem0.inf________________|
|c:/WINDOWS/inf_________________________________________________________________________________|oem0.PNF________________|
|c:/WINDOWS/Prefetch____________________________________________________________________________|7Z.EXE-1A62CD19.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|CC190750.EXE-0C6519FF.pf|
|c:/WINDOWS/Prefetch____________________________________________________________________________|NET.EXE-01A53C2F.pf_____|
|c:/WINDOWS/Prefetch____________________________________________________________________________|NET1.EXE-029B9DB4.pf____|
|c:/WINDOWS/Prefetch____________________________________________________________________________|REG.EXE-0D2A95F7.pf_____|
|c:/WINDOWS/Prefetch____________________________________________________________________________|RUNONCE.EXE-2803F297.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SANDNET.EXE-2012C478.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SC.EXE-012262AF.pf______|
|c:/WINDOWS/system32/drivers____________________________________________________________________|CCTest.sys______________|
|c:/WINDOWS/system32____________________________________________________________________________|jsseting.data___________|
|c:/WINDOWS/system32____________________________________________________________________________|kav.exe_________________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|netstat_base.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|netstat_post.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|tasksvc_base.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|tasksvc_post.txt________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|taskv_base.txt__________|
|c:/DELL/VIDEO/OUTPUT___________________________________________________________________________|taskv_post.txt__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp_________________________________________|cc170171.exe____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|Count[1].htm____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5/ITB2CJ0C|desktop.ini_____________|
|c:/WINDOWS/inf_________________________________________________________________________________|oem0.inf________________|
|c:/WINDOWS/inf_________________________________________________________________________________|oem0.PNF________________|
|c:/WINDOWS/Prefetch____________________________________________________________________________|7Z.EXE-1A62CD19.pf______|
|c:/WINDOWS/Prefetch____________________________________________________________________________|CC170171.EXE-02F34BBE.pf|
|c:/WINDOWS/Prefetch____________________________________________________________________________|REG.EXE-0D2A95F7.pf_____|
|c:/WINDOWS/Prefetch____________________________________________________________________________|RUNONCE.EXE-2803F297.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SANDNET.EXE-2012C478.pf_|
|c:/WINDOWS/Prefetch____________________________________________________________________________|SC.EXE-012262AF.pf______|
|c:/WINDOWS/system32/drivers____________________________________________________________________|CCTest.sys______________|
|c:/WINDOWS/system32____________________________________________________________________________|jsseting.data___________|
|c:/WINDOWS/system32____________________________________________________________________________|kav.exe_________________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS____________________________________________________________________________|setupapi.log____________|
|modified|c:/WINDOWS/system32/CatRoot/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}____________________|TimeStamp_______________|
|modified|c:/WINDOWS/system32/CatRoot2__________________________________________________________|edb.chk_________________|
|modified|c:/WINDOWS/system32/CatRoot2__________________________________________________________|edb.log_________________|
|modified|c:/WINDOWS/system32/CatRoot2__________________________________________________________|tmp.edb_________________|
|modified|c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}___________________|catdb___________________|
|modified|c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}___________________|TimeStamp_______________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software________________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|SysEvent.Evt____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS____________________________________________________________________________|setupapi.log____________|
|modified|c:/WINDOWS/system32/CatRoot/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}____________________|TimeStamp_______________|
|modified|c:/WINDOWS/system32/CatRoot2__________________________________________________________|edb.chk_________________|
|modified|c:/WINDOWS/system32/CatRoot2__________________________________________________________|edb.log_________________|
|modified|c:/WINDOWS/system32/CatRoot2__________________________________________________________|tmp.edb_________________|
|modified|c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}___________________|catdb___________________|
|modified|c:/WINDOWS/system32/CatRoot2/{F750E6C3-38EE-11D1-85E5-00C04FC295EE}___________________|TimeStamp_______________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software________________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|70_F8_8F_7D_54_60_FA_93_FC_31_AE_63_F3_21_B2_5B_29_75_F2_D6_B8_9A_CE_E6_AE_D9_3B|58_E5_9E_92_CD_81_86_60_52_A8_A0_DF_E7_30_9B_92_BD_5D_80_ED_1D_CB_0E_76_13_6B_3|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|description________|"Matches_all_ICMP_packets_between_this_computer_and_any_other_computer."________|"???????????????????_ICMP_??"__________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|ipsecName__________|"All_ICMP_Traffic"______________________________________________________________|"??_ICMP_???"__________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|ipsecData__________|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_52_00_00_00_01_00_00_00_02_00_00|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_52_00_00_00_01_00_00_00_02_00_0|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|description________|"Matches_all_IP_packets_from_this_computer_to_any_other_computer,_except_broadca|"???????????????????_ICMP_?,????????Kerberos?RSVP_?_ISAKMP_(IKE)?"_____________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|ipsecName__________|"All_IP_Traffic"________________________________________________________________|"??_IP_???"____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|ipsecData__________|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_4A_00_00_00_01_00_00_00_02_00_00|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_4A_00_00_00_01_00_00_00_02_00_0|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}_____|whenChanged________|0x4A436156______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}|description________|"Accepts_unsecured_communication,_but_requests_clients_to_establish_trust_and_se|"????????,?????????????????????????????????????????"___________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}|ipsecName__________|"Request_Security_(Optional)"___________________________________________________|"????_(??)"____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}|description________|"Permit_unsecured_IP_packets_to_pass_through."__________________________________|"??????_IP_????"_______________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}|ipsecName__________|"Permit"________________________________________________________________________|"??"___________________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}|description________|"Accepts_unsecured_communication,_but_always_requires_clients_to_establish_trust|"????????,?????????????????????????????????"___________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}|ipsecName__________|"Require_Security"______________________________________________________________|"????"_________________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Control/GroupOrderList________________________________________________________________________|Extended_Base______|04_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_____________________|05_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_05_00_00_00________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/GroupOrderList____________________________________________________________________|Extended_Base______|04_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_____________________|05_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_05_00_00_00________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_16_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|23_C7_F8_6E_78_92_C5_71_55_E9_A8_80_59_2E_CB_95_BE_7A_0B_BF_2C_40_F4_19_11_D5_6B|A3_BA_F8_D7_6F_25_6E_8A_E5_B1_5F_5A_06_06_20_3C_40_55_86_A7_5A_A9_90_96_D9_16_4|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|description________|"Matches_all_ICMP_packets_between_this_computer_and_any_other_computer."________|"???????????????????_ICMP_??"__________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|ipsecName__________|"All_ICMP_Traffic"______________________________________________________________|"??_ICMP_???"__________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|ipsecData__________|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_52_00_00_00_01_00_00_00_02_00_00|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_52_00_00_00_01_00_00_00_02_00_0|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{72385235-70fa-11d1-864c-14a300000000}___________|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|description________|"Matches_all_IP_packets_from_this_computer_to_any_other_computer,_except_broadca|"???????????????????_ICMP_?,????????Kerberos?RSVP_?_ISAKMP_(IKE)?"_____________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|ipsecName__________|"All_IP_Traffic"________________________________________________________________|"??_IP_???"____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|ipsecData__________|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_4A_00_00_00_01_00_00_00_02_00_00|B5_20_DC_80_C8_2E_D1_11_A8_9E_00_A0_24_8D_30_21_4A_00_00_00_01_00_00_00_02_00_0|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecFilter{7238523a-70fa-11d1-864c-14a300000000}___________|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecISAKMPPolicy{72385234-70fa-11d1-864c-14a300000000}_____|whenChanged________|0x4A436156______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}|description________|"Accepts_unsecured_communication,_but_requests_clients_to_establish_trust_and_se|"????????,?????????????????????????????????????????"___________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}|ipsecName__________|"Request_Security_(Optional)"___________________________________________________|"????_(??)"____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{72385233-70fa-11d1-864c-14a300000000}|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}|description________|"Permit_unsecured_IP_packets_to_pass_through."__________________________________|"??????_IP_????"_______________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}|ipsecName__________|"Permit"________________________________________________________________________|"??"___________________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523b-70fa-11d1-864c-14a300000000}|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}|description________|"Accepts_unsecured_communication,_but_always_requires_clients_to_establish_trust|"????????,?????????????????????????????????"___________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}|ipsecName__________|"Require_Security"______________________________________________________________|"????"_________________________________________________________________________|
|modified|HKLM/SOFTWARE/Policies/Microsoft/Windows/IPSec/Policy/Local/ipsecNegotiationPolicy{7238523f-70fa-11d1-864c-14a300000000}|whenChanged________|0x4A436155______________________________________________________________________|0x46EE3DCE_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Control/GroupOrderList________________________________________________________________________|Extended_Base______|04_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_____________________|05_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_05_00_00_00________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/GroupOrderList____________________________________________________________________|Extended_Base______|04_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_____________________|05_00_00_00_01_00_00_00_02_00_00_00_04_00_00_00_03_00_00_00_05_00_00_00________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_16_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
**** DNS_Results ****
 _____________________________________________________
|DNS_________|DNS_Response____________________________|
|js.jk136.com|Standard_query_response_A_202.103.221.20|
|www.yztq.net|Standard_query_response_A_123.196.125.15|
|www.yztq.net|Standard_query_response_A_61.183.11.242_|
**** URL_Results ****
 ________________________________________________________________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI__________________________________________________|HTTP_USER_AGENT|PROTOCOL|
|123.196.125.15_|www.yztq.net________|/tj/count.asp?mac=00c029ebbf39&ver=1.0&os=WindowsXP&dtime=2011-2-2|baidu__________|0x06____|
|61.183.11.242__|www.yztq.net________|/tj/count.asp?mac=00c029ebbf39&ver=1.0&os=WindowsXP&dtime=2011-2-2|baidu__________|0x06____|
|239.255.255.250|239.255.255.250:1900|*_________________________________________________________________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|44______|41______|3079_____|5196_____|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|10___|6_______|30______|28______|2096_____|1684_____|
|80___|6_______|14______|13______|983______|3512_____|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|21:21:37|2011-03-23|6_______|10.10.10.7|202.103.221.20_|->_|e____|399__|10___|13__|928__|
|21:21:37|2011-03-23|6_______|10.10.10.7|123.196.125.15_|->_|e____|400__|80___|13__|2017_|
|21:21:38|2011-03-23|6_______|10.10.10.7|202.103.221.20_|->_|e____|509__|10___|13__|932__|
|21:21:42|2011-03-23|6_______|10.10.10.7|202.103.221.20_|->_|e____|399__|10___|10__|600__|
|21:21:42|2011-03-23|6_______|10.10.10.7|123.196.125.15_|->_|e____|400__|80___|11__|2298_|
|21:21:43|2011-03-23|6_______|10.10.10.7|202.103.221.20_|->_|e____|509__|10___|10__|600__|
|21:21:47|2011-03-23|6_______|10.10.10.7|202.103.221.20_|->_|e____|399__|10___|6___|360__|
|21:21:48|2011-03-23|6_______|10.10.10.7|123.196.125.15_|->_|e____|400__|80___|3___|180__|
|21:21:48|2011-03-23|6_______|10.10.10.7|202.103.221.20_|->_|e____|509__|10___|6___|360__|
|01:59:18|2011-05-08|6_______|10.10.10.7|202.103.221.20_|->_|e____|513__|10___|13__|928__|
|01:59:19|2011-05-08|6_______|10.10.10.7|61.183.11.242__|->_|e____|514__|80___|13__|2017_|
|01:59:20|2011-05-08|6_______|10.10.10.7|202.103.221.20_|->_|e____|452__|10___|13__|932__|
|01:59:23|2011-05-08|6_______|10.10.10.7|202.103.221.20_|->_|e____|513__|10___|10__|600__|
|01:59:24|2011-05-08|6_______|10.10.10.7|61.183.11.242__|->_|e____|514__|80___|10__|1965_|
|01:59:25|2011-05-08|6_______|10.10.10.7|202.103.221.20_|->_|e____|452__|10___|10__|600__|
|01:59:28|2011-05-08|6_______|10.10.10.7|202.103.221.20_|->_|e____|513__|10___|6___|360__|
|01:59:29|2011-05-08|6_______|10.10.10.7|61.183.11.242__|->_|e____|514__|80___|4___|513__|
|01:59:30|2011-05-08|6_______|10.10.10.7|202.103.221.20_|->_|e____|452__|10___|6___|360__|
|02:04:21|2011-05-08|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|