رابط ضار للتجربة

Abdelkarim · 27 ديسمبر 2014

السلام عليكم و رحمة الله و بركاته

رابط ضار لاختبار حماياتكم مكتشف من الكاسبر فقط على فيروس توتال

[hide]

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

[/hide]

imadeddine wissam · 27 ديسمبر 2014

اهلا اخي عبد الكريم لكن هذا الرابط اخذني مباشرة الى رابط msn الرسمي

Abdelkarim · 27 ديسمبر 2014

imadeddine wissam قال:
اهلا اخي عبد الكريم لكن هذا الرابط اخذني مباشرة الى رابط msn الرسمي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

ALmehob · 27 ديسمبر 2014

[hide]

[/hide]
[hide]

[/hide]

imadeddine wissam · 27 ديسمبر 2014

يبدو انه مكتشف من الكاسبرسكي ...جميل

Abdelkarim · 27 ديسمبر 2014

imadeddine wissam قال:
اهلا اخي عبد الكريم لكن هذا الرابط اخذني مباشرة الى رابط msn الرسمي

نفس الشيء يحذث معي

و لا اعتراض من الجي داتا

جاري التبليغ عن الرابط للشركة لنرى

Shrieef Al Tite · 28 ديسمبر 2014

اخي عبد الكريم لكن هذا الرابط اخذني مباشرة الى رابط msn الرسمي

Abdelkarim · 28 ديسمبر 2014

Shrieef Al Tite قال:
اخي عبد الكريم لكن هذا الرابط اخذني مباشرة الى رابط msn الرسمي

هذا ما يحذث مع الجميع

الغريب ان الكاسبر يكتشفه

Abdallah Pro · 28 ديسمبر 2014

[hide]

[/hide]

SkY MaRvEL · 28 ديسمبر 2014

وعليكم السلام
الرابط اخذني لل msn
بعدان تم الوصول للصفحة تم حجبها

Abdelkarim · 28 ديسمبر 2014

skymarvel قال:
وعليكم السلام
الرابط اخذني لل msn
بعدان تم الوصول للصفحة تم حجبها

مشاهدة المرفق 71126

مرحى هناك برنامج اخر يتفق مع الكاسبر في حجب الصفحة

SkY MaRvEL · 28 ديسمبر 2014

Abdelkarim قال:
مرحى هناك برنامج اخر يتفق مع الكاسبر في حجب الصفحة

نعم اخي عبد الكريم الافاست يعجبني وقوي اتعجب بمن يشكك بقدراته

kens · 28 ديسمبر 2014

skymarvel قال:
نعم اخي عبد الكريم الافاست يعجبني وقوي اتعجب بمن يشكك بقدراته

و أنا أيضاً أحب الأفاست

elmasry2006 · 28 ديسمبر 2014

imadeddine wissam قال:
اهلا اخي عبد الكريم لكن هذا الرابط اخذني مباشرة الى رابط msn الرسمي

+1

kens · 28 ديسمبر 2014

تم صده من قبل Avast Premier

Abdelkarim · 28 ديسمبر 2014

elmasry2006 قال:
+1

الان هناك اربع حمايات تقول ان الرابط ضار منها البيتدفندر
الافاست يكتشفه من تجارب الاخوة و لكن في فيروس توتال يقول انه كلين

امر هذا الرابط غريب حقا

هل يملك احد تفسيرا ، ما نوع التهديدالذي يشكله؟

Shrieef Al Tite · 28 ديسمبر 2014

بعد أعادة التجربةة

elmasry2006 · 28 ديسمبر 2014

Abdelkarim قال:
الان هناك اربع حمايات تقول ان الرابط ضار منها البيتدفندر
الافاست يكتشفه من تجارب الاخوة و لكن في فيروس توتال يقول انه كلين
مشاهدة المرفق 71140
امر هذا الرابط غريب حقا

هل يملك احد تفسيرا ، ما نوع التهديدالذي يشكله؟

اخي عبدالكريم اليكم التحليل بالتفصيل للموقع واترككم انتم والخبراء لتفسيره كيفما شئتم واقرأ واستمتع

اصل صراحة الموضوع طلع كبير قووووي

Analysis Report for

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

[#############################################################################]

[=============================================================================]
Table of Contents
[=============================================================================]

- General information
- iexplore.exe
a) Registry Activities
b) File Activities
c) Other Activities

[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
Time needed: 258 s
Report created: 12/28/14, 10:05:25 UTC
Termination reason: Timeout
Program version: 1.76.3886

[#############################################################################]
2. iexplore.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Primary Analysis Subject
Filename: iexplore.exe
Command Line: "C:\Program Files\Internet Explorer\iexplore.exe"
Process-status
at analysis end: alive
Exit Code: 0

[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\SHDOCVW.dll ],
Base Address: [0x7E290000 ], Size: [0x00171000 ]
Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
Base Address: [0x77A80000 ], Size: [0x00095000 ]
Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
Base Address: [0x77B20000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\CRYPTUI.dll ],
Base Address: [0x754D0000 ], Size: [0x00080000 ]
Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
Base Address: [0x5B860000 ], Size: [0x00055000 ]
Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WININET.dll ],
Base Address: [0x771B0000 ], Size: [0x000AA000 ]
Module Name: [ C:\WINDOWS\system32\WINTRUST.dll ],
Base Address: [0x76C30000 ], Size: [0x0002E000 ]
Module Name: [ C:\WINDOWS\system32\IMAGEHLP.dll ],
Base Address: [0x76C90000 ], Size: [0x00028000 ]
Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
Base Address: [0x76F60000 ], Size: [0x0002C000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]
Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\BROWSEUI.dll ],
Base Address: [0x75F80000 ], Size: [0x000FD000 ]
Module Name: [ C:\WINDOWS\system32\browselc.dll ],
Base Address: [0x71600000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
Module Name: [ C:\WINDOWS\System32\cscui.dll ],
Base Address: [0x77A20000 ], Size: [0x00054000 ]
Module Name: [ C:\WINDOWS\System32\CSCDLL.dll ],
Base Address: [0x76600000 ], Size: [0x0001D000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
Module Name: [ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ],
Base Address: [0x10000000 ], Size: [0x00010000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
Base Address: [0x78130000 ], Size: [0x0009B000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\ssv.dll ],
Base Address: [0x6D7C0000 ], Size: [0x00079000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\MSVCR71.dll ],
Base Address: [0x7C340000 ], Size: [0x00056000 ]
Module Name: [ C:\WINDOWS\system32\mshtml.dll ],
Base Address: [0x7DC30000 ], Size: [0x002F2000 ]
Module Name: [ C:\WINDOWS\system32\msls31.dll ],
Base Address: [0x746C0000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
Module Name: [ C:\WINDOWS\system32\SXS.DLL ],
Base Address: [0x7E720000 ], Size: [0x000B0000 ]

[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
Base Address: [0x011C0000 ], Size: [0x002C5000 ]
Module Name: [ C:\WINDOWS\system32\shdoclc.dll ],
Base Address: [0x71800000 ], Size: [0x00088000 ]
Module Name: [ C:\WINDOWS\system32\msimtf.dll ],
Base Address: [0x746F0000 ], Size: [0x0002A000 ]
Module Name: [ C:\WINDOWS\system32\MLANG.dll ],
Base Address: [0x75CF0000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\IMM32.DLL ],
Base Address: [0x76390000 ], Size: [0x0001D000 ]

[=============================================================================]
2.a) iexplore.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Count ], New Value: [ 5 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Time ], New Value: [ 0xdb0703000300020017001e0003002c03 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Type ], New Value: [ 4 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Count ], New Value: [ 7 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Time ], New Value: [ 0xdb0703000300020017001e0003002c03 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Type ], New Value: [ 4 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Count ], New Value: [ 7 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Time ], New Value: [ 0xdb0703000300020017001e0003002c03 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Type ], New Value: [ 4 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ IntranetName ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ ProxyBypass ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ UNCAsIntranet ], New Value: [ 1 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\CLASSES\.HTM ],
Value Name: [ ], Value: [ htmlfile ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\.HTM ],
Value Name: [ PerceivedType ], Value: [ text ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020420-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ], Value: [ oleaut32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020420-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020424-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ], Value: [ oleaut32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020424-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32 ],
Value Name: [ ], Value: [ "C:\Program Files\Internet Explorer\iexplore.exe" ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PROGID ],
Value Name: [ ], Value: [ htmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\msimtf.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 5 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\url.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 3 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ],
Value Name: [ DriveMask ], Value: [ 32 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\HTMLFILE\CLSID ],
Value Name: [ ], Value: [ {25336920-03F9-11cf-8FD0-00AA00686F13} ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\HTMLFILE\DEFAULTICON ],
Value Name: [ ], Value: [ C:\Program Files\Internet Explorer\iexplore.exe,1 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\HTTP\DEFAULTICON ],
Value Name: [ ], Value: [ %SystemRoot%\system32\url.dll,0 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{00020400-0000-0000-C000-000000000046}\PROXYSTUBCLSID32 ],
Value Name: [ ], Value: [ {00020420-0000-0000-C000-000000000046} ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\PROXYSTUBCLSID32 ],
Value Name: [ ], Value: [ {00020424-0000-0000-C000-000000000046} ], 3 times
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TYPELIB ],
Value Name: [ ], Value: [ {EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TYPELIB ],
Value Name: [ Version ], Value: [ 1.1 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\SYSTEMFILEASSOCIATIONS\TEXT\SHELL\EDIT\COMMAND ],
Value Name: [ ], Value: [ %SystemRoot%\system32\NOTEPAD.EXE %1 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\TYPELIB\{00020430-0000-0000-C000-000000000046}\2.0\0\WIN32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\stdole2.tlb ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\TYPELIB\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\WIN32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\shdocvw.dll ], 2 times
Key: [ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\about ],
Value Name: [ CLSID ], Value: [ {3050F406-98B5-11CF-BB82-00AA00BDCE0B} ], 26 times
Key: [ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\res ],
Value Name: [ CLSID ], Value: [ {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} ], 2 times
Key: [ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs ],
Value Name: [ blank ], Value: [ res://mshtml.dll/blank.htm ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 2 times
Key: [ HKLM\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{7b8a2d95-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 3 times
Key: [ HKLM\Software\Classes\CLSID\{9ba05972-f6a8-11cf-a442-00a0c90a8f39}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{ff393560-c2a7-11cf-bff4-444553540000}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\Software\Clients\News ],
Value Name: [ ], Value: [ Outlook Express ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 36 times
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ],
Value Name: [ MenuText ], Value: [ Sun Java Console ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ],
Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} ],
Value Name: [ Exec ], Value: [ %windir%\Network Diagnostic\xpnetdiag.exe ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} ],
Value Name: [ MenuText ], Value: [ @xpsp3res.dll,-20001 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ ButtonText ], Value: [ Messenger ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ Default Visible ], Value: [ Yes ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ Exec ], Value: [ C:\Program Files\Messenger\msmsgs.exe ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ HotIcon ], Value: [ C:\Program Files\Messenger\msmsgs.exe,302 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ Icon ], Value: [ C:\Program Files\Messenger\msmsgs.exe,301 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ MenuText ], Value: [ Windows Messenger ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ],
Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} ],
Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Version Vector ],
Value Name: [ IE ], Value: [ 6.0000 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Version Vector ],
Value Name: [ VML ], Value: [ 1.0 ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 0 ], Value: [ image/gif ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 1 ], Value: [ image/x-xbitmap ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 2 ], Value: [ image/jpeg ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 3 ], Value: [ image/pjpeg ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ application ], Value: [ application/x-ms-application ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ flash ], Value: [ application/x-shockwave-flash ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ xaml ], Value: [ application/xaml+xml ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ xbap ], Value: [ application/x-ms-xbap ], 3 times
Key: [ HKLM\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ PC ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Nls\CodePage ],
Value Name: [ 950 ], Value: [ c_950.nls ], 1 time
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
Value Name: [ NumShape ], Value: [ 1 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICache ],
Value Name: [ LangID ], Value: [ 0x0904 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICache\ ],
Value Name: [ @xpsp3res.dll,-20001 ], Value: [ Diagnose Connection Problems... ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB} ],
Value Name: [ Enable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000c07\{09EA4E4B-46CE-4469-B450-0DE76A435BBB} ],
Value Name: [ Enable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Count ], Value: [ 4 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Count ], Value: [ 6 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Count ], Value: [ 6 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
Value Name: [ {08B0E5C0-4FCB-11CF-AAA5-00401C608501} ], Value: [ 8194 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
Value Name: [ {FB5F1910-F110-11d2-BB9E-00C04F795683} ], Value: [ 8193 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
Value Name: [ {e2e2dd38-d088-4134-82b7-f2ba38496583} ], Value: [ 8192 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\Scripts\3 ],
Value Name: [ IEFixedFontName ], Value: [ Courier New ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\Scripts\3 ],
Value Name: [ IEPropFontName ], Value: [ Times New Roman ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Anchor Underline ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Disable Script Debugger ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Display Inline Images ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ FullScreen ], Value: [ no ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Use_DlgBox_Colors ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
Value Name: [ Anchor Color Visited ], Value: [ 128,0,128 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
Value Name: [ Use Anchor Hover Color ], Value: [ No ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 11 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ Description ], Value: [ Your computer ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ DisplayName ], Value: [ My Computer ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ Icon ], Value: [ explorer.exe#0100 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 ],
Value Name: [ Flags ], Value: [ 33 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ Description ], Value: [ This zone contains all Web sites that are on your organization's intranet. ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ DisplayName ], Value: [ Local intranet ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ Flags ], Value: [ 219 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ Icon ], Value: [ shell32.dll#0018 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ MinLevel ], Value: [ 65536 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ RecommendedLevel ], Value: [ 66816 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ Description ], Value: [ This zone contains Web sites that you trust not to damage your computer or data. ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ DisplayName ], Value: [ Trusted sites ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ Flags ], Value: [ 71 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ Icon ], Value: [ inetcpl.cpl#00004480 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ MinLevel ], Value: [ 65536 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ RecommendedLevel ], Value: [ 65536 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 1809 ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 2100 ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ Description ], Value: [ This zone contains all Web sites you haven't placed in other zones ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ DisplayName ], Value: [ Internet ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ Flags ], Value: [ 1 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ Icon ], Value: [ inetcpl.cpl#001313 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ MinLevel ], Value: [ 69632 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ RecommendedLevel ], Value: [ 69632 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ Description ], Value: [ This zone contains Web sites that could potentially damage your computer or data. ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ DisplayName ], Value: [ Restricted sites ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ Flags ], Value: [ 3 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ Icon ], Value: [ inetcpl.cpl#00004481 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ MinLevel ], Value: [ 73728 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ RecommendedLevel ], Value: [ 73728 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached ],
Value Name: [ {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 ], Value: [ 0x010000007c6c9c7cc0da56ab0ac5c801 ], 3 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached ],
Value Name: [ {FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401 ], Value: [ 0x010000007c6c9c7c8e68fd27bdc5c801 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History ],
Value Name: [ DaysToKeep ], Value: [ 20 ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 4 times

[=============================================================================]
2.b) iexplore.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini ]
File Name: [ C:\Program Files\Internet Explorer\iexplore.exe ]
File Name: [ C:\WINDOWS\system32\inetcpl.cpl ]
File Name: [ C:\WINDOWS\system32\mshtml.dll ]
File Name: [ C:\WINDOWS\system32\shdocvw.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\stdole2.tlb ]
File Name: [ C:\WINDOWS\system32\url.dll ]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Program Files\Internet Explorer\iexplore.exe ]
File Name: [ C:\Program Files\Messenger\msmsgs.exe ]
File Name: [ C:\WINDOWS\WindowsShell.manifest ]
File Name: [ C:\WINDOWS\system32\IMM32.DLL ]
File Name: [ C:\WINDOWS\system32\MLANG.dll ]
File Name: [ C:\WINDOWS\system32\inetcpl.cpl ]
File Name: [ C:\WINDOWS\system32\mshtml.dll ]
File Name: [ C:\WINDOWS\system32\msimtf.dll ]
File Name: [ C:\WINDOWS\system32\shdoclc.dll ]
File Name: [ C:\WINDOWS\system32\shdocvw.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\stdole2.tlb ]
File Name: [ C:\WINDOWS\system32\url.dll ]
File Name: [ C:\WINDOWS\system32\winlogon.exe ]
File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]

[=============================================================================]
2.c) iexplore.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutex: [ MSCTF.Shared.MUTEX.IFG ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Keyboard Keys Monitored:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Virtual Key Code: [ VK_SHIFT (16) ], 14 times
Virtual Key Code: [ VK_CONTROL (17) ], 14 times
Virtual Key Code: [ VK_MENU (18) ], 14 times
Virtual Key Code: [ VK_LSHIFT (160) ], 13 times
Virtual Key Code: [ VK_LCONTROL (162) ], 13 times
Virtual Key Code: [ VK_LMENU (164) ], 13 times
Virtual Key Code: [ VK_LBUTTON (1) ], 43 times
Virtual Key Code: [ VK_RBUTTON (2) ], 1 time
Virtual Key Code: [ VK_MBUTTON (4) ], 1 time

VVIP · 28 ديسمبر 2014

الأكتشاف بسبب إعادة توجيه إلى صفحة خارجية أخرى

السلوك هذا عباره عن توجيه domain (رابط الموقع) إلى domain آخر وهو صفحه msn

وهو سلوك مشبوه لما قد يكون التحويل إلى رابط مشبوه أو صفحه أحتيال وتصيد

لكن هنا التحويل سليم إلى موقع

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

هذا التحويل يعتبر سلوك مشبوه ويتم كالتالي :~
[hide]

كود:

["host"] =~ "^http://tyjkytdk.photoshopadvice.com\.name"
                {
                    url.redirect = ( "^/(.*)" => "http://www.msn.com/1" )
                }

[/hide]

Abdelkarim · 28 ديسمبر 2014

elmasry2006 قال:
اخي عبدالكريم اليكم التحليل بالتفصيل للموقع واترككم انتم والخبراء لتفسيره كيفما شئتم واقرأ واستمتع اصل صراحة الموضوع طلع كبير قووووي
Analysis Report for
يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

يجب عليك تسجيل الدخول او تسجيل لمشاهدة الرابط المخفي

[#############################################################################]

[=============================================================================]
Table of Contents
[=============================================================================]

- General information
- iexplore.exe
a) Registry Activities
b) File Activities
c) Other Activities

[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
Time needed: 258 s
Report created: 12/28/14, 10:05:25 UTC
Termination reason: Timeout
Program version: 1.76.3886

[#############################################################################]
2. iexplore.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Primary Analysis Subject
Filename: iexplore.exe
Command Line: "C:\Program Files\Internet Explorer\iexplore.exe"
Process-status
at analysis end: alive
Exit Code: 0

[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\SHDOCVW.dll ],
Base Address: [0x7E290000 ], Size: [0x00171000 ]
Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
Base Address: [0x77A80000 ], Size: [0x00095000 ]
Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
Base Address: [0x77B20000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\CRYPTUI.dll ],
Base Address: [0x754D0000 ], Size: [0x00080000 ]
Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
Base Address: [0x5B860000 ], Size: [0x00055000 ]
Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WININET.dll ],
Base Address: [0x771B0000 ], Size: [0x000AA000 ]
Module Name: [ C:\WINDOWS\system32\WINTRUST.dll ],
Base Address: [0x76C30000 ], Size: [0x0002E000 ]
Module Name: [ C:\WINDOWS\system32\IMAGEHLP.dll ],
Base Address: [0x76C90000 ], Size: [0x00028000 ]
Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
Base Address: [0x76F60000 ], Size: [0x0002C000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]
Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\BROWSEUI.dll ],
Base Address: [0x75F80000 ], Size: [0x000FD000 ]
Module Name: [ C:\WINDOWS\system32\browselc.dll ],
Base Address: [0x71600000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
Module Name: [ C:\WINDOWS\System32\cscui.dll ],
Base Address: [0x77A20000 ], Size: [0x00054000 ]
Module Name: [ C:\WINDOWS\System32\CSCDLL.dll ],
Base Address: [0x76600000 ], Size: [0x0001D000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
Module Name: [ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ],
Base Address: [0x10000000 ], Size: [0x00010000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
Base Address: [0x78130000 ], Size: [0x0009B000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\ssv.dll ],
Base Address: [0x6D7C0000 ], Size: [0x00079000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\MSVCR71.dll ],
Base Address: [0x7C340000 ], Size: [0x00056000 ]
Module Name: [ C:\WINDOWS\system32\mshtml.dll ],
Base Address: [0x7DC30000 ], Size: [0x002F2000 ]
Module Name: [ C:\WINDOWS\system32\msls31.dll ],
Base Address: [0x746C0000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
Module Name: [ C:\WINDOWS\system32\SXS.DLL ],
Base Address: [0x7E720000 ], Size: [0x000B0000 ]

[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
Base Address: [0x011C0000 ], Size: [0x002C5000 ]
Module Name: [ C:\WINDOWS\system32\shdoclc.dll ],
Base Address: [0x71800000 ], Size: [0x00088000 ]
Module Name: [ C:\WINDOWS\system32\msimtf.dll ],
Base Address: [0x746F0000 ], Size: [0x0002A000 ]
Module Name: [ C:\WINDOWS\system32\MLANG.dll ],
Base Address: [0x75CF0000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\IMM32.DLL ],
Base Address: [0x76390000 ], Size: [0x0001D000 ]

[=============================================================================]
2.a) iexplore.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Count ], New Value: [ 5 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Time ], New Value: [ 0xdb0703000300020017001e0003002c03 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Type ], New Value: [ 4 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Count ], New Value: [ 7 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Time ], New Value: [ 0xdb0703000300020017001e0003002c03 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Type ], New Value: [ 4 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Count ], New Value: [ 7 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Time ], New Value: [ 0xdb0703000300020017001e0003002c03 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Type ], New Value: [ 4 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ IntranetName ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ ProxyBypass ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ UNCAsIntranet ], New Value: [ 1 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\CLASSES\.HTM ],
Value Name: [ ], Value: [ htmlfile ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\.HTM ],
Value Name: [ PerceivedType ], Value: [ text ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020420-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ], Value: [ oleaut32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020420-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020424-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ], Value: [ oleaut32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00020424-0000-0000-C000-000000000046}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{0002DF01-0000-0000-C000-000000000046}\LOCALSERVER32 ],
Value Name: [ ], Value: [ "C:\Program Files\Internet Explorer\iexplore.exe" ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PROGID ],
Value Name: [ ], Value: [ htmlfile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{38F69B16-F583-40FB-B262-5C764DE868E8}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\msimtf.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{50D5107A-D278-4871-8989-F4CEAAF59CFC}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 4 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D95-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 5 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{9BA05972-F6A8-11CF-A442-00A0C90A8F39}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{FBF23B42-E3F0-101B-8488-00AA003E56F8}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\url.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 3 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{FF393560-C2A7-11CF-BFF4-444553540000}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ],
Value Name: [ DriveMask ], Value: [ 32 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\HTMLFILE\CLSID ],
Value Name: [ ], Value: [ {25336920-03F9-11cf-8FD0-00AA00686F13} ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\HTMLFILE\DEFAULTICON ],
Value Name: [ ], Value: [ C:\Program Files\Internet Explorer\iexplore.exe,1 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\HTTP\DEFAULTICON ],
Value Name: [ ], Value: [ %SystemRoot%\system32\url.dll,0 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{00020400-0000-0000-C000-000000000046}\PROXYSTUBCLSID32 ],
Value Name: [ ], Value: [ {00020420-0000-0000-C000-000000000046} ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\PROXYSTUBCLSID32 ],
Value Name: [ ], Value: [ {00020424-0000-0000-C000-000000000046} ], 3 times
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TYPELIB ],
Value Name: [ ], Value: [ {EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{85CB6900-4D95-11CF-960C-0080C7F4EE85}\TYPELIB ],
Value Name: [ Version ], Value: [ 1.1 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\SYSTEMFILEASSOCIATIONS\TEXT\SHELL\EDIT\COMMAND ],
Value Name: [ ], Value: [ %SystemRoot%\system32\NOTEPAD.EXE %1 ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\TYPELIB\{00020430-0000-0000-C000-000000000046}\2.0\0\WIN32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\stdole2.tlb ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\TYPELIB\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\WIN32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\shdocvw.dll ], 2 times
Key: [ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\about ],
Value Name: [ CLSID ], Value: [ {3050F406-98B5-11CF-BB82-00AA00BDCE0B} ], 26 times
Key: [ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\res ],
Value Name: [ CLSID ], Value: [ {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} ], 2 times
Key: [ HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURLs ],
Value Name: [ blank ], Value: [ res://mshtml.dll/blank.htm ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 2 times
Key: [ HKLM\Software\Classes\CLSID\{7b8a2d94-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{7b8a2d95-0ac9-11d1-896c-00c04fb6bfc4}\InProcServer32 ],
Value Name: [ ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 3 times
Key: [ HKLM\Software\Classes\CLSID\{9ba05972-f6a8-11cf-a442-00a0c90a8f39}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{ff393560-c2a7-11cf-bff4-444553540000}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\Software\Clients\News ],
Value Name: [ ], Value: [ Outlook Express ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 36 times
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ],
Value Name: [ MenuText ], Value: [ Sun Java Console ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ],
Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} ],
Value Name: [ Exec ], Value: [ %windir%\Network Diagnostic\xpnetdiag.exe ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} ],
Value Name: [ MenuText ], Value: [ @xpsp3res.dll,-20001 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ ButtonText ], Value: [ Messenger ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ Default Visible ], Value: [ Yes ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ Exec ], Value: [ C:\Program Files\Messenger\msmsgs.exe ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ HotIcon ], Value: [ C:\Program Files\Messenger\msmsgs.exe,302 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ Icon ], Value: [ C:\Program Files\Messenger\msmsgs.exe,301 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
Value Name: [ MenuText ], Value: [ Windows Messenger ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ],
Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} ],
Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Version Vector ],
Value Name: [ IE ], Value: [ 6.0000 ], 1 time
Key: [ HKLM\Software\Microsoft\Internet Explorer\Version Vector ],
Value Name: [ VML ], Value: [ 1.0 ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 0 ], Value: [ image/gif ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 1 ], Value: [ image/x-xbitmap ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 2 ], Value: [ image/jpeg ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ 3 ], Value: [ image/pjpeg ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ application ], Value: [ application/x-ms-application ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ flash ], Value: [ application/x-shockwave-flash ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ xaml ], Value: [ application/xaml+xml ], 3 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
Value Name: [ xbap ], Value: [ application/x-ms-xbap ], 3 times
Key: [ HKLM\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ PC ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Nls\CodePage ],
Value Name: [ 950 ], Value: [ c_950.nls ], 1 time
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
Value Name: [ NumShape ], Value: [ 1 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICache ],
Value Name: [ LangID ], Value: [ 0x0904 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\MUICache\ ],
Value Name: [ @xpsp3res.dll,-20001 ], Value: [ Diagnose Connection Problems... ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000409\{09EA4E4B-46CE-4469-B450-0DE76A435BBB} ],
Value Name: [ Enable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\CTF\TIP\{DCBD6FA8-032F-11D3-B5B1-00C04FC324A1}\LanguageProfile\0x00000c07\{09EA4E4B-46CE-4469-B450-0DE76A435BBB} ],
Value Name: [ Enable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\iexplore ],
Value Name: [ Count ], Value: [ 4 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{E2E2DD38-D088-4134-82B7-F2BA38496583}\iexplore ],
Value Name: [ Count ], Value: [ 6 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{FB5F1910-F110-11D2-BB9E-00C04F795683}\iexplore ],
Value Name: [ Count ], Value: [ 6 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
Value Name: [ {08B0E5C0-4FCB-11CF-AAA5-00401C608501} ], Value: [ 8194 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
Value Name: [ {FB5F1910-F110-11d2-BB9E-00C04F795683} ], Value: [ 8193 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
Value Name: [ {e2e2dd38-d088-4134-82b7-f2ba38496583} ], Value: [ 8192 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\Scripts\3 ],
Value Name: [ IEFixedFontName ], Value: [ Courier New ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\Scripts\3 ],
Value Name: [ IEPropFontName ], Value: [ Times New Roman ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Anchor Underline ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Disable Script Debugger ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Display Inline Images ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ FullScreen ], Value: [ no ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ Use_DlgBox_Colors ], Value: [ yes ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
Value Name: [ Anchor Color Visited ], Value: [ 128,0,128 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
Value Name: [ Use Anchor Hover Color ], Value: [ No ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 11 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ Description ], Value: [ Your computer ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ DisplayName ], Value: [ My Computer ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Lockdown_Zones\0 ],
Value Name: [ Icon ], Value: [ explorer.exe#0100 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 ],
Value Name: [ Flags ], Value: [ 33 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ Description ], Value: [ This zone contains all Web sites that are on your organization's intranet. ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ DisplayName ], Value: [ Local intranet ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ Flags ], Value: [ 219 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ Icon ], Value: [ shell32.dll#0018 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ MinLevel ], Value: [ 65536 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
Value Name: [ RecommendedLevel ], Value: [ 66816 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ Description ], Value: [ This zone contains Web sites that you trust not to damage your computer or data. ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ DisplayName ], Value: [ Trusted sites ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ Flags ], Value: [ 71 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ Icon ], Value: [ inetcpl.cpl#00004480 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ MinLevel ], Value: [ 65536 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
Value Name: [ RecommendedLevel ], Value: [ 65536 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 1809 ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 2100 ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ Description ], Value: [ This zone contains all Web sites you haven't placed in other zones ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ DisplayName ], Value: [ Internet ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ Flags ], Value: [ 1 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ Icon ], Value: [ inetcpl.cpl#001313 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ MinLevel ], Value: [ 69632 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ RecommendedLevel ], Value: [ 69632 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ CurrentLevel ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ Description ], Value: [ This zone contains Web sites that could potentially damage your computer or data. ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ DisplayName ], Value: [ Restricted sites ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ Flags ], Value: [ 3 ], 5 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ Icon ], Value: [ inetcpl.cpl#00004481 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ MinLevel ], Value: [ 73728 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
Value Name: [ RecommendedLevel ], Value: [ 73728 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached ],
Value Name: [ {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 ], Value: [ 0x010000007c6c9c7cc0da56ab0ac5c801 ], 3 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached ],
Value Name: [ {FF393560-C2A7-11CF-BFF4-444553540000} {062E1261-A60E-11D0-82C2-00C04FD5AE38} 0x401 ], Value: [ 0x010000007c6c9c7c8e68fd27bdc5c801 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History ],
Value Name: [ DaysToKeep ], Value: [ 20 ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 4 times

[=============================================================================]
2.b) iexplore.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Documents and Settings\Administrator\Local Settings\History\desktop.ini ]
File Name: [ C:\Program Files\Internet Explorer\iexplore.exe ]
File Name: [ C:\WINDOWS\system32\inetcpl.cpl ]
File Name: [ C:\WINDOWS\system32\mshtml.dll ]
File Name: [ C:\WINDOWS\system32\shdocvw.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\stdole2.tlb ]
File Name: [ C:\WINDOWS\system32\url.dll ]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Program Files\Internet Explorer\iexplore.exe ]
File Name: [ C:\Program Files\Messenger\msmsgs.exe ]
File Name: [ C:\WINDOWS\WindowsShell.manifest ]
File Name: [ C:\WINDOWS\system32\IMM32.DLL ]
File Name: [ C:\WINDOWS\system32\MLANG.dll ]
File Name: [ C:\WINDOWS\system32\inetcpl.cpl ]
File Name: [ C:\WINDOWS\system32\mshtml.dll ]
File Name: [ C:\WINDOWS\system32\msimtf.dll ]
File Name: [ C:\WINDOWS\system32\shdoclc.dll ]
File Name: [ C:\WINDOWS\system32\shdocvw.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\stdole2.tlb ]
File Name: [ C:\WINDOWS\system32\url.dll ]
File Name: [ C:\WINDOWS\system32\winlogon.exe ]
File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]

[=============================================================================]
2.c) iexplore.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutex: [ MSCTF.Shared.MUTEX.IFG ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Keyboard Keys Monitored:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Virtual Key Code: [ VK_SHIFT (16) ], 14 times
Virtual Key Code: [ VK_CONTROL (17) ], 14 times
Virtual Key Code: [ VK_MENU (18) ], 14 times
Virtual Key Code: [ VK_LSHIFT (160) ], 13 times
Virtual Key Code: [ VK_LCONTROL (162) ], 13 times
Virtual Key Code: [ VK_LMENU (164) ], 13 times
Virtual Key Code: [ VK_LBUTTON (1) ], 43 times
Virtual Key Code: [ VK_RBUTTON (2) ], 1 time
Virtual Key Code: [ VK_MBUTTON (4) ], 1 time

يا حسرتا على الخبراء لو كانوا مثلي

احجز لي مكان بجانبك في صفوف المتفرجين

(خبراء زيزووم)

فائز بمسابقة التصميم الموسم العاشر،(خبراء زيزووم)

توقيع : imadeddine wissamimadeddine wissam is verified member.

(خبراء زيزووم)

إداري سابق

توقيع : ALmehob

فائز بمسابقة التصميم الموسم العاشر،(خبراء زيزووم)

توقيع : imadeddine wissamimadeddine wissam is verified member.

(خبراء زيزووم)

زيزوومي VIP

توقيع : Shrieef Al Tite

(خبراء زيزووم)

عضو شرف

توقيع : Abdallah Pro

خبراء زيزووم

توقيع : SkY MaRvEL

(خبراء زيزووم)

خبراء زيزووم

توقيع : SkY MaRvEL

زيزوومي نشيط

.: خبير نقاشات الحماية :. (خبراء زيزووم)

زيزوومي نشيط

(خبراء زيزووم)

زيزوومي VIP

توقيع : Shrieef Al Tite

.: خبير نقاشات الحماية :. (خبراء زيزووم)

زيزوومى متألق

توقيع : VVIP

(خبراء زيزووم)

توقيع : imadeddine wissam

توقيع : imadeddine wissam