[#############################################################################]

1. [#############################################################################]
2. Analysis Report for Tarz__n-y-los-hombres-hormiga_Installer.exe
3. MD5: 34db8548e1c6bb2a25c7233b3effd535
4. [#############################################################################]
5.  
6. Summary:
7. - Packed Binary:
8. This executable is protected with a packer in order to prevent it
9. from being reverse engineered.
10.  
11. - Performs File Modification and Destruction:
12. The executable modifies and destructs files which are not temporary.
13.  
14. - Performs Registry Activities:
15. The executable creates and/or modifies registry entries.
16.  
17. [=============================================================================]
18. Table of Contents
19. [=============================================================================]
20.  
21. - General information
22. - Tarz__n-y-.exe
23. a) Registry Activities
24. b) File Activities
25. c) Network Activities
26.  
27.  
28. [#############################################################################]
29. 1. General Information
30. [#############################################################################]
31. [=============================================================================]
32. Information about Anubis' invocation
33. [=============================================================================]
34. Time needed: 257 s
35. Report created: 09/30/12, 15:15:06 UTC
36. Termination reason: Timeout
37. Program version: 1.76.3886
38.  
39.  
40. [#############################################################################]
41. 2. Tarz__n-y-.exe
42. [#############################################################################]
43. [=============================================================================]
44. General information about this executable
45. [=============================================================================]
46. Analysis Reason: Primary Analysis Subject
47. Filename: Tarz__n-y-.exe
48. MD5: 34db8548e1c6bb2a25c7233b3effd535
49. SHA-1: b0ec00f081a20931a653d0ed5fc2e250173457f6
50. File Size: 329480 Bytes
51. Command Line: "C:\Tarz__n-y-.exe"
52. Process-status
53. at analysis end: alive
54. Exit Code: 0
55.  
56. [=============================================================================]
57. Load-time Dlls
58. [=============================================================================]
59. Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
60. Base Address: [0x7C900000 ], Size: [0x000AF000 ]
61. Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
62. Base Address: [0x7C800000 ], Size: [0x000F6000 ]
63. Module Name: [ C:\WINDOWS\system32\USER32.dll ],
64. Base Address: [0x7E410000 ], Size: [0x00091000 ]
65. Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
66. Base Address: [0x77F10000 ], Size: [0x00049000 ]
67. Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
68. Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
69. Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
70. Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
71. Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
72. Base Address: [0x77E70000 ], Size: [0x00092000 ]
73. Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
74. Base Address: [0x77FE0000 ], Size: [0x00011000 ]
75. Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
76. Base Address: [0x77C10000 ], Size: [0x00058000 ]
77. Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
78. Base Address: [0x77F60000 ], Size: [0x00076000 ]
79. Module Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ],
80. Base Address: [0x773D0000 ], Size: [0x00103000 ]
81. Module Name: [ C:\WINDOWS\system32\ole32.dll ],
82. Base Address: [0x774E0000 ], Size: [0x0013D000 ]
83. Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
84. Base Address: [0x77C00000 ], Size: [0x00008000 ]
85.  
86. [=============================================================================]
87. Run-time Dlls
88. [=============================================================================]
89. Module Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsRichEdit.dll ],
90. Base Address: [0x003F0000 ], Size: [0x00009000 ]
91. Module Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\NSISdl.dll ],
92. Base Address: [0x10000000 ], Size: [0x0000D000 ]
93. Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
94. Base Address: [0x5AD70000 ], Size: [0x00038000 ]
95. Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
96. Base Address: [0x662B0000 ], Size: [0x00058000 ]
97. Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
98. Base Address: [0x71A50000 ], Size: [0x0003F000 ]
99. Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
100. Base Address: [0x71A90000 ], Size: [0x00008000 ]
101. Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
102. Base Address: [0x71AA0000 ], Size: [0x00008000 ]
103. Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
104. Base Address: [0x71AB0000 ], Size: [0x00017000 ]
105. Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
106. Base Address: [0x74720000 ], Size: [0x0004C000 ]
107. Module Name: [ C:\WINDOWS\system32\RichEd20.dll ],
108. Base Address: [0x74E30000 ], Size: [0x0006D000 ]
109. Module Name: [ C:\WINDOWS\system32\comdlg32.dll ],
110. Base Address: [0x763B0000 ], Size: [0x00049000 ]
111. Module Name: [ C:\WINDOWS\system32\SHFOLDER.dll ],
112. Base Address: [0x76780000 ], Size: [0x00009000 ]
113. Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
114. Base Address: [0x76F20000 ], Size: [0x00027000 ]
115. Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
116. Base Address: [0x76F60000 ], Size: [0x0002C000 ]
117. Module Name: [ C:\WINDOWS\System32\winrnr.dll ],
118. Base Address: [0x76FB0000 ], Size: [0x00008000 ]
119. Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
120. Base Address: [0x76FC0000 ], Size: [0x00006000 ]
121. Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
122. Base Address: [0x77920000 ], Size: [0x000F3000 ]
123.  
124. [=============================================================================]
125. SigBuster Output
126. [=============================================================================]
127. NullSoft_PiMP_SFX vna SN: 1724
128.  
129. [=============================================================================]
130. Popups
131. [=============================================================================]
132. Window Name: Instalaci.n de Tarz.n-y-los-hombres-hormiga
133. Displayed Times: 1
134. Window Text:
135. &Siguiente >
136. Cancelar
137.  
138.  
139. Contrato de licencia de usuario final de Metainstaller Downloader.
140. Esta descarga es gratuita.
141.  
142. Lea y acepte este contrato de licencia antes de instalar y utilizar el software. Si es una persona f.sica, debe ser mayor de edad o tener el consentimiento de los padres. Si adquiere el software para una empresa, debe contar con poderes para formalizar este contrato en nombre de la empresa. Al hacer clic en el bot.n .Aceptar. (o equivalente) que se encuentra en la parte inferior de la p.gina, expresar. la aceptaci.n de este contrato.
143.  
144. Metainstaller LLC, sociedad estadounidense propiedad de Onekit Internet SL y con domicilio social en 01 Silverside Road, Suite 105, Wilmington - Delaware 19809 (USA). (en adelante, Metainstaller), otorga a sus usuarios una licencia gratuita, no exclusiva y no transferible (en adelante, la Licencia) de uso del presente software denominado Este WebInstaller.
145.  
146. Finalidad y requisitos t.cnicos
147.  
148. Este WebInstaller es un programa ejecutable que le permite descargar determinados programas inform.ticos.
149.  
150. Al ejecutar Este WebInstaller acepta los t.rminos y condiciones del presente documento que conoce Este WebInstaller y lo ejecuta bajo su propia responsabilidad.
151.  
152. Metainstaller se reserva el derecho de actualizar y modificar la Licencia de software y cualesquiera documentos de referencia adjuntos llegado el caso.
153.  
154. Adem.s, se ofrecer. una barra de herramientas que cambiar. la p.gina de inicio del usuario, los ajustes de b.squeda por defecto y el error 404, en caso de que el usuario seleccione dichas opciones.
155.  
156. La unidad de software inicia la instalaci.n de los productos de software descargados.
157.  
158. La unidad de software no se instala en el ordenador del usuario, y el usuario debe borrar manualmente el ejecutable de la unidad de software.
159. Garant.as y responsabilidades
160.  
161. Debe utilizar Este WebInstaller de acuerdo con los t.rminos y condiciones del presente documento. Metainstaller no ser. responsable de cualesquiera da.os surgidos de su uso de Este WebInstaller de forma contraria a esta Licencia de software.
162.  
163. Excepto en cuanto a las responsabilidades reglamentarias establecidas en las leyes de protecci.n del consumidor, usted exonera a Metainstaller de cualquier responsabilidad surgida de la ejecuci.n inadecuada de Este WebInstaller o el funcionamiento incorrecto de Este WebInstaller causado por el modo en que usted ejecut. el software. Dicha exoneraci.n de responsabilidad se ampliar. a los empleados y la direcci.n de Metainstaller.
164.  
165. Metainstaller expresa que esta Licencia para utilizar el WebInstaller no infringe ning.n contrato previo o legislaci.n actual.
166.  
167. Metainstaller garantiza que Este WebInstaller no es un programa esp.a o de publicidad. Metainstaller tambi.n garantiza que Este WebInstaller no muestra anuncios emergentes ni recopila datos personales de los usuarios.
168.  
169. Metainstaller no garantiza la disponibilidad, la continuidad ni el funcionamiento a prueba de fallos de Este WebInstaller. Por lo tanto, en la medida en que la legislaci.n lo permite, esta garant.a no incluye los da.os surgidos de la falta de disponibilidad o funcionamiento interrumpido de Este WebInstaller y cualesquiera servicios que .ste posibilite.
170.  
171. Metainstaller no asume responsabilidad en caso de circunstancia imprevisible o fuerza mayor. Asimismo, Metainstaller no ser. responsable de cualesquiera causas fuera del control razonable, como virus e interferencias de terceros.
172.  
173. Usted eximir. a Metainstaller de cualquier responsabilidad por los derechos de propiedad intelectual, los derechos de distribuci.n, la integridad, la calidad y la ejecuci.n del software inform.tico descargado con Este WebInstaller.
174.  
175. Usted afirma tener conocimiento de que Metainstaller puede no tener relaci.n de ning.n tipo con los propietarios de los programas inform.ticos que usted descarga. Usted exime a Metainstaller de toda responsabilidad por cualesquiera demandas interpuestas contra usted por su uso o posesi.n de los productos descargados con el WebInstaller, incluyendo, pero sin limitarse a ello, demandas por calumnias, violaciones de derechos de protecci.n de datos o publicidad, derechos de propiedad intelectual, derechos de nombre comercial, y cualquier otra demanda o queja referente al contenido, la calidad y el funcionamiento de dicho software.
176. Vigencia
177.  
178. La vigencia de este Contrato empieza en el momento de su aceptaci.n. Metainstaller tendr. derecho a restringir, suspender o rescindir este Contrato a su propia discreci.n, tanto completa como parcialmente, en cualquier momento y por cualquier motivo, sin previo aviso o responsabilidad.
179.  
180. Este Contrato y, por tanto, la Licencia se rescindir.n en el momento en que usted incurra en incumplimiento de los t.rminos y condiciones del presente. Debe borrar todas las copias de el WebInstaller que posea en el momento en que este Contrato finalice.
181. Uso de dispositivos de seguimiento
182.  
183. Metainstaller utiliza cookies y seguimiento de IP. El software de Metainstaller y el analizador de tr.fico del sitio de Metainstaller utilizan cookies y seguidores de IP para recopilar datos para fines estad.sticos, incluyendo: la fecha de la primera visita, el n.mero de visitas, la fecha de la .ltima visita, el URL y el dominio, el buscador y la resoluci.n de pantalla.
184.  
185. La publicidad en los sitios de Metainstaller incluye Google AdSense, un sistema que utiliza cookies para mostrar contenido publicitario relacionado con las p.ginas que ha visitado el usuario.
186.  
187. Cuando un usuario accede a un sitio que utiliza Google AdSense, se introduce una cookie en su buscador, hecho que permite a Google recopilar informaci.n sobre la actividad del usuario, con el fin de gestionar y publicar anuncios mediante el programa publicitario Google AdSense.
188.  
189. El usuario puede desactivar y/o eliminar las cookies libremente siguiendo las instrucciones de su buscador de Internet.
190.  
191. Adem.s, Metainstaller utiliza el sistema de medici.n de Nielsen, que tambi.n utiliza cookies. Nielsen proporciona indicadores de medici.n de audiencia e Internet mediante la aplicaci.n de determinadas tecnolog.as web.
192.  
193. Pol.ticas de privacidad:
194.  
195. Nielsen NetTratings: http://www.netratings.com/corp.jsp?section=leg_scs_es&nav=3
196.  
197. Google Analytics: http://www.google.com/intl/es_ALL/privacypolicy.html
198.  
199. Metainstaller no utiliza correo basura y solamente gestiona datos proporcionados por los usuarios a trav.s de formularios electr.nicos que se encuentran en la web o mediante mensajes de correo electr.nico.
200.  
201. Metainstaller hace un seguimiento de la informaci.n de seud.nimo: el identificador de usuario, que es un c.digo de identificaci.n .nico que se genera la primera vez que ejecuta el WebInstaller; el identificador de sesi.n, que es su identificador de usuario y la marca horaria; el identificador de archivo, que es el programa que el usuario quiere descargar; el sitio web; la versi.n de Este WebInstaller, versi.n de API; la direcci.n IP; con el fin de verificar la correcta ejecuci.n del software y analizar cualesquiera errores que se produzcan. Esta informaci.n se encuentra almacenada en el registro del ordenador.
202. Derecho y jurisdicci.n aplicables
203.  
204. Esta Licencia de software y la ejecuci.n del Este WebInstaller se regir.n en virtud de las leyes de Espa.a.
205.  
206. En caso de controversia surgida a ra.z de esta Licencia de software o la ejecuci.n de Este WebInstaller, las partes, si la legislaci.n lo permite, se someten a la jurisdicci.n de los juzgados y los tribunales de Espa.a.
207.  
208. 23 de agosto de 2011
209. Instalador de Tarz.n y los hombres hormiga
210.  
211.  
212. Window Name: Instalaci.n de Tarz.n-y-los-hombres-hormiga
213. Displayed Times: 9
214. Window Text:
215. &Yes
216. &No
217. .Est. seguro de que desea salir de la instalaci.n de Tarz.n-y-los-hombres-hormiga ?
218.  
219.  
220.  
221. [=============================================================================]
222. 2.a) Tarz__n-y-.exe - Registry Activities
223. [=============================================================================]
224. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
225. Registry Values Modified:
226. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
227. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
228. Value Name: [ BaseClass ], New Value: [ Drive ]
229. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
230. Value Name: [ BaseClass ], New Value: [ Drive ]
231.  
232. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
233. Registry Values Read:
234. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
235. Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ],
236. Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 1 time
237. Key: [ HKLM\SOFTWARE\CLASSES\DIRECTORY ],
238. Value Name: [ AlwaysShowExt ], Value: [ ], 1 time
239. Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ],
240. Value Name: [ DriveMask ], Value: [ 32 ], 1 time
241. Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
242. Value Name: [ CUAS ], Value: [ 0 ], 1 time
243. Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
244. Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
245. Key: [ HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters ],
246. Value Name: [ Transports ], Value: [ 0x5400630070006900700000004e0065007400420049004f00530000000000 ], 2 times
247. Key: [ HKLM\SYSTEM\Setup ],
248. Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times
249. Key: [ HKLM\SYSTEM\Setup ],
250. Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times
251. Key: [ HKLM\SYSTEM\Setup ],
252. Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
253. Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
254. Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time
255. Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
256. Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times
257. Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
258. Value Name: [ LogLevel ], Value: [ 0 ], 2 times
259. Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
260. Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times
261. Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
262. Value Name: [ ServicePackSourcePath ], Value: [ D:\ ], 2 times
263. Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
264. Value Name: [ SourcePath ], Value: [ D:\ ], 2 times
265. Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
266. Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
267. Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
268. Value Name: [ ComputerName ], Value: [ PC ], 2 times
269. Key: [ HKLM\System\CurrentControlSet\Services\LDAP ],
270. Value Name: [ LdapClientIntegrity ], Value: [ 1 ], 1 time
271. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
272. Value Name: [ Domain ], Value: [ ], 3 times
273. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
274. Value Name: [ Hostname ], Value: [ pc ], 3 times
275. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
276. Value Name: [ UseDomainNameDevolution ], Value: [ 0 ], 1 time
277. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
278. Value Name: [ HelperDllName ], Value: [ %SystemRoot%\System32\wshtcpip.dll ], 1 time
279. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
280. Value Name: [ Mapping ], Value: [ 0x0b0000000300000002000000010000000600000002000000010000000000 ], 1 time
281. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
282. Value Name: [ MaxSockaddrLength ], Value: [ 16 ], 1 time
283. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
284. Value Name: [ MinSockaddrLength ], Value: [ 16 ], 1 time
285. Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
286. Value Name: [ UseDelayedAcceptance ], Value: [ 0 ], 1 time
287. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
288. Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 4 times
289. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
290. Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
291. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
292. Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
293. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
294. Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
295. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
296. Value Name: [ Enabled ], Value: [ 1 ], 1 time
297. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
298. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
299. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
300. Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
301. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
302. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
303. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
304. Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
305. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
306. Value Name: [ Version ], Value: [ 0 ], 1 time
307. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
308. Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
309. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
310. Value Name: [ Enabled ], Value: [ 1 ], 1 time
311. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
312. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
313. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
314. Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
315. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
316. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
317. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
318. Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
319. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
320. Value Name: [ Version ], Value: [ 0 ], 1 time
321. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
322. Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
323. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
324. Value Name: [ Enabled ], Value: [ 1 ], 1 time
325. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
326. Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
327. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
328. Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
329. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
330. Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
331. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
332. Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
333. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
334. Value Name: [ Version ], Value: [ 0 ], 1 time
335. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
336. Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
337. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
338. Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
339. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
340. Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
341. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
342. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
343. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
344. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
345. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
346. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
347. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
348. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
349. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
350. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
351. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
352. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
353. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
354. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
355. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
356. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
357. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
358. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
359. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
360. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
361. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
362. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
363. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
364. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
365. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
366. Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
367. Key: [ HKLM\System\Setup ],
368. Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 2 times
369. Key: [ HKLM\System\WPA\PnP ],
370. Value Name: [ seed ], Value: [ 1274198464 ], 1 time
371. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
372. Value Name: [ Language Hotkey ], Value: [ 1 ], 4 times
373. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
374. Value Name: [ Layout Hotkey ], Value: [ 2 ], 4 times
375. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ ],
376. Value Name: [ ShellState ], Value: [ 0x2400000038080000000000000000000000000000010000000d0000000000 ], 2 times
377. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
378. Value Name: [ DontPrettyPath ], Value: [ 0 ], 1 time
379. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
380. Value Name: [ Filter ], Value: [ 0 ], 1 time
381. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
382. Value Name: [ Hidden ], Value: [ 1 ], 1 time
383. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
384. Value Name: [ HideFileExt ], Value: [ 0 ], 1 time
385. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
386. Value Name: [ HideIcons ], Value: [ 0 ], 1 time
387. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
388. Value Name: [ MapNetDrvBtn ], Value: [ 0 ], 1 time
389. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
390. Value Name: [ NoNetCrawling ], Value: [ 1 ], 1 time
391. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
392. Value Name: [ SeparateProcess ], Value: [ 0 ], 1 time
393. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
394. Value Name: [ ShowCompColor ], Value: [ 1 ], 1 time
395. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
396. Value Name: [ ShowInfoTip ], Value: [ 1 ], 1 time
397. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
398. Value Name: [ ShowSuperHidden ], Value: [ 1 ], 1 time
399. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
400. Value Name: [ WebView ], Value: [ 0 ], 1 time
401. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
402. Value Name: [ Data ], Value: [ 0x000000005c005c003f005c0049004400450023004300640052006f006d00 ], 1 time
403. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
404. Value Name: [ Generation ], Value: [ 1 ], 1 time
405. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
406. Value Name: [ Data ], Value: [ 0x000000005c005c003f005c00530054004f00520041004700450023005600 ], 1 time
407. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
408. Value Name: [ Generation ], Value: [ 1 ], 2 times
409. Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ],
410. Value Name: [ ProxyEnable ], Value: [ 0 ], 1 time
411.  
412. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
413. Monitored Registry Keys:
414. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
415. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
416. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
417. Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
418. Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
419.  
420.  
421. [=============================================================================]
422. 2.b) Tarz__n-y-.exe - File Activities
423. [=============================================================================]
424. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
425. Files Deleted:
426. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
427. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp ]
428. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp ]
429. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj1.tmp ]
430.  
431. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
432. Files Created:
433. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
434. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp ]
435. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\NSISdl.dll ]
436. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\System.dll ]
437. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\headerleft.bmp ]
438. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_DE.txt ]
439. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_EN.txt ]
440. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_ES.txt ]
441. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_FR.txt ]
442. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_IT.txt ]
443. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_NL.txt ]
444. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_PT.txt ]
445. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\modern-header.bmp ]
446. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\modern-wizard.bmp ]
447. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsDialogs.dll ]
448. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsRichEdit.dll ]
449. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp ]
450. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsj1.tmp ]
451.  
452. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
453. Files Read:
454. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
455. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\MetainstallerLicense_ES.txt ]
456. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp ]
457. File Name: [ C:\Tarz__n-y-.exe ]
458. File Name: [ C:\WINDOWS\win.ini ]
459. File Name: [ PIPE\lsarpc ]
460.  
461. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
462. Files Modified:
463. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
464. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\NSISdl.dll ]
465. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\System.dll ]
466. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\headerleft.bmp ]
467. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_DE.txt ]
468. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_EN.txt ]
469. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_ES.txt ]
470. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_FR.txt ]
471. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_IT.txt ]
472. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_NL.txt ]
473. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\metainstallerlicense_PT.txt ]
474. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\modern-header.bmp ]
475. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\modern-wizard.bmp ]
476. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsDialogs.dll ]
477. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsRichEdit.dll ]
478. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi3.tmp ]
479. File Name: [ MountPointManager ]
480. File Name: [ PIPE\lsarpc ]
481. File Name: [ \Device\Afd\AsyncConnectHlp ]
482. File Name: [ \Device\Afd\Endpoint ]
483. File Name: [ \Device\RasAcd ]
484.  
485. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
486. Directories Created:
487. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
488. Directory: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp ]
489.  
490. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
491. File System Control Communication:
492. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
493. File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
494. File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times
495.  
496. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
497. Device Control Communication:
498. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
499. File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
500. File: [ IDE#CdRomQEMU_QEMU_CD-ROM________________________0.9.____#4d51303030302033202020202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time
501. File: [ MountPointManager ], Control Code: [ 0x006D0008 ], 2 times
502. File: [ STORAGE#Volume#1&30a96598&0&SignatureB15FB15FOffset7E00Length13F291800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time
503. File: [ MountPointManager ], Control Code: [ 0x006D0034 ], 4 times
504. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
505. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 3 times
506. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 1 time
507. File: [ \Device\RasAcd ], Control Code: [ 0x00F14014 ], 1 time
508. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 1 time
509. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 2 times
510. File: [ \Device\Afd\AsyncConnectHlp ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
511. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 2 times
512. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 1 time
513. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 2 times
514. File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_DISCONNECT (0x0001202B) ], 1 time
515.  
516. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
517. Memory Mapped Files:
518. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
519. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\NSISdl.dll ]
520. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\System.dll ]
521. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\headerleft.bmp ]
522. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\modern-header.bmp ]
523. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsDialogs.dll ]
524. File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsg2.tmp\nsRichEdit.dll ]
525. File Name: [ C:\WINDOWS\System32\winrnr.dll ]
526. File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
527. File Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ]
528. File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
529. File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
530. File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
531. File Name: [ C:\WINDOWS\system32\RichEd20.dll ]
532. File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ]
533. File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
534. File Name: [ C:\WINDOWS\system32\SHFOLDER.dll ]
535. File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
536. File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
537. File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
538. File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
539. File Name: [ C:\WINDOWS\system32\imm32.dll ]
540. File Name: [ C:\WINDOWS\system32\mswsock.dll ]
541. File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
542. File Name: [ C:\WINDOWS\system32\rpcss.dll ]
543.  
544. [=============================================================================]
545. 2.c) Tarz__n-y-.exe - Network Activities
546. [=============================================================================]
547. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
548. DNS Queries:
549. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
550. Name: [ stats.xmlinst.com ], Query Type: [ DNS_TYPE_A ],
551. Query Result: [ 94.23.81.131 ], Successful: [ YES ], Protocol: [ udp ]
552.  
553. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
554. HTTP Conversations:
555. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
556. From ANUBIS:1028 to 94.23.81.131:80 - [ stats.xmlinst.com ]
557. Request: [ GET /report/index4.php?iid=118&nsoft=&soft=Tarz\xe1n-y-los-hombres-hormiga&offer=371&logtext=&action=startedInstall ], Response: [ 200 "OK" ]