Site Report for microsoft.com > File Analysis

Download Analysis for winterfunpack2004forwindowsxp.msi

We have tested this file and found it safe to use.

Overall Threat Level
SD Threat Level
AV Threat Level
TE Threat Level

Other information

File Name:	winterfunpack2004forwindowsxp.msi
File Size:	18.97 MB

Submission Summary:

Submission Details:
- Submission Received: 28 September 2008 02:40:46 AM
- Processing time: 5 min 36 sec
- Submitted sample:
  - File MD5: 5279B50A8F293633679A32A74DDE9228
  - File Size: 19,889,664 bytes
  - Alias & packer info:

Summary of the findings:

What's been found Severity Level

Registers a 32-bit in-process server DLL.

Technical Details:

File System Modifications

The following file was created in the system:

#	File Name	File Size	File MD5	Alias & packer info
1	%CommonPrograms%\Startup\Winter Fun Wallpaper Changer.lnk	1,810 bytes	AB254F784342571ED04DF28B1B6902C9	(not available)
2	%CommonPrograms%\Winter Fun Pack 2004 for Windows XP\Explore Winter Fun Pack 2004.lnk	1,876 bytes	052BD6685858C01FADE751EECE461457	(not available)
3	%CommonPrograms%\Winter Fun Pack 2004 for Windows XP\Winter Fun Pack 2004 Read Me.lnk	204 bytes	2D92CFA9611B22E2971B90147D204048	(not available)
4	%CommonPrograms%\Winter Fun Pack 2004 for Windows XP\Winter Fun Wallpaper Changer.lnk	1,810 bytes	F099056F5B4716568635D394ED7F961E	(not available)
5	%AppData%\Microsoft\Signatures\MPSongSignature.htm %AppData%\Microsoft\Signatures\MPSongSignature.OE.txt %AppData%\Microsoft\Signatures\MPSongSignature.rtf %AppData%\Microsoft\Signatures\MPSongSignature.txt	0 bytes	D41D8CD98F00B204E9800998ECF8427E	(not available)
6	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Christmas\Christmas -- All.wpl	16,694 bytes	69D095CA35C7742E514CFDE4A9E19373	(not available)
7	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Christmas\Christmas Favorites -- Fresh Tracks.wpl	27,012 bytes	7EAF0379C3C5D768A736EB4987DCFC4C	(not available)
8	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Christmas\Christmas Favorites -- One Audio CD worth.wpl	22,504 bytes	526375BB7D42A23DB38C19D4C0AD98FC	(not available)
9	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Christmas\Christmas Favorites -- One Data CD-R worth.wpl	22,503 bytes	C8B1B3C31B746276B83DDA418AE7E6DA	(not available)
10	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Hannukah\Hannukah -- All.wpl	39,735 bytes	6E4DD7EEBF51888EDD43F5C6DD262417	(not available)
11	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Hannukah\Hannukah Favorites -- Fresh Tracks.wpl	60,670 bytes	68A7ED63C7E58765065395F3DBA652C2	(not available)
12	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Hannukah\Hannukah Favorites -- One Audio CD worth.wpl	50,537 bytes	D93F5A8752FC920CB8320EFC4FC66982	(not available)
13	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Hannukah\Hannukah Favorites -- One Data CD-R worth.wpl	50,540 bytes	9D374A20BB2EDEE8E2139692C3AC69FA	(not available)
14	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Kwanzaa\Kwanzaa -- All.wpl	28,649 bytes	AB5AA5CA460EBEEA1B7DF33A07C0A243	(not available)
15	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Kwanzaa\Kwanzaa Favorites -- Fresh Tracks.wpl	47,804 bytes	AA4D0BBD6909D83F16FA94F7F475AF44	(not available)
16	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Kwanzaa\Kwanzaa Favorites -- One Audio CD worth.wpl	37,770 bytes	EF314D6BDFB19F446CF9BFBA023B4558	(not available)
17	%MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Kwanzaa\Kwanzaa Favorites -- One Data CD-R worth.wpl	37,531 bytes	6D25B5ED6B0B2DC61D29339BDB21B138	(not available)
18	%MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\677-AG-007-U6120.jpg	556,932 bytes	EFEED397442025E6934C18FC4FA095EE	(not available)
19	%MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\AX001905.jpg	598,286 bytes	92FD5734DC8AAFD6CB3E3F6623E0A5DB	(not available)
20	%MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\DM002647.jpg	571,269 bytes	8CEDCE46C37180B233E363BE078A8652	(not available)
21	%MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\WD002091.jpg	656,142 bytes	3B64FDC5B0AD9505EB10993CD28C62B2	(not available)
22	%MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\WIN-01RL157-001.jpg	469,209 bytes	7406DA7792ECA953A43976920053B0C9	(not available)
23	%MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\WIN-18PB016-004.jpg	537,848 bytes	F977A7FFE7BDF802AA9C61CA2342C3A2	(not available)
24	%ProgramFiles%\Windows Media Player\Plugins\MPExp\mpexp.dll	102,400 bytes	91E81DE4027556AE8448DE2D56BA0369	(not available)
25	%ProgramFiles%\Windows Media Player\Plugins\MPExp\mpexp_Readme.htm	23,318 bytes	34C3FE81847D1893F5F649F19B697B47	(not available)
26	%ProgramFiles%\Windows Media Player\Plugins\WMPBLOG\blogging.dll	131,072 bytes	7747459BD5E6A093A7F1AD653B98306F	(not available)
27	%ProgramFiles%\Windows Media Player\Plugins\WMPBLOG\ReadMe.html %ProgramFiles%\Winter Fun Pack 2004 for Windows XP\SongSignatureReadMe.html	4,495 bytes	145D86AC777F29AF252A9D54D9A89CF1	(not available)
28	%ProgramFiles%\Windows Media Player\Skins\Frostbite.wmz	517,811 bytes	3899B1B3AF7E0D9DC4F2F94220A3759B	(not available)
29	%ProgramFiles%\Windows Media Player\Skins\Ginger_man.wmz	403,864 bytes	BF256E4719649D1C857F3CF13EDD60D2	(not available)
30	%ProgramFiles%\Windows Media Player\Skins\Ginger_woman.wmz	479,624 bytes	50D7B652585744F49EC6CE73F702AF82	(not available)
31	%ProgramFiles%\Windows Media Player\Skins\Halo 2.wmz	5,239,082 bytes	6E3B54AD1C3430FD5560BB8BA4AF9FD6	(not available)
32	%ProgramFiles%\Windows Media Player\Skins\Ice.wmz	641,080 bytes	AEBD808D1A33791EB8E220F8C2AA262E	(not available)
33	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\bot.jpg	102,859 bytes	C359C11F86BC72652C8453CAF76675A9	(not available)
34	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\bricks.jpg	9,316 bytes	7334457760E1257203FA40268B294A5D	(not available)
35	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\ember1.jpg	4,666 bytes	EF70304136361AADC1A95BC504588BA4	(not available)
36	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\ember1b.jpg	4,741 bytes	644C38ADC0F41B091C540B553967CCA3	(not available)
37	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\ember2.jpg	2,988 bytes	9D9F2EE2252207F880F2F281455A0F71	(not available)
38	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\ember2b.jpg	3,385 bytes	D4C303F711018F867AA126BCD1785972	(not available)
39	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\ember3.jpg	1,870 bytes	C3C12AB73615C757849A52A79327515F	(not available)
40	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\flame.vso	956 bytes	BC9516145B24443E03F0C7A5389AF8CB	(not available)
41	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\flame1.tga	65,580 bytes	D64F25CC852172D59C44A9A1D8FC2F82	(not available)
42	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\flame2.tga	262,188 bytes	C76EE19FFE12425395823F717B6DE05E	(not available)
43	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\flame3.tga	65,580 bytes	6899BF0E93CC278F220F1C35DCF6E699	(not available)
44	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\flame4.tga	262,188 bytes	3570515E965DD2968A7D67D6B4A6C68A	(not available)
45	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\frt.jpg	19,192 bytes	376EFAE3CD19C049927F0BBC62B7DEB3	(not available)
46	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\iron.jpg	11,005 bytes	7FF422772706F52CB9EDFEB873214D56	(not available)
47	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\lft.jpg	26,313 bytes	B47161534D335E54922E73BDFBFED49C	(not available)
48	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log.vso	948 bytes	9C4F417AC5192BFDB1615B9BD9EA2062	(not available)
49	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log1.jpg	12,132 bytes	771D4C31D32BE8F8A0871796EB04E5C0	(not available)
50	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log1b.jpg	12,225 bytes	32B7AEF67BAEC933B751A806E4D93D66	(not available)
51	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log2.jpg	13,025 bytes	AA30B3D9B6F43CD00BF84473406CCFD8	(not available)
52	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log2b.jpg	13,163 bytes	E68DBB27828693E85920897F730DE98B	(not available)
53	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log3.jpg	9,265 bytes	FBF6704FE72BE5B7BA53B60CE1A14D6E	(not available)
54	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log3b.jpg	9,311 bytes	42E211977C017CD87FA0BD7A320CE6A3	(not available)
55	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log4.jpg	12,324 bytes	40F6C15251E4820600EACB5A3D22B67E	(not available)
56	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log5.jpg	29,444 bytes	221D81BDE716DC288B29905DCB86D3E5	(not available)
57	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\log5b.jpg	29,038 bytes	DE4AFB4FBC64AF7761E9A5804C0AFAA6	(not available)
58	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\noskin.vso	932 bytes	0D4132B66250B8355E26D2CB490E7D5D	(not available)
59	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\rgt.jpg	25,619 bytes	E46FC0ED860E6E760D7374E04166448B	(not available)
60	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\seq10000.x %ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\seq10001.x	422,611 bytes	85D1A42B662E80DEF40C6AD2BBFF0CC0	(not available)
61	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\skin.vso	2,360 bytes	6CD7BDC3BF27D085FE238992C032060B	(not available)
62	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\stone.jpg	12,753 bytes	641021955AC3B6332B09F403DCBFDAC5	(not available)
63	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turbx.tga	262,188 bytes	EC2524E48D6EE5C0823B6FCC876E19C0	(not available)
64	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turbx1.tga	65,580 bytes	AB44098CDF3964CA1F403957389CBA4D	(not available)
65	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turbx2.tga	262,188 bytes	D499FC051D42D6A0BDF67CB53C50CBD7	(not available)
66	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turbx3.tga	65,580 bytes	F1A17CB3CC1E1478C10CD254DC98E1DB	(not available)
67	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turbx4.tga	262,188 bytes	2A63FEC52BD78B6A0EFECC4777D949EA	(not available)
68	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turby.tga	262,188 bytes	CA97A4EF35EA9A0BA48159725F40FBF8	(not available)
69	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turby1.tga	65,580 bytes	AB65421AD3B739A3588A8AA7E09E7AFF	(not available)
70	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turby2.tga	262,188 bytes	0144BFAAA148E5C8864D5F3ED3FC279A	(not available)
71	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turby3.tga	65,580 bytes	8E8D5C601DCBB2DC8ADCF0DC7D7A1582	(not available)
72	%ProgramFiles%\Windows Media Player\Visualizations\Media\Fire\turby4.tga	262,188 bytes	F5AA2DD75B9AC81C58A7E14DB763A634	(not available)
73	%ProgramFiles%\Windows Media Player\Visualizations\Media\fire.anl	202 bytes	CB99716E7B21CAC85DDED4607A8AB7E7	(not available)
74	%ProgramFiles%\Windows Media Player\Visualizations\Media\fire.beh	812 bytes	5D9D58DE888CDBFA2D2DB2F966AD9504	(not available)
75	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Boot.txt	14,094 bytes	38970DE8B18488A3BE93891E0E3AED01	(not available)
76	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Big Star.txt	1,091 bytes	087E47BC4B36BC564C4185F10ACAAD4B	(not available)
77	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Candy Cane.txt	1,058 bytes	5CAB23429C7AEC6D6AD01DF108FDE8D3	(not available)
78	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Christmas Rave\Rave 1.txt	554 bytes	F949695A971813D8ECCE8563AEEAA212	(not available)
79	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Christmas Rave\Rave 2.txt	566 bytes	A6192588721F19234211081AAA697F05	(not available)
80	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Christmas Rave\Rave 3.txt	562 bytes	3EBD7237C5B6DF670C44D64C0E050A2F	(not available)
81	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Christmas Sparkles.txt	1,386 bytes	8DBEC1D0154E13E20931EA1DFB01B8ED	(not available)
82	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Christmas Spotlights.txt	1,208 bytes	E29BD2CE2E7D811C9FF708A0C1C127FB	(not available)
83	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\ChristmasScape.txt	565 bytes	122DFBC0F65E484642EB1C281A3AE5BB	(not available)
84	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Falling Flakes.txt	1,506 bytes	4D27588BE2B3BF90C3C010C1A9D76B42	(not available)
85	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Festive Fireworks!.txt	505 bytes	338546769F227A48E3DBA380621DCAF8	(not available)
86	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Neo World of Snow.txt	546 bytes	1828F6F7B9DAC4D904C9F081A6FC58EC	(not available)
87	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\O Christmas Tree.txt	745 bytes	4F5AA3977EE516E7299BF4386839BB5B	(not available)
88	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\RastaMan's Christmas Theme.txt	981 bytes	504F0CF17928F16BFF7A30E12BB3A3C1	(not available)
89	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Ribbon.txt	1,411 bytes	F4DE33CE529EF276D2C1B4299840370F	(not available)
90	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Snowfield Slipstream.txt	413 bytes	5A3C193655FBBEC7EFCCEC9D8FA17DD8	(not available)
91	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Snowfield.txt	590 bytes	120EBB20F9A328B6E0A5512CCF30D8DD	(not available)
92	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Snowflake.txt	1,841 bytes	BD34DC531D77DC2096E87CF99F1D68FE	(not available)
93	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Snowman 55.txt	1,903 bytes	16CD70E878C72D01052DACCC94A08C29	(not available)
94	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Stars\Star1.txt %ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Stars\Star3.txt	1,637 bytes	6A81B0E526F1CEEF6841DCA8A06C72CB	(not available)
95	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Stars\Star2.txt %ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Stars\Star4.txt	1,634 bytes	6AF70D4A08D4907D5FDD43B111155015	(not available)
96	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Configs\Wreath.txt	444 bytes	E1C77E364F1B88C924ADD77588593FA4	(not available)
97	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Documentation\background.html	12,791 bytes	EF47DCC973B079BD1D84D0274874163F	(not available)
98	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Documentation\config-programming.html	21,569 bytes	1EC4121F66FE6EC3844BC59B95D0239F	(not available)
99	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Documentation\contact.html	9,470 bytes	482F0395CDEC7AC83A5FABB48520102A	(not available)
100	%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\Documentation\customizing.html	44,695 bytes	F6A0863E3F9C9FD76A47814A57B98FB4	(not available)

Notes:
- %CommonPrograms% is a variable that refers to the file system directory that contains the directories for the common program groups that appear on the Start menu for all users. A typical path is C:\Documents and Settings\All Users\Start Menu\Programs (Windows NT/2000/XP).
- %AppData% is a variable that refers to the file system directory that serves as a common repository for application-specific data. A typical path is C:\Documents and Settings\[UserName]\Application Data.
- %MyDocuments% is a variable that refers to the file system directory used to physically store a user's common repository of documents. A typical path is C:\Documents and Settings\[UserName]\My Documents.
- %ProgramFiles% is a variable that refers to the Program Files folder. A typical path is C:\Program Files.

The following directories were created:
- %CommonPrograms%\Winter Fun Pack 2004 for Windows XP
- %AppData%\Microsoft\Signatures
- %MyDocuments%\My Music\My Playlists
- %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP
- %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Christmas
- %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Hannukah
- %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Kwanzaa
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_1
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_10
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_11
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_12
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_13
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_14
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_15
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_16
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_17
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_18
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_19
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_2
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_20
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_21
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_22
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_23
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_24
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_25
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_26
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_27
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_28
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_29
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_3
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_30
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_4
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_5
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_6
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_7
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_8
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Apr_9
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_1
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_10
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_11
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_12
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_13
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_14
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_15
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_16
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_17
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_18
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_19
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_2
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_20
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_21
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_22
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_23
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_24
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_25
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_26
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_27
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_28
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_29
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_3
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_30
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_31
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_4
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_5
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_6
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_7
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_8
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Aug_9
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_1
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_10
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_11
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_12
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_13
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_14
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_15
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_16
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_17
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_18
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_19
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_2
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_20
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_21
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_22
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_23
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_24
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_25
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_26
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_27
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_28
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_29
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_3
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_30
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_31
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_4
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_5
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_6
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_7
- %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Dec_8

Memory modifications

There was a new process created in the system:

Process Name	Process Filename	Main Module Size
MSIB.tmp	%Windir%\Installer\MSIB.tmp	200,704 bytes
WiseCustomCalla1.exe	%Windir%\038A524F58DB438A83918F7F0CA14B9E.TMP\WiseCustomCalla1.exe	28,672 bytes
icontmpl.26d6ff13_f77c_402e_8e96_9e49dfbbaf31.exe	%Windir%\installer\{038a524f-58db-438a-8391-8f7f0ca14b9e}\icontmpl.26d6ff13_f77c_402e_8e96_9e49dfbbaf31.exe	45,056 bytes
icon038a524f.exe	%Windir%\installer\{038a524f-58db-438a-8391-8f7f0ca14b9e}\icon038a524f.exe	28,672 bytes

Registry modifications

The following Registry Keys were created:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}\InprocServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC05565-154D-11d8-A75D-0000B4908923}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC05565-154D-11d8-A75D-0000B4908923}\InprocServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC05565-154D-11d8-A75D-0000B4908923}\TypeLib]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}\InprocServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ee4822-48b4-4f12-8a3f-a83e089d8075}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ee4822-48b4-4f12-8a3f-a83e089d8075}\InprocServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ee4822-48b4-4f12-8a3f-a83e089d8075}\TypeLib]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FD618-C65B-48cd-BEAF-6A052E60DA14}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FD618-C65B-48cd-BEAF-6A052E60DA14}\InprocServer32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FD618-C65B-48cd-BEAF-6A052E60DA14}\TypeLib]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\F425A830BD85A8343819F8F7C01AB4E9]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9\SourceList]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9\SourceList\Media]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9\SourceList\Net]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\9BE1CD4E888B83B4790EF968D9C16DC6]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}\ProxyStubClsid]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}\ProxyStubClsid32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}\TypeLib]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}\ProxyStubClsid]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}\ProxyStubClsid32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}\TypeLib]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\0]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\0\win32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\FLAGS]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\HELPDIR]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\0]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\0\win32]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\FLAGS]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\HELPDIR]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\WhiteCap_WMP_HE]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\WhiteCap_WMP_HE\Properties]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\Winter_1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\Winter_1\Properties]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YuleLog]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YuleLog\Properties]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YuleLog\Properties\Preset1]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\UIPlugins\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\UIPlugins\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\9BE1CD4E888B83B4790EF968D9C16DC6]
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{038A524F-58DB-438A-8391-8F7F0CA14B9E}]
- [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\UIPlugins]
- [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\UIPlugins\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}]
- [HKEY_USERS\.DEFAULT\Software\Microsoft\MediaPlayer\UIPlugins\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}\Settings]
- [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\UIPlugins]
- [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\UIPlugins\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}]
- [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\UIPlugins\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}]
- [HKEY_CURRENT_USER\Software\Microsoft\MediaPlayer\UIPlugins\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}\Settings]
- [HKEY_CURRENT_USER\Software\Microsoft\WallpaperToy]
- [HKEY_CURRENT_USER\Software\Microsoft\WinterPowerToy]

The newly created Registry Values are:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}\InprocServer32]
  - (Default) = "%ProgramFiles%\Windows Media Player\Plugins\MPExp\mpexp.dll"
  - ThreadingModel = "Apartment"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}]
  - (Default) = "Wmpexp Class"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC05565-154D-11d8-A75D-0000B4908923}\TypeLib]
  - (Default) = "{3DC05566-154D-11d8-A75D-0000B4908923}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC05565-154D-11d8-A75D-0000B4908923}\InprocServer32]
  - (Default) = "%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\WhiteCap_WMP_HE.DLL"
  - ThreadingModel = "Apartment"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3DC05565-154D-11d8-A75D-0000B4908923}]
  - (Default) = "WhiteCap_WMP Class"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}\InprocServer32]
  - (Default) = "%ProgramFiles%\Windows Media Player\Plugins\WMPBLOG\blogging.dll"
  - ThreadingModel = "Apartment"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}]
  - (Default) = "Blogger Class"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ee4822-48b4-4f12-8a3f-a83e089d8075}\TypeLib]
  - (Default) = "{3035d6ad-1427-42d5-89c7-58e6a45e15e1}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ee4822-48b4-4f12-8a3f-a83e089d8075}\InprocServer32]
  - (Default) = "c:\PROGRA~1\WINDOW~2\VISUAL~1\yule.dll"
  - ThreadingModel = "Apartment"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{c1ee4822-48b4-4f12-8a3f-a83e089d8075}]
  - (Default) = "YuleLog Class"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FD618-C65B-48cd-BEAF-6A052E60DA14}\TypeLib]
  - (Default) = "{E251D42E-9ADA-4807-B846-71435AE45E46}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FD618-C65B-48cd-BEAF-6A052E60DA14}\InprocServer32]
  - (Default) = "%ProgramFiles%\Windows Media Player\Visualizations\Winter_1.dll"
  - ThreadingModel = "Apartment"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F89FD618-C65B-48cd-BEAF-6A052E60DA14}]
  - (Default) = "Winter_1 Class"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\F425A830BD85A8343819F8F7C01AB4E9]
  - Complete = ""
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9\SourceList\Net]
  - 1 = "%System%\"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9\SourceList\Media]
  - DiskPrompt = "[ProductName] [1]"
  - 1 = ";LABEL"
  - 2 = ";"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9\SourceList]
  - PackageName = "[filename of the sample #1]"
  - LastUsedSource = "n;1;%System%\"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\F425A830BD85A8343819F8F7C01AB4E9]
  - ProductName = "Microsoft� Winter Fun Pack 2004 for Windows� XP"
  - PackageCode = "105CAE3DEA790A445BB4DDBD8267D328"
  - Language = 0x00000409
  - Version = 0x01000000
  - Assignment = 0x00000001
  - AdvertiseFlags = 0x00000184
  - InstanceType = 0x00000000
  - AuthorizedLUAApp = 0x00000000
  - Clients = ":"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\9BE1CD4E888B83B4790EF968D9C16DC6]
  - F425A830BD85A8343819F8F7C01AB4E9 = ""
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}\TypeLib]
  - (Default) = "{BFA29984-66E4-11D7-A75D-0000B4908923}"
  - Version = "1.0"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}\ProxyStubClsid32]
  - (Default) = "{00020424-0000-0000-C000-000000000046}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}\ProxyStubClsid]
  - (Default) = "{00020424-0000-0000-C000-000000000046}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BFA29985-66E4-11D7-A75D-0000B4908923}]
  - (Default) = "IGForce_WMP"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}\TypeLib]
  - (Default) = "{3035D6AD-1427-42D5-89C7-58E6A45E15E1}"
  - Version = "1.0"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}\ProxyStubClsid32]
  - (Default) = "{00020424-0000-0000-C000-000000000046}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}\ProxyStubClsid]
  - (Default) = "{00020424-0000-0000-C000-000000000046}"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{DAEEAA85-A2B0-4D80-99CD-00171801A1B9}]
  - (Default) = "IYule"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\0\win32]
  - (Default) = "%ProgramFiles%\Windows Media Player\Visualizations\yule.dll"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\HELPDIR]
  - (Default) = "%ProgramFiles%\Windows Media Player\Visualizations\"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0\FLAGS]
  - (Default) = "0"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{3035D6AD-1427-42D5-89C7-58E6A45E15E1}\1.0]
  - (Default) = "Yule 1.0 Type Library"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\0\win32]
  - (Default) = "%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\WhiteCap_WMP_HE.DLL"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\HELPDIR]
  - (Default) = "%ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0\FLAGS]
  - (Default) = "0"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\TypeLib\{BFA29984-66E4-11D7-A75D-0000B4908923}\1.0]
  - (Default) = "G-Force for Windows Media Player"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\WhiteCap_WMP_HE\Properties]
  - classid = "{3DC05565-154D-11d8-A75D-0000B4908923}"
  - name = "res://WhiteCap_WMP_HE.DLL/RT_STRING/#101"
  - description = "res://WhiteCap_WMP_HE.DLL/RT_STRING/#105"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\Winter_1\Properties]
  - classid = "{F89FD618-C65B-48cd-BEAF-6A052E60DA14}"
  - name = "res://Winter_1.dll/RT_STRING/#101"
  - description = "res://Winter_1.dll/RT_STRING/#105"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YuleLog\Properties\Preset1]
  - ANLFile = "fire.anl"
  - Sens = "100.0"
  - YRollOn = "TRUE"
  - XTurbOn = "TRUE"
  - YTurbOn = "TRUE"
  - YRollPeriod = "1.0"
  - XTurbPeriod = "3.0"
  - YTurbPeriod = "5.0"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\Objects\Effects\YuleLog\Properties]
  - classid = "{c1ee4822-48b4-4f12-8a3f-a83e089d8075}"
  - name = "Yule Log"
  - description = "Yule Log"
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\UIPlugins\{1C1D6A99-21B5-4992-82FC-4B08BBAC9DC3}]
  - FriendlyName = "res://wmpexp.dll/RT_STRING/#102"
  - Description = "res://wmpexp.dll/RT_STRING/#103"
  - Capabilities = 0xD8000002
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MediaPlayer\UIPlugins\{51EB565B-89F1-4EB8-881F-CC1ACEA33E7C}]
  - FriendlyName = "res://Blogger.dll/RT_STRING/#102"
  - Description = "res://Blogger.dll/RT_STRING/#103"
  - Capabilities = 0xC0000001
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
  - %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Christmas\ = "1"
  - %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\ = "1"
  - %MyDocuments%\My Music\My Playlists\ = "1"
  - %ProgramFiles%\Windows Media Player\Plugins\ = "1"
  - %MyDocuments%\My Music\My Playlists\Winter Fun Pack 2004 for Windows XP\Kwanzaa\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_1\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_2\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_3\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_4\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_5\ = "1"
  - %ProgramFiles%\Windows Media Player\Visualizations\WhiteCap (Holiday Edition)\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_6\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_7\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_8\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_9\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_10\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_11\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_12\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_13\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_14\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_15\ = "1"
  - %MyDocuments%\My Pictures\Winter Fun Pack 2004 for Windows XP\Wallpaper\Jan_16\ = "1"

The following Registry Values were modified:
- [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication]
  - Name = "MsiExec.exe"
- [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\ServiceCurrent]
  - (Default) = 0x0000000D
- [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\ServiceCurrent]
  - (Default) = 0x0000000D
- [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
  - AppData = "%UserProfile%\Application Data"

Other details

To mark the presence in the system, the following Mutex objects were created:
- _!SHMSFTHISTORY!_
- DBWinMutex

The following Host Name was requested from a host database:
- 206.137.17.89

All content ("Information") contained in this report is the copyrighted work of ThreatExpert Limited and its associated companies ("ThreatExpert") and may not be copied without the express permission of ThreatExpert.

The Information is provided on an "as is" basis. ThreatExpert disclaims all warranties, whether express or implied, to the maximum extent permitted by law, including the implied warranties that the Information is merchantable, of satisfactory quality, accurate, fit for a particular purpose or need, or non-infringing, unless such implied warranties are legally incapable of exclusion. Further, ThreatExpert does not warrant or make any representations regarding the use or the results of the use of the Information in terms of their correctness, accuracy, reliability, or otherwise.

What's been found	Severity Level
Registers a 32-bit in-process server DLL.