Anubis thinks that www.xkcd.com is suspicious.

Need the mods or admins to do something for you? Post here. Read the "About" post first.

Moderators: Magistrates, Prelates, Moderators General

Anubis thinks that www.xkcd.com is suspicious.

Postby robertcolumbia » Mon Jan 16, 2012 2:04 pm UTC

I went to Anubis (anubis.iseclab.org), which purports to be a malware-checking tool. I asked it to check out www.xkcd.com, and it gave the following report, emphasis mine. I'd like to give you guys the benefit of the doubt, but I got burned by another of my favorite sites which turned out to be serving malware.

___ __ _
+ /- / | ____ __ __/ /_ (_)____ -\ +
/s h- / /| | / __ \/ / / / __ \/ / ___/ -h s\
oh-:d/ / ___ |/ / / / /_/ / /_/ / (__ ) /d:-ho
shh+hy- /_/ |_/_/ /_/\__,_/_.___/_/____/ -yh+hhs
-:+hhdhyys/- -\syyhdhh+:-
-//////dhhhhhddhhyss- Analysis Report -ssyhhddhhhhhd\\\\\\-
/++/////oydddddhhyys/ ooooooooooooooooooooo \syyhhdddddyo\\\\\++\
-+++///////odh/- -+hdo\\\\\\\+++-
+++++++++//yy+/: :\+yy\\+++++++++
/+soss+sys//yyo/os++o+: :+o++so\oyy\\sys+ssos+\
+oyyyys++o/+yss/+/oyyyy: :yyyyo\+\ssy+\o++syyyyo+
+oyyyyyyso+os/o/+yyyyyy/ \yyyyyy+\o\so+osyyyyyyo+


[#############################################################################]
Analysis Report for http://www.xkcd.com
[#############################################################################]

Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World
Wide Web.


- Performs File Modification and Destruction:
The executable modifies and destructs files which are not temporary.


- Performs Registry Activities:
The executable creates and/or modifies registry entries.


[=============================================================================]
Table of Contents
[=============================================================================]

- General information
- iexplore.exe
a) Registry Activities
b) File Activities
c) Network Activities
d) Other Activities


[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
Time needed: 249 s
Report created: 01/16/12, 13:34:54 UTC
Termination reason: Timeout
Program version: 1.75.3394

[=============================================================================]
Global Network Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
DNS Queries:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Name: [ imgs.xkcd.com ], Query Type: [ DNS_TYPE_A ],
Query Result: [ 208.122.62.226 ], Successful: [ 1 ], Protocol: [ udp ]
Name: [ www.google.com ], Query Type: [ DNS_TYPE_A ],
Query Result: [ ], Successful: [ 0 ], Protocol: [ udp ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
HTTP Conversations:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
From ANUBIS:1030 to 208.122.62.226:80 - [ imgs.xkcd.com ]
Request: [ GET /s/c40a9f8.css ], Response: [ 200 "OK" ]
From ANUBIS:1031 to 208.122.62.226:80 - [ imgs.xkcd.com ]
Request: [ GET /s/ecbbecc.css ], Response: [ 200 "OK" ]



[#############################################################################]
2. iexplore.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Primary Analysis Subject
Filename: iexplore.exe
Command Line: "C:\Program Files\Internet Explorer\iexplore.exe"
Process-status
at analysis end: alive
Exit Code: 0

[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\USER32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\SHDOCVW.dll ],
Base Address: [0x7E290000 ], Size: [0x00171000 ]
Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
Base Address: [0x77A80000 ], Size: [0x00095000 ]
Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
Base Address: [0x77B20000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\CRYPTUI.dll ],
Base Address: [0x754D0000 ], Size: [0x00080000 ]
Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
Base Address: [0x5B860000 ], Size: [0x00055000 ]
Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WININET.dll ],
Base Address: [0x771B0000 ], Size: [0x000AA000 ]
Module Name: [ C:\WINDOWS\system32\WINTRUST.dll ],
Base Address: [0x76C30000 ], Size: [0x0002E000 ]
Module Name: [ C:\WINDOWS\system32\IMAGEHLP.dll ],
Base Address: [0x76C90000 ], Size: [0x00028000 ]
Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
Base Address: [0x76F60000 ], Size: [0x0002C000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]
Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\BROWSEUI.dll ],
Base Address: [0x75F80000 ], Size: [0x000FD000 ]
Module Name: [ C:\WINDOWS\system32\browselc.dll ],
Base Address: [0x71600000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
Module Name: [ C:\WINDOWS\System32\cscui.dll ],
Base Address: [0x77A20000 ], Size: [0x00054000 ]
Module Name: [ C:\WINDOWS\System32\CSCDLL.dll ],
Base Address: [0x76600000 ], Size: [0x0001D000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
Module Name: [ C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll ],
Base Address: [0x10000000 ], Size: [0x00010000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.1433_x-ww_5cf844d2\MSVCR80.dll ],
Base Address: [0x78130000 ], Size: [0x0009B000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\ssv.dll ],
Base Address: [0x6D7C0000 ], Size: [0x00079000 ]
Module Name: [ C:\Program Files\Java\jre1.6.0\bin\MSVCR71.dll ],
Base Address: [0x7C340000 ], Size: [0x00056000 ]
Module Name: [ C:\WINDOWS\system32\mshtml.dll ],
Base Address: [0x7DC30000 ], Size: [0x002F2000 ]
Module Name: [ C:\WINDOWS\system32\msls31.dll ],
Base Address: [0x746C0000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
Module Name: [ C:\WINDOWS\system32\SXS.DLL ],
Base Address: [0x7E720000 ], Size: [0x000B0000 ]
Module Name: [ C:\WINDOWS\system32\shdoclc.dll ],
Base Address: [0x71800000 ], Size: [0x00088000 ]
Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
Base Address: [0x011C0000 ], Size: [0x002C5000 ]
Module Name: [ C:\WINDOWS\system32\MLANG.dll ],
Base Address: [0x75CF0000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\msimtf.dll ],
Base Address: [0x746F0000 ], Size: [0x0002A000 ]
Module Name: [ C:\WINDOWS\system32\IMM32.DLL ],
Base Address: [0x76390000 ], Size: [0x0001D000 ]

[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
Base Address: [0x662B0000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
Base Address: [0x71A50000 ], Size: [0x0003F000 ]
Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
Base Address: [0x71A90000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
Base Address: [0x71AA0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
Base Address: [0x71AB0000 ], Size: [0x00017000 ]
Module Name: [ C:\WINDOWS\system32\wsock32.dll ],
Base Address: [0x71AD0000 ], Size: [0x00009000 ]
Module Name: [ C:\WINDOWS\system32\sensapi.dll ],
Base Address: [0x722B0000 ], Size: [0x00005000 ]
Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
Base Address: [0x769C0000 ], Size: [0x000B4000 ]
Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
Base Address: [0x76B40000 ], Size: [0x0002D000 ]
Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
Base Address: [0x76E80000 ], Size: [0x0000E000 ]
Module Name: [ C:\WINDOWS\system32\rasman.dll ],
Base Address: [0x76E90000 ], Size: [0x00012000 ]
Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
Module Name: [ C:\WINDOWS\system32\RASAPI32.DLL ],
Base Address: [0x76EE0000 ], Size: [0x0003C000 ]
Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
Base Address: [0x76F20000 ], Size: [0x00027000 ]
Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
Base Address: [0x76FC0000 ], Size: [0x00006000 ]

[=============================================================================]
2.a) iexplore.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], New Value: [ 0 ]
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ Common AppData ], New Value: [ C:\Documents and Settings\All Users\Application Data ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ MigrateProxy ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], New Value: [ 0 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
Value Name: [ SavedLegacySettings ], New Value: [ 0x3c0000001600000001000000000000000000000000000000040000000000 ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 3 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{DD313E04-FEFF-11D1-8ECD-0000F87A470C}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\TEXT/HTML ],
Value Name: [ Extension ], Value: [ .htm ], 4 times
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 1.1.4322 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 2.0.50727 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 3.0.04506.30 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 3.0.04506.648 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET CLR 3.5.21022 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET4.0C ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
Value Name: [ .NET4.0E ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ],
Value Name: [ SV1 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
Value Name: [ ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
Value Name: [ MSN 2.0 ], Value: [ ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
Value Name: [ MSN 2.5 ], Value: [ ], 1 time
Key: [ HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters ],
Value Name: [ Transports ], Value: [ 0x5400630070006900700000004e0065007400420049004f00530000000000 ], 2 times
Key: [ HKLM\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{dd313e04-feff-11d1-8ecd-0000f87a470c}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\browseui.dll ], 1 time
Key: [ HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} ],
Value Name: [ IsInstalled ], Value: [ 1 ], 1 time
Key: [ HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} ],
Value Name: [ Locale ], Value: [ en ], 2 times
Key: [ HKLM\Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11cf-8B85-00AA005B4383} ],
Value Name: [ Version ], Value: [ 6,0,2900,5512 ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 6 times
Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_MIME_HANDLING ],
Value Name: [ iexplore.exe ], Value: [ 1 ], 1 time
Key: [ HKLM\Software\Microsoft\Tracing ],
Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ ConsoleTracingMask ], Value: [ 4294901760 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ EnableFileTracing ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ FileDirectory ], Value: [ %windir%\tracing ], 4 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ FileTracingMask ], Value: [ 4294901760 ], 2 times
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Value Name: [ MaxFileSize ], Value: [ 1048576 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
Value Name: [ AllUsersProfile ], Value: [ All Users ], 2 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
Value Name: [ DefaultUserProfile ], Value: [ Default User ], 2 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
Value Name: [ ProfilesDirectory ], Value: [ %SystemDrive%\Documents and Settings ], 4 times
Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-842925246-1425521274-308236825-500 ],
Value Name: [ ProfileImagePath ], Value: [ %SystemDrive%\Documents and Settings\Administrator ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Common AppData ], Value: [ %ALLUSERSPROFILE%\Application Data ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ PC ], 2 times
Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ],
Value Name: [ wheel ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
Value Name: [ ProductType ], Value: [ WinNT ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ ComSpec ], Value: [ %SystemRoot%\system32\cmd.exe ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ FP_NO_HOST_CHECK ], Value: [ NO ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ NUMBER_OF_PROCESSORS ], Value: [ 1 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ OS ], Value: [ Windows_NT ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PATHEXT ], Value: [ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_ARCHITECTURE ], Value: [ x86 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_IDENTIFIER ], Value: [ x86 Family 6 Model 3 Stepping 3, GenuineIntel ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_LEVEL ], Value: [ 6 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ PROCESSOR_REVISION ], Value: [ 0303 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ Path ], Value: [ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ TEMP ], Value: [ %SystemRoot%\TEMP ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ TMP ], Value: [ %SystemRoot%\TEMP ], 4 times
Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
Value Name: [ windir ], Value: [ %SystemRoot% ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Domain ], Value: [ ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Hostname ], Value: [ pc ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ UseDomainNameDevolution ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ HelperDllName ], Value: [ %SystemRoot%\System32\wshtcpip.dll ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ Mapping ], Value: [ 0x0b0000000300000002000000010000000600000002000000010000000000 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ MaxSockaddrLength ], Value: [ 16 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ MinSockaddrLength ], Value: [ 16 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
Value Name: [ UseDelayedAcceptance ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\AppEvents\Schemes\Apps\Explorer\Navigating\.current ],
Value Name: [ ], Value: [ %SystemRoot%\media\Windows XP Start.wav ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ],
Value Name: [ TEMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ],
Value Name: [ TMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837} ],
Value Name: [ Version ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{5E6AB780-7743-11CF-A12B-00AA004AE837}\Count ],
Value Name: [ HRZR_PGYFRFFVBA ], Value: [ 0x967c5e0e06000000 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9} ],
Value Name: [ Version ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\\\UserAssist\{75048700-EF1F-11D0-9888-006097DEACF9}\Count ],
Value Name: [ HRZR_PGYFRFFVBA ], Value: [ 0xe57b5e0e05000000 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP ],
Value Name: [ IntranetName ], Value: [ 1 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP ],
Value Name: [ ProxyBypass ], Value: [ 1 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP\ProtocolDefaults\ ],
Value Name: [ http ], Value: [ 3 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\SHELL EXTENSIONS\CACHED ],
Value Name: [ {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 ], Value: [ 0x010000007c6c9c7cc0da56ab0ac5c801 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Address ], Value: [ 4294967295 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Buttons ], Value: [ 4294967295 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ FFlags ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ HotKey ], Value: [ 0 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Links ], Value: [ 4294967295 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ Rev ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ ShowCmd ], Value: [ 3 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\MICROSOFT\WINDOWS\SHELLNOROAM\BAGS\12\SHELL ],
Value Name: [ WFlags ], Value: [ 2 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
Value Name: [ User Agent ], Value: [ Mozilla/4.0 (compatible; MSIE 6.0; Win32) ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Connection Wizard ],
Value Name: [ Completed ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
Value Name: [ NoUpdateCheck ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ],
Value Name: [ ParseAutoexec ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ IntranetName ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
Value Name: [ ProxyBypass ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\ ],
Value Name: [ http ], Value: [ 3 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
Value Name: [ 1A10 ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ MigrateProxy ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
Value Name: [ ProxyEnable ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
Value Name: [ DefaultConnectionSettings ], Value: [ 0x3c0000000300000001000000000000000000000000000000040000000000 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
Value Name: [ SavedLegacySettings ], Value: [ 0x3c0000001500000001000000000000000000000000000000040000000000 ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ APPDATA ], Value: [ C:\Documents and Settings\Administrator\Application Data ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ CLIENTNAME ], Value: [ Console ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ HOMEDRIVE ], Value: [ C: ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ HOMEPATH ], Value: [ \Documents and Settings\Administrator ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ HOMESHARE ], Value: [ ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ LOGONSERVER ], Value: [ \\PC ], 4 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
Value Name: [ SESSIONNAME ], Value: [ Console ], 4 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 1 time


[=============================================================================]
2.b) iexplore.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\xkcd[1].htm ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\lsarpc, Flags: Named pipe ]
File Name: [ c:\autoexec.bat ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\xkcd[1].htm ]
File Name: [ C:\lsarpc, Flags: Named pipe ]
File Name: [ \Device\Afd\AsyncConnectHlp ]
File Name: [ \Device\Afd\Endpoint ]
File Name: [ \Device\RasAcd ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C:\lsarpc, Flags: Named pipe ], Control Code: [ 0x0011C017 ], 16 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 9 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 2 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 4 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_SOCK_NAME (0x0001202F) ], 3 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 6 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 1 time
File: [ \Device\Afd\AsyncConnectHlp ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 4 times
File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 3 times
File: [ unnamed file ], Control Code: [ 0x00120028 ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
File Name: [ C:\WINDOWS\system32\RASAPI32.DLL ]
File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
File Name: [ C:\WINDOWS\system32\WINMM.dll ]
File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
File Name: [ C:\WINDOWS\system32\mswsock.dll ]
File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
File Name: [ C:\WINDOWS\system32\rasman.dll ]
File Name: [ C:\WINDOWS\system32\rtutils.dll ]
File Name: [ C:\WINDOWS\system32\sensapi.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]

[=============================================================================]
2.c) iexplore.exe - Network Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
DNS Queries:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Name: [ www.xkcd.com ], Query Type: [ DNS_TYPE_A ],
Query Result: [ 72.26.203.99 ], Successful: [ YES ], Protocol: [ udp ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
HTTP Conversations:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
From ANUBIS:1029 to 72.26.203.99:80 - [ www.xkcd.com ]
Request: [ GET / ], Response: [ 200 "OK" ]


[=============================================================================]
2.d) iexplore.exe - Other Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutexes Created:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Mutex: [ _SHuassist.mtx ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Keyboard Keys Monitored:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Virtual Key Code: [ VK_CONTROL (17) ], 10 times
Virtual Key Code: [ VK_LBUTTON (1) ], 1 time
Virtual Key Code: [ VK_RBUTTON (2) ], 1 time
Virtual Key Code: [ VK_SHIFT (16) ], 9 times
Virtual Key Code: [ VK_MBUTTON (4) ], 1 time
Virtual Key Code: [ VK_MENU (18) ], 8 times
Virtual Key Code: [ VK_LSHIFT (160) ], 7 times
Virtual Key Code: [ VK_LCONTROL (162) ], 7 times
Virtual Key Code: [ VK_LMENU (164) ], 7 times




[#############################################################################]
International Secure Systems Lab
http://www.iseclab.org

Vienna University of Technology Eurecom France UC Santa Barbara
http://www.tuwien.ac.at http://www.eurecom.fr http://www.cs.ucsb.edu

Contact: anubis@iseclab.org
robertcolumbia
 
Posts: 2
Joined: Mon Jan 16, 2012 1:58 pm UTC

Re: Anubis thinks that www.xkcd.com is suspicious.

Postby SecondTalon » Mon Jan 16, 2012 4:05 pm UTC

Is it just me, or is the report telling you that iexplorer.exe is unsafe and doesn't actually talk about the URL at all?
"When Archie is too progressive for you, that's how science identifies you as an earlier species" - Luke McKinney, Cracked.com

Honestly, if you're talking BBQ and 'a guy in a parking lot' isn't part of the conversation, something's wrong."
User avatar
SecondTalon
SexyTalon
 
Posts: 22833
Joined: Sat May 05, 2007 2:10 pm UTC
Location: Louisville, Kentucky, USA, Mars. HA!

Re: Anubis thinks that www.xkcd.com is suspicious.

Postby JBJ » Mon Jan 16, 2012 4:35 pm UTC

Yeah, I'm going to say you'll probably get the same results for just about any site. Just for kicks and grins, I gave it a task of "doctor, diagnose thyself" and got the following:

[#############################################################################]
Analysis Report for http://anubis.iseclab.org
[#############################################################################]

Summary:
- Changes security settings of Internet Explorer:
This system alteration could seriously affect safety surfing the World
Wide Web.

- Performs File Modification and Destruction:
The executable modifies and destructs files which are not temporary.

- Performs Registry Activities:
The executable creates and/or modifies registry entries.


I didn't post the rest because it exceeded the 60,000 character limit, but it had pretty much reported the same information in terms of registry keys, files, etc... that xkcd did, so imma going to second ST and say this is a report on what IE does with a URL and not what a URL does with IE (or any other browser).
So, you sacked the cocky khaki Kicky Sack sock plucker?
The second cocky khaki Kicky Sack sock plucker I've sacked since the sixth sitting sheet slitter got sick.
User avatar
JBJ
 
Posts: 1265
Joined: Fri Dec 12, 2008 6:20 pm UTC
Location: a point or extent in space


Return to Site/Forum issues

Who is online

Users browsing this forum: 1211wbg4, 1u3hg0oxdy, 3de4296t, 5rs2277j, 9kp5813w, 9zc963pyt5, e73khsjx, g9d9ef14 and 1 guest