**** Malware_Report_-_Results ****
This report shows all the different areas TAZER analyzes for the sample: Host, Network Activity, and Detection.

Malware Search Criteria:
MD5 =d8ce0835898503c09648428d3c57ef0e

**** Malware_Report_-_Results ****
 _____________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|File_MD5Sum_____________________|SHA1SUM_________________________________|SHA256SUM_______________________________________________________|FUZZY_HASH______________________________________________________________________|File_Size|
|d8ce0835898503c09648428d3c57ef0e|3f15f673598831c412363e226c65cc6a44971af1|87083073d89f37f7ae7fc5d031617bd691604e9bb2fa69f3788dd9db130cb1d3|12288:Cutrzh9xOXkkKcmcMAzLrEKHYeBgWhaQKlmlO3CXG439HIN3:Cutr5OUk7MGLrB42gWs3kU3ls|471112___|
**** File_Results ****
 __________________
|File_Name_________|
|vk%2Dguests.in.exe|
**** SNORT_Results ****
 ___________________________________________
|Snort_Class|Snort_Alert______________|Count|
|N/A________|No_snort_alerts_generated|0____|
**** AV_Results ****
 __________________
|AV_Alert|AV_Vendor|
**** Folders_(Added)_-_ICC_Results ****
 __________________________________________________________________
|Path__________________________________________________|Folder_Name|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp|winsvchost_|
**** Files_(Added)_-_ICC_Results ****
 _________________________________________________________________________________________
|Path_____________________________________________________________|File_Name______________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp___________|WinSocks.sw____________|
|c:/Documents_and_Settings/dmc73144/Local_Settings/Temp/winsvchost|svchost.exe____________|
|c:/Documents_and_Settings/dmc73144/Start_Menu/Programs/Startup___|Microsoft_Update.exe___|
|c:/WINDOWS/Prefetch______________________________________________|AUTOIT3.EXE-32361418.pf|
|c:/WINDOWS/Prefetch______________________________________________|FILE1.EXE-03B2F7D2.pf__|
|c:/WINDOWS/Prefetch______________________________________________|FILE2.EXE-0FB11BD9.pf__|
|c:/WINDOWS/Prefetch______________________________________________|FILE3.EXE-2A1A7267.pf__|
|c:/WINDOWS/Prefetch______________________________________________|REGSHOT.EXE-010A5EE6.pf|
|c:/WINDOWS/Prefetch______________________________________________|SANDNET.EXE-2012C478.pf|
|c:/WINDOWS/Prefetch______________________________________________|START.EXE-31104AA4.pf__|
|c:/WINDOWS/Prefetch______________________________________________|SVCHOST.EXE-004EF50F.pf|
|c:/WINDOWS/Prefetch______________________________________________|SVCHOST.EXE-3530F672.pf|
|c:/WINDOWS/Prefetch______________________________________________|TRANSCL.EXE-1B822206.pf|
|c:/WINDOWS/system32/drivers/etc__________________________________|File1.exe______________|
|c:/WINDOWS/system32/drivers/etc__________________________________|File2.exe______________|
|c:/WINDOWS/system32/drivers/etc__________________________________|file3.exe______________|
|c:/WINDOWS/system32/drivers/etc__________________________________|h?sts__________________|
|c:/WINDOWS/system32/drivers/etc__________________________________|start.exe______________|
|c:/WINDOWS/system32______________________________________________|TranscL.exe____________|
**** Files_(Deleted)_-_ICC_Results ****
 _____________________
|Action|Path|File_Name|
**** Files_(Changed)_-_ICC_Results ****
 ______________________________________________________________________
|Action__|Path__________________________________|File_Name_____________|
|modified|c:/Documents_and_Settings/dmc73144____|ntuser.dat.LOG________|
|modified|c:/WINDOWS/Prefetch___________________|HSTART.EXE-221D72BF.pf|
|modified|c:/WINDOWS/system32/config____________|default.LOG___________|
|modified|c:/WINDOWS/system32/config____________|software.LOG__________|
|modified|c:/WINDOWS/system32/config____________|SYSTEM________________|
|modified|c:/WINDOWS/system32/config____________|system.LOG____________|
|modified|c:/WINDOWS/system32/drivers/etc_______|hosts_________________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wbemess.log___________|
|modified|c:/WINDOWS/system32/wbem/Logs_________|wmiprov.log___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|INDEX.MAP_____________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING.VER___________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|MAPPING1.MAP__________|
|modified|c:/WINDOWS/system32/wbem/Repository/FS|OBJECTS.MAP___________|
**** Registry_Keys_(Added)_-_ICC_Results ****
 ___________________________________________________________________________________________________________________________
|Action|Path________________________________________________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer____________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD_______________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000/Control__________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts_________|
|added_|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts/List____|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad/Security______________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad/Enum__________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD___________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000/Control______________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts_____|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts/List|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad/Security__________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad/Enum______________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Visual_Basic________________________________________________________________________|
|added_|HKU/.DEFAULT/Software/Microsoft/Visual_Basic/6.0____________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Visual_Basic____________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Visual_Basic/6.0________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/WinRAR_SFX________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Visual_Basic________________________________________________________________________|
|added_|HKU/S-1-5-18/Software/Microsoft/Visual_Basic/6.0____________________________________________________________________|
**** Registry_Values_(Added)_-_ICC_Results ****
 ____________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action|Path________________________________________________________________________________________________________________|Val_Name_______________________________________________________|Val_Data________________________________________________________________________|
|added_|HKLM/SOFTWARE/Microsoft/Windows/CurrentVersion/policies/Explorer/run________________________________________________|Update_service_________________________________________________|"C:/DOCUME~1/dmc73144/LOCALS~1/Temp/winsvchost/svchost.exe"_____________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000/Control__________________________________________|*NewlyCreated*_________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000/Control__________________________________________|ActiveService__________________________________________________|"TranscendQuickLoad"____________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|Service________________________________________________________|"TranscendQuickLoad"____________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|Legacy_________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|ConfigFlags____________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|Class__________________________________________________________|"LegacyDriver"__________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|ClassGUID______________________________________________________|"{8ECC055D-047F-11D1-A537-0000F8753ED1}"________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000__________________________________________________|DeviceDesc_____________________________________________________|"Transcend_Quick_Load_Service"__________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Enum/Root/LEGACY_TRANSCENDQUICKLOAD_______________________________________________________|NextInstance___________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts/List____|8364___________________________________________________________|TCP_____________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts/List____|8008___________________________________________________________|TCP_____________________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad/Enum__________________________________________________________|0______________________________________________________________|"RootLEGACY_TRANSCENDQUICKLOAD0000"_____________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad/Enum__________________________________________________________|Count__________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad/Enum__________________________________________________________|NextInstance___________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad/Security______________________________________________________|Security_______________________________________________________|01_00_14_80_90_00_00_00_9C_00_00_00_14_00_00_00_30_00_00_00_02_00_1C_00_01_00_00|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|Type___________________________________________________________|0x00000010______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|Start__________________________________________________________|0x00000002______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|ErrorControl___________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|ImagePath______________________________________________________|"C:/WINDOWS/system32/TranscL.exe"_______________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|DisplayName____________________________________________________|"Transcend_Quick_Load_Service"__________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|ObjectName_____________________________________________________|"LocalSystem"___________________________________________________________________|
|added_|HKLM/SYSTEM/ControlSet001/Services/TranscendQuickLoad_______________________________________________________________|Description____________________________________________________|"Transcend_Quick_Load"__________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000/Control______________________________________|*NewlyCreated*_________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000/Control______________________________________|ActiveService__________________________________________________|"TranscendQuickLoad"____________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|Service________________________________________________________|"TranscendQuickLoad"____________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|Legacy_________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|ConfigFlags____________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|Class__________________________________________________________|"LegacyDriver"__________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|ClassGUID______________________________________________________|"{8ECC055D-047F-11D1-A537-0000F8753ED1}"________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD/0000______________________________________________|DeviceDesc_____________________________________________________|"Transcend_Quick_Load_Service"__________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Enum/Root/LEGACY_TRANSCENDQUICKLOAD___________________________________________________|NextInstance___________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts/List|8364___________________________________________________________|TCP_____________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Parameters/FirewallPolicy/StandardProfile/GloballyOpenPorts/List|8008___________________________________________________________|TCP_____________________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad/Enum______________________________________________________|0______________________________________________________________|"RootLEGACY_TRANSCENDQUICKLOAD0000"_____________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad/Enum______________________________________________________|Count__________________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad/Enum______________________________________________________|NextInstance___________________________________________________|0x00000001______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad/Security__________________________________________________|Security_______________________________________________________|01_00_14_80_90_00_00_00_9C_00_00_00_14_00_00_00_30_00_00_00_02_00_1C_00_01_00_00|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|Type___________________________________________________________|0x00000010______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|Start__________________________________________________________|0x00000002______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|ErrorControl___________________________________________________|0x00000000______________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|ImagePath______________________________________________________|"C:/WINDOWS/system32/TranscL.exe"_______________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|DisplayName____________________________________________________|"Transcend_Quick_Load_Service"__________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|ObjectName_____________________________________________________|"LocalSystem"___________________________________________________________________|
|added_|HKLM/SYSTEM/CurrentControlSet/Services/TranscendQuickLoad___________________________________________________________|Description____________________________________________________|"Transcend_Quick_Load"__________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________________|C://WINDOWS//system32//drivers//etc//Start.exe_________________|"Start"_________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________________|C://WINDOWS//system32//drivers//etc//file1.exe_________________|"file1"_________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________________|C://WINDOWS//system32//drivers//etc//file2.exe_________________|"file2"_________________________________________________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________________|C://WINDOWS//system32//drivers//etc//file3.exe_________________|"Crosby_Mauritania_TampaAudreyOttawaSunnyvale"__________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/Microsoft/Windows/ShellNoRoam/MUICache____________________|C://DOCUME~1//dmc73144//LOCALS~1//Temp//winsvchost//svchost.exe|"Crosby_Mauritania_TampaAudreyOttawaSunnyvale"__________________________________|
|added_|HKU/S-1-5-21-1844237615-562591055-839522115-1004/Software/WinRAR_SFX________________________________________________|C%%WINDOWS%system32%drivers%etc________________________________|"C:/WINDOWS/system32/drivers/etc"_______________________________________________|
**** Registry_Values_(Deleted)_-_ICC_Results ****
 ________________________________________________________________
|Action|Path|Val_Name|Val_Type|Mod_Val_Type|Val_Data|Mod_Val_Data|
**** Registry_Values_(Changed)_-_ICC_Results ****
 ___________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________________
|Action__|Path_______________________________________________________________|Val_Name____|Val_Data________________________________________________________________________|Mod_Val_Data____________________________________________________________________|
|modified|HKLM/SOFTWARE/Microsoft/Cryptography/RNG___________________________|Seed________|24_0B_96_D7_B0_E6_EF_8C_0F_5E_61_B7_6C_AF_B4_DD_E8_C7_0C_84_4C_5B_4E_8F_54_02_06|59_7C_9E_B8_3C_71_B4_8B_6C_08_03_4F_67_B2_B8_7A_F0_88_7C_66_F4_12_AA_42_A7_1B_8D|
|modified|HKLM/SYSTEM/ControlSet001/Control/ServiceCurrent___________________|____________|0x00000009______________________________________________________________________|0x0000000A______________________________________________________________________|
|modified|HKLM/SYSTEM/ControlSet001/Services/SharedAccess/Epoch______________|Epoch_______|0x00000107______________________________________________________________________|0x00000108______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Control/ServiceCurrent_______________|____________|0x00000009______________________________________________________________________|0x0000000A______________________________________________________________________|
|modified|HKLM/SYSTEM/CurrentControlSet/Services/SharedAccess/Epoch__________|Epoch_______|0x00000107______________________________________________________________________|0x00000108______________________________________________________________________|
|modified|HKU/S-1-5-21-1844237615-562591055-839522115-1004/SessionInformation|ProgramCount|0x00000002______________________________________________________________________|0x00000003______________________________________________________________________|
**** DNS_Results ****
 ________________________________________________________
|DNS_____________|DNS_Response___________________________|
|www.bytecode.biz|Standard_query_response,_Server_failure|
|vegaszoid.net___|Standard_query_response,_Server_failure|
**** URL_Results ****
 _________________________________________________________
|DstIP|HTTP_HOST|HTTP_REQUEST_URI|HTTP_USER_AGENT|PROTOCOL|
**** ARGUS_PROTOCOL_Results ****
 ______________________________________________
|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
**** ARGUS_DPORT_Results ****
 ____________________________________________________
|DPORT|PROTOCOL|SRC_PKTS|DST_PKTS|SRC_BYTES|DST_BYTES|
**** ARGUS_DATA_Results ****
 _______________________________________________________________
|Time|Date|Protocol|SrcIP|DstIP|Dir|Flags|Sport|Dport|Pkts|Bytes|
**** Packer_Results ****
 ___________
|Packer_Name|
**** HoneyTrap_Results ****
 ____________________________
|Honey_Trap_Log_File_Location|
**** PTFB_Results ****
 ______________________
|PTFB_Log_File_Location|