Aimbot_KZK_09.rar

This is a discussion on Aimbot_KZK_09.rar within the Counter-Strike: 1.6 Hacks board part of the Counter-Strike Forum category; Aimbot_KZK_09.rar is a polish trojan that is floating around. Its designed to look like MPH Aimbot Leis 05.. but theres ...

Page 1 of 2 12 LastLast
Results 1 to 10 of 14
  1. #1
    CampStaff is offline Guru
    Array
    Join Date
    Mar 2009
    Posts
    82
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    12
    Reputation
    214

    Aimbot_KZK_09.rar

    Aimbot_KZK_09.rar is a polish trojan that is floating around. Its designed to look like MPH Aimbot Leis 05.. but theres an added exe which contains:


    File Info

    Report generated: 29.3.2009 at 20.14.50 (GMT 1)
    Filename: LeisInstal.exe
    File size: 487 KB
    MD5 Hash: 61C73C527764070494A0ACF224319BE8
    SHA1 Hash: 3A1A59961E99F180BB3FDCD17F479D0D8A9DDD0A
    Packer detected: Microsoft Visual C++ 6.0 [Overlay]
    Self-Extract Archive: Nothing found
    Binder Detector: Nothing found
    Detection rate: 18 on 24

    Detections

    a-squared - Nothing found!
    Avira AntiVir - ADSPY/Dropper.Ardamax.Gen
    Avast - Win32:Ardamax-JC [Trj]
    AVG - PSW.Generic5.HHS
    BitDefender - Trojan.Spy.Ardamax.N
    ClamAV - Trojan.Dropper-2328
    Comodo - ApplicUnsaf.Win32.KeyLogger.Ardamax
    Dr.Web - Nothing found!
    Ewido - Logger.Ardamax.n
    F-PROT 6 - W32/Trojan.CCFT
    G DATA - Trojan-Spy.Win32.Ardamax.n A
    IkarusT3 - Trojan-Spy.Win32.Ardamax
    Kaspersky - Trojan-Spy.Win32.Ardamax.n
    McAfee - Spy-Agent.cv trojan
    MHR (Malware Hash Registry) - Nothing found!
    NOD32 v3 - Win32/KeyLogger.Ardamax
    Norman - Security Risk W32/Ardamax.DKT
    Panda - Nothing found!
    Quick Heal - Nothing found!
    Solo Antivirus - Nothing found!
    Sophos - Ardamax Installer
    TrendMicro - TSPY_ARDAMAX.GA
    VBA32 - Trojan-Spy.Win32.Ardamax.n
    Virus Buster - TrojanSpy.Ardamax.W
    Weeee!! Trojan Alert

    Ok, lets see what the trojan does:
    Code:
    Autostart capabilities: This executable registers processes to be executed at system start. This could result in unwanted actions to be performed automatically.  
       
    Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web.     
    
    Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users.     
    
    Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.   
    Spawns Processes: The executable produces processes during the execution.     
    
    Performs Registry Activities: The executable reads and modifies register values. It also creates and monitors register keys


    So, when we Sandbox the trojan and see what it does, it shows it installs:
    Code:
    C:\WINDOWS\system32\28463\XUBX.001
    C:\WINDOWS\system32\28463\XUBX.006
    C:\WINDOWS\system32\28463\XUBX.007
    C:\WINDOWS\system32\28463\XUBX.exe
    C:\WINDOWS\system32\28463\AKV.exe

    And creates this directory:

    Code:
    C:\WINDOWS\system32\28463\
    Then it opens and/or modifies these keys:



    Code:
    KLM\​Software\​Microsoft\​Windows\​CurrentVersion\​Explorer\​Shell Folders
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​User Shell Folders     maximum allowed     success or wait     4
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​Shell Folders     maximum allowed     success or wait     4
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​{2bc8d614-99d0-11dd-990b-806d6172696f}\​​     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​{215e6ac3-939c-11dd-8601-806d6172696f}\​​     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​{215e6ac2-939c-11dd-8601-806d6172696f}\​​     maximum allowed     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Explorer\​​User Shell Folders     maximum allowed     success or wait     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Explorer\​​Shell Folders     maximum allowed     success or wait     2
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​LeisInstal.exe     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​System\​​CurrentControlSet\​​Control\​​Terminal Server     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     3
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​MSVCRT.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​GDI32.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​USER32.dll     generic read     object name not found     1
    \​​Registry\​​MACHINE\​​System\​​CurrentControlSet\​​Control\​​Session Manager     query value and read or execute     success or wait     1
    \​​Registry\​​MACHINE\​​System\​​CurrentControlSet\​​Control\​​SafeBoot\ ​​Option     query value and set value and read or execute and write     object name not found     3
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers     query value and read or execute     success or wait     5
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​Secur32.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​RPCRT4.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​ADVAPI32.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​SOFTWARE\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Winlogon     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE     maximum allowed     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Diagnostics     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​IMM32.DLL     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​ntdll.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​kernel32.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​System\​​CurrentControlSet\​​Control\​​Error Message Instrument\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​GRE_Initialize     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Windows     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​SHLWAPI.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Explorer\​​Performance     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​SHELL32.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SYSTEM\​​Setup     query value and read or execute     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\​​ SideBySide\​​AssemblyStorageRoots     enumerate sub key and read or execute     object name not found     2
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​comctl32.dll     generic read     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     3
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Control Panel\​​Desktop     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​Advanced     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​LanguagePack     query value and read or execute     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​@2.tmp     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\ ​​ShellCompatibility\​​Applications\​​LeisInstal.exe     query value and enumerate sub key and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​ole32.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SYSTEM\​​CurrentControlSet\​​Control\​​Session Manager     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Ole     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Interface     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Interface\​​ {00020400-0000-0000-C000-000000000046}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​MSCTF.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​CTF\​​Compatibility\​​ LeisInstal.exe     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​CTF\​​SystemShared\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Keyboard Layout\​​Toggle     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​CTF\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Explorer     query value and read or execute     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​netapi32.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Rpc\​​PagedBuffers     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Rpc     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​LeisInstal.exe\​​RpcThreadPoolThrottle     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows NT\​​Rpc     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​System\​​CurrentControlSet\​​Control\​​ComputerName     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SYSTEM\​​ControlSet001\​​Control\​​ComputerName\ ​​ActiveComputerName     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Policies\​​Explorer     query value and read or execute     object name not found     20
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Policies\​​Explorer     query value and read or execute     success or wait     20
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\ ​​ShellCompatibility\​​Objects\​​{20D04FE0-3AEA-1069-A2D8-08002B30309D}     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500_Classes     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​CLSID\​​ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\​​InProcServer32     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​CLSID\​​ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\​​InProcServer32     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {20D04FE0-3AEA-1069-A2D8-08002B30309D}\​​InProcServer32     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​Drive\​​shellex\​ ​FolderExtensions     enumerate sub key and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Drive\​​shellex\​​ FolderExtensions     enumerate sub key and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Drive\​​shellex\​ ​FolderExtensions     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​Drive\​​shellex\​ ​FolderExtensions\​​{fbeb8a05-beee-4442-804e-409d6c4515e9}     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Drive\​​shellex\​​ FolderExtensions\​​{fbeb8a05-beee-4442-804e-409d6c4515e9}     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Drive\​​shellex\​ ​FolderExtensions\​​{fbeb8a05-beee-4442-804e-409d6c4515e9}     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​FileExts     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​FileExts\​​ .exe     maximum allowed     object name not found     4
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.exe     maximum allowed     object name not found     2
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.exe     maximum allowed     success or wait     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.exe     maximum allowed     object name not found     3
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​exefile     maximum allowed     object name not found     2
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​exefile     maximum allowed     success or wait     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​CurVer     query value and read or execute     object name not found     2
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​CurVer     query value and read or execute     object name not found     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile     maximum allowed     object name not found     7
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​     maximum allowed     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Policies\​​System     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​Advanced     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​ ShellEx\​​IconHandler     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​ShellEx\​​ IconHandler     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​ SystemFileAssociations\​​.exe     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​SystemFileAssociations\​​.exe     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​ SystemFileAssociations\​​application     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​SystemFileAssociations\​​ application     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​*     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​*     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​*\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​*\​​Clsid     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​SETUPAPI.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​System\​​Setup     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​MACHINE\​​SYSTEM\​​CurrentControlSet\​​Control\​​MiniNT     query value and set value and create sub key and enumerate sub key and notify and create link and read or execute and write and delete and read control and write dac and write owner     object name not found     1
    \​​REGISTRY\​​MACHINE\​​System\​​WPA\​​PnP     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SYSTEM\​​Setup     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Setup     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     4
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Setup     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Setup\​​AppLogLevels     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​System\​​CurrentControlSet\​​Control\​​ ComputerName\​​ActiveComputerName     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​System\​​CurrentControlSet\​​Services\​​Tcpip\​​ Parameters     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​System\​​ DNSclient     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​CPC\​​Volume     maximum allowed     success or wait     10
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​CPC\​​Volume\​​{215e6ac2-939c-11dd-8601-806d6172696f}\​​     maximum allowed     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​CPC\​​Volume\​​{215e6ac3-939c-11dd-8601-806d6172696f}\​​     maximum allowed     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​ MountPoints2\​​CPC\​​Volume\​​{2bc8d614-99d0-11dd-990b-806d6172696f}\​​     maximum allowed     success or wait     6
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​Directory     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Directory     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Directory\​​ CurVer     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​Directory\​​CurVer     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Directory     maximum allowed     object name not found     6
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​Directory\​​     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Directory\​​ ShellEx\​​IconHandler     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​Directory\​​ShellEx\​​ IconHandler     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Directory\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​Directory\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​Folder     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Folder     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​Folder\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​Folder\​​Clsid     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Explorer\​​ShellExecuteHooks     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​CLSID\​​ {AEB6717E-7E19-11D0-97EE-00C04FD91972}\​​InProcServer32     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​CLSID\​​ {AEB6717E-7E19-11D0-97EE-00C04FD91972}\​​InProcServer32     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {AEB6717E-7E19-11d0-97EE-00C04FD91972}\​​InProcServer32     maximum allowed     object name not found     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Policies\​​Associations     query value and read or execute     object name not found     4
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Policies\​​ Associations     query value and read or execute     success or wait     4
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.exe     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.exe     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.ade     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.ade     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.adp     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.adp     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.app     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.app     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.asp     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.asp     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.asp     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.bas     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.bas     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.bat     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.bat     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.bat     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.cer     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.cer     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.cer     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.chm     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.chm     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.chm     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.cmd     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.cmd     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.cmd     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.com     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.com     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.com     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.cpl     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.cpl     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.cpl     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.crt     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.crt     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​.crt     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​.csh     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​.csh     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​COM3     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     4
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​COMRes.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​OLEAUT32.dll     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​OLEAUT     query value and read or execute     object name not found     2
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​OLEAUT\​​UserEra     query value and enumerate sub key and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​VERSION.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​CLBCATQ.DLL     generic read     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​COM3\​​Debug     query value and set value and create sub key and enumerate sub key and notify and create link and read or execute and write and delete and read control and write dac and write owner     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​COM3\​​Debug     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​OLE     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_USERS\​​S-1-5-21-2000478354-1770027372-682003330-500_Classes     maximum allowed     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Classes     maximum allowed     success or wait     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​COM3     maximum allowed     success or wait     6
    \​​REGISTRY\​​USER     notify and read or execute     success or wait     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Classes\​​CLSID     maximum allowed     success or wait     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​CLSID\​​ {7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     5
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​CLSID\​​ {7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     5
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​TreatAs     query value and read or execute     object name not found     2
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​TreatAs     query value and read or execute     object name not found     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocServer32     maximum allowed     object name not found     7
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocServer32     maximum allowed     success or wait     3
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocServerX86     maximum allowed     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocServerX86     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​LocalServer32     maximum allowed     object name not found     2
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​LocalServer32     maximum allowed     object name not found     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocHandler32     maximum allowed     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocHandler32     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocHandlerX86     maximum allowed     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​InprocHandlerX86     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​LocalServer     maximum allowed     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}\​​LocalServer     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​CLSID\​​ {7b8a2d94-0ac9-11d1-896c-00c04Fb6bfc4}     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​iertutil.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​urlmon.dll     generic read     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​PROTOCOLS\​​ Name-Space Handler\​​     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​PROTOCOLS\​​Name-Space Handler     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​PROTOCOLS\​​ Name-Space Handler     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings     query value and read or execute     object name not found     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Internet Settings     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings     query value and read or execute     object name not found     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl     query value and read or execute     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl     query value and read or execute     object name not found     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl     query value and read or execute     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl     query value and read or execute     object name not found     2
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​ FEATURE_IGNORE_POLICIES_ZONEMAP_IF_ESC_ENABLED_KB918915     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​ZoneMap\​​Domains\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​Domains\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​ZoneMap\​​Ranges\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​Ranges\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_OBJECT_CACHING     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_ZONE_ELEVATION     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_MIME_HANDLING     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_MIME_SNIFFING     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_WINDOW_RESTRICTIONS     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_WEBOC_POPUPMANAGEMENT     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_BEHAVIORS     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_DISABLE_MK_PROTOCOL     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_LOCALMACHINE_LOCKDOWN     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_SECURITYBAND     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_RESTRICT_ACTIVEXINSTALL     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_VALIDATE_NAVIGATE_URL     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_RESTRICT_FILEDOWNLOAD     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_ADDON_MANAGEMENT     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_PROTOCOL_LOCKDOWN     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​ FEATURE_HTTP_USERNAME_PASSWORD_DISABLE     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_SAFE_BINDTOOBJECT     query value and read or execute     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_UNC_SAVEDFILECHECK     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​ FEATURE_GET_URL_DOM_FILEPATH_UNENCODED     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_TABBED_BROWSING     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_SSLUX     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_DISABLE_NAVIGATION_SOUNDS     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_DISABLE_LEGACY_COMPRESSION     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_FORCE_ADDR_AND_STATUS     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_XMLHTTP     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_DISABLE_TELNET_PROTOCOL     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_FEEDS     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Main\​​FeatureControl\​​FEATURE_BLOCK_INPUT_PROMPTS     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​CLSID\​​ {7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\​​InProcServer32     query value and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​CLSID\​​ {7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}\​​InProcServer32     query value and read or execute     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​Ranges\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​ProtocolDefaults\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​Domains\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Internet Settings\​​ZoneMap\​​Domains\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Internet Settings\​​ZoneMap\​​Domains\​​msn.com     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Internet Settings\​​ZoneMap\​​Domains\​​msn.com\​​related     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Internet Explorer     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings     query value and read or execute     success or wait     2
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Internet Settings     query value and read or execute     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Internet Explorer     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Internet Explorer\​​Security     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Microsoft\​​Internet Explorer\​​Security     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Zones\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     3
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     4
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​ZoneMap\​​     query value and set value and create sub key and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     3
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     3
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​0     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​1     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​2     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​3     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​ CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     2
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​CurrentVersion\​​Internet Settings\​​Lockdown_Zones\​​4     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     2
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​shell\​ ​open     maximum allowed     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​shell\​​open     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​shell\​ ​open\​​command     query value and read or execute     object name not found     3
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​shell\​​open\​​ command     query value and read or execute     success or wait     3
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​shell\​ ​open\​​command     maximum allowed     object name not found     3
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Policies\​​Explorer\​​ RestrictRun     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​App Paths\​​XUBX.exe     query value and read or execute     object name not found     5
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_Classes\​​exefile\​​shell\​ ​open\​​ddeexec     query value and read or execute     object name not found     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Classes\​​exefile\​​shell\​​open\​​ ddeexec     query value and read or execute     object name not found     1
    \​​REGISTRY\​​USER\​​ S-1-5-21-2000478354-1770027372-682003330-500_CLASSES\​​Applications\​​ XUBX.exe     maximum allowed     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Classes\​​Applications\​​XUBX.exe     maximum allowed     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​ShellNoRoam     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​ShellNoRoam\​​MUICache     maximum allowed     success or wait     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​ShellNoRoam\​​MUICache\​​     maximum allowed     success or wait     2
    \​​REGISTRY\​​MACHINE\​​Software\​​Microsoft\​​Windows\​​CurrentVersion\ ​​Explorer\​​FileAssociation     query value and read or execute     success or wait     2
    \​​Registry\​​MACHINE\​​System\​​CurrentControlSet\​​Control\​​Session Manager\​​AppCertDlls     query value and read or execute     object name not found     1
    \​​Registry\​​MACHINE\​​System\​​CurrentControlSet\​​Control\​​Session Manager\​​AppCompatibility     query value and read or execute     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​Apphelp.dll     generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​System\​​WPA\​​TabletPC     query value and wow64 64key and wow64 resource and read or execute     object name not found     1
    HKEY_LOCAL_MACHINE\​​SYSTEM\​​WPA\​​MediaCenter     query value and wow64 64key and wow64 resource and read or execute     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​AppCompatFlags\​​Layers     wow64 64key and wow64 resource and generic read     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​AppCompatFlags\​​Layers     wow64 64key and wow64 resource and generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​AppCompatFlags\​​Custom\​​XUBX.exe     wow64 64key and wow64 resource and generic read     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​LevelObjects     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​0\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​ Safer\​​CodeIdentifiers\​​0\​​Paths\​​ {dda3f824-d8cb-441b-834d-be2efd2c1a33}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​0\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​ Safer\​​CodeIdentifiers\​​0\​​Hashes\​​ {349d35ab-37b5-462f-9b89-edd5fbde1328}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​ Safer\​​CodeIdentifiers\​​0\​​Hashes\​​ {7fb9cd2e-3076-4df9-a57b-b813f72dbb91}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​ Safer\​​CodeIdentifiers\​​0\​​Hashes\​​ {81d1fe15-dd9d-4762-b16d-7c29ddecae3f}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​ Safer\​​CodeIdentifiers\​​0\​​Hashes\​​ {94e3e076-8f53-42a5-8411-085bcc18a68d}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    \​​REGISTRY\​​MACHINE\​​SOFTWARE\​​Policies\​​Microsoft\​​Windows\​​ Safer\​​CodeIdentifiers\​​0\​​Hashes\​​ {dc971ee5-44eb-4fe4-ae2e-b91490411bfc}     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​0\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​4096\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​4096\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​4096\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​65536\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​65536\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​65536\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​131072\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​131072\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​131072\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​262144\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​262144\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    HKEY_LOCAL_MACHINE\​​Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​ ​CodeIdentifiers\​​262144\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​0\ ​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​0\ ​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​0\ ​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 4096\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 4096\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 4096\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 65536\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 65536\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 65536\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 131072\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 131072\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 131072\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 262144\​​Paths     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 262144\​​Hashes     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers\​​ 262144\​​UrlZones     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Policies\​​Microsoft\​​Windows\​​Safer\​​CodeIdentifiers     query value and enumerate sub key and notify and read or execute and write and read control     object name not found     1
    \​​REGISTRY\​​USER\​​S-1-5-21-2000478354-1770027372-682003330-500\​​ Software\​​Microsoft\​​Windows\​​CurrentVersion\​​Explorer\​​Shell Folders     query value and enumerate sub key and notify and read or execute and write and read control     success or wait     1
    HKEY_LOCAL_MACHINE\​​Software\​​Microsoft\​​Windows NT\​​CurrentVersion\​​Image File Execution Options\​​XUBX.exe

    And sends your data and passwords to him, or he can watch you type on your computer in real time.
    Quote Originally Posted by JAvEX
    Public hack or even a private hack, if you cheat, you run the risk of getting banned.

  2. The Following 3 Users Say Thank You to CampStaff For This Useful Post:


  3. #2
    jayezor is offline Banned User Array
    Join Date
    Apr 2009
    Posts
    83
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    29
    Woah i was just about to download the aimbot Nm Ill Cancel Thnx

  4. #3
    WeZZi is offline Newbie
    Array
    Join Date
    May 2009
    Posts
    7
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Im not gonna download that

  5. #4
    alam2200 is offline Newbie
    Array
    Join Date
    Apr 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    good

  6. #5
    titti is offline Wannabe Member
    Array
    Join Date
    Nov 2008
    Posts
    11
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    noob

  7. #6
    dominic1 is offline Wannabe Member
    Array
    Join Date
    May 2009
    Posts
    17
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    11
    Reputation
    11
    full of ardamax shit... it's a keylogger.

  8. #7
    djstathis is offline Wannabe Member
    Array
    Join Date
    May 2009
    Posts
    12
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    can i downloaded it and close my avg antivirus?

  9. #8
    onighosh is offline Newbie
    Array
    Join Date
    Jun 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    thanks campstaff i was gona download it

  10. #9
    Gamblerboy is offline Newbie
    Array
    Join Date
    Jul 2009
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    Can any help me ? I don't know how to download this....

  11. #10
    ExoDaz's Avatar
    ExoDaz is offline Member
    Array
    Join Date
    Jun 2009
    Posts
    35
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    10
    Reputation
    1
    will this get u banned?
    Life is Harder than Death!

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •