Pastebin launched a little side project called VERYVIRAL.com, check it out ;-) Want more features on Pastebin? Sign Up, it's FREE!
Guest

Untitled

By: a guest on May 30th, 2012  |  syntax: None  |  size: 52.13 KB  |  views: 20  |  expires: Never
download  |  raw  |  embed  |  report abuse  |  print
This paste has a previous version, view the difference. Text below is selected. Please press Ctrl+C to copy to your clipboard. (⌘+C on Mac)
  1. [#############################################################################]
  2.     Analysis Report for MW3sa Reporting tool.exe
  3.                    MD5: 517e2d8869c36c0dca8e2dfef4e3255e
  4. [#############################################################################]
  5.  
  6. Summary:
  7.     - Write to foreign memory areas:
  8.         This executable tampers with the execution of another process.
  9.  
  10.     - Execution did not terminate correctly:
  11.         The executable crashed.
  12.  
  13.     - Performs File Modification and Destruction:
  14.         The executable modifies and destructs files which are not temporary.
  15.  
  16.     - Spawns Processes:
  17.         The executable produces processes during the execution.
  18.  
  19. [=============================================================================]
  20.     Table of Contents
  21. [=============================================================================]
  22.  
  23. - General information
  24. - MW3sa Repo.exe
  25.   a) Registry Activities
  26.   b) File Activities
  27.   c) Process Activities
  28.   d) Other Activities
  29.     - DW20.EXE
  30.       a) Registry Activities
  31.       b) File Activities
  32.  
  33.  
  34. [#############################################################################]
  35.     1. General Information
  36. [#############################################################################]
  37. [=============================================================================]
  38.     Information about Anubis' invocation
  39. [=============================================================================]
  40.         Time needed:        252 s
  41.         Report created:     05/11/12, 00:42:08 UTC
  42.         Termination reason: Timeout
  43.         Program version:    1.76.3886
  44.  
  45.  
  46. [#############################################################################]
  47.     2. MW3sa Repo.exe
  48. [#############################################################################]
  49. [=============================================================================]
  50.     General information about this executable
  51. [=============================================================================]
  52.         Analysis Reason: Primary Analysis Subject
  53.         Filename:        MW3sa Repo.exe
  54.         MD5:             517e2d8869c36c0dca8e2dfef4e3255e
  55.         SHA-1:           76fe8c9291fd48d1a5ab647172a7feb86d805c8e
  56.         File Size:       38912 Bytes
  57.         Process-status
  58.         at analysis end: alive
  59.         Exit Code:       0
  60.  
  61. [=============================================================================]
  62.     Load-time Dlls
  63. [=============================================================================]
  64.         Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
  65.                Base Address: [0x7C900000 ], Size: [0x000AF000 ]
  66.         Module Name: [ C:\WINDOWS\system32\mscoree.dll ],
  67.                Base Address: [0x79000000 ], Size: [0x0004A000 ]
  68.         Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ],
  69.                Base Address: [0x7C800000 ], Size: [0x000F6000 ]
  70.         Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
  71.                Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
  72.         Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
  73.                Base Address: [0x77E70000 ], Size: [0x00092000 ]
  74.         Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
  75.                Base Address: [0x77FE0000 ], Size: [0x00011000 ]
  76.         Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ],
  77.                Base Address: [0x603B0000 ], Size: [0x00066000 ]
  78.         Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
  79.                Base Address: [0x77F60000 ], Size: [0x00076000 ]
  80.         Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
  81.                Base Address: [0x77F10000 ], Size: [0x00049000 ]
  82.         Module Name: [ C:\WINDOWS\system32\USER32.dll ],
  83.                Base Address: [0x7E410000 ], Size: [0x00091000 ]
  84.         Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
  85.                Base Address: [0x77C10000 ], Size: [0x00058000 ]
  86.         Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll ],
  87.                Base Address: [0x79140000 ], Size: [0x0066F000 ]
  88.         Module Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ],
  89.                Base Address: [0x79060000 ], Size: [0x000BE000 ]
  90.         Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll ],
  91.                Base Address: [0x79880000 ], Size: [0x00DC3000 ]
  92.         Module Name: [ C:\WINDOWS\system32\ole32.dll ],
  93.                Base Address: [0x774E0000 ], Size: [0x0013D000 ]
  94.         Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
  95.                Base Address: [0x74720000 ], Size: [0x0004C000 ]
  96.         Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\culture.dll ],
  97.                Base Address: [0x60340000 ], Size: [0x0000D000 ]
  98.         Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll ],
  99.                Base Address: [0x60930000 ], Size: [0x00010000 ]
  100.         Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll ],
  101.                Base Address: [0x79810000 ], Size: [0x00060000 ]
  102.         Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ],
  103.                Base Address: [0x7A820000 ], Size: [0x00898000 ]
  104.         Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll ],
  105.                Base Address: [0x7B1D0000 ], Size: [0x00196000 ]
  106.         Module Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll ],
  107.                Base Address: [0x7B370000 ], Size: [0x00C6B000 ]
  108.         Module Name: [ C:\WINDOWS\system32\uxtheme.dll ],
  109.                Base Address: [0x5AD70000 ], Size: [0x00038000 ]
  110.         Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
  111.                Base Address: [0x5D090000 ], Size: [0x0009A000 ]
  112.         Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
  113.                Base Address: [0x773D0000 ], Size: [0x00103000 ]
  114.         Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ],
  115.                Base Address: [0x4EC50000 ], Size: [0x001A6000 ]
  116.         Module Name: [ C:\WINDOWS\system32\dciman32.dll ],
  117.                Base Address: [0x73BC0000 ], Size: [0x00006000 ]
  118.         Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
  119.                Base Address: [0x77C00000 ], Size: [0x00008000 ]
  120.         Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
  121.                Base Address: [0x77B40000 ], Size: [0x00022000 ]
  122.  
  123. [=============================================================================]
  124.     2.a) MW3sa Repo.exe - Registry Activities
  125. [=============================================================================]
  126. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  127.     Registry Values Read:
  128. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  129.         Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
  130.              Value Name: [ CUAS ], Value: [ 0 ], 1 time
  131.         Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ],
  132.              Value Name: [ AllOrNone ], Value: [ 1 ], 1 time
  133.         Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ],
  134.              Value Name: [ DoReport ], Value: [ 1 ], 1 time
  135.         Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ],
  136.              Value Name: [ ShowUI ], Value: [ 1 ], 1 time
  137.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug ],
  138.              Value Name: [ Auto ], Value: [ 1 ], 2 times
  139.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AeDebug ],
  140.              Value Name: [ Debugger ], Value: [ drwtsn32 -p %ld -e %ld -g ], 6 times
  141.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  142.              Value Name: [ Arial Baltic,186 ], Value: [ Arial,186 ], 1 time
  143.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  144.              Value Name: [ Arial CE,238 ], Value: [ Arial,238 ], 1 time
  145.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  146.              Value Name: [ Arial CYR,204 ], Value: [ Arial,204 ], 1 time
  147.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  148.              Value Name: [ Arial Greek,161 ], Value: [ Arial,161 ], 1 time
  149.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  150.              Value Name: [ Arial TUR,162 ], Value: [ Arial,162 ], 1 time
  151.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  152.              Value Name: [ Courier New Baltic,186 ], Value: [ Courier New,186 ], 1 time
  153.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  154.              Value Name: [ Courier New CE,238 ], Value: [ Courier New,238 ], 1 time
  155.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  156.              Value Name: [ Courier New CYR,204 ], Value: [ Courier New,204 ], 1 time
  157.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  158.              Value Name: [ Courier New Greek,161 ], Value: [ Courier New,161 ], 1 time
  159.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  160.              Value Name: [ Courier New TUR,162 ], Value: [ Courier New,162 ], 1 time
  161.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  162.              Value Name: [ Helv ], Value: [ MS Sans Serif ], 1 time
  163.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  164.              Value Name: [ Helvetica ], Value: [ Arial ], 1 time
  165.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  166.              Value Name: [ MS Shell Dlg ], Value: [ Microsoft Sans Serif ], 1 time
  167.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  168.              Value Name: [ MS Shell Dlg 2 ], Value: [ Tahoma ], 1 time
  169.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  170.              Value Name: [ Times ], Value: [ Times New Roman ], 1 time
  171.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  172.              Value Name: [ Times New Roman Baltic,186 ], Value: [ Times New Roman,186 ], 1 time
  173.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  174.              Value Name: [ Times New Roman CE,238 ], Value: [ Times New Roman,238 ], 1 time
  175.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  176.              Value Name: [ Times New Roman CYR,204 ], Value: [ Times New Roman,204 ], 1 time
  177.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  178.              Value Name: [ Times New Roman Greek,161 ], Value: [ Times New Roman,161 ], 1 time
  179.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  180.              Value Name: [ Times New Roman TUR,162 ], Value: [ Times New Roman,162 ], 1 time
  181.         Key: [ HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes ],
  182.              Value Name: [ Tms Rmn ], Value: [ MS Serif ], 1 time
  183.         Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
  184.              Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
  185.         Key: [ HKLM\SYSTEM\WPA\MediaCenter ],
  186.              Value Name: [ Installed ], Value: [ 0 ], 1 time
  187.         Key: [ HKLM\Software\Microsoft\.NETFramework ],
  188.              Value Name: [ InstallRoot ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\ ], 9 times
  189.         Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\\v4.0 ],
  190.              Value Name: [ 30319 ], Value: [ 30319-30319 ], 1 time
  191.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  192.              Value Name: [ Accessibility,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0xb0b518f748cecb01 ], 1 time
  193.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  194.              Value Name: [ System,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0x923ed9fd48cecb01 ], 1 time
  195.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  196.              Value Name: [ System.Configuration,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x189984f948cecb01 ], 1 time
  197.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  198.              Value Name: [ System.Deployment,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x5607dbfb48cecb01 ], 1 time
  199.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  200.              Value Name: [ System.Drawing,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x820dabfe48cecb01 ], 1 time
  201.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  202.              Value Name: [ System.Runtime.Serialization.Formatters.Soap,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0xccc2561749cecb01 ], 1 time
  203.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  204.              Value Name: [ System.Security,4.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x2029aaff48cecb01 ], 1 time
  205.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  206.              Value Name: [ System.Windows.Forms,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xc2b2590149cecb01 ], 1 time
  207.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  208.              Value Name: [ System.Xml,4.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xa019a50249cecb01 ], 1 time
  209.         Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ],
  210.              Value Name: [ mscorlib,4.0.0.0,,b77a5c561934e089,x86 ], Value: [ 0x7af6f1f448cecb01 ], 1 time
  211.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32 ],
  212.              Value Name: [ LatestIndex ], Value: [ 128 ], 4 times
  213.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ],
  214.              Value Name: [ DisplayName ], Value: [ mscorlib,4.0.0.0,,b77a5c561934e089 ], 2 times
  215.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ],
  216.              Value Name: [ LastModTime ], Value: [ 0x7af6f1f448cecb01 ], 2 times
  217.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ],
  218.              Value Name: [ Modules ], Value: [ normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp ], 2 times
  219.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ],
  220.              Value Name: [ SIG ], Value: [ 0xd74ebd98377318409551ee0825ada7bad7d8789378521e6bea0d6e989d21 ], 2 times
  221.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ],
  222.              Value Name: [ Status ], Value: [ 8198 ], 2 times
  223.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\1499ca42\653465f8\1 ],
  224.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 2 times
  225.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ],
  226.              Value Name: [ DisplayName ], Value: [ System.Windows.Forms,4.0.0.0,,b77a5c561934e089 ], 1 time
  227.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ],
  228.              Value Name: [ LastModTime ], Value: [ 0xc2b2590149cecb01 ], 1 time
  229.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ],
  230.              Value Name: [ SIG ], Value: [ 0x79b04eec0f762c4bad3017bac4150f5920332fc7d1d63954cd26fedf1009 ], 1 time
  231.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ],
  232.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  233.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\27e1f7e2\4e1b5ff2\28 ],
  234.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  235.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ],
  236.              Value Name: [ DisplayName ], Value: [ System.Xml,4.0.0.0,,b77a5c561934e089 ], 1 time
  237.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ],
  238.              Value Name: [ LastModTime ], Value: [ 0xa019a50249cecb01 ], 1 time
  239.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ],
  240.              Value Name: [ SIG ], Value: [ 0xc5001c24e7b69a47b45f038d12d280c5a05ed9d07250af4dfda78fa43f6f ], 1 time
  241.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ],
  242.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  243.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\34f474d5\65246f3f\7 ],
  244.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  245.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ],
  246.              Value Name: [ DisplayName ], Value: [ Accessibility,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  247.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ],
  248.              Value Name: [ LastModTime ], Value: [ 0xb0b518f748cecb01 ], 1 time
  249.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ],
  250.              Value Name: [ SIG ], Value: [ 0x57ceb6d0aebee44a86da4080b3cee6719172a9d7469f0bdaa99f1daf6c55 ], 1 time
  251.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ],
  252.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  253.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\491f93ce\3fe97dbf\17 ],
  254.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  255.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ],
  256.              Value Name: [ DisplayName ], Value: [ System.Deployment,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  257.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ],
  258.              Value Name: [ LastModTime ], Value: [ 0x5607dbfb48cecb01 ], 1 time
  259.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ],
  260.              Value Name: [ SIG ], Value: [ 0x30a1e4cabbcfa643b2c1db433397519b93fcf9ca788e7b63b5de5a6140e4 ], 1 time
  261.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ],
  262.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  263.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\58364143\24da33f5\16 ],
  264.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  265.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ],
  266.              Value Name: [ DisplayName ], Value: [ System,4.0.0.0,,b77a5c561934e089 ], 1 time
  267.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ],
  268.              Value Name: [ LastModTime ], Value: [ 0x923ed9fd48cecb01 ], 1 time
  269.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ],
  270.              Value Name: [ SIG ], Value: [ 0x317b4fe04715534ba83d8704c85662619cb5d7d82f52e76c37ce1d20af69 ], 1 time
  271.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ],
  272.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  273.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5a99e5cd\6598e7b6\8 ],
  274.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  275.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ],
  276.              Value Name: [ DisplayName ], Value: [ System.Runtime.Serialization.Formatters.Soap,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  277.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ],
  278.              Value Name: [ LastModTime ], Value: [ 0xccc2561749cecb01 ], 1 time
  279.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ],
  280.              Value Name: [ SIG ], Value: [ 0x111e988ed985ba478d919c3054b95e4e26a34e9fec62bc33acb451c286f9 ], 1 time
  281.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ],
  282.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  283.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d0933fc\a425901\27 ],
  284.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  285.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ],
  286.              Value Name: [ DisplayName ], Value: [ System.Configuration,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  287.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ],
  288.              Value Name: [ LastModTime ], Value: [ 0x189984f948cecb01 ], 1 time
  289.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ],
  290.              Value Name: [ SIG ], Value: [ 0x15fa5d2766c57d40893a33ef21db2cef56a8a5d4c0ca417d1533e9b0d7b0 ], 1 time
  291.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ],
  292.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  293.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\5d94bc56\3b150cef\6 ],
  294.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  295.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ],
  296.              Value Name: [ DisplayName ], Value: [ System.Security,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  297.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ],
  298.              Value Name: [ LastModTime ], Value: [ 0x2029aaff48cecb01 ], 1 time
  299.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ],
  300.              Value Name: [ SIG ], Value: [ 0x1d175efd3ba191438dec6514f010658c6257289cff6e1d0690f3714305a6 ], 1 time
  301.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ],
  302.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  303.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\62a6b5be\32040726\e ],
  304.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  305.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ],
  306.              Value Name: [ DisplayName ], Value: [ System.Drawing,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  307.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ],
  308.              Value Name: [ LastModTime ], Value: [ 0x820dabfe48cecb01 ], 1 time
  309.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ],
  310.              Value Name: [ SIG ], Value: [ 0x08151e88e059db47a143982f9ad099a80b66942d7261045bb91131a930c6 ], 1 time
  311.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ],
  312.              Value Name: [ Status ], Value: [ 4098 ], 1 time
  313.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\IL\910bc3f\306db89e\18 ],
  314.              Value Name: [ TargetedPatchBand ], Value: [ 0x01312e302e32312d30000000000000000000000000000000000000000000 ], 1 time
  315.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ],
  316.              Value Name: [ ConfigMask ], Value: [ 4361 ], 2 times
  317.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ],
  318.              Value Name: [ ConfigString ], Value: [  ], 2 times
  319.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ],
  320.              Value Name: [ DisplayName ], Value: [ mscorlib,4.0.0.0,,b77a5c561934e089 ], 2 times
  321.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ],
  322.              Value Name: [ ILDependencies ], Value: [ 0x42ca9914f8653465010000000400000000000000 ], 2 times
  323.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ],
  324.              Value Name: [ MVID ], Value: [ 0x4ff1f12a08d455f195ba996fe77497c6 ], 2 times
  325.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\181938c6\1499ca42\1 ],
  326.              Value Name: [ Status ], Value: [ 0 ], 2 times
  327.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  328.              Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time
  329.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  330.              Value Name: [ ConfigString ], Value: [  ], 1 time
  331.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  332.              Value Name: [ DisplayName ], Value: [ System,4.0.0.0,,b77a5c561934e089 ], 1 time
  333.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  334.              Value Name: [ ILDependencies ], Value: [ 0x56bc945def0c153b060000000400000000000000d574f4343f6f24650700 ], 1 time
  335.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  336.              Value Name: [ MVID ], Value: [ 0x161c6f80ad93b0505054d244f1c6243c ], 1 time
  337.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  338.              Value Name: [ NIDependencies ], Value: [ 0xc638191842ca9914010000000400000000000000c638191842ca99140100 ], 1 time
  339.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\30bc7c4f\5a99e5cd\8 ],
  340.              Value Name: [ Status ], Value: [ 0 ], 1 time
  341.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  342.              Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time
  343.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  344.              Value Name: [ ConfigString ], Value: [  ], 1 time
  345.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  346.              Value Name: [ DisplayName ], Value: [ System.Drawing,4.0.0.0,,b03f5f7f11d50a3a ], 1 time
  347.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  348.              Value Name: [ ILDependencies ], Value: [ 0x3fbc10099eb86d30180000000400000000000000 ], 1 time
  349.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  350.              Value Name: [ MVID ], Value: [ 0x2fe09cc54a8390b20e380239db34228f ], 1 time
  351.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  352.              Value Name: [ NIDependencies ], Value: [ 0xc638191842ca99140100000004000000000000004f7cbc30cde5995a0800 ], 1 time
  353.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\3cca06a0\910bc3f\18 ],
  354.              Value Name: [ Status ], Value: [ 0 ], 1 time
  355.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  356.              Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time
  357.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  358.              Value Name: [ ConfigString ], Value: [  ], 1 time
  359.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  360.              Value Name: [ DisplayName ], Value: [ System.Windows.Forms,4.0.0.0,,b77a5c561934e089 ], 1 time
  361.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  362.              Value Name: [ ILDependencies ], Value: [ 0xce931f49bf7de93f17000000040000000000000056bc945def0c153b0600 ], 1 time
  363.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  364.              Value Name: [ MVID ], Value: [ 0xf3cdd09fc0acc85c7febbd2e2ef9c4e5 ], 1 time
  365.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  366.              Value Name: [ NIDependencies ], Value: [ 0xc638191842ca9914010000000400000000000000a006ca3c3fbc10091800 ], 1 time
  367.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\NI\61e7e666\27e1f7e2\16 ],
  368.              Value Name: [ Status ], Value: [ 0 ], 1 time
  369.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\index80 ],
  370.              Value Name: [ ILUsageMask ], Value: [ 0xffffffffffffffffffffffffffffffff ], 2 times
  371.         Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v4.0.30319_32\index80 ],
  372.              Value Name: [ NIUsageMask ], Value: [ 0xffffffffffffffffffffffffffffffff ], 2 times
  373.         Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ],
  374.              Value Name: [ Latest ], Value: [ 1 ], 1 time
  375.         Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ],
  376.              Value Name: [ LegacyPolicyTimeStamp ], Value: [ 0x0000000000000000 ], 1 time
  377.         Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ],
  378.              Value Name: [ index1 ], Value: [ 0x00 ], 1 time
  379.         Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting\DW\Installed ],
  380.              Value Name: [ DW0200 ], Value: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], 1 time
  381.         Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll ],
  382.              Value Name: [ CheckAppHelp ], Value: [ 1 ], 1 time
  383.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  384.              Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time
  385.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  386.              Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time
  387.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  388.              Value Name: [ PolicyScope ], Value: [ 0 ], 1 time
  389.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  390.              Value Name: [ TransparentEnabled ], Value: [ 1 ], 2 times
  391.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  392.              Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  393.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  394.              Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time
  395.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  396.              Value Name: [ ItemSize ], Value: [ 779 ], 1 time
  397.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ],
  398.              Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  399.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  400.              Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  401.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  402.              Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time
  403.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  404.              Value Name: [ ItemSize ], Value: [ 517 ], 1 time
  405.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ],
  406.              Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  407.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  408.              Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  409.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  410.              Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time
  411.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  412.              Value Name: [ ItemSize ], Value: [ 918 ], 1 time
  413.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ],
  414.              Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  415.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  416.              Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  417.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  418.              Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time
  419.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  420.              Value Name: [ ItemSize ], Value: [ 229 ], 1 time
  421.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ],
  422.              Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  423.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  424.              Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
  425.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  426.              Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time
  427.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  428.              Value Name: [ ItemSize ], Value: [ 370 ], 1 time
  429.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ],
  430.              Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  431.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ],
  432.              Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time
  433.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ],
  434.              Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
  435.         Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
  436.              Value Name: [ ComputerName ], Value: [ PC ], 3 times
  437.         Key: [ HKLM\System\CurrentControlSet\Control\Nls\Language Groups ],
  438.              Value Name: [ 1 ], Value: [ 1 ], 5 times
  439.         Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ],
  440.              Value Name: [ 00000409 ], Value: [ 1 ], 2 times
  441.         Key: [ HKLM\System\CurrentControlSet\Control\Nls\Locale ],
  442.              Value Name: [ 00000C07 ], Value: [ 1 ], 3 times
  443.         Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
  444.              Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
  445.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  446.              Value Name: [ NumShape ], Value: [ 1 ], 1 time
  447.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  448.              Value Name: [ iCurrDigits ], Value: [ 2 ], 1 time
  449.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  450.              Value Name: [ iCurrency ], Value: [ 2 ], 1 time
  451.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  452.              Value Name: [ iDigits ], Value: [ 2 ], 1 time
  453.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  454.              Value Name: [ iNegCurr ], Value: [ 9 ], 1 time
  455.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  456.              Value Name: [ iNegNumber ], Value: [ 1 ], 1 time
  457.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  458.              Value Name: [ sCurrency ], Value: [  ], 1 time
  459.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  460.              Value Name: [ sDecimal ], Value: [ , ], 1 time
  461.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  462.              Value Name: [ sGrouping ], Value: [ 3;0 ], 1 time
  463.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  464.              Value Name: [ sMonDecimalSep ], Value: [ , ], 1 time
  465.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  466.              Value Name: [ sMonGrouping ], Value: [ 3;0 ], 1 time
  467.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  468.              Value Name: [ sMonThousandSep ], Value: [ . ], 1 time
  469.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  470.              Value Name: [ sNativeDigits ], Value: [ 0123456789 ], 1 time
  471.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  472.              Value Name: [ sNegativeSign ], Value: [ - ], 1 time
  473.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  474.              Value Name: [ sPositiveSign ], Value: [  ], 1 time
  475.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
  476.              Value Name: [ sThousand ], Value: [ . ], 1 time
  477.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  478.              Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
  479.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
  480.              Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
  481.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\GDIPlus ],
  482.              Value Name: [ FontCachePath ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Application Data ], 1 time
  483.         Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
  484.              Value Name: [ Cache ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ], 1 time
  485.  
  486.  
  487. [=============================================================================]
  488.     2.b) MW3sa Repo.exe - File Activities
  489. [=============================================================================]
  490. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  491.     Files Read:
  492. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  493.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\config\machine.config ]
  494.         File Name: [ PIPE\lsarpc ]
  495.  
  496. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  497.     Files Modified:
  498. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  499.         File Name: [ PIPE\lsarpc ]
  500.         File Name: [ WMIDataDevice ]
  501.  
  502. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  503.     File System Control Communication:
  504. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  505.         File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
  506.         File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 4 times
  507.  
  508. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  509.     Device Control Communication:
  510. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  511.         File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
  512.         File: [ WMIDataDevice ], Control Code: [ 0x0022414C ], 1 time
  513.         File: [ WMIDataDevice ], Control Code: [ 0x00228144 ], 2 times
  514.  
  515. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  516.     Memory Mapped Files:
  517. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  518.         File Name: [ C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT ]
  519.         File Name: [ C:\MW3sa Repo.exe ]
  520.         File Name: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
  521.         File Name: [ C:\WINDOWS\FONTS\MICROSS.TTF ]
  522.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SortDefault.nlp ]
  523.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clr.dll ]
  524.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\clrjit.dll ]
  525.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\culture.dll ]
  526.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\locale.nlp ]
  527.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ]
  528.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorrc.dll ]
  529.         File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\nlssorting.dll ]
  530.         File Name: [ C:\WINDOWS\Microsoft.Net\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll ]
  531.         File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
  532.         File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.GdiPlus_6595b64144ccf1df_1.0.2600.5512_x-ww_dfb54e0c\gdiplus.dll ]
  533.         File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
  534.         File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Drawing\2fe09cc54a8390b20e380239db34228f\System.Drawing.ni.dll ]
  535.         File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\f3cdd09fc0acc85c7febbd2e2ef9c4e5\System.Windows.Forms.ni.dll ]
  536.         File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\System\161c6f80ad93b0505054d244f1c6243c\System.ni.dll ]
  537.         File Name: [ C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\mscorlib\4ff1f12a08d455f195ba996fe77497c6\mscorlib.ni.dll ]
  538.         File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
  539.         File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
  540.         File Name: [ C:\WINDOWS\system32\MSVCR100_CLR0400.dll ]
  541.         File Name: [ C:\WINDOWS\system32\comctl32.dll ]
  542.         File Name: [ C:\WINDOWS\system32\dciman32.dll ]
  543.         File Name: [ C:\WINDOWS\system32\imm32.dll ]
  544.         File Name: [ C:\WINDOWS\system32\mscoree.dll ]
  545.         File Name: [ C:\WINDOWS\system32\rpcss.dll ]
  546.         File Name: [ C:\WINDOWS\system32\uxtheme.dll ]
  547.         File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
  548.  
  549. [=============================================================================]
  550.     2.c) MW3sa Repo.exe - Process Activities
  551. [=============================================================================]
  552. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  553.     Processes Created:
  554. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  555.         Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [  ]
  556.         Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [ dw20.exe -x -s 444 ]
  557.  
  558. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  559.     Remote Threads Created:
  560. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  561.         Affected Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
  562.  
  563. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  564.     Foreign Memory Regions Read:
  565. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  566.         Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
  567.  
  568. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  569.     Foreign Memory Regions Written:
  570. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  571.         Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
  572.  
  573.  
  574. [=============================================================================]
  575.     2.d) MW3sa Repo.exe - Other Activities
  576. [=============================================================================]
  577. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  578.     Mutexes Created:
  579. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  580.         Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
  581.         Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
  582.         Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
  583.         Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
  584.         Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
  585.         Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]
  586.  
  587. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  588.     Windows SEH exceptions:
  589. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  590.         Description: [ Exception 0xc0000005 (STATUS_ACCESS_VIOLATION) at 0x30744bd ], 1 time
  591.  
  592.         Description: [ Exception 0xc000001e at 0x79aa8108 ], 278 times
  593.  
  594.         Description: [ Exception 0xc00000fd (STATUS_STACK_OVERFLOW) at 0x79495bc5 ], 1 time
  595.  
  596.  
  597.  
  598.  
  599. [#############################################################################]
  600.     3. DW20.EXE
  601. [#############################################################################]
  602. [=============================================================================]
  603.     General information about this executable
  604. [=============================================================================]
  605.         Analysis Reason: Started by MW3sa Repo.exe
  606.         Filename:        DW20.EXE
  607.         MD5:             a981419c39cc02259b8f2da3974000d9
  608.         SHA-1:           905d359e2c5e8330d39b746132fa9779f52c0b93
  609.         File Size:       637272 Bytes
  610.         Command Line:    dw20.exe -x -s 444
  611.         Process-status
  612.         at analysis end: alive
  613.         Exit Code:       0
  614.  
  615. [=============================================================================]
  616.     Load-time Dlls
  617. [=============================================================================]
  618.         Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
  619.                Base Address: [0x7C900000 ], Size: [0x000AF000 ]
  620.         Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
  621.                Base Address: [0x7C800000 ], Size: [0x000F6000 ]
  622.         Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
  623.                Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
  624.         Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
  625.                Base Address: [0x77E70000 ], Size: [0x00092000 ]
  626.         Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
  627.                Base Address: [0x77FE0000 ], Size: [0x00011000 ]
  628.         Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ],
  629.                Base Address: [0x773D0000 ], Size: [0x00103000 ]
  630.         Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
  631.                Base Address: [0x77C10000 ], Size: [0x00058000 ]
  632.         Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
  633.                Base Address: [0x77F10000 ], Size: [0x00049000 ]
  634.         Module Name: [ C:\WINDOWS\system32\USER32.dll ],
  635.                Base Address: [0x7E410000 ], Size: [0x00091000 ]
  636.         Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
  637.                Base Address: [0x77F60000 ], Size: [0x00076000 ]
  638.         Module Name: [ C:\WINDOWS\system32\OLEACC.dll ],
  639.                Base Address: [0x74C80000 ], Size: [0x0002C000 ]
  640.         Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ],
  641.                Base Address: [0x76080000 ], Size: [0x00065000 ]
  642.         Module Name: [ C:\WINDOWS\system32\ole32.dll ],
  643.                Base Address: [0x774E0000 ], Size: [0x0013D000 ]
  644.         Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
  645.                Base Address: [0x77120000 ], Size: [0x0008B000 ]
  646.         Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
  647.                Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
  648.         Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
  649.                Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
  650.         Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
  651.                Base Address: [0x77C00000 ], Size: [0x00008000 ]
  652.         Module Name: [ C:\WINDOWS\system32\WININET.dll ],
  653.                Base Address: [0x771B0000 ], Size: [0x000AA000 ]
  654.         Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
  655.                Base Address: [0x77A80000 ], Size: [0x00095000 ]
  656.         Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
  657.                Base Address: [0x77B20000 ], Size: [0x00012000 ]
  658.  
  659. [=============================================================================]
  660.     3.a) DW20.EXE - Registry Activities
  661. [=============================================================================]
  662. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  663.     Registry Values Read:
  664. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  665.         Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
  666.              Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
  667.         Key: [ HKLM\SYSTEM\Setup ],
  668.              Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
  669.         Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ],
  670.              Value Name: [ * ], Value: [ 1 ], 1 time
  671.         Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ],
  672.              Value Name: [ * ], Value: [ 1 ], 1 time
  673.         Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
  674.              Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
  675.         Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
  676.              Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
  677.  
  678.  
  679. [=============================================================================]
  680.     3.b) DW20.EXE - File Activities
  681. [=============================================================================]
  682. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  683.     Device Control Communication:
  684. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  685.         File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time
  686.  
  687. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  688.     Memory Mapped Files:
  689. [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
  690.         File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ]
  691.         File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
  692.         File Name: [ C:\WINDOWS\system32\MSVCP60.dll ]
  693.         File Name: [ C:\WINDOWS\system32\OLEACC.dll ]
  694.         File Name: [ C:\WINDOWS\system32\OLEACCRC.DLL ]
  695.         File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
  696.         File Name: [ C:\WINDOWS\system32\WININET.dll ]
  697.         File Name: [ C:\WINDOWS\system32\urlmon.dll ]
clone this paste RAW Paste Data