Malware Report

Malware Report - Results

This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:

MD5 =93c98cfc407afe3c3b3cd557643a160e

Malware Report - Results

File MD5Sum	SHA1SUM	SHA256SUM	FUZZY HASH	File Size
93c98cfc407afe3c3b3cd557643a160e	fbca31e452e693c1ac01b04105a184e5755fd0ec	5a06d7ca8e39b39291e9eb2203283080dbe8d5a6eb1956288e6a2963e19a24c5	1536:PmkgRjKOPM82q2qstg4QeV/EVWUXLNjUYphlp:PmV3Pz2fgneV8tXp9jD	80596

File Results

File Name
www.hhezahh.co.cc.exe
thootham.exe
statsbeck.com.exe
statistics.php.exe
shufaica.exe
scan.exe
saejuogi.exe
oomiephe.exe
load.php%3Fspl%3Djava%5Fgsb%26h%3B%3D.exe
laangiet.exe
l.php.exe
installer.0042.exe
index.php.exe
exe.exe
bot.exe
baiquaad.exe
%3Espl%3DMDAC%26exe%5Facces%3Don.exe

SNORT Results

Snort Class	Snort Alert	Count
Misc Attack	ET RBN Known Russian Business Network IP TCP (284)	1

AV Results

AV Alert	AV Vendor

Folders (Added) - ICC Results

Path	Folder Name
c:/Documents and Settings/dmc73144/Local Settings/Temp	d5cc4b46-34b2-412f-b87b-aabed2287952
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	715393df-506a-4832-86cd-900138ca1b89
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	4e571963-08d3-4f93-8c2d-2fd9538527df
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	9f400591-57db-473c-a155-b39f3cbc63e0
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	c7ea2850-ca0c-4821-a711-babad3ca589a
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	38340485-bed7-4681-a270-d326e6cd1d37
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	dacc35b4-73e4-4c0d-b819-d67fb7297581
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	ae7c964e-3e4b-4d61-b40e-527828533e05
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	f0edcf17-7b3e-4eed-98f8-0428940ac24b
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	66260f35-cc1f-44f5-ba98-b0d442e123e2
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C
c:/Documents and Settings/dmc73144/Local Settings/Temp	d3240025-0d8f-4942-be4c-9f77407798df
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	ITB2CJ0C

Files (Added) - ICC Results

Path	File Name
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/d5cc4b46-34b2-412f-b87b-aabed2287952	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/d5cc4b46-34b2-412f-b87b-aabed2287952	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/d5cc4b46-34b2-412f-b87b-aabed2287952	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	RUNDLL32.EXE-2512DEBF.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-306B40A1.pf
c:	netstat_post.txt
c:	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/715393df-506a-4832-86cd-900138ca1b89	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/715393df-506a-4832-86cd-900138ca1b89	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/715393df-506a-4832-86cd-900138ca1b89	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-13722C3F.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-1AB3B55B.pf
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/4e571963-08d3-4f93-8c2d-2fd9538527df	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/4e571963-08d3-4f93-8c2d-2fd9538527df	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/4e571963-08d3-4f93-8c2d-2fd9538527df	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CYGRUNSRV.EXE-01BF82AE.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-1CE2C65D.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-218ACEC9.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/9f400591-57db-473c-a155-b39f3cbc63e0	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/9f400591-57db-473c-a155-b39f3cbc63e0	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/9f400591-57db-473c-a155-b39f3cbc63e0	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/c7ea2850-ca0c-4821-a711-babad3ca589a	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/c7ea2850-ca0c-4821-a711-babad3ca589a	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/c7ea2850-ca0c-4821-a711-babad3ca589a	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/38340485-bed7-4681-a270-d326e6cd1d37	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/38340485-bed7-4681-a270-d326e6cd1d37	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/38340485-bed7-4681-a270-d326e6cd1d37	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-25DE1D47.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-482AC6D9.pf
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/dacc35b4-73e4-4c0d-b819-d67fb7297581	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/dacc35b4-73e4-4c0d-b819-d67fb7297581	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/dacc35b4-73e4-4c0d-b819-d67fb7297581	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-27C30B35.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-35836DA9.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf
c:/DELL/VIDEO/OUTPUT	netstat_base.txt
c:/DELL/VIDEO/OUTPUT	netstat_post.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_base.txt
c:/DELL/VIDEO/OUTPUT	tasksvc_post.txt
c:/DELL/VIDEO/OUTPUT	taskv_base.txt
c:/DELL/VIDEO/OUTPUT	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/ae7c964e-3e4b-4d61-b40e-527828533e05	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/ae7c964e-3e4b-4d61-b40e-527828533e05	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/ae7c964e-3e4b-4d61-b40e-527828533e05	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	7Z.EXE-1A62CD19.pf
c:/WINDOWS/Prefetch	CYGRUNSRV.EXE-01BF82AE.pf
c:/WINDOWS/Prefetch	NET.EXE-01A53C2F.pf
c:/WINDOWS/Prefetch	NET1.EXE-029B9DB4.pf
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/f0edcf17-7b3e-4eed-98f8-0428940ac24b	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/f0edcf17-7b3e-4eed-98f8-0428940ac24b	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/f0edcf17-7b3e-4eed-98f8-0428940ac24b	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/66260f35-cc1f-44f5-ba98-b0d442e123e2	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/66260f35-cc1f-44f5-ba98-b0d442e123e2	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/66260f35-cc1f-44f5-ba98-b0d442e123e2	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:/WINDOWS/Prefetch	RUNDLL32.EXE-19E0DDC4.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-32993667.pf
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/Documents and Settings/dmc73144/Application Data	8fbc0ebc-15d7-4dae-818a-50f3473ae912_47.avi
c:/Documents and Settings/dmc73144/Local Settings/Temp/d3240025-0d8f-4942-be4c-9f77407798df	wrk1.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temp/d3240025-0d8f-4942-be4c-9f77407798df	wrk2.tmp
c:/Documents and Settings/dmc73144/Local Settings/Temp/d3240025-0d8f-4942-be4c-9f77407798df	wrk2.tmp_47
c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5/ITB2CJ0C	desktop.ini
c:	netstat_post.txt
c:	tasksvc_post.txt
c:	taskv_post.txt
c:/WINDOWS/Prefetch	RUNDLL32.EXE-1EAC97FA.pf
c:/WINDOWS/Prefetch	RUNDLL32.EXE-4AE4645F.pf
c:/WINDOWS/Prefetch	SANDNET.EXE-2012C478.pf

Files (Deleted) - ICC Results

Action	Path	File Name

Files (Changed) - ICC Results

Action	Path	File Name
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/Program Files/OpenSSH/var/run	sshd.pid
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING1.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/Program Files/OpenSSH/var/run	sshd.pid
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wbemess.log
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/Documents and Settings/dmc73144/Cookies	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/History/History.IE5	index.dat
modified	c:/Documents and Settings/dmc73144/Local Settings/Temporary Internet Files/Content.IE5	index.dat
modified	c:/Documents and Settings/dmc73144	ntuser.dat.LOG
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP
modified	c:/WINDOWS/Prefetch	CMD.EXE-087B4001.pf
modified	c:/WINDOWS/Prefetch	NETSTAT.EXE-2B2B4428.pf
modified	c:/WINDOWS/Prefetch	SH.EXE-00254D2B.pf
modified	c:/WINDOWS/Prefetch	SLEEP.EXE-094A3D2A.pf
modified	c:/WINDOWS/Prefetch	SSHD.EXE-298CA236.pf
modified	c:/WINDOWS/Prefetch	SWITCH.EXE-0496EC21.pf
modified	c:/WINDOWS/Prefetch	TASKLIST.EXE-10D94B23.pf
modified	c:/WINDOWS/Prefetch	WMIPRVSE.EXE-28F301A9.pf
modified	c:/WINDOWS/system32/drivers/etc	hosts
modified	c:/WINDOWS/system32/wbem/Logs	wmiprov.log
modified	c:/WINDOWS/system32/wbem/Repository/FS	INDEX.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING.VER
modified	c:/WINDOWS/system32/wbem/Repository/FS	MAPPING2.MAP
modified	c:/WINDOWS/system32/wbem/Repository/FS	OBJECTS.MAP

Registry Keys (Added) - ICC Results

Action	Path

Registry Values (Added) - ICC Results

Action	Path	Val_Name	Val_Data

Registry Values (Deleted) - ICC Results

Action	Path	Val_Name	Val_Type	Mod_Val_Type	Val_Data	Mod_Val_Data

Registry Values (Changed) - ICC Results

Action	Path	Val_Name	Val_Data	Mod_Val_Data
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	3C CD 90 34 AF 12 4E 04 C9 D8 78 DF 34 A1 F2 41 0F CF C2 DD 9A 06 B7 61 84 81 D9	DC FF 71 F3 0E 60 68 19 A4 37 E4 B2 91 9F 31 B1 DD B9 3E 98 2D AA D7 51 8D E0 E
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	7D F3 5A DF 45 69 2D 90 41 FC 31 EF 2A AD 45 11 4A 18 CA 3C 04 72 2C 13 15 45 84	98 3A C4 20 78 6A 6E CD 56 3C 5B BB 2E 0A DA F6 03 83 AF 38 05 93 AE 75 29 78 C
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	FC D8 B0 06 28 3A 60 7C FB 36 CA AD 44 8D F4 62 1D B9 D6 DA 0F 8D E9 2B F9 8B C7	1E 62 07 FB 95 0B 2E 5E C1 47 77 58 AF FF CD 50 C4 28 FA AE B4 0C 66 D3 9C 00 C
modified	HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	BF D8 DF BD 31 24 8D 3A 18 14 6A 0F 2E 73 16 9C 0A D9 48 99 43 F6 B5 8F B1 6E A5	8A 20 94 23 13 AA B5 66 FE A5 B9 28 E6 8C 87 BD 0D AB BF C0 52 CD 98 AD A1 9E A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	7E 4A 7B 4F BE 70 EA 6F 12 98 3F E1 6A B8 38 F1 AC 6A 5D D4 7B 6B 2A 20 DF 92 07	94 FF ED 6A E7 EB BA AC 2D C6 BE D7 F0 66 AF 9B 4C 14 81 2C 6D D4 59 8B E3 A4 5
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	5D 4D 7A 66 2F 05 F5 B4 4D 5E 29 B1 AD 62 1D CE 79 78 D3 D1 D2 24 47 5B AD 4C 6C	A8 D2 33 7D 80 B7 30 5B A0 6B 57 7A 2A EA 67 15 7E 8D C9 63 CC 6F C8 D7 88 5E 7
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	C7 11 9D D8 21 7E 33 56 AE F4 5D 61 FB F7 D3 77 5A EE B5 FC FC 04 AF B9 65 05 38	AE 29 F4 D0 6A D9 D0 7B 63 01 30 31 A6 CD 3F 76 DF AD 5D A8 C3 13 E4 25 F5 A5 3
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	C2 3C A8 CB 9F 70 88 6B 9D 31 CF 9B 4D 8E 3C 2C B0 41 19 89 40 91 4B 29 49 A1 CF	32 25 47 B9 90 56 AD 5D 94 64 AF CE E2 B0 E3 DE 90 13 48 64 CA 74 D0 D8 14 B1 1
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	A5 9B 26 48 4A 0E AA 6E 9D 86 56 28 24 62 0F CF F2 01 F6 C8 1A AC 3F BE C3 31 EB	27 EA BE 67 59 C0 3B 7B DB F2 8D 82 80 02 AB 46 3F B2 E7 59 C2 26 48 F8 09 45 E
modified	HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent		0x00000009	0x0000000A
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	B0 41 82 82 5D A6 91 3D E3 4C 33 32 80 5B E2 E6 A7 FD F4 B9 41 94 45 75 24 CD 2F	AF 79 42 E5 9F F0 DC 04 28 6D B6 09 96 6E AC A0 C8 75 7E 33 7D AB C6 E0 72 E2 7
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	55 FF B9 4C EF 7D 03 F0 7C CE B1 C7 1B 66 58 62 93 1D 17 EE FE 2D BC 76 A1 44 94	69 CF 69 17 A2 4B 0A B9 4A 26 B9 5E BD 1D CA 1C 02 96 22 8E A1 65 56 96 1C 03 8
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	19 A0 15 C1 E6 C7 2A D9 DE 4D 21 02 50 41 9E 3F F3 13 98 F8 33 39 D7 9C A1 F1 18	42 63 A3 F1 F2 3C C0 FD E4 18 E8 D7 B1 1E 50 61 25 A5 BC 52 18 08 19 48 9E EB 1
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001
modified	HKLM/SOFTWARE/Microsoft/Cryptography/RNG	Seed	89 9C 6F 08 CA CF C8 04 08 1E 46 EC F8 C6 AF 5A 7B 14 27 E6 05 0F EB 9B 76 C0 B3	8F FB 3B E8 92 22 13 27 7C D6 A2 26 72 98 61 ED D7 7B 69 28 71 FA B2 9B 45 F5 7
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet Settings/Connections	SavedLegacySettings	3C 00 00 00 15 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 00	3C 00 00 00 17 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 00 0
modified	HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation	ProgramCount	0x00000002	0x00000001

DNS Results

DNS	DNS Response
windowsupdate.microsoft.com	Standard query response CNAME windowsupdate.microsoft.nsatc.net A 65.54.221.118
windowsupdate.microsoft.com	Standard query response CNAME windowsupdate.microsoft.nsatc.net A 207.46.18.94

URL Results

DstIP	HTTP_HOST	HTTP_REQUEST_URI	HTTP_USER_AGENT	PROTOCOL
65.54.221.118	windowsupdate.microsoft.com	/		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=d5cc4b46-34b2-412f-b87b-aabed2287952&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=d5cc4b46-34b2-412f-b87b-aabed2287952&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=d5cc4b46-34b2-412f-b87b-aabed2287952&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=d5cc4b46-34b2-412f-b87b-aabed2287952&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=d5cc4b46-34b2-412f-b87b-aabed2287952&l=240		0x06
207.46.18.94	windowsupdate.microsoft.com	/		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=715393df-506a-4832-86cd-900138ca1b89&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=715393df-506a-4832-86cd-900138ca1b89&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=715393df-506a-4832-86cd-900138ca1b89&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=715393df-506a-4832-86cd-900138ca1b89&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=715393df-506a-4832-86cd-900138ca1b89&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=4e571963-08d3-4f93-8c2d-2fd9538527df&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=4e571963-08d3-4f93-8c2d-2fd9538527df&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=4e571963-08d3-4f93-8c2d-2fd9538527df&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=4e571963-08d3-4f93-8c2d-2fd9538527df&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=4e571963-08d3-4f93-8c2d-2fd9538527df&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=9f400591-57db-473c-a155-b39f3cbc63e0&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=9f400591-57db-473c-a155-b39f3cbc63e0&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=9f400591-57db-473c-a155-b39f3cbc63e0&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=9f400591-57db-473c-a155-b39f3cbc63e0&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=9f400591-57db-473c-a155-b39f3cbc63e0&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=c7ea2850-ca0c-4821-a711-babad3ca589a&t=2		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=c7ea2850-ca0c-4821-a711-babad3ca589a&l=416		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=c7ea2850-ca0c-4821-a711-babad3ca589a&t=5		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=c7ea2850-ca0c-4821-a711-babad3ca589a&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=c7ea2850-ca0c-4821-a711-babad3ca589a&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=38340485-bed7-4681-a270-d326e6cd1d37&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=38340485-bed7-4681-a270-d326e6cd1d37&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=38340485-bed7-4681-a270-d326e6cd1d37&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=38340485-bed7-4681-a270-d326e6cd1d37&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=38340485-bed7-4681-a270-d326e6cd1d37&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=dacc35b4-73e4-4c0d-b819-d67fb7297581&t=5		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=dacc35b4-73e4-4c0d-b819-d67fb7297581&t=2		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=dacc35b4-73e4-4c0d-b819-d67fb7297581&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=dacc35b4-73e4-4c0d-b819-d67fb7297581&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=dacc35b4-73e4-4c0d-b819-d67fb7297581&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=7f0b41ab-f426-4ffb-a025-01e4fa8cd435&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=7f0b41ab-f426-4ffb-a025-01e4fa8cd435&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=7f0b41ab-f426-4ffb-a025-01e4fa8cd435&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=7f0b41ab-f426-4ffb-a025-01e4fa8cd435&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=7f0b41ab-f426-4ffb-a025-01e4fa8cd435&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=ae7c964e-3e4b-4d61-b40e-527828533e05&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=ae7c964e-3e4b-4d61-b40e-527828533e05&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=ae7c964e-3e4b-4d61-b40e-527828533e05&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=ae7c964e-3e4b-4d61-b40e-527828533e05&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=ae7c964e-3e4b-4d61-b40e-527828533e05&l=240		0x06
239.255.255.250	239.255.255.250:1900	*	--blank--	0x11
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=f0edcf17-7b3e-4eed-98f8-0428940ac24b&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=f0edcf17-7b3e-4eed-98f8-0428940ac24b&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=f0edcf17-7b3e-4eed-98f8-0428940ac24b&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=f0edcf17-7b3e-4eed-98f8-0428940ac24b&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=f0edcf17-7b3e-4eed-98f8-0428940ac24b&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=66260f35-cc1f-44f5-ba98-b0d442e123e2&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=66260f35-cc1f-44f5-ba98-b0d442e123e2&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=66260f35-cc1f-44f5-ba98-b0d442e123e2&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=66260f35-cc1f-44f5-ba98-b0d442e123e2&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=66260f35-cc1f-44f5-ba98-b0d442e123e2&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=d3240025-0d8f-4942-be4c-9f77407798df&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=d3240025-0d8f-4942-be4c-9f77407798df&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=d3240025-0d8f-4942-be4c-9f77407798df&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=d3240025-0d8f-4942-be4c-9f77407798df&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=d3240025-0d8f-4942-be4c-9f77407798df&l=240		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=3c04db17-9708-43ad-84ac-fab51f3e062a&t=2		0x06
91.188.60.5	91.188.60.5	/hit.php?v=47&app_type_id=1&wm_id=acc0042&u=3c04db17-9708-43ad-84ac-fab51f3e062a&t=5		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=3c04db17-9708-43ad-84ac-fab51f3e062a&l=416		0x06
91.188.60.5	91.188.60.5	/t.php?app_type_id=1&wm_id=acc0042&u=3c04db17-9708-43ad-84ac-fab51f3e062a&v=47		0x06
91.188.60.5	91.188.60.5	/ll.php?v=47&app_type_id=1&wm_id=acc0042&u=3c04db17-9708-43ad-84ac-fab51f3e062a&l=240		0x06

ARGUS PROTOCOL Results

PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
6	36	28	3817	3605
17	2	0	350	0

ARGUS DPORT Results

DPORT	PROTOCOL	SRC_PKTS	DST_PKTS	SRC_BYTES	DST_BYTES
80	6	36	28	3817	3605
1900	17	2	0	350	0

ARGUS DATA Results

Time	Date	Protocol	SrcIP	DstIP	Dir	Flags	Sport	Dport	Pkts	Bytes
04:07:24	2010-08-23	6	10.10.10.7	65.54.221.118	->	e	42	80	9	889
04:07:25	2010-08-23	6	10.10.10.7	65.54.221.118	->	e	412	80	9	889
04:07:26	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	56	80	9	956
04:07:26	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	44	80	10	1509
04:07:27	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	20	80	9	950
04:07:29	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	108	80	9	1273
04:12:42	2010-08-23	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
14:10:33	2010-08-23	6	10.10.10.7	207.46.18.94	->	e	159	80	9	889
14:10:34	2010-08-23	6	10.10.10.7	207.46.18.94	->	e	451	80	9	889
14:10:35	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	42	80	9	956
14:10:37	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	56	80	9	950
14:10:38	2010-08-23	6	10.10.10.7	91.188.60.5	->	e	44	80	9	1273
14:15:52	2010-08-23	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175
08:34:39	2010-08-27	6	10.10.10.7	65.54.221.118	->	e	169	80	9	889
08:34:40	2010-08-27	6	10.10.10.7	65.54.221.118	->	e	122	80	9	889
08:34:41	2010-08-27	6	10.10.10.7	91.188.60.5	->	e	30	80	9	956
08:34:42	2010-08-27	6	10.10.10.7	91.188.60.5	->	e	31	80	10	1509
08:34:43	2010-08-27	6	10.10.10.7	91.188.60.5	->	e	32	80	9	950
08:34:44	2010-08-27	6	10.10.10.7	91.188.60.5	->	e	62	80	9	1273
08:40:45	2010-08-27	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
06:19:46	2010-08-28	6	10.10.10.7	65.54.221.118	->	e	42	80	9	889
06:19:47	2010-08-28	6	10.10.10.7	65.54.221.118	->	e	412	80	9	889
06:19:48	2010-08-28	6	10.10.10.7	91.188.60.5	->	e	56	80	9	956
06:19:49	2010-08-28	6	10.10.10.7	91.188.60.5	->	e	20	80	9	950
06:19:50	2010-08-28	6	10.10.10.7	91.188.60.5	->	e	108	80	9	1273
06:25:26	2010-08-28	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
00:40:04	2010-09-03	6	10.10.10.7	65.54.221.118	->	e	31	80	9	889
00:40:05	2010-09-03	6	10.10.10.7	91.188.60.5	->	e	32	80	9	956
00:40:07	2010-09-03	6	10.10.10.7	91.188.60.5	->	e	64	80	9	956
00:40:07	2010-09-03	6	10.10.10.7	91.188.60.5	->	e	63	80	10	1509
00:40:08	2010-09-03	6	10.10.10.7	91.188.60.5	->	e	65	80	9	950
00:40:09	2010-09-03	6	10.10.10.7	91.188.60.5	->	e	66	80	9	1273
00:48:04	2010-09-03	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
00:48:10	2010-09-03	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175
06:48:56	2010-09-06	6	10.10.10.7	65.54.221.118	->	e	43	80	9	889
06:48:57	2010-09-06	6	10.10.10.7	65.54.221.118	->	e	56	80	9	889
06:48:58	2010-09-06	6	10.10.10.7	91.188.60.5	->	e	20	80	9	956
06:48:59	2010-09-06	6	10.10.10.7	91.188.60.5	->	e	316	80	9	950
06:49:00	2010-09-06	6	10.10.10.7	91.188.60.5	->	e	311	80	9	1273
06:54:40	2010-09-06	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
19:43:54	2010-09-06	6	10.10.10.7	65.54.221.118	->	e	41	80	9	889
19:43:55	2010-09-06	6	10.10.10.7	91.188.60.5	->	e	499	80	9	956
19:43:56	2010-09-06	6	10.10.10.7	91.188.60.5	->	e	20	80	9	950
19:43:58	2010-09-06	6	10.10.10.7	91.188.60.5	->	e	311	80	9	1273
19:50:03	2010-09-06	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
12:37:22	2010-09-07	6	10.10.10.7	207.46.18.94	->	e	43	80	9	889
12:37:24	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	56	80	9	956
12:37:25	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	20	80	9	956
12:37:26	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	316	80	9	950
12:37:27	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	311	80	9	1273
23:49:09	2010-09-07	6	10.10.10.7	207.46.18.94	->	e	495	80	9	889
23:49:10	2010-09-07	6	10.10.10.7	207.46.18.94	->	e	449	80	9	889
23:49:11	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	245	80	9	956
23:49:13	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	496	80	9	950
23:49:14	2010-09-07	6	10.10.10.7	91.188.60.5	->	e	497	80	9	1273
12:43:06	2010-09-07	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175
23:55:18	2010-09-07	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
22:16:55	2010-09-08	6	10.10.10.7	207.46.18.94	->	e	159	80	9	889
22:16:56	2010-09-08	6	10.10.10.7	207.46.18.94	->	e	451	80	9	889
22:16:57	2010-09-08	6	10.10.10.7	91.188.60.5	->	e	412	80	9	956
22:16:58	2010-09-08	6	10.10.10.7	91.188.60.5	->	e	56	80	9	950
22:16:59	2010-09-08	6	10.10.10.7	91.188.60.5	->	e	44	80	9	1273
22:24:57	2010-09-08	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
22:25:03	2010-09-08	17	10.10.10.7	239.255.255.250	->	e	8	1900	1	175
11:50:17	2010-09-09	6	10.10.10.7	207.46.18.94	->	e	316	80	9	889
11:50:18	2010-09-09	6	10.10.10.7	91.188.60.5	->	e	311	80	9	956
11:50:19	2010-09-09	6	10.10.10.7	91.188.60.5	->	e	6	80	9	956
11:50:20	2010-09-09	6	10.10.10.7	91.188.60.5	->	e	90	80	9	950
11:50:21	2010-09-09	6	10.10.10.7	91.188.60.5	->	e	91	80	9	1273
11:56:05	2010-09-09	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
05:19:32	2010-09-10	6	10.10.10.7	65.54.221.118	->	e	159	80	9	889
05:19:33	2010-09-10	6	10.10.10.7	91.188.60.5	->	e	451	80	9	956
05:19:34	2010-09-10	6	10.10.10.7	91.188.60.5	->	e	412	80	9	956
05:19:34	2010-09-10	6	10.10.10.7	91.188.60.5	->	e	43	80	10	1509
05:19:36	2010-09-10	6	10.10.10.7	91.188.60.5	->	e	56	80	9	950
05:19:37	2010-09-10	6	10.10.10.7	91.188.60.5	->	e	44	80	9	1273
05:25:17	2010-09-10	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350
03:54:18	2010-09-11	6	10.10.10.7	207.46.18.94	->	e	282	80	9	889
03:54:19	2010-09-11	6	10.10.10.7	91.188.60.5	->	e	283	80	9	956
03:54:21	2010-09-11	6	10.10.10.7	91.188.60.5	->	e	223	80	9	956
03:54:21	2010-09-11	6	10.10.10.7	91.188.60.5	->	e	224	80	10	1509
03:54:22	2010-09-11	6	10.10.10.7	91.188.60.5	->	e	284	80	9	950
03:54:23	2010-09-11	6	10.10.10.7	91.188.60.5	->	e	225	80	9	1273
04:00:24	2010-09-11	17	10.10.10.7	239.255.255.250	->	e	8	1900	2	350

Packer Results

Packer Name

HoneyTrap Results

Honey Trap Log File Location

PTFB Results

PTFB Log File Location