**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =a5f1cd60bda106e791d5b18a522db071

**** Malware_Report_-_Results ****
 ______________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH_______________________________________________________|File_Size|
|a5f1cd60bda106e791d5b18a522db071|3db3356c974852b6db484c999849d536847d96da|e0a616ce656c9c98ecb34ac2a92d9056125a7ef482f119052a4daf9110e675b5|12288:W5tjatj8GkJpfGKYDlrokeGsV4PGfFgSQEgHB:CQFkJpfPYJBnsS+fmVEQB|578048___|
**** File_Results ****
 ____________
|File_Name___|
|DSG24089.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 ________________
|Path|Folder_Name|
**** Files_(Added)_-_ICC_Results ****
 ___________________________________________
|Path_______________|File_Name______________|
|c:/WINDOWS/Prefetch|AUTOIT3.EXE-32361418.pf|
|c:/WINDOWS/Prefetch|REGSHOT.EXE-010A5EE6.pf|
|c:/WINDOWS/Prefetch|SANDNET.EXE-2012C478.pf|
|c:_________________|salvandoJPG.jpg________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ______________________________________________________________________
|Action__|Path__________________________________|File_Name_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG________|
|modified|c:/WINDOWS/Prefetch___________________|CMD.EXE-087B4001.pf___|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf|
|modified|c:/WINDOWS/Prefetch___________________|SH.EXE-00254D2B.pf____|
|modified|c:/WINDOWS/Prefetch___________________|SSHD.EXE-298CA236.pf__|
|modified|c:/WINDOWS/Prefetch___________________|SWITCH.EXE-0496EC21.pf|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts_________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING2.MAP__________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP___________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________
|Action|Path|
**** Registry_Values_(Added)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________
|Action|Path____________________________________________________________________________________________|Val_Name__________________________|Val_Data_|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache|C://windows//system32//sandnet.exe|"sandnet"|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path____________________________________|Val_Name|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG|Seed____|51_21_76_F2_0D_1D_5F_11_58_C7_CE_21_8D_D3_33_AE_25_31_ED_3E_1E_17_02_68_D4_9E_FE|73_DA_11_EE_4A_43_2B_EF_9D_73_99_7C_AD_64_B4_58_E6_CF_37_92_02_62_99_5D_AA_43_FC|
**** DNS_Results ****
 ________________
|DNS|DNS_Response|
**** URL_Results ****
 ______________________________________________________________________________________________
|DstIP_________|HTTP_HOST_____|HTTP_REQUEST_URI|HTTP_USER_AGENT_______________________|PROTOCOL|
|212.34.136.212|212.34.136.212|/round/round.php|Mozilla/3.0_(compatible;_Indy_Library)|0x06____|
|212.34.136.212|212.34.136.212|/round/risk.txt_|Mozilla/3.0_(compatible;_Indy_Library)|0x06____|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|6_______|10______|8_______|903______|1030_____|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
|80___|6_______|10______|8_______|903______|1030_____|
**** ARGUS_DATA_Results ****
 _______________________________________________________________________________________
|Time____|Date______|Protocol|SrcIP_____|DstIP_________|Dir|Flags|Sport|Dport|Pkts|Bytes|
|23:39:23|2011-10-02|6_______|10.10.10.7|212.34.136.212|->_|e____|56___|80___|9___|967__|
|23:39:24|2011-10-02|6_______|10.10.10.7|212.34.136.212|->_|e____|44___|80___|9___|966__|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|