**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =9362a3aee38102dde68211ccb63c3e07

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|9362a3aee38102dde68211ccb63c3e07|8758679540f48feba82d2b022b8d71756eb935e7|1050612d6924e758d96ec804e3cbba15da8e6c4a1e9adfae843049868c209104|24:etGSbbCETbxvIqjhjNZj7Xqjx/LQgSrSeF6kY8NjTdwPmKhbRStoB:6t/xAqj3Znalc7rSeJY8JTa|2560_____|
**** File_Results ****
 _________
|File_Name|
|rc.exe___|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 ________________________________
|AV_Alert______________|AV_Vendor|
|Infostealer.Gampass___|Symantec_|
|Artemis!9362A3AEE381__|McAfee___|
|Trojan.Win32.Qhost.nix|Kaspersky|
|Generic_______________|McAfee___|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ____________________________________________
|Path________________|File_Name______________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|AUTOIT3.EXE-32361418.pf|
|c:/WINDOWS/Prefetch_|DIEP.EXE-0B3E1DC8.pf___|
|c:/WINDOWS/Prefetch_|HSTART.EXE-221D72BF.pf_|
|c:/WINDOWS/Prefetch_|REGSHOT.EXE-010A5EE6.pf|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf|
|c:__________________|netstat_post.txt_______|
|c:__________________|taskv_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_______|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_______|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_______|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_______|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt_________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_____|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf____|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf___|
|c:__________________|netstat_post.txt_______|
|c:__________________|tasksvc_post.txt_______|
|c:__________________|taskv_post.txt_________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________
|Action__|Path__________________________________________|File_Name_______________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|NTOSBOOT-B00DFAAD.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SCP.EXE-174845DC.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|SENDIT.EXE-34C997E3.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WUAUCLT.EXE-399A8E72.pf_|
|modified|c:/WINDOWS____________________________________|SchedLgU.Txt____________|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|edb.chk_________________|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|7D_A0_3B_95_32_FF_86_41_56_C1_7D_C4_2B_F9_BA_2B_DC_F7_0B_57_DF_98_68_5C_BD_1D_22|2A_87_0D_53_C0_BC_1B_4E_2C_C2_95_DF_5C_AA_8A_1C_D9_1F_A0_07_5D_10_30_29_03_06_3|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|F9_D1_E9_F9_D0_9F_11_6B_77_DA_8D_97_74_C6_7A_4C_9C_52_01_64_9C_D6_30_82_E9_78_DB|0E_A8_C3_4C_5A_D5_94_2A_87_8F_F4_3C_F8_36_E9_94_77_AF_48_69_59_99_B0_B1_1B_BE_5|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|73_16_29_9D_5F_08_F9_AA_82_75_5E_21_BB_E0_36_1C_06_AB_8F_A4_C5_F3_00_AC_8F_7A_2E|30_72_CA_6F_99_32_FE_86_1C_8F_97_23_00_F5_A4_C5_4E_8A_CA_C9_18_FC_9D_B3_2F_48_F|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|34_BD_00_AA_DA_10_DF_49_A4_1B_EA_08_AB_E5_80_5D_5A_36_35_67_D7_56_23_EC_D1_A0_CD|09_CE_2F_0D_D4_60_47_48_56_3F_69_67_3D_52_D3_94_8E_A8_39_73_64_9B_61_98_EF_87_2|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|D7_2A_0C_15_D2_A7_86_CF_4C_A8_9F_7B_CB_12_54_13_A9_06_C5_89_7B_8B_9D_3E_09_3A_20|94_FD_C5_81_12_89_58_10_B0_05_CC_29_AA_BB_31_33_C5_74_91_94_BF_46_0E_B6_EE_E6_6|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|B3_1D_CE_59_F9_A2_DE_4C_FC_FA_9A_D3_90_05_02_46_88_94_A8_DB_B9_67_0E_2D_70_63_C9|91_70_E2_16_AA_D6_85_C9_4B_27_1B_FB_F2_AF_A6_A6_C0_42_F3_60_FE_D6_73_1D_2F_CB_7|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|34_E7_2C_AD_9E_86_A9_4F_A2_67_92_65_83_AF_B1_39_97_41_85_9E_BD_9D_15_2B_B5_4A_16|93_84_63_D3_32_98_61_90_B7_99_46_F1_32_76_C6_95_65_18_71_7D_3D_24_EF_61_65_12_D|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|A0_D4_6A_D7_02_99_70_67_BD_98_22_97_7F_E0_36_A6_08_9C_80_C5_A4_C0_12_A8_96_9A_57|00_22_7D_CD_77_48_93_C6_75_1F_A4_BE_5F_9E_4C_F6_30_F3_48_6A_5A_76_04_97_A8_78_6|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|19_AE_56_93_3C_EC_CD_17_A3_DE_9D_76_D6_9D_1C_A3_D1_F3_EA_9A_F7_41_2E_BE_2C_F9_A7|61_33_76_D5_EC_E4_78_52_32_B4_7F_22_02_E1_75_11_CC_26_D7_CB_D7_CC_AF_38_E6_B7_1|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|4A_82_33_F9_35_B4_10_5B_BA_80_6E_83_EC_4F_40_FB_E3_04_F7_87_7A_98_3E_FA_D5_BE_83|C0_F1_9E_16_1A_91_08_8F_37_BC_CB_74_F4_9A_D9_36_B0_34_31_76_49_12_75_4E_B7_E8_9|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|7E_8C_89_5E_A6_CD_20_83_4A_64_AE_15_D4_A8_00_99_DD_94_8B_A1_82_B6_E0_CF_5F_A1_8E|4C_14_04_D0_4C_6D_6B_EC_C8_98_17_4C_BD_7E_27_0D_B1_2C_E1_0D_95_EA_65_7F_6C_4C_9|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|D3_0E_80_3A_E9_FA_46_92_15_02_DD_A7_98_93_BC_54_11_EC_05_59_1A_69_9E_FC_B1_12_40|6A_D4_07_EE_53_BF_9F_14_58_7C_49_3C_E8_FC_55_F6_E1_78_3A_6C_A0_E2_17_BB_DD_F9_F|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|13_7E_BE_B8_C7_BF_A1_4E_5C_AF_10_A8_EA_F7_93_DA_96_FC_52_E1_83_C6_EC_AC_4E_C8_63|75_39_CF_8F_A8_23_45_55_D0_38_12_C7_AE_59_EE_EE_31_F1_47_2C_12_B8_6F_69_9A_16_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|3_______|0_______|525______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|3_______|0_______|525______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|10:45:35|2010-07-13|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|10:45:41|2010-07-13|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|14:15:06|2010-07-13|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|14:39:49|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|20:34:23|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|20:34:29|2010-07-14|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|12:26:38|2010-07-15|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|20:21:12|2010-07-15|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|20:21:18|2010-07-15|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|04:34:08|2010-07-16|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|12:55:44|2010-07-16|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|11:05:23|2010-07-17|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:09:43|2010-07-18|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:09:49|2010-07-18|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|13:43:13|2010-07-21|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|04:58:23|2010-07-30|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|23:07:47|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|18:01:42|2010-08-27|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|