alterMW3 Client Decompiled + Analysis

[House]

Had some spare time and Decompiled aiwmw3 client in C#... got it errorless with halp of @jariz ... also did some analysis of network and registry that is being edited .. this is could help guys who want to build their little tools or learn some code or smd

Code:

        Analysis Reason: Primary Analysis Subject
        Filename:        alterMW3.e.exe
        MD5:             1dd78280faf6ba82d0c56d1089623721
        SHA-1:           a18dfe9985263fd1d2cea4e1f618eba237190b24
        File Size:       456704 Bytes
        Process-status
        at analysis end: alive
        Exit Code:       0

[=============================================================================]
    Load-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
               Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\mscoree.dll ],
               Base Address: [0x79000000 ], Size: [0x0004A000 ]
        Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ],
               Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
               Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
               Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
               Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ],
               Base Address: [0x603B0000 ], Size: [0x00066000 ]
        Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
               Base Address: [0x77F60000 ], Size: [0x00076000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
               Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\USER32.dll ],
               Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
               Base Address: [0x77C10000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ],
               Base Address: [0x79E70000 ], Size: [0x0058F000 ]
        Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
               Base Address: [0x78130000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\shell32.dll ],
               Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
        Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
               Base Address: [0x773D0000 ], Size: [0x00103000 ]
        Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
               Base Address: [0x5D090000 ], Size: [0x0009A000 ]
        Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ],
               Base Address: [0x790C0000 ], Size: [0x00B36000 ]
        Module Name: [ C:\WINDOWS\system32\ole32.dll ],
               Base Address: [0x774E0000 ], Size: [0x0013D000 ]
        Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ],
               Base Address: [0x79060000 ], Size: [0x00056000 ]
        Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ],
               Base Address: [0x60340000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\rsaenh.dll ],
               Base Address: [0x68000000 ], Size: [0x00036000 ]
        Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ],
               Base Address: [0x7A440000 ], Size: [0x007EA000 ]
        Module Name: [ C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ],
               Base Address: [0x6D990000 ], Size: [0x00026000 ]
        Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll ],
               Base Address: [0x637A0000 ], Size: [0x00588000 ]
        Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
               Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\b4770b4e285d48c83f725266ceb02598\System.Core.ni.dll ],
               Base Address: [0x6C190000 ], Size: [0x00244000 ]
        Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll ],
               Base Address: [0x64890000 ], Size: [0x000FC000 ]
        Module Name: [ C:\WINDOWS\system32\rasapi32.dll ],
               Base Address: [0x76EE0000 ], Size: [0x0003C000 ]
        Module Name: [ C:\WINDOWS\system32\rasman.dll ],
               Base Address: [0x76E90000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
               Base Address: [0x5B860000 ], Size: [0x00055000 ]
        Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
               Base Address: [0x71AB0000 ], Size: [0x00017000 ]
        Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
               Base Address: [0x71AA0000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
               Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
        Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
               Base Address: [0x76E80000 ], Size: [0x0000E000 ]
        Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
               Base Address: [0x76B40000 ], Size: [0x0002D000 ]
        Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
               Base Address: [0x71A50000 ], Size: [0x0003F000 ]
        Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
               Base Address: [0x662B0000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
               Base Address: [0x71A90000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\msv1_0.dll ],
               Base Address: [0x77C70000 ], Size: [0x00024000 ]
        Module Name: [ C:\WINDOWS\system32\iphlpapi.dll ],
               Base Address: [0x76D60000 ], Size: [0x00019000 ]
        Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
               Base Address: [0x76F20000 ], Size: [0x00027000 ]
        Module Name: [ C:\WINDOWS\System32\winrnr.dll ],
               Base Address: [0x76FB0000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
               Base Address: [0x76F60000 ], Size: [0x0002C000 ]
        Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
               Base Address: [0x76FC0000 ], Size: [0x00006000 ]
        Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
               Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
        Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
               Base Address: [0x77050000 ], Size: [0x000C5000 ]
        Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
               Base Address: [0x77120000 ], Size: [0x0008B000 ]
        Module Name: [ C:\WINDOWS\system32\browseui.dll ],
               Base Address: [0x75F80000 ], Size: [0x000FD000 ]
        Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
               Base Address: [0x03360000 ], Size: [0x002C5000 ]
        Module Name: [ C:\WINDOWS\system32\browselc.dll ],
               Base Address: [0x71600000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
               Base Address: [0x74720000 ], Size: [0x0004C000 ]
        Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
               Base Address: [0x5AD70000 ], Size: [0x00038000 ]

[=============================================================================]
    2.a) alterMW3.e.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
             Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\Software\Classes ], 
             Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
        Key: [ HKLM\Software\Classes\CLSID ], 
             Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times
        Key: [ HKLM\Software\Microsoft\COM3 ], 
             Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ], 
             Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], 
             Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], 
             Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
        Key: [ HKU ], 
             Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ], 
             Watch subtree: [ 1 ], Notify Filter: [ Value Change ], 1 time


[=============================================================================]
    2.b) alterMW3.e.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\Program Files\Common Files\9C40EE6610F10C90725B49422C8BB406F5CACF92.cpart ]
        File Name: [ C:\Program Files\Common Files\DBNetwork.Indigo.SxS.log ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config ]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config ]
        File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ]
        File Name: [ C:\WINDOWS\system32\rsaenh.dll ]
        File Name: [ PIPE\ROUTER ]
        File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\Program Files\Common Files\9C40EE6610F10C90725B49422C8BB406F5CACF92.cpart ]
        File Name: [ C:\Program Files\Common Files\DBNetwork.Indigo.SxS.log ]
        File Name: [ Ip ]
        File Name: [ PIPE\ROUTER ]
        File Name: [ PIPE\lsarpc ]
        File Name: [ \Device\Afd\Endpoint ]
        File Name: [ \Device\Ip ]
        File Name: [ \Device\NetBT_Tcpip_{1AD45B38-4060-4F73-BB1E-A0439A2D97EB} ]
        File Name: [ \Device\RasAcd ]
        File Name: [ \Device\Tcp ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
        File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 7 times
        File: [ PIPE\ROUTER ], Control Code: [ 0x0011C017 ], 3 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 13 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 3 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 4 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_EVENT_SELECT (0x00012087) ], 2 times
        File: [ \Device\Tcp ], Control Code: [ 0x00120003 ], 72 times
        File: [ \Device\Ip ], Control Code: [ 0x00120040 ], 10 times
        File: [ \Device\Ip ], Control Code: [ 0x00120090 ], 4 times
        File: [ \Device\NetBT_Tcpip_{1AD45B38-4060-4F73-BB1E-A0439A2D97EB} ], Control Code: [ 0x0021009A ], 4 times
        File: [ \Device\RasAcd ], Control Code: [ 0x00F14014 ], 1 time
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 1 time
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 4 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 95 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 3 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll ]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ]
        File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ]
        File Name: [ C:\WINDOWS\System32\winrnr.dll ]
        File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
        File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ]
        File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
        File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
        File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp ]
        File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp ]
        File Name: [ C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ]
        File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll ]
        File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\b4770b4e285d48c83f725266ceb02598\System.Core.ni.dll ]
        File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll ]
        File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ]
        File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ]
        File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ]
        File Name: [ C:\WINDOWS\system32\COMRes.dll ]
        File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
        File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
        File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
        File Name: [ C:\WINDOWS\system32\WINMM.dll ]
        File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
        File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
        File Name: [ C:\WINDOWS\system32\browselc.dll ]
        File Name: [ C:\WINDOWS\system32\browseui.dll ]
        File Name: [ C:\WINDOWS\system32\comctl32.dll ]
        File Name: [ C:\WINDOWS\system32\crypt32.dll ]
        File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
        File Name: [ C:\WINDOWS\system32\imm32.dll ]
        File Name: [ C:\WINDOWS\system32\iphlpapi.dll ]
        File Name: [ C:\WINDOWS\system32\l_intl.nls ]
        File Name: [ C:\WINDOWS\system32\mscoree.dll ]
        File Name: [ C:\WINDOWS\system32\msv1_0.dll ]
        File Name: [ C:\WINDOWS\system32\mswsock.dll ]
        File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
        File Name: [ C:\WINDOWS\system32\rasapi32.dll ]
        File Name: [ C:\WINDOWS\system32\rasman.dll ]
        File Name: [ C:\WINDOWS\system32\rpcss.dll ]
        File Name: [ C:\WINDOWS\system32\rsaenh.dll ]
        File Name: [ C:\WINDOWS\system32\rtutils.dll ]
        File Name: [ C:\WINDOWS\system32\shell32.dll ]
        File Name: [ C:\WINDOWS\system32\winlogon.exe ]
        File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]
        File Name: [ C:\alterMW3.e.exe ]

[=============================================================================]
    2.c) alterMW3.e.exe - Windows Service Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Services Started:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Service: [ RASMAN ]

[=============================================================================]
    2.d) alterMW3.e.exe - Network Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    DNS Queries:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Name: [ e.content.alteriw.net ], Query Type: [ DNS_TYPE_A ],
            Query Result: [ 109.163.230.23 ], Successful: [ YES ], Protocol: [ udp ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    HTTP Conversations:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        From ANUBIS:1029 to 109.163.230.23:80 - [ e.content.alteriw.net ]
             Request: [ GET /iw5m//caches.xml ], Response: [ 200 "OK" ]
             Request: [ GET /iw5m//iw5m-client/info.xml ], Response: [ 200 "OK" ]
             Request: [ HEAD /iw5m//iw5m-client/iw5m.dll.lzma ], Response: [ 200 "OK" ]
             Request: [ GET /iw5m//iw5m-client/iw5m.dll.lzma ], Response: [ 206 "Partial Content" ]


[=============================================================================]
    2.e) alterMW3.e.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ DBWinMutex ]
        Mutex: [ Global\.net clr networking ]
        Mutex: [ MSCTF.Shared.MUTEX.IFG ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Windows SEH exceptions:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Description: [ Exception 0xe06d7363 at 0x7c812aeb ], 2 times

        Description: [ Exception 0x40010006 at 0x7c812aeb ], 1 time




[#############################################################################]
    3. services.exe
[#############################################################################]
[=============================================================================]
    General information about this executable
[=============================================================================]
        Analysis Reason: A service was started.
        Filename:        services.exe
        MD5:             0e776ed5f7cc9f94299e70461b7b8185
        SHA-1:           cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
        File Size:       108544 Bytes
        Command Line:    C:\WINDOWS\system32\services.exe
        Process-status
        at analysis end: alive
        Exit Code:       0

[=============================================================================]
    Load-time Dlls
[=============================================================================]
        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
               Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
               Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
               Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
               Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
               Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
               Base Address: [0x77C10000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\system32\NCObjAPI.DLL ],
               Base Address: [0x5F770000 ], Size: [0x0000C000 ]
        Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ],
               Base Address: [0x76080000 ], Size: [0x00065000 ]
        Module Name: [ C:\WINDOWS\system32\SCESRV.dll ],
               Base Address: [0x7DBD0000 ], Size: [0x00051000 ]
        Module Name: [ C:\WINDOWS\system32\AUTHZ.dll ],
               Base Address: [0x776C0000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\USER32.dll ],
               Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
               Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
               Base Address: [0x769C0000 ], Size: [0x000B4000 ]
        Module Name: [ C:\WINDOWS\system32\umpnpmgr.dll ],
               Base Address: [0x7DBA0000 ], Size: [0x00021000 ]
        Module Name: [ C:\WINDOWS\system32\WINSTA.dll ],
               Base Address: [0x76360000 ], Size: [0x00010000 ]
        Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
               Base Address: [0x5B860000 ], Size: [0x00055000 ]
        Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
               Base Address: [0x5CB70000 ], Size: [0x00026000 ]
        Module Name: [ C:\WINDOWS\AppPatch\AcAdProc.dll ],
               Base Address: [0x47260000 ], Size: [0x0000F000 ]
        Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
               Base Address: [0x77B40000 ], Size: [0x00022000 ]
        Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
               Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\eventlog.dll ],
               Base Address: [0x77B70000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
               Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
        Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
               Base Address: [0x71AB0000 ], Size: [0x00017000 ]
        Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
               Base Address: [0x71AA0000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\wtsapi32.dll ],
               Base Address: [0x76F50000 ], Size: [0x00008000 ]

[=============================================================================]
    3.a) services.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Keys Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control ]
        Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
             Value Name: [ Sources ], New Value: [ 0x4d006900630072006f0073006f0066007400200048002e00330032003300 ]
        Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control ], 
             Value Name: [ ActiveService ], New Value: [ RasMan ]
        Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control ], 
             Value Name: [ ActiveService ], New Value: [ TapiSrv ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME ], 
             Value Name: [ ComputerName ], Value: [ PC ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0303\4&2C5A7332&0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96B-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0400\4&2C5A7332&0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E978-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0501\1 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E978-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0700\4&2C5A7332&0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E969-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0A03\1 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0F13\4&2C5A7332&0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96F-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI_HAL\PNP0C08\0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\DISPLAY\DEFAULT_MONITOR\4&2946A9FF&0&11223344&00&02 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96E-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\IDE\CDROMQEMU_QEMU_CD-ROM________________________0.9.____\4D51303030302033202020202020202020202020 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E965-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\IDE\DISKQEMU_HARDDISK___________________________0.9.1___\4D51303030302031202020202020202020202020 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E967-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ISAPNP\READDATAPORT\0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\LPTENUM\MICROSOFTRAWPORT\5&34A37E9F&0&LPT1 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCIIDE\IDECHANNEL\4&3DE75EA&0&0 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCIIDE\IDECHANNEL\4&3DE75EA&0&1 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_1013&DEV_00B8&SUBSYS_00000000&REV_00\3&13C0B0C5&0&10 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E968-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ], 
             Value Name: [ DeviceDesc ], Value: [ Realtek RTL8029(AS)-based Ethernet Adapter (Generic) ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ], 
             Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0001 ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ], 
             Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0008 ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ], 
             Value Name: [ FriendlyName ], Value: [ Realtek RTL8029(AS)-based Ethernet Adapter (Generic) #2 ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_1237&SUBSYS_00000000&REV_02\3&13C0B0C5&0&00 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_7000&SUBSYS_00000000&REV_00\3&13C0B0C5&0&08 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_7010&SUBSYS_00000000&REV_00\3&13C0B0C5&0&09 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\ACPI_HAL\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E966-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\DMIO\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\FTDISK\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_AFD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_BEEP\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DMBOOT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DMLOAD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_FIPS\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_GPC\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_HTTP\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_IPNAT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_IPSEC\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_KSECDD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MNMDD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MOUNTMGR\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDISTAPI\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDISUIO\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDIS\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDPROXY\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NETBT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NULL\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_PARTMGR\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_PARVDM\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_RASACD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_RDPCDD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_TCPIP\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_VGASAVE\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_VOLSNAP\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WANARP\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMACM ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMDRV ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMMCI ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMVCD ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMVID ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_L2TPMINIPORT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ], 
             Value Name: [ DeviceDesc ], Value: [ WAN Miniport (IP) ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ], 
             Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0007 ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PPPOEMINIPORT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PPTPMINIPORT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PTIMINIPORT\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDPDR\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDP_KBD\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDP_MOU\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0000 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0001 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0002 ], 
             Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\STORAGE\VOLUME\1&30A96598&0&SIGNATUREB15FB15FOFFSET7E00LENGTH13F291800 ], 
             Value Name: [ ClassGUID ], Value: [ {71A27CDD-812A-11D0-BEC7-08002BE2092F} ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG ], 
             Value Name: [ ComputerName ], Value: [ PC ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
             Value Name: [ AutoBackupLogFiles ], Value: [ 0 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
             Value Name: [ File ], Value: [ %SystemRoot%\system32\config\AppEvent.Evt ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
             Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
             Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ], 
             Value Name: [ Retention ], Value: [ 604800 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
             Value Name: [ File ], Value: [ %SystemRoot%\System32\config\SecEvent.Evt ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
             Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
             Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ], 
             Value Name: [ Retention ], Value: [ 604800 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
             Value Name: [ File ], Value: [ %SystemRoot%\system32\config\SysEvent.Evt ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
             Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
             Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ], 
             Value Name: [ Retention ], Value: [ 604800 ], 4 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\PlugPlay ], 
             Value Name: [ PlugPlayServiceType ], Value: [ 3 ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RasMan\Enum ], 
             Value Name: [ 0 ], Value: [ Root\LEGACY_RASMAN\0000 ], 3 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RasMan\Enum ], 
             Value Name: [ Count ], Value: [ 1 ], 6 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RpcSs\Enum ], 
             Value Name: [ 0 ], Value: [ Root\LEGACY_RPCSS\0000 ], 1 time
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RpcSs\Enum ], 
             Value Name: [ Count ], Value: [ 1 ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\TapiSrv\Enum ], 
             Value Name: [ 0 ], Value: [ Root\LEGACY_TAPISRV\0000 ], 2 times
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\TapiSrv\Enum ], 
             Value Name: [ Count ], Value: [ 1 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Services\PlugPlay ], 
             Value Name: [ ObjectName ], Value: [ LocalSystem ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\RasMan ], 
             Value Name: [ ImagePath ], Value: [ %SystemRoot%\system32\svchost.exe -k netsvcs ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\RasMan ], 
             Value Name: [ ObjectName ], Value: [ LocalSystem ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\RpcSs ], 
             Value Name: [ ObjectName ], Value: [ NT AUTHORITY\NetworkService ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\TapiSrv ], 
             Value Name: [ ImagePath ], Value: [ %SystemRoot%\System32\svchost.exe -k netsvcs ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\TapiSrv ], 
             Value Name: [ ObjectName ], Value: [ LocalSystem ], 2 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG ], 
             Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 4 times


[=============================================================================]
    3.b) services.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\ntsvcs, Flags: Named pipe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File Name: [ C:\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER, Flags: Named pipe ]
        File Name: [ C:\WINDOWS\system32\config\SysEvent.Evt ]
        File Name: [ C:\ntsvcs, Flags: Named pipe ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
    File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File: [ C:\net\NtControlPipe4, Flags: Named pipe ], Control Code: [ 0x0011C017 ], 2 times
        File: [ C:\ntsvcs, Flags: Named pipe ], Control Code: [ 0x0011001C ], 4 times

Client Info:
https://*****ntent.alteriw.net/iw5m//iw5m-client/info.xml

HTTP Debug:

Code:

#    Result    Protocol    Host    URL    Body    Caching    Content-Type    Process    Comments    Custom    
4    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/iw5m.dll.lzma    0        application/octet-stream    altermw3:2232    [#4]         
5    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/iw5m.dll.lzma    696.051        application/octet-stream    altermw3:2232    [#5]         
6    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/iw5mp.exe.lzma    0        application/octet-stream    altermw3:2232    [#6]         
7    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/iw5mp.exe.lzma    2.144.288        application/octet-stream    altermw3:2232    [#7]         
8    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/libnp.dll.lzma    0        application/octet-stream    altermw3:2232    [#8]         
9    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/libnp.dll.lzma    230.959        application/octet-stream    altermw3:2232    [#9]         
10    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/steam_api.dll.lzma    0        application/octet-stream    altermw3:2232    [#10]         
11    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/steam_api.dll.lzma    986        application/octet-stream    altermw3:2232    [#11]         
12    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx.ff.lzma    0        application/octet-stream    altermw3:2232    [#12]         
13    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx.ff.lzma    1.359.920        application/octet-stream    altermw3:2232    [#13]         
14    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#14]         
15    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_post_gfx_mp.ff.lzma    231.061        application/octet-stream    altermw3:2232    [#15]         
16    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx.ff.lzma    0        application/octet-stream    altermw3:2232    [#16]         
17    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx.ff.lzma    4.086        application/octet-stream    altermw3:2232    [#17]         
18    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#18]         
19    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/code_pre_gfx_mp.ff.lzma    22.694        application/octet-stream    altermw3:2232    [#19]         
20    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_post_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#20]         
21    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_post_gfx_mp.ff.lzma    1.272.404        application/octet-stream    altermw3:2232    [#21]         
22    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_pre_gfx_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#22]         
23    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/localized_code_pre_gfx_mp.ff.lzma    22.102        application/octet-stream    altermw3:2232    [#23]         
24    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/localized_ui_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#24]         
25    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/localized_ui_mp.ff.lzma    1.563.367        application/octet-stream    altermw3:2232    [#25]         
26    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch.ff.lzma    0        application/octet-stream    altermw3:2232    [#26]         
27    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch.ff.lzma    86.695        application/octet-stream    altermw3:2232    [#27]         
28    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hamburg.ff.lzma    0        application/octet-stream    altermw3:2232    [#28]         
29    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hamburg.ff.lzma    2.876        application/octet-stream    altermw3:2232    [#29]         
30    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hijack.ff.lzma    0        application/octet-stream    altermw3:2232    [#30]         
31    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_hijack.ff.lzma    3.627        application/octet-stream    altermw3:2232    [#31]         
32    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_innocent.ff.lzma    0        application/octet-stream    altermw3:2232    [#32]         
33    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_innocent.ff.lzma    3.019        application/octet-stream    altermw3:2232    [#33]         
34    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_london.ff.lzma    0        application/octet-stream    altermw3:2232    [#34]         
35    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_london.ff.lzma    25.471        application/octet-stream    altermw3:2232    [#35]         
36    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#36]         
37    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp.ff.lzma    592.364        application/octet-stream    altermw3:2232    [#37]         
38    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_dome.ff.lzma    0        application/octet-stream    altermw3:2232    [#38]         
39    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_dome.ff.lzma    22.025        application/octet-stream    altermw3:2232    [#39]         
40    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_exchange.ff.lzma    0        application/octet-stream    altermw3:2232    [#40]         
41    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_exchange.ff.lzma    22.023        application/octet-stream    altermw3:2232    [#41]         
42    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_lambeth.ff.lzma    0        application/octet-stream    altermw3:2232    [#42]         
43    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_lambeth.ff.lzma    21.973        application/octet-stream    altermw3:2232    [#43]         
44    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_paris.ff.lzma    0        application/octet-stream    altermw3:2232    [#44]         
45    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_paris.ff.lzma    22.024        application/octet-stream    altermw3:2232    [#45]         
46    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_radar.ff.lzma    0        application/octet-stream    altermw3:2232    [#46]         
47    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_radar.ff.lzma    22.090        application/octet-stream    altermw3:2232    [#47]         
48    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_underground.ff.lzma    0        application/octet-stream    altermw3:2232    [#48]         
49    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_underground.ff.lzma    22.029        application/octet-stream    altermw3:2232    [#49]         
50    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_village.ff.lzma    0        application/octet-stream    altermw3:2232    [#50]         
51    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_mp_village.ff.lzma    21.973        application/octet-stream    altermw3:2232    [#51]         
52    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_paris_ac130.ff.lzma    0        application/octet-stream    altermw3:2232    [#52]         
53    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_paris_ac130.ff.lzma    58.108        application/octet-stream    altermw3:2232    [#53]         
54    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_prague_escape.ff.lzma    0        application/octet-stream    altermw3:2232    [#54]         
55    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_prague_escape.ff.lzma    7.507        application/octet-stream    altermw3:2232    [#55]         
56    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_ied_berlin.ff.lzma    0        application/octet-stream    altermw3:2232    [#56]         
57    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_ied_berlin.ff.lzma    7.537        application/octet-stream    altermw3:2232    [#57]         
58    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_littlebird_payback.ff.lzma    0        application/octet-stream    altermw3:2232    [#58]         
59    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_littlebird_payback.ff.lzma    156        application/octet-stream    altermw3:2232    [#59]         
60    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_bootleg.ff.lzma    0        application/octet-stream    altermw3:2232    [#60]         
61    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_bootleg.ff.lzma    872        application/octet-stream    altermw3:2232    [#61]         
62    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_dome.ff.lzma    0        application/octet-stream    altermw3:2232    [#62]         
63    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_dome.ff.lzma    603        application/octet-stream    altermw3:2232    [#63]         
64    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_village.ff.lzma    0        application/octet-stream    altermw3:2232    [#64]         
65    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_survival_mp_village.ff.lzma    351        application/octet-stream    altermw3:2232    [#65]         
66    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_zodiac2_ny_harbor.ff.lzma    0        application/octet-stream    altermw3:2232    [#66]         
67    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_so_zodiac2_ny_harbor.ff.lzma    869        application/octet-stream    altermw3:2232    [#67]         
68    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_specialops.ff.lzma    0        application/octet-stream    altermw3:2232    [#68]         
69    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_specialops.ff.lzma    84.220        application/octet-stream    altermw3:2232    [#69]         
70    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_berlin.ff.lzma    0        application/octet-stream    altermw3:2232    [#70]         
71    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_berlin.ff.lzma    315        application/octet-stream    altermw3:2232    [#71]         
72    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_intro.ff.lzma    0        application/octet-stream    altermw3:2232    [#72]         
73    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_intro.ff.lzma    1.223        application/octet-stream    altermw3:2232    [#73]         
74    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_harbor.ff.lzma    0        application/octet-stream    altermw3:2232    [#74]         
75    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_harbor.ff.lzma    1.239        application/octet-stream    altermw3:2232    [#75]         
76    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_manhattan.ff.lzma    0        application/octet-stream    altermw3:2232    [#76]         
77    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_ny_manhattan.ff.lzma    440        application/octet-stream    altermw3:2232    [#77]         
78    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_warlord.ff.lzma    0        application/octet-stream    altermw3:2232    [#78]         
79    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_sp_warlord.ff.lzma    131.830        application/octet-stream    altermw3:2232    [#79]         
80    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_survival.ff.lzma    0        application/octet-stream    altermw3:2232    [#80]         
81    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/patch_survival.ff.lzma    238.694        application/octet-stream    altermw3:2232    [#81]         
82    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/ui.ff.lzma    0        application/octet-stream    altermw3:2232    [#82]         
83    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/ui.ff.lzma    288.049        application/octet-stream    altermw3:2232    [#83]         
84    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/ui_mp.ff.lzma    0        application/octet-stream    altermw3:2232    [#84]         
85    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/zone/english/ui_mp.ff.lzma    22.554        application/octet-stream    altermw3:2232    [#85]         
86    200    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/main/iw_23.iwd.lzma    0        application/octet-stream    altermw3:2232    [#86]         
87    206    HTTP    *****ntent.alteriw.net    /iw5m//iw5m-client/main/iw_23.iwd.lzma    1.250.656        application/octet-stream    altermw3:2232    [#87]

Scans
aIW Client Decompiled.zip -
https://www.virustotal.com/file/113e...is/1328737077/

[lolbie]

aaappprrroovvveedddd

[onemoar]

lulz ......

[[MPGH]master131]

Nothing really interesting about it, just downloads the latest cache files and performs some file checks. If the versions don't match, it downloads the latest version.

[Anonymous..]

Nice! By the way, how did you decompile it? Seems interesing. :P

[Rkafisking]

Nice! By the way, how did you decompile it? Seems interesing. :P

aIW Client Decompiled.zip (169.7 KB, 39 views)

[House]

Nice! By the way, how did you decompile it? Seems interesing. :P

Obviously with a decompiler

[Jorndel]

Obviously with a decompiler

Suppose he used IDA.

[majeric]

I tried to decompile it with .NET Reflector, but when I open it in VS as a Solution I cannot debug it directly like yours. I think there is no need to state that I'm beginner but I like to search through the code, so I would be glad if you tell me how to do that. Thanks!

[misshoneybee]

Obviously with a decompiler

would be really happy If you could post a tut on how you decompiled it so errorless

[Jorndel]

would be really happy If you could post a tut on how you decompiled it so errorless

You would need to have the right programs.
And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.

But try to find IDA, it's a good decompiler.
But you would need some coding knowledge to be able to do this anyway.
Not just press Decompile and select the file.

Needs some more knowledge.


Me myself never had the big interest in decompiling others work.
I just do it for security reasons. (Or if there is something that I see that I would know how works.)

[House]

You would need to have the right programs.
And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.

But try to find IDA, it's a good decompiler.
But you would need some coding knowledge to be able to do this anyway.
Not just press Decompile and select the file.

Needs some more knowledge.


Me myself never had the big interest in decompiling others work.
I just do it for security reasons. (Or if there is something that I see that I would know how works.)

IDA = disassembler and debugger
.NET Reflector = .NET decompiler and assembly browser (this has been done using it)

...go figure

[majeric]

As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.

[Jorndel]

As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.

Well, what you need to know?
Open the file you want to read.
Press the + next to it.

And then you press the + on the one named the same as the first item in the list you pressed.
Then you look there.

PS: You need to know an language ofc.

[House]

As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.

The code from decompiling will never be 100% correct so you need some of programming experience to correct it ... also this particular project contains .NET reference which has to be added to the project