Stuck War Key di Windows 7 Ultimate

Quote:

---

Originally Posted by sltg-indopahit

aduh..:pone: itu salah besar gan...
gw aja pake windows 7 ultimate lancar jaya kok..

---

bener ultimate gan ??

ada 7 soalnya :D

1. Windows 7 Ultimate

2. Windows 7 Professional

3. Windows 7 Enterprise

4. Windows 7 Home Premium

5. Windows 7 Home Basic

6. Windows 7 Starter

SUMBER

Quote:

---

Originally Posted by sltg-indopahit

aduh..:pone: itu salah besar gan...
gw aja pake windows 7 ultimate lancar jaya kok..

---

ya tergantung anti virusnya gan
kalo gue sih langsung kedetek di laptop gue hehehe jadi ga bisa pake warkey

sbnrnya bukan virus itu gan
bisa di exception gan
pake apa antivirusnya ??
Avira si payung merah ??

pake mc afee brooo hehehe

Quote:

---

Originally Posted by YUKAY_HN_VAMPS

oh ie g bs :llaugh:
sorry sorry, gw cek cuma smp countdown, eh trnyata g bs
:ag-haha:

nih yg bnr, tp kebaca virus...
http://www.mediafire.com/download/9f...arKey68_EN.zip

monggo di bedah :lalala:
problemnya itu2 mlu, stuck...
g bs pake tinker jadinya gw :(

---

USE AT YOUR OWN RISK!!

gua test, warkey tersebut melakukan aktifitas koneksi internet secara diam2 TANPA IJIN

http://gudang.indogamers.com/img/upl...393711592b.jpg

warkey tersebut juga mendownload konten secara diam2 TANPA IJIN
dikomp gua konten tersebut ada di C:\Users\maphack_user\AppData\Local\Microsoft\Wind ows\Temporary Internet Files\Content.IE5

itu yang gua test sendiri :pone:

---

test hasil virustotal.com :
https://www.virustotal.com/en/file/5...is/1393727379/

test hasil "bedah" dr.rezon

Code:

---

    Analysis Report for WarKey.exe
                  MD5: e98c70a5ead9a30feed3612fb4321d2e



    Table of Contents

- General information
- WarKey.exe
  a) Registry Activities
  b) File Activities
  c) Network Activities
  d) Other Activities


    1. General Information

        Time needed:        176 s
        Termination reason: All tracked processes have exited
        Program version:    1.76.3886



    WarKey.exe

    General information about this executable

        Analysis Reason: Primary Analysis Subject
        Filename:        WarKey.exe
        MD5:            e98c70a5ead9a30feed3612fb4321d2e
        SHA-1:          3af8020b624cbd9b7692f4f2b9645e37a4490652
        File Size:      151552 Bytes
        Command Line:    "C:\WarKey.exe"
        Process-status
        at analysis end: dead
        Exit Code:      0


    Load-time Dlls

        Module Name: [ C:\WINDOWS\system32\ntdll.dll ],
              Base Address: [0x7C900000 ], Size: [0x000AF000 ]
        Module Name: [ C:\WINDOWS\system32\kernel32.dll ],
              Base Address: [0x7C800000 ], Size: [0x000F6000 ]
        Module Name: [ C:\WINDOWS\system32\MSVBVM60.DLL ],
              Base Address: [0x73420000 ], Size: [0x00153000 ]
        Module Name: [ C:\WINDOWS\system32\USER32.dll ],
              Base Address: [0x7E410000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\GDI32.dll ],
              Base Address: [0x77F10000 ], Size: [0x00049000 ]
        Module Name: [ C:\WINDOWS\system32\ADVAPI32.dll ],
              Base Address: [0x77DD0000 ], Size: [0x0009B000 ]
        Module Name: [ C:\WINDOWS\system32\RPCRT4.dll ],
              Base Address: [0x77E70000 ], Size: [0x00092000 ]
        Module Name: [ C:\WINDOWS\system32\Secur32.dll ],
              Base Address: [0x77FE0000 ], Size: [0x00011000 ]
        Module Name: [ C:\WINDOWS\system32\ole32.dll ],
              Base Address: [0x774E0000 ], Size: [0x0013D000 ]
        Module Name: [ C:\WINDOWS\system32\msvcrt.dll ],
              Base Address: [0x77C10000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\system32\OLEAUT32.dll ],
              Base Address: [0x77120000 ], Size: [0x0008B000 ]


    Run-time Dlls

        Module Name: [ C:\WINDOWS\system32\xpsp2res.dll ],
              Base Address: [0x01480000 ], Size: [0x002C5000 ]
        Module Name: [ C:\WINDOWS\system32\UxTheme.dll ],
              Base Address: [0x5AD70000 ], Size: [0x00038000 ]
        Module Name: [ C:\WINDOWS\system32\NETAPI32.dll ],
              Base Address: [0x5B860000 ], Size: [0x00055000 ]
        Module Name: [ C:\WINDOWS\system32\hnetcfg.dll ],
              Base Address: [0x662B0000 ], Size: [0x00058000 ]
        Module Name: [ C:\WINDOWS\system32\shdoclc.dll ],
              Base Address: [0x71800000 ], Size: [0x00088000 ]
        Module Name: [ C:\WINDOWS\system32\mswsock.dll ],
              Base Address: [0x71A50000 ], Size: [0x0003F000 ]
        Module Name: [ C:\WINDOWS\System32\wshtcpip.dll ],
              Base Address: [0x71A90000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\WS2HELP.dll ],
              Base Address: [0x71AA0000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\WS2_32.dll ],
              Base Address: [0x71AB0000 ], Size: [0x00017000 ]
        Module Name: [ C:\WINDOWS\system32\wsock32.dll ],
              Base Address: [0x71AD0000 ], Size: [0x00009000 ]
        Module Name: [ C:\WINDOWS\system32\sensapi.dll ],
              Base Address: [0x722B0000 ], Size: [0x00005000 ]
        Module Name: [ C:\WINDOWS\system32\msls31.dll ],
              Base Address: [0x746C0000 ], Size: [0x00027000 ]
        Module Name: [ C:\WINDOWS\system32\MSCTF.dll ],
              Base Address: [0x74720000 ], Size: [0x0004C000 ]
        Module Name: [ C:\WINDOWS\system32\RichEd20.dll ],
              Base Address: [0x74E30000 ], Size: [0x0006D000 ]
        Module Name: [ C:\WINDOWS\system32\CRYPTUI.dll ],
              Base Address: [0x754D0000 ], Size: [0x00080000 ]
        Module Name: [ C:\WINDOWS\system32\MLANG.dll ],
              Base Address: [0x75CF0000 ], Size: [0x00091000 ]
        Module Name: [ C:\WINDOWS\system32\USERENV.dll ],
              Base Address: [0x769C0000 ], Size: [0x000B4000 ]
        Module Name: [ C:\WINDOWS\system32\WINMM.dll ],
              Base Address: [0x76B40000 ], Size: [0x0002D000 ]
        Module Name: [ C:\WINDOWS\system32\PSAPI.DLL ],
              Base Address: [0x76BF0000 ], Size: [0x0000B000 ]
        Module Name: [ C:\WINDOWS\system32\WINTRUST.dll ],
              Base Address: [0x76C30000 ], Size: [0x0002E000 ]
        Module Name: [ C:\WINDOWS\system32\IMAGEHLP.dll ],
              Base Address: [0x76C90000 ], Size: [0x00028000 ]
        Module Name: [ C:\WINDOWS\system32\rtutils.dll ],
              Base Address: [0x76E80000 ], Size: [0x0000E000 ]
        Module Name: [ C:\WINDOWS\system32\rasman.dll ],
              Base Address: [0x76E90000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\TAPI32.dll ],
              Base Address: [0x76EB0000 ], Size: [0x0002F000 ]
        Module Name: [ C:\WINDOWS\system32\RASAPI32.DLL ],
              Base Address: [0x76EE0000 ], Size: [0x0003C000 ]
        Module Name: [ C:\WINDOWS\system32\DNSAPI.dll ],
              Base Address: [0x76F20000 ], Size: [0x00027000 ]
        Module Name: [ C:\WINDOWS\system32\WLDAP32.dll ],
              Base Address: [0x76F60000 ], Size: [0x0002C000 ]
        Module Name: [ C:\WINDOWS\system32\rasadhlp.dll ],
              Base Address: [0x76FC0000 ], Size: [0x00006000 ]
        Module Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ],
              Base Address: [0x76FD0000 ], Size: [0x0007F000 ]
        Module Name: [ C:\WINDOWS\system32\COMRes.dll ],
              Base Address: [0x77050000 ], Size: [0x000C5000 ]
        Module Name: [ C:\WINDOWS\system32\WININET.dll ],
              Base Address: [0x771B0000 ], Size: [0x000AA000 ]
        Module Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ],
              Base Address: [0x773D0000 ], Size: [0x00103000 ]
        Module Name: [ C:\WINDOWS\system32\CRYPT32.dll ],
              Base Address: [0x77A80000 ], Size: [0x00095000 ]
        Module Name: [ C:\WINDOWS\system32\MSASN1.dll ],
              Base Address: [0x77B20000 ], Size: [0x00012000 ]
        Module Name: [ C:\WINDOWS\system32\appHelp.dll ],
              Base Address: [0x77B40000 ], Size: [0x00022000 ]
        Module Name: [ C:\WINDOWS\system32\VERSION.dll ],
              Base Address: [0x77C00000 ], Size: [0x00008000 ]
        Module Name: [ C:\WINDOWS\system32\SHLWAPI.dll ],
              Base Address: [0x77F60000 ], Size: [0x00076000 ]
        Module Name: [ C:\WINDOWS\system32\SHELL32.dll ],
              Base Address: [0x7C9C0000 ], Size: [0x00817000 ]
        Module Name: [ C:\WINDOWS\system32\mshtml.dll ],
              Base Address: [0x7DC30000 ], Size: [0x002F2000 ]
        Module Name: [ C:\WINDOWS\system32\urlmon.dll ],
              Base Address: [0x7E1E0000 ], Size: [0x000A2000 ]
        Module Name: [ C:\WINDOWS\system32\shdocvw.dll ],
              Base Address: [0x7E290000 ], Size: [0x00171000 ]
        Module Name: [ C:\WINDOWS\system32\SXS.DLL ],
              Base Address: [0x7E720000 ], Size: [0x000B0000 ]


    Popups

        Window Name:    WarKey++  Ver:6.8.130327
        Displayed Times: 1
        Window Text:   
Main
Macro Keys
Quick Msg
Read Me
&Hide
E&xit
Fully replace numeric keys
alphabet keys
Num4
[Alt]+[Q/W/A/S/Z/X]
right [Win]
Shield left [Win] when gaming
Minimize
Ally HP bars
Enemy HP bars
Activate WarKey++  -  Active Hotkey: [Home]
AI block mouse(make mouse stay in the window)
Num7
Num8
Num5
Num1
Num2
Change Keys [Num7/Num8/Num4/Num1/Num2] =
[Alt]+[Q/W/E/A/S/D]

                       

    WarKey.exe - Registry Activities

    Registry Keys Created:

        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\CpMRU ]


    Registry Values Modified:

        Key: [ HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
            Value Name: [ ProxyEnable ], New Value: [ 0 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
            Value Name: [ Common AppData ], New Value: [ C:\Documents and Settings\All Users\Application Data ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ],
            Value Name: [ Directory ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths ],
            Value Name: [ Paths ], New Value: [ 4 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 ],
            Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path1 ],
            Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache1 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 ],
            Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path2 ],
            Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache2 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 ],
            Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path3 ],
            Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache3 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 ],
            Value Name: [ CacheLimit ], New Value: [ 40852 ]
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\Path4 ],
            Value Name: [ CachePath ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\Cache4 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International ],
            Value Name: [ W2KLpk ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\CpMRU ],
            Value Name: [ Enable ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\CpMRU ],
            Value Name: [ Factor ], New Value: [ 20 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\CpMRU ],
            Value Name: [ InitHits ], New Value: [ 100 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\CpMRU ],
            Value Name: [ Size ], New Value: [ 10 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
            Value Name: [ AppData ], New Value: [ C:\Documents and Settings\Administrator\Application Data ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
            Value Name: [ Cache ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
            Value Name: [ Cookies ], New Value: [ C:\Documents and Settings\Administrator\Cookies ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders ],
            Value Name: [ History ], New Value: [ C:\Documents and Settings\Administrator\Local Settings\History ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
            Value Name: [ IntranetName ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
            Value Name: [ ProxyBypass ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
            Value Name: [ UNCAsIntranet ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
            Value Name: [ MigrateProxy ], New Value: [ 1 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
            Value Name: [ ProxyEnable ], New Value: [ 0 ]
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
            Value Name: [ SavedLegacySettings ], New Value: [ 0x3c0000001600000001000000000000000000000000000000040000000000 ]




    Monitored Registry Keys:

        Key: [ HKLM\Software\Classes ],
            Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 3 times
        Key: [ HKLM\Software\Classes\CLSID ],
            Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 2 times
        Key: [ HKLM\Software\Microsoft\COM3 ],
            Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 6 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Watch subtree: [ 0 ], Notify Filter: [ Attributes Change,Value Change,Security Descriptor Change ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
            Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
            Watch subtree: [ 0 ], Notify Filter: [ Key Change ], 1 time
        Key: [ HKU ],
            Watch subtree: [ 1 ], Notify Filter: [ Key Change,Value Change ], 5 times



    WarKey.exe - File Activities

    Files Created:

        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF62BC.tmp ]
        File Name: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\WKAD_EN[1].htm ]
        File Name: [ C:\WKSet.ini ]


    Files Read:

        File Name: [ C:\WINDOWS\Registration\R00000000000b.clb ]
        File Name: [ C:\WINDOWS\system32\shdocvw.dll ]
        File Name: [ C:\WINDOWS\system32\stdole2.tlb ]
        File Name: [ C:\WKSet.ini ]
        File Name: [ PIPE\lsarpc ]
        File Name: [ c:\autoexec.bat ]


    Files Modified:

        File Name: [ C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\WDUF49AN\WKAD_EN[1].htm ]
        File Name: [ C:\WKSet.ini ]
        File Name: [ PIPE\lsarpc ]
        File Name: [ \Device\Afd\AsyncConnectHlp ]
        File Name: [ \Device\Afd\Endpoint ]
        File Name: [ \Device\RasAcd ]


    File System Control Communication:

        File: [ C:\Program Files\Common Files\ ], Control Code: [ 0x00090028 ], 1 time
        File: [ PIPE\lsarpc ], Control Code: [ 0x0011C017 ], 19 times


    Device Control Communication:

        File: [ \Device\KsecDD ], Control Code: [ 0x00390008 ], 8 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_INFO (0x0001207B) ], 2 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_CONTEXT (0x00012047) ], 9 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_BIND (0x00012003) ], 2 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_TDI_HANDLES (0x00012037) ], 4 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_GET_SOCK_NAME (0x0001202F) ], 3 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SELECT (0x00012024) ], 6 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SET_INFO (0x0001203B) ], 1 time
        File: [ \Device\Afd\AsyncConnectHlp ], Control Code: [ AFD_CONNECT (0x00012007) ], 1 time
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_RECV (0x00012017) ], 4 times
        File: [ \Device\Afd\Endpoint ], Control Code: [ AFD_SEND (0x0001201F) ], 3 times
        File: [ unnamed file ], Control Code: [ 0x00120028 ], 2 times


    Memory Mapped Files:

        File Name: [ C:\WINDOWS\System32\wshtcpip.dll ]
        File Name: [ C:\WINDOWS\WinSxS\X86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll ]
        File Name: [ C:\WINDOWS\WindowsShell.Manifest ]
        File Name: [ C:\WINDOWS\WindowsShell.manifest ]
        File Name: [ C:\WINDOWS\system32\CLBCATQ.DLL ]
        File Name: [ C:\WINDOWS\system32\COMRes.dll ]
        File Name: [ C:\WINDOWS\system32\DNSAPI.dll ]
        File Name: [ C:\WINDOWS\system32\MLANG.dll ]
        File Name: [ C:\WINDOWS\system32\MSCTF.dll ]
        File Name: [ C:\WINDOWS\system32\MSVBVM60.DLL ]
        File Name: [ C:\WINDOWS\system32\PSAPI.DLL ]
        File Name: [ C:\WINDOWS\system32\RASAPI32.DLL ]
        File Name: [ C:\WINDOWS\system32\RichEd20.dll ]
        File Name: [ C:\WINDOWS\system32\SHELL32.dll ]
        File Name: [ C:\WINDOWS\system32\SXS.DLL ]
        File Name: [ C:\WINDOWS\system32\TAPI32.dll ]
        File Name: [ C:\WINDOWS\system32\UxTheme.dll ]
        File Name: [ C:\WINDOWS\system32\WININET.dll ]
        File Name: [ C:\WINDOWS\system32\WINMM.dll ]
        File Name: [ C:\WINDOWS\system32\WS2HELP.dll ]
        File Name: [ C:\WINDOWS\system32\WS2_32.dll ]
        File Name: [ C:\WINDOWS\system32\hnetcfg.dll ]
        File Name: [ C:\WINDOWS\system32\imm32.dll ]
        File Name: [ C:\WINDOWS\system32\mshtml.dll ]
        File Name: [ C:\WINDOWS\system32\msls31.dll ]
        File Name: [ C:\WINDOWS\system32\mswsock.dll ]
        File Name: [ C:\WINDOWS\system32\rasadhlp.dll ]
        File Name: [ C:\WINDOWS\system32\rasman.dll ]
        File Name: [ C:\WINDOWS\system32\rpcss.dll ]
        File Name: [ C:\WINDOWS\system32\rtutils.dll ]
        File Name: [ C:\WINDOWS\system32\sensapi.dll ]
        File Name: [ C:\WINDOWS\system32\shdoclc.dll ]
        File Name: [ C:\WINDOWS\system32\shdocvw.dll ]
        File Name: [ C:\WINDOWS\system32\stdole2.tlb ]
        File Name: [ C:\WINDOWS\system32\urlmon.dll ]
        File Name: [ C:\WINDOWS\system32\wsock32.dll ]
        File Name: [ C:\WINDOWS\system32\xpsp2res.dll ]
        File Name: [ C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF62BC.tmp ]


    WarKey.exe - Network Activities


    DNS Queries:

        Name: [ yulv.net ], Query Type: [ DNS_TYPE_A ],
            Query Result: [ 61.150.91.31 ], Successful: [ YES ], Protocol: [ udp ]


    HTTP Conversations:

        From 1029 to 61.150.91.31:80 - [ yulv.net ]
            Request: [ GET /WKAD_EN.html ], Response: [ 200 "OK" ]



    WarKey.exe - Other Activities

    Mutexes Created:

        Mutex: [ CTF.Asm.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.Compart.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.LBES.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.Layouts.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.TMD.MutexDefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ CTF.TimListCache.FMPDefaultS-1-5-21-842925246-1425521274-308236825-500MUTEX.DefaultS-1-5-21-842925246-1425521274-308236825-500 ]
        Mutex: [ MSCTF.Shared.MUTEX.IFG ]
        Mutex: [ ZonesCacheCounterMutex ]
        Mutex: [ ZonesCounterMutex ]
        Mutex: [ ZonesLockedCacheCounterMutex ]


    Keyboard Keys Monitored:

        Virtual Key Code: [ VK_RBUTTON (2) ], 1 time
        Virtual Key Code: [ VK_MBUTTON (4) ], 1 time
        Virtual Key Code: [ VK_LBUTTON (1) ], 1 time
        Virtual Key Code: [ VK_CONTROL (17) ], 4 times
        Virtual Key Code: [ VK_MENU (18) ], 4 times
        Virtual Key Code: [ VK_SHIFT (16) ], 4 times
        Virtual Key Code: [ VK_LSHIFT (160) ], 3 times
        Virtual Key Code: [ VK_LCONTROL (162) ], 3 times
        Virtual Key Code: [ VK_LMENU (164) ], 3 times

---

lanjutan atas

Code:

---

Registry Values Read:

        Key: [ HKLM\SOFTWARE\CLASSES\.HTM ],
            Value Name: [ Content Type ], Value: [ text/html ], 2 times
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00021401-0000-0000-C000-000000000046}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ shell32.dll ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{00021401-0000-0000-C000-000000000046}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ oleaut32.dll ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{0BE35204-8F91-11CE-9DE3-00AA004BB851}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ %SystemRoot%\system32\mshtml.dll ], 2 times
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{25336920-03F9-11CF-8FD0-00AA00686F13}\PROGID ],
            Value Name: [  ], Value: [ htmlfile ], 2 times
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ C:\WINDOWS\system32\mlang.dll ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{275C23E2-3747-11D0-9FEA-00AA003F8646}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ %SystemRoot%\system32\mshtml.dll ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{3050F406-98B5-11CF-BB82-00AA00BDCE0B}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 2 times
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Both ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 4 times
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{871C5380-42A0-1069-A2EA-08002B30309D}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ C:\WINDOWS\system32\shdocvw.dll ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{8856F961-340A-11D0-A96B-00C04FD705A2}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{8F6B0360-B80D-11D0-A9B3-006097942311}\INPROCSERVER32 ],
            Value Name: [  ], Value: [ C:\WINDOWS\system32\urlmon.dll ], 3 times
        Key: [ HKLM\SOFTWARE\CLASSES\CLSID\{8F6B0360-B80D-11D0-A9B3-006097942311}\INPROCSERVER32 ],
            Value Name: [ ThreadingModel ], Value: [ Apartment ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{000214E6-0000-0000-C000-000000000046}\PROXYSTUBCLSID32 ],
            Value Name: [  ], Value: [ {bf50b68e-29b8-4386-ae9c-9734d5117cd5} ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{79EAC9C4-BAF9-11CE-8C82-00AA004BA90B}\PROXYSTUBCLSID32 ],
            Value Name: [  ], Value: [ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9} ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{93F2F68C-1D1B-11D3-A30E-00C04F79ABD1}\PROXYSTUBCLSID32 ],
            Value Name: [  ], Value: [ {bf50b68e-29b8-4386-ae9c-9734d5117cd5} ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{B722BCCB-4E68-101B-A2BC-00AA00404770}\PROXYSTUBCLSID32 ],
            Value Name: [  ], Value: [ {B8DA6310-E19B-11D0-933C-00A0C90DCAA9} ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\INTERFACE\{EAB22AC1-30C1-11CF-A7EB-0000C05BAE0B}\TYPELIB ],
            Value Name: [  ], Value: [ {EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B} ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\MIME\DATABASE\CONTENT TYPE\TEXT/HTML ],
            Value Name: [ Extension ], Value: [ .htm ], 2 times
        Key: [ HKLM\SOFTWARE\CLASSES\TYPELIB\{00020430-0000-0000-C000-000000000046}\2.0\0\WIN32 ],
            Value Name: [  ], Value: [ C:\WINDOWS\system32\stdole2.tlb ], 1 time
        Key: [ HKLM\SOFTWARE\CLASSES\TYPELIB\{EAB22AC0-30C1-11CF-A7EB-0000C05BAE0B}\1.1\0\WIN32 ],
            Value Name: [  ], Value: [ C:\WINDOWS\system32\shdocvw.dll ], 1 time
        Key: [ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\about ],
            Value Name: [ CLSID ], Value: [ {3050F406-98B5-11CF-BB82-00AA00BDCE0B} ], 6 times
        Key: [ HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\res ],
            Value Name: [ CLSID ], Value: [ {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} ], 20 times
        Key: [ HKLM\SOFTWARE\Microsoft\CTF\SystemShared\ ],
            Value Name: [ CUAS ], Value: [ 0 ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 6 times
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET CLR 1.1.4322 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET CLR 2.0.50727 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET CLR 3.0.04506.30 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET CLR 3.0.04506.648 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET CLR 3.5.21022 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET4.0C ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform ],
            Value Name: [ .NET4.0E ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\Post Platform ],
            Value Name: [ SV1 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
            Value Name: [  ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
            Value Name: [ MSN 2.0 ], Value: [  ], 1 time
        Key: [ HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent\UA Tokens ],
            Value Name: [ MSN 2.5 ], Value: [  ], 1 time
        Key: [ HKLM\SYSTEM\CurrentControlSet\Control\Session Manager ],
            Value Name: [ CriticalSectionTimeout ], Value: [ 2592000 ], 1 time
        Key: [ HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters ],
            Value Name: [ Transports ], Value: [ 0x5400630070006900700000004e0065007400420049004f00530000000000 ], 2 times
        Key: [ HKLM\SYSTEM\Setup ],
            Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Classes\CLSID\{00021401-0000-0000-c000-000000000046}\InProcServer32 ],
            Value Name: [  ], Value: [ shell32.dll ], 1 time
        Key: [ HKLM\Software\Classes\CLSID\{871c5380-42a0-1069-a2ea-08002b30309d}\InProcServer32 ],
            Value Name: [  ], Value: [ %SystemRoot%\system32\shdocvw.dll ], 3 times
        Key: [ HKLM\Software\Microsoft\COM3 ],
            Value Name: [ Com+Enabled ], Value: [ 1 ], 2 times
        Key: [ HKLM\Software\Microsoft\COM3 ],
            Value Name: [ REGDBVersion ], Value: [ 0x0b00000000000000 ], 28 times
        Key: [ HKLM\Software\Microsoft\Internet Explorer ],
            Value Name: [ IntegratedBrowser ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ],
            Value Name: [ MenuText ], Value: [ Sun Java Console ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501} ],
            Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} ],
            Value Name: [ Exec ], Value: [ %windir%\Network Diagnostic\xpnetdiag.exe ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{E2E2DD38-D088-4134-82B7-F2BA38496583} ],
            Value Name: [ MenuText ], Value: [ @xpsp3res.dll,-20001 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
            Value Name: [ ButtonText ], Value: [ Messenger ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
            Value Name: [ Default Visible ], Value: [ Yes ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
            Value Name: [ Exec ], Value: [ C:\Program Files\Messenger\msmsgs.exe ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11D2-BB9E-00C04F795683} ],
            Value Name: [ MenuText ], Value: [ Windows Messenger ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683} ],
            Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11D2-8F1F-0000F87ABD16} ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Extensions\{e2e2dd38-d088-4134-82b7-f2ba38496583} ],
            Value Name: [ clsid ], Value: [ {1FBA04EE-3024-11d2-8F1F-0000F87ABD16} ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS ],
            Value Name: [ * ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL ],
            Value Name: [ * ], Value: [ 1 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\URL Compatibility\~/CONNWIZ.HTM ],
            Value Name: [ Compatibility Flags ], Value: [ 4 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\URL Compatibility\~/CWIZINTR.HTM ],
            Value Name: [ Compatibility Flags ], Value: [ 4 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Version Vector ],
            Value Name: [ IE ], Value: [ 6.0000 ], 1 time
        Key: [ HKLM\Software\Microsoft\Internet Explorer\Version Vector ],
            Value Name: [ VML ], Value: [ 1.0 ], 1 time
        Key: [ HKLM\Software\Microsoft\Tracing ],
            Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 1 time
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Value Name: [ ConsoleTracingMask ], Value: [ 4294901760 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Value Name: [ EnableConsoleTracing ], Value: [ 0 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Value Name: [ EnableFileTracing ], Value: [ 0 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Value Name: [ FileDirectory ], Value: [ %windir%\tracing ], 4 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Value Name: [ FileTracingMask ], Value: [ 4294901760 ], 2 times
        Key: [ HKLM\Software\Microsoft\Tracing\RASAPI32 ],
            Value Name: [ MaxFileSize ], Value: [ 1048576 ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
            Value Name: [ AllUsersProfile ], Value: [ All Users ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
            Value Name: [ DefaultUserProfile ], Value: [ Default User ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList ],
            Value Name: [ ProfilesDirectory ], Value: [ %SystemDrive%\Documents and Settings ], 4 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-842925246-1425521274-308236825-500 ],
            Value Name: [ ProfileImagePath ], Value: [ %SystemDrive%\Documents and Settings\Administrator ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows NT\CurrentVersion\Windows ],
            Value Name: [ AppInit_DLLs ], Value: [  ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
            Value Name: [ CommonFilesDir ], Value: [ C:\Program Files\Common Files ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion ],
            Value Name: [ ProgramFilesDir ], Value: [ C:\Program Files ], 2 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\App Paths\ICWCONN1.EXE ],
            Value Name: [ Path ], Value: [ C:\Program Files\Internet Explorer\Connection Wizard; ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ Common AppData ], Value: [ %ALLUSERSPROFILE%\Application Data ], 1 time
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ 0 ], Value: [ image/gif ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ 1 ], Value: [ image/x-xbitmap ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ 2 ], Value: [ image/jpeg ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ 3 ], Value: [ image/pjpeg ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ application ], Value: [ application/x-ms-application ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ flash ], Value: [ application/x-shockwave-flash ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ xaml ], Value: [ application/xaml+xml ], 3 times
        Key: [ HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents ],
            Value Name: [ xbap ], Value: [ application/x-ms-xbap ], 3 times
        Key: [ HKLM\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
            Value Name: [ UrlEncoding ], Value: [ 0x00000000 ], 2 times
        Key: [ HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers ],
            Value Name: [ TransparentEnabled ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName ],
            Value Name: [ ComputerName ], Value: [ PC ], 3 times
        Key: [ HKLM\System\CurrentControlSet\Control\MediaProperties\PrivateProperties\Joystick\Winmm ],
            Value Name: [ wheel ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\NLS\Language Groups ],
            Value Name: [ a ], Value: [  ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Control\Nls\CodePage ],
            Value Name: [ 950 ], Value: [ c_950.nls ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
            Value Name: [ 932 ], Value: [ c_932.nls ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
            Value Name: [ 936 ], Value: [ c_936.nls ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
            Value Name: [ 949 ], Value: [ c_949.nls ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\Nls\Codepage ],
            Value Name: [ 950 ], Value: [ c_950.nls ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\ProductOptions ],
            Value Name: [ ProductType ], Value: [ WinNT ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ ComSpec ], Value: [ %SystemRoot%\system32\cmd.exe ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ FP_NO_HOST_CHECK ], Value: [ NO ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ NUMBER_OF_PROCESSORS ], Value: [ 1 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ OS ], Value: [ Windows_NT ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ PATHEXT ], Value: [ .COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ PROCESSOR_ARCHITECTURE ], Value: [ x86 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ PROCESSOR_IDENTIFIER ], Value: [ x86 Family 6 Model 3 Stepping 3, GenuineIntel ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ PROCESSOR_LEVEL ], Value: [ 6 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ PROCESSOR_REVISION ], Value: [ 0303 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ Path ], Value: [ %SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ TEMP ], Value: [ %SystemRoot%\TEMP ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ TMP ], Value: [ %SystemRoot%\TEMP ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Session Manager\Environment ],
            Value Name: [ windir ], Value: [ %SystemRoot% ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
            Value Name: [ TSAppCompat ], Value: [ 0 ], 3 times
        Key: [ HKLM\System\CurrentControlSet\Control\Terminal Server ],
            Value Name: [ TSUserEnabled ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\LDAP ],
            Value Name: [ LdapClientIntegrity ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
            Value Name: [ Domain ], Value: [  ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
            Value Name: [ Hostname ], Value: [ pc ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters ],
            Value Name: [ UseDomainNameDevolution ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
            Value Name: [ HelperDllName ], Value: [ %SystemRoot%\System32\wshtcpip.dll ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
            Value Name: [ Mapping ], Value: [ 0x0b0000000300000002000000010000000600000002000000010000000000 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
            Value Name: [ MaxSockaddrLength ], Value: [ 16 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
            Value Name: [ MinSockaddrLength ], Value: [ 16 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock ],
            Value Name: [ UseDelayedAcceptance ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters ],
            Value Name: [ WinSock_Registry_Version ], Value: [ 2.0 ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
            Value Name: [ Num_Catalog_Entries ], Value: [ 3 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5 ],
            Value Name: [ Serial_Access_Num ], Value: [ 4 ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ DisplayString ], Value: [ Tcpip ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ Enabled ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ ProviderId ], Value: [ 0x409d05229e7ecf11ae5a00aa00a7112b ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ SupportedNameSpace ], Value: [ 12 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001 ],
            Value Name: [ Version ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ DisplayString ], Value: [ NTDS ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ Enabled ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\winrnr.dll ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ ProviderId ], Value: [ 0xee37263b80e5cf11a55500c04fd8d4ac ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ SupportedNameSpace ], Value: [ 32 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002 ],
            Value Name: [ Version ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ DisplayString ], Value: [ Network Location Awareness (NLA) Namespace ], 4 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ Enabled ], Value: [ 1 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ LibraryPath ], Value: [ %SystemRoot%\System32\mswsock.dll ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ ProviderId ], Value: [ 0x3a244266a83ba64abaa52e0bd71fdd83 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ StoresServiceClassInfo ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ SupportedNameSpace ], Value: [ 15 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003 ],
            Value Name: [ Version ], Value: [ 0 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
            Value Name: [ Next_Catalog_Entry_ID ], Value: [ 1020 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
            Value Name: [ Num_Catalog_Entries ], Value: [ 13 ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9 ],
            Value Name: [ Serial_Access_Num ], Value: [ 6 ], 2 times
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\rsvpsp.d ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013 ],
            Value Name: [ PackedCatalogItem ], Value: [ %SystemRoot%\system32\mswsock. ], 1 time
        Key: [ HKLM\System\Setup ],
            Value Name: [ SystemSetupInProgress ], Value: [ 0 ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Control Panel\International ],
            Value Name: [ NumShape ], Value: [ 1 ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ],
            Value Name: [ TEMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Environment ],
            Value Name: [ TMP ], Value: [ %USERPROFILE%\Local Settings\Temp ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
            Value Name: [ Language Hotkey ], Value: [ 1 ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Keyboard Layout\Toggle ],
            Value Name: [ Layout Hotkey ], Value: [ 2 ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Internet Explorer\Security\P3Global ],
            Value Name: [ Enabled ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ EnableHttp1_1 ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ EnableNegotiate ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ MimeExclusionListForCache ], Value: [ multipart/mixed multipart/x-mixed-replace multipart/x-byteranges  ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ User Agent ], Value: [ Mozilla/4.0 (compatible; MSIE 6.0; Win32) ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ WarnOnPost ], Value: [ 0x01000000 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
            Value Name: [ {08B0E5C0-4FCB-11CF-AAA5-00401C608501} ], Value: [ 8194 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
            Value Name: [ {FB5F1910-F110-11d2-BB9E-00C04F795683} ], Value: [ 8193 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Extensions\CmdMapping ],
            Value Name: [ {e2e2dd38-d088-4134-82b7-f2ba38496583} ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\Scripts\3 ],
            Value Name: [ IEFixedFontName ], Value: [ Courier New ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\International\Scripts\3 ],
            Value Name: [ IEPropFontName ], Value: [ Times New Roman ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
            Value Name: [ Anchor Underline ], Value: [ yes ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
            Value Name: [ Disable Script Debugger ], Value: [ yes ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
            Value Name: [ Display Inline Images ], Value: [ yes ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Main ],
            Value Name: [ Use_DlgBox_Colors ], Value: [ yes ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
            Value Name: [ Anchor Color ], Value: [ 0,0,255 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
            Value Name: [ Anchor Color Visited ], Value: [ 128,0,128 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Internet Explorer\Settings ],
            Value Name: [ Use Anchor Hover Color ], Value: [ No ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows NT\CurrentVersion\Winlogon ],
            Value Name: [ ParseAutoexec ], Value: [ 1 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ AppData ], Value: [ %USERPROFILE%\Application Data ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ Cache ], Value: [ %USERPROFILE%\Local Settings\Temporary Internet Files ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ Cookies ], Value: [ %USERPROFILE%\Cookies ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ History ], Value: [ %USERPROFILE%\Local Settings\History ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ Local Settings ], Value: [ %USERPROFILE%\Local Settings ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders ],
            Value Name: [ Personal ], Value: [ %USERPROFILE%\My Documents ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings ],
            Value Name: [ ProxyEnable ], Value: [ 0 ], 7 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache ],
            Value Name: [ Signature ], Value: [ Client UrlCache MMF Ver 5.2 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ],
            Value Name: [ CacheLimit ], Value: [ 163410 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ],
            Value Name: [ CachePrefix ], Value: [  ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content ],
            Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ],
            Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ],
            Value Name: [ CachePrefix ], Value: [ Cookie: ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies ],
            Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ],
            Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ],
            Value Name: [ CacheOptions ], Value: [ 11 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ],
            Value Name: [ CachePath ], Value: [ %USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021720110218\ ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ],
            Value Name: [ CachePrefix ], Value: [ :2011021720110218:  ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021720110218 ],
            Value Name: [ CacheRepair ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ],
            Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ],
            Value Name: [ CacheOptions ], Value: [ 11 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ],
            Value Name: [ CachePath ], Value: [ %USERPROFILE%\Local Settings\History\History.IE5\MSHist012011021820110219\ ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ],
            Value Name: [ CachePrefix ], Value: [ :2011021820110219:  ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012011021820110219 ],
            Value Name: [ CacheRepair ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ],
            Value Name: [ CacheLimit ], Value: [ 8192 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ],
            Value Name: [ CachePrefix ], Value: [ Visited: ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History ],
            Value Name: [ PerUserItem ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
            Value Name: [ IntranetName ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ ],
            Value Name: [ ProxyBypass ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\ ],
            Value Name: [ http ], Value: [ 3 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 ],
            Value Name: [ 1809 ], Value: [ 3 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0 ],
            Value Name: [ Flags ], Value: [ 33 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1 ],
            Value Name: [ Flags ], Value: [ 219 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2 ],
            Value Name: [ Flags ], Value: [ 71 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
            Value Name: [ 1809 ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
            Value Name: [ 1A10 ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3 ],
            Value Name: [ Flags ], Value: [ 1 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4 ],
            Value Name: [ Flags ], Value: [ 3 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Cached ],
            Value Name: [ {871C5380-42A0-1069-A2EA-08002B30309D} {000214E6-0000-0000-C000-000000000046} 0x401 ], Value: [ 0x010000007c6c9c7cc0da56ab0ac5c801 ], 3 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\ShellNoRoam\MUICache ],
            Value Name: [ LangID ], Value: [ 0x0904 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\ShellNoRoam\MUICache\ ],
            Value Name: [ @xpsp3res.dll,-20001 ], Value: [ Diagnose Connection Problems... ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
            Value Name: [ MigrateProxy ], Value: [ 1 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings ],
            Value Name: [ ProxyEnable ], Value: [ 0 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
            Value Name: [ DefaultConnectionSettings ], Value: [ 0x3c0000000300000001000000000000000000000000000000040000000000 ], 2 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections ],
            Value Name: [ SavedLegacySettings ], Value: [ 0x3c0000001500000001000000000000000000000000000000040000000000 ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\windows\CurrentVersion\Internet Settings\Url History ],
            Value Name: [ DaysToKeep ], Value: [ 20 ], 1 time
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ APPDATA ], Value: [ C:\Documents and Settings\Administrator\Application Data ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ CLIENTNAME ], Value: [ Console ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ HOMEDRIVE ], Value: [ C: ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ HOMEPATH ], Value: [ \Documents and Settings\Administrator ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ HOMESHARE ], Value: [  ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ LOGONSERVER ], Value: [ \\PC ], 4 times
        Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Volatile Environment ],
            Value Name: [ SESSIONNAME ], Value: [ Console ], 4 times

---

nih beberapa kasih karya mereka yang lain
mereka sering "menyusupkan ***" kedalam karya buatan mereka.

http://gudang.indogamers.com/img/upl...393713987a.jpg

---

sebenernya masih banyak sih yang mau gua tulis, cuman gua lagi males.
wkwkwk

intinya cuma :
tidak ada yang melarang juga tidak ada yang menganjurkan
semua keputusan ada ditangan masing2 orang
kalo loe percaya dan merasa fine2 aja---> monggo silahkan loe pake

tapi kalo gua sih...ogah
wkwkwk

---

MOMOD / MIMIN MAAF,
GUA GAK BISA EDIT POST
DITEMPAT GUA FORUM LEMOT

coba bantu cek in donk warkey gw m_u
http://speedy.sh/Wr6c6/WarKey.exe
tolonggggssss

Quote:

---

Originally Posted by JKT-OREN

coba bantu cek in donk warkey gw m_u
http://speedy.sh/Wr6c6/WarKey.exe
tolonggggssss

---

gua males bongkar/bedah
karena hasilnya gak akan beda jauh, malah lebih parah punya loe keknya
wkwkwk

---

punya yukay---> https://www.virustotal.com/en/file/5...is/1393727379/

punya loe---> https://www.virustotal.com/en/file/a...is/1393740791/

---

intinya gak beda jauh / masih 1 keluarga
wkwkwk
tapi kalo loe2 orang yang udah pake merasa fine2 aja.....
.....monggo silahkan loe pake
gak ada yang larang kok

gua mah cuma sekedar memberi informasi doang
mau didenger atau tidak, bukan urusan gua
wkwkwk

permasalahannya udah ketemu nih
tuh warkey emg kadang suka buka mozzila sndri
pantesan aja :pmad:

M_U sndri pake warkey yg mana kl maen ??
nyontek dong :ag-haha:
solusi blm ktmu nih masalahnya...

spammer, melakukan koneksi internet TANPA IJIN, lagi beraksi ngetroll.
wkwkwk

http://gudang.indogamers.com/img/upl...393719656a.jpg

---

Quote:

---

Originally Posted by YUKAY_HN_VAMPS

M_U sndri pake warkey yg mana kl maen ??
nyontek dong :ag-haha:
solusi blm ktmu nih masalahnya...

---

GUA PRO njenk!!
http://eu.battle.net/sc2/en/profile/.../achievements/
wkwkwk

pemain pro main game....gak pake alat bantu!!
wkwkwk

TAE COK !!

:ag-haha:

itu ceramah apa pamer tod ?? :llaugh:

itu warkey bs di stop ga biar g ngetroll ?? :rofl:
penyebab dy stuck itu dmn dan bs di ilangin g stucknya ??
PENCERAHAN dong M_U
:psad:

Quote:

---

Originally Posted by YUKAY_HN_VAMPS

TAE COK !!

:ag-haha:

itu ceramah apa pamer tod ?? :llaugh:

itu warkey bs di stop ga biar g ngetroll ?? :rofl:
penyebab dy stuck itu dmn dan bs di ilangin g stucknya ??
PENCERAHAN dong M_U
:psad:

---

block pake firewall, jangan kasih ijin dia untuk mengakses internet.
eh tapi? loe run warkey as administrator?
kalo jawabannya "YA", maka dia berkuasa penuh terhadap komputer loe
administrator---> rezon penguasa

warkey.exe loe run as administrator
berarti warkey.exe adalah rezon dikomputer loe
wkwkwk

*nb*
sori nald, nama loe gua pinjem,soalnya loe ngeTOP
wkwkwk

kalo dota tool kit itu ada ga bro?