**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =eb8af1e7720c7bfe31761371c75b4dd7

**** Malware_Report_-_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH_______________________________________________|File_Size|
|eb8af1e7720c7bfe31761371c75b4dd7|4d95d0262741802faf2291cbc5a4ac11d723c14e|74a5ed007fd679de4463961b5be2329d55487f7dde3948a94ed82d7c303ef68b|12288:LZcw07Ox3ZpuXxohyGN3Zd01VDdJTdbe+m:LZcNqx2hk7JyDc+m|479232___|
**** File_Results ****
 _______________
|File_Name______|
|favicon.ico.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 __________________________________________________________________
|Path__________________________________________________|Folder_Name|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|WZSE0.TMP__|
**** Files_(Added)_-_ICC_Results ****
 _____________________________________________________________________________________
|Path_________________________________________________________|File_Name______________|
|c:/Documents_and_Settings/dmc73144/Application_Data/Microsoft|dwm.exe________________|
|c:/WINDOWS/Prefetch__________________________________________|AUTOIT3.EXE-32361418.pf|
|c:/WINDOWS/Prefetch__________________________________________|DWM.EXE-13134A32.pf____|
|c:/WINDOWS/Prefetch__________________________________________|DWM.EXE-2B3A7981.pf____|
|c:/WINDOWS/Prefetch__________________________________________|REGSHOT.EXE-010A5EE6.pf|
|c:/WINDOWS/Prefetch__________________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/SoftwareDistribution/DataStore/Logs_______________|tmp.edb________________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ________________________________________________________________________________________________________________________
|Action__|Path__________________________________________________________________________________|File_Name_______________|
|modified|c:/Documents_and_Settings/dmc73144/Cookies____________________________________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/History/History.IE5_________________|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144/Local_Settings/Temporary_Internet_Files/Content.IE5|index.dat_______________|
|modified|c:/Documents_and_Settings/dmc73144____________________________________________________|ntuser.dat.LOG__________|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|CMD.EXE-087B4001.pf_____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|HSTART.EXE-221D72BF.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SH.EXE-00254D2B.pf______|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SSHD.EXE-298CA236.pf____|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|SWITCH.EXE-0496EC21.pf__|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|WMIPRVSE.EXE-28F301A9.pf|
|modified|c:/WINDOWS/Prefetch___________________________________________________________________|WUAUCLT.EXE-399A8E72.pf_|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore_____________________________________________|DataStore.edb___________|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs________________________________________|edb.chk_________________|
|modified|c:/WINDOWS/SoftwareDistribution/DataStore/Logs________________________________________|edb.log_________________|
|modified|c:/WINDOWS/system32/config____________________________________________________________|system.LOG______________|
|modified|c:/WINDOWS/system32/drivers/etc_______________________________________________________|hosts___________________|
|modified|c:/WINDOWS____________________________________________________________________________|WindowsUpdate.log_______|
**** Registry_Keys_(Added)_-_ICC_Results ****
 _________________________________________________________________________________________
|Action|Path______________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/WindowsUpdate/Reporting/RebootWatch|
**** Registry_Values_(Added)_-_ICC_Results ****
 ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action|Path_____________________________________________________________________________________________________|Val_Name__________________________________________________________________|Val_Data_______________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Parameters/Interfaces/{2379147B-6370-49A1-81EC-749CAFE9626A}____|NameServer________________________________________________________________|"8.8.8.8,8.8.8.4"______________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Parameters/Interfaces/{42A772D2-FB5D-4B58-999A-7AD4C8696A02}____|NameServer________________________________________________________________|"8.8.8.8,8.8.8.4"______________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Interfaces/{2379147B-6370-49A1-81EC-749CAFE9626A}|NameServer________________________________________________________________|"8.8.8.8,8.8.8.4"______________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Interfaces/{42A772D2-FB5D-4B58-999A-7AD4C8696A02}|NameServer________________________________________________________________|"8.8.8.8,8.8.8.4"______________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Run___________|dwm.exe___________________________________________________________________|"C:/Documents_and_Settings/dmc73144/Application_Data/Microsoft/dwm.exe"|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache_________|C://windows//system32//sandnet.exe________________________________________|"sandnet"______________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache_________|C://Documents_and_Settings//dmc73144//Application_Data//Microsoft//dwm.exe|"dwm"__________________________________________________________________|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 _______________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________________________________________________________________________________________|Val_Name___________|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG________________________________________________________________________________|Seed_______________|C8_40_C9_DC_FE_CC_13_CE_8A_C6_6F_7D_26_D3_D7_87_18_C8_86_6E_C3_33_9F_DB_8A_53_CA|6C_5B_7D_04_7C_8F_25_AE_00_5F_89_6A_BC_98_C9_2B_95_0B_65_16_D4_36_77_9B_90_05_D1|
|modified|HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT___________________________________________________________|EventMessageFile___|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Eventlog/Application/ESENT___________________________________________________________|CategoryMessageFile|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/Tcpip/Parameters/Interfaces/{9B7E3E9B-6887-4894-8EE4-B4EFDC3EBE75}___________________|NameServer_________|"10.10.10.2"____________________________________________________________________|"8.8.8.8,8.8.8.4"_______________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT_______________________________________________________|EventMessageFile___|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Eventlog/Application/ESENT_______________________________________________________|CategoryMessageFile|"c______________________________________________________________________________|"C:WINDOWSsystem32ESENT.dll"____________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/Tcpip/Parameters/Interfaces/{9B7E3E9B-6887-4894-8EE4-B4EFDC3EBE75}_______________|NameServer_________|"10.10.10.2"____________________________________________________________________|"8.8.8.8,8.8.8.4"_______________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Internet_Explorer/Main______________________________|Start_Page_________|"about__________________________________________________________________________|"http://www.google.com.tr"______________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/CurrentVersion/Internet_Settings/Connections|SavedLegacySettings|3C_00_00_00_15_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|3C_00_00_00_17_00_00_00_01_00_00_00_00_00_00_00_00_00_00_00_00_00_00_00_04_00_00|
**** DNS_Results ****
 ______________________________________________________
|DNS____________|DNS_Response__________________________|
|onikinokta.info|Standard_query_response_A_85.17.81.166|
**** URL_Results ****
 _________________________________________________________
|DstIP|HTTP_HOST|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|44______|40______|2870_____|2408_____|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|443__|6_______|44______|40______|2870_____|2408_____|
**** ARGUS_DATA_Results ****
 _____________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP_______|Dir|Flags|Sport|Dport|Pkts|Bytes|
|01:42:33|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|525__|443__|13__|856__|
|01:42:38|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|525__|443__|10__|600__|
|01:42:43|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|525__|443__|6___|360__|
|01:42:44|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|401__|443__|13__|823__|
|01:42:47|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|535__|443__|13__|856__|
|01:42:52|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|535__|443__|11__|660__|
|01:42:57|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|535__|443__|5___|300__|
|01:42:58|2011-10-06|6_______|10.10.10.7|85.17.81.166|->_|e____|562__|443__|13__|823__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|