Postcard.gif profiling

Publié le par Kareldjag







Processes:
PID    ParentPID    User    Path   
--------------------------------------------------
380    512       C:Documents and SettingsInternet2Mes documentssyfilessyfileszipchast_ppostcards.gif.exe   

Ports:
Port    PID    Type    Path   
--------------------------------------------------

Explorer Dlls:
DLL Path    Company Name    File Description   
--------------------------------------------------
No changes Found           

IE Dlls:
DLL Path    Company Name    File Description   
--------------------------------------------------
No changes Found           

Loaded Drivers:
Driver File    Company Name    Description   
--------------------------------------------------

Monitored RegKeys
Registry Key    Value   
--------------------------------------------------

Kernel31 Api Log
   
--------------------------------------------------
***** Installing Hooks *****   
***** Install URLDownloadToFileA hook failed...Error: Asm Length failed? 0 JMP [B61788] Unknown identifier   
***** Install URLDownloadToCacheFile hook failed...Error: Asm Length failed? 0 JMP [B6178C] Unknown identifier   
719f70df     RegOpenKeyExA (HKLMSystemCurrentControlSetServicesWinSock2Parameters)   
719f7cc4     RegOpenKeyExA (Protocol_Catalog9)   
719f737e     RegOpenKeyExA (00000009)   
719f724d     RegOpenKeyExA (Catalog_Entries)   
719f78ea     RegOpenKeyExA (000000000001)   
719f78ea     RegOpenKeyExA (000000000002)   
719f78ea     RegOpenKeyExA (000000000003)   
719f78ea     RegOpenKeyExA (000000000004)   
719f78ea     RegOpenKeyExA (000000000005)   
719f78ea     RegOpenKeyExA (000000000006)   
719f78ea     RegOpenKeyExA (000000000007)   
719f78ea     RegOpenKeyExA (000000000008)   
719f78ea     RegOpenKeyExA (000000000009)   
719f78ea     RegOpenKeyExA (000000000010)   
719f78ea     RegOpenKeyExA (000000000011)   
719f78ea     RegOpenKeyExA (000000000012)   
719f78ea     RegOpenKeyExA (000000000013)   
719f78ea     RegOpenKeyExA (000000000014)   
719f2623     WaitForSingleObject(790,0)   
719f83c6     RegOpenKeyExA (NameSpace_Catalog5)   
719f737e     RegOpenKeyExA (00000004)   
719f7f5b     RegOpenKeyExA (Catalog_Entries)   
719f80ef     RegOpenKeyExA (000000000001)   
719f80ef     RegOpenKeyExA (000000000002)   
719f80ef     RegOpenKeyExA (000000000003)   
719f2623     WaitForSingleObject(788,0)   
719e1afa     RegOpenKeyExA (HKLMSystemCurrentControlSetServicesWinsock2Parameters)   
719e1996     GlobalAlloc()   
7c80b511     ExitThread()   
4037bc     GetCommandLineA()   
74da14d6     GetCurrentProcessId()=380   
74da199d     GetVersionExA()   
405558     LoadLibraryA(riched32.dll)=73230000   
405564     LoadLibraryA(riched20.dll)=74da0000   
405585     LoadLibraryA(COMCTL32.DLL)=77390000   
7ca32d5d     LoadLibraryA(ole32.dll)=774a0000   
40530c     GetVersionExA()   
40de00     CreateFileA(C:Documents and SettingsInternet2Mes documentssyfilessyfileszipchast_ppostcards.gif.exe)   
40e2c0     ReadFile()   
5b0aef89     GetCurrentProcessId()=380   
5b09b1ba     IsDebuggerPresent()   
77393f9f     LoadLibraryA(UxTheme.dll)=5b090000   
77f48b26     RegOpenKeyExA (HKCUSoftwareMicrosoftwindowsCurrentVersionExplorerAutoComplete)   
77f48d24     RegOpenKeyExA (HKLMSoftwareMicrosoftwindowsCurrentVersionExplorerAutoComplete)   
77f5b4bc     LoadLibraryA(ole32.dll)=774a0000   
76f84c52     GetVersionExA()   
774ef0f5     LoadLibraryA(CLBCATQ.DLL)=76f80000   
774ef8d1     LoadLibraryA(CLBCATQ.DLL)=76f80000   
76f866c9     GetVersionExA()   
76fbaf0c     ReadFile()   
774ebd9b     GetCurrentProcessId()=380   
76c41310     GetVersionExA()   
76be1a17     CreateMutex((null))   
76f1147f     GetVersionExA()   
766119a8     GetVersionExA()   
76611f28     LoadLibraryA(RichEd20.dll)=74da0000   
77737417     GetVersionExA()   
7773716f     GetVersionExA()   
77f44fbd     RegOpenKeyExA (HKLMSoftwareMicrosoftWindowsCurrentVersionExplorerPerformance)   
777361bb     LoadLibraryA(SHELL32.dll)=7c9d0000   
777361bb     LoadLibraryA(ole32.dll)=774a0000   
77f63357     LoadLibraryA(SHELL32.DLL)=7c9d0000   
77f6339e     RegOpenKeyExA (HKLMSoftwareMicrosoftInternet Explorer)   
777361bb     LoadLibraryA(WININET.dll)=77aa0000   
77dc97ae     LoadLibraryA(Secur32.dll)=77fc0000   
77aa40ce     RegOpenKeyExA (HKLMSoftwareMicrosoftWindowsCurrentVersionInternet SettingsCache)   
77aa40ce     RegOpenKeyExA (HKLMSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0Cache)   
77aa773a     RegOpenKeyExA (HKLMSystemSetup)   
77aa40ce     RegOpenKeyExA (HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerShell Folders)   
77aa40ce     RegOpenKeyExA (HKCUSoftwareMicrosoftWindowsCurrentVersionInternet Settings5.0Cache)   
77aa40ce     RegOpenKeyExA (HKCUSoftwareMicrosoftWindowsCurrentVersionExplorerUser Shell Folders)   
77aa6289     RegOpenKeyExA (Content)   
77aa8055     LoadLibraryA(shell32.dll)=7c9d0000   
77f469fd     WaitForSingleObject(6b4,0)   
76964e03     GlobalAlloc()   
7ca32d5d     LoadLibraryA(USERENV.dll)=76960000   
77aa6289     RegOpenKeyExA (Paths)   
77aa6289     RegOpenKeyExA (Path1)   
77aa6289     RegOpenKeyExA (Path2)   
77aa6289     RegOpenKeyExA (Path3)   
77aa6289     RegOpenKeyExA (Path4)   
77aa6289     RegOpenKeyExA (Special Paths)   
77ac2ecf     RegSetValueExA (Directory)   
77ac2f34     RegSetValueExA (Paths)   
77ac2ecf     RegSetValueExA (CachePath)   
77ac2f34     RegSetValueExA (CacheLimit)   
77aa6289     RegOpenKeyExA (Cookies)   
77aa6289     RegOpenKeyExA (History)   
77aa3745     WaitForSingleObject(6c0,ffffffff)   
77aa6030     CreateFileA(C:Documents and SettingsInternet2Local SettingsTemporary Internet FilesContent.IE5index.dat)   
77aa58fe     CreateFileA(C:Documents and SettingsInternet2Local SettingsTemporary Internet FilesContent.IE5index.dat)   
77aa3745     WaitForSingleObject(6b8,ffffffff)   
77aa6030     CreateFileA(C:Documents and SettingsInternet2Cookiesindex.dat)   
77aa58fe     CreateFileA(C:Documents and SettingsInternet2Cookiesindex.dat)   
77aa3745     WaitForSingleObject(6a8,ffffffff)   
77aa6030     CreateFileA(C:Documents and SettingsInternet2Local SettingsHistoriqueHistory.IE5index.dat)   
77aa58fe     CreateFileA(C:Documents and SettingsInternet2Local SettingsHistoriqueHistory.IE5index.dat)   
77aa6289     RegOpenKeyExA (Extensible Cache)   
77aa791f     WaitForSingleObject(6c8,ea60)   
77aa6289     RegOpenKeyExA (MSHist012006042520060426)   
77aa6289     RegOpenKeyExA (UserData)   
77f50e2a     RegOpenKeyExA (HKCUSOFTWAREPoliciesMicrosoftWindowsCurrentVersionInternet Settings)   
77aa9da1     LoadLibraryA(urlmon.dll)=77170000   
77f48b26     RegOpenKeyExA (HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZoneMap)   
77f48b26     RegOpenKeyExA (HKCUSoftwarePoliciesMicrosoftWindowsCurrentVersionInternet SettingsZoneMap)   
77f48b70     RegOpenKeyExA (HKLMSoftwarePoliciesMicrosoftWindowsCurrentVersionInternet SettingsZoneMap)   
77f512b8     RegOpenKeyExA (Ranges)   
77f512b8     RegOpenKeyExA (Range1)   
77f512b8     RegOpenKeyExA (Range10)   
77f512b8     RegOpenKeyExA (Range11)   
77f512b8     RegOpenKeyExA (Range12)   
77f512b8     RegOpenKeyExA (Range13)   
77f512b8     RegOpenKeyExA (Range14)   
77f512b8     RegOpenKeyExA (Range15)   
77f512b8     RegOpenKeyExA (Range16)   
77f512b8     RegOpenKeyExA (Range17)   
77f512b8     RegOpenKeyExA (Range18)   
77f512b8     RegOpenKeyExA (Range19)   
77f512b8     RegOpenKeyExA (Range2)   
77f512b8     RegOpenKeyExA (Range20)   
77f512b8     RegOpenKeyExA (Range21)   
77f512b8     RegOpenKeyExA (Range22)   
77f512b8     RegOpenKeyExA (Range23)   
77f512b8     RegOpenKeyExA (Range24)   
77f512b8     RegOpenKeyExA (Range25)   
77f512b8     RegOpenKeyExA (Range26)   
77f512b8     RegOpenKeyExA (Range27)   
77f512b8     RegOpenKeyExA (Range28)   
77f512b8     RegOpenKeyExA (Range29)   
77f512b8     RegOpenKeyExA (Range3)   
77f512b8     RegOpenKeyExA (Range30)   
77f512b8     RegOpenKeyExA (Range31)   
77f512b8     RegOpenKeyExA (Range4)   
77f512b8     RegOpenKeyExA (Range5)   
77f512b8     RegOpenKeyExA (Range6)   
77f512b8     RegOpenKeyExA (Range7)   
77f512b8     RegOpenKeyExA (Range8)   
77f512b8     RegOpenKeyExA (Range9)   
77f48b26     RegOpenKeyExA (HKCUSoftwarePoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones)   
77f48b70     RegOpenKeyExA (HKLMSoftwarePoliciesMicrosoftWindowsCurrentVersionInternet SettingsZones)   
77f48b26     RegOpenKeyExA (HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones)   
77f48b26     RegOpenKeyExA (HKCUSoftwareMicrosoftWindowsCurrentVersionInternet SettingsZones

Publié dans METHODOLOGY

Commenter cet article

nicM 16/05/2006 04:19

Kareldjag, le lien pour la page 2 de la methodology a disparu :( - j'en ai besoin pour finir les tests!

De même que la 1ère page, qui n'apparaît plus sur le site (mais reste accessible si on a l'url.

Nico