Alexandre Kruger Postado Setembro 29, 2014 Denunciar Share Postado Setembro 29, 2014 Alguém poderia explicar o que esse programa faz? + /- / | ____ __ __/ /_ (_)____ -\ + /s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\ oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs -:+hhdhyys/- -\syyhdhh+:- -//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\- /++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\ -+++///////odh/- -+hdo\\\\\\\+++- +++++++++//yy+/: :\+yy\\+++++++++ /+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\ +oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+ +oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+ [#############################################################################] Analysis Report for Info - Pc.exe MD5: 33c69fd3c14bd38d2f82cbb1b4bac65a [#############################################################################] [=============================================================================] Table of Contents [=============================================================================] - General information - Info - Pc..exe a) Registry Activities b) File Activities c) Process Activities d) Other Activities - DW20.EXE a) Registry Activities b) File Activities c) Process Activities [#############################################################################] 1. General Information [#############################################################################] [=============================================================================] Information about Anubis' invocation [=============================================================================] Time needed: 260 s Report created: 09/29/14, 17:33:59 UTC Termination reason: Timeout Program version: 1.76.3886 [#############################################################################] 2. Info - Pc..exe [#############################################################################] [=============================================================================] General information about this executable [=============================================================================] Analysis Reason: Primary Analysis Subject Filename: Info - Pc..exe MD5: 33c69fd3c14bd38d2f82cbb1b4bac65a SHA-1: bcadac496172804781d252c8104a2037a0f8102d File Size: 442368 Bytes Process-status at analysis end: alive Exit Code: 0 [=============================================================================] Load-time Dlls [=============================================================================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\mscoree.dll ], Base Address: [0x79000000 ], Size: [0x0004A000 ] Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ], Base Address: [0x603B0000 ], Size: [0x00066000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll ], Base Address: [0x79140000 ], Size: [0x0066F000 ] Module Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ], Base Address: [0x79060000 ], Size: [0x000BE000 ] Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll ], Base Address: [0x79880000 ], Size: [0x00DC3000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\culture.dll ], Base Address: [0x60340000 ], Size: [0x0000D000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll ], Base Address: [0x60930000 ], Size: [0x00010000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll ], Base Address: [0x79810000 ], Size: [0x00060000 ] Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ], Base Address: [0x7A820000 ], Size: [0x00898000 ] Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll ], Base Address: [0x7B1D0000 ], Size: [0x00196000 ] Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll ], Base Address: [0x7B370000 ], Size: [0x00C6B000 ] Module Name: [ C:\WINDOWS\system32\uxtheme.dll ], Base Address: [0x5AD70000 ], Size: [0x00038000 ] Module Name: [ C:\WINDOWS\system32\comctl32.dll ], Base Address: [0x5D090000 ], Size: [0x0009A000 ] Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ], Base Address: [0x773D0000 ], Size: [0x00103000 ] Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ], Base Address: [0x4EC50000 ], Size: [0x001A6000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\Apphelp.dll ], Base Address: [0x77B40000 ], Size: [0x00022000 ] [=============================================================================] 2.a) Info - Pc..exe - Registry Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], Value Name: [ AllOrNone ], Value: [ 1 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], Value Name: [ DoReport ], Value: [ 1 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], Value Name: [ ShowUI ], Value: [ 1 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug ], Value Name: [ Auto ], Value: [ 1 ], 2 times Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug ], Value Name: [ Debugger ], Value: [ drwtsn32 -p %ld -e %ld -g ], 6 times Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Arial Baltic,186 ], Value: [ Arial,186 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Arial CE,238 ], Value: [ Arial,238 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Arial CYR,204 ], Value: [ Arial,204 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Arial Greek,161 ], Value: [ Arial,161 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Arial TUR,162 ], Value: [ Arial,162 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Courier New Baltic,186 ], Value: [ Courier New,186 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Courier New CE,238 ], Value: [ Courier New,238 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Courier New CYR,204 ], Value: [ Courier New,204 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Courier New Greek,161 ], Value: [ Courier New,161 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Courier New TUR,162 ], Value: [ Courier New,162 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Helv ], Value: [ MS Sans Serif ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Helvetica ], Value: [ Arial ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ MS Shell Dlg ], Value: [ Microsoft Sans Serif ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ MS Shell Dlg 2 ], Value: [ Tahoma ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Times ], Value: [ Times New Roman ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Times New Roman Baltic,186 ], Value: [ Times New Roman,186 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Times New Roman CE,238 ], Value: [ Times New Roman,238 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Times New Roman CYR,204 ], Value: [ Times New Roman,204 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Times New Roman Greek,161 ], Value: [ Times New Roman,161 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Times New Roman TUR,162 ], Value: [ Times New Roman,162 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ], Value Name: [ Tms Rmn ], Value: [ MS Serif ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\WPA\MediaCenter ], Value Name: [ Installed ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\.NETFramework ], Value Name: [ InstallRoot ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\ ], 9 times Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\\v4.0 ], Value Name: [ 30319 ], Value: [ 30319-30319 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ Accessibility,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0xb0b518f748cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0x923ed9fd48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Configuration,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x189984f948cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Deployment,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x5607dbfb48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Drawing,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x820dabfe48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Runtime.Serialization.Formatters.Soap,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0xccc2561749cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Security,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x2029aaff48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Windows.Forms,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xc2b2590149cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ System.Xml,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xa019a50249cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], Value Name: [ mscorlib,4.0.0.0,,b77a5c561934e089,x86 ], Value: [ 0x7af6f1f448cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32 ], Value Name: [ LatestIndex ], Value: [ 128 ], 4 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ DisplayName ], Value: [ mscorlib,4.0.0.0,,b77a5c561934e089 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ LastModTime ], Value: [ 0x7af6f1f448cecb01 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ Modules ], Value: [ normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ SIG ], Value: [ 0xd74ebd98377318409551ee0825ada7bad7d8789378521e6bea0d6e989d21 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ Status ], Value: [ 8198 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ], Value Name: [ DisplayName ], Value: [ System.Windows.Forms,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ], Value Name: [ LastModTime ], Value: [ 0xc2b2590149cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ], Value Name: [ SIG ], Value: [ 0x79b04eec0f762c4bad3017bac4150f5920332fc7d1d63954cd26fedf1009 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ DisplayName ], Value: [ System.Xml,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ LastModTime ], Value: [ 0xa019a50249cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ SIG ], Value: [ 0xc5001c24e7b69a47b45f038d12d280c5a05ed9d07250af4dfda78fa43f6f ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ], Value Name: [ DisplayName ], Value: [ Accessibility,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ], Value Name: [ LastModTime ], Value: [ 0xb0b518f748cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ], Value Name: [ SIG ], Value: [ 0x57ceb6d0aebee44a86da4080b3cee6719172a9d7469f0bdaa99f1daf6c55 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ], Value Name: [ DisplayName ], Value: [ System.Deployment,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ], Value Name: [ LastModTime ], Value: [ 0x5607dbfb48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ], Value Name: [ SIG ], Value: [ 0x30a1e4cabbcfa643b2c1db433397519b93fcf9ca788e7b63b5de5a6140e4 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ DisplayName ], Value: [ System,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ LastModTime ], Value: [ 0x923ed9fd48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ SIG ], Value: [ 0x317b4fe04715534ba83d8704c85662619cb5d7d82f52e76c37ce1d20af69 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ], Value Name: [ DisplayName ], Value: [ System.Runtime.Serialization.Formatters.Soap,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ], Value Name: [ LastModTime ], Value: [ 0xccc2561749cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ], Value Name: [ SIG ], Value: [ 0x111e988ed985ba478d919c3054b95e4e26a34e9fec62bc33acb451c286f9 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ DisplayName ], Value: [ System.Configuration,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ LastModTime ], Value: [ 0x189984f948cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ SIG ], Value: [ 0x15fa5d2766c57d40893a33ef21db2cef56a8a5d4c0ca417d1533e9b0d7b0 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ], Value Name: [ DisplayName ], Value: [ System.Security,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ], Value Name: [ LastModTime ], Value: [ 0x2029aaff48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ], Value Name: [ SIG ], Value: [ 0x1d175efd3ba191438dec6514f010658c6257289cff6e1d0690f3714305a6 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ], Value Name: [ DisplayName ], Value: [ System.Drawing,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ], Value Name: [ LastModTime ], Value: [ 0x820dabfe48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ], Value Name: [ SIG ], Value: [ 0x08151e88e059db47a143982f9ad099a80b66942d7261045bb91131a930c6 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ ConfigMask ], Value: [ 4361 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ ConfigString ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ DisplayName ], Value: [ mscorlib,4.0.0.0,,b77a5c561934e089 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ ILDependencies ], Value: [ 0x42ca9914f8653465010000000400000000000000 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ MVID ], Value: [ 0x4ff1f12a08d455f195ba996fe77497c6 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ Status ], Value: [ 0 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ ConfigString ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ DisplayName ], Value: [ System,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ ILDependencies ], Value: [ 0x56bc945def0c153b060000000400000000000000d574f4343f6f24650700 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ MVID ], Value: [ 0x161c6f80ad93b0505054d244f1c6243c ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ NIDependencies ], Value: [ 0xc638191842ca9914010000000400000000000000c638191842ca99140100 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ Status ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ ConfigString ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ DisplayName ], Value: [ System.Drawing,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ ILDependencies ], Value: [ 0x3fbc10099eb86d30180000000400000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ MVID ], Value: [ 0x2fe09cc54a8390b20e380239db34228f ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ NIDependencies ], Value: [ 0xc638191842ca99140100000004000000000000004f7cbc30cde5995a0800 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ], Value Name: [ Status ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ ConfigString ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ DisplayName ], Value: [ System.Windows.Forms,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ ILDependencies ], Value: [ 0xce931f49bf7de93f17000000040000000000000056bc945def0c153b0600 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ MVID ], Value: [ 0xf3cdd09fc0acc85c7febbd2e2ef9c4e5 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ NIDependencies ], Value: [ 0xc638191842ca9914010000000400000000000000a006ca3c3fbc10091800 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ], Value Name: [ Status ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\index80 ], Value Name: [ ILUsageMask ], Value: [ 0xffffffffffffffffffffffffffffffff ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\index80 ], Value Name: [ NIUsageMask ], Value: [ 0xffffffffffffffffffffffffffffffff ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ], Value Name: [ Latest ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ], Value Name: [ LegacyPolicyTimeStamp ], Value: [ 0x0000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ], Value Name: [ index1 ], Value: [ 0x00 ], 1 time Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting\DW\Installed ], Value Name: [ DW0200 ], Value: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll ], Value Name: [ CheckAppHelp ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ], Value Name: [ AppInit_DLLs ], Value: [ ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ PolicyScope ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 2 times Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ ItemSize ], Value: [ 779 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ ItemSize ], Value: [ 517 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ ItemSize ], Value: [ 918 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ ItemSize ], Value: [ 229 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ ItemSize ], Value: [ 370 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], Value Name: [ ComputerName ], Value: [ PC ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 1 ], Value: [ 1 ], 2 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000409 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000C07 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ NumShape ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ iCurrDigits ], Value: [ 2 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ iCurrency ], Value: [ 2 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ iDigits ], Value: [ 2 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ iNegCurr ], Value: [ 9 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ iNegNumber ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sCurrency ], Value: [ ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sDecimal ], Value: [ , ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sGrouping ], Value: [ 3;0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sMonDecimalSep ], Value: [ , ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sMonGrouping ], Value: [ 3;0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sMonThousandSep ], Value: [ . ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sNativeDigits ], Value: [ 0123456789 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sNegativeSign ], Value: [ - ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sPositiveSign ], Value: [ ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ], Value Name: [ sThousand ], Value: [ . ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\GDIPlus ], Value Name: [ FontCachePath ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Application Data ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], Value Name: [ Cache ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ], 1 time [=============================================================================] 2.b) Info - Pc..exe - File Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\config\machine.config ] File Name: [ PIPE\lsarpc ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ PIPE\lsarpc ] File Name: [ WMIDataDevice ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File System Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 4 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Device Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times File: [ WMIDataDevice ], Control Code: [ 0x0022414C ], 1 time File: [ WMIDataDevice ], Control Code: [ 0x00228144 ], 2 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ] File Name: [ C:\Info - Pc..exe ] File Name: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] File Name: [ C:\WINDOWS\FONTS\MICROSS.TTF ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\culture.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\locale.nlp ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll ] File Name: [ C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ] File Name: [ C:\WINDOWS\WindowsShell.Manifest ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll ] File Name: [ C:\WINDOWS\system32\Apphelp.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ] File Name: [ C:\WINDOWS\system32\comctl32.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\mscoree.dll ] File Name: [ C:\WINDOWS\system32\rpcss.dll ] File Name: [ C:\WINDOWS\system32\uxtheme.dll ] File Name: [ C:\Windows\AppPatch\sysmain.sdb ] [=============================================================================] 2.c) Info - Pc..exe - Process Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Processes Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [ ] Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [ dw20.exe -x -s 440 ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Remote Threads Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Affected Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Foreign Memory Regions Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Foreign Memory Regions Written: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] [=============================================================================] 2.d) Info - Pc..exe - Other Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Mutexes Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Windows se exceptions: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Description: [ Exception 0xc000001e at 0x79ab0407 ], 1 time Description: [ Exception 0xc000001e at 0x79aa8108 ], 278 times Description: [ Exception 0xc00000fd (STATUS_STACK_OVERFLOW) at 0x79495bc5 ], 1 time [#############################################################################] 3. DW20.EXE [#############################################################################] [=============================================================================] General information about this executable [=============================================================================] Analysis Reason: Started by Info - Pc..exe Filename: DW20.EXE MD5: a981419c39cc02259b8f2da3974000d9 SHA-1: 905d359e2c5e8330d39b746132fa9779f52c0b93 File Size: 637272 Bytes Command Line: dw20.exe -x -s 440 Process-status at analysis end: alive Exit Code: 0 [=============================================================================] Load-time Dlls [=============================================================================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\kernel32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ], Base Address: [0x773D0000 ], Size: [0x00103000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\system32\OLEACC.dll ], Base Address: [0x74C80000 ], Size: [0x0002C000 ] Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ], Base Address: [0x76080000 ], Size: [0x00065000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ], Base Address: [0x77120000 ], Size: [0x0008B000 ] Module Name: [ C:\WINDOWS\system32\SHELL32.dll ], Base Address: [0x7C9C0000 ], Size: [0x00817000 ] Module Name: [ C:\WINDOWS\system32\urlmon.dll ], Base Address: [0x7E1E0000 ], Size: [0x000A2000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\WININET.dll ], Base Address: [0x771B0000 ], Size: [0x000AA000 ] Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ], Base Address: [0x77A80000 ], Size: [0x00095000 ] Module Name: [ C:\WINDOWS\system32\MSASN1.dll ], Base Address: [0x77B20000 ], Size: [0x00012000 ] [=============================================================================] Run-time Dlls [=============================================================================] Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ], Base Address: [0x5B860000 ], Size: [0x00055000 ] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\system32\riched20.dll ], Base Address: [0x74E30000 ], Size: [0x0006D000 ] Module Name: [ C:\WINDOWS\system32\WINSTA.dll ], Base Address: [0x76360000 ], Size: [0x00010000 ] Module Name: [ C:\WINDOWS\system32\imm32.dll ], Base Address: [0x76390000 ], Size: [0x0001D000 ] Module Name: [ C:\WINDOWS\system32\shfolder.dll ], Base Address: [0x76780000 ], Size: [0x00009000 ] Module Name: [ C:\WINDOWS\system32\psapi.dll ], Base Address: [0x76BF0000 ], Size: [0x0000B000 ] Module Name: [ C:\WINDOWS\system32\WTSAPI32.dll ], Base Address: [0x76F50000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll ], Base Address: [0x7A820000 ], Size: [0x00120000 ] [=============================================================================] 3.a) DW20.EXE - Registry Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], Value Name: [ Personal ], New Value: [ C:\Documents and Settings\Administrator\My Documents ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ], Value Name: [ * ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ], Value Name: [ * ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls ], Value Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls ], Value Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ], Value Name: [ AppInit_DLLs ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSAppCompat ], Value: [ 0 ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ], Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 4 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time [=============================================================================] 3.b) DW20.EXE - File Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\70695.dmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\Info - Pc..exe ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Device Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\Info - Pc..exe ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\culture.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscordacwks.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ] File Name: [ C:\WINDOWS\WindowsShell.Manifest ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll ] File Name: [ C:\WINDOWS\system32\ADVAPI32.dll ] File Name: [ C:\WINDOWS\system32\Apphelp.dll ] File Name: [ C:\WINDOWS\system32\GDI32.dll ] File Name: [ C:\WINDOWS\system32\KERNEL32.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\MSVCP60.dll ] File Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ] File Name: [ C:\WINDOWS\system32\OLEACC.dll ] File Name: [ C:\WINDOWS\system32\OLEACCRC.DLL ] File Name: [ C:\WINDOWS\system32\RPCRT4.dll ] File Name: [ C:\WINDOWS\system32\SHELL32.dll ] File Name: [ C:\WINDOWS\system32\SHLWAPI.dll ] File Name: [ C:\WINDOWS\system32\Secur32.dll ] File Name: [ C:\WINDOWS\system32\USER32.dll ] File Name: [ C:\WINDOWS\system32\VERSION.dll ] File Name: [ C:\WINDOWS\system32\WININET.dll ] File Name: [ C:\WINDOWS\system32\WINSTA.dll ] File Name: [ C:\WINDOWS\system32\WTSAPI32.dll ] File Name: [ C:\WINDOWS\system32\comctl32.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\mscoree.dll ] File Name: [ C:\WINDOWS\system32\msvcrt.dll ] File Name: [ C:\WINDOWS\system32\ntdll.dll ] File Name: [ C:\WINDOWS\system32\ole32.dll ] File Name: [ C:\WINDOWS\system32\psapi.dll ] File Name: [ C:\WINDOWS\system32\riched20.dll ] File Name: [ C:\WINDOWS\system32\shfolder.dll ] File Name: [ C:\WINDOWS\system32\urlmon.dll ] File Name: [ C:\WINDOWS\system32\uxtheme.dll ] [=============================================================================] 3.c) DW20.EXE - Process Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Foreign Memory Regions Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Process: [ C:\Info - Pc..exe ] [#############################################################################] International Secure Systems Lab http://www.iseclab.org Vienna University of Technology Eurecom France UC Santa Barbara http://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu Contact: anubis@iseclab.org Citar Link para o comentário Compartilhar em outros sites More sharing options...
0 Jhonas Postado Dezembro 19, 2014 Denunciar Share Postado Dezembro 19, 2014 Aparentemente é um programa que mapeia todas as atividades no PC e registra alterações em posições da memoria fisica fazendo uma analise do PC cria 2 arquivos de saida 1 onde tem o dump de memoria File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\70695.dmp ] 1 onde estão as modificações que foram realizadas File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ] basicamente é um programa de analise dos processos que estão sendo executados no micro abraço Citar Link para o comentário Compartilhar em outros sites More sharing options...
Pergunta
Alexandre Kruger
Link para o comentário
Compartilhar em outros sites
1 resposta a esta questão
Posts Recomendados
Participe da discussão
Você pode postar agora e se registrar depois. Se você já tem uma conta, acesse agora para postar com sua conta.