Oto SQL Bulmak!

___ __ _



[#############################################################################]
Analysis Report for MaXIsploit.exe
MD5: cb4139e72b5e09f0de35315f68bdad4f
[#############################################################################]

Summary:
- Performs Registry Activities:
The executable creates and/or modifies registry entries.

[=============================================================================]
Table of Contents
[=============================================================================]

- General information
- MaXIsploit.exe
a) Registry Activities
b) File Activities


[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
Time needed: 279 s
Report created: 04/25/12, 12:09:01 UTC
Termination reason: Timeout
Program version: 1.76.3886


[#############################################################################]
2. MaXIsploit.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Primary Analysis Subject
Filename: MaXIsploit.exe
MD5: cb4139e72b5e09f0de35315f68bdad4f
SHA-1: 76ba785585253e429a29b46560fbef432801cccb
File Size: 1953792 Bytes
Command Line: "C:\MaXIsploit.exe"
Process-status
at analysis end: alive
Exit Code: 0

[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\user32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\advapi32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\oleaut32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\version.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\shell32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\comdlg32.dll ],
Base Address: [0x763B0000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\wsock32.dll ],
Base Address: [0x71AD0000 ], Size: [0x00009000 ]
Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
Base Address: [0x71AB0000 ], Size: [0x00017000 ]
Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
Base Address: [0x71AA0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]

[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\UXTHEME.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\msimg32.dll ],
Base Address: [0x76380000 ], Size: [0x00005000 ]
Module Name: [ C:\WINDOWS\System32\CSCDLL.dll ],
Base Address: [0x76600000 ], Size: [0x0001D000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\System32\cscui.dll ],
Base Address: [0x77A20000 ], Size: [0x00054000 ]
Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]

[=============================================================================]
2.a) MaXIsploit.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ BaseClass ], New Value: [ Drive ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ BaseClass ], New Value: [ Drive ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\CLASSES\.EXE ],
Value Name: [ ], Value: [ exefile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\System32\cscui.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ],
Value Name: [ DriveMask ], Value: [ 32 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\EXEFILE\DEFAULTICON ],
Value Name: [ ], Value: [ %1 ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
Value Name: [ CUAS ], Value: [ 0 ], 1 time
Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\System32\cscui.dll ], 1 time
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ Com+Enabled ], Value: [ 1 ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files ],
Value Name: [ ], Value: [ {750fdf0e-2a26-11d1-a3ea-080036587f03} ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ LogLevel ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ ServicePackSourcePath ], Value: [ D:\ ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ SourcePath ], Value: [ D:\ ], 2 times
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ PC ], 2 times
Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Domain ], Value: [ ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Hostname ], Value: [ pc ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKLM\System\WPA\PnP ],
Value Name: [ seed ], Value: [ 1274198464 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\Desktop\WindowMetrics ],
Value Name: [ Shell Icon Bpp ], Value: [ 16 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\Desktop\WindowMetrics ],
Value Name: [ Shell Icon Size ], Value: [ 32 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ ],
Value Name: [ ShellState ], Value: [ 0x2400000038080000000000000000000000000000010000000d0000000000 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ DontPrettyPath ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ Filter ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ Hidden ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ HideFileExt ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ HideIcons ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ MapNetDrvBtn ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ NoNetCrawling ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ SeparateProcess ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ ShowCompColor ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ ShowInfoTip ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ ShowSuperHidden ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ WebView ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Data ], Value: [ 0x000000005c005c003f005c0049004400450023004300640052006f006d00 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Data ], Value: [ 0x000000005c005c003f005c00530054004f00520041004700450023005600 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 5 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\Software\Classes ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
Key: [ HKLM\Software\Classes\CLSID ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times


[=============================================================================]
2.b) MaXIsploit.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\MaXIsploit.exe ]
File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ MountPointManager ]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
File: [ IDE#CdRomQEMU_QEMU_CD-ROM________________________0.9.____#4d51303030302033202020202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time
File: [ MountPointManager ], Control Code: [ 0x006D0008 ], 2 times
File: [ STORAGE#Volume#1&30a96598&0&SignatureB15FB15FOffset7E00Length13F291800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time
File: [ MountPointManager ], Control Code: [ 0x006D0034 ], 4 times
File: [ shadow ], Control Code: [ 0x00140FFB ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\MaXIsploit.exe ]
File Name: [ C:\WINDOWS\System32\CSCDLL.dll ]
File Name: [ C:\WINDOWS\System32\cscui.dll ]
File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ]
File Name: [ C:\WINDOWS\system32\COMRes.dll ]
File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ]
File Name: [ C:\WINDOWS\system32\UXTHEME.dll ]
File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
File Name: [ C:\WINDOWS\system32\comctl32.dll ]
File Name: [ C:\WINDOWS\system32\imm32.dll ]
File Name: [ C:\WINDOWS\system32\msimg32.dll ]
File Name: [ C:\WINDOWS\system32\rpcss.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]

Genişletmek için tıkla ...

atam.avi' Alıntı:

Virustotal isterseniz diye ben sizin için yaptım
https://www.virustotal.com/tr/file/...9b9fe9e17f4f89599546b7b0/analysis/1421719455/
Baya bir virüs algıladı üstüne kendim bir tarama yapıyorum
ayrıca exe tarattım sonuçlarda;
[ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],

virüslerde çıkmış bulunmaktadır
tam sonuç isteyenlere

___ __ _



[#############################################################################]
Analysis Report for MaXIsploit.exe
MD5: cb4139e72b5e09f0de35315f68bdad4f
[#############################################################################]

Summary:
- Performs Registry Activities:
The executable creates and/or modifies registry entries.

[=============================================================================]
Table of Contents
[=============================================================================]

- General information
- MaXIsploit.exe
a) Registry Activities
b) File Activities


[#############################################################################]
1. General Information
[#############################################################################]
[=============================================================================]
Information about Anubis' invocation
[=============================================================================]
Time needed: 279 s
Report created: 04/25/12, 12:09:01 UTC
Termination reason: Timeout
Program version: 1.76.3886


[#############################################################################]
2. MaXIsploit.exe
[#############################################################################]
[=============================================================================]
General information about this executable
[=============================================================================]
Analysis Reason: Primary Analysis Subject
Filename: MaXIsploit.exe
MD5: cb4139e72b5e09f0de35315f68bdad4f
SHA-1: 76ba785585253e429a29b46560fbef432801cccb
File Size: 1953792 Bytes
Command Line: "C:\MaXIsploit.exe"
Process-status
at analysis end: alive
Exit Code: 0

[=============================================================================]
Load-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
Base Address: [0x7C900000 ], Size: [0x000AF000 ]
Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
Base Address: [0x7C800000 ], Size: [0x000F6000 ]
Module Name: [ C:\WINDOWS\system32\user32.dll ],
Base Address: [0x7E410000 ], Size: [0x00091000 ]
Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
Base Address: [0x77F10000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\advapi32.dll ],
Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
Base Address: [0x77E70000 ], Size: [0x00092000 ]
Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
Base Address: [0x77FE0000 ], Size: [0x00011000 ]
Module Name: [ C:\WINDOWS\system32\oleaut32.dll ],
Base Address: [0x77120000 ], Size: [0x0008B000 ]
Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
Base Address: [0x77C10000 ], Size: [0x00058000 ]
Module Name: [ C:\WINDOWS\system32\ole32.dll ],
Base Address: [0x774E0000 ], Size: [0x0013D000 ]
Module Name: [ C:\WINDOWS\system32\version.dll ],
Base Address: [0x77C00000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\system32\comctl32.dll ],
Base Address: [0x5D090000 ], Size: [0x0009A000 ]
Module Name: [ C:\WINDOWS\system32\shell32.dll ],
Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
Base Address: [0x77F60000 ], Size: [0x00076000 ]
Module Name: [ C:\WINDOWS\system32\comdlg32.dll ],
Base Address: [0x763B0000 ], Size: [0x00049000 ]
Module Name: [ C:\WINDOWS\system32\wsock32.dll ],
Base Address: [0x71AD0000 ], Size: [0x00009000 ]
Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
Base Address: [0x71AB0000 ], Size: [0x00017000 ]
Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
Base Address: [0x71AA0000 ], Size: [0x00008000 ]
Module Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
Base Address: [0x773D0000 ], Size: [0x00103000 ]

[=============================================================================]
Run-time Dlls
[=============================================================================]
Module Name: [ C:\WINDOWS\system32\UXTHEME.dll ],
Base Address: [0x5AD70000 ], Size: [0x00038000 ]
Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
Base Address: [0x74720000 ], Size: [0x0004C000 ]
Module Name: [ C:\WINDOWS\system32\msimg32.dll ],
Base Address: [0x76380000 ], Size: [0x00005000 ]
Module Name: [ C:\WINDOWS\System32\CSCDLL.dll ],
Base Address: [0x76600000 ], Size: [0x0001D000 ]
Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
Base Address: [0x77050000 ], Size: [0x000C5000 ]
Module Name: [ C:\WINDOWS\system32\SETUPAPI.dll ],
Base Address: [0x77920000 ], Size: [0x000F3000 ]
Module Name: [ C:\WINDOWS\System32\cscui.dll ],
Base Address: [0x77A20000 ], Size: [0x00054000 ]
Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
Base Address: [0x77B40000 ], Size: [0x00022000 ]

[=============================================================================]
2.a) MaXIsploit.exe - Registry Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ BaseClass ], New Value: [ Drive ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ BaseClass ], New Value: [ Drive ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Registry Values Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\SOFTWARE\CLASSES\.EXE ],
Value Name: [ ], Value: [ exefile ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{20D04FE0-3AEA-1069-A2D8-08002B30309D}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\system32\SHELL32.dll ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\INPROCSERVER32 ],
Value Name: [ ], Value: [ %SystemRoot%\System32\cscui.dll ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{750FDF0E-2A26-11D1-A3EA-080036587F03}\INPROCSERVER32 ],
Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
Key: [ HKLM\SOFTWARE\CLASSES\DRIVE\SHELLEX\FOLDEREXTENSIONS\{FBEB8A05-BEEE-4442-804E-409D6C4515E9} ],
Value Name: [ DriveMask ], Value: [ 32 ], 2 times
Key: [ HKLM\SOFTWARE\CLASSES\EXEFILE\DEFAULTICON ],
Value Name: [ ], Value: [ %1 ], 1 time
Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
Value Name: [ CUAS ], Value: [ 0 ], 1 time
Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ OsLoaderPath ], Value: [ \ ], 2 times
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ SystemPartition ], Value: [ \Device\HarddiskVolume1 ], 2 times
Key: [ HKLM\SYSTEM\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKLM\Software\Classes\CLSID\{750fdf0e-2a26-11d1-a3ea-080036587f03}\InProcServer32 ],
Value Name: [ ], Value: [ %SystemRoot%\System32\cscui.dll ], 1 time
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ Com+Enabled ], Value: [ 1 ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
Value Name: [ DevicePath ], Value: [ %SystemRoot%\inf ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\Offline Files ],
Value Name: [ ], Value: [ {750fdf0e-2a26-11d1-a3ea-080036587f03} ], 1 time
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ DriverCachePath ], Value: [ %SystemRoot%\Driver Cache ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ LogLevel ], Value: [ 0 ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ ServicePackCachePath ], Value: [ c:\windows\ServicePackFiles\ServicePackCache ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ ServicePackSourcePath ], Value: [ D:\ ], 2 times
Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Setup ],
Value Name: [ SourcePath ], Value: [ D:\ ], 2 times
Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
Value Name: [ ComputerName ], Value: [ PC ], 2 times
Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Domain ], Value: [ ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
Value Name: [ Hostname ], Value: [ pc ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Enabled ], Value: [ 1 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
Value Name: [ Version ], Value: [ 0 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
Key: [ HKLM\System\Setup ],
Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
Key: [ HKLM\System\WPA\PnP ],
Value Name: [ seed ], Value: [ 1274198464 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\Desktop\WindowMetrics ],
Value Name: [ Shell Icon Bpp ], Value: [ 16 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\Desktop\WindowMetrics ],
Value Name: [ Shell Icon Size ], Value: [ 32 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Language Hotkey ], Value: [ 1 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
Value Name: [ Layout Hotkey ], Value: [ 2 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\ ],
Value Name: [ ShellState ], Value: [ 0x2400000038080000000000000000000000000000010000000d0000000000 ], 2 times
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ DontPrettyPath ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ Filter ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ Hidden ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ HideFileExt ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ HideIcons ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ MapNetDrvBtn ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ NoNetCrawling ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ SeparateProcess ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ ShowCompColor ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ ShowInfoTip ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ ShowSuperHidden ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced ],
Value Name: [ WebView ], Value: [ 0 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Data ], Value: [ 0x000000005c005c003f005c0049004400450023004300640052006f006d00 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094da8-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Data ], Value: [ 0x000000005c005c003f005c00530054004f00520041004700450023005600 ], 1 time
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{a1094daa-30a0-11dd-817b-806d6172696f}\ ],
Value Name: [ Generation ], Value: [ 1 ], 5 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Monitored Registry Keys:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Key: [ HKLM\Software\Classes ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
Key: [ HKLM\Software\Classes\CLSID ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times
Key: [ HKLM\Software\Microsoft\COM3 ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
Key: [ HKU ],
Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times


[=============================================================================]
2.b) MaXIsploit.exe - File Activities
[=============================================================================]
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Read:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\MaXIsploit.exe ]
File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Files Modified:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ MountPointManager ]
File Name: [ PIPE\lsarpc ]

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File System Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 6 times

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Device Control Communication:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
File: [ IDE#CdRomQEMU_QEMU_CD-ROM________________________0.9.____#4d51303030302033202020202020202020202020#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time
File: [ MountPointManager ], Control Code: [ 0x006D0008 ], 2 times
File: [ STORAGE#Volume#1&30a96598&0&SignatureB15FB15FOffset7E00Length13F291800#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b} ], Control Code: [ 0x004D0008 ], 1 time
File: [ MountPointManager ], Control Code: [ 0x006D0034 ], 4 times
File: [ shadow ], Control Code: [ 0x00140FFB ], 1 time

[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
Memory Mapped Files:
[=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=]
File Name: [ C:\MaXIsploit.exe ]
File Name: [ C:\WINDOWS\System32\CSCDLL.dll ]
File Name: [ C:\WINDOWS\System32\cscui.dll ]
File Name: [ C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ]
File Name: [ C:\WINDOWS\system32\COMRes.dll ]
File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
File Name: [ C:\WINDOWS\system32\SETUPAPI.dll ]
File Name: [ C:\WINDOWS\system32\UXTHEME.dll ]
File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
File Name: [ C:\WINDOWS\system32\comctl32.dll ]
File Name: [ C:\WINDOWS\system32\imm32.dll ]
File Name: [ C:\WINDOWS\system32\msimg32.dll ]
File Name: [ C:\WINDOWS\system32\rpcss.dll ]
File Name: [ C:\WINDOWS\system32\shell32.dll ]
File Name: [ C:\WINDOWS\system32\wsock32.dll ]

Genişletmek için tıkla ...

Contact: atawho

Genişletmek için tıkla ...