JMC31337 Posted December 23, 2013 Posted December 23, 2013 (edited) while cruising around China (looking for setcsum.exe to reset the tcpip.sys checksum), enjoying the scenery and attractions, (damn those chinese women are sexy ) i was redirected to a web site saying YOUR PC IS INFECTED! In Chinese... even the download exe under chrome was in Chinese.. we all know the one: Your redirected to a site and it scrolls through about a 1000 list of trojans and the number increases by the second syaing your PC is infected with 100's of malware and you need this program to remove them so i downloaded the exe and rar'd it up pass:infected Havent had the time to really go through this exe.... and it may not even be a virus (they could have switched the exe back to a non infected sample) no sooner than they sent the first one, or the NSA couldve hijacked the outgoing connections and redirected me to a server making me think it was Chinese but.. the exe is here if someone gets to it before i do, and determines that its not FAKE AV; let me know and ill have the Moderator delete this topic otherwise.... first time i've ever seen a Fake AV in China thank you China! .. you do great things for me and I appreciate itkhsajsf_30282.rar Edited December 23, 2013 by JMC31337
JMC31337 Posted December 23, 2013 Author Posted December 23, 2013 (edited) heres the Anubis text report: ___ __ _ + /- / | ____ __ __/ /_ (_)____ -\ + /s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\ oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs -:+hhdhyys/- -\syyhdhh+:- -//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\- /++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\ -+++///////odh/- -+hdo\\\\\\\+++- +++++++++//yy+/: :\+yy\\+++++++++ /+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\ +oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+ +oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+ [#############################################################################] Analysis Report for khsajsf_30282.exe MD5: ade704c557f2e1a2e8881910ae42bf57 [#############################################################################] [=============================================================================] Table of Contents [=============================================================================] - General information - khsajsf_30.exe a) Registry Activities File Activities c) Other Activities [#############################################################################] 1. General Information [#############################################################################] [=============================================================================] Information about Anubis' invocation [=============================================================================] Time needed: 119 s Report created: 12/23/13, 13:55:43 UTC Termination reason: All tracked processes have exited Program version: 1.76.3886 [=============================================================================] Popups [=============================================================================] Process: 0 Window Name: unpacking data: 13% Displayed Times: 1 Window Text: 0 [=============================================================================] Global Network Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] DNS Queries: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Name: [ p.x.baidu.com ], Query Type: [ DNS_TYPE_A ], Query Result: [ ], Successful: [ 0 ], Protocol: [ udp ] [#############################################################################] 2. khsajsf_30.exe [#############################################################################] [=============================================================================] General information about this executable [=============================================================================] Analysis Reason: Primary Analysis Subject Filename: khsajsf_30.exe MD5: ade704c557f2e1a2e8881910ae42bf57 SHA-1: 3bd62ae7c36d4dab1141e28975afc52885ff1046 File Size: 1970376 Bytes Command Line: "C:\khsajsf_30.exe" Process-status at analysis end: dead Exit Code: 0 [=============================================================================] Load-time Dlls [=============================================================================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\kernel32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\SHELL32.dll ], Base Address: [0x7C9C0000 ], Size: [0x00817000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ], Base Address: [0x773D0000 ], Size: [0x00103000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] [=============================================================================] Run-time Dlls [=============================================================================] Module Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMSkin.dll ], Base Address: [0x012C0000 ], Size: [0x00157000 ] Module Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMNetGetInfo.dll ], Base Address: [0x01E80000 ], Size: [0x00044000 ] Module Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\tmpqklee9.dll ], Base Address: [0x10000000 ], Size: [0x002B4000 ] Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ], Base Address: [0x4EC50000 ], Size: [0x001A6000 ] Module Name: [ C:\WINDOWS\system32\dbghelp.dll ], Base Address: [0x59A60000 ], Size: [0x000A1000 ] Module Name: [ C:\WINDOWS\system32\UxTheme.dll ], Base Address: [0x5AD70000 ], Size: [0x00038000 ] Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ], Base Address: [0x5B860000 ], Size: [0x00055000 ] Module Name: [ C:\WINDOWS\System32\mswsock.dll ], Base Address: [0x71A50000 ], Size: [0x0003F000 ] Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ], Base Address: [0x71AA0000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\WS2_32.dll ], Base Address: [0x71AB0000 ], Size: [0x00017000 ] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\system32\RichEd20.dll ], Base Address: [0x74E30000 ], Size: [0x0006D000 ] Module Name: [ C:\WINDOWS\system32\browseui.dll ], Base Address: [0x75F80000 ], Size: [0x000FD000 ] Module Name: [ C:\WINDOWS\system32\msimg32.dll ], Base Address: [0x76380000 ], Size: [0x00005000 ] Module Name: [ C:\WINDOWS\system32\SHFOLDER.dll ], Base Address: [0x76780000 ], Size: [0x00009000 ] Module Name: [ C:\WINDOWS\system32\WINMM.dll ], Base Address: [0x76B40000 ], Size: [0x0002D000 ] Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ], Base Address: [0x76BF0000 ], Size: [0x0000B000 ] Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ], Base Address: [0x76F20000 ], Size: [0x00027000 ] Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ], Base Address: [0x76F60000 ], Size: [0x0002C000 ] Module Name: [ C:\WINDOWS\System32\winrnr.dll ], Base Address: [0x76FB0000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ], Base Address: [0x76FD0000 ], Size: [0x0007F000 ] Module Name: [ C:\WINDOWS\system32\COMRes.dll ], Base Address: [0x77050000 ], Size: [0x000C5000 ] Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ], Base Address: [0x77120000 ], Size: [0x0008B000 ] Module Name: [ C:\WINDOWS\system32\WININET.dll ], Base Address: [0x771B0000 ], Size: [0x000AA000 ] Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ], Base Address: [0x77920000 ], Size: [0x000F3000 ] Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ], Base Address: [0x77A80000 ], Size: [0x00095000 ] Module Name: [ C:\WINDOWS\system32\MSASN1.dll ], Base Address: [0x77B20000 ], Size: [0x00012000 ] Module Name: [ C:\WINDOWS\system32\urlmon.dll ], Base Address: [0x7E1E0000 ], Size: [0x000A2000 ] [=============================================================================] Popups [=============================================================================] Window Name: ????-???? Displayed Times: 1 Window Text: [attachment=11001:download.png] [=============================================================================] 2.a) khsajsf_30.exe - Registry Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094da8-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ BaseClass ], New Value: [ Drive ] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094daa-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ BaseClass ], New Value: [ Drive ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\INPROCSERVER32 ], Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 2 times Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00BB2763-6A77-11D0-A535-00C04FD7D062}\INPROCSERVER32 ], Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\INPROCSERVER32 ], Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00BB2765-6A77-11D0-A535-00C04FD7D062}\INPROCSERVER32 ], Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\INPROCSERVER32 ], Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 2 times Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{03C036F1-A186-11D0-824A-00AA005B4383}\INPROCSERVER32 ], Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ], Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\DIRECTORY ], Value Name: [ AlwaysShowExt ], Value: [ ], 1 time Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ], Value Name: [ DriveMask ], Value: [ 32 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\Setup ], Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\COM3 ], Value Name: [ Com+Enabled ], Value: [ 1 ], 2 times Key: [ HKLM\Software\Microsoft\COM3 ], Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 6 times Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ], Value Name: [ * ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ], Value Name: [ * ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ], Value Name: [ AppInit_DLLs ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ LogLevel ], Value: [ 0 ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ ServicePackSourcePath ], Value: [ D:\ ], 2 times Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ], Value Name: [ SourcePath ], Value: [ D:\ ], 2 times Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], Value Name: [ ComputerName ], Value: [ PC ], 2 times Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ], Value Name: [ wheel ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 1 ], Value: [ 1 ], 95 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 2 ], Value: [ 1 ], 12 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 3 ], Value: [ 1 ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 4 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 5 ], Value: [ 1 ], 14 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 6 ], Value: [ 1 ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ (Default) ], Value: [ 00000409 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000401 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000402 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000403 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000404 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000405 ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000406 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000407 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000408 ], Value: [ 4 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000409 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000040a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000040b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000040c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000040d ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000040e ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000040f ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000410 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000411 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000412 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000413 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000414 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000415 ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000416 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000417 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000418 ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000419 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000041a ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000041b ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000041c ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000041d ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000041e ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000041f ], Value: [ 6 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000420 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000421 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000422 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000423 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000424 ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000425 ], Value: [ 3 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000426 ], Value: [ 3 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000427 ], Value: [ 3 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000429 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000042a ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000042b ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000042c ], Value: [ 6 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000042d ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000042f ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000432 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000434 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000435 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000436 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000437 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000438 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000439 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000043a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000043b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000043e ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000043f ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000440 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000441 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000443 ], Value: [ 6 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000444 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000446 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000447 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000449 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000044a ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000044b ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000044e ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000044f ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000450 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000452 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000456 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000457 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000045a ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000462 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000464 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000465 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000046b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000046c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000046e ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000047a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000047c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000481 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000801 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000804 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000807 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000809 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000080a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000080c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000810 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000813 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000814 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000816 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000081a ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000081d ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000082c ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000083b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000083c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000083e ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000843 ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000085d ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000086b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000C07 ], Value: [ 1 ], 2 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c01 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c04 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c07 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c09 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c0a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c0c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c1a ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c3b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000c6b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001001 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001004 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001007 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001009 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000100a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000100c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000101a ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000103b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001401 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001404 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001407 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001409 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000140a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000140c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000141a ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000143b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001801 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001809 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000180a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000180c ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000181a ], Value: [ 2 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000183b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001c01 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001c09 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001c0a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001c1a ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00001c3b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002001 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002009 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000200a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000201a ], Value: [ 5 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000203b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002401 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002409 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000240a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000243b ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002801 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002809 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000280a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002c01 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002c09 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00002c0a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003001 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003009 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000300a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003401 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003409 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000340a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003801 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000380a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003c01 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00003c0a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00004001 ], Value: [ ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000400a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000440a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000480a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00004c0a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 0000500a ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSAppCompat ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\LDAP ], Value Name: [ LdapClientIntegrity ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ Domain ], Value: [ ], 3 times Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ Hostname ], Value: [ pc ], 3 times Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ], Value Name: [ UseDomainNameDevolution ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ], Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ Enabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ], Value Name: [ Version ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ DisplayString ], Value: [ NTDS ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ Enabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ], Value Name: [ Version ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ Enabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ], Value Name: [ Version ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ], Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time Key: [ HKLM\System\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 2 times Key: [ HKLM\System\WPA\PnP ], Value Name: [ seed ], Value: [ 1274198464 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 4 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 4 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ ], Value Name: [ ShellState ], Value: [ 0x2400000038080000000000000000000000000000010000000d0000000000 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ DontPrettyPath ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ Filter ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ Hidden ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ HideFileExt ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ HideIcons ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ MapNetDrvBtn ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ NoNetCrawling ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ SeparateProcess ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ ShowCompColor ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ ShowInfoTip ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ ShowSuperHidden ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ WebView ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Data ], Value: [ 0x000000005c005c003f005c0049004400450023004300640052006f006d00 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Generation ], Value: [ 1 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Data ], Value: [ 0x000000005c005c003f005c00530054004f00520041004700450023005600 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ], Value Name: [ Generation ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ ListviewAlphaSelect ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ ListviewShadow ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ], Value Name: [ ListviewWatermark ], Value: [ 1 ], 1 time [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Monitored Registry Keys: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\Software\Classes ], Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times Key: [ HKLM\Software\Classes\CLSID ], Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times Key: [ HKLM\Software\Microsoft\COM3 ], Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ], Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ], Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time Key: [ HKU ], Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times [=============================================================================] 2. khsajsf_30.exe - File Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Deleted: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj1.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse2.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj1.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDLogicUtils.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMDownload.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMNetGetInfo.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMSkin.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\dl.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\hu.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\res ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\res\onlineWnd.zip ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\tmpqklee9.dll ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse2.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\res\onlineWnd.zip ] File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ] File Name: [ C:\WINDOWS\win.ini ] File Name: [ C:\khsajsf_30.exe ] File Name: [ PIPE\lsarpc ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse2.tmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDLogicUtils.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMDownload.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMNetGetInfo.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMSkin.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\dl.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\hu.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\res\onlineWnd.zip ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\tmpqklee9.dll ] File Name: [ MountPointManager ] File Name: [ PIPE\lsarpc ] File Name: [ WMIDataDevice ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Directories Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Directory: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp ] Directory: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\res ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File System Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Device Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times File: [ IDE#CdRomQEMU_QEMU_CD-ROM________________________0.9.____#4d51303030302033202020202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time File: [ MountPointManager ], Control Code: [ 0x006D0008 ], 2 times File: [ STORAGE#Volume#1&30a96598&0&SignatureB15FB15FOffset7E00Length13F291800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time File: [ MountPointManager ], Control Code: [ 0x006D0034 ], 4 times File: [ WMIDataDevice ], Control Code: [ 0x0022414C ], 1 time File: [ WMIDataDevice ], Control Code: [ 0x00228144 ], 2 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMNetGetInfo.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\BDMSkin.dll ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsp3.tmp\tmpqklee9.dll ] File Name: [ C:\WINDOWS\System32\mswsock.dll ] File Name: [ C:\WINDOWS\System32\winrnr.dll ] File Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ] File Name: [ C:\WINDOWS\WindowsShell.Manifest ] File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ] File Name: [ C:\WINDOWS\system32\COMRes.dll ] File Name: [ C:\WINDOWS\system32\DNSAPI.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\PSAPI.DLL ] File Name: [ C:\WINDOWS\system32\RichEd20.dll ] File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ] File Name: [ C:\WINDOWS\system32\SHELL32.dll ] File Name: [ C:\WINDOWS\system32\SHFOLDER.dll ] File Name: [ C:\WINDOWS\system32\UxTheme.dll ] File Name: [ C:\WINDOWS\system32\WININET.dll ] File Name: [ C:\WINDOWS\system32\WINMM.dll ] File Name: [ C:\WINDOWS\system32\WS2HELP.dll ] File Name: [ C:\WINDOWS\system32\WS2_32.dll ] File Name: [ C:\WINDOWS\system32\browseui.dll ] File Name: [ C:\WINDOWS\system32\dbghelp.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\msimg32.dll ] File Name: [ C:\WINDOWS\system32\rpcss.dll ] File Name: [ C:\WINDOWS\system32\urlmon.dll ] [=============================================================================] 2.c) khsajsf_30.exe - Other Activities [=============================================================================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Mutexes Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ MSCTF.Shared.MUTEX.IFG ] Mutex: [ ZonesCacheCounterMutex ] Mutex: [ ZonesCounterMutex ] Mutex: [ ZonesLockedCacheCounterMutex ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Keyboard Keys Monitored: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Virtual Key Code: [ VK_SHIFT (16) ], 1 time Virtual Key Code: [ VK_ESCAPE (27) ], 22 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Windows SEH exceptions: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10039fef ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003a286 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003a62f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003a8b3 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100788cc ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1007899c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10078b71 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10078e14 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10078e92 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10079754 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100797d2 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10079c36 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10032575 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003299e ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10032a1c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10032eef ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10032f6d ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003336f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003354c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1006c0cf ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1006c775 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10033b84 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10033c5f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10033ef5 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100344bc ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003453a ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10034cec ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10041d95 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10041f7b ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1004206c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10042469 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100424e7 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10042682 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100436f1 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1004376f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002e5b6 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002e76b ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002ec22 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002eddc ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002f2b9 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002f42c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002f644 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002fc62 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002ff55 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10030488 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10030593 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1003079d ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100309bf ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10030be6 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10030c64 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10030ed8 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10031ca1 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10062a65 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10062efb ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10063016 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10063b30 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10063c21 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10063dc1 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10063e3f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1006443d ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100648ab ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10072310 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1007277f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10072b06 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100737cf ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1007389f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10073bdf ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100217a2 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10021854 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002191a ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10021bbe ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10021cd9 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002201a ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002247f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002267c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100226fa ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10022778 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10022ad5 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10022ea8 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002334d ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1005613f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10056205 ], 1 time Description: [ Exception 0xc0000094 (STATUS_INTEGER_DIVIDE_BY_ZERO) at 0x10056278 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x100562f0 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10056525 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10056df8 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10056fc8 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10057821 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1005789f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10057dc8 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10057e46 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1005817c ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10058383 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x10058474 ], 1 time Description: [ Exception 0xc0000094 (STATUS_INTEGER_DIVIDE_BY_ZERO) at 0x1002c8f2 ], 1 time Description: [ Exception 0xc0000094 (STATUS_INTEGER_DIVIDE_BY_ZERO) at 0x1002c974 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002c9ec ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002cd06 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002cd84 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002cecd ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002cfe8 ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002d52f ], 1 time Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x1002d734 ], 1 time [#############################################################################] International Secure Systems Lab http://www.iseclab.org Vienna University of Technology Eurecom France UC Santa Barbara http://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu Contact: anubis@iseclab.org Edited December 23, 2013 by JMC31337
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now