**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =6e4f168b202bcae89ab6c5d60638b2a0

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________|File_Size|
|6e4f168b202bcae89ab6c5d60638b2a0|35c28d7a106d4dbcccf5932b5d7828a766dd39f5|cc2006b3dfe7e14152d8acba89d4ad899b57807960168e3c72609b8b12594abc|6144:bDeWbibn2UdAirjqCVaO2thIt5n2V5eKnRkLfX:66UdzrjJ0O2thIt5ESLv|249344___|
**** File_Results ****
 _________
|File_Name|
|info.exe_|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 _______________________________________________________________________________
|Path__________________________________________________|File_Name_______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|~unins2250.bat__________|
|c:/Documents_and_Settings_____________________________|dmc73144xplore.exe______|
|c:/WINDOWS/Prefetch___________________________________|AUTOIT3.EXE-32361418.pf_|
|c:/WINDOWS/Prefetch___________________________________|C_28593D.EXE-06BB7CC3.pf|
|c:/WINDOWS/Prefetch___________________________________|IPCONFIG.EXE-2395F30B.pf|
|c:/WINDOWS/Prefetch___________________________________|NTVDM.EXE-1A10A423.pf___|
|c:/WINDOWS/Prefetch___________________________________|REGSHOT.EXE-010A5EE6.pf_|
|c:/WINDOWS/Prefetch___________________________________|SANDNET.EXE-2012C478.pf_|
|c:/WINDOWS/system32___________________________________|c_28593D.exe____________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ______________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_____________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_____________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_____________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_____________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|NTUSER.DAT____________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|DIEP.EXE-0B3E1DC8.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software______________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|software.LOG__________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG____________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts_________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________________________________________________|wmiprov.log___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|INDEX.MAP_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING.VER___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|MAPPING2.MAP__________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________________________________________________|OBJECTS.MAP___________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________________________________________________________________________
|Action|Path________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer____|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run|
|added_|HKLM/SOFTWARE/YICGGIOWP_____________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/YICGGIOWP_|
**** Registry_Values_(Added)_-_ICC_Results ****
 ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action|Path________________________________________________________________________________________________________|Val_Name______________________________________|Val_Data________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/Internet_Settings____________________________________________|6_____________________________________________|CD_5C_88_72_7D__________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run________________________________________|haqgo_________________________________________|"C:/WINDOWS/system32/c_28593D.exe"______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Control/Session_Manager___________________________________________________________|PendingFileRenameOperations___________________|5C_3F_3F_5C_43_3A_5C_77_69_6E_64_6F_77_73_5C_73_79_73_74_65_6D_33_32_5C_73_61_6E|
|added_|HKLM/SYSTEM/CurrentControlSet/Control/Session_Manager_______________________________________________________|PendingFileRenameOperations___________________|5C_3F_3F_5C_43_3A_5C_77_69_6E_64_6F_77_73_5C_73_79_73_74_65_6D_33_32_5C_73_61_6E|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings|6_____________________________________________|CD_5C_88_72_7D__________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://WINDOWS//system32//ipconfig.exe___________|"IP_Configuration_Utility"______________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://Documents_and_Settings//dmc73144xplore.exe|"dmc73144xplore"________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________|C://WINDOWS//system32//ntvdm.exe______________|"NTVDM.EXE"_____________________________________________________________________|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 _______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|D9_A5_07_59_7D_6C_F4_C0_0C_DF_B4_8A_5F_48_9A_BA_8D_36_E3_57_8C_F3_7F_5A_3E_1D_C3|05_6D_B6_5C_5E_18_55_AA_72_94_1A_2A_46_40_EC_CE_7C_72_D9_10_06_3C_32_DE_0E_0B_BA|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation_____________________________________________________|ProgramCount_______|0x00000002______________________________________________________________________|0x00000004______________________________________________________________________|
**** DNS_Results ****
 _______________________________________________________________________
|DNS_____________|DNS_Response__________________________________________|
|middlechrist.com|Standard_query_response_A_78.159.100.32_______________|
|imagehut4.cn____|Standard_query_response_A_64.158.56.57_A_63.251.179.57|
**** URL_Results ****
 ___________________________________________________________________________________________________________
|DstIP_______|HTTP_HOST___|HTTP_REQUEST_URI|HTTP_USER_AGENT________________________________________|PROTOCOL|
|64.158.56.57|imagehut4.cn|/update/utu.dat_|Mozilla/4.0_(compatible;_MSIE_7.0;_Windows_NT_5.2;_SV1)|0x06____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|15______|12______|3349_____|1545_____|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|15______|12______|3349_____|1545_____|
**** ARGUS_DATA_Results ****
 ______________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|14:12:13|2011-10-07|6_______|10.10.10.7|78.159.100.32|->_|e____|520__|80___|9___|1751_|
|14:12:14|2011-10-07|6_______|10.10.10.7|78.159.100.32|->_|e____|521__|80___|9___|2211_|
|14:12:15|2011-10-07|6_______|10.10.10.7|64.158.56.57_|->_|e____|522__|80___|9___|932__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|