**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =b97310dc39d839e23e2c48eb0bcd1884

**** Malware_Report_-_Results ****
 _________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH__________________________________________________________|File_Size|
|b97310dc39d839e23e2c48eb0bcd1884|bd11fe0e594737d1254daf88206d6248dd5bb024|5e6706e05b1f173b5afbe05cb71cbf4dbe99301e3d265cdddb3169aed5bd9803|96:Uimvu/azoe0UAQQeeggHY7Wvi9qmIBwarcaPU15VthcX:AXoev2gg47ihPZrcX13C|5632_____|
**** File_Results ****
 _________
|File_Name|
|l.php.exe|
|exe.exe__|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ______________________________________________
|Path________________|File_Name________________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________
|Action__|Path__________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Program_Files/OpenSSH/var/run______|sshd.pid________________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/Program_Files/OpenSSH/var/run______|sshd.pid________________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|BA_C9_65_3C_09_FD_75_86_14_FE_B0_B1_A4_B0_9A_4F_1D_15_E4_23_31_29_73_FA_06_84_83|F5_4A_E2_AC_3B_15_BD_F7_CB_05_CC_21_9D_C6_D9_34_36_0A_DA_38_1E_B8_0E_FB_25_A0_2|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|48_77_22_82_9B_A3_01_D3_41_2A_09_8E_0F_B7_27_4C_55_E4_89_F1_3A_06_55_85_6A_92_25|4D_60_E2_B2_ED_7D_EB_4A_DB_24_73_43_A8_DB_F4_74_6E_39_97_F7_56_45_E0_1C_7B_D7_C|
|modified|HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent___________________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|4D_95_FC_25_2A_C6_F4_2F_9C_4D_B7_6F_33_6D_DB_89_DF_55_2C_1A_38_8A_00_48_A9_02_05|D2_7A_53_FE_03_47_CB_03_7C_D0_51_4B_05_B4_9F_9D_25_12_B0_D0_B0_C6_5C_7E_F7_9D_5|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|20_4F_54_17_D1_98_38_47_B5_EB_D7_F2_C2_3B_1A_DC_C2_82_D3_03_AB_CD_00_5D_01_4C_86|68_D5_58_08_70_82_53_D1_B7_B0_C9_18_81_F1_D4_11_FC_5C_27_A3_1F_93_41_17_86_FF_D|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|C5_BE_C7_FA_95_E4_67_2F_35_1E_CB_D0_1F_60_13_3E_49_C7_EF_64_AC_73_01_B0_47_CC_BB|28_00_56_18_4F_D0_7C_8E_E2_12_E2_29_4C_51_57_6C_C2_67_3C_29_30_CA_4C_32_B4_60_6|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|0F_AF_02_28_37_32_27_36_3E_2C_A2_09_5D_30_EF_CD_50_38_DB_C9_6C_22_8D_F7_CC_B3_F9|02_11_0B_D2_87_50_80_1A_02_E2_A5_F7_D3_7B_E0_D8_0D_93_C7_17_CD_2B_DC_7A_94_A8_C|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|F7_3D_92_48_C9_FD_EA_EE_35_D8_C8_D1_3D_A2_44_F1_F0_06_3B_76_80_D0_CC_B4_47_48_65|80_69_C1_58_B5_E9_0A_B3_F2_02_A5_3D_48_07_F7_A1_58_C9_6A_54_63_9E_4E_3B_C5_80_B|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|48_A8_BC_FF_D5_B0_8D_0F_B9_16_A7_ED_89_55_40_BB_B5_AC_80_55_33_A5_63_AC_36_6C_5C|0C_41_32_17_EE_29_2A_13_6E_7F_03_54_8B_A7_A3_E9_2F_0F_10_27_27_D6_48_08_DB_C5_9|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|C7_D3_5C_F7_91_7C_1A_8D_EF_BD_6E_BE_3F_9B_3E_DF_28_66_62_17_4A_01_ED_A2_0E_E7_9B|BD_E8_49_F9_D3_AF_EA_44_36_0F_AB_49_8E_7A_AE_CF_02_08_9F_DF_74_E2_3C_5B_73_DB_A|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|9A_DD_23_82_85_7E_B3_8E_00_89_F7_7A_AB_74_E3_95_A6_2F_87_EB_E7_54_56_CC_84_64_9A|15_04_CE_52_82_C8_08_B2_25_16_C4_8A_D3_6A_D5_8F_97_4C_88_79_5A_39_AD_AB_FE_AC_8|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|34_B2_CF_16_58_41_92_70_46_8C_CE_05_85_33_E4_7A_82_A0_D1_6A_67_63_BA_0D_F7_41_47|1A_77_B4_93_45_82_8A_C9_43_4E_BF_74_CE_B6_77_6B_53_87_41_D9_F5_00_53_1D_81_D1_1|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|D2_D9_6C_F0_AD_B6_80_E5_D9_9A_8B_E9_F5_8D_B9_D0_DC_47_0A_86_6B_C4_20_E7_9C_A1_66|EE_56_4B_7E_8A_17_54_A3_C0_FC_22_6B_87_96_8A_A7_D3_BB_15_12_A1_FC_88_24_5F_D8_C|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|3_______|0_______|525______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|3_______|0_______|525______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|10:18:35|2010-08-23|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|10:18:41|2010-08-23|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|06:54:56|2010-08-24|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|00:26:29|2010-08-25|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|00:26:36|2010-08-25|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|14:56:56|2010-08-27|17______|10.10.10.7|239.255.255.250|->_|e____|413__|1900_|2___|350__|
|11:57:24|2010-08-28|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|03:23:25|2010-08-29|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|03:23:31|2010-08-29|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|10:08:41|2010-08-29|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|03:50:11|2010-08-30|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|18:39:38|2010-08-30|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|13:09:01|2010-08-31|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|04:11:35|2010-09-02|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|