枪神纪优化器内部秒杀文件【2019.5.13 最新可用星空自行制作】

显示全部楼层 · 发表于 2019-5-17 17:14

提示: 作者被禁止或删除内容自动屏蔽

无0 · 发表于 2019-5-17 17:53

感谢楼主分享！zn50有你更精彩！

葡玖 · 发表于 2019-5-17 17:59

感谢楼主分享！zn50有你更精彩！

凉城丶 · 发表于 2019-5-17 18:40

时光如飞刀，刀刀催人老

托之于风丶 · 发表于 2019-5-18 11:08

看帖必回真君子，好贴必顶大丈夫

q723317476 · 发表于 2019-5-18 14:41

小手一抖，牛币拿走。

wang5214 · 发表于 2019-5-18 15:14

感谢楼主分享！zn50有你更精彩！

三亿少女的梦 · 发表于 2019-5-18 18:02

正需要，支持楼主，在真牛我只看好你！

2842775752 · 发表于 2019-5-18 18:36

顶帖是一种态度，也是一种尊重。

2842775752 · 发表于 2019-5-18 18:41

文件检测评级：
高度风险
文件名称：优化器内部秒杀.exe

下载电脑管家
上传分析其他文件>
基本信息
关键行为
进程行为
文件行为
网络行为
注册表行为
其他行为
进程树
文件分析图谱(PortEx)
运行截图
基本信息
文件名称：
优化器内部秒杀.exe
MD5： 81df99a67bf157450b0fda06440f9d63
文件类型： EXE
上传时间： 2019-05-18 18:37:12
出品公司： windows程序
版本： 1.0.0.0---1.0.0.0
壳或编译器信息： COMPILER:Elan
关键行为
行为描述：修改原系统的EXE文件
详情信息：
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll
行为描述：跨进程写入数据
详情信息：
TargetProcess = C:\WINDOWS\system32\smss.exe, WriteAddress = 0x20060000, Size = 0x0000b000 TargetPID = 0x00000208
TargetProcess = C:\WINDOWS\system32\smss.exe, WriteAddress = 0x00310000, Size = 0x00000233 TargetPID = 0x00000208
TargetProcess = C:\WINDOWS\system32\smss.exe, WriteAddress = 0x00320000, Size = 0x000000df TargetPID = 0x00000208
TargetProcess = C:\WINDOWS\system32\smss.exe, WriteAddress = 0x00330000, Size = 0x00000030 TargetPID = 0x00000208
TargetProcess = C:\WINDOWS\system32\smss.exe, WriteAddress = 0x00340000, Size = 0x00000084 TargetPID = 0x00000208
TargetProcess = C:\WINDOWS\system32\csrss.exe, WriteAddress = 0x20060000, Size = 0x0000b000 TargetPID = 0x00000248
TargetProcess = C:\WINDOWS\system32\csrss.exe, WriteAddress = 0x03c80000, Size = 0x00000233 TargetPID = 0x00000248
TargetProcess = C:\WINDOWS\system32\csrss.exe, WriteAddress = 0x03c90000, Size = 0x000000df TargetPID = 0x00000248
TargetProcess = C:\WINDOWS\system32\csrss.exe, WriteAddress = 0x03c60000, Size = 0x00000030 TargetPID = 0x00000248
TargetProcess = C:\WINDOWS\system32\csrss.exe, WriteAddress = 0x03ca0000, Size = 0x00000084 TargetPID = 0x00000248
TargetProcess = C:\WINDOWS\system32\winlogon.exe, WriteAddress = 0x20060000, Size = 0x0000b000 TargetPID = 0x00000260
TargetProcess = C:\WINDOWS\system32\winlogon.exe, WriteAddress = 0x00e30000, Size = 0x00000233 TargetPID = 0x00000260
TargetProcess = C:\WINDOWS\system32\winlogon.exe, WriteAddress = 0x00e40000, Size = 0x000000df TargetPID = 0x00000260
TargetProcess = C:\WINDOWS\system32\winlogon.exe, WriteAddress = 0x010d0000, Size = 0x00000030 TargetPID = 0x00000260
TargetProcess = C:\WINDOWS\system32\winlogon.exe, WriteAddress = 0x010e0000, Size = 0x00000084 TargetPID = 0x00000260
行为描述：设置启动项
详情信息：
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
行为描述：创建远程线程
详情信息：
TargetProcess: smss.exe, InheritedFromPID = 4, ProcessID = 520, ThreadID = 2768, StartAddress = 00340000, Parameter = 00330000
TargetProcess: csrss.exe, InheritedFromPID = 520, ProcessID = 584, ThreadID = 2772, StartAddress = 03CA0000, Parameter = 03C60000
TargetProcess: winlogon.exe, InheritedFromPID = 520, ProcessID = 608, ThreadID = 2784, StartAddress = 010E0000, Parameter = 010D0000
TargetProcess: services.exe, InheritedFromPID = 608, ProcessID = 652, ThreadID = 2796, StartAddress = 00BD0000, Parameter = 00BC0000
TargetProcess: lsass.exe, InheritedFromPID = 608, ProcessID = 664, ThreadID = 2808, StartAddress = 00DE0000, Parameter = 00DD0000
TargetProcess: svchost.exe, InheritedFromPID = 652, ProcessID = 872, ThreadID = 2820, StartAddress = 025D0000, Parameter = 025C0000
TargetProcess: svchost.exe, InheritedFromPID = 652, ProcessID = 936, ThreadID = 2828, StartAddress = 00E90000, Parameter = 00E80000
TargetProcess: svchost.exe, InheritedFromPID = 652, ProcessID = 976, ThreadID = 2840, StartAddress = 05B00000, Parameter = 05AF0000
TargetProcess: svchost.exe, InheritedFromPID = 652, ProcessID = 1060, ThreadID = 2856, StartAddress = 007D0000, Parameter = 007C0000
TargetProcess: svchost.exe, InheritedFromPID = 652, ProcessID = 1092, ThreadID = 2872, StartAddress = 01150000, Parameter = 01140000
TargetProcess: spoolsv.exe, InheritedFromPID = 652, ProcessID = 1180, ThreadID = 2896, StartAddress = 015C0000, Parameter = 015B0000
TargetProcess: jqs.exe, InheritedFromPID = 652, ProcessID = 1304, ThreadID = 2904, StartAddress = 013D0000, Parameter = 013C0000
TargetProcess: alg.exe, InheritedFromPID = 652, ProcessID = 1624, ThreadID = 2924, StartAddress = 00D80000, Parameter = 00CB0000
TargetProcess: explorer.exe, InheritedFromPID = 1932, ProcessID = 2000, ThreadID = 2932, StartAddress = 03410000, Parameter = 03400000
TargetProcess: reader_sl.exe, InheritedFromPID = 2000, ProcessID = 220, ThreadID = 2940, StartAddress = 00AD0000, Parameter = 00AC0000
行为描述：获取TickCount值
详情信息：
TickCount = 227296, SleepMilliseconds = 5000.
TickCount = 230609, SleepMilliseconds = 1000.
TickCount = 230671, SleepMilliseconds = 1000.
TickCount = 230750, SleepMilliseconds = 1000.
TickCount = 230765, SleepMilliseconds = 1000.
TickCount = 230828, SleepMilliseconds = 1000.
TickCount = 230921, SleepMilliseconds = 1000.
TickCount = 231000, SleepMilliseconds = 1000.
TickCount = 231015, SleepMilliseconds = 1000.
TickCount = 231031, SleepMilliseconds = 1000.
TickCount = 231046, SleepMilliseconds = 1000.
TickCount = 231062, SleepMilliseconds = 1000.
TickCount = 231078, SleepMilliseconds = 1000.
TickCount = 231093, SleepMilliseconds = 1000.
TickCount = 231203, SleepMilliseconds = 1000.
行为描述：设置特殊文件属性
详情信息：
C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\htxueaht.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\rsgujxlz\%temp%\****.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\rsgujxlz\996Emgr.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\ARPPRODUCTICON.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut1_EDD4ABB1C1B34A9D84CE33FBFB5D3639.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut2_E88611396FF84AFCB2EE5C1594058E02.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut311_0951773981FA4AB2BC21B7DCEC95892A.exe
C:\Documents and Settings\Administrator\Application Data\Microsoft\Installer\{052CFB79-9D62-42E3-8A15-DE66C2C97C3E}\NewShortcut31_2F252077BA3F4362913955273A708467.exe
行为描述：插入APC（异步过程调用）
详情信息：
C:\Program Files\Internet Explorer\iexplore.exe
行为描述：在根目录创建自运行文件
详情信息：
C:\DiskX\autorun.inf
行为描述：设置特殊文件夹属性
详情信息：
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Temp\rsgujxlz
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
行为描述：直接获取CPU时钟
详情信息：
EAX = 0x4ed32d41, EDX = 0x000000bf
EAX = 0xf7867ac5, EDX = 0x000000bf
EAX = 0xf7867b11, EDX = 0x000000bf
EAX = 0xf7867b5d, EDX = 0x000000bf
EAX = 0xf7867ba9, EDX = 0x000000bf
EAX = 0xf7867bf5, EDX = 0x000000bf
EAX = 0xf7867c41, EDX = 0x000000bf
EAX = 0xf7867c8d, EDX = 0x000000bf
EAX = 0xf7867cd9, EDX = 0x000000bf
EAX = 0xf7867d25, EDX = 0x000000bf
行为描述：查找文件方式探测虚拟机
详情信息：
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Add

[玩家分享] 枪神纪优化器内部秒杀文件【2019.5.13 最新可用星空自行制作】

回帖奖励 +1 个牛币

回帖奖励 +1 个牛币


71 个牛币	回复本帖可获得 1 个牛币奖励! 每人限 1 次(中奖概率 40%)

[玩家分享] 枪神纪优化器内部秒杀文件 【2019.5.13 最新可用 星空自行制作】

回帖奖励 +1 个牛币

回帖奖励 +1 个牛币

[玩家分享] 枪神纪优化器内部秒杀文件【2019.5.13 最新可用星空自行制作】