Portable Firefox Isn't STEALTH

Discuss anything related to portable freeware here.
Post Reply
Message
Author
ohiozzz
Posts: 13
Joined: Wed Apr 25, 2007 4:00 pm
Location: Gatlinburg Tn

Portable Firefox Isn't STEALTH

#1 Post by ohiozzz »

Regshot 1.8.1
Comments:
Datetime:2007/6/27 05:09:02 , 2007/6/27 05:09:48
Computer:
Username:

----------------------------------
Keys added:2
----------------------------------
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\mozilla.org\Mozilla

----------------------------------
Values added:3
----------------------------------
HKLM\SOFTWARE\mozilla.org\Mozilla\CurrentVersion: "1.8.1.4"
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\.MILLRD-21JUUZ63
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\Documents and Settings\.MILLRD-21JUUZ63

----------------------------------
Values modified:2
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 5B A1 62 79 94 2C 17 85 67 2A 3A A0 57 C2 D8 21 21 DB 76 4A 18 8C 58 49 8F 40 24 1F E7 E3 CF C2 06 F9 A4 6D 95 E3 F4 E3 A1 AC CF 82 6C 1D 88 44 98 16 CC 72 D0 97 CD 5F AE CD B1 85 C0 9E 09 23 A6 26 F7 76 A4 A9 62 23 1D F5 5C A1 AB B0 97 8E
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: F0 EE D7 16 5A 41 E9 46 33 61 81 0D FF 29 30 14 3E E4 CC 2C FC D1 A5 68 14 A3 0D 09 92 90 36 11 AB 75 09 1C 24 B3 10 93 A9 24 C8 84 24 10 26 B9 B8 4D 2E C3 4F 0A 36 4E 7A 63 39 18 6D 36 31 09 D3 2A C0 AE 82 AE 1A 25 64 F8 6B 97 B9 E1 76 FD
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 08 00 00 00 03 00 00 00 01 00 00 00 00 00 00 00 0C 00 00 00 6D 00 00 00 6C 00 00 00 7C 00 00 00 7B 00 00 00 7A 00 00 00 79 00 00 00 78 00 00 00 77 00 00 00 76 00 00 00 75 00 00 00 74 00 00 00 73 00 00 00 72 00 00 00 71 00 00 00 70 00 00 00 58 00 00 00 6F 00 00 00 6E 00 00 00 6B 00 00 00 20 00 00 00 6A 00 00 00 69 00 00 00 09 00 00 00 0B 00 00 00 0A 00 00 00 68 00 00 00 67 00 00 00 11 00 00 00 66 00 00 00 65 00 00 00 64 00 00 00 63 00 00 00 62 00 00 00 61 00 00 00 60 00 00 00 5F 00 00 00 5C 00 00 00 5E 00 00 00 5D 00 00 00 5B 00 00 00 5A 00 00 00 59 00 00 00 37 00 00 00 57 00 00 00 56 00 00 00 55 00 00 00 54 00 00 00 53 00 00 00 52 00 00 00 51 00 00 00 50 00 00 00 4F 00 00 00 4E 00 00 00 4D 00 00 00 4C 00 00 00 4B 00 00 00 2B 00 00 00 2A 00 00 00 4A 00 00 00 49 00 00 00 48 00 00 00 47 00 00 00 46 00 00 00 45 00 00 00 44 00 00 00 1C 00 00 00 43 00 00 00 42 00 00 00 21 00 00 00 0D 00 00 00 41 00 00 00 40 00 00 00 3E 00 00 00 3F 00 00 00 3D 00 00 00 3C 00 00 00 3B 00 00 00 3A 00 00 00 07 00 00 00 06 00 00 00 39 00 00 00 38 00 00 00 36 00 00 00 34 00 00 00 35 00 00 00 33 00 00 00 32 00 00 00 1A 00 00 00 31 00 00 00 30 00 00 00 2F 00 00 00 2E 00 00 00 2D 00 00 00 2C 00 00 00 29 00 00 00 28 00 00 00 27 00 00 00 26 00 00 00 25 00 00 00 24 00 00 00 23 00 00 00 0F 00 00 00 22 00 00 00 1B 00 00 00 1D 00 00 00 1F 00 00 00 1E 00 00 00 19 00 00 00 18 00 00 00 17 00 00 00 16 00 00 00 14 00 00 00 15 00 00 00 13 00 00 00 12 00 00 00 10 00 00 00 0E 00 00 00 04 00 00 00 05 00 00 00 02 00 00 00 FF FF FF FF
HKU\S-1-5-21-1993962763-1957994488-1202660629-1003\Software\Microsoft\Windows\ShellNoRoam\BagMRU\MRUListEx: 03 00 00 00 08 00 00 00 01 00 00 00 00 00 00 00 0C 00 00 00 6D 00 00 00 6C 00 00 00 7C 00 00 00 7B 00 00 00 7A 00 00 00 79 00 00 00 78 00 00 00 77 00 00 00 76 00 00 00 75 00 00 00 74 00 00 00 73 00 00 00 72 00 00 00 71 00 00 00 70 00 00 00 58 00 00 00 6F 00 00 00 6E 00 00 00 6B 00 00 00 20 00 00 00 6A 00 00 00 69 00 00 00 09 00 00 00 0B 00 00 00 0A 00 00 00 68 00 00 00 67 00 00 00 11 00 00 00 66 00 00 00 65 00 00 00 64 00 00 00 63 00 00 00 62 00 00 00 61 00 00 00 60 00 00 00 5F 00 00 00 5C 00 00 00 5E 00 00 00 5D 00 00 00 5B 00 00 00 5A 00 00 00 59 00 00 00 37 00 00 00 57 00 00 00 56 00 00 00 55 00 00 00 54 00 00 00 53 00 00 00 52 00 00 00 51 00 00 00 50 00 00 00 4F 00 00 00 4E 00 00 00 4D 00 00 00 4C 00 00 00 4B 00 00 00 2B 00 00 00 2A 00 00 00 4A 00 00 00 49 00 00 00 48 00 00 00 47 00 00 00 46 00 00 00 45 00 00 00 44 00 00 00 1C 00 00 00 43 00 00 00 42 00 00 00 21 00 00 00 0D 00 00 00 41 00 00 00 40 00 00 00 3E 00 00 00 3F 00 00 00 3D 00 00 00 3C 00 00 00 3B 00 00 00 3A 00 00 00 07 00 00 00 06 00 00 00 39 00 00 00 38 00 00 00 36 00 00 00 34 00 00 00 35 00 00 00 33 00 00 00 32 00 00 00 1A 00 00 00 31 00 00 00 30 00 00 00 2F 00 00 00 2E 00 00 00 2D 00 00 00 2C 00 00 00 29 00 00 00 28 00 00 00 27 00 00 00 26 00 00 00 25 00 00 00 24 00 00 00 23 00 00 00 0F 00 00 00 22 00 00 00 1B 00 00 00 1D 00 00 00 1F 00 00 00 1E 00 00 00 19 00 00 00 18 00 00 00 17 00 00 00 16 00 00 00 14 00 00 00 15 00 00 00 13 00 00 00 12 00 00 00 10 00 00 00 0E 00 00 00 04 00 00 00 05 00 00 00 02 00 00 00 FF FF FF FF

----------------------------------
Total changes:7
----------------------------------
This is of my computer. Also my works computer firefox adds a floder to %appdata%. Portable Thunderbird also adds Reg entries and a folder to %appdata%.

denash1
Posts: 15
Joined: Tue May 15, 2007 1:49 am

#2 Post by denash1 »

yesI think it does write settings to the registry but those will get deleted once you close the application

ohiozzz
Posts: 13
Joined: Wed Apr 25, 2007 4:00 pm
Location: Gatlinburg Tn

#3 Post by ohiozzz »

No they don't get deleted. Also here's a regshot log of my works computer. My computer runs xp pro and my works runs xp home.
Regshot 1.8.1
Comments:
Datetime:2007/6/27 20:23:08 , 2007/6/27 20:24:18
Computer:INTERNET , INTERNET
Username: ,

----------------------------------
Keys added:4
----------------------------------
HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\mozilla.org\Mozilla
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\3
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\4

----------------------------------
Values added:9
----------------------------------
HKLM\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name: "firefox.exe"
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name: "firefox.exe"
HKLM\SOFTWARE\mozilla.org\Mozilla\CurrentVersion: "1.8.1.4"
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\3: 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 4C 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\4: 14 00 1F 50 E0 4F D0 20 EA 3A 69 10 A2 D8 08 00 2B 30 30 9D 19 00 2F 4C 3A 5C 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 4E 00 31 00 00 00 00 00 DB 36 0C A2 10 00 46 49 52 45 46 4F 7E 31 00 00 36 00 03 00 04 00 EF BE DB 36 0C A2 DB 36 00 20 14 00 00 00 46 00 69 00 72 00 65 00 66 00 6F 00 78 00 50 00 6F 00 72 00 74 00 61 00 62 00 6C 00 65 00 00 00 18 00 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\3\ViewView2: 1C 00 00 00 06 00 00 00 00 00 00 00 00 00 9C 00 00 00 00 00 01 00 00 00 FF FF FF FF F0 F0 F0 F0 14 00 03 00 9C 00 00 00 00 00 00 00 30 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 F0 00 80 00 A0 00 A0 00 F0 00 F0 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\Streams\4\ViewView2: 1C 00 00 00 06 00 00 00 00 00 00 00 00 00 9C 00 00 00 00 00 01 00 00 00 FF FF FF FF F0 F0 F0 F0 14 00 03 00 9C 00 00 00 00 00 00 00 30 00 00 00 FD DF DF FD 0F 00 06 00 28 00 10 00 34 00 48 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 04 00 00 00 05 00 00 00 F0 00 80 00 A0 00 A0 00 F0 00 F0 00 00 00 00 00 01 00 00 00 02 00 00 00 03 00 00 00 FF FF FF FF 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\ShellNoRoam\MUICache\L:\FirefoxPortable\FirefoxPortable.exe: "Mozilla Firefox, Portable Edition"
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\ShellNoRoam\MUICache\L:\FirefoxPortable\App\firefox\firefox.exe: "Firefox"

----------------------------------
Values modified:14
----------------------------------
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 67 A5 4B 3E C2 2A 2D FA FD D7 BC E6 C0 A4 71 E5 2F 5B 30 AA C1 BD 89 23 0B AC 27 66 2B 3E E6 41 E0 54 1C A2 BA CD 5A D5 47 3E 55 0F A1 65 79 74 56 DF DE C5 B9 1D D1 8E 8C 86 EE 8F C1 45 8C E0 F2 05 C3 C8 32 F2 8E BA 7E 7C 6E 7D DF 07 E0 EF
HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed: 63 EC 6F 33 8F A1 12 84 7B 06 3D 7E B1 97 32 34 89 DD 9E C0 F2 D6 7B F0 F6 33 30 B3 5F 78 95 45 65 03 FE E0 8E 46 9B 1C CC 8B 50 3A 75 5D 18 07 BF EB 50 59 60 0F 96 5F DE B0 E7 02 67 80 98 27 35 21 06 0A 53 84 53 21 88 F4 63 A9 CF 5D 2C 95
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x41107B81
HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID: 0x4649940B
HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\currentPollMinutes: 0x000001B6
HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\currentPollMinutes: 0x000001B5
HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\lastGoodTime: "20070627T202243"
HKLM\SOFTWARE\Symantec\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PollManager\lastGoodTime: "20070627T202413"
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\WasReboot: 01 00 00 00
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\WasReboot: 00 00 00 00
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\LastCloseTime: B3 CB 99 33
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\LastCloseTime: EB 2C B0 33
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ModemProfile: 00 B5 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3E 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EA 08 00 00 D6 74 00 00
HKLM\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ModemProfile: 00 B5 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3E 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EA 08 00 00 9F 68 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\WasReboot: 01 00 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\WasReboot: 00 00 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\LastCloseTime: B3 CB 99 33
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\LastCloseTime: EB 2C B0 33
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ModemProfile: 00 B5 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3E 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 25 00 00 00 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EA 08 00 00 D6 74 00 00
HKLM\SYSTEM\CurrentControlSet\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\ModemProfile: 00 B5 00 00 00 01 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 3E 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 07 00 00 00 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 2B 0D 0A 08 03 32 02 2D 0E 37 32 8A 00 00 30 46 28 49 A2 32 00 0A 0A 00 00 07 00 02 03 28 6B 01 01 07 1B 1F 5F 07 2F 02 23 00 02 1E FF 00 00 1E 00 00 00 05 00 0A 0A 06 00 81 0F 0F 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 EA 08 00 00 9F 68 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Scrunch\Post Process Mode: 0x00000004
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Scrunch\Post Process Mode: 0xFFFFFFFF
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\MRUListEx: 02 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU\MRUListEx: 04 00 00 00 03 00 00 00 02 00 00 00 00 00 00 00 01 00 00 00 FF FF FF FF
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 3C 00 00 00 40 0E 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 70 AC A0 B9 39 B8 C7 01 01 00 00 00 C0 A8 01 65 00 00 00 00 00 00 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings: 3C 00 00 00 42 0E 00 00 09 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 05 00 00 00 00 00 00 00 70 AC A0 B9 39 B8 C7 01 01 00 00 00 C0 A8 01 65 00 00 00 00 00 00 00 00
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\SessionInformation\ProgramCount: 0x00000004
HKU\S-1-5-21-3964852003-718389633-2088353398-1009\SessionInformation\ProgramCount: 0x00000003

----------------------------------
Total changes:27
----------------------------------

User avatar
Andrew Lee
Posts: 3052
Joined: Sat Feb 04, 2006 9:19 am
Contact:

#4 Post by Andrew Lee »

Almost all the changes detected are not caused directly by the app itself.

For example, HKLM\SOFTWARE\Microsoft\Cryptography\RNG\Seed is constantly being updated by Windows (used for crypto).

The entries under HKLM\SOFTWARE\Microsoft\DirectDraw\* are updated every time you run an app that uses DirectDraw etc.

The only entries that are written directly by the app are:

Code: Select all

HKLM\SOFTWARE\mozilla.org
HKLM\SOFTWARE\mozilla.org\Mozilla
HKLM\SOFTWARE\mozilla.org\Mozilla\CurrentVersion: "1.8.1.4" 
This appears to happen the first time Firefox Portable is run. If you delete these entries, subsequently runs will not produce these entries.

Nevertheless, I guess it deserves a "No" under the "Stealth" field for this entry.

Thanks!

User avatar
m^(2)
Posts: 890
Joined: Sat Mar 31, 2007 2:38 am
Location: Kce,PL
Contact:

#5 Post by m^(2) »

According to John T. Haller, it's fixed already.

Post Reply