ThreatExpert Report

Submission Summary:

Submission details:

Submission received: 26 September 2008, 19:40:56
Processing time: 5 min 27 sec
Submitted sample:

File MD5: 0xAD54157D44953B28677B25B9AF9E0685
File SHA-1: 0x95878519E35C796EB2A10C730EBBFF0660C6E0A5
Filesize: 2,948,340 bytes

Summary of the findings:

What's been found	Severity Level
Creates a startup registry entry.
Registers a 32-bit in-process server DLL.

Technical Details:

The new window was created, as shown below:

NOTICE: The content shown in the above window is captured automatically and is not controlled or endorsed by ThreatExpert.
Please contact us on this link should any material be offensive or inappropriate and we will ensure any such content is blocked from future viewers of the report.

File System Modifications

The following files were created in the system:

#	Filename(s)	File Size	File Hash
1	%CommonPrograms%\Active Wallpaper Changer\Active Wallpaper Changer.lnk	711 bytes	MD5: 0x7615CECE3FDA387CB3B38B6FF70975F0 SHA-1: 0x2EE9828AAD27995D0C6FE017276B3632806589F8
2	%CommonPrograms%\Active Wallpaper Changer\Help.lnk	762 bytes	MD5: 0xD4A3D7ECD9BB20706A68422F1E8928AB SHA-1: 0x6E7FBA96262DB930B19C0DAC1AF654E0CCE4D867
3	%CommonPrograms%\Active Wallpaper Changer\Uninstall Active Wallpaper Changer.lnk	702 bytes	MD5: 0xA5A44CDF40ED059B24B2FDBE2BD9A846 SHA-1: 0x660D4748B2F8E67864A6DE6D05829F892A3003F1
4	%ProgramFiles%\ActiveMultiwallpaper\ActiveMultiwallpaper.chm	15,243 bytes	MD5: 0xC40A7E3A70F8E3E644D52E55C7B72B6E SHA-1: 0xA82B3C7D817E8225FCE3649A1DD5DC072ABDD114
5	%ProgramFiles%\ActiveMultiwallpaper\Changer.exe	739,328 bytes	MD5: 0x9C15A4A6B910CC068163B28C732EF4CA SHA-1: 0xD6D2A306B8B35B616188EF2D1FBCD22A8B2F49B6
6	%ProgramFiles%\ActiveMultiwallpaper\Changes.txt	6,250 bytes	MD5: 0xA0E38D190D6D0D531F743953A90EAC78 SHA-1: 0x3E13183B7BB7F364BC38CADDCB92A3C461D504A2
7	%ProgramFiles%\ActiveMultiwallpaper\Default.dat	436 bytes	MD5: 0xF53520CB84E458C40E9BABECE9221381 SHA-1: 0x504C7295657E4C52FD3EA0A2300C88735F06B940
8	%ProgramFiles%\ActiveMultiwallpaper\DeskHook.dll	21,504 bytes	MD5: 0x3A2FCC0EB9AEBA5B13ABB2B44A9FF5EF SHA-1: 0xE77DC89D84C06ACEB68D61CA0CA7BE800F6CE43E
9	%ProgramFiles%\ActiveMultiwallpaper\DLCat.dll	184,832 bytes	MD5: 0x6ECE6D9B33656DAD2807A308B8C934A6 SHA-1: 0x37AB579072320E02EB49F927BB1E0A68AE649D5D
10	%ProgramFiles%\ActiveMultiwallpaper\file_id.diz	230 bytes	MD5: 0x48BFF103B4F9C906A37BDFDD244C986E SHA-1: 0x8A5D6BFE9AC3FC02F88E77903DB3112F1958B120
11	%ProgramFiles%\ActiveMultiwallpaper\home.url	56 bytes	MD5: 0xE5FEE8DA67926DE715F30D06D45AD753 SHA-1: 0xF12B4726B99A08A37F5B061F97EBC60560FCF32B
12	%ProgramFiles%\ActiveMultiwallpaper\Images\castle.jpg	147,372 bytes	MD5: 0xBA2832AB944AFA5543254B14DDB1213A SHA-1: 0x75D5D5D989C4DA0DA116A9E8C529B3E4CE4DFC2C
13	%ProgramFiles%\ActiveMultiwallpaper\Images\rose.jpg	134,769 bytes	MD5: 0x499D7A9D8350BDD2483BCB5ECE129CCE SHA-1: 0xD68472EBCC56630B9AF7787B207CBB3A1AA67345
14	%ProgramFiles%\ActiveMultiwallpaper\Images\sunset.jpg	75,715 bytes	MD5: 0x738D3986D381465E0F98D0EF5D2F9057 SHA-1: 0x4C1547F7D33BD8F12B34E3B5FC256DA74489C0FA
15	%ProgramFiles%\ActiveMultiwallpaper\Images\town.jpg	89,304 bytes	MD5: 0xC36AD8EA6384A7689178BAD38C5C5A4C SHA-1: 0xFED8A0CE72FF283E4D9A6E4C72627E03BFC79FBF
16	%ProgramFiles%\ActiveMultiwallpaper\Images\water.jpg	96,919 bytes	MD5: 0xF3D185AE5EC4C7F9ECC8E9B941853837 SHA-1: 0x2FABB2802BC9CFD2E57B194DC2EAFAC73B0F3B2B
17	%ProgramFiles%\ActiveMultiwallpaper\Languages\Arabic.lng	15,583 bytes	MD5: 0xB5ABAD4F59FD709C35B96CF11AC5A8B7 SHA-1: 0xCFB58ED05929CF2F8C442C386C3072C8BB62B187
18	%ProgramFiles%\ActiveMultiwallpaper\Languages\dutch.lng	14,191 bytes	MD5: 0x45E8FAE8BAAB822E6E9B0022D410393C SHA-1: 0x05323C037E530C9DA45F6810752240BA638F9048
19	%ProgramFiles%\ActiveMultiwallpaper\Languages\Russian.lng	16,913 bytes	MD5: 0x2635F5B486E39A1B6EAC5E6C4CE99348 SHA-1: 0x44669DEC0ADA68508FE40A3327277640C24FA5E8
20	%ProgramFiles%\ActiveMultiwallpaper\Languages\Swedish.lng	16,170 bytes	MD5: 0xE6E639F9E5F028C130B4228360F58F5F SHA-1: 0xC763100C3F5850B44FEEE3DD5C00BEE9A468B93B
21	%ProgramFiles%\ActiveMultiwallpaper\Languages\Ukrainian.lng	16,840 bytes	MD5: 0x92F7471649F5F973BE3E0A7DDEF40565 SHA-1: 0x82A302788239D79B9DE3E63C6F3CD0280FE56BC5
22	%ProgramFiles%\ActiveMultiwallpaper\License.txt	4,481 bytes	MD5: 0x8029A0B067A2921ED59F823B57FECD59 SHA-1: 0xE42B0E286F1C5156FCD8C762F5BA17490967F005
23	%ProgramFiles%\ActiveMultiwallpaper\pad.xml	28,956 bytes	MD5: 0x640E897DA7C1C5E19145CC3745E3476A SHA-1: 0x2D362B6802919FCCDD0800DC9ABE23E0982077BE
24	%ProgramFiles%\ActiveMultiwallpaper\Readme.txt	2,127 bytes	MD5: 0x1B040D2275F9B1126F14AD9C9A70A7DA SHA-1: 0x99A59F84080B54218BD912B65EB2F1E5F383C7C9
25	%ProgramFiles%\ActiveMultiwallpaper\Setup.dll	2,396,160 bytes	MD5: 0x1875478AAAB2246C58EF31B6F5C3CE03 SHA-1: 0x67D0C26F72F8BCA4262F8E3A55B40D00EDC17D57
26	%ProgramFiles%\ActiveMultiwallpaper\SetupEffects.dll	1,831,936 bytes	MD5: 0x4BED0E84016D2813C0FE2702CE5305DF SHA-1: 0x71E9FC7C086C649E27ACF0EC47ABD4B858B01131
27	%ProgramFiles%\ActiveMultiwallpaper\Skins\Blue 2.ctp	10,993 bytes	MD5: 0xB3EB85CF10505FDC784F27D3A86873F0 SHA-1: 0x25058F4DA093AB617F2F98761E5534D5A7C6426D
28	%ProgramFiles%\ActiveMultiwallpaper\Skins\Blue.ctp	10,314 bytes	MD5: 0xFB5CAD7C03FBAE2F093E9ECAEFC05EB2 SHA-1: 0x968CA5035192C13676927DB6101003DADF0F622B
29	%ProgramFiles%\ActiveMultiwallpaper\Skins\Green 2.ctp	10,733 bytes	MD5: 0x2CDD69ACB739E9284A87004CC29415B1 SHA-1: 0x6EAEFC02AE3A6EEF34DB8D73D453943CA7B3181C
30	%ProgramFiles%\ActiveMultiwallpaper\Skins\Green.ctp	10,062 bytes	MD5: 0x5E5B04F7D0080B2B057C4C18FD6358B3 SHA-1: 0x9AC50759ADBD86CD45CC69441802CD57C32AD97C
31	%ProgramFiles%\ActiveMultiwallpaper\Skins\Light 2.ctp	1,374 bytes	MD5: 0x2D82C198D4AB42C1A48BB8A4F152B8A3 SHA-1: 0x774FCD10B7A3BA524B57B15E1EE9F557D3E91A86
32	%ProgramFiles%\ActiveMultiwallpaper\Skins\Light.ctp	1,377 bytes	MD5: 0xED16C272B296B44D510A9CA02F7FFB43 SHA-1: 0xDF9498E8FA1660261BA9802547D29796DFFC4F94
33	%ProgramFiles%\ActiveMultiwallpaper\Skins\Red 2.ctp	11,180 bytes	MD5: 0x43AA7E46101D122827157ACD3C7A7439 SHA-1: 0x8C529907BD9A31680552668260CAA5AEBBC2CB25
34	%ProgramFiles%\ActiveMultiwallpaper\Skins\Red.ctp	10,516 bytes	MD5: 0xB3EE982AE2A8D796A77885E2529204D0 SHA-1: 0x7D0DD6E4F6AD7B92803E3F21F6C6EF1D54A2633D
35	%ProgramFiles%\ActiveMultiwallpaper\Skins\Shadow.ctp	1,378 bytes	MD5: 0x9C08C03B64ABD78B2DE0E6E4F39FD816 SHA-1: 0x82B34CE9A22CCAAEA9373B8016026D6C39EC6A5F
36	%ProgramFiles%\ActiveMultiwallpaper\Skins\Silver 2.ctp	37,724 bytes	MD5: 0x8669782C833BF20298B19644D76D6C29 SHA-1: 0xDFAF7B5AC3BEF09506C7A9592DBCE59BB67D78E6
37	%ProgramFiles%\ActiveMultiwallpaper\Skins\Silver.ctp	37,051 bytes	MD5: 0xA4387D300A8A62C7E682758D2F5AE937 SHA-1: 0x8097850F3BFBFE0A817B89F0A2F2AD87834BB37F
38	%ProgramFiles%\ActiveMultiwallpaper\Skins\Winamp mania 2.ctp	8,491 bytes	MD5: 0x23C6D2BD33C618775FE30C1CABDE9F9D SHA-1: 0x98CB41FB7B2416999397BD62F11804F2BF52EC0B
39	%ProgramFiles%\ActiveMultiwallpaper\Skins\Winamp mania.ctp	8,488 bytes	MD5: 0x1513807649592D9649A10C6630138A1F SHA-1: 0xFA2CD95CF0B2FA5DFAE44784CACE5B271CC5AEBD
40	%ProgramFiles%\ActiveMultiwallpaper\unins000.dat	4,506 bytes	MD5: 0x69F33BE17BFCB808CB44276449B906EA SHA-1: 0x832F070B3CEC18E98260C37CF17259281DEF619C
41	%ProgramFiles%\ActiveMultiwallpaper\unins000.exe	77,257 bytes	MD5: 0xBF15CE70E055955FAFD81A18EC1C0771 SHA-1: 0x2E744B01A4A96B82F1C298304D497A26D75C5B91
42	[file and pathname of the sample #1]	2,948,340 bytes	MD5: 0xAD54157D44953B28677B25B9AF9E0685 SHA-1: 0x95878519E35C796EB2A10C730EBBFF0660C6E0A5

Notes:

%CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
%ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:

%CommonPrograms%\Active Wallpaper Changer
%AppData%\ActiveMultiWallpaper
%ProgramFiles%\ActiveMultiwallpaper
%ProgramFiles%\ActiveMultiwallpaper\Images
%ProgramFiles%\ActiveMultiwallpaper\Languages
%ProgramFiles%\ActiveMultiwallpaper\Skins

Notes:

%AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.

Memory Modifications

There were new processes created in the system:

Process Name	Process Filename	Main Module Size
is-DQ0BV.tmp	%Temp%\is-17C6Q.tmp\is-DQ0BV.tmp	643,072 bytes
Changer.exe	%ProgramFiles%\ActiveMultiwallpaper\Changer.exe	1,355,776 bytes
[filename of the sample #1]	[file and pathname of the sample #1]	77,824 bytes

Notes:

%Temp% is a variable that refers to the temporary folder in the short path form. By default, this is C:\Documents and Settings\[UserName]\Local Settings\Temp\ (Windows NT/2000/XP).

Registry Modifications

The following Registry Keys were created:

HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\LocalServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\Control
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\Implemented Categories
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\InprocServer32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\MiscStatus
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\ProgID
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\ToolboxBitmap32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\Version
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}\ProxyStubClsid
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}\ProxyStubClsid32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}\TypeLib
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\0
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\0\win32
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\FLAGS
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\HELPDIR
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveMultiwallpaperChanger.AMWChanger
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveMultiwallpaperChanger.AMWChanger\Clsid
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Active Wallpaper Changer_is1
HKEY_CURRENT_USER\Software\ASProtect
HKEY_CURRENT_USER\Software\ASProtect\SpecData
HKEY_CURRENT_USER\Software\Blackmoon
HKEY_CURRENT_USER\Software\Blackmoon\ActiveMultiwallpaper

The newly created Registry Values are:

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\Version]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\TypeLib]

(Default) = "{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\ProgID]

(Default) = "ActiveMultiwallpaperChanger.AMWChanger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}\LocalServer32]

(Default) = "C:\PROGRA~1\ACTIVE~1\Changer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1214EE87-6AB2-485F-BB37-7F8472AF205A}]

(Default) = "ActiveMultiwallpaperChanger Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\Version]

(Default) = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\TypeLib]

(Default) = "{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\ToolboxBitmap32]

(Default) = "%System%\daxctle.ocx, 101"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\ProgID]

(Default) = "DirectAnimation.PathControl"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\MiscStatus]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\InprocServer32]

(Default) = "%System%\daxctle.ocx"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\Implemented Categories]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}\Control]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9B45DD18-95BE-4147-928D-035B0EB58693}]

(Default) = "Aqeka.Epokiq class"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}\TypeLib]

(Default) = "{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}"
Version = "1.0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}\ProxyStubClsid32]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}\ProxyStubClsid]

(Default) = "{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{E91E8D15-EBB6-4E4A-9F82-E34C25B7E2A9}]

(Default) = "IAMWChanger"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\0\win32]

(Default) = "%System%\danim.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\HELPDIR]

(Default) = "%System%\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0\0]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}\1.0]

(Default) = "DirectAnimation Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{4165D0B2-19AC-23AD-6A9C-188D98B8BB42}]

(Default) = ""

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\0\win32]

(Default) = "%ProgramFiles%\ActiveMultiwallpaper\Changer.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\HELPDIR]

(Default) = "%ProgramFiles%\ActiveMultiwallpaper\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0\FLAGS]

(Default) = "0"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{6BD8C8FA-D0D4-4F5A-AFFA-78DA66277811}\1.0]

(Default) = "Active Multiwallpaper Changer Library"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveMultiwallpaperChanger.AMWChanger\Clsid]

(Default) = "{1214EE87-6AB2-485F-BB37-7F8472AF205A}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ActiveMultiwallpaperChanger.AMWChanger]

(Default) = "ActiveMultiwallpaperChanger Object"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Active Wallpaper Changer_is1]

Inno Setup: Setup Version = "4.2.5"
Inno Setup: App Path = "%ProgramFiles%\ActiveMultiwallpaper"
InstallLocation = "%ProgramFiles%\ActiveMultiwallpaper\"
Inno Setup: Icon Group = "Active Wallpaper Changer"
Inno Setup: User = "%UserName%"
Inno Setup: Setup Type = "full"
Inno Setup: Selected Components = "main,images,skins"
Inno Setup: Deselected Components = ""
DisplayName = "Active Wallpaper Changer"
DisplayIcon = "%ProgramFiles%\ActiveMultiwallpaper\Changer.exe"
UninstallString = ""%ProgramFiles%\ActiveMultiwallpaper\unins000.exe""
QuietUninstallString = ""%ProgramFiles%\ActiveMultiwallpaper\unins000.exe" /SILENT"
DisplayVersion = "3.8.1 (Build 117)"
Publisher = "ABF software, Inc."
URLInfoAbout = "http://www.multiwallpaper.com/"
NoModify = 0x00000001
NoRepair = 0x00000001

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]

ActiveMultiwallpaper = "%ProgramFiles%\ActiveMultiwallpaper\Changer.exe"

so that Changer.exe runs every time Windows starts

[HKEY_CURRENT_USER\Software\ASProtect\SpecData]

(Default) = "613812E7FA693369"
613812E7FA693369 = 36 23 2B 8C F4 8A 5F D4 DE E6 34 5D 1B 77 29 3A 0C 1B 32 A5 20 10 C9 05 31 D9 CB E1 02 8B 34 22 9B 44 35 44 42 72 15 32 E6 AD 5A 7C 33 9C C8 A2 27 04 E1 67 16 D1 DC 23 D4 5A 1D 83 E2 C4 01 46 E8 CD E4 61 8B 6E 82 9F 64 CF EC 9F 4F D5 DA E8 94 42 2D 3

[HKEY_CURRENT_USER\Software\Blackmoon\ActiveMultiwallpaper]

(Default) = "%ProgramFiles%\ActiveMultiwallpaper"
ProgramGroup = "Active Wallpaper Changer"
Version = "3.8.1.117"

Other details

To mark the presence in the system, the following Mutex object was created:

Local\AMWPMRunned

All content ("Information") contained in this report is the copyrighted work of Threat Expert Ltd and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.