**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =c9eee9a7643cf47b9b2c0f408de560f7

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________|File_Size|
|c9eee9a7643cf47b9b2c0f408de560f7|dd11b266dbe7913aac40a222483fa6f85804056c|675936eb272562dbbfbcf4f320a532629fee595b438b26423e9c0f9c3be03ff2|1536:hrvqPGscatujEvBz5KZZIsBKpoX6DLKnCMIqB6cqeaB/:wescaKW0ZhKpg6DLKCMdg7|79528____|
**** File_Results ****
 _________
|File_Name|
|l.php.exe|
|exe.exe__|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
|N/A_____|Symantec_|
|N/A_____|McAfee___|
|N/A_____|Kaspersky|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ______________________________________________
|Path________________|File_Name________________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/WINDOWS/system32_|hosts____________________|
|c:__________________|netstat_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:__________________|netstat_post.txt_________|
|c:__________________|tasksvc_post.txt_________|
|c:__________________|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/WINDOWS/Prefetch_|SANDNET.EXE-2012C478.pf__|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|CYGRUNSRV.EXE-01BF82AE.pf|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/DELL/VIDEO/OUTPUT|netstat_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|netstat_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_base.txt_________|
|c:/DELL/VIDEO/OUTPUT|tasksvc_post.txt_________|
|c:/DELL/VIDEO/OUTPUT|taskv_base.txt___________|
|c:/DELL/VIDEO/OUTPUT|taskv_post.txt___________|
|c:/WINDOWS/Prefetch_|7Z.EXE-1A62CD19.pf_______|
|c:/WINDOWS/Prefetch_|NET.EXE-01A53C2F.pf______|
|c:/WINDOWS/Prefetch_|NET1.EXE-029B9DB4.pf_____|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________
|Action__|Path__________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING1.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|edb.chk_________________|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs|edb.chk_________________|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______________|hosts___________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Program_Files/OpenSSH/var/run______________|sshd.pid________________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
|modified|c:/Documents_and_Settings/dmc73144____________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________|NETSTAT.EXE-2B2B4428.pf_|
|modified|c:/WINDOWS/Prefetch___________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________|SLEEP.EXE-094A3D2A.pf___|
|modified|c:/WINDOWS/Prefetch___________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________|TASKLIST.EXE-10D94B23.pf|
|modified|c:/WINDOWS/Prefetch___________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wbemess.log_____________|
|modified|c:/WINDOWS/system32/wbem/Logs_________________|wmiprov.log_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|INDEX.MAP_______________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING.VER_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|MAPPING2.MAP____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS________|OBJECTS.MAP_____________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 _____________________________
|Action|Path|Val_Name|Val_Data|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 __________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data___________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|48_6D_12_6A_28_67_1A_5E_64_50_07_B5_7C_65_D0_01_03_17_98_EC_CB_38_D2_03_59_37_36|F9_D0_CE_27_D7_8C_89_44_47_75_14_C8_3A_A9_17_25_1A_CE_9D_30_FE_68_BB_9F_5A_36_5|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|AD_B2_BB_25_76_EF_D4_23_66_CB_2A_3B_11_AE_20_59_EF_C8_EC_E3_D1_EB_CC_FB_65_47_DE|5A_F0_37_A1_8D_F6_26_D2_8F_DC_0D_84_E2_B5_E6_20_DE_D7_48_03_A9_01_43_B0_AA_A6_9|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|5D_BA_53_BC_78_FD_7F_C4_E0_DC_DA_50_8C_B2_A2_22_45_F7_64_2C_0D_C3_1B_8A_18_5E_06|48_13_0E_A6_D0_4F_B4_BB_ED_54_D4_68_92_63_8F_60_93_75_40_D6_CB_80_50_71_E4_B5_7|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|29_DA_8F_86_D8_5E_54_E8_FC_B3_EA_52_9C_5F_58_BC_8B_39_40_06_7C_34_1A_3C_8D_9D_B1|94_BC_95_37_9D_6F_7A_10_F0_4B_40_21_D0_48_4D_22_A3_2B_70_C2_DC_AF_74_D9_5E_AA_F|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|6D_18_6F_AD_0D_56_14_1F_E0_01_5C_8F_58_62_8E_24_01_9F_AC_FA_A5_12_14_82_DC_49_7A|E7_97_4A_46_4D_31_BB_49_4F_5B_D8_E4_30_D8_1D_C8_C1_AB_0F_07_2B_85_F0_30_DC_FE_4|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|4A_48_7D_AB_9D_3E_F2_48_C6_8A_BB_C3_EB_17_15_3C_C6_AE_79_2F_F5_78_44_A5_1A_5C_AD|CF_9A_83_52_ED_7C_37_EB_B8_AC_C2_1B_D6_AD_67_31_ED_8E_F2_69_B0_60_48_04_EF_11_2|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|F0_91_46_E9_5A_0F_9C_4F_A4_32_F0_D1_FF_8F_DB_48_CC_40_2C_08_71_61_13_99_27_14_70|C3_EB_B3_85_F2_87_A1_11_AA_9B_54_8C_B1_93_10_31_06_59_FA_0E_11_CD_FF_97_EF_53_5|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|13_10_B5_E4_EB_A7_D4_27_98_E6_49_1B_4D_D2_F0_CE_DF_5A_C0_02_5D_16_AB_DC_6F_87_5F|D7_EE_B3_C7_37_91_A7_E8_BC_C9_12_B0_80_F6_FF_39_95_AF_F7_A8_93_3D_69_74_ED_34_A|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|04_2C_D9_00_0A_36_C0_DD_D1_92_AA_5E_DB_8A_0A_5F_83_7F_0F_21_64_B9_C3_DB_57_AA_7C|BF_FB_4F_C3_27_54_80_94_7E_9F_9B_8B_DD_C4_96_C1_65_71_5B_44_4F_3F_03_32_DE_72_8|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|66_50_E8_AE_03_A8_33_20_B7_D1_64_F4_D1_42_C7_1D_DB_CB_86_A0_CE_F4_42_D0_24_2D_9D|5F_FC_31_B3_98_DF_09_65_36_E8_63_DD_B8_23_09_B3_3E_99_59_DE_63_2A_5B_29_25_3E_0|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|EC_93_6E_13_BF_F8_F5_EB_88_7D_05_19_E8_A2_E5_A7_EF_7F_72_48_4E_4C_D0_DC_3B_7A_8B|0F_9F_4D_D8_59_33_1C_31_22_C7_60_F2_6F_9F_6E_36_94_D6_17_36_CD_55_B4_9E_6B_1C_8|
|modified|HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent___________________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A_____________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|9F_B2_BF_F1_52_BB_13_61_8D_66_58_83_7C_2D_71_74_1B_37_C2_7E_94_E8_69_2D_9B_2E_15|3B_21_FC_8D_7D_BE_58_28_39_9E_CB_FF_F3_9E_0F_9D_F9_E9_12_93_D3_C4_03_E0_C8_90_F|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|BE_C7_51_C3_CC_DC_2E_44_07_ED_29_E8_E8_B1_AB_86_9A_11_E8_C6_65_A6_8B_57_C2_67_3D|75_6F_3A_56_6C_70_D4_2D_AE_3B_80_AB_ED_91_9B_87_4F_8B_A1_2A_A6_F4_47_1A_21_D1_7|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|B7_0B_EB_40_4D_15_6C_91_67_1D_76_E6_36_84_AD_F4_4C_9B_7E_B5_DE_05_49_EA_CB_00_F5|6C_0B_7A_9F_E9_6F_85_BD_DB_BB_DD_B5_A6_AB_2A_4D_C8_96_97_59_2C_EA_C3_30_79_61_4|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000001_____________________________________________________________________|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________
|DstIP__________|HTTP_HOST___________|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
|239.255.255.250|239.255.255.250:1900|*_______________|--blank--______|0x11____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|17______|2_______|0_______|350______|0________|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|1900_|17______|2_______|0_______|350______|0________|
**** ARGUS_DATA_Results ****
 ________________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP__________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|09:38:15|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|13:40:49|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|22:07:59|2010-08-09|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|08:31:46|2010-08-10|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|11:20:03|2010-08-10|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|01:16:15|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|01:16:21|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|06:58:00|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|18:50:31|2010-08-11|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|06:44:00|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|13:39:46|2010-08-12|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|04:05:12|2010-08-13|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|1___|175__|
|00:49:26|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|12:32:03|2010-08-19|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|06:14:22|2010-08-20|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
|16:24:08|2010-08-21|17______|10.10.10.7|239.255.255.250|->_|e____|8____|1900_|2___|350__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|