路过请教下有什么好的连发软件推荐

随手一下千把张 · 发表于 2015-11-1 20:18:26

因为随便下的话随便就能下到病毒木马，比如刚才这个。。。

MD5
01c4f257dd4af7fe128de7947c628c25
dnflfcx.zip

运行之后什么都点不了，还往c盘根目录写入了几个exe并执行。里面有个exe还有度娘中国的数字签名，运行期间程序申请联网。
www.pc6.com/softview/SoftView_67480.html

现在那些站点真是有毛病。。。这两天玩psp模拟器玩的比较爽，不过不自带连发不方便，所以前来请教。。。同时启用多个按键的连发，能设置按键间隔更好，用惯了psp上的修改插件，换了模拟器还真不习惯。

随手一下千把张 · 发表于 2015-11-1 20:25:27

删的好~啪啪啪~

随手一下千把张 · 发表于 2015-11-17 14:53:28

http://www.52z.com/soft/1217.html

高速下载器通道
点击这里面的按钮下到的文件怀疑是有问题的。
MD5:eb935ecee39dfeebd3c7601bcd62e0f3
SHA1:5bc539f5297952a5ae8c43ff7a9bb0e0ae47b2e9
数字签名
Shanghai Yishen Network Technology Co., Ltd.
2015年11月12日 16:03:33

随手一下千把张 · 发表于 2015-12-23 16:03:45

http://pan.baidu.com/share/link? ... adapt=pc&fr=ftw

MD5:46b4a8c4c038761b020f9bb4ce204d31
SHA1:15f44112fde0eb8deed997efa53221ac76c71a1e
貌似没有数字签名，这个exe是病毒文件。网盘搜索也会有些人故意放一些带病毒的文件，希望大家享用之余不要疏忽了防范，尤其找一些破解版软件的时候。

http://r.virscan.org/report/79ae0b6140531ed31913a27cb0203fd3

随手一下千把张 · 发表于 2015-12-27 14:51:12

本帖最后由随手一下千把张于 2015-12-27 16:10 编辑

h ttp://www.cr173.com/azyx/118564.html

Riyue Tongxing Information Technology (Beijing) Co.,Ltd.
2015年11月27日 23:50:22

Symantec Time Stamping Services Signer - G4

MD5:b2ec2d7dc979f3dfc314ee1944c37de2
SHA1:00f111463098a1d26bdfaf0192bafd3826300510

随手一下千把张 · 发表于 2015-12-27 15:07:12

本帖最后由随手一下千把张于 2015-12-27 16:08 编辑

h ttp://www.sdbeta.com/xiazai/2015/0402/30167.html

Shanghai Yishen Network Technology Co., Ltd.
2015年12月23日 20:21:44
WoSign Time Stamping Signer

MD5:9401dcbff27b073d08438cab33d272f7
SHA1:634e0cc6102386c8767a50ad3d84c18ef9e1b209

随手一下千把张 · 发表于 2016-3-31 19:00:26

本帖最后由随手一下千把张于 2016-3-31 20:02 编辑

h ttp://www.pc6.com/softview/SoftView_15564.html
Wsyscheck简体中文绿色免费版
MD5:2ea315ceacfdd901c9dcea161d9f3e8f
SHA1:49d6f4a3648df9289fc60a98e34e9f0c6d1ac13a

日月同行数字签名.rar (2.4 KB, 下载次数: 0) 数字签名，可以在操作系统里自行设置屏蔽掉这个公司。

出品公司:       Riyue Tongxing Information Technology (Beijing) Co.,Ltd.
版本:       1.3.1.14---1.3.1.14
壳或编译器信息:       PACKER:UPX 0.89.6 - 1.02 / 1.05 - 1.24 (Delphi) stub -> Markus & Laszlo [Overlay]

关键行为
行为描述:       修改注册表
详情信息:       \REGISTRY\USER\S-*\Software\downer\usestime
行为描述:       设置特殊文件夹属性
详情信息:       C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:       获取TickCount值
详情信息:       TickCount = 489079, SleepMilliseconds = 1.
进程行为
行为描述:       创建本地线程
详情信息:       N/A
行为描述:       进程退出
详情信息:       N/A
行为描述:       枚举进程
详情信息:       N/A
文件行为
行为描述:       设置特殊文件夹属性
详情信息:       C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述:       删除文件
详情信息:       C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\stdQEZCH.tmp
行为描述:       查找文件
详情信息:       FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-CN
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh-Hans
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.zh
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CHS
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\996E.CH
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\stdQEZCH.tmp\*.*
网络行为
行为描述:       建立到一个指定的套接字连接
详情信息:       110.110.110.110:80, SOCKET = 0x00000620
110.110.110.110:80, SOCKET = 0x00000618
110.110.110.110:80, SOCKET = 0x0000062c
行为描述:       按名称获取主机地址
详情信息:       api.down.72zx.com
注册表行为
行为描述:       修改注册表
详情信息:       \REGISTRY\USER\S-*\Software\downer\usestime
其他行为
行为描述:       创建互斥体
详情信息:       CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Afxdowner:340
MSCTF.Shared.MUTEX.ELH
行为描述:       隐藏指定窗口
详情信息:       [Window,Class] = [高速下载器,Afxdowner:340]
行为描述:       查找指定窗口
详情信息:       NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行为描述:       窗口信息
详情信息:       Pid = 416, Hwnd=0x302dc, Text = 确定, ClassName = Button.
Pid = 416, Hwnd=0x202d8, Text = 获取软件信息失败，请确保您的网络连接正常。, ClassName = Static.
Pid = 416, Hwnd=0x202d4, Text = 错误, ClassName = #32770.
行为描述:       获取系统权限
详情信息:       SE_LOAD_DRIVER_PRIVILEGE
行为描述:       获取TickCount值
详情信息:       TickCount = 489079, SleepMilliseconds = 1.
行为描述:       枚举窗口
详情信息:       N/A

【日月同行信息技术(北京)有限公司】？

随手一下千把张 · 发表于 2016-3-31 21:44:27

i6188.exe

MD5:182ed382c3a70ec0b07f117d2c139a88
SHA1:f2e10ab4f983f3a139d13d1bba7e814a88d22771

北京华林保软件技术有限公司.rar (2.38 KB, 下载次数: 0)
北京华林保软件技术有限公司数字签名，可自行添加屏蔽。

MD5: 182ed382c3a70ec0b07f117d2c139a88
文件类型: EXE
出品公司: 北京华林保软件技术有限公司
版本: 1.0.4704.2---1.0.201312.02
壳或编译器信息:
关键行为
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015010220150103
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,tooltips_class32]
[Window,Class] = [Clear,Button]
行为描述: 按名称获取主机地址
详情信息: www.i6188.com
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\i6188
文件行为
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
\WINDOWS\system32\zh-cn\jscript.dll.mui
\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015010220150103\index.datndex.dat_16384
\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015010220150103\index.datndex.dat_32768
行为描述: 创建可执行文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\inet6188.dll
行为描述: 修改文件内容
详情信息: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\i6188html.zip---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\Html\i6188.htm---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\Html\Img\i-1_0_0.png---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\Html\Img\i6188.jpg---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\Html\Img\search-button-blue.png---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\i6188.chm---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\favors.dat---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\favors.dat-journal---> Offset = 516
C:\Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\favors.dat---> Offset = 1024
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015010220150103\index.dat---> Offset = 0
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012015010220150103
网络行为
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = www.i6188.com, PORT = 80
行为描述: 建立到一个指定的套接字连接
详情信息: 127.0.0.1:1040
219.133.40.1:8117
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: www.i6188.com:80/sitesvrs/listsi ... amp;_=1420196256629, hConnect = 0x00000544
HttpOpenRequestA: www.i6188.com:80/sitesvrs/listsi ... amp;_=1420196276738, hConnect = 0x00000074
行为描述: 按名称获取主机地址
详情信息: www.i6188.com
注册表行为
行为描述: 删除注册表键
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014080420140811
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014081320140814
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows Script\Settings\JITDebug
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\International\CpMRU\Enable
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\International\CpMRU\Size
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\International\CpMRU\InitHits
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\International\CpMRU\Factor
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015010220150103\CachePath
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015010220150103\CachePrefix
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015010220150103\CacheLimit
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015010220150103\CacheOptions
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012015010220150103\CacheRepair
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
\REGISTRY\MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ID
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行为描述: 修改注册表_启动项
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Run\i6188
其他行为
行为描述: 创建互斥体
详情信息: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
RasPbFile
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012015010220150103!
MSIMGSIZECacheMutex
DDrawWindowListMutex
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [,tooltips_class32]
[Window,Class] = [Clear,Button]
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE
行为描述: 窗口信息
详情信息: Pid = 1160, Hwnd=0xc01d6, Text = 收藏夹, ClassName = Button.
Pid = 1160, Hwnd=0xd01c8, Text = Close, ClassName = Button.
Pid = 1160, Hwnd=0xa0198, Text = 推荐网站, ClassName = Button.
Pid = 1160, Hwnd=0xd01a4, Text = Icon, ClassName = Button.
Pid = 1160, Hwnd=0xc01e8, Text = Clear, ClassName = Button.
Pid = 1160, Hwnd=0xd0166, Text = 网罗精华, ClassName = #32770.
行为描述: 直接操作物理设备
详情信息: \??\PhysicalDrive0
行为描述: 打开图片文件
详情信息: \Documents and Settings\Administrator\Local Settings\Application Data\Hualinbao\i6188\Html\Img\i6188.jpg

随手一下千把张 · 发表于 2016-6-9 00:38:39

MD5:830e4442b1e85a633de75870a6d99e27
SHA1:c5d340e6bbcde808ca457937f0c1bcf08e1dc116

962.net.rar (1.05 KB, 下载次数: 0)

http://a.virscan.org/830e4442b1e85a633de75870a6d99e27

MD5: 830e4442b1e85a633de75870a6d99e27
文件类型: EXE
出品公司: www.962.net
版本: 2.2.0.0---2.2.0.0
壳或编译器信息: PACKER:ASPack 2.12 -> Alexey Solodovnikov [Overlay]
子文件信息: 7ZAdumpFile / 42badc1d2f03a8b1e4875740d3d49336 / EXE
LYTOOLdumpFile / 3ef6ca8beb06b9563b6af1f70a3ebe56 / DLL
AQHTTPdumpFile / 3c9ec661f20ee6ca4bb17cfe7c0a5174 / DLL
GREENINGdumpFile / 82ccb4dd63833063abd1c56ea80b529a / DLL
AQ7ZdumpFile / 53014f3764238d08a48590e2e1f5f4b9 / DLL
LYHOOKdumpFile / 6da32c4b6b1b10df6a71b97afb398ff7 / DLL
INJECTdumpFile / a2325672489ddc25b310a2dcde279808 / DLL
关键行为
行为描述: 在桌面创建快捷方式
详情信息: C:\Documents and Settings\Administrator\桌面\monitor.lnk
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 按名称获取主机地址
详情信息: www.962.net
文件行为
行为描述: 写权限映射文件
详情信息: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Local\!PrivacIE!SharedMem!Counter
CiceroSharedMemDefaultS-1-5-21-1482476501-1645522239-1417001333-500
行为描述: 在桌面创建快捷方式
详情信息: C:\Documents and Settings\Administrator\桌面\monitor.lnk
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 修改文件内容
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\load[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\load[2]---> Offset = 0
C:\Documents and Settings\Administrator\桌面\monitor.lnk---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff_webOC[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\errorPageStrings[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[1]---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\errorPageStrings[1]---> Offset = 0
网络行为
行为描述: 连接指定站点
详情信息: InternetConnectA: ServerName = www.962.net, PORT = 80
行为描述: 建立到一个指定的套接字连接
详情信息: 219.133.40.1:80
127.0.0.1:1041
行为描述: 打开HTTP请求
详情信息: HttpOpenRequestA: www.962.net:80/exe/gl_.html, hConnect = 0x000003a4
HttpOpenRequestA: www.962.net:80/exe/path_.html, hConnect = 0x00000490
行为描述: 按名称获取主机地址
详情信息: www.962.net
注册表行为
行为描述: 修改注册表
详情信息: \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\FLAGS\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\0\win32\
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91F22F3C-B0D7-4777-A439-E0709A01D50B}\1.0\HELPDIR\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{D9B96DE9-1158-41B6-B611-6AE96B2C44D9}\TypeLib\Version
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\ProxyStubClsid\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\ProxyStubClsid32\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\TypeLib\
\REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E61F1335-6EFE-4A33-86C1-D1505D96E624}\TypeLib\Version
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\962\monitor\firstRunTime
行为描述: 删除注册表键值_IE连接设置
详情信息: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
其他行为
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
行为描述: 窗口信息
详情信息: Pid = 164, Hwnd=0xd01f6, Text = 是(&Y), ClassName = Button.
Pid = 164, Hwnd=0xc017a, Text = 否(&N), ClassName = Button.
Pid = 164, Hwnd=0xb015e, Text = 是否在桌面上建立快捷方式?, ClassName = Static.
Pid = 164, Hwnd=0xb0200, Text = 提示!, ClassName = #32770.
Pid = 164, Hwnd=0xb01ce, Text = ts2, ClassName = TTabSheet.
Pid = 164, Hwnd=0x60360, Text = 运行关闭, ClassName = TCheckBox.
Pid = 164, Hwnd=0x80366, Text = 定位目录, ClassName = TButton.
Pid = 164, Hwnd=0x60376, Text = 直接运行, ClassName = TCheckBox.
Pid = 164, Hwnd=0xb0164, Text = 游戏操作控制 , ClassName = TGroupBox.
Pid = 164, Hwnd=0x90338, Text = 修改器补丁, ClassName = TButton.
Pid = 164, Hwnd=0xa0352, Text = 游戏攻略, ClassName = TButton.
Pid = 164, Hwnd=0xa03ac, Text = ts3, ClassName = TTabSheet.
Pid = 164, Hwnd=0x70362, Text = ts1, ClassName = TTabSheet.
Pid = 164, Hwnd=0xa037c, Text = pnltop, ClassName = TPanel.
Pid = 164, Hwnd=0xa03d4, Text = monitor, ClassName = TEdit.
行为描述: 创建互斥体
详情信息: Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
RasPbFile
CTF.LBES.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Compart.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Asm.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.Layouts.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TMD.MutexDefaultS-1-5-21-1482476501-1645522239-1417001333-500
CTF.TimListCache.FMPDefaultS-1-5-21-1482476501-1645522239-1417001333-500MUTEX.DefaultS-1-5-21-1482476501-1645522239-1417001333-500
行为描述: 获取系统权限
详情信息: SE_LOAD_DRIVER_PRIVILEGE

栗子ss · 发表于 2016-6-11 15:29:59

楼主再说什么？

		自动登录	找回密码
密码			立即注册

路过请教下有什么好的连发软件推荐

社区居民