[Release] Trainer 5.16

04/13/2011, 09:08

#31

patte82

elite*gold: 0

The Black Market: 0/0/0

Join Date: Apr 2010

Posts: 56

Received Thanks: 82

Quote:

Originally Posted by CUSTA91

Avira
Detect !!!
TR/Dropper.Gen !!!

Avira ist paranoid
und ausserdem werden solche tools immer als hacktool etc. erkannt
wenn man ahnung hat am besten die hex etc. ansehen...

04/13/2011, 09:24	#32
patte82 elite*gold: 0 The Black Market: 0/0/0 Join Date: Apr 2010 Posts: 56 Received Thanks: 82	Für alle die paranoid sind Bericht: Spoiler ___ __ _ + /- / \| ____ __ __/ /_ (_)____ -\ + /s h- / /\| \| / __ \/ / / / __ \/ / ___/ -h s\ oh-:d/ / ___ \|/ / / / /_/ / /_/ / (__ ) /d:-ho shh+hy- /_/ \|_/_/ /_/\__,_/_.___/_/____/ -yh+hhs -:+hhdhyys/- -\syyhdhh+:- -//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\- /++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\ -+++///////odh/- -+hdo\\\\\\\+++- +++++++++//yy+/: :\+yy\\+++++++++ /+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\ +oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+ +oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+ [################################################## ###########################] Analysis Report for NFS_World_Trainer_(2).exe MD5: a742c1fa9962a6fd29a5092d1c80a372 [################################################## ###########################] Summary: - Write to foreign memory areas: This executable tampers with the execution of another process. - AV Hit: This executable is detected by an antivirus software. - Execution did not terminate correctly: The executable crashed. - Spawns Processes: The executable produces processes during the execution. - Performs Registry Activities: The executable creates and/or modifies registry entries. [================================================== ===========================] Table of Contents [================================================== ===========================] - General information - NFS_World_.exe a) Registry Activities b) File Activities c) Process Activities d) Other Activities - DW20.EXE a) Registry Activities b) File Activities c) Process Activities [################################################## ###########################] 1. General Information [################################################## ###########################] [================================================== ===========================] Information about Anubis' invocation [================================================== ===========================] Time needed: 300 s Report created: 04/13/11, 07:10:25 UTC Termination reason: Timeout Program version: 1.75.3394 [################################################## ###########################] 2. NFS_World_.exe [################################################## ###########################] [================================================== ===========================] General information about this executable [================================================== ===========================] Analysis Reason: Primary Analysis Subject Filename: NFS_World_.exe MD5: a742c1fa9962a6fd29a5092d1c80a372 SHA-1: ea33a513fcc8c23ee866217667a2895f657b704e File Size: 4736000 Bytes Process-status at analysis end: alive Exit Code: 0 [================================================== ===========================] Load-time Dlls [================================================== ===========================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\mscoree.dll ], Base Address: [0x79000000 ], Size: [0x0004A000 ] Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco reei.dll ], Base Address: [0x603B0000 ], Size: [0x00066000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr. dll ], Base Address: [0x79140000 ], Size: [0x0066F000 ] Module Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ], Base Address: [0x79060000 ], Size: [0x000BE000 ] Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni .dll ], Base Address: [0x79880000 ], Size: [0x00DC3000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cult ure.dll ], Base Address: [0x60340000 ], Size: [0x0000D000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlss orting.dll ], Base Address: [0x60930000 ], Size: [0x00010000 ] Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrj it.dll ], Base Address: [0x79810000 ], Size: [0x00060000 ] Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ], Base Address: [0x7A820000 ], Size: [0x00898000 ] Module Name: [ C:\WINDOWS\system32\psapi.dll ], Base Address: [0x76BF0000 ], Size: [0x0000B000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\Apphelp.dll ], Base Address: [0x77B40000 ], Size: [0x00022000 ] [================================================== ===========================] Ikarus Virus Scanner [================================================== ===========================] Trojan-Dropper (Sig-Id: 55472342) [================================================== ===========================] 2.a) NFS_World_.exe - Registry Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], Value Name: [ AllOrNone ], Value: [ 1 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], Value Name: [ DoReport ], Value: [ 1 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], Value Name: [ ShowUI ], Value: [ 1 ], 1 time Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug ], Value Name: [ Auto ], Value: [ 1 ], 2 times Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug ], Value Name: [ Debugger ], Value: [ drwtsn32 -p %ld -e %ld -g ], 6 times Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\WPA\MediaCenter ], Value Name: [ Installed ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\.NETFramework ], Value Name: [ InstallRoot ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\ ], 9 times Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\Upgra des ], Value Name: [ 1.1.4322 ], Value: [ 1.0.3705-1.1.4322 ], 1 time Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\Upgra des ], Value Name: [ 2.0.50727 ], Value: [ 1.0.0-2.0.50727 ], 1 time Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\Upgra des ], Value Name: [ 4.0.30319 ], Value: [ 4.0.0-4.0.30319 ], 1 time Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\\v4.0 ], Value Name: [ 30319 ], Value: [ 30319-30319 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotificati on\Default ], Value Name: [ System,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0x923ed9fd48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotificati on\Default ], Value Name: [ System.Configuration,4.0.0.0,,b03f5f7f11d50a3a,MSI L ], Value: [ 0x189984f948cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotificati on\Default ], Value Name: [ System.Xml,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xa019a50249cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotificati on\Default ], Value Name: [ mscorlib,4.0.0.0,,b77a5c561934e089,x86 ], Value: [ 0x7af6f1f448cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32 ], Value Name: [ LatestIndex ], Value: [ 128 ], 4 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ DisplayName ], Value: [ mscorlib,4.0.0.0,,b77a5c561934e089 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ LastModTime ], Value: [ 0x7af6f1f448cecb01 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ Modules ], Value: [ normidna.nlp\|normnfc.nlp\|normnfd.nlp\|normnfkc.nlp\| normnfkd.nlp ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ SIG ], Value: [ 0xd74ebd98377318409551ee0825ada7bad7d8789378521e6b ea0d6e989d21 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ Status ], Value: [ 8198 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\1499ca42\653465f8\1 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000 000000000000 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ DisplayName ], Value: [ System.Xml,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ LastModTime ], Value: [ 0xa019a50249cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ SIG ], Value: [ 0xc5001c24e7b69a47b45f038d12d280c5a05ed9d07250af4d fda78fa43f6f ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\34f474d5\65246f3f\7 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000 000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ DisplayName ], Value: [ System,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ LastModTime ], Value: [ 0x923ed9fd48cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ SIG ], Value: [ 0x317b4fe04715534ba83d8704c85662619cb5d7d82f52e76c 37ce1d20af69 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000 000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ DisplayName ], Value: [ System.Configuration,4.0.0.0,,b03f5f7f11d50a3a ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ LastModTime ], Value: [ 0x189984f948cecb01 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ SIG ], Value: [ 0x15fa5d2766c57d40893a33ef21db2cef56a8a5d4c0ca417d 1533e9b0d7b0 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ Status ], Value: [ 4098 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\IL\5d94bc56\3b150cef\6 ], Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000 000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ ConfigMask ], Value: [ 4361 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ ConfigString ], Value: [ ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ DisplayName ], Value: [ mscorlib,4.0.0.0,,b77a5c561934e089 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ ILDependencies ], Value: [ 0x42ca9914f8653465010000000400000000000000 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ MVID ], Value: [ 0x4ff1f12a08d455f195ba996fe77497c6 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\181938c6\1499ca42\1 ], Value Name: [ Status ], Value: [ 0 ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ ConfigString ], Value: [ ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ DisplayName ], Value: [ System,4.0.0.0,,b77a5c561934e089 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ ILDependencies ], Value: [ 0x56bc945def0c153b060000000400000000000000d574f434 3f6f24650700 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ MVID ], Value: [ 0x161c6f80ad93b0505054d244f1c6243c ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ NIDependencies ], Value: [ 0xc638191842ca9914010000000400000000000000c6381918 42ca99140100 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ], Value Name: [ Status ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\index80 ], Value Name: [ ILUsageMask ], Value: [ 0xffffffffffffffffffffffffffffffff ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v 4.0.30319_32\index80 ], Value Name: [ NIUsageMask ], Value: [ 0xffffffffffffffffffffffffffffffff ], 2 times Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Def ault ], Value Name: [ Latest ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Def ault ], Value Name: [ LegacyPolicyTimeStamp ], Value: [ 0x0000000000000000 ], 1 time Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Def ault ], Value Name: [ index1 ], Value: [ 0x00 ], 1 time Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting\DW \Installed ], Value Name: [ DW0200 ], Value: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll ], Value Name: [ CheckAppHelp ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers ], Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers ], Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers ], Value Name: [ PolicyScope ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 2 times Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ ItemSize ], Value: [ 779 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ ItemSize ], Value: [ 517 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ ItemSize ], Value: [ 918 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ ItemSize ], Value: [ 229 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ HashAlg ], Value: [ 32771 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ ItemSize ], Value: [ 370 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\Curr entVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], Value Name: [ SaferFlags ], Value: [ 0 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\ComputerName \ActiveComputerName ], Value Name: [ ComputerName ], Value: [ PC ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Lsa ], Value Name: [ FIPSAlgorithmPolicy ], Value: [ 0 ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ], Value Name: [ 1 ], Value: [ 1 ], 3 times Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000409 ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ], Value Name: [ 00000C07 ], Value: [ 1 ], 2 times Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders ], Value Name: [ Cache ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ], 1 time [================================================== ===========================] 2.b) NFS_World_.exe - File Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\conf ig\machine.config ] File Name: [ PIPE\lsarpc ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ PIPE\lsarpc ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File System Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 7 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Device Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\NFS_World_.exe ] File Name: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\Sort Default.nlp ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr. dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrj it.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cult ure.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\loca le.nlp ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco reei.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rrc.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlss orting.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Sys tem\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni .dll ] File Name: [ C:\WINDOWS\system32\Apphelp.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\mscoree.dll ] File Name: [ C:\WINDOWS\system32\psapi.dll ] File Name: [ C:\WINDOWS\system32\rpcss.dll ] File Name: [ C:\Windows\AppPatch\sysmain.sdb ] [================================================== ===========================] 2.c) NFS_World_.exe - Process Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Processes Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [ ] Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [ dw20.exe -x -s 392 ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Remote Threads Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Affected Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Foreign Memory Regions Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Process: [ C:\NFS_World_.exe ] Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Foreign Memory Regions Written: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ] [================================================== ===========================] 2.d) NFS_World_.exe - Other Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Mutexes Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ] Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Windows SEH exceptions: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x79ad4fdd ], 1 time Description: [ Exception 0xc000001e at 0x79aa8108 ], 277 times Description: [ Exception 0xc00000fd (STATUS_STACK_OVERFLOW) at 0x79495bc5 ], 1 time [################################################## ###########################] 3. DW20.EXE [################################################## ###########################] [================================================== ===========================] General information about this executable [================================================== ===========================] Analysis Reason: Started by NFS_World_.exe Filename: DW20.EXE MD5: a981419c39cc02259b8f2da3974000d9 SHA-1: 905d359e2c5e8330d39b746132fa9779f52c0b93 File Size: 637272 Bytes Command Line: dw20.exe -x -s 392 Process-status at analysis end: alive Exit Code: 0 [================================================== ===========================] Load-time Dlls [================================================== ===========================] Module Name: [ C:\WINDOWS\system32\ntdll.dll ], Base Address: [0x7C900000 ], Size: [0x000AF000 ] Module Name: [ C:\WINDOWS\system32\kernel32.dll ], Base Address: [0x7C800000 ], Size: [0x000F6000 ] Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ], Base Address: [0x77DD0000 ], Size: [0x0009B000 ] Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ], Base Address: [0x77E70000 ], Size: [0x00092000 ] Module Name: [ C:\WINDOWS\system32\Secur32.dll ], Base Address: [0x77FE0000 ], Size: [0x00011000 ] Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ], Base Address: [0x773D0000 ], Size: [0x00103000 ] Module Name: [ C:\WINDOWS\system32\msvcrt.dll ], Base Address: [0x77C10000 ], Size: [0x00058000 ] Module Name: [ C:\WINDOWS\system32\GDI32.dll ], Base Address: [0x77F10000 ], Size: [0x00049000 ] Module Name: [ C:\WINDOWS\system32\USER32.dll ], Base Address: [0x7E410000 ], Size: [0x00091000 ] Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ], Base Address: [0x77F60000 ], Size: [0x00076000 ] Module Name: [ C:\WINDOWS\system32\OLEACC.dll ], Base Address: [0x74C80000 ], Size: [0x0002C000 ] Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ], Base Address: [0x76080000 ], Size: [0x00065000 ] Module Name: [ C:\WINDOWS\system32\ole32.dll ], Base Address: [0x774E0000 ], Size: [0x0013D000 ] Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ], Base Address: [0x77120000 ], Size: [0x0008B000 ] Module Name: [ C:\WINDOWS\system32\SHELL32.dll ], Base Address: [0x7C9C0000 ], Size: [0x00817000 ] Module Name: [ C:\WINDOWS\system32\urlmon.dll ], Base Address: [0x7E1E0000 ], Size: [0x000A2000 ] Module Name: [ C:\WINDOWS\system32\VERSION.dll ], Base Address: [0x77C00000 ], Size: [0x00008000 ] Module Name: [ C:\WINDOWS\system32\WININET.dll ], Base Address: [0x771B0000 ], Size: [0x000AA000 ] Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ], Base Address: [0x77A80000 ], Size: [0x00095000 ] Module Name: [ C:\WINDOWS\system32\MSASN1.dll ], Base Address: [0x77B20000 ], Size: [0x00012000 ] [================================================== ===========================] Run-time Dlls [================================================== ===========================] Module Name: [ C:\WINDOWS\system32\MSCTF.dll ], Base Address: [0x74720000 ], Size: [0x0004C000 ] Module Name: [ C:\WINDOWS\system32\riched20.dll ], Base Address: [0x74E30000 ], Size: [0x0006D000 ] Module Name: [ C:\WINDOWS\system32\imm32.dll ], Base Address: [0x76390000 ], Size: [0x0001D000 ] Module Name: [ C:\WINDOWS\system32\shfolder.dll ], Base Address: [0x76780000 ], Size: [0x00009000 ] Module Name: [ C:\WINDOWS\system32\psapi.dll ], Base Address: [0x76BF0000 ], Size: [0x0000B000 ] [================================================== ===========================] 3.a) DW20.EXE - Registry Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders ], Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ] Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\Shell Folders ], Value Name: [ Personal ], New Value: [ C:\Documents and Settings\Administrator\My Documents ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Registry Values Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], Value Name: [ CUAS ], Value: [ 0 ], 1 time Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time Key: [ HKLM\SYSTEM\Setup ], Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ], Value Name: [ * ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PR OTOCOL ], Value Name: [ * ], Value: [ 1 ], 1 time Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls ], Value Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr. dll ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco rdacwks.dll ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 1 time Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 1 time Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\Cod eIdentifiers ], Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ], Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 4 times Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\User Shell Folders ], Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Expl orer\User Shell Folders ], Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time [================================================== ===========================] 3.b) DW20.EXE - File Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Created: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\76ADD.dmp ] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\NFS_World_.exe ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Files Modified: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Device Control Communication: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Memory Mapped Files: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] File Name: [ C:\NFS_World_.exe ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr. dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\cult ure.dll ] File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\msco reei.dll ] File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ] File Name: [ C:\WINDOWS\WindowsShell.Manifest ] File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\msc orlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni .dll ] File Name: [ C:\WINDOWS\system32\ADVAPI32.dll ] File Name: [ C:\WINDOWS\system32\GDI32.dll ] File Name: [ C:\WINDOWS\system32\KERNEL32.dll ] File Name: [ C:\WINDOWS\system32\MSCTF.dll ] File Name: [ C:\WINDOWS\system32\MSVCP60.dll ] File Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ] File Name: [ C:\WINDOWS\system32\OLEACC.dll ] File Name: [ C:\WINDOWS\system32\OLEACCRC.DLL ] File Name: [ C:\WINDOWS\system32\RPCRT4.dll ] File Name: [ C:\WINDOWS\system32\SHELL32.dll ] File Name: [ C:\WINDOWS\system32\SHLWAPI.dll ] File Name: [ C:\WINDOWS\system32\Secur32.dll ] File Name: [ C:\WINDOWS\system32\USER32.dll ] File Name: [ C:\WINDOWS\system32\WININET.dll ] File Name: [ C:\WINDOWS\system32\imm32.dll ] File Name: [ C:\WINDOWS\system32\mscoree.dll ] File Name: [ C:\WINDOWS\system32\msvcrt.dll ] File Name: [ C:\WINDOWS\system32\ntdll.dll ] File Name: [ C:\WINDOWS\system32\ole32.dll ] File Name: [ C:\WINDOWS\system32\psapi.dll ] File Name: [ C:\WINDOWS\system32\riched20.dll ] File Name: [ C:\WINDOWS\system32\shfolder.dll ] File Name: [ C:\WINDOWS\system32\urlmon.dll ] [================================================== ===========================] 3.c) DW20.EXE - Process Activities [================================================== ===========================] [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Foreign Memory Regions Read: [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=] Process: [ C:\NFS_World_.exe ] [################################################## ###########################] International Secure Systems Lab Vienna University of Technology Eurecom France UC Santa Barbara Contact:

04/13/2011, 11:25	#33
king66 elite*gold: 0 The Black Market: 0/0/0 Join Date: Sep 2008 Posts: 72 Received Thanks: 4	Is it still working after the Patch last Night?

04/13/2011, 12:09

#34

Nixilus

elite*gold: 0

The Black Market: 0/0/0

Join Date: Nov 2010

Posts: 31

Received Thanks: 9

Quote:

Originally Posted by king66

Is it still working after the Patch last Night?

No

04/13/2011, 12:34	#35
Jolie123 elite*gold: 0 The Black Market: 1/0/0 Join Date: Jan 2011 Posts: 13 Received Thanks: 1	XD wyh dont work the ******* trainer!

04/13/2011, 13:13

#36

neroXtreme

elite*gold: 0

The Black Market: 0/0/0

Join Date: Oct 2009

Posts: 5

Received Thanks: 1

Quote:

Originally Posted by drag91

=(((

need to write your username in this site. deerhunter2005.net

04/13/2011, 13:54

#37

Nixilus

elite*gold: 0

The Black Market: 0/0/0

Join Date: Nov 2010

Posts: 31

Received Thanks: 9

Quote:

Originally Posted by Jolie123

XD wyh dont work the ******* trainer!

It's need to be updated, because the NFSW was updated..

04/13/2011, 17:38	#38
KOGERR elite*gold: 0 The Black Market: 0/0/0 Join Date: Mar 2011 Posts: 13 Received Thanks: 5	cool

04/13/2011, 17:41	#39
KOGERR elite*gold: 0 The Black Market: 0/0/0 Join Date: Mar 2011 Posts: 13 Received Thanks: 5	hey bro

04/13/2011, 18:28

#40

Nixilus

elite*gold: 0

The Black Market: 0/0/0

Join Date: Nov 2010

Posts: 31

Received Thanks: 9

Quote:

Originally Posted by KOGERR

cool

To make it work yo need to be registered on this site

End then, in this window you must type your "username" (not E-Mail) and password

04/13/2011, 22:45	#41
Nixilus elite*gold: 0 The Black Market: 0/0/0 Join Date: Nov 2010 Posts: 31 Received Thanks: 9	Trainer was updated!!!

04/13/2011, 22:48	#42
Hellboy1989 elite*gold: 0 The Black Market: 0/0/0 Join Date: Apr 2010 Posts: 576 Received Thanks: 286	nice THX

04/14/2011, 11:06

#43

mrbogus79

elite*gold: 0

The Black Market: 0/0/0

Join Date: Apr 2011

Posts: 6

Received Thanks: 0

Quote:

Originally Posted by DevilWolf

You need registration

thus this trainer works? how to download? where's the link? pls help..

04/14/2011, 12:11

#44

Nixilus

elite*gold: 0

The Black Market: 0/0/0

Join Date: Nov 2010

Posts: 31

Received Thanks: 9

Quote:

Originally Posted by mrbogus79

thus this trainer works? how to download? where's the link? pls help..

Trainer works, but you need to be registered here

Download trainer here

04/14/2011, 14:36	#45
king66 elite*gold: 0 The Black Market: 0/0/0 Join Date: Sep 2008 Posts: 72 Received Thanks: 4	I wait since yesterday for my Activation Mail >,<