**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =bc8fd236a76fc5659b0d79f1b39d67f2

**** Malware_Report_-_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH_______________________________________________________________|File_Size|
|bc8fd236a76fc5659b0d79f1b39d67f2|1ac7ee28b7021849fdf7f52a1e0e1c6765cd8542|30eea7f81445c456644c51c434bd6250a04e7d1be392f3c89ceabe007d4e0f17|1536:dhjzGSSvVQQOLyENQqPtydoY/9EyhWU6JlZZPe0llC1mu:2SSaOortydX/RhYzZPeUCr|79528____|
**** File_Results ****
 _________
|File_Name|
|l.php.exe|
|exe.exe__|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 ______________________________
|AV_Alert____________|AV_Vendor|
|N/A_________________|Symantec_|
|Artemis!BC8FD236A76F|McAfee___|
|N/A_________________|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ______________________________________________
|Path________________|File_Name________________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________
|Action__|Path__________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/Program_Files/OpenSSH/var/run______|sshd.pid________________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG__________|
|modified|c:/Program_Files/OpenSSH/var/run______|sshd.pid________________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|CB_D0_F5_D2_E4_E3_A9_DC_2A_FA_92_59_3D_FB_D1_C6_F8_C7_BF_A9_C8_E1_31_29_83_83_26|2E_29_D3_18_83_3F_98_62_32_44_CE_35_44_B2_BF_14_38_59_C5_BA_1A_0B_38_C4_F3_9F_5|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|BC_B9_16_00_85_A1_F8_38_E0_EA_04_3D_49_AC_0A_28_D8_91_4E_11_42_A0_E5_F7_34_9D_18|62_68_48_BD_3C_EF_54_A3_88_6D_79_DA_57_A9_C9_88_FB_07_3C_95_28_86_FC_7E_EE_E6_4|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|C8_BC_10_23_3F_84_4D_DB_95_30_86_D8_0E_0A_FD_F9_53_A7_B3_34_3C_25_68_44_8A_37_33|50_27_3A_EE_CD_2B_69_09_83_B9_4E_3C_4B_F1_7D_53_1A_E2_A7_81_5C_30_7B_E0_9A_25_3|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|72_36_58_76_66_E9_04_5C_57_B7_DE_BA_6D_B3_A1_2F_A9_BB_81_1B_9F_5E_29_BF_A1_67_B6|48_BD_E6_54_50_58_2D_D6_18_8B_04_45_9C_8C_DD_54_8F_11_85_68_71_64_B0_76_AB_14_2|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|0F_29_EB_A1_C9_79_E9_FD_22_7A_07_22_45_0A_AF_40_36_40_6E_E3_F3_42_82_2B_AE_8A_4F|F4_16_7C_91_FD_B8_EE_4B_29_CB_33_6A_6C_A6_B1_B8_85_2A_A8_1E_66_E0_E6_50_A1_33_F|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|4E_E3_BB_51_54_0E_7D_48_91_25_D2_D5_B5_6E_A3_41_17_65_A8_30_B1_2B_5B_86_DB_DB_FA|B5_88_80_80_76_6F_3F_A3_DC_8C_ED_E1_52_9F_43_61_B6_B7_D9_F7_8E_EF_20_52_E6_FD_7|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|FC_91_62_CF_0F_F2_94_6D_6B_37_68_B0_A9_C8_7E_F1_72_7B_1A_43_78_A0_42_E0_08_99_ED|DE_00_D9_4C_C2_58_6D_8C_78_FF_DD_9A_63_78_7D_15_B3_A0_E8_82_08_66_A2_70_A0_F7_4|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|EB_08_8C_62_F3_ED_25_2F_46_C5_0D_1A_7B_E4_61_80_5A_BD_F4_09_AC_A5_D6_C9_07_52_EE|EE_FC_F4_BD_4B_42_D7_59_5D_E4_52_D6_AF_19_00_54_8B_D9_1A_20_8E_67_75_07_78_A5_1|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|B1_12_A6_62_42_FC_26_AA_51_A0_76_33_8B_D0_DC_F2_3A_63_26_6E_1D_50_5E_A9_B1_31_34|48_0C_0C_25_FE_A8_86_E4_BB_9D_59_DB_E7_F4_DC_98_94_BF_8A_3B_C7_83_29_2A_60_AF_C|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|13_F3_F8_E6_3A_49_27_CF_5B_0C_F3_1B_FF_1F_CD_47_C8_96_76_2C_C0_28_12_9B_73_49_DD|28_B5_FA_8F_DA_9A_CB_BD_CE_DB_D2_30_E6_BC_7C_4F_0E_EE_D0_F5_70_E6_9F_AB_02_34_2|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|3B_A7_F8_AD_3E_68_F2_7E_91_D2_1D_C4_0F_AD_92_87_B4_03_61_C1_D9_A4_10_A4_C9_AC_15|9C_20_0D_17_EB_87_87_98_1A_43_37_68_9F_0B_E9_F3_78_82_1F_17_F5_85_F7_67_16_5D_7|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|87_2B_CC_6F_CF_A6_92_92_27_F2_DB_11_D7_B6_B3_5A_79_A9_2F_01_1D_7B_2B_D0_21_4F_52|9B_45_EB_77_A1_FE_CF_04_BD_E1_DC_02_5D_81_3B_2B_07_38_A5_CF_35_5D_27_D6_99_CD_D|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|CD_78_6F_93_08_1E_E3_30_01_27_DA_00_82_49_45_46_81_BE_58_9A_D7_FD_C8_B5_A6_2A_6E|DE_63_0D_FF_82_BD_95_B1_C2_03_F3_5D_42_40_A4_7B_93_7F_78_40_D3_98_0D_DB_F9_C6_6|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|C6_CF_C0_76_41_9A_64_10_5E_4F_90_6F_24_4F_69_6F_77_41_AD_8F_A0_E8_37_3B_93_63_48|6F_62_8F_3F_7D_DA_42_44_59_9E_7A_03_A6_B9_5B_EB_0C_7E_D6_6B_61_C5_D4_B0_E7_F9_6|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|38_05_15_DD_DA_82_70_90_72_2A_66_B8_D0_67_59_48_AC_F6_8E_28_7C_FD_64_BD_A2_33_62|97_5C_C5_52_71_DF_9B_91_F1_EB_03_AB_28_CA_97_D8_30_88_BA_6F_8F_04_8D_66_6E_BD_E|
|modified|HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent___________________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|13:50:07|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|22:17:14|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|22:17:20|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|08:41:07|2010-08-10|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|11:29:20|2010-08-10|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|01:25:31|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:07:14|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|07:07:20|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|19:00:51|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|06:56:29|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|06:56:35|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|13:51:45|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|13:51:51|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|00:58:30|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|00:58:36|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|12:41:36|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|12:16:36|2010-08-20|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|02:13:09|2010-08-21|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|