**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =6ac989fbb46fbb726c9ce8b5ebd07c30

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|6ac989fbb46fbb726c9ce8b5ebd07c30|480e2a8bd30a5753692643965ca99bb83186ef09|e0ffe2912f1d9bf21ab7f745b5298ce574968b46c926c9e0cb6abf2d91a9ac95|768:pvKG4xBLjPsW0qKZmnX4LESpyxHl8ixYQOeb1hhToRm0oCaHqAg0tSarRWtOdsnZ:p2/50qKZdLo|41472____|
**** File_Results ****
 ______________________________
|File_Name_____________________|
|Play%5FVideo%5FClick%5FRun.exe|
|faq.txt.exe___________________|
|build.exe_____________________|
|bottan.exe____________________|
|bgd2.txt.exe__________________|
|bgd2.txt%3Ft%3D0.3953301.exe__|
**** SNORT_Results ****
 __________________________________________________________________
|Snort_Class|Snort_Alert_____________________________________|Count|
|Misc_Attack|ET_RBN_Known_Russian_Business_Network_IP_TCP_(5)|4____|
**** AV_Results ****
 _______________________________
|AV_Alert_____________|AV_Vendor|
|Trojan.Gen___________|Symantec_|
|N/A__________________|McAfee___|
|Backdoor.Win32.VB.lvn|Kaspersky|
|Artemis!6AC989FBB46F_|McAfee___|
|Generic______________|McAfee___|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ______________________________________________________________________________
|Path__________________________________________________|File_Name______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|yq4yr18ww.bat__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF708E.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|oguohrym.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF8D8E.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|80e81bi6.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF704D.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|80e81bi6.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF8BA1.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|ohvoiryn.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF8DF2.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|3v93w6d11.bat__________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF714C.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|91f92cj7.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF7FE4.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|oguohrym.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF641E.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|2488.exe_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|7zd70ah5.bat___________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~DF9547.tmp____________|
|c:/WINDOWS/Prefetch___________________________________|2488.EXE-2190F40D.pf___|
|c:/WINDOWS/Prefetch___________________________________|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch___________________________________|NET1.EXE-029B9DB4.pf___|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch___________________________________|SC.EXE-012262AF.pf_____|
|c:/WINDOWS/system32___________________________________|87ghd.log______________|
|c:____________________________________________________|netstat_post.txt_______|
|c:____________________________________________________|tasksvc_post.txt_______|
|c:____________________________________________________|taskv_post.txt_________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/Documents_and_Settings/LocalService________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG____________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|25_06_F9_D2_4F_C6_8B_20_54_6C_05_A1_7B_6F_88_AC_83_DF_17_A3_B7_F3_9D_BB_93_0A_EF|FF_53_68_84_7F_E5_6A_BC_4C_CE_48_49_F5_49_C7_ED_7B_F1_99_2C_B0_E0_72_7E_60_17_2|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|43_2E_F1_76_34_86_57_1D_53_5C_5E_CD_A0_22_53_39_C5_37_FB_4C_4B_77_78_99_3C_3C_4E|6F_7A_90_81_28_E1_C1_7E_C8_DF_C6_0D_D1_A3_B2_8E_90_00_BD_76_31_B4_F0_E1_E7_B1_A|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|DE_D8_04_F5_0E_FF_48_D4_4F_A9_D9_D1_C7_31_49_3C_ED_F4_64_2F_69_40_3F_1C_4C_62_C5|08_F3_A8_97_1E_3C_17_7D_77_C5_4D_46_7C_8B_3D_33_D3_83_6B_F0_05_0D_2C_EA_C9_C7_E|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|56_F2_84_A7_5E_04_A8_60_CB_9A_7C_12_27_8B_79_2A_CF_28_72_15_52_02_6E_2A_55_94_33|C7_D9_18_6A_54_92_4A_CE_8F_ED_30_8F_CF_B6_88_2A_12_D9_26_DE_A9_4F_FC_F7_B6_45_4|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|3C_AB_4D_C4_29_E9_72_09_57_9D_6E_71_CD_DE_27_89_CD_2E_D6_15_D4_42_12_E2_1F_AF_3B|78_72_14_2B_9F_0D_28_6F_92_9F_46_D7_AD_47_33_66_4E_99_DF_C3_E6_56_97_B9_27_5B_1|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|B0_51_1B_05_7D_39_27_94_B8_62_CC_69_53_5A_8A_64_9D_D7_B4_0A_FB_94_72_A8_A4_0F_F8|57_7F_56_7E_E4_AC_A5_89_F9_DF_83_E4_65_78_9A_C4_C8_04_1B_19_48_03_D9_1F_CC_C7_2|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|21_A7_79_42_32_E5_2C_DD_CC_61_FC_30_27_DC_EF_6C_44_A2_6B_3E_DE_04_21_1F_77_44_9A|E9_71_37_6D_32_D9_16_11_47_85_B0_AD_AA_C5_CF_B7_F8_5E_BD_21_76_66_24_1F_C7_FE_A|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000106______________________________________________________________________|0x00000107_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000106______________________________________________________________________|0x00000107_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|0A_13_95_50_91_9A_C4_87_60_D5_89_AF_C9_2E_42_AA_C2_BE_A5_7A_30_B1_65_AB_9E_DB_E1|E8_33_0B_5E_5D_3A_EA_9E_94_0F_4A_36_C7_20_74_67_D2_A5_14_7A_6C_EE_ED_DC_BB_C5_C|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|CC_39_B2_30_79_2C_74_0D_E5_11_73_94_F5_56_2E_90_F0_B0_55_69_EC_95_19_DB_29_EE_0F|8F_06_0C_26_1E_D3_DF_26_A8_3E_1A_28_96_2A_AD_7A_51_FE_EA_2F_F8_15_D2_17_89_00_A|
|modified|HKLM/SOFTWARE/Microsoft/Windows_NT/CurrentVersion/ProfileList/S-1-5-19__________________________________________________|RefCount___________|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess_________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch___________________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/wscsvc_______________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess_____________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch_______________________________________________________________|Epoch______________|0x00000104______________________________________________________________________|0x00000105_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/wscsvc___________________________________________________________________________|Start______________|0x00000002______________________________________________________________________|0x00000004_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 _________________________________________________________
|DNS_______________|DNS_Response__________________________|
|exe.perfectexe.com|Standard_query_response_A_122.224.6.48|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|60______|56______|4892_____|3368_____|
|17______|3_______|0_______|525______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|255__|6_______|60______|56______|4892_____|3368_____|
|1900_|17______|3_______|0_______|525______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|15:10:50|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|30___|255__|13__|1105_|
|15:10:55|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|30___|255__|10__|600__|
|15:11:00|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|30___|255__|6___|360__|
|15:12:03|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|99___|255__|13__|1105_|
|15:12:08|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|99___|255__|10__|600__|
|15:12:13|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|99___|255__|6___|360__|
|15:13:17|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|417__|255__|14__|1165_|
|15:13:22|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|417__|255__|10__|600__|
|15:13:27|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|417__|255__|5___|300__|
|15:14:30|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|103__|255__|13__|1105_|
|15:14:35|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|103__|255__|11__|660__|
|15:14:40|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|103__|255__|5___|300__|
|15:16:14|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|15:16:20|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|21:05:25|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|29___|255__|13__|1105_|
|21:05:30|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|29___|255__|11__|660__|
|21:05:35|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|29___|255__|5___|300__|
|21:06:38|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|388__|255__|13__|1105_|
|21:06:43|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|388__|255__|11__|660__|
|21:06:48|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|388__|255__|5___|300__|
|21:07:52|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|503__|255__|13__|1105_|
|21:07:57|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|503__|255__|11__|660__|
|21:08:02|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|503__|255__|5___|300__|
|21:09:05|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|197__|255__|14__|1165_|
|21:09:10|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|197__|255__|11__|660__|
|21:09:16|2010-07-14|6_______|10.10.10.7|122.224.6.48___|->_|e____|197__|255__|4___|240__|
|21:10:49|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|21:10:55|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|12:57:33|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|63___|255__|13__|1105_|
|12:57:38|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|63___|255__|11__|660__|
|12:57:43|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|63___|255__|5___|300__|
|12:58:46|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|241__|255__|13__|1108_|
|12:58:51|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|241__|255__|11__|660__|
|12:58:57|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|241__|255__|5___|300__|
|13:00:00|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|142__|255__|13__|1105_|
|13:00:05|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|142__|255__|11__|660__|
|13:00:10|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|142__|255__|5___|300__|
|13:01:13|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|13__|1105_|
|13:01:18|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|11__|660__|
|13:01:23|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|5___|300__|
|13:01:30|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|1___|60___|
|13:01:36|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|1___|60___|
|13:01:48|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|1___|60___|
|13:02:12|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|195__|255__|1___|60___|
|20:52:16|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|32___|255__|13__|1105_|
|20:52:21|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|32___|255__|10__|600__|
|20:52:26|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|32___|255__|6___|360__|
|20:53:29|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|434__|255__|13__|1105_|
|20:53:34|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|434__|255__|11__|660__|
|20:53:39|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|434__|255__|5___|300__|
|20:54:42|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|311__|255__|13__|1108_|
|20:54:47|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|311__|255__|10__|600__|
|20:54:53|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|311__|255__|6___|360__|
|20:55:57|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e____|49___|255__|13__|1105_|
|20:56:02|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|49___|255__|6___|360__|
|20:56:08|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|49___|255__|2___|120__|
|20:56:16|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|49___|255__|1___|60___|
|20:56:31|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|49___|255__|1___|60___|
|20:56:59|2010-07-15|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|49___|255__|1___|60___|
|13:02:56|2010-07-15|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|20:57:36|2010-07-15|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|05:05:08|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|11___|255__|14__|1165_|
|05:05:13|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|11___|255__|10__|600__|
|05:05:18|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|11___|255__|5___|300__|
|05:06:22|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|17___|255__|13__|1105_|
|05:06:27|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|17___|255__|11__|660__|
|05:06:32|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|17___|255__|5___|300__|
|05:07:35|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|379__|255__|14__|1165_|
|05:07:40|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|379__|255__|10__|600__|
|05:07:45|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|379__|255__|5___|300__|
|05:08:48|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|13__|1105_|
|05:08:53|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|10__|600__|
|05:08:58|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|6___|360__|
|05:09:04|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|1___|60___|
|05:09:10|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|1___|60___|
|05:09:21|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|1___|60___|
|05:09:44|2010-07-16|6_______|10.10.10.7|122.224.6.48___|->_|e____|639__|255__|1___|60___|
|05:10:31|2010-07-16|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|11:36:25|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|11___|255__|14__|1165_|
|11:36:30|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|11___|255__|10__|600__|
|11:36:35|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|11___|255__|5___|300__|
|11:37:38|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|37___|255__|13__|1105_|
|11:37:43|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|37___|255__|10__|600__|
|11:37:48|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|37___|255__|6___|360__|
|11:38:52|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|42___|255__|13__|1108_|
|11:38:57|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|42___|255__|11__|660__|
|11:39:02|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|42___|255__|5___|300__|
|11:40:05|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|357__|255__|13__|1105_|
|11:40:10|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|357__|255__|11__|660__|
|11:40:15|2010-07-17|6_______|10.10.10.7|122.224.6.48___|->_|e____|357__|255__|5___|300__|
|07:40:55|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|12___|255__|13__|1105_|
|07:41:00|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|12___|255__|10__|600__|
|07:41:05|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|12___|255__|6___|360__|
|07:42:10|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|487__|255__|13__|1105_|
|07:42:15|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|487__|255__|11__|660__|
|07:42:20|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|487__|255__|5___|300__|
|07:43:22|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|90___|255__|13__|1105_|
|07:43:27|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|90___|255__|10__|600__|
|07:43:32|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|90___|255__|6___|360__|
|07:44:35|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|24___|255__|13__|1105_|
|07:44:40|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|24___|255__|11__|660__|
|07:44:46|2010-07-18|6_______|10.10.10.7|122.224.6.48___|->_|e____|24___|255__|5___|300__|
|11:41:52|2010-07-17|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:46:25|2010-07-18|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|12:52:23|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|122__|255__|13__|1108_|
|12:52:28|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|122__|255__|11__|660__|
|12:52:33|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|122__|255__|5___|300__|
|12:53:36|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|99___|255__|13__|1105_|
|12:53:41|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|99___|255__|11__|660__|
|12:53:46|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|99___|255__|5___|300__|
|12:54:49|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|190__|255__|14__|1165_|
|12:54:54|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|190__|255__|10__|600__|
|12:54:59|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|190__|255__|5___|300__|
|12:56:02|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|13__|1105_|
|12:56:07|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|11__|660__|
|12:56:12|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|5___|300__|
|12:56:19|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|1___|60___|
|12:56:25|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|1___|60___|
|12:56:37|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|1___|60___|
|12:57:02|2010-07-21|6_______|10.10.10.7|122.224.6.48___|->_|e____|177__|255__|1___|60___|
|12:57:45|2010-07-21|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|17:38:09|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|284__|255__|13__|1105_|
|17:38:14|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|284__|255__|10__|600__|
|17:38:19|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|284__|255__|6___|360__|
|17:39:22|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|566__|255__|14__|1164_|
|17:39:28|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|566__|255__|10__|600__|
|17:39:33|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|566__|255__|5___|300__|
|17:40:35|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|624__|255__|13__|1108_|
|17:40:40|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|624__|255__|10__|600__|
|17:40:45|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e____|624__|255__|6___|360__|
|17:41:50|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|758__|255__|13__|1105_|
|17:41:55|2010-07-24|6_______|10.10.10.7|122.224.6.48___|->_|e_d__|758__|255__|2___|120__|
|17:43:26|2010-07-24|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|