|
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Description:
Maintains a list of entries typed into the Start->Run box
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\Doc Find Spec MRU
Description:
Maintains a list of entries typed into the 'Find Files' search box
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\FindComputerMRU
Description:
Maintains a list of entries for computers searched for via Windows Explorer
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist
Description:
There are two GUID subkeys beneath this key. Beneath each of these keys is the Count subkey, which contains a list of ROT-13 'encrypted' values. The CLSID beginning with 5E6 pertains to the IE Toolbar; the CLSID beginning with 750 corresponds to Active Desktop
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\Map Network Drive MRU
Description:
Maintains a list of drive mapped via the Map Network Drive Wizard.
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\ComputerDescriptions
Description:
Values beneath this key are names or IP addresses of machines connected to.
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2
Description:
Subkeys that start with "#" are paths to drives that have been mounted; includes the use of the "net use" command. BaseClass value will usually be "Drive".
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume
Description:
Each GUID subkey includes a Data value. This value is a volume identifier.
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\MediaPlayer\Player\RecentFileList
Description:
List of files (movies - .mpg, etc.) accessed via Media Player
..................................................................................................................................................
Registry Location:
HKCU
Key Location:
\Software\Microsoft\MediaPlayer\Player\RecentURLList
Description:
List of URLs accessed via Media Player
..................................................................................................................................................
Triage LHF module reports on this key
|
