Page 1 of 2 12 LastLast
Results 1 to 15 of 26
  1. #1
    House's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    2,990
    Reputation
    223
    Thanks
    8,952
    My Mood
    Cynical

    alterMW3 Client Decompiled + Analysis

    Had some spare time and Decompiled aiwmw3 client in C#... got it errorless with halp of @jariz ... also did some analysis of network and registry that is being edited .. this is could help guys who want to build their little tools or learn some code or smd


    Code:
            Analysis Reason: Primary Analysis Subject
            Filename:        alterMW3.e.exe
            MD5:             1dd78280faf6ba82d0c56d1089623721
            SHA-1:           a18dfe9985263fd1d2cea4e1f618eba237190b24
            File Size:       456704 Bytes
            Process-status
            at analysis end: alive
            Exit Code:       0
    
    [=============================================================================]
        Load-time Dlls
    [=============================================================================]
            Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
                   Base Address: [0x7C900000 ], Size: [0x000AF000 ]
            Module Name: [ C:\WINDOWS\system32\mscoree.dll ],
                   Base Address: [0x79000000 ], Size: [0x0004A000 ]
            Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ],
                   Base Address: [0x7C800000 ], Size: [0x000F6000 ]
            Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
                   Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
            Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
                   Base Address: [0x77E70000 ], Size: [0x00092000 ]
            Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
                   Base Address: [0x77FE0000 ], Size: [0x00011000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ],
                   Base Address: [0x603B0000 ], Size: [0x00066000 ]
            Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
                   Base Address: [0x77F60000 ], Size: [0x00076000 ]
            Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
                   Base Address: [0x77F10000 ], Size: [0x00049000 ]
            Module Name: [ C:\WINDOWS\system32\USER32.dll ],
                   Base Address: [0x7E410000 ], Size: [0x00091000 ]
            Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
                   Base Address: [0x77C10000 ], Size: [0x00058000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ],
                   Base Address: [0x79E70000 ], Size: [0x0058F000 ]
            Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
                   Base Address: [0x78130000 ], Size: [0x0009B000 ]
            Module Name: [ C:\WINDOWS\system32\shell32.dll ],
                   Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
            Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
                   Base Address: [0x773D0000 ], Size: [0x00103000 ]
            Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
                   Base Address: [0x5D090000 ], Size: [0x0009A000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ],
                   Base Address: [0x790C0000 ], Size: [0x00B36000 ]
            Module Name: [ C:\WINDOWS\system32\ole32.dll ],
                   Base Address: [0x774E0000 ], Size: [0x0013D000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ],
                   Base Address: [0x79060000 ], Size: [0x00056000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ],
                   Base Address: [0x60340000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\rsaenh.dll ],
                   Base Address: [0x68000000 ], Size: [0x00036000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ],
                   Base Address: [0x7A440000 ], Size: [0x007EA000 ]
            Module Name: [ C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ],
                   Base Address: [0x6D990000 ], Size: [0x00026000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll ],
                   Base Address: [0x637A0000 ], Size: [0x00588000 ]
            Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
                   Base Address: [0x77C00000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\b4770b4e285d48c83f725266ceb02598\System.Core.ni.dll ],
                   Base Address: [0x6C190000 ], Size: [0x00244000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll ],
                   Base Address: [0x64890000 ], Size: [0x000FC000 ]
            Module Name: [ C:\WINDOWS\system32\rasapi32.dll ],
                   Base Address: [0x76EE0000 ], Size: [0x0003C000 ]
            Module Name: [ C:\WINDOWS\system32\rasman.dll ],
                   Base Address: [0x76E90000 ], Size: [0x00012000 ]
            Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
                   Base Address: [0x5B860000 ], Size: [0x00055000 ]
            Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
                   Base Address: [0x71AB0000 ], Size: [0x00017000 ]
            Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
                   Base Address: [0x71AA0000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
                   Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
            Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
                   Base Address: [0x76E80000 ], Size: [0x0000E000 ]
            Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
                   Base Address: [0x76B40000 ], Size: [0x0002D000 ]
            Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
                   Base Address: [0x71A50000 ], Size: [0x0003F000 ]
            Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
                   Base Address: [0x662B0000 ], Size: [0x00058000 ]
            Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
                   Base Address: [0x71A90000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\msv1_0.dll ],
                   Base Address: [0x77C70000 ], Size: [0x00024000 ]
            Module Name: [ C:\WINDOWS\system32\iphlpapi.dll ],
                   Base Address: [0x76D60000 ], Size: [0x00019000 ]
            Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
                   Base Address: [0x76F20000 ], Size: [0x00027000 ]
            Module Name: [ C:\WINDOWS\System32\winrnr.dll ],
                   Base Address: [0x76FB0000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
                   Base Address: [0x76F60000 ], Size: [0x0002C000 ]
            Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
                   Base Address: [0x76FC0000 ], Size: [0x00006000 ]
            Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
                   Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
            Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
                   Base Address: [0x77050000 ], Size: [0x000C5000 ]
            Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
                   Base Address: [0x77120000 ], Size: [0x0008B000 ]
            Module Name: [ C:\WINDOWS\system32\browseui.dll ],
                   Base Address: [0x75F80000 ], Size: [0x000FD000 ]
            Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
                   Base Address: [0x03360000 ], Size: [0x002C5000 ]
            Module Name: [ C:\WINDOWS\system32\browselc.dll ],
                   Base Address: [0x71600000 ], Size: [0x00012000 ]
            Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
                   Base Address: [0x74720000 ], Size: [0x0004C000 ]
            Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
                   Base Address: [0x5AD70000 ], Size: [0x00038000 ]
    
    [=============================================================================]
        2.a) alterMW3.e.exe - Registry Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Monitored Registry Keys:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\Software\Classes ], 
                 Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
            Key: [ HKLM\Software\Classes\CLSID ], 
                 Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times
            Key: [ HKLM\Software\Microsoft\COM3 ], 
                 Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times
            Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
                 Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times
            Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], 
                 Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], 
                 Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
            Key: [ HKU ], 
                 Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ], 
                 Watch subtree: [ 1 ], Notify Filter: [ Value Change ], 1 time
    
    
    [=============================================================================]
        2.b) alterMW3.e.exe - File Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\Program Files\Common Files\9C40EE6610F10C90725B49422C8BB406F5CACF92.cpart ]
            File Name: [ C:\Program Files\Common Files\DBNetwork.Indigo.SxS.log ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config ]
            File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ]
            File Name: [ C:\WINDOWS\system32\rsaenh.dll ]
            File Name: [ PIPE\ROUTER ]
            File Name: [ PIPE\lsarpc ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\Program Files\Common Files\9C40EE6610F10C90725B49422C8BB406F5CACF92.cpart ]
            File Name: [ C:\Program Files\Common Files\DBNetwork.Indigo.SxS.log ]
            File Name: [ Ip ]
            File Name: [ PIPE\ROUTER ]
            File Name: [ PIPE\lsarpc ]
            File Name: [ \Device\Afd\Endpoint ]
            File Name: [ \Device\Ip ]
            File Name: [ \Device\NetBT_Tcpip_{1AD45B38-4060-4F73-BB1E-A0439A2D97EB} ]
            File Name: [ \Device\RasAcd ]
            File Name: [ \Device\Tcp ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File System Control Communication:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
            File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 7 times
            File: [ PIPE\ROUTER ], Control Code: [ 0x0011C017 ], 3 times
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Device Control Communication:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 13 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 3 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 4 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_EVENT_SELECT (0x00012087) ], 2 times
            File: [ \Device\Tcp ], Control Code: [ 0x00120003 ], 72 times
            File: [ \Device\Ip ], Control Code: [ 0x00120040 ], 10 times
            File: [ \Device\Ip ], Control Code: [ 0x00120090 ], 4 times
            File: [ \Device\NetBT_Tcpip_{1AD45B38-4060-4F73-BB1E-A0439A2D97EB} ], Control Code: [ 0x0021009A ], 4 times
            File: [ \Device\RasAcd ], Control Code: [ 0x00F14014 ], 1 time
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 1 time
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 4 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 95 times
            File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 3 times
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Memory Mapped Files:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ]
            File Name: [ C:\WINDOWS\System32\winrnr.dll ]
            File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
            File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
            File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp ]
            File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp ]
            File Name: [ C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\b4770b4e285d48c83f725266ceb02598\System.Core.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ]
            File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ]
            File Name: [ C:\WINDOWS\system32\COMRes.dll ]
            File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
            File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
            File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
            File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
            File Name: [ C:\WINDOWS\system32\WINMM.dll ]
            File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
            File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
            File Name: [ C:\WINDOWS\system32\browselc.dll ]
            File Name: [ C:\WINDOWS\system32\browseui.dll ]
            File Name: [ C:\WINDOWS\system32\comctl32.dll ]
            File Name: [ C:\WINDOWS\system32\crypt32.dll ]
            File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
            File Name: [ C:\WINDOWS\system32\imm32.dll ]
            File Name: [ C:\WINDOWS\system32\iphlpapi.dll ]
            File Name: [ C:\WINDOWS\system32\l_intl.nls ]
            File Name: [ C:\WINDOWS\system32\mscoree.dll ]
            File Name: [ C:\WINDOWS\system32\msv1_0.dll ]
            File Name: [ C:\WINDOWS\system32\mswsock.dll ]
            File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
            File Name: [ C:\WINDOWS\system32\rasapi32.dll ]
            File Name: [ C:\WINDOWS\system32\rasman.dll ]
            File Name: [ C:\WINDOWS\system32\rpcss.dll ]
            File Name: [ C:\WINDOWS\system32\rsaenh.dll ]
            File Name: [ C:\WINDOWS\system32\rtutils.dll ]
            File Name: [ C:\WINDOWS\system32\shell32.dll ]
            File Name: [ C:\WINDOWS\system32\winlogon.exe ]
            File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]
            File Name: [ C:\alterMW3.e.exe ]
    
    [=============================================================================]
        2.c) alterMW3.e.exe - Windows Service Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Services Started:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Service: [ RASMAN ]
    
    [=============================================================================]
        2.d) alterMW3.e.exe - Network Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        DNS Queries:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Name: [ e.content.alteriw.net ], Query Type: [ DNS_TYPE_A ],
                Query Result: [ 109.163.230.23 ], Successful: [ YES ], Protocol: [ udp ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        HTTP Conversations:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            From ANUBIS:1029 to 109.163.230.23:80 - [ e.content.alteriw.net ]
                 Request: [ GET /iw5m//caches.xml ], Response: [ 200 "OK" ]
                 Request: [ GET /iw5m//iw5m-client/info.xml ], Response: [ 200 "OK" ]
                 Request: [ HEAD /iw5m//iw5m-client/iw5m.dll.lzma ], Response: [ 200 "OK" ]
                 Request: [ GET /iw5m//iw5m-client/iw5m.dll.lzma ], Response: [ 206 "Partial Content" ]
    
    
    [=============================================================================]
        2.e) alterMW3.e.exe - Other Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Mutexes Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ DBWinMutex ]
            Mutex: [ Global\.net clr networking ]
            Mutex: [ MSCTF.Shared.MUTEX.IFG ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Windows SEH exceptions:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Description: [ Exception 0xe06d7363 at 0x7c812aeb ], 2 times
    
            Description: [ Exception 0x40010006 at 0x7c812aeb ], 1 time
    
    
    
    
    [#############################################################################]
        3. services.exe
    [#############################################################################]
    [=============================================================================]
        General information about this executable
    [=============================================================================]
            Analysis Reason: A service was started.
            Filename:        services.exe
            MD5:             0e776ed5f7cc9f94299e70461b7b8185
            SHA-1:           cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
            File Size:       108544 Bytes
            Command Line:    C:\WINDOWS\system32\services.exe
            Process-status
            at analysis end: alive
            Exit Code:       0
    
    [=============================================================================]
        Load-time Dlls
    [=============================================================================]
            Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
                   Base Address: [0x7C900000 ], Size: [0x000AF000 ]
            Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
                   Base Address: [0x7C800000 ], Size: [0x000F6000 ]
            Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
                   Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
            Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
                   Base Address: [0x77E70000 ], Size: [0x00092000 ]
            Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
                   Base Address: [0x77FE0000 ], Size: [0x00011000 ]
            Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
                   Base Address: [0x77C10000 ], Size: [0x00058000 ]
            Module Name: [ C:\WINDOWS\system32\NCObjAPI.DLL ],
                   Base Address: [0x5F770000 ], Size: [0x0000C000 ]
            Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ],
                   Base Address: [0x76080000 ], Size: [0x00065000 ]
            Module Name: [ C:\WINDOWS\system32\SCESRV.dll ],
                   Base Address: [0x7DBD0000 ], Size: [0x00051000 ]
            Module Name: [ C:\WINDOWS\system32\AUTHZ.dll ],
                   Base Address: [0x776C0000 ], Size: [0x00012000 ]
            Module Name: [ C:\WINDOWS\system32\USER32.dll ],
                   Base Address: [0x7E410000 ], Size: [0x00091000 ]
            Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
                   Base Address: [0x77F10000 ], Size: [0x00049000 ]
            Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
                   Base Address: [0x769C0000 ], Size: [0x000B4000 ]
            Module Name: [ C:\WINDOWS\system32\umpnpmgr.dll ],
                   Base Address: [0x7DBA0000 ], Size: [0x00021000 ]
            Module Name: [ C:\WINDOWS\system32\WINSTA.dll ],
                   Base Address: [0x76360000 ], Size: [0x00010000 ]
            Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
                   Base Address: [0x5B860000 ], Size: [0x00055000 ]
            Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
                   Base Address: [0x5CB70000 ], Size: [0x00026000 ]
            Module Name: [ C:\WINDOWS\AppPatch\AcAdProc.dll ],
                   Base Address: [0x47260000 ], Size: [0x0000F000 ]
            Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
                   Base Address: [0x77B40000 ], Size: [0x00022000 ]
            Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
                   Base Address: [0x77C00000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\eventlog.dll ],
                   Base Address: [0x77B70000 ], Size: [0x00011000 ]
            Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
                   Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
            Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
                   Base Address: [0x71AB0000 ], Size: [0x00017000 ]
            Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
                   Base Address: [0x71AA0000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\wtsapi32.dll ],
                   Base Address: [0x76F50000 ], Size: [0x00008000 ]
    
    [=============================================================================]
        3.a) services.exe - Registry Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Keys Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control ]
            Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
                 Value Name: [ Sources ], New Value: [ 0x4d006900630072006f0073006f0066007400200048002e00330032003300 ]
            Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control ], 
                 Value Name: [ ActiveService ], New Value: [ RasMan ]
            Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control ], 
                 Value Name: [ ActiveService ], New Value: [ TapiSrv ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME ], 
                 Value Name: [ ComputerName ], Value: [ PC ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0303\4&2C5A7332&0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96B-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0400\4&2C5A7332&0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E978-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0501\1 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E978-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0700\4&2C5A7332&0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E969-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0A03\1 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0F13\4&2C5A7332&0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96F-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI_HAL\PNP0C08\0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\DISPLAY\DEFAULT_MONITOR\4&2946A9FF&0&11223344&00&02 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96E-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\IDE\CDROMQEMU_QEMU_CD-ROM________________________0.9.____\4D51303030302033202020202020202020202020 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E965-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\IDE\DISKQEMU_HARDDISK___________________________0.9.1___\4D51303030302031202020202020202020202020 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E967-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ISAPNP\READDATAPORT\0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\LPTENUM\MICROSOFTRAWPORT\5&34A37E9F&0&LPT1 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCIIDE\IDECHANNEL\4&3DE75EA&0&0 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCIIDE\IDECHANNEL\4&3DE75EA&0&1 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_1013&DEV_00B8&SUBSYS_00000000&REV_00\3&13C0B0C5&0&10 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E968-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ], 
                 Value Name: [ DeviceDesc ], Value: [ Realtek RTL8029(AS)-based Ethernet Adapter (Generic) ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ], 
                 Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0001 ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ], 
                 Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0008 ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ], 
                 Value Name: [ FriendlyName ], Value: [ Realtek RTL8029(AS)-based Ethernet Adapter (Generic) #2 ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_1237&SUBSYS_00000000&REV_02\3&13C0B0C5&0&00 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_7000&SUBSYS_00000000&REV_00\3&13C0B0C5&0&08 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_7010&SUBSYS_00000000&REV_00\3&13C0B0C5&0&09 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\ACPI_HAL\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E966-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\DMIO\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\FTDISK\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_AFD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_BEEP\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DMBOOT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DMLOAD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_FIPS\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_GPC\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_HTTP\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_IPNAT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_IPSEC\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_KSECDD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MNMDD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MOUNTMGR\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDISTAPI\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDISUIO\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDIS\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDPROXY\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NETBT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NULL\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_PARTMGR\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_PARVDM\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_RASACD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_RDPCDD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_TCPIP\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_VGASAVE\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_VOLSNAP\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WANARP\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMACM ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMDRV ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMMCI ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMVCD ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMVID ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_L2TPMINIPORT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ], 
                 Value Name: [ DeviceDesc ], Value: [ WAN Miniport (IP) ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ], 
                 Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0007 ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PPPOEMINIPORT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PPTPMINIPORT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PTIMINIPORT\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDPDR\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDP_KBD\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDP_MOU\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0000 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0001 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0002 ], 
                 Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\STORAGE\VOLUME\1&30A96598&0&SIGNATUREB15FB15FOFFSET7E00LENGTH13F291800 ], 
                 Value Name: [ ClassGUID ], Value: [ {71A27CDD-812A-11D0-BEC7-08002BE2092F} ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG ], 
                 Value Name: [ ComputerName ], Value: [ PC ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
                 Value Name: [ AutoBackupLogFiles ], Value: [ 0 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
                 Value Name: [ File ], Value: [ %SystemRoot%\system32\config\AppEvent.Evt ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
                 Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
                 Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
                 Value Name: [ Retention ], Value: [ 604800 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
                 Value Name: [ File ], Value: [ %SystemRoot%\System32\config\SecEvent.Evt ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
                 Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
                 Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
                 Value Name: [ Retention ], Value: [ 604800 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
                 Value Name: [ File ], Value: [ %SystemRoot%\system32\config\SysEvent.Evt ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
                 Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
                 Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
                 Value Name: [ Retention ], Value: [ 604800 ], 4 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\PlugPlay ], 
                 Value Name: [ PlugPlayServiceType ], Value: [ 3 ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RasMan\Enum ], 
                 Value Name: [ 0 ], Value: [ Root\LEGACY_RASMAN\0000 ], 3 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RasMan\Enum ], 
                 Value Name: [ Count ], Value: [ 1 ], 6 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RpcSs\Enum ], 
                 Value Name: [ 0 ], Value: [ Root\LEGACY_RPCSS\0000 ], 1 time
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RpcSs\Enum ], 
                 Value Name: [ Count ], Value: [ 1 ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\TapiSrv\Enum ], 
                 Value Name: [ 0 ], Value: [ Root\LEGACY_TAPISRV\0000 ], 2 times
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\TapiSrv\Enum ], 
                 Value Name: [ Count ], Value: [ 1 ], 4 times
            Key: [ HKLM\System\CurrentControlSet\Services\PlugPlay ], 
                 Value Name: [ ObjectName ], Value: [ LocalSystem ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Services\RasMan ], 
                 Value Name: [ ImagePath ], Value: [ %SystemRoot%\system32\svchost.exe -k netsvcs ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Services\RasMan ], 
                 Value Name: [ ObjectName ], Value: [ LocalSystem ], 2 times
            Key: [ HKLM\System\CurrentControlSet\Services\RpcSs ], 
                 Value Name: [ ObjectName ], Value: [ NT AUTHORITY\NetworkService ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Services\TapiSrv ], 
                 Value Name: [ ImagePath ], Value: [ %SystemRoot%\System32\svchost.exe -k netsvcs ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Services\TapiSrv ], 
                 Value Name: [ ObjectName ], Value: [ LocalSystem ], 2 times
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Monitored Registry Keys:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG ], 
                 Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 4 times
    
    
    [=============================================================================]
        3.b) services.exe - File Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\ntsvcs, Flags: Named pipe ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER, Flags: Named pipe ]
            File Name: [ C:\WINDOWS\system32\config\SysEvent.Evt ]
            File Name: [ C:\ntsvcs, Flags: Named pipe ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File System Control Communication:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File: [ C:\net\NtControlPipe4, Flags: Named pipe ], Control Code: [ 0x0011C017 ], 2 times
            File: [ C:\ntsvcs, Flags: Named pipe ], Control Code: [ 0x0011001C ], 4 times
    Client Info:
    http://a.content.alteriw.net/iw5m//iw5m-client/info.xml

    HTTP Debug:
    Code:
    #    Result    Protocol    Host    URL    Body    Caching    Content-Type    Process    Comments    Custom    
    4    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/iw5m.dll.lzma    0        application/octet-stream    altermw3:2232    [#4]         
    5    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/iw5m.dll.lzma    696.051        application/octet-stream    altermw3:2232    [#5]         
    6    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/iw5mp.exe.lzma    0        application/octet-stream    altermw3:2232    [#6]         
    7    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/iw5mp.exe.lzma    2.144.288        application/octet-stream    altermw3:2232    [#7]         
    8    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/libnp.dll.lzma    0        application/octet-stream    altermw3:2232    [#8]         
    9    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/libnp.dll.lzma    230.959        application/octet-stream    altermw3:2232    [#9]         
    10    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/steam_api.dll.lzma    0        application/octet-stream    altermw3:2232    [#10]         
    11    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/steam_api.dll.lzma    986        application/octet-stream    altermw3:2232    [#11]         
    12    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx.ff.lzma    0        application/octet-stream    altermw3:2232    [#12]         
    13    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx.ff.lzma    1.359.920        application/octet-stream    altermw3:2232    [#13]         
    14    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#14]         
    15    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx_mp.ff.lzma    231.061        application/octet-stream    altermw3:2232    [#15]         
    16    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx.ff.lzma    0        application/octet-stream    altermw3:2232    [#16]         
    17    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx.ff.lzma    4.086        application/octet-stream    altermw3:2232    [#17]         
    18    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#18]         
    19    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx_mp.ff.lzma    22.694        application/octet-stream    altermw3:2232    [#19]         
    20    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_post_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#20]         
    21    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_post_gfx_mp.ff.lzma    1.272.404        application/octet-stream    altermw3:2232    [#21]         
    22    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_pre_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#22]         
    23    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_pre_gfx_mp.ff.lzma    22.102        application/octet-stream    altermw3:2232    [#23]         
    24    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/localized_ui_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#24]         
    25    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/localized_ui_mp.ff.lzma    1.563.367        application/octet-stream    altermw3:2232    [#25]         
    26    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch.ff.lzma    0        application/octet-stream    altermw3:2232    [#26]         
    27    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch.ff.lzma    86.695        application/octet-stream    altermw3:2232    [#27]         
    28    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hamburg.ff.lzma    0        application/octet-stream    altermw3:2232    [#28]         
    29    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hamburg.ff.lzma    2.876        application/octet-stream    altermw3:2232    [#29]         
    30    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hijack.ff.lzma    0        application/octet-stream    altermw3:2232    [#30]         
    31    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hijack.ff.lzma    3.627        application/octet-stream    altermw3:2232    [#31]         
    32    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_innocent.ff.lzma    0        application/octet-stream    altermw3:2232    [#32]         
    33    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_innocent.ff.lzma    3.019        application/octet-stream    altermw3:2232    [#33]         
    34    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_london.ff.lzma    0        application/octet-stream    altermw3:2232    [#34]         
    35    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_london.ff.lzma    25.471        application/octet-stream    altermw3:2232    [#35]         
    36    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#36]         
    37    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp.ff.lzma    592.364        application/octet-stream    altermw3:2232    [#37]         
    38    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_dome.ff.lzma    0        application/octet-stream    altermw3:2232    [#38]         
    39    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_dome.ff.lzma    22.025        application/octet-stream    altermw3:2232    [#39]         
    40    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_exchange.ff.lzma    0        application/octet-stream    altermw3:2232    [#40]         
    41    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_exchange.ff.lzma    22.023        application/octet-stream    altermw3:2232    [#41]         
    42    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_lambeth.ff.lzma    0        application/octet-stream    altermw3:2232    [#42]         
    43    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_lambeth.ff.lzma    21.973        application/octet-stream    altermw3:2232    [#43]         
    44    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_paris.ff.lzma    0        application/octet-stream    altermw3:2232    [#44]         
    45    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_paris.ff.lzma    22.024        application/octet-stream    altermw3:2232    [#45]         
    46    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_radar.ff.lzma    0        application/octet-stream    altermw3:2232    [#46]         
    47    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_radar.ff.lzma    22.090        application/octet-stream    altermw3:2232    [#47]         
    48    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_underground.ff.lzma    0        application/octet-stream    altermw3:2232    [#48]         
    49    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_underground.ff.lzma    22.029        application/octet-stream    altermw3:2232    [#49]         
    50    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_village.ff.lzma    0        application/octet-stream    altermw3:2232    [#50]         
    51    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_village.ff.lzma    21.973        application/octet-stream    altermw3:2232    [#51]         
    52    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_paris_ac130.ff.lzma    0        application/octet-stream    altermw3:2232    [#52]         
    53    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_paris_ac130.ff.lzma    58.108        application/octet-stream    altermw3:2232    [#53]         
    54    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_prague_escape.ff.lzma    0        application/octet-stream    altermw3:2232    [#54]         
    55    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_prague_escape.ff.lzma    7.507        application/octet-stream    altermw3:2232    [#55]         
    56    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_ied_berlin.ff.lzma    0        application/octet-stream    altermw3:2232    [#56]         
    57    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_ied_berlin.ff.lzma    7.537        application/octet-stream    altermw3:2232    [#57]         
    58    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_littlebird_payback.ff.lzma    0        application/octet-stream    altermw3:2232    [#58]         
    59    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_littlebird_payback.ff.lzma    156        application/octet-stream    altermw3:2232    [#59]         
    60    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_bootleg.ff.lzma    0        application/octet-stream    altermw3:2232    [#60]         
    61    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_bootleg.ff.lzma    872        application/octet-stream    altermw3:2232    [#61]         
    62    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_dome.ff.lzma    0        application/octet-stream    altermw3:2232    [#62]         
    63    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_dome.ff.lzma    603        application/octet-stream    altermw3:2232    [#63]         
    64    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_village.ff.lzma    0        application/octet-stream    altermw3:2232    [#64]         
    65    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_village.ff.lzma    351        application/octet-stream    altermw3:2232    [#65]         
    66    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_zodiac2_ny_harbor.ff.lzma    0        application/octet-stream    altermw3:2232    [#66]         
    67    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_zodiac2_ny_harbor.ff.lzma    869        application/octet-stream    altermw3:2232    [#67]         
    68    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_specialops.ff.lzma    0        application/octet-stream    altermw3:2232    [#68]         
    69    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_specialops.ff.lzma    84.220        application/octet-stream    altermw3:2232    [#69]         
    70    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_berlin.ff.lzma    0        application/octet-stream    altermw3:2232    [#70]         
    71    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_berlin.ff.lzma    315        application/octet-stream    altermw3:2232    [#71]         
    72    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_intro.ff.lzma    0        application/octet-stream    altermw3:2232    [#72]         
    73    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_intro.ff.lzma    1.223        application/octet-stream    altermw3:2232    [#73]         
    74    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_harbor.ff.lzma    0        application/octet-stream    altermw3:2232    [#74]         
    75    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_harbor.ff.lzma    1.239        application/octet-stream    altermw3:2232    [#75]         
    76    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_manhattan.ff.lzma    0        application/octet-stream    altermw3:2232    [#76]         
    77    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_manhattan.ff.lzma    440        application/octet-stream    altermw3:2232    [#77]         
    78    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_warlord.ff.lzma    0        application/octet-stream    altermw3:2232    [#78]         
    79    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_warlord.ff.lzma    131.830        application/octet-stream    altermw3:2232    [#79]         
    80    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_survival.ff.lzma    0        application/octet-stream    altermw3:2232    [#80]         
    81    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/patch_survival.ff.lzma    238.694        application/octet-stream    altermw3:2232    [#81]         
    82    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/ui.ff.lzma    0        application/octet-stream    altermw3:2232    [#82]         
    83    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/ui.ff.lzma    288.049        application/octet-stream    altermw3:2232    [#83]         
    84    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/ui_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#84]         
    85    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/zone/english/ui_mp.ff.lzma    22.554        application/octet-stream    altermw3:2232    [#85]         
    86    200    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/main/iw_23.iwd.lzma    0        application/octet-stream    altermw3:2232    [#86]         
    87    206    HTTP    a.content.alteriw.net    /iw5m//iw5m-client/main/iw_23.iwd.lzma    1.250.656        application/octet-stream    altermw3:2232    [#87]
    Scans
    aIW Client Decompiled.zip -
    https://www.virustotal.com/file/113e...is/1328737077/

    <b>Downloadable Files</b> Downloadable Files

  2. The Following 17 Users Say Thank You to House For This Useful Post:

    DaCreepyKiller (05-29-2012),djmarvin (04-27-2012),gmack101 (03-12-2014),h3o66 (04-26-2012),hawkk123 (04-29-2012),hellboy1133 (07-16-2012),imad mazigh (08-03-2012),jadjkorn64 (04-29-2012),jariz (05-08-2012),jeancarloz (04-29-2012),KeyTools (12-05-2012),NarutoSenpai (04-27-2012),Rkafisking (02-09-2012),Sa3id (07-06-2015),scrubness (04-28-2012),segamw123 (08-29-2012),xxGmister95xx (05-11-2012)

  3. #2
    lolbie's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Netherlands
    Posts
    5,207
    Reputation
    288
    Thanks
    2,090
    My Mood
    Angelic
    aaappprrroovvveedddd
    I love it when people keep their agreements /sarcasm ftw

  4. The Following User Says Thank You to lolbie For This Useful Post:

    House (02-08-2012)

  5. #3
    onemoar's Avatar
    Join Date
    Jun 2010
    Gender
    male
    Location
    sadsa
    Posts
    21
    Reputation
    10
    Thanks
    1
    My Mood
    Aggressive
    lulz ......

  6. #4
    master131's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Melbourne, Australia
    Posts
    8,802
    Reputation
    3165
    Thanks
    73,323
    My Mood
    Breezy
    Nothing really interesting about it, just downloads the latest cache files and performs some file checks. If the versions don't match, it downloads the latest version.
    Donate:
    BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9


    Handy Tools/Hacks:
    Extreme Injector v3.6.1 *NEW* Windows 10 compatible!
    A powerful and advanced injector in a simple GUI.
    Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!

    Minion Since: 13th January 2011
    Moderator Since: 6th May 2011
    Global Moderator Since: 29th April 2012
    Super User/Unknown Since: 23rd July 2013
    'Game Hacking' Team Since: 30th July 2013

    --My Art--
    [Roxas - Pixel Art, WIP]
    [Natsu - Drawn]
    [Natsu - Coloured]


    All drawings are coloured using Photoshop.

    --Gifts--
    [Kyle]

  7. #5
    Anonymous..'s Avatar
    Join Date
    Nov 2011
    Gender
    male
    Posts
    84
    Reputation
    10
    Thanks
    4
    Nice! By the way, how did you decompile it? Seems interesing. :P

  8. #6
    Rkafisking's Avatar
    Join Date
    Feb 2012
    Gender
    male
    Posts
    22
    Reputation
    10
    Thanks
    9
    Quote Originally Posted by Anonymous.. View Post
    Nice! By the way, how did you decompile it? Seems interesing. :P
    aIW Client Decompiled.zip (169.7 KB, 39 views)

  9. #7
    House's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    2,990
    Reputation
    223
    Thanks
    8,952
    My Mood
    Cynical
    Quote Originally Posted by Anonymous.. View Post
    Nice! By the way, how did you decompile it? Seems interesing. :P
    Obviously with a decompiler

  10. #8
    Jorndel's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Norway
    Posts
    8,674
    Reputation
    905
    Thanks
    18,540
    My Mood
    Angelic
    Quote Originally Posted by House View Post


    Obviously with a decompiler
    Suppose he used IDA.

     
    Contributor 01.27.2012 - N/A
    Donator 07-17-2012 - Current
    Editor/Manager 12-16-12 - N/A
    Minion 01-10-2013 - 07.17.13
    Former Staff 09-20-2012 - 01-10-2013 / 07-17-2013 - Current
    Cocksucker 20-04-2013 - N/A

  11. #9
    majeric's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    23
    Reputation
    10
    Thanks
    1
    My Mood
    Asleep
    I tried to decompile it with .NET Reflector, but when I open it in VS as a Solution I cannot debug it directly like yours. I think there is no need to state that I'm beginner but I like to search through the code, so I would be glad if you tell me how to do that. Thanks!

  12. #10
    misshoneybee's Avatar
    Join Date
    Aug 2010
    Gender
    female
    Posts
    89
    Reputation
    10
    Thanks
    13
    My Mood
    Amazed
    Quote Originally Posted by House View Post


    Obviously with a decompiler
    would be really happy If you could post a tut on how you decompiled it so errorless


  13. #11
    Jorndel's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Norway
    Posts
    8,674
    Reputation
    905
    Thanks
    18,540
    My Mood
    Angelic
    Quote Originally Posted by misshoneybee View Post
    would be really happy If you could post a tut on how you decompiled it so errorless
    You would need to have the right programs.
    And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.

    But try to find IDA, it's a good decompiler.
    But you would need some coding knowledge to be able to do this anyway.
    Not just press Decompile and select the file.

    Needs some more knowledge.


    Me myself never had the big interest in decompiling others work.
    I just do it for security reasons. (Or if there is something that I see that I would know how works.)

     
    Contributor 01.27.2012 - N/A
    Donator 07-17-2012 - Current
    Editor/Manager 12-16-12 - N/A
    Minion 01-10-2013 - 07.17.13
    Former Staff 09-20-2012 - 01-10-2013 / 07-17-2013 - Current
    Cocksucker 20-04-2013 - N/A

  14. #12
    House's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    2,990
    Reputation
    223
    Thanks
    8,952
    My Mood
    Cynical
    Quote Originally Posted by Jorndel View Post
    You would need to have the right programs.
    And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.

    But try to find IDA, it's a good decompiler.
    But you would need some coding knowledge to be able to do this anyway.
    Not just press Decompile and select the file.

    Needs some more knowledge.


    Me myself never had the big interest in decompiling others work.
    I just do it for security reasons. (Or if there is something that I see that I would know how works.)
    IDA = disassembler and debugger
    .NET Reflector = .NET decompiler and assembly browser (this has been done using it)

    ...go figure

  15. #13
    majeric's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    23
    Reputation
    10
    Thanks
    1
    My Mood
    Asleep
    As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.
    Last edited by majeric; 02-10-2012 at 08:49 AM.

  16. #14
    Jorndel's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    Norway
    Posts
    8,674
    Reputation
    905
    Thanks
    18,540
    My Mood
    Angelic
    Quote Originally Posted by majeric View Post
    As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.
    Well, what you need to know?
    Open the file you want to read.
    Press the + next to it.

    And then you press the + on the one named the same as the first item in the list you pressed.
    Then you look there.

    PS: You need to know an language ofc.

     
    Contributor 01.27.2012 - N/A
    Donator 07-17-2012 - Current
    Editor/Manager 12-16-12 - N/A
    Minion 01-10-2013 - 07.17.13
    Former Staff 09-20-2012 - 01-10-2013 / 07-17-2013 - Current
    Cocksucker 20-04-2013 - N/A

  17. #15
    House's Avatar
    Join Date
    Mar 2010
    Gender
    male
    Posts
    2,990
    Reputation
    223
    Thanks
    8,952
    My Mood
    Cynical
    Quote Originally Posted by majeric View Post
    As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.
    The code from decompiling will never be 100% correct so you need some of programming experience to correct it ... also this particular project contains .NET reference which has to be added to the project

Page 1 of 2 12 LastLast

Similar Threads

  1. DOWNLOAD WoW.exe HERE! (Full Client For MPGH Server)
    By RebornAce in forum General Gaming
    Replies: 25
    Last Post: 05-14-2006, 03:54 AM
  2. Warrock Client
    By EleMentX in forum WarRock - International Hacks
    Replies: 6
    Last Post: 02-10-2006, 06:42 AM
  3. Japanese and Korean clients
    By Dave84311 in forum Gunz General
    Replies: 10
    Last Post: 02-08-2006, 04:00 PM
  4. where can i get older client?
    By DrKaOs in forum WarRock - International Hacks
    Replies: 5
    Last Post: 02-05-2006, 11:04 AM