Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

not a valid Windows image&Analysis Report


  • Please log in to reply
1 reply to this topic

#1 bleebingjunior

bleebingjunior

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 03 July 2014 - 05:38 PM

not a valid Windows image am i infected ? here the Analysis Report

https://anubis.iseclab.org/?action=result&task_id=111695e8cf9b4f1c435d0ffbd58e897d7

 

Task Overview

Save Report: html.png xml.png pdf.png txt.png

Task ID: 111695e8cf9b4f1c435d0ffbd58e897d7 File Name: igd10umd64.dll MD5: a589d406382fa6a2a40bd06f56cf583f Analysis Submitted: 2014-07-03 22:22:37 Analysis Started: 2014-07-03 22:22:46 Analysis Ended: 2014-07-03 22:26:14 Created New Analysis Report: Yes Available Report Formats:   html.png HTML  xml.png XML  pdf.png PDF  txt.png Text

                           ___                __    _                          
         +  /-            /   |  ____  __  __/ /_  (_)____       -\  +         
        /s  h-           / /| | / __ \/ / / / __ \/ / ___/       -h  s\        
        oh-:d/          / ___ |/ / / / /_/ / /_/ / (__  )        /d:-ho        
        shh+hy-        /_/  |_/_/ /_/\__,_/_.___/_/____/        -yh+hhs        
      -:+hhdhyys/-                                           -\syyhdhh+:-      
    -//////dhhhhhddhhyss-       Analysis Report       -ssyhhddhhhhhd\\\\\\-    
   /++/////oydddddhhyys/     ooooooooooooooooooooo     \syyhhdddddyo\\\\\++\   
 -+++///////odh/-                                             -+hdo\\\\\\\+++- 
 +++++++++//yy+/:                                             :\+yy\\+++++++++ 
/+soss+sys//yyo/os++o+:                                 :+o++so\oyy\\sys+ssos+\
+oyyyys++o/+yss/+/oyyyy:                               :yyyyo\+\ssy+\o++syyyyo+
+oyyyyyyso+os/o/+yyyyyy/                               \yyyyyy+\o\so+osyyyyyyo+


[#############################################################################]
    Analysis Report for igd10umd64.dll
                   MD5: 9a8657a61daeafd7053017103ab53cd6
[#############################################################################]


[=============================================================================]
    Table of Contents
[=============================================================================]

- General information
- dll_analysis.exe
  a) Registry Activities
  b) File Activities
  c) Process Activities
  d) Other Activities
    - dwwin.exe
      a) Registry Activities
      b) File Activities
      c) Process Activities
    - drwtsn32.exe
      a) Registry Activities
      b) File Activities
      c) Process Activities


[#############################################################################]
    1. General Information
[#############################################################################]
[=============================================================================]
    Information about Anubis' invocation
[=============================================================================]
        Time needed:        167 s
        Report created:     07/03/14, 22:25:33 UTC
        Termination reason: All tracked processes have exited
        Program version:    1.76.3886

[=============================================================================]
    Popups
[=============================================================================]
        Process:         csrss.exe
        Window Name:     dll_analysis.exe - Bad Image
        Displayed Times: 1
        Window Text:
OK
The application or DLL C:\Program Files\Common Files\d1.tmp.dll is not a valid Windows image. Please check this against your installation diskette. 

		


[#############################################################################]
    2. dll_analysis.exe
[#############################################################################]
[=============================================================================]
    General information about this executable
[=============================================================================]
        Analysis Reason: Primary Analysis Subject
        Filename:        dll_analysis.exe
        MD5:             9a8657a61daeafd7053017103ab53cd6
        SHA-1:           fc8b94e5f708f992e88fce3d6071361046250250
        File Size:       303104 Bytes
        Command Line:    "C:\\dll_analysis.exe" -d C:\igd10umd64.exe
        Process-status
        at analysis end: dead
        Exit Code:       -1073741819

[=============================================================================]
    Load-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
               Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
               Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
               Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
               Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
               Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
               Base Address: [0x77F60000 ], Size: [0x00076000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
               Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\USER32.dll ],
               Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
               Base Address: [0x77C10000 ], Size: [0x00058000 ]

[=============================================================================]
    Run-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
               Base Address: [0x5B860000 ], Size: [0x00055000 ]
        Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
               Base Address: [0x5D090000 ], Size: [0x0009A000 ]
        Module Name: [ C:\WINDOWS\system32\faultrep.dll ],
               Base Address: [0x69450000 ], Size: [0x00016000 ]
        Module Name: [ C:\WINDOWS\system32\WINSTA.dll ],
               Base Address: [0x76360000 ], Size: [0x00010000 ]
        Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
               Base Address: [0x769C0000 ], Size: [0x000B4000 ]
        Module Name: [ C:\WINDOWS\system32\WTSAPI32.dll ],
               Base Address: [0x76F50000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
               Base Address: [0x773D0000 ], Size: [0x00103000 ]
        Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
               Base Address: [0x77920000 ], Size: [0x000F3000 ]
        Module Name: [ C:\WINDOWS\system32\apphelp.dll ],
               Base Address: [0x77B40000 ], Size: [0x00022000 ]
        Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
               Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\shell32.dll ],
               Base Address: [0x7C9C0000 ], Size: [0x00817000 ]

[=============================================================================]
    Program output
[=============================================================================]
        Stdout:
Renaming input file to .\d1.tmp.dll


        Stderr:
Failed to load Dll - Error 193: 

[=============================================================================]
    2.a) dll_analysis.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SYSTEM\Setup ], 
             Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times
        Key: [ HKLM\SYSTEM\Setup ], 
             Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times
        Key: [ HKLM\SYSTEM\Setup ], 
             Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 2 times
        Key: [ HKLM\SYSTEM\WPA\MediaCenter ], 
             Value Name: [ Installed ], Value: [ 0 ], 2 times
        Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting ], 
             Value Name: [ AllOrNone ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting ], 
             Value Name: [ DoReport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting ], 
             Value Name: [ IncludeKernelFaults ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting ], 
             Value Name: [ IncludeMicrosoftApps ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting ], 
             Value Name: [ IncludeWindowsApps ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting ], 
             Value Name: [ ShowUI ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug ], 
             Value Name: [ Auto ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug ], 
             Value Name: [ Debugger ], Value: [ drwtsn32 -p %ld -e %ld -g ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ], 
             Value Name: [ AppInit_DLLs ], Value: [  ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], 
             Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], 
             Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], 
             Value Name: [ LogLevel ], Value: [ 0 ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], 
             Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], 
             Value Name: [ ServicePackSourcePath ], Value: [ D:\ ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], 
             Value Name: [ SourcePath ], Value: [ D:\ ], 2 times
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ PolicyScope ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ TransparentEnabled ], Value: [ 1 ], 2 times
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
             Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
             Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
             Value Name: [ ItemSize ], Value: [ 779 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
             Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
             Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
             Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
             Value Name: [ ItemSize ], Value: [ 517 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
             Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
             Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
             Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
             Value Name: [ ItemSize ], Value: [ 918 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
             Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
             Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
             Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
             Value Name: [ ItemSize ], Value: [ 229 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
             Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
             Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
             Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
             Value Name: [ ItemSize ], Value: [ 370 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
             Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], 
             Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], 
             Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], 
             Value Name: [ ComputerName ], Value: [ PC ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ], 
             Value Name: [ ProductType ], Value: [ WinNT ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], 
             Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], 
             Value Name: [ Domain ], Value: [  ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], 
             Value Name: [ Hostname ], Value: [ pc ], 1 time
        Key: [ HKLM\System\Setup ], 
             Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 2 times
        Key: [ HKLM\System\WPA\PnP ], 
             Value Name: [ seed ], Value: [ 1274198464 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Cache ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time


[=============================================================================]
    2.b) dll_analysis.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a26a_appcompat.txt ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\WINDOWS\system32\winsock.dll ]
        File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a26a_appcompat.txt ]
        File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Renamed:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Old File Name: [ C:\igd10umd64.exe ], New File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
        File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\Program Files\Common Files\d1.tmp.dll ]
        File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
        File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
        File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
        File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ]
        File Name: [ C:\WINDOWS\system32\WINSTA.dll ]
        File Name: [ C:\WINDOWS\system32\WTSAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\advapi32.dll ]
        File Name: [ C:\WINDOWS\system32\apphelp.dll ]
        File Name: [ C:\WINDOWS\system32\comctl32.dll ]
        File Name: [ C:\WINDOWS\system32\drwtsn32.exe ]
        File Name: [ C:\WINDOWS\system32\dwwin.exe ]
        File Name: [ C:\WINDOWS\system32\faultrep.dll ]
        File Name: [ C:\WINDOWS\system32\gdi32.dll ]
        File Name: [ C:\WINDOWS\system32\kernel32.dll ]
        File Name: [ C:\WINDOWS\system32\ntdll.dll ]
        File Name: [ C:\WINDOWS\system32\ole32.dll ]
        File Name: [ C:\WINDOWS\system32\oleaut32.dll ]
        File Name: [ C:\WINDOWS\system32\shell32.dll ]
        File Name: [ C:\WINDOWS\system32\user32.dll ]
        File Name: [ C:\WINDOWS\system32\wininet.dll ]
        File Name: [ C:\WINDOWS\system32\winsock.dll ]
        File Name: [ C:\Windows\AppPatch\sysmain.sdb ]

[=============================================================================]
    2.c) dll_analysis.exe - Process Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Processes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Executable: [ C:\WINDOWS\system32\dwwin.exe ], Command Line: [  ]
        Executable: [  ], Command Line: [ C:\WINDOWS\system32\dwwin.exe -x -s 160 ]
        Executable: [ C:\WINDOWS\system32\drwtsn32.exe ], Command Line: [  ]
        Executable: [  ], Command Line: [ C:\WINDOWS\system32\drwtsn32 -p 1192 -e 124 -g ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Remote Threads Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Affected Process: [ C:\WINDOWS\system32\dwwin.exe ]
        Affected Process: [ C:\WINDOWS\system32\drwtsn32.exe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Foreign Memory Regions Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Process: [ C:\WINDOWS\system32\drwtsn32.exe ]
        Process: [ C:\WINDOWS\system32\dwwin.exe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Foreign Memory Regions Written:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Process: [ C:\WINDOWS\system32\drwtsn32.exe ]
        Process: [ C:\WINDOWS\system32\dwwin.exe ]


[=============================================================================]
    2.d) dll_analysis.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Windows SEH exceptions:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x408768 ], 1 time




[#############################################################################]
    3. dwwin.exe
[#############################################################################]
[=============================================================================]
    General information about this executable
[=============================================================================]
        Analysis Reason: Started by dll_analysis.exe
        Filename:        dwwin.exe
        MD5:             86042f6f6a5287eaf9379c91d0bf72b6
        SHA-1:           532bf74e6aead7438aa7264d01759a065410ee68
        File Size:       180224 Bytes
        Command Line:    C:\WINDOWS\system32\dwwin.exe -x -s 160
        Process-status
        at analysis end: dead
        Exit Code:       0

[=============================================================================]
    Load-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
               Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
               Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.DLL ],
               Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
               Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
               Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\COMCTL32.DLL ],
               Base Address: [0x5D090000 ], Size: [0x0009A000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
               Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\USER32.dll ],
               Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\OLEAUT32.DLL ],
               Base Address: [0x77120000 ], Size: [0x0008B000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
               Base Address: [0x77C10000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\system32\ole32.dll ],
               Base Address: [0x774E0000 ], Size: [0x0013D000 ]
        Module Name: [ C:\WINDOWS\system32\SHELL32.DLL ],
               Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
        Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
               Base Address: [0x77F60000 ], Size: [0x00076000 ]
        Module Name: [ C:\WINDOWS\system32\URLMON.DLL ],
               Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
        Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
               Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\WININET.DLL ],
               Base Address: [0x771B0000 ], Size: [0x000AA000 ]
        Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
               Base Address: [0x77A80000 ], Size: [0x00095000 ]
        Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
               Base Address: [0x77B20000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
               Base Address: [0x5CB70000 ], Size: [0x00026000 ]
        Module Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ],
               Base Address: [0x6F880000 ], Size: [0x001CA000 ]
        Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
               Base Address: [0x76B40000 ], Size: [0x0002D000 ]
        Module Name: [ C:\WINDOWS\system32\MSACM32.dll ],
               Base Address: [0x77BE0000 ], Size: [0x00015000 ]
        Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
               Base Address: [0x769C0000 ], Size: [0x000B4000 ]
        Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
               Base Address: [0x5AD70000 ], Size: [0x00038000 ]
        Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
               Base Address: [0x773D0000 ], Size: [0x00103000 ]

[=============================================================================]
    Run-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\1033\dwintl.dll ],
               Base Address: [0x314C0000 ], Size: [0x0000C000 ]
        Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
               Base Address: [0x5B860000 ], Size: [0x00055000 ]
        Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
               Base Address: [0x71AA0000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
               Base Address: [0x71AB0000 ], Size: [0x00017000 ]
        Module Name: [ C:\WINDOWS\system32\sensapi.dll ],
               Base Address: [0x722B0000 ], Size: [0x00005000 ]
        Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
               Base Address: [0x74720000 ], Size: [0x0004C000 ]
        Module Name: [ C:\WINDOWS\system32\riched20.dll ],
               Base Address: [0x74E30000 ], Size: [0x0006D000 ]
        Module Name: [ C:\WINDOWS\system32\imm32.dll ],
               Base Address: [0x76390000 ], Size: [0x0001D000 ]
        Module Name: [ C:\WINDOWS\system32\shfolder.dll ],
               Base Address: [0x76780000 ], Size: [0x00009000 ]
        Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
               Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
        Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
               Base Address: [0x76E80000 ], Size: [0x0000E000 ]
        Module Name: [ C:\WINDOWS\system32\rasman.dll ],
               Base Address: [0x76E90000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
               Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
        Module Name: [ C:\WINDOWS\system32\RASAPI32.DLL ],
               Base Address: [0x76EE0000 ], Size: [0x0003C000 ]

[=============================================================================]
    Popups
[=============================================================================]
        Window Name:     dll_analysis.exe
        Displayed Times: 1
        Window Text:     
&Don't Send
dll_analysis.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.
dll_analysis.exe has encountered a problem and needs to close.  We are sorry for the inconvenience.
If you were in the middle of something, the information you were working on might be lost.
Please tell Microsoft about this problem.
We have created an error report that you can send to us.  We will treat this report as confidential and anonymous.
To see what data this error report contains,
Details
&Send Error Report

			

[=============================================================================]
    3.a) dwwin.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings ], 
             Value Name: [ ProxyEnable ], New Value: [ 0 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Common AppData ], New Value: [ C:\Documents and Settings\All Users\Application Data ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ], 
             Value Name: [ Directory ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ], 
             Value Name: [ Paths ], New Value: [ 4 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 ], 
             Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 ], 
             Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 ], 
             Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 ], 
             Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 ], 
             Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 ], 
             Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 ], 
             Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 ], 
             Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Cookies ], New Value: [ C:\Documents and Settings\Administrator\Cookies ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ History ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\History ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Personal ], New Value: [ C:\Documents and Settings\Administrator\My Documents ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ], 
             Value Name: [ MigrateProxy ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ], 
             Value Name: [ ProxyEnable ], New Value: [ 0 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ], 
             Value Name: [ SavedLegacySettings ], New Value: [ 0x3c0000001600000001000000000000000000000000000000040000000000 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], 
             Value Name: [ CUAS ], Value: [ 0 ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
             Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 2 times
        Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], 
             Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
        Key: [ HKLM\SYSTEM\Setup ], 
             Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
        Key: [ HKLM\SYSTEM\WPA\MediaCenter ], 
             Value Name: [ Installed ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000204000014000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000001100000014000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000550000001e000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000200000032000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000120000006001000016000000610100001c000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x010000001000000006000000120000000700000012000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000420000001c000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003100000014000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003001000016000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000002200000032000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ], 
             Value Name: [ * ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ], 
             Value Name: [ * ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Tracing ], 
             Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Value Name: [ ConsoleTracingMask ], Value: [ 4294901760 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Value Name: [ EnableFileTracing ], Value: [ 0 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Value Name: [ FileDirectory ], Value: [ %windir%\tracing ], 4 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Value Name: [ FileTracingMask ], Value: [ 4294901760 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Value Name: [ MaxFileSize ], Value: [ 1048576 ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion ], 
             Value Name: [ DigitalProductId ], Value: [ 0xa40000000300000037363438372d3634302d313435373233362d32333833 ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\AeDebug ], 
             Value Name: [ Debugger ], Value: [ drwtsn32 -p %ld -e %ld -g ], 4 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ midimapper ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.iac2 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.imaadpcm ], Value: [ imaadp32.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.l3acm ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msadpcm ], Value: [ msadp32.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msaudio1 ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msg711 ], Value: [ msg711.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msg723 ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msgsm610 ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.sl_anet ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.trspch ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.I420 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.M261 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.M263 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.cvid ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv31 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv32 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv41 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv50 ], Value: [  ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iyuv ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.mrle ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.msvc ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.uyvy ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.yuy2 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.yvu9 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.yvyu ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ wavemapper ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ], 
             Value Name: [ AllUsersProfile ], Value: [ All Users ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ], 
             Value Name: [ DefaultUserProfile ], Value: [ Default User ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ], 
             Value Name: [ ProfilesDirectory ], Value: [ %SystemDrive%\Documents and Settings ], 4 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-842925246-1425521274-308236825-500 ], 
             Value Name: [ ProfileImagePath ], Value: [ %SystemDrive%\Documents and Settings\Administrator ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ], 
             Value Name: [ AppInit_DLLs ], Value: [  ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], 
             Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], 
             Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Common AppData ], Value: [ %ALLUSERSPROFILE%\Application Data ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], 
             Value Name: [ ComputerName ], Value: [ PC ], 5 times
        Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ], 
             Value Name: [ wheel ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ], 
             Value Name: [ ProductType ], Value: [ WinNT ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ ComSpec ], Value: [ %SystemRoot%\system32\cmd.exe ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ FP_NO_HOST_CHECK ], Value: [ NO ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ NUMBER_OF_PROCESSORS ], Value: [ 1 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ OS ], Value: [ Windows_NT ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ PATHEXT ], Value: [ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ PROCESSOR_ARCHITECTURE ], Value: [ x86 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ PROCESSOR_IDENTIFIER ], Value: [ x86 Family 6 Model 3 Stepping 3, GenuineIntel ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ PROCESSOR_LEVEL ], Value: [ 6 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ PROCESSOR_REVISION ], Value: [ 0303 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ Path ], Value: [ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ TEMP ], Value: [ %SystemRoot%\TEMP ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ TMP ], Value: [ %SystemRoot%\TEMP ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ], 
             Value Name: [ windir ], Value: [ %SystemRoot% ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], 
             Value Name: [ TSAppCompat ], Value: [ 0 ], 3 times
        Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], 
             Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\Setup ], 
             Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ], 
             Value Name: [ TEMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ], 
             Value Name: [ TMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
             Value Name: [ Language Hotkey ], Value: [ 1 ], 6 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
             Value Name: [ Layout Hotkey ], Value: [ 2 ], 6 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
             Value Name: [ EnableHttp1_1 ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
             Value Name: [ EnableNegotiate ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
             Value Name: [ MimeExclusionListForCache ], Value: [ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges  ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
             Value Name: [ WarnOnPost ], Value: [ 0x01000000 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ], 
             Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Multimedia\Audio ], 
             Value Name: [ SystemFormats ], Value: [ CD Quality,Radio Quality,Telephone Quality ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ], 
             Value Name: [ ParseAutoexec ], Value: [ 1 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Cache ], Value: [ %USERPROFILE%\Local Settings\Temporary Internet Files ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Cookies ], Value: [ %USERPROFILE%\Cookies ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ History ], Value: [ %USERPROFILE%\Local Settings\History ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ], 
             Value Name: [ Signature ], Value: [ Client UrlCache MMF Ver 5.2 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ], 
             Value Name: [ CacheLimit ], Value: [ 163410 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ], 
             Value Name: [ CachePrefix ], Value: [  ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ], 
             Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ], 
             Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ], 
             Value Name: [ CachePrefix ], Value: [ Cookie: ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ], 
             Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
             Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
             Value Name: [ CacheOptions ], Value: [ 11 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
             Value Name: [ CachePath ], Value: [ %USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021720110218\ ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
             Value Name: [ CachePrefix ], Value: [ :2011021720110218:  ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
             Value Name: [ CacheRepair ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
             Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
             Value Name: [ CacheOptions ], Value: [ 11 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
             Value Name: [ CachePath ], Value: [ %USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021820110219\ ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
             Value Name: [ CachePrefix ], Value: [ :2011021820110219:  ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
             Value Name: [ CacheRepair ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ], 
             Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ], 
             Value Name: [ CachePrefix ], Value: [ Visited: ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ], 
             Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ], 
             Value Name: [ MigrateProxy ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ], 
             Value Name: [ ProxyEnable ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ], 
             Value Name: [ DefaultConnectionSettings ], Value: [ 0x3c0000000300000001000000000000000000000000000000040000000000 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ], 
             Value Name: [ SavedLegacySettings ], Value: [ 0x3c0000001500000001000000000000000000000000000000040000000000 ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ APPDATA ], Value: [ C:\Documents and Settings\Administrator\Application Data ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ CLIENTNAME ], Value: [ Console ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ HOMEDRIVE ], Value: [ C: ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ HOMEPATH ], Value: [ \Documents and Settings\Administrator ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ HOMESHARE ], Value: [  ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ LOGONSERVER ], Value: [ \\PC ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ], 
             Value Name: [ SESSIONNAME ], Value: [ Console ], 4 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times


[=============================================================================]
    3.b) dwwin.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Deleted:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6CE3F.dmp ]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\a26a_appcompat.txt ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6CE3F.dmp ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\WINDOWS\win.ini ]
        File Name: [ C:\dll_analysis.exe ]
        File Name: [ PIPE\lsarpc ]
        File Name: [ c:\autoexec.bat ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6CE3F.dmp ]
        File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ C:\WINDOWS\system32 ], Control Code: [ 0x00090028 ], 1 time
        File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 16 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\6CE3F.dmp ]
        File Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ]
        File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
        File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
        File Name: [ C:\WINDOWS\system32\1033\dwintl.dll ]
        File Name: [ C:\WINDOWS\system32\ADVAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
        File Name: [ C:\WINDOWS\system32\COMCTL32.DLL ]
        File Name: [ C:\WINDOWS\system32\GDI32.dll ]
        File Name: [ C:\WINDOWS\system32\MSACM32.dll ]
        File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
        File Name: [ C:\WINDOWS\system32\NETAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\PSAPI.DLL ]
        File Name: [ C:\WINDOWS\system32\RASAPI32.DLL ]
        File Name: [ C:\WINDOWS\system32\RPCRT4.dll ]
        File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ]
        File Name: [ C:\WINDOWS\system32\SHELL32.DLL ]
        File Name: [ C:\WINDOWS\system32\SHLWAPI.dll ]
        File Name: [ C:\WINDOWS\system32\Secur32.dll ]
        File Name: [ C:\WINDOWS\system32\ShimEng.dll ]
        File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\URLMON.DLL ]
        File Name: [ C:\WINDOWS\system32\USER32.dll ]
        File Name: [ C:\WINDOWS\system32\USERENV.dll ]
        File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
        File Name: [ C:\WINDOWS\system32\VERSION.dll ]
        File Name: [ C:\WINDOWS\system32\WININET.DLL ]
        File Name: [ C:\WINDOWS\system32\WINMM.dll ]
        File Name: [ C:\WINDOWS\system32\WINSTA.dll ]
        File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
        File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
        File Name: [ C:\WINDOWS\system32\WTSAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\comctl32.dll ]
        File Name: [ C:\WINDOWS\system32\faultrep.dll ]
        File Name: [ C:\WINDOWS\system32\imm32.dll ]
        File Name: [ C:\WINDOWS\system32\kernel32.dll ]
        File Name: [ C:\WINDOWS\system32\msvcrt.dll ]
        File Name: [ C:\WINDOWS\system32\ntdll.dll ]
        File Name: [ C:\WINDOWS\system32\rasman.dll ]
        File Name: [ C:\WINDOWS\system32\riched20.dll ]
        File Name: [ C:\WINDOWS\system32\rtutils.dll ]
        File Name: [ C:\WINDOWS\system32\sensapi.dll ]
        File Name: [ C:\WINDOWS\system32\shfolder.dll ]
        File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
        File Name: [ C:\dll_analysis.exe ]

[=============================================================================]
    3.c) dwwin.exe - Process Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Foreign Memory Regions Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Process: [ C:\dll_analysis.exe ]



[#############################################################################]
    4. drwtsn32.exe
[#############################################################################]
[=============================================================================]
    General information about this executable
[=============================================================================]
        Analysis Reason: Started by dll_analysis.exe
        Filename:        drwtsn32.exe
        MD5:             c9f5e1de6da983e89e714ed80c11f000
        SHA-1:           1717b633478fb107d3c26344f710328b93ae550c
        File Size:       45568 Bytes
        Command Line:    C:\WINDOWS\system32\drwtsn32 -p 1192 -e 124 -g
        Process-status
        at analysis end: dead
        Exit Code:       0

[=============================================================================]
    Load-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
               Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
               Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
               Base Address: [0x77C10000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
               Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
               Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
               Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
               Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\USER32.dll ],
               Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\dbgeng.dll ],
               Base Address: [0x6D590000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\DBGHELP.dll ],
               Base Address: [0x59A60000 ], Size: [0x000A1000 ]
        Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
               Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
               Base Address: [0x5CB70000 ], Size: [0x00026000 ]
        Module Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ],
               Base Address: [0x6F880000 ], Size: [0x001CA000 ]
        Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
               Base Address: [0x76B40000 ], Size: [0x0002D000 ]
        Module Name: [ C:\WINDOWS\system32\ole32.dll ],
               Base Address: [0x774E0000 ], Size: [0x0013D000 ]
        Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
               Base Address: [0x77120000 ], Size: [0x0008B000 ]
        Module Name: [ C:\WINDOWS\system32\MSACM32.dll ],
               Base Address: [0x77BE0000 ], Size: [0x00015000 ]
        Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
               Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
        Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
               Base Address: [0x77F60000 ], Size: [0x00076000 ]
        Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
               Base Address: [0x769C0000 ], Size: [0x000B4000 ]
        Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
               Base Address: [0x5AD70000 ], Size: [0x00038000 ]
        Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
               Base Address: [0x773D0000 ], Size: [0x00103000 ]
        Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
               Base Address: [0x5D090000 ], Size: [0x0009A000 ]

[=============================================================================]
    Run-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntsdexts.dll ],
               Base Address: [0x5F170000 ], Size: [0x0000C000 ]
        Module Name: [ C:\WINDOWS\system32\exts.dll ],
               Base Address: [0x69480000 ], Size: [0x00022000 ]
        Module Name: [ C:\WINDOWS\system32\psapi.dll ],
               Base Address: [0x76BF0000 ], Size: [0x0000B000 ]

[=============================================================================]
    4.a) drwtsn32.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Common AppData ], New Value: [ C:\Documents and Settings\All Users\Application Data ]
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ NumberOfCrashes ], New Value: [ 1 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\HARDWARE\DESCRIPTION\System\CentralProcessor\0 ], 
             Value Name: [ Identifier ], Value: [ x86 Family 6 Model 3 Stepping 3 ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion ], 
             Value Name: [ CurrentBuildNumber ], Value: [ 2600 ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion ], 
             Value Name: [ CurrentType ], Value: [ Uniprocessor Free ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion ], 
             Value Name: [ RegisteredOrganization ], Value: [ TU Wien, Campuslizenz ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion ], 
             Value Name: [ RegisteredOwner ], Value: [ Ihr Benutzername ], 1 time
        Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], 
             Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
        Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Windows ], 
             Value Name: [ CSDVersion ], Value: [ 768 ], 1 time
        Key: [ HKLM\SYSTEM\Setup ], 
             Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
        Key: [ HKLM\SYSTEM\WPA\MediaCenter ], 
             Value Name: [ Installed ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000204000014000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.iac2 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000001100000014000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.imaadpcm ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000550000001e000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000000200000032000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msadpcm ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000120000006001000016000000610100001c000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msaudio1 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x010000001000000006000000120000000700000012000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ cFormatTags ], Value: [ 3 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg711 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x0100000010000000420000001c000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msg723 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003100000014000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.msgsm610 ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000003001000016000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.sl_anet ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ aFormatTagCache ], Value: [ 0x01000000100000002200000032000000 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ cFilterTags ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ cFormatTags ], Value: [ 2 ], 1 time
        Key: [ HKLM\Software\Microsoft\AudioCompressionManager\DriverCache\msacm.trspch ], 
             Value Name: [ fdwSupport ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion ], 
             Value Name: [ CurrentType ], Value: [ Uniprocessor Free ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ midimapper ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.iac2 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.imaadpcm ], Value: [ imaadp32.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.l3acm ], Value: [ C:\WINDOWS\system32\l3codeca.acm ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msadpcm ], Value: [ msadp32.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msaudio1 ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msg711 ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msg723 ], Value: [ msg723.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.msgsm610 ], Value: [  ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.sl_anet ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ msacm.trspch ], Value: [ tssoft32.acm ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.I420 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.M261 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.M263 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.cvid ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv31 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv32 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv41 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iv50 ], Value: [  ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.iyuv ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.mrle ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.msvc ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.uyvy ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.yuy2 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.yvu9 ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ vidc.yvyu ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Drivers32 ], 
             Value Name: [ wavemapper ], Value: [  ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ], 
             Value Name: [ AppInit_DLLs ], Value: [  ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Common AppData ], Value: [ %ALLUSERSPROFILE%\Application Data ], 1 time
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
             Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], 
             Value Name: [ ComputerName ], Value: [ PC ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ], 
             Value Name: [ wheel ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ], 
             Value Name: [ ProductType ], Value: [ WinNT ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], 
             Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ AppendToLogFile ], Value: [ 1 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ CrashDumpType ], Value: [ 1 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ CreateCrashDump ], Value: [ 1 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ DumpAllThreads ], Value: [ 1 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ DumpSymbols ], Value: [ 0 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ Instructions ], Value: [ 10 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ MaximumCrashes ], Value: [ 10 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ NumberOfCrashes ], Value: [ 0 ], 2 times
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ SoundNotification ], Value: [ 0 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ VisualNotification ], Value: [ 0 ], 1 time
        Key: [ HKLM\software\microsoft\DrWatson ], 
             Value Name: [ WaveFile ], Value: [  ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Multimedia\Audio ], 
             Value Name: [ SystemFormats ], Value: [ CD Quality,Radio Quality,Telephone Quality ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
             Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time


[=============================================================================]
    4.b) drwtsn32.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson ]
        File Name: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log ]
        File Name: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log ]
        File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\drwtsn32.log ]
        File Name: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson\user.dmp ]
        File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Directories Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Directory: [ C:\Documents and Settings\All Users\Application Data\Microsoft\Dr Watson ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 3 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\WINDOWS\AppPatch\AcGenral.DLL ]
        File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
        File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
        File Name: [ C:\WINDOWS\system32\ADVAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
        File Name: [ C:\WINDOWS\system32\DBGHELP.dll ]
        File Name: [ C:\WINDOWS\system32\GDI32.dll ]
        File Name: [ C:\WINDOWS\system32\MSACM32.dll ]
        File Name: [ C:\WINDOWS\system32\RPCRT4.dll ]
        File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
        File Name: [ C:\WINDOWS\system32\SHLWAPI.dll ]
        File Name: [ C:\WINDOWS\system32\Secur32.dll ]
        File Name: [ C:\WINDOWS\system32\ShimEng.dll ]
        File Name: [ C:\WINDOWS\system32\USER32.dll ]
        File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
        File Name: [ C:\WINDOWS\system32\VERSION.dll ]
        File Name: [ C:\WINDOWS\system32\WINMM.dll ]
        File Name: [ C:\WINDOWS\system32\comctl32.dll ]
        File Name: [ C:\WINDOWS\system32\dbgeng.dll ]
        File Name: [ C:\WINDOWS\system32\exts.dll ]
        File Name: [ C:\WINDOWS\system32\kernel32.dll ]
        File Name: [ C:\WINDOWS\system32\msvcrt.dll ]
        File Name: [ C:\WINDOWS\system32\ntdll.dll ]
        File Name: [ C:\WINDOWS\system32\ntsdexts.dll ]
        File Name: [ C:\WINDOWS\system32\psapi.dll ]
        File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
        File Name: [ C:\dll_analysis.exe ]

[=============================================================================]
    4.c) drwtsn32.exe - Process Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Processes Killed:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Process: [ C:\dll_analysis.exe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Remote Threads Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Affected Process: [ C:\dll_analysis.exe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Foreign Memory Regions Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Process: [ C:\Program Files\Adobe\Reader 8.0\Reader\reader_sl.exe ]
        Process: [ C:\Program Files\Common Files\bisxjf.exe ]
        Process: [ C:\Program Files\Common Files\firwha.exe ]
        Process: [ C:\Program Files\Messenger\msmsgs.exe ]
        Process: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe ]
        Process: [ C:\WINDOWS\explorer.exe ]
        Process: [ C:\WINDOWS\system32\alg.exe ]
        Process: [ C:\WINDOWS\system32\csrss.exe ]
        Process: [ C:\WINDOWS\system32\ctfmon.exe ]
        Process: [ C:\WINDOWS\system32\drwtsn32.exe ]
        Process: [ C:\WINDOWS\system32\lsass.exe ]
        Process: [ C:\WINDOWS\system32\services.exe ]
        Process: [ C:\WINDOWS\system32\smss.exe ]
        Process: [ C:\WINDOWS\system32\spoolsv.exe ]
        Process: [ C:\WINDOWS\system32\svchost.exe ]
        Process: [ C:\WINDOWS\system32\winlogon.exe ]
        Process: [ C:\WINDOWS\system32\wscntfy.exe ]
        Process: [ C:\WINDOWS\system32\wuauclt.exe ]
        Process: [ C:\dll_analysis.exe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Foreign Memory Regions Written:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Process: [ C:\dll_analysis.exe ]




[#############################################################################]
                       International Secure Systems Lab                        
                            http://www.iseclab.org                             

Vienna University of Technology     Eurecom France            UC Santa Barbara
http://www.tuwien.ac.at          http://www.eurecom.fr  http://www.cs.ucsb.edu

                          Contact: anubis@iseclab.org     
                     
The file being studied is a Portable Executable file! More specifically, it is a Win32 DLL file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyright © 1998-2006 Intel Corporation.
Publisher MsProdMediaPeSigningSha1
Product Intel Graphics Accelerator Drivers for Windows 7®
Original name igd10umd64.dll
Internal name igd10umd64.dll
File version 8.15.10.2900
Description LDDM User Mode Driver for Intel® Graphics Technology
Signature verification A certificate chain could not be built to a trusted root authority.
PE header basic information
Target machine x64
Compilation timestamp 2012-11-27 00:15:42
Link date 12:15 AM 11/27/2012
Entry Point 0x003CAFFC
Number of sections 6
PE sections
Name Virtual address Virtual size Raw size Entropy MD5
.text 4096 4390167 4390400 6.32 8b19084fb1c4d5aeaac6422419193d89
.rdata 4395008 820217 820224 4.46 6bc0b64d2e72d18a2d174498f37d4689
.data 5218304 321728 270336 3.55 549ecfc2352d129ab2c133c62923bdae
.pdata 5541888 133416 133632 6.38 6e7ed742cacc39b4a42b7fd8d4bae639
.rsrc 5677056 1056 1536 2.56 637eb81554f4b7da23c8b00a3e54ea72
.reloc 5681152 64858 65024 4.98 832f2bcebe19f265121ab114ce9e4a63
PE imports PE exports
OpenAdapter10
OpenAdapter10_2
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
ExifTool file metadata
SubsystemVersion
5.2
InitializedDataSize
1342464
ImageVersion
0.0
ProductName
Intel Graphics Accelerator Drivers for Windows 7®
FileVersionNumber
8.15.10.2900
UninitializedDataSize
0
LanguageCode
English (U.S.)
FileFlagsMask
0x003f
CharacterSet
Unicode
LinkerVersion
10.0
OriginalFilename
igd10umd64.dll
MIMEType
application/octet-stream
Subsystem
Windows GUI
FileVersion
8.15.10.2900
TimeStamp
2012:11:27 00:15:42+00:00
FileType
Win64 DLL
PEType
PE32+
InternalName
igd10umd64.dll
FileAccessDate
2014:05:05 12:09:46+00:00
ProductVersion
8.15.10.2900
FileDescription
LDDM User Mode Driver for Intel® Graphics Technology
OSVersion
5.2
FileCreateDate
2014:05:05 12:09:46+00:00
FileOS
Windows NT 32-bit
LegalCopyright
Copyright © 1998-2006 Intel Corporation.
MachineType
AMD AMD64
CompanyName
Intel Corporation
CodeSize
4390400
FileSubtype
8
ProductVersionNumber
8.15.10.2900
EntryPoint
0x3caffc
ObjectFileType
Dynamic link library
MD5 a589d406382fa6a2a40bd06f56cf583f
SHA1 9e38f8373f1e762533aafa60d6df72a792486c9f
SHA256 1c58d903e051e464f5bbc4b9cbdfa5ad1696db2afe954e124dc1e96c85d93501
ssdeep
49152:sRWeouircTSkaWUNLIUG0umAQRTlv8Xj9S3p+DL5KGjK4dBJ4B4p8e96:cS3+0oSQDFDbUu8o6
imphash df95c2c22977024bf6597eca1c8c0d1a
Bestandsgrootte 5.5 MB ( 5721376 bytes )
Bestandstype Win32 DLL
Magic literal
PE32+ executable for MS Windows (DLL) (GUI) Mono/.Net assembly
TrID Generic Win/DOS Executable (49.9%)
DOS Executable Generic (49.8%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.1%)
Tags
assembly signed pedll
VirusTotal metadata
First submission 2013-10-01 04:05:03 UTC (9 maanden geleden)
Last submission 2014-04-03 00:31:39 UTC (3 maanden geleden)
Bestandsnamen igd10umd64.dll
igd10umd64.dll
igd10umd64.dll

 

SHA256: 1c58d903e051e464f5bbc4b9cbdfa5ad1696db2afe954e124dc1e96c85d93501 Bestandsnaam: igd10umd64.dll

https://www.virustotal.com/nl/file/1c58d903e051e464f5bbc4b9cbdfa5ad1696db2afe954e124dc1e96c85d93501/analysis/


Edited by bleebingjunior, 03 July 2014 - 05:41 PM.


BC AdBot (Login to Remove)

 


m

#2 bleebingjunior

bleebingjunior
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:04 PM

Posted 05 July 2014 - 01:27 AM

IT TURNS OUT THIS FILE WAS INFECTED AND FINNALY REMOVED IT MYSELF






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users