Page 2 of 2 FirstFirst 12
Results 16 to 30 of 30
  1. #16
    aIW|dot's Avatar
    Join Date
    Dec 2010
    Gender
    male
    Posts
    32
    Reputation
    10
    Thanks
    149
    Quote Originally Posted by shadowx360 View Post
    It can't be hard, it's an unobfuscated .net application....*cough* reflector *cough*
    nope.avi

  2. #17
    shadowx360's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    305
    Reputation
    15
    Thanks
    69
    My Mood
    Cynical
    Quote Originally Posted by jerbob92 View Post
    Also, did anybody test this? :P
    "Unable to find a version of runtime to run this." Dude, did you write this for Windows 95?


    When I wrote this code, only God and I understood what I was doing. Now, God only knows.
    I will give you two of my seventy-two virgins if you can fix the code mess below

  3. #18
    useluker2's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Posts
    24
    Reputation
    10
    Thanks
    9
    My Mood
    Goofy
    Not working...When i start it it says:
    "O:\dude\icon_1.ico has stopped working...and it closes

  4. #19
    ♪~ ᕕ(ᐛ)ᕗ's Avatar
    Join Date
    Jun 2010
    Gender
    male
    Location
    Uterus
    Posts
    8,643
    Reputation
    748
    Thanks
    1,818
    My Mood
    Doh
    Quote Originally Posted by aIW|dot View Post
    nope.avi
    wrong hack dude :P
    Quote Originally Posted by KING View Post
    Stop FACKING SUMMONING ME TO THESE FUCKTARDS CONVOS.
    DAFUQ IS DIS FACKING SHYT.
    SHYT MAKES NO SENSE.

    On a side note. You fags are fucking hatting.
    You guys don't know shyt about spam.
    Danny would post on everysingle post every fucking hour, you couldnt tell which post was recent or anything. It was a fuck fest, he wouldnt have shyt to say....cares he posted like a fag he is.

    Josh made mutiple threads a day. And not just G, everywhere. That why everyone liked that dumb nikka.

    @Richard Nixon -Are you Endrat? @REAP @Digits2012 @Ghost -Son...I am dissapoint @Sjoerd -SMD @Canadian @FrosK -Dumb name is dumb @Nebulaa @That_Kid -Man Up @The XXX Devil -Oh look another joker avatar-how original and neat

    The rest who I didn't mention comment....Suck my left nut....but not to hard...it hurts.

  5. #20
    aIW|dot's Avatar
    Join Date
    Dec 2010
    Gender
    male
    Posts
    32
    Reputation
    10
    Thanks
    149
    Quote Originally Posted by Huey Freeman View Post


    wrong hack dude :P
    it's the correct one.

    also

  6. #21
    jerbob92's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    72
    Reputation
    10
    Thanks
    6
    This hack really is fucked, it launched itself 10 times and after closing it removed itself, how retarded.

  7. #22
    shadowx360's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Posts
    305
    Reputation
    15
    Thanks
    69
    My Mood
    Cynical
    Quote Originally Posted by aIW|dot View Post
    it's the correct one.

    also
    I get the same thing. And what, you can't read Chinese? :P jk jk, yeah, I saw the characters when I tried it, then tried loading a debugger and it randomly crashed. Ran it legit for the first time and then saw that error. I thought it was an anti-debugger method at first before I actually ran it by itself in a sandbox.


    Quote Originally Posted by jerbob92 View Post
    This hack really is fucked, it launched itself 10 times and after closing it removed itself, how retarded.
    Starting to smell like it's not just a hack..... Is it me or does 600 kb's seem like a lot for one little app? The last no-recoil was 4.5 kb's...I smell something fishy

    EDIT: yeah, totally legit. Just screws your IE browser settings, runs a few foreign processes, intercepts memory:

    Code:
    [#############################################################################]
        Analysis Report for AlterIW No Recoil.exe
                       MD5: 5f1e6c8f73356b7c33a60d1d91c92f56
    [#############################################################################]
    
    Summary: 
        - Write to foreign memory areas: 
            This executable tampers with the execution of another process.
    
        - Execution did not terminate correctly: 
            The executable crashed.
    
        - Changes security settings of Internet Explorer:
            This system alteration could seriously affect safety surfing the World
            Wide Web.
    
        - Spawns Processes:
            The executable produces processes during the execution.
    
        - Performs Registry Activities:
            The executable creates and/or modifies registry entries.
    
    [=============================================================================]
        Table of Contents
    [=============================================================================]
    
    - General information
    - AlterIW No.exe
      a) Registry Activities
      b) File Activities
      c) Process Activities
      d) Other Activities
        - DW20.EXE
          a) Registry Activities
          b) File Activities
          c) Process Activities
    
    
    [#############################################################################]
        1. General Information
    [#############################################################################]
    [=============================================================================]
        Information about Anubis' invocation
    [=============================================================================]
            Time needed:        267 s
            Report created:     08/07/11, 17:30:29 UTC
            Termination reason: Timeout
            Program version:    1.75.3394
    
    
    [#############################################################################]
        2. AlterIW No.exe
    [#############################################################################]
    [=============================================================================]
        General information about this executable
    [=============================================================================]
            Analysis Reason: Primary Analysis Subject
            Filename:        AlterIW No.exe
            MD5:             5f1e6c8f73356b7c33a60d1d91c92f56
            SHA-1:           841742a0934ec92f5dd7a0dc8067e084c096dc08
            File Size:       646656 Bytes
            Process-status
            at analysis end: alive
            Exit Code:       0
    
    [=============================================================================]
        Load-time Dlls
    [=============================================================================]
            Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
                   Base Address: [0x7C900000 ], Size: [0x000AF000 ]
            Module Name: [ C:\WINDOWS\system32\mscoree.dll ],
                   Base Address: [0x79000000 ], Size: [0x0004A000 ]
            Module Name: [ C:\WINDOWS\system32\KERNEL32.dll ],
                   Base Address: [0x7C800000 ], Size: [0x000F6000 ]
            Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
                   Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
            Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
                   Base Address: [0x77E70000 ], Size: [0x00092000 ]
            Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
                   Base Address: [0x77FE0000 ], Size: [0x00011000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ],
                   Base Address: [0x603B0000 ], Size: [0x00066000 ]
            Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
                   Base Address: [0x77F60000 ], Size: [0x00076000 ]
            Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
                   Base Address: [0x77F10000 ], Size: [0x00049000 ]
            Module Name: [ C:\WINDOWS\system32\USER32.dll ],
                   Base Address: [0x7E410000 ], Size: [0x00091000 ]
            Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
                   Base Address: [0x77C10000 ], Size: [0x00058000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ],
                   Base Address: [0x79E70000 ], Size: [0x0058F000 ]
            Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
                   Base Address: [0x78130000 ], Size: [0x0009B000 ]
            Module Name: [ C:\WINDOWS\system32\shell32.dll ],
                   Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
            Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
                   Base Address: [0x773D0000 ], Size: [0x00103000 ]
            Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
                   Base Address: [0x5D090000 ], Size: [0x0009A000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ],
                   Base Address: [0x790C0000 ], Size: [0x00B36000 ]
            Module Name: [ C:\WINDOWS\system32\ole32.dll ],
                   Base Address: [0x774E0000 ], Size: [0x0013D000 ]
            Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
                   Base Address: [0x74720000 ], Size: [0x0004C000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ],
                   Base Address: [0x79060000 ], Size: [0x00056000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ],
                   Base Address: [0x7A440000 ], Size: [0x007EA000 ]
            Module Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\900525e192ca3d523143207ac11ae5f5\Microsoft.VisualBasic.ni.dll ],
                   Base Address: [0x5E430000 ], Size: [0x001AE000 ]
            Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
                   Base Address: [0x00EA0000 ], Size: [0x002C5000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ],
                   Base Address: [0x60340000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
                   Base Address: [0x77C00000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\Apphelp.dll ],
                   Base Address: [0x77B40000 ], Size: [0x00022000 ]
    
    [=============================================================================]
        2.a) AlterIW No.exe - Registry Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Accessibility,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ CustomMarshalers,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ IEExecRemote,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ IEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ IIEHost,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.0.5000.0" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ ISymWrapper,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Build.Conversion.v3.5,version="3.5.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Build.Engine,version="3.5.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Build.Framework,version="3.5.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Build.Tasks.v3.5,version="3.5.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Build.Utilities.v3.5,version="3.5.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.JScript,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Transactions.Bridge,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Transactions.Bridge.Dtc,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",ProcessorArchitecture="x86",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.VisualBasic,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.VisualBasic.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.VisualC,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.VisualC.STLCLR,version="1.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="9.0.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Vsa,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft.Vsa.Vb.CodeDOMProcessor,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Microsoft_VsaVb,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationBuildTasks,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationBuildTasks,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationCFFRasterizer,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationCFFRasterizer,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationCore,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="x86",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationCore,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="x86",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework.Aero,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework.Aero,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework.Classic,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework.Classic,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework.Luna,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework.Luna,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework****yale,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationFramework****yale,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationUI,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ PresentationUI,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ ReachFramework,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ ReachFramework,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ Regcode,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ SMDiagnostics,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.AddIn,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.AddIn.Contract,version="2.0.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Configuration.Install,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Core,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Data,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Data.DataSetExtensions,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Data.Linq,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Data.OracleClient,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.DirectoryServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.DirectoryServices.AccountManagement,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Drawing,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Drawing.Design,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.EnterpriseServices,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System****.Log,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b03f5f7f11d50a3a",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.IdentityModel,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.IdentityModel.Selectors,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Management,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Management.Instrumentation,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Messaging,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Net,version="3.5.0.0",publicKeyToken="b03f5f7f11d50a3a",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Printing,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="x86",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Printing,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="x86",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Runtime.Remoting,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Runtime.Serialization,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Runtime.Serialization.Formatters.Soap,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Security,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.ServiceModel,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.ServiceModel.Install,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.ServiceModel.WasHosting,Version="3.0.0.0",Culture="neutral",PublicKeyToken="b77a5c561934e089",ProcessorArchitecture="MSIL",FileVersion="3.0.4506.648" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.ServiceModel.Web,version="3.5.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="3.5.594.0",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.ServiceProcess,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Speech,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Speech,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Web,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Web.Extensions,version="3.5.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Web.Extensions.Design,version="3.5.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Web.Mobile,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Web.RegularExpressions,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Web.Services,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Windows.Forms,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Windows.Presentation,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Workflow.Activities,processorArchitecture="MSIL",publicKeyToken="31BF3856AD364E35",culture="neutral",version="3.0.0.000000",fileVersion="3.0.4203.835" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Workflow.ComponentModel,processorArchitecture="MSIL",publicKeyToken="31BF3856AD364E35",culture="neutral",version="3.0.0.000000",fileVersion="3.0.4203.835" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Workflow.Runtime,processorArchitecture="MSIL",publicKeyToken="31BF3856AD364E35",culture="neutral",version="3.0.0.000000",fileVersion="3.0.4203.835" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.WorkflowServices,version="3.5.0.0",publicKeyToken="31bf3856ad364e35",processorArchitecture="MSIL",fileVersion="3.5.594.0",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Xml,Version="1.0.5000.0",PublicKeyToken="b77a5c561934e089",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ System.Xml.Linq,version="3.5.0.0",publicKeyToken="b77a5c561934e089",processorArchitecture="MSIL",fileVersion="3.5.21022.8",culture="neutral" ], Value: [ 0x70002100560045003300360030004b00630034004b006a00540044003400 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationClient,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationClient,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationClientsideProviders,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationClientsideProviders,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationProvider,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationProvider,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationTypes,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ UIAutomationTypes,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ WindowsBase,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ WindowsBase,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ WindowsFormsIntegration,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.0" ], Value: [ 0x29006d0066002a0065005d0061006b007b0040004f0069006c0024005700 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ WindowsFormsIntegration,Version="3.0.0.0",Culture="neutral",PublicKeyToken="31bf3856ad364e35",ProcessorArchitecture="MSIL",FileVersion="3.0.6920.1109" ], Value: [ 0x6a0025006c0024003200790062006300690035004b00290075006a005100 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ cscompmgd,Version="7.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="7.10.3052.4" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Classes\Installer\Assemblies\Global ], 
                 Value Name: [ mscorcfg,Version="1.0.5000.0",PublicKeyToken="b03f5f7f11d50a3a",Culture="neutral",FileVersion="1.1.4322.573" ], Value: [ 0x250045006d0041006a003f00430025006b0039005700370063004e004200 ], 4 times
            Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], 
                 Value Name: [ CUAS ], Value: [ 0 ], 1 time
            Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], 
                 Value Name: [ AllOrNone ], Value: [ 1 ], 1 time
            Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], 
                 Value Name: [ DoReport ], Value: [ 1 ], 1 time
            Key: [ HKLM\SOFTWARE\Microsoft\PCHealth\ErrorReporting ], 
                 Value Name: [ ShowUI ], Value: [ 1 ], 1 time
            Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], 
                 Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
            Key: [ HKLM\SYSTEM\Setup ], 
                 Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
            Key: [ HKLM\SYSTEM\WPA\MediaCenter ], 
                 Value Name: [ Installed ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Microsoft\.NETFramework ], 
                 Value Name: [ InstallRoot ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\ ], 9 times
            Key: [ HKLM\Software\Microsoft\.NETFramework\Policy\\v4.0 ], 
                 Value Name: [ 30319 ], Value: [ 30319-30319 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x421127aa20cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System,2.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0x8a57dea520cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Configuration,2.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x18bb1ba420cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Deployment,2.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x9cbf64a520cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Drawing,2.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x028b82a120cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Management,2.0.0.0,,b03f5f7f11d50a3a,MSIL ], Value: [ 0x1ab45fb020cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xb4074cae20cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Web,2.0.0.0,,b03f5f7f11d50a3a,x86 ], Value: [ 0x58d936a320cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Windows.Forms,2.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xa6ff4ea820cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ System.Xml,2.0.0.0,,b77a5c561934e089,MSIL ], Value: [ 0xca1b97a220cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\GACChangeNotification\Default ], 
                 Value Name: [ mscorlib,2.0.0.0,,b77a5c561934e089,x86 ], Value: [ 0xa8ce1d9f20cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32 ], 
                 Value Name: [ LatestIndex ], Value: [ 117 ], 3 times
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\6 ], 
                 Value Name: [ DisplayName ], Value: [ System.Xml,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\6 ], 
                 Value Name: [ LastModTime ], Value: [ 0xca1b97a220cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\6 ], 
                 Value Name: [ SIG ], Value: [ 0xe129b85668d5c94a83901a595a688da0546fb0968a3ad8f39d84fd920ec9 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\19ab8d57\291a02d0\6 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\1c ], 
                 Value Name: [ DisplayName ], Value: [ System.Web,2.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\1c ], 
                 Value Name: [ LastModTime ], Value: [ 0x58d936a320cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\1c ], 
                 Value Name: [ SIG ], Value: [ 0x257ea63099a54b47b394ae802aab504d19f0e298ec19246fcdb594503704 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\24bf93f6\643db07b\1c ], 
                 Value Name: [ Status ], Value: [ 8194 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\40 ], 
                 Value Name: [ DisplayName ], Value: [ System.Management,2.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\40 ], 
                 Value Name: [ LastModTime ], Value: [ 0x1ab45fb020cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\40 ], 
                 Value Name: [ SIG ], Value: [ 0x3e169fe688ba0044a1e06d7325a897046350b207203b659a3f4acb1d6fd4 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\2b1a4e4\6abb48d8\40 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\b ], 
                 Value Name: [ DisplayName ], Value: [ System.Deployment,2.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\b ], 
                 Value Name: [ LastModTime ], Value: [ 0x9cbf64a520cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\b ], 
                 Value Name: [ SIG ], Value: [ 0xaa6a30bb5ee45e4395aee8e3e013862cc3e045ee0eeb054e6d82e3b4dc36 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3ced59c5\7f729234\b ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\7 ], 
                 Value Name: [ DisplayName ], Value: [ System,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\7 ], 
                 Value Name: [ LastModTime ], Value: [ 0x8a57dea520cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\7 ], 
                 Value Name: [ SIG ], Value: [ 0x7739f7fe32588e438bd70fda47be005ca87ed832d6e6b76aa0302a427ffe ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\3f50fe4f\6e9ac653\7 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\5 ], 
                 Value Name: [ DisplayName ], Value: [ System.Configuration,2.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\5 ], 
                 Value Name: [ LastModTime ], Value: [ 0x18bb1ba420cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\5 ], 
                 Value Name: [ SIG ], Value: [ 0x13b985b524af744ea7870ebe1b5d5d0658961b3f64a74093492875c9d8f1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\424bd4d8\67e63d5c\5 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\42 ], 
                 Value Name: [ DisplayName ], Value: [ Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\42 ], 
                 Value Name: [ LastModTime ], Value: [ 0x421127aa20cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\42 ], 
                 Value Name: [ SIG ], Value: [ 0x8d608f73d22b3548baf6a7faf89c5f230b86a6a7c448b7f134ef800ede26 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\4f99a7c9\7949fb97\42 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\9 ], 
                 Value Name: [ DisplayName ], Value: [ System.Drawing,2.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\9 ], 
                 Value Name: [ LastModTime ], Value: [ 0x028b82a120cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\9 ], 
                 Value Name: [ SIG ], Value: [ 0xd13b44b636575b40b535819858133665d8507ae68706294dda848b7a1e72 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\6dc7d4c0\3fcdfaca\9 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\8 ], 
                 Value Name: [ DisplayName ], Value: [ mscorlib,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\8 ], 
                 Value Name: [ LastModTime ], Value: [ 0xa8ce1d9f20cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\8 ], 
                 Value Name: [ Modules ], Value: [ sortkey.nlp|sorttbls.nlp|big5.nlp|bopomofo.nlp|ksc.nlp|prc.nlp|prcp.nlp|xjis.nlp|normidna.nlp|normnfc.nlp|normnfd.nlp|normnfkc.nlp|normnfkd.nlp ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\8 ], 
                 Value Name: [ SIG ], Value: [ 0x61498a5bb093b143a337bdf5962ece99bd6c58fc8f03105a020331f4a600 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\7950e2c5\319545b3\8 ], 
                 Value Name: [ Status ], Value: [ 8198 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\10 ], 
                 Value Name: [ DisplayName ], Value: [ System.Windows.Forms,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\10 ], 
                 Value Name: [ LastModTime ], Value: [ 0xa6ff4ea820cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\10 ], 
                 Value Name: [ SIG ], Value: [ 0x44a949e4640e604da04329762516a96e6e1fa3a76770071df15dc4d908f9 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\c991064\268e923b\10 ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\1d ], 
                 Value Name: [ DisplayName ], Value: [ System.Runtime.Remoting,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\1d ], 
                 Value Name: [ LastModTime ], Value: [ 0xb4074cae20cfcb01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\1d ], 
                 Value Name: [ SIG ], Value: [ 0x564f729ebc6f6b4bb3dc6f535b33f8fbd8487686c42a2af9e970a5ba9956 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\IL\f6e8397\61a5c1bb\1d ], 
                 Value Name: [ Status ], Value: [ 4098 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8 ], 
                 Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8 ], 
                 Value Name: [ ConfigString ], Value: [ ZAP--0000-0000 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8 ], 
                 Value Name: [ DisplayName ], Value: [ mscorlib,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8 ], 
                 Value Name: [ ILDependencies ], Value: [ 0xc5e25079b3459531080000000200000000000000 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8 ], 
                 Value Name: [ MVID ], Value: [ 0x642534209e13d16e93b80a628742d2ee ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\181938c6\3c74e9a9\8 ], 
                 Value Name: [ Status ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ ConfigString ], Value: [ ZAP--0000-0000 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ DisplayName ], Value: [ Microsoft.VisualBasic,8.0.0.0,,b03f5f7f11d50a3a ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ ILDependencies ], Value: [ 0x6410990c3b928e26100000000200000000000000c0d4c76dcafacd3f0900 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ MVID ], Value: [ 0x900525e192ca3d523143207ac11ae5f5 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ NIDependencies ], Value: [ 0xc6381918a9e9743c0800000002000000000000004f7cbc303282491d0700 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\1c22df2f\52628d2e\46 ], 
                 Value Name: [ Status ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ ConfigMask ], Value: [ 4361 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ ConfigString ], Value: [ ZAP--0000-0000 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ DisplayName ], Value: [ System,2.0.0.0,,b77a5c561934e089 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ ILDependencies ], Value: [ 0xd8d44b425c3de667050000000200000000000000578dab19d0021a290600 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ MVID ], Value: [ 0x36dbfcf62e07d819b3de533898868ecf ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ NIDependencies ], Value: [ 0xc6381918a9e9743c080000000200000000000000 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\NI\30bc7c4f\1d498232\7 ], 
                 Value Name: [ Status ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index75 ], 
                 Value Name: [ ILUsageMask ], Value: [ 0xffffffffffffffffff01 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\NativeImagesIndex\v2.0.50727_32\index75 ], 
                 Value Name: [ NIUsageMask ], Value: [ 0xfffffffffffffffff1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ], 
                 Value Name: [ Latest ], Value: [ 1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ], 
                 Value Name: [ LegacyPolicyTimeStamp ], Value: [ 0x0000000000000000 ], 1 time
            Key: [ HKLM\Software\Microsoft\Fusion\PublisherPolicy\Default ], 
                 Value Name: [ index1 ], Value: [ 0x00 ], 1 time
            Key: [ HKLM\Software\Microsoft\PCHealth\ErrorReporting\DW\Installed ], 
                 Value Name: [ DW0200 ], Value: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll ], 
                 Value Name: [ CheckAppHelp ], Value: [ 1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscorwks.dll ], 
                 Value Name: [ CheckAppHelp ], Value: [ 1 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
                 Value Name: [ AuthenticodeEnabled ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
                 Value Name: [ DefaultLevel ], Value: [ 262144 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
                 Value Name: [ PolicyScope ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
                 Value Name: [ TransparentEnabled ], Value: [ 1 ], 2 times
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
                 Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
                 Value Name: [ ItemData ], Value: [ 0x5eab304f957a49896a006c1c31154015 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
                 Value Name: [ ItemSize ], Value: [ 779 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328} ], 
                 Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
                 Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
                 Value Name: [ ItemData ], Value: [ 0x67b0d48b343a3fd3bce9dc646704f394 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
                 Value Name: [ ItemSize ], Value: [ 517 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91} ], 
                 Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
                 Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
                 Value Name: [ ItemData ], Value: [ 0x327802dcfef8c893dc8ab006dd847d1d ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
                 Value Name: [ ItemSize ], Value: [ 918 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f} ], 
                 Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
                 Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
                 Value Name: [ ItemData ], Value: [ 0xbd9a2adb42ebd8560e250e4df8162f67 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
                 Value Name: [ ItemSize ], Value: [ 229 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d} ], 
                 Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
                 Value Name: [ HashAlg ], Value: [ 32771 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
                 Value Name: [ ItemData ], Value: [ 0x386b085f84ecf669d36b956a22c01e80 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
                 Value Name: [ ItemSize ], Value: [ 370 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc} ], 
                 Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], 
                 Value Name: [ ItemData ], Value: [ %HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK* ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33} ], 
                 Value Name: [ SaferFlags ], Value: [ 0 ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ], 
                 Value Name: [ ComputerName ], Value: [ PC ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
                 Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
                 Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ Cache ], Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ Cache ], Value: [ %USERPROFILE%\Local Settings\Temporary Internet Files ], 1 time
    
    
    [=============================================================================]
        2.b) AlterIW No.exe - File Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\config\machine.config ]
            File Name: [ PIPE\lsarpc ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ PIPE\lsarpc ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        File System Control Communication:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
            File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 3 times
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Device Control Communication:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Memory Mapped Files:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\AlterIW No.exe ]
            File Name: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\culture.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorrc.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
            File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
            File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sortkey.nlp ]
            File Name: [ C:\WINDOWS\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\sorttbls.nlp ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\900525e192ca3d523143207ac11ae5f5\Microsoft.VisualBasic.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ]
            File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
            File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
            File Name: [ C:\WINDOWS\system32\comctl32.dll ]
            File Name: [ C:\WINDOWS\system32\imm32.dll ]
            File Name: [ C:\WINDOWS\system32\l_intl.nls ]
            File Name: [ C:\WINDOWS\system32\mscoree.dll ]
            File Name: [ C:\WINDOWS\system32\rpcss.dll ]
            File Name: [ C:\WINDOWS\system32\shell32.dll ]
            File Name: [ C:\WINDOWS\system32\winlogon.exe ]
            File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]
            File Name: [ C:\Windows\AppPatch\sysmain.sdb ]
    
    [=============================================================================]
        2.c) AlterIW No.exe - Process Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Processes Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [  ]
            Executable: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ], Command Line: [ dw20.exe -x -s 416 ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Remote Threads Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Affected Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Foreign Memory Regions Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Foreign Memory Regions Written:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Process: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\DW20.EXE ]
    
    
    [=============================================================================]
        2.d) AlterIW No.exe - Other Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Mutexes Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
            Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Windows SEH exceptions:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Description: [ Exception 0xe0434f4d at 0x7c812aeb ], 10 times
    
    
    
    
    [#############################################################################]
        3. DW20.EXE
    [#############################################################################]
    [=============================================================================]
        General information about this executable
    [=============================================================================]
            Analysis Reason: Started by AlterIW No.exe
            Filename:        DW20.EXE
            MD5:             a981419c39cc02259b8f2da3974000d9
            SHA-1:           905d359e2c5e8330d39b746132fa9779f52c0b93
            File Size:       637272 Bytes
            Command Line:    dw20.exe -x -s 416
            Process-status
            at analysis end: alive
            Exit Code:       0
    
    [=============================================================================]
        Load-time Dlls
    [=============================================================================]
            Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
                   Base Address: [0x7C900000 ], Size: [0x000AF000 ]
            Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
                   Base Address: [0x7C800000 ], Size: [0x000F6000 ]
            Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
                   Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
            Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
                   Base Address: [0x77E70000 ], Size: [0x00092000 ]
            Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
                   Base Address: [0x77FE0000 ], Size: [0x00011000 ]
            Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ],
                   Base Address: [0x773D0000 ], Size: [0x00103000 ]
            Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
                   Base Address: [0x77C10000 ], Size: [0x00058000 ]
            Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
                   Base Address: [0x77F10000 ], Size: [0x00049000 ]
            Module Name: [ C:\WINDOWS\system32\USER32.dll ],
                   Base Address: [0x7E410000 ], Size: [0x00091000 ]
            Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
                   Base Address: [0x77F60000 ], Size: [0x00076000 ]
            Module Name: [ C:\WINDOWS\system32\OLEACC.dll ],
                   Base Address: [0x74C80000 ], Size: [0x0002C000 ]
            Module Name: [ C:\WINDOWS\system32\MSVCP60.dll ],
                   Base Address: [0x76080000 ], Size: [0x00065000 ]
            Module Name: [ C:\WINDOWS\system32\ole32.dll ],
                   Base Address: [0x774E0000 ], Size: [0x0013D000 ]
            Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
                   Base Address: [0x77120000 ], Size: [0x0008B000 ]
            Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
                   Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
            Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
                   Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
            Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
                   Base Address: [0x77C00000 ], Size: [0x00008000 ]
            Module Name: [ C:\WINDOWS\system32\WININET.dll ],
                   Base Address: [0x771B0000 ], Size: [0x000AA000 ]
            Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
                   Base Address: [0x77A80000 ], Size: [0x00095000 ]
            Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
                   Base Address: [0x77B20000 ], Size: [0x00012000 ]
    
    [=============================================================================]
        Run-time Dlls
    [=============================================================================]
            Module Name: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\1033\dwintl20.dll ],
                   Base Address: [0x318A0000 ], Size: [0x0001C000 ]
            Module Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll ],
                   Base Address: [0x6BCE0000 ], Size: [0x000C9000 ]
            Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
                   Base Address: [0x74720000 ], Size: [0x0004C000 ]
            Module Name: [ C:\WINDOWS\system32\riched20.dll ],
                   Base Address: [0x74E30000 ], Size: [0x0006D000 ]
            Module Name: [ C:\WINDOWS\system32\imm32.dll ],
                   Base Address: [0x76390000 ], Size: [0x0001D000 ]
            Module Name: [ C:\WINDOWS\system32\shfolder.dll ],
                   Base Address: [0x76780000 ], Size: [0x00009000 ]
            Module Name: [ C:\WINDOWS\system32\psapi.dll ],
                   Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
            Module Name: [ C:\WINDOWS\system32\mscoree.dll ],
                   Base Address: [0x79000000 ], Size: [0x0004A000 ]
    
    [=============================================================================]
        3.a) DW20.EXE - Registry Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ], 
                 Value Name: [ Directory ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ], 
                 Value Name: [ Paths ], New Value: [ 4 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 ], 
                 Value Name: [ CacheLimit ], New Value: [ 40852 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 ], 
                 Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 ], 
                 Value Name: [ CacheLimit ], New Value: [ 40852 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 ], 
                 Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 ], 
                 Value Name: [ CacheLimit ], New Value: [ 40852 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 ], 
                 Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 ], 
                 Value Name: [ CacheLimit ], New Value: [ 40852 ]
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 ], 
                 Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4 ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ Cookies ], New Value: [ C:\Documents and Settings\Administrator\Cookies ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ History ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\History ]
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ], 
                 Value Name: [ Personal ], New Value: [ C:\Documents and Settings\Administrator\My Documents ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Registry Values Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ], 
                 Value Name: [ CUAS ], Value: [ 0 ], 1 time
            Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
                 Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 2 times
            Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ], 
                 Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
            Key: [ HKLM\SYSTEM\Setup ], 
                 Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ], 
                 Value Name: [ * ], Value: [ 1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ], 
                 Value Name: [ * ], Value: [ 1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\mscoree.dll ], 
                 Value Name: [ CheckAppHelp ], Value: [ 1 ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\KnownManagedDebuggingDlls ], 
                 Value Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll ], Value: [ 0 ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\MiniDumpAuxiliaryDlls ], 
                 Value Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ], Value: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], 
                 Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 1 time
            Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ], 
                 Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 1 time
            Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ], 
                 Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
            Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ], 
                 Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
            Key: [ HKLM\System\Setup ], 
                 Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
                 Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ], 
                 Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
                 Value Name: [ EnableHttp1_1 ], Value: [ 1 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
                 Value Name: [ EnableNegotiate ], Value: [ 1 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
                 Value Name: [ MimeExclusionListForCache ], Value: [ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges  ], 4 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ], 
                 Value Name: [ WarnOnPost ], Value: [ 0x01000000 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ], 
                 Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 4 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ Cache ], Value: [ %USERPROFILE%\Local Settings\Temporary Internet Files ], 3 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ Cookies ], Value: [ %USERPROFILE%\Cookies ], 3 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ History ], Value: [ %USERPROFILE%\Local Settings\History ], 3 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ], 
                 Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ], 
                 Value Name: [ Signature ], Value: [ Client UrlCache MMF Ver 5.2 ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ], 
                 Value Name: [ CacheLimit ], Value: [ 163410 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ], 
                 Value Name: [ CachePrefix ], Value: [  ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ], 
                 Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ], 
                 Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ], 
                 Value Name: [ CachePrefix ], Value: [ Cookie: ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ], 
                 Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
                 Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
                 Value Name: [ CacheOptions ], Value: [ 11 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
                 Value Name: [ CachePath ], Value: [ %USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021720110218\ ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
                 Value Name: [ CachePrefix ], Value: [ :2011021720110218:  ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ], 
                 Value Name: [ CacheRepair ], Value: [ 0 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
                 Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
                 Value Name: [ CacheOptions ], Value: [ 11 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
                 Value Name: [ CachePath ], Value: [ %USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021820110219\ ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
                 Value Name: [ CachePrefix ], Value: [ :2011021820110219:  ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ], 
                 Value Name: [ CacheRepair ], Value: [ 0 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ], 
                 Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ], 
                 Value Name: [ CachePrefix ], Value: [ Visited: ], 2 times
            Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ], 
                 Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
    
    
    [=============================================================================]
        3.b) DW20.EXE - File Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Created:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\720C4.dmp ]
            File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\AlterIW No.exe ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Files Modified:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\720C4.dmp ]
            File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dw.log ]
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Device Control Communication:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 1 time
    
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Memory Mapped Files:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            File Name: [ C:\AlterIW No.exe ]
            File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\720C4.dmp ]
            File Name: [ C:\PROGRA~1\COMMON~1\MICROS~1\DW\1033\dwintl20.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscordacwks.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorjit.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorwks.dll ]
            File Name: [ C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\COMCTL32.dll ]
            File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
            File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Microsoft.VisualBas#\900525e192ca3d523143207ac11ae5f5\Microsoft.VisualBasic.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\System\36dbfcf62e07d819b3de533898868ecf\System.ni.dll ]
            File Name: [ C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\mscorlib\642534209e13d16e93b80a628742d2ee\mscorlib.ni.dll ]
            File Name: [ C:\WINDOWS\system32\ADVAPI32.dll ]
            File Name: [ C:\WINDOWS\system32\Apphelp.dll ]
            File Name: [ C:\WINDOWS\system32\GDI32.dll ]
            File Name: [ C:\WINDOWS\system32\KERNEL32.dll ]
            File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
            File Name: [ C:\WINDOWS\system32\MSVCP60.dll ]
            File Name: [ C:\WINDOWS\system32\OLEACC.dll ]
            File Name: [ C:\WINDOWS\system32\OLEACCRC.DLL ]
            File Name: [ C:\WINDOWS\system32\RASAPI32.DLL ]
            File Name: [ C:\WINDOWS\system32\RPCRT4.dll ]
            File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
            File Name: [ C:\WINDOWS\system32\SHLWAPI.dll ]
            File Name: [ C:\WINDOWS\system32\Secur32.dll ]
            File Name: [ C:\WINDOWS\system32\USER32.dll ]
            File Name: [ C:\WINDOWS\system32\VERSION.dll ]
            File Name: [ C:\WINDOWS\system32\WININET.dll ]
            File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
            File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
            File Name: [ C:\WINDOWS\system32\comctl32.dll ]
            File Name: [ C:\WINDOWS\system32\imm32.dll ]
            File Name: [ C:\WINDOWS\system32\mscoree.dll ]
            File Name: [ C:\WINDOWS\system32\msvcrt.dll ]
            File Name: [ C:\WINDOWS\system32\ntdll.dll ]
            File Name: [ C:\WINDOWS\system32\ole32.dll ]
            File Name: [ C:\WINDOWS\system32\psapi.dll ]
            File Name: [ C:\WINDOWS\system32\rasman.dll ]
            File Name: [ C:\WINDOWS\system32\riched20.dll ]
            File Name: [ C:\WINDOWS\system32\shell32.dll ]
            File Name: [ C:\WINDOWS\system32\shfolder.dll ]
            File Name: [ C:\WINDOWS\system32\urlmon.dll ]
            File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]
    
    [=============================================================================]
        3.c) DW20.EXE - Process Activities
    [=============================================================================]
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
        Foreign Memory Regions Read:
    [=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
            Process: [ C:\AlterIW No.exe ]
    Last edited by shadowx360; 08-07-2011 at 12:43 PM.


    When I wrote this code, only God and I understood what I was doing. Now, God only knows.
    I will give you two of my seventy-two virgins if you can fix the code mess below

  8. #23
    aIW|Convery's Avatar
    Join Date
    Oct 2010
    Gender
    male
    Posts
    2,876
    Reputation
    124
    Thanks
    595
    My Mood
    Cynical
    +1 for using anubis :3

  9. #24
    jerbob92's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    72
    Reputation
    10
    Thanks
    6
    I figured most things out about the "encryption", it's fucking noob.
    Will stop with it though, as nobody wants to use it anymore I guess, and I don't trust it either.

    @Heartview @master131 @Moto
    Might want to check this out? Before anyone else get's "hurt"
    Last edited by jerbob92; 08-07-2011 at 01:15 PM.

  10. #25
    Heartview's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    KY Cygni
    Posts
    9,208
    Reputation
    717
    Thanks
    2,872
    Un-approving the hack until further investigation can be done.

    It did not come up with any viruses when scanned, and had no suspicious activity when ran sanboxed. However, it did not run for me, or work at all, but seeing as how it looked clean, it wasn't my problem weather or not it worked.
    Texture Mods


    Obedear, the sky is low

  11. #26
    jerbob92's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    72
    Reputation
    10
    Thanks
    6
    Seems like a good idea.
    The guy only has 1 post. And the hack didn't work for anybody so far, the only thing I can think of is it doing bad things.

  12. #27
    Heartview's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    KY Cygni
    Posts
    9,208
    Reputation
    717
    Thanks
    2,872
    Well I'm poking around in it now, and its not doing anything that people ITT are saying its doing, its just continuing to do nothing.
    Texture Mods


    Obedear, the sky is low

  13. #28
    jerbob92's Avatar
    Join Date
    Sep 2010
    Gender
    male
    Posts
    72
    Reputation
    10
    Thanks
    6
    I could try to figure out what's actually in the code, but that would be a waste of my time.

  14. #29
    Heartview's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    KY Cygni
    Posts
    9,208
    Reputation
    717
    Thanks
    2,872
    Well seeing as how it appears not to work anyways, and the anubis report + other people ITT pretty much confirm this is indeed not worth the time in the first place.
    Texture Mods


    Obedear, the sky is low

  15. The Following User Says Thank You to Heartview For This Useful Post:

    [MPGH]Moto (08-07-2011)

  16. #30
    master131's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Melbourne, Australia
    Posts
    8,802
    Reputation
    3165
    Thanks
    73,324
    My Mood
    Breezy
    Hello @jerbob92. What's someone like you doing here on MPGH?
    @Heartview If you still got a copy, send it to me so I can check this out.
    Donate:
    BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9


    Handy Tools/Hacks:
    Extreme Injector v3.6.1 *NEW* Windows 10 compatible!
    A powerful and advanced injector in a simple GUI.
    Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!

    Minion Since: 13th January 2011
    Moderator Since: 6th May 2011
    Global Moderator Since: 29th April 2012
    Super User/Unknown Since: 23rd July 2013
    'Game Hacking' Team Since: 30th July 2013

    --My Art--
    [Roxas - Pixel Art, WIP]
    [Natsu - Drawn]
    [Natsu - Coloured]


    All drawings are coloured using Photoshop.

    --Gifts--
    [Kyle]

Page 2 of 2 FirstFirst 12

Similar Threads

  1. there is a EA for Version 1.0.166 ?
    By TrueStar in forum Call of Duty Modern Warfare 2 Help
    Replies: 4
    Last Post: 01-03-2010, 04:24 PM
  2. wallhack for version 1.0.174
    By Tittenteddy in forum Call of Duty Modern Warfare 2 Help
    Replies: 5
    Last Post: 12-29-2009, 04:13 PM
  3. No-Recoil for ver. 1.0.166
    By olskeevi in forum Call of Duty Modern Warfare 2 Help
    Replies: 5
    Last Post: 12-28-2009, 01:46 AM
  4. Looking for version,1753 hacks
    By Liquid_Death in forum Knight Online Hacks
    Replies: 1
    Last Post: 11-28-2009, 07:04 PM
  5. Replies: 82
    Last Post: 08-29-2009, 05:44 PM

Tags for this Thread