Home › Forum › MultiPlayer Game Hacks & Cheats › Call of Duty Hacks & Cheats › Call of Duty 8 - Modern Warfare 3 (MW3) Hacks & Cheats › Call of Duty Modern Warfare 3 Private Server Hacks › alterMW3 Client Decompiled + Analysis
alterMW3 Client Decompiled + Analysis
alterMW3 Client Decompiled + Analysis
Had some spare time and Decompiled aiwmw3 client in C#... got it errorless with halp of @jariz ... also did some analysis of network and registry that is being edited .. this is could help guys who want to build their little tools or learn some code or smd
Client Info:
http://*****ntent.alteriw.net/iw5m//iw5m-client/info.xml
HTTP Debug:
Scans
aIW Client Decompiled.zip -
https://www.virustotal.com/file/113e...is/1328737077/
Code:
Analysis Reason: Primary Analysis Subject
Filename: alterMW3.e.exe
MD5: 1dd78280faf6ba82d0c56d1089623721
SHA-1: a18dfe9985263fd1d2cea4e1f618eba237190b24
File Size: 456704 Bytes
Process-status
at analysis end: alive
Exit Code: 0
[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\mscoree.dll ],
Base Address: [0x79000000 ], Size: [0x0004A000 ]
Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ],
Base Address: [0x603B0000 ], Size: [0x00066000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ],
Base Address: [0x79E70000 ], Size: [0x0058F000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
Base Address: [0x78130000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\shell32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ],
Base Address: [0x790C0000 ], Size: [0x00B36000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ],
Base Address: [0x79060000 ], Size: [0x00056000 ]
Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ],
Base Address: [0x60340000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\rsaenh.dll ],
Base Address: [0x68000000 ], Size: [0x00036000 ]
Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ],
Base Address: [0x7A440000 ], Size: [0x007EA000 ]
Module Name: [ C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ],
Base Address: [0x6D990000 ], Size: [0x00026000 ]
Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll ],
Base Address: [0x637A0000 ], Size: [0x00588000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\b4770b4e285d48c83f725266ceb02598\System.Core.ni.dll ],
Base Address: [0x6C190000 ], Size: [0x00244000 ]
Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll ],
Base Address: [0x64890000 ], Size: [0x000FC000 ]
Module Name: [ C:\WINDOWS\system32\rasapi32.dll ],
Base Address: [0x76EE0000 ], Size: [0x0003C000 ]
Module Name: [ C:\WINDOWS\system32\rasman.dll ],
Base Address: [0x76E90000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
Base Address: [0x5B860000 ], Size: [0x00055000 ]
Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
Base Address: [0x71AB0000 ], Size: [0x00017000 ]
Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
Base Address: [0x71AA0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
Base Address: [0x76E80000 ], Size: [0x0000E000 ]
Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
Base Address: [0x76B40000 ], Size: [0x0002D000 ]
Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
Base Address: [0x71A50000 ], Size: [0x0003F000 ]
Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
Base Address: [0x662B0000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
Base Address: [0x71A90000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\msv1_0.dll ],
Base Address: [0x77C70000 ], Size: [0x00024000 ]
Module Name: [ C:\WINDOWS\system32\iphlpapi.dll ],
Base Address: [0x76D60000 ], Size: [0x00019000 ]
Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
Base Address: [0x76F20000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\System32\winrnr.dll ],
Base Address: [0x76FB0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
Base Address: [0x76F60000 ], Size: [0x0002C000 ]
Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
Base Address: [0x76FC0000 ], Size: [0x00006000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\browseui.dll ],
Base Address: [0x75F80000 ], Size: [0x000FD000 ]
Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
Base Address: [0x03360000 ], Size: [0x002C5000 ]
Module Name: [ C:\WINDOWS\system32\browselc.dll ],
Base Address: [0x71600000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
[=============================================================================]
2.a) alterMW3.e.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\Software\Classes ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
Key: [ HKLM\Software\Classes\CLSID ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections ],
Watch subtree: [ 1 ], Notify Filter: [ Value Change ], 1 time
[=============================================================================]
2.b) alterMW3.e.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Program Files\Common Files\9C40EE6610F10C90725B49422C8BB406F5CACF92.cpart ]
File Name: [ C:\Program Files\Common Files\DBNetwork.Indigo.SxS.log ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\Config\machine.config ]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config ]
File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ]
File Name: [ C:\WINDOWS\system32\rsaenh.dll ]
File Name: [ PIPE\ROUTER ]
File Name: [ PIPE\lsarpc ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Program Files\Common Files\9C40EE6610F10C90725B49422C8BB406F5CACF92.cpart ]
File Name: [ C:\Program Files\Common Files\DBNetwork.Indigo.SxS.log ]
File Name: [ Ip ]
File Name: [ PIPE\ROUTER ]
File Name: [ PIPE\lsarpc ]
File Name: [ \Device\Afd\Endpoint ]
File Name: [ \Device\Ip ]
File Name: [ \Device\NetBT_Tcpip_{1AD45B38-4060-4F73-BB1E-A0439A2D97EB} ]
File Name: [ \Device\RasAcd ]
File Name: [ \Device\Tcp ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 7 times
File: [ PIPE\ROUTER ], Control Code: [ 0x0011C017 ], 3 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 13 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 3 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 4 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_EVENT_SELECT (0x00012087) ], 2 times
File: [ \Device\Tcp ], Control Code: [ 0x00120003 ], 72 times
File: [ \Device\Ip ], Control Code: [ 0x00120040 ], 10 times
File: [ \Device\Ip ], Control Code: [ 0x00120090 ], 4 times
File: [ \Device\NetBT_Tcpip_{1AD45B38-4060-4F73-BB1E-A0439A2D97EB} ], Control Code: [ 0x0021009A ], 4 times
File: [ \Device\RasAcd ], Control Code: [ 0x00F14014 ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 4 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 95 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 3 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll ]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ]
File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ]
File Name: [ C:\WINDOWS\System32\winrnr.dll ]
File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ]
File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp ]
File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp ]
File Name: [ C:\WINDOWS\assembly\GAC_MSIL\System.Xml.Linq\3.5.0.0__b77a5c561934e089\System.Xml.Linq.dll ]
File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Configuration\6249efaeae79679f5d909d727b1efe47\System.Configuration.ni.dll ]
File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Core\b4770b4e285d48c83f725266ceb02598\System.Core.ni.dll ]
File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System.Xml\139ba31a8024c79b1e1e6af19b6908be\System.Xml.ni.dll ]
File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ]
File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ]
File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ]
File Name: [ C:\WINDOWS\system32\COMRes.dll ]
File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
File Name: [ C:\WINDOWS\system32\WINMM.dll ]
File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
File Name: [ C:\WINDOWS\system32\browselc.dll ]
File Name: [ C:\WINDOWS\system32\browseui.dll ]
File Name: [ C:\WINDOWS\system32\comctl32.dll ]
File Name: [ C:\WINDOWS\system32\crypt32.dll ]
File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
File Name: [ C:\WINDOWS\system32\imm32.dll ]
File Name: [ C:\WINDOWS\system32\iphlpapi.dll ]
File Name: [ C:\WINDOWS\system32\l_intl.nls ]
File Name: [ C:\WINDOWS\system32\mscoree.dll ]
File Name: [ C:\WINDOWS\system32\msv1_0.dll ]
File Name: [ C:\WINDOWS\system32\mswsock.dll ]
File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
File Name: [ C:\WINDOWS\system32\rasapi32.dll ]
File Name: [ C:\WINDOWS\system32\rasman.dll ]
File Name: [ C:\WINDOWS\system32\rpcss.dll ]
File Name: [ C:\WINDOWS\system32\rsaenh.dll ]
File Name: [ C:\WINDOWS\system32\rtutils.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\winlogon.exe ]
File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]
File Name: [ C:\alterMW3.e.exe ]
[=============================================================================]
2.c) alterMW3.e.exe - Windows Service Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Services Started:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Service: [ RASMAN ]
[=============================================================================]
2.d) alterMW3.e.exe - Network Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
DNS Queries:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Name: [ e.content.alteriw.net ], Query Type: [ DNS_TYPE_A ],
Query Result: [ 109.163.230.23 ], Successful: [ YES ], Protocol: [ udp ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
HTTP Conversations:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
From ANUBIS:1029 to 109.163.230.23:80 - [ e.content.alteriw.net ]
Request: [ GET /iw5m//caches.xml ], Response: [ 200 "OK" ]
Request: [ GET /iw5m//iw5m-client/info.xml ], Response: [ 200 "OK" ]
Request: [ HEAD /iw5m//iw5m-client/iw5m.dll.lzma ], Response: [ 200 "OK" ]
Request: [ GET /iw5m//iw5m-client/iw5m.dll.lzma ], Response: [ 206 "Partial Content" ]
[=============================================================================]
2.e) alterMW3.e.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]
Mutex: [ DBWinMutex ]
Mutex: [ Global\.net clr networking ]
Mutex: [ MSCTF.Shared.MUTEX.IFG ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Windows SEH exceptions:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Description: [ Exception 0xe06d7363 at 0x7c812aeb ], 2 times
Description: [ Exception 0x40010006 at 0x7c812aeb ], 1 time
[#############################################################################]
3. services.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: A service was started.
Filename: services.exe
MD5: 0e776ed5f7cc9f94299e70461b7b8185
SHA-1: cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
File Size: 108544 Bytes
Command Line: C:\WINDOWS\system32\services.exe
Process-status
at analysis end: alive
Exit Code: 0
[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\NCObjAPI.DLL ],
Base Address: [0x5F770000 ], Size: [0x0000C000 ]
Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ],
Base Address: [0x76080000 ], Size: [0x00065000 ]
Module Name: [ C:\WINDOWS\system32\SCESRV.dll ],
Base Address: [0x7DBD0000 ], Size: [0x00051000 ]
Module Name: [ C:\WINDOWS\system32\AUTHZ.dll ],
Base Address: [0x776C0000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
Base Address: [0x769C0000 ], Size: [0x000B4000 ]
Module Name: [ C:\WINDOWS\system32\umpnpmgr.dll ],
Base Address: [0x7DBA0000 ], Size: [0x00021000 ]
Module Name: [ C:\WINDOWS\system32\WINSTA.dll ],
Base Address: [0x76360000 ], Size: [0x00010000 ]
Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
Base Address: [0x5B860000 ], Size: [0x00055000 ]
Module Name: [ C:\WINDOWS\system32\ShimEng.dll ],
Base Address: [0x5CB70000 ], Size: [0x00026000 ]
Module Name: [ C:\WINDOWS\AppPatch\AcAdProc.dll ],
Base Address: [0x47260000 ], Size: [0x0000F000 ]
Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\eventlog.dll ],
Base Address: [0x77B70000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
Base Address: [0x71AB0000 ], Size: [0x00017000 ]
Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
Base Address: [0x71AA0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\wtsapi32.dll ],
Base Address: [0x76F50000 ], Size: [0x00008000 ]
[=============================================================================]
3.a) services.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Keys Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control ]
Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ],
Value Name: [ Sources ], New Value: [ 0x4d006900630072006f0073006f0066007400200048002e00330032003300 ]
Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_RASMAN\0000\Control ],
Value Name: [ ActiveService ], New Value: [ RasMan ]
Key: [ HKLM\System\CurrentControlSet\Enum\Root\LEGACY_TAPISRV\0000\Control ],
Value Name: [ ActiveService ], New Value: [ TapiSrv ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SYSTEM\CONTROLSET001\CONTROL\COMPUTERNAME\ACTIVECOMPUTERNAME ],
Value Name: [ ComputerName ], Value: [ PC ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0303\4&2C5A7332&0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E96B-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0400\4&2C5A7332&0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E978-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0501\1 ],
Value Name: [ ClassGUID ], Value: [ {4D36E978-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0700\4&2C5A7332&0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E969-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0A03\1 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI\PNP0F13\4&2C5A7332&0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E96F-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ACPI_HAL\PNP0C08\0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\DISPLAY\DEFAULT_MONITOR\4&2946A9FF&0&11223344&00&02 ],
Value Name: [ ClassGUID ], Value: [ {4D36E96E-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\IDE\CDROMQEMU_QEMU_CD-ROM________________________0.9.____\4D51303030302033202020202020202020202020 ],
Value Name: [ ClassGUID ], Value: [ {4D36E965-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\IDE\DISKQEMU_HARDDISK___________________________0.9.1___\4D51303030302031202020202020202020202020 ],
Value Name: [ ClassGUID ], Value: [ {4D36E967-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ISAPNP\READDATAPORT\0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\LPTENUM\MICROSOFTRAWPORT\5&34A37E9F&0&LPT1 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCIIDE\IDECHANNEL\4&3DE75EA&0&0 ],
Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCIIDE\IDECHANNEL\4&3DE75EA&0&1 ],
Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_1013&DEV_00B8&SUBSYS_00000000&REV_00\3&13C0B0C5&0&10 ],
Value Name: [ ClassGUID ], Value: [ {4D36E968-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ],
Value Name: [ DeviceDesc ], Value: [ Realtek RTL8029(AS)-based Ethernet Adapter (Generic) ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_00000000&REV_00\3&13C0B0C5&0&18 ],
Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0001 ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ],
Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0008 ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_10EC&DEV_8029&SUBSYS_11001AF4&REV_00\3&13C0B0C5&0&18 ],
Value Name: [ FriendlyName ], Value: [ Realtek RTL8029(AS)-based Ethernet Adapter (Generic) #2 ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_1237&SUBSYS_00000000&REV_02\3&13C0B0C5&0&00 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_7000&SUBSYS_00000000&REV_00\3&13C0B0C5&0&08 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\PCI\VEN_8086&DEV_7010&SUBSYS_00000000&REV_00\3&13C0B0C5&0&09 ],
Value Name: [ ClassGUID ], Value: [ {4D36E96A-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\ACPI_HAL\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E966-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\DMIO\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\FTDISK\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_AFD\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_BEEP\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DMBOOT\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_DMLOAD\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_FIPS\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_GPC\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_HTTP\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_IPNAT\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_IPSEC\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_KSECDD\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MNMDD\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_MOUNTMGR\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDISTAPI\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDISUIO\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDIS\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NDPROXY\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NETBT\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_NULL\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_PARTMGR\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_PARVDM\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_RASACD\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_RDPCDD\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_TCPIP\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_VGASAVE\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_VOLSNAP\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\LEGACY_WANARP\0000 ],
Value Name: [ ClassGUID ], Value: [ {8ECC055D-047F-11D1-A537-0000F8753ED1} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMACM ],
Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMDRV ],
Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMMCI ],
Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMVCD ],
Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MEDIA\MS_MMVID ],
Value Name: [ ClassGUID ], Value: [ {4D36E96C-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_L2TPMINIPORT\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ],
Value Name: [ DeviceDesc ], Value: [ WAN Miniport (IP) ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_NDISWANIP\0000 ],
Value Name: [ Driver ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318}\0007 ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PPPOEMINIPORT\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PPTPMINIPORT\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\MS_PTIMINIPORT\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E972-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDPDR\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDP_KBD\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\RDP_MOU\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0000 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0001 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\ROOT\SYSTEM\0002 ],
Value Name: [ ClassGUID ], Value: [ {4D36E97D-E325-11CE-BFC1-08002BE10318} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\ENUM\STORAGE\VOLUME\1&30A96598&0&SIGNATUREB15FB15FOFFSET7E00LENGTH13F291800 ],
Value Name: [ ClassGUID ], Value: [ {71A27CDD-812A-11D0-BEC7-08002BE2092F} ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG ],
Value Name: [ ComputerName ], Value: [ PC ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ],
Value Name: [ AutoBackupLogFiles ], Value: [ 0 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ],
Value Name: [ File ], Value: [ %SystemRoot%\system32\config\AppEvent.Evt ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ],
Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ],
Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Application ],
Value Name: [ Retention ], Value: [ 604800 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ],
Value Name: [ File ], Value: [ %SystemRoot%\System32\config\SecEvent.Evt ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ],
Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ],
Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\Security ],
Value Name: [ Retention ], Value: [ 604800 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ],
Value Name: [ File ], Value: [ %SystemRoot%\system32\config\SysEvent.Evt ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ],
Value Name: [ Maxsize ], Value: [ 524288 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ],
Value Name: [ RestrictGuestAccess ], Value: [ 1 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG\System ],
Value Name: [ Retention ], Value: [ 604800 ], 4 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\PlugPlay ],
Value Name: [ PlugPlayServiceType ], Value: [ 3 ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RasMan\Enum ],
Value Name: [ 0 ], Value: [ Root\LEGACY_RASMAN\0000 ], 3 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RasMan\Enum ],
Value Name: [ Count ], Value: [ 1 ], 6 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RpcSs\Enum ],
Value Name: [ 0 ], Value: [ Root\LEGACY_RPCSS\0000 ], 1 time
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\RpcSs\Enum ],
Value Name: [ Count ], Value: [ 1 ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\TapiSrv\Enum ],
Value Name: [ 0 ], Value: [ Root\LEGACY_TAPISRV\0000 ], 2 times
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\TapiSrv\Enum ],
Value Name: [ Count ], Value: [ 1 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\PlugPlay ],
Value Name: [ ObjectName ], Value: [ LocalSystem ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\RasMan ],
Value Name: [ ImagePath ], Value: [ %SystemRoot%\system32\svchost.exe -k netsvcs ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\RasMan ],
Value Name: [ ObjectName ], Value: [ LocalSystem ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\RpcSs ],
Value Name: [ ObjectName ], Value: [ NT AUTHORITY\NetworkService ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\TapiSrv ],
Value Name: [ ImagePath ], Value: [ %SystemRoot%\System32\svchost.exe -k netsvcs ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\TapiSrv ],
Value Name: [ ObjectName ], Value: [ LocalSystem ], 2 times
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SYSTEM\CONTROLSET001\SERVICES\EVENTLOG ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 4 times
[=============================================================================]
3.b) services.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\ntsvcs, Flags: Named pipe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\PIPE_EVENTROOT\CIMV2SCM EVENT PROVIDER, Flags: Named pipe ]
File Name: [ C:\WINDOWS\system32\config\SysEvent.Evt ]
File Name: [ C:\ntsvcs, Flags: Named pipe ]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C:\net\NtControlPipe4, Flags: Named pipe ], Control Code: [ 0x0011C017 ], 2 times
File: [ C:\ntsvcs, Flags: Named pipe ], Control Code: [ 0x0011001C ], 4 times
http://*****ntent.alteriw.net/iw5m//iw5m-client/info.xml
HTTP Debug:
Code:
# Result Protocol Host URL Body Caching Content-Type Process Comments Custom 4 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/iw5m.dll.lzma 0 application/octet-stream altermw3:2232 [#4] 5 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/iw5m.dll.lzma 696.051 application/octet-stream altermw3:2232 [#5] 6 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/iw5mp.exe.lzma 0 application/octet-stream altermw3:2232 [#6] 7 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/iw5mp.exe.lzma 2.144.288 application/octet-stream altermw3:2232 [#7] 8 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/libnp.dll.lzma 0 application/octet-stream altermw3:2232 [#8] 9 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/libnp.dll.lzma 230.959 application/octet-stream altermw3:2232 [#9] 10 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/steam_api.dll.lzma 0 application/octet-stream altermw3:2232 [#10] 11 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/steam_api.dll.lzma 986 application/octet-stream altermw3:2232 [#11] 12 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_post_gfx.ff.lzma 0 application/octet-stream altermw3:2232 [#12] 13 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_post_gfx.ff.lzma 1.359.920 application/octet-stream altermw3:2232 [#13] 14 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_post_gfx_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#14] 15 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_post_gfx_mp.ff.lzma 231.061 application/octet-stream altermw3:2232 [#15] 16 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_pre_gfx.ff.lzma 0 application/octet-stream altermw3:2232 [#16] 17 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_pre_gfx.ff.lzma 4.086 application/octet-stream altermw3:2232 [#17] 18 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_pre_gfx_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#18] 19 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/code_pre_gfx_mp.ff.lzma 22.694 application/octet-stream altermw3:2232 [#19] 20 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/localized_code_post_gfx_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#20] 21 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/localized_code_post_gfx_mp.ff.lzma 1.272.404 application/octet-stream altermw3:2232 [#21] 22 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/localized_code_pre_gfx_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#22] 23 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/localized_code_pre_gfx_mp.ff.lzma 22.102 application/octet-stream altermw3:2232 [#23] 24 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/localized_ui_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#24] 25 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/localized_ui_mp.ff.lzma 1.563.367 application/octet-stream altermw3:2232 [#25] 26 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch.ff.lzma 0 application/octet-stream altermw3:2232 [#26] 27 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch.ff.lzma 86.695 application/octet-stream altermw3:2232 [#27] 28 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_hamburg.ff.lzma 0 application/octet-stream altermw3:2232 [#28] 29 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_hamburg.ff.lzma 2.876 application/octet-stream altermw3:2232 [#29] 30 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_hijack.ff.lzma 0 application/octet-stream altermw3:2232 [#30] 31 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_hijack.ff.lzma 3.627 application/octet-stream altermw3:2232 [#31] 32 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_innocent.ff.lzma 0 application/octet-stream altermw3:2232 [#32] 33 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_innocent.ff.lzma 3.019 application/octet-stream altermw3:2232 [#33] 34 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_london.ff.lzma 0 application/octet-stream altermw3:2232 [#34] 35 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_london.ff.lzma 25.471 application/octet-stream altermw3:2232 [#35] 36 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#36] 37 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp.ff.lzma 592.364 application/octet-stream altermw3:2232 [#37] 38 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_dome.ff.lzma 0 application/octet-stream altermw3:2232 [#38] 39 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_dome.ff.lzma 22.025 application/octet-stream altermw3:2232 [#39] 40 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_exchange.ff.lzma 0 application/octet-stream altermw3:2232 [#40] 41 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_exchange.ff.lzma 22.023 application/octet-stream altermw3:2232 [#41] 42 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_lambeth.ff.lzma 0 application/octet-stream altermw3:2232 [#42] 43 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_lambeth.ff.lzma 21.973 application/octet-stream altermw3:2232 [#43] 44 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_paris.ff.lzma 0 application/octet-stream altermw3:2232 [#44] 45 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_paris.ff.lzma 22.024 application/octet-stream altermw3:2232 [#45] 46 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_radar.ff.lzma 0 application/octet-stream altermw3:2232 [#46] 47 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_radar.ff.lzma 22.090 application/octet-stream altermw3:2232 [#47] 48 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_underground.ff.lzma 0 application/octet-stream altermw3:2232 [#48] 49 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_underground.ff.lzma 22.029 application/octet-stream altermw3:2232 [#49] 50 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_village.ff.lzma 0 application/octet-stream altermw3:2232 [#50] 51 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_mp_village.ff.lzma 21.973 application/octet-stream altermw3:2232 [#51] 52 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_paris_ac130.ff.lzma 0 application/octet-stream altermw3:2232 [#52] 53 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_paris_ac130.ff.lzma 58.108 application/octet-stream altermw3:2232 [#53] 54 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_prague_escape.ff.lzma 0 application/octet-stream altermw3:2232 [#54] 55 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_prague_escape.ff.lzma 7.507 application/octet-stream altermw3:2232 [#55] 56 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_ied_berlin.ff.lzma 0 application/octet-stream altermw3:2232 [#56] 57 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_ied_berlin.ff.lzma 7.537 application/octet-stream altermw3:2232 [#57] 58 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_littlebird_payback.ff.lzma 0 application/octet-stream altermw3:2232 [#58] 59 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_littlebird_payback.ff.lzma 156 application/octet-stream altermw3:2232 [#59] 60 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_survival_mp_bootleg.ff.lzma 0 application/octet-stream altermw3:2232 [#60] 61 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_survival_mp_bootleg.ff.lzma 872 application/octet-stream altermw3:2232 [#61] 62 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_survival_mp_dome.ff.lzma 0 application/octet-stream altermw3:2232 [#62] 63 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_survival_mp_dome.ff.lzma 603 application/octet-stream altermw3:2232 [#63] 64 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_survival_mp_village.ff.lzma 0 application/octet-stream altermw3:2232 [#64] 65 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_survival_mp_village.ff.lzma 351 application/octet-stream altermw3:2232 [#65] 66 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_zodiac2_ny_harbor.ff.lzma 0 application/octet-stream altermw3:2232 [#66] 67 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_so_zodiac2_ny_harbor.ff.lzma 869 application/octet-stream altermw3:2232 [#67] 68 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_specialops.ff.lzma 0 application/octet-stream altermw3:2232 [#68] 69 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_specialops.ff.lzma 84.220 application/octet-stream altermw3:2232 [#69] 70 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_berlin.ff.lzma 0 application/octet-stream altermw3:2232 [#70] 71 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_berlin.ff.lzma 315 application/octet-stream altermw3:2232 [#71] 72 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_intro.ff.lzma 0 application/octet-stream altermw3:2232 [#72] 73 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_intro.ff.lzma 1.223 application/octet-stream altermw3:2232 [#73] 74 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_ny_harbor.ff.lzma 0 application/octet-stream altermw3:2232 [#74] 75 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_ny_harbor.ff.lzma 1.239 application/octet-stream altermw3:2232 [#75] 76 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_ny_manhattan.ff.lzma 0 application/octet-stream altermw3:2232 [#76] 77 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_ny_manhattan.ff.lzma 440 application/octet-stream altermw3:2232 [#77] 78 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_warlord.ff.lzma 0 application/octet-stream altermw3:2232 [#78] 79 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_sp_warlord.ff.lzma 131.830 application/octet-stream altermw3:2232 [#79] 80 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_survival.ff.lzma 0 application/octet-stream altermw3:2232 [#80] 81 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/patch_survival.ff.lzma 238.694 application/octet-stream altermw3:2232 [#81] 82 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/ui.ff.lzma 0 application/octet-stream altermw3:2232 [#82] 83 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/ui.ff.lzma 288.049 application/octet-stream altermw3:2232 [#83] 84 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/ui_mp.ff.lzma 0 application/octet-stream altermw3:2232 [#84] 85 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/zone/english/ui_mp.ff.lzma 22.554 application/octet-stream altermw3:2232 [#85] 86 200 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/main/iw_23.iwd.lzma 0 application/octet-stream altermw3:2232 [#86] 87 206 HTTP *****ntent.alteriw.net /iw5m//iw5m-client/main/iw_23.iwd.lzma 1.250.656 application/octet-stream altermw3:2232 [#87]
aIW Client Decompiled.zip -
https://www.virustotal.com/file/113e...is/1328737077/
aaappprrroovvveedddd
lulz ......
Nothing really interesting about it, just downloads the latest cache files and performs some file checks. If the versions don't match, it downloads the latest version.
Nice! By the way, how did you decompile it? Seems interesing. :P
Originally Posted by Anonymous..
Nice! By the way, how did you decompile it? Seems interesing. :P
Originally Posted by Anonymous..
Nice! By the way, how did you decompile it? Seems interesing. :P
Originally Posted by House
Obviously with a decompiler
I tried to decompile it with .NET Reflector, but when I open it in VS as a Solution I cannot debug it directly like yours. I think there is no need to state that I'm beginner but I like to search through the code, so I would be glad if you tell me how to do that. Thanks!
Originally Posted by House
Obviously with a decompiler
Originally Posted by misshoneybee
would be really happy If you could post a tut on how you decompiled it so errorless
And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.
But try to find IDA, it's a good decompiler.
But you would need some coding knowledge to be able to do this anyway.
Not just press Decompile and select the file.
Needs some more knowledge.
Me myself never had the big interest in decompiling others work.
I just do it for security reasons. (Or if there is something that I see that I would know how works.)
Originally Posted by Jorndel
You would need to have the right programs.
And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.
But try to find IDA, it's a good decompiler.
But you would need some coding knowledge to be able to do this anyway.
Not just press Decompile and select the file.
Needs some more knowledge.
Me myself never had the big interest in decompiling others work.
I just do it for security reasons. (Or if there is something that I see that I would know how works.)
And I am almost sure that they have compiled the source so you can't use the free decompiles to decompile it.
But try to find IDA, it's a good decompiler.
But you would need some coding knowledge to be able to do this anyway.
Not just press Decompile and select the file.
Needs some more knowledge.
Me myself never had the big interest in decompiling others work.
I just do it for security reasons. (Or if there is something that I see that I would know how works.)
.NET Reflector = .NET decompiler and assembly browser (this has been done using it)
...go figure
As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.
Originally Posted by majeric
As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.
Open the file you want to read.
Press the + next to it.
And then you press the + on the one named the same as the first item in the list you pressed.
Then you look there.
PS: You need to know an language ofc.
Originally Posted by majeric
As I said, I used .NET Reflector (original cracked version from tbp), but when I open it in VS as a solution and debug it right away I get error, but yours is doing just fine. What am I doing wrong? Is it like Jorndel said that some more knowledge is needed than just that? In that case I'm not going to bug you anymore.
Similar Threads
- 25Last post
- 5Last post
- 6Last post
- 10Last post