吾爱破解 - 52pojie.cn

 找回密码
 注册[Register]

QQ登录

只需一步,快速开始

查看: 34041|回复: 187
收起左侧

[Windows] 最新PR AE插件合集包,一键安装,无需注册码,支持2020附教程

    [复制链接]
逆风£ 发表于 2020-4-4 10:38
本帖最后由 逆风£ 于 2020-4-25 21:02 编辑

原帖无法编辑(https://www.52pojie.cn/thread-1129115-1-1.html),新开此帖更新
再次说明:不需要注册码!!不需要注册码!!不需要注册码!!直接忽略,点击继续就行,
一个是PR压缩包5.89 GB,一个是AE的安装包,方便下载
安装时若出现类似下图,在pr文件中查找删除导致错误的插件就行;如图,这个导致错误的插件便是ilmonvrtp.prm
140102r01k27ug6rsokelg.jpg
PR压缩包包含视频教程+AE安装包:⬇
4-04更新PR PE.txt (68 Bytes, 下载次数: 3453)
评分是免费的,如果有帮助,也请支持一下!!!

免费评分

参与人数 52吾爱币 +46 热心值 +46 收起 理由
binbdoo + 1 + 1 老是缺少插件,希望装了就不弹了。。感谢分享
小贝王院落 + 1 + 1 谢谢@Thanks!
夏天的雪223 + 1 热心回复!
我爱打酱油 + 1 热心回复!
15625400161 + 1 + 1 2020安装后 BCC一直报错
tjabc123 + 1 我很赞同!
stw997 + 1 + 1 我很赞同!
時間線の共通線 + 1 我很赞同!
夜阑雨衾 + 1 + 1 谢谢@Thanks!
bz6409 + 1 我很赞同!
geniuszzhx + 1 + 1 我很赞同!
jameszpj + 1 + 1 谢谢@Thanks!
留香爱尔 + 1 我很赞同!
judawne + 1 热心回复!
fastst + 1 + 1 我很赞同!
frankac + 1 谢谢@Thanks!
totore + 1 + 1 我很赞同!
刘正茂 + 1 + 1 谢谢@Thanks!
西湖小黄叽 + 1 + 1 谢谢@Thanks!
彳亍宀丁 + 1 + 1 谢谢@Thanks!
迷路的小星球 + 1 + 1 谢谢@Thanks!
czhqqqqq3352 + 1 + 1 我很赞同!
cai5678901 + 1 + 1 谢谢@Thanks!
XIEHAOMING + 1 + 1 谢谢@Thanks!
wsl1988 + 1 + 1 热心回复!
ica719 + 1 + 1 谢谢@Thanks!
Mahaohao + 1 + 1 我很赞同!
Eden1752008599 + 1 + 1 我很赞同!
buzhidao192 + 1 有点大,全部都整合到一起了?
jiayouxiansen + 1 谢谢@Thanks!
lzqsee + 1 + 1 收藏备用
zhoulang1900 + 1 谢谢@Thanks!
malio9950 + 1 + 1 谢谢@Thanks!
yfx0528 + 1 + 1 谢谢@Thanks!
。。。。1 + 1 + 1 谢谢@Thanks!
landuojiyin + 1 + 1 这个好!下来试试
cy5625 + 1 热心回复!
beyes + 1 + 1 省事多了,感谢楼主无私分享
Rember、 + 1 + 1 我很赞同!
来学习的5558 + 1 谢谢@Thanks!
我亦醉逍遥 + 1 + 1 谢谢@Thanks!
lqw2020214 + 1 + 1 用心讨论,共获提升!
liuzho + 1 + 1 谢谢@Thanks!
2019想想 + 1 + 1 用心讨论,共获提升!
花の星月123 + 1 + 1 热心回复!
qjh + 1 + 1 谢谢@Thanks!
cbhhh1949 + 1 + 1 谢谢@Thanks!
ty_stone + 1 + 1 谢谢@Thanks!
msnan + 1 + 1 谢谢@Thanks!
田野842693 + 2 + 1 谢谢@Thanks!
Wxinping + 1 + 1 热心回复!
sky20842 + 1 + 1 我很赞同!

查看全部评分

本帖被以下淘专辑推荐:

发帖前要善用论坛搜索功能,那里可能会有你要找的答案或者已经有人发布过相同内容了,请勿重复发帖。

立竿见影 发表于 2020-4-4 20:57
本帖最后由 立竿见影 于 2020-4-4 20:59 编辑

感谢楼主提供福利,下载安装了PR插件,到最后火绒报毒,就网上扫描了一下,有些害怕。楼主自己购买的还是自己修改的?附上哈勃分析报告楼主看一下,论坛里大佬来看看是不是误报。




文件信息
安全评分:35
virscan.org多引擎扫描报告
基本信息
MD5:72c500dc4b89890eae3bd73aec3e1191
文件类型:可执行程序
出品公司:
版本:
壳或编译器信息:编译器:Microsoft Visual C ++ 6.0

关键行为
行为描述:修改原系统的EXE文件
详细信息:C:\ Documents and Settings \ Administrator \ Application Data \ SogouExplorer \ Extension \ com.sogou.snapTaker \ 0.4.2 \ npprintscreen.dll
行为描述:设置特殊文件夹属性
详细信息:C:\ DiskX \ RECYCLER
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件\ Content.IE5
C:\ Documents and Settings \ Administrator \ Local Settings \ History
C:\ Documents and Settings \ Administrator \ Local Settings \ History \ History.IE5
C:\ Documents and Settings \ Administrator \ Cookies
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Feeds \ {5588ACFD-6436-411B-A5CE-666AE6A92D3D}〜\ WebSlices〜
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Feed \ {5588ACFD-6436-411B-A5CE-666AE6A92D3D}〜
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Feeds缓存
C:\ Documents and Settings \ Administrator \ IECompatCache
行为描述:发现文件方式探测虚拟机
详细信息:FindFirstFileEx:FileName = C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ VMware \ *。*
FindFirstFileEx:FileName = C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \ VMwareDnD \ *。*
行为描述:修改注册表_启动项
详细信息:\ REGISTRY \ MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
进步行为
行为描述:创建进程
详细信息:[0x00000a68] ImagePath = C:\ Program Files \ Internet Explorer \ iexplore.exe,CmdLine =“ C:\ Program Files \ Internet Explorer \ IEXPLORE.EXE”
[0x00000b18] ImagePath = C:\ Program Files \ Internet Explorer \ iexplore.exe,CmdLine =“ C:\ Program Files \ Internet Explorer \ IEXPLORE.EXE” SCODEF:2772 CREDAT:79873
行为描述:创建新文件进程
详细信息:[0x00000a1c] ImagePath = C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe,CmdLine =“ C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe”
[0x00000a5c] ImagePath = C:\ Program Files \ Microsoft \ DesktopLayer.exe,CmdLine =“ C:\ Program Files \ Microsoft \ DesktopLayer.exe”
行为描述:枚举进展
详细信息:不适用
行为描述:创建本地线程
详细信息:TargetProcess:iexplore.exe,InheritedFromPID = 2652,ProcessID = 2664,ThreadID = 2672,StartAddress = 20057ACA,参数= 00050034
TargetProcess:iexplore.exe,InheritedFromPID = 2652,ProcessID = 2664,ThreadID = 2676,StartAddress = 20057626,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2652,ProcessID = 2664,ThreadID = 2680,StartAddress = 2005781F,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2652,ProcessID = 2664,ThreadID = 2684,StartAddress = 2005790C,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2652,ProcessID = 2664,ThreadID = 2688,StartAddress = 20056EA8,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2652,ProcessID = 2664,ThreadID = 2692,StartAddress = 20056EC2,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2780,StartAddress = 77DC845A,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2808,StartAddress = 7C947EBB,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2812,StartAddress = 7C930230,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2816,StartAddress = 7C949B6F,参数= 00000000
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2820,StartAddress = 77E56C7D,参数= 001967A0
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2824,StartAddress = 5DE05ABD,参数= 001986F0
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2828,StartAddress = 5DE05BC0,参数= 00194100
TargetProcess:iexplore.exe,InheritedFromPID = 2152,ProcessID = 2772,ThreadID = 2832,StartAddress = 0122F74F,参数= 00000214
TargetProcess:iexplore.exe,InheritedFromPID = 2772,ProcessID = 2840,ThreadID = 2848,StartAddress = 77DC845A,参数= 00000000
文件行为
行为描述:创建文件
详细信息:C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe
C:\ Program Files \ Microsoft \ px3.tmp
C:\ Program Files \ Microsoft \ DesktopLayer.exe
C:\ Program Files \ Internet Explorer \ dmlconf.dat
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ RecoveryStore。{C6E44272-60E4-11E9-91C0-7B **** 28} .dat
C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \〜DF267.tmp
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ {C6E44273-60E4-11E9-91C0-7B **** 28} .dat
C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \〜DFFEB.tmp
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件\ Content.IE5 \ C1OS62RY \ yixun_com [1]
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件\ Content.IE5 \ C1OS62RY \ favicon [1] .ico
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} .ico
行为描述:修改原系统的EXE文件
详细信息:C:\ Documents and Settings \ Administrator \ Application Data \ SogouExplorer \ Extension \ com.sogou.snapTaker \ 0.4.2 \ npprintscreen.dll
行为描述:创建重新文件
详细信息:C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe
C:\ Program Files \ Microsoft \ DesktopLayer.exe
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} .ico
行为描述:覆盖现有文件
详细信息:C:\ Program Files \ Microsoft \ px3.tmp
C:\ Program Files \ Internet Explorer \ dmlconf.dat
行为描述:复制文件
详细信息:C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe ---> C:\ Program Files \ Microsoft \ DesktopLayer.exe
行为描述:内存映射方式修改重组文件
详细信息:C:\ Documents and Settings \ Administrator \ Application Data \ SogouExplorer \ Extension \ com.sogou.snapTaker \ 0.4.2 \ npprintscreen.dll
行为描述:删除文件
详细信息:C:\ Program Files \ Microsoft \ px3.tmp
C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \〜DF267.tmp
C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \〜DFFEB.tmp
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件\ Content.IE5 \ C1OS62RY \ favicon [1] .ico
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} .ico
行为描述:发现文件
详细信息:FileName = C:\ Documents and Settings \ Administrator \ Local Settings \ Temp
FileName = C:\ Documents and Settings \ Administrator \ Local Settings \%temp%
FileName = C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe
FileName = C:\ Program Files \ Internet Explorer \ IEXPLORE.EXE
FileName = C:\ Program Files \ Internet Explorer \ iexplore.exe
FileName = C:\ *。*
文件名= C:\ 222c25ed \ *。*
文件名= C:\ 222c25ed \ IE8-Setup-Full \ *。*
FileName = C:\ 222c25ed \ IE8-Setup-Full \ log \ *。*
FileName = C:\ AnalyzeControl \ *。*
FileName = C:\ DiskD \ *。*
FileName = C:\ DiskX \ *。*
FileName = C:\ DiskX \ RECYCLER \ *。*
FileName = C:\ Documents and Settings \ *。*
FileName = C:\ Documents and Settings \ Administrator \ *。*
行为描述:设置特殊文件夹属性
详细信息:C:\ DiskX \ RECYCLER
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件
C:\ Documents and Settings \ Administrator \ Local Settings \ Internet临时文件\ Content.IE5
C:\ Documents and Settings \ Administrator \ Local Settings \ History
C:\ Documents and Settings \ Administrator \ Local Settings \ History \ History.IE5
C:\ Documents and Settings \ Administrator \ Cookies
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Feeds \ {5588ACFD-6436-411B-A5CE-666AE6A92D3D}〜\ WebSlices〜
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Feed \ {5588ACFD-6436-411B-A5CE-666AE6A92D3D}〜
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Feeds缓存
C:\ Documents and Settings \ Administrator \ IECompatCache
行为描述:修改文件内容
详细信息:C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe --->偏移= 0
C:\ Program Files \ Microsoft \ DesktopLayer.exe --->偏移= 0
C:\ Program Files \ Microsoft \ DesktopLayer.exe --->偏移= 4096
C:\ Program Files \ Microsoft \ DesktopLayer.exe --->偏移= 8192
C:\ Program Files \ Microsoft \ DesktopLayer.exe --->偏移= 12288
C:\ Program Files \ Internet Explorer \ dmlconf.dat --->偏移= 0
C:\ Documents and Settings \ Administrator \ Application Data \ SogouExplorer \ Extension \ com.sogou.privateSurf \ 0.0.0.1 \ backgroundpage.html --->偏移= 2787
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ RecoveryStore。{C6E44272-60E4-11E9-91C0-7B **** 28} .dat --->偏移= 512
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ RecoveryStore。{C6E44272-60E4-11E9-91C0-7B **** 28} .dat --->偏移= 0
C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \〜DF267.tmp --->偏移= 16383
C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \〜DF267.tmp --->偏移= 12288
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ RecoveryStore。{C6E44272-60E4-11E9-91C0-7B **** 28} .dat --->偏移= 3072
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ RecoveryStore。{C6E44272-60E4-11E9-91C0-7B **** 28} .dat --->偏移= 1536
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ {C6E44273-60E4-11E9-91C0-7B **** 28} .dat ---> Offset = 512
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Recovery \ Active \ {C6E44273-60E4-11E9-91C0-7B **** 28} .dat --->偏移= 0
网络行为
行为描述:下载文件
详细信息:URLDownloadToFileW:http://ww****om/favicon.ico ---> C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f- A0FF-E1416B8B2E3A} .ico
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} .ico
行为描述:连接指定站点
详细信息:InternetConnectA:ServerName = ww **** om,PORT = 80,UserName =,Password =,hSession = 0x00cc0004,hConnect = 0x00cc0008,标志= 0x00000000
InternetConnectA:ServerName = ur **** om,PORT = 443,UserName =,密码=,hSession = 0x00cc0010,hConnect = 0x00cc0014,标志= 0x00000200
行为描述::HTTP连接
详细信息:InternetOpenA:UserAgent:Mozilla / 4.0(兼容; MSIE 8.0; Windows NT 5.1; Trident / 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4。 0E; KB974489),hSession = 0x00cc0004
InternetOpenA:UserAgent:VCSoapClient,hSession = 0x00cc0010
行为描述:建立到一个指定的专有连接
详细信息:网址:go **** om,IP:**。133.40。**:80,SOCKET = 0x000000ac
URL:fg **** om,IP:**。133.40。**:443,SOCKET = 0x000000b0
URL:ww **** om,IP:**。133.40。**:80,SOCKET = 0x00000458
URL:ww **** om,IP:**。133.40。**:80,SOCKET = 0x00000594
URL:ur **** om,IP:**。133.40。**:443,套接字= 0x0000059c
行为描述:读取网络文件
详细信息:hFile = 0x00cc000c,BytesToRead = 2048,BytesRead = 2048。
hFile = 0x00cc0018,BytesToRead = 4095,BytesRead = 4095。
行为描述:发送HTTP包
详细信息:GET / HTTP / 1.1接受:* / *接受语言:zh-cn用户代{过}{滤}理:Mozilla / 4.0(兼容; MSIE 8.0; Windows NT 5.1; Trident / 4.0; .NET CLR 2.0.50727; .NET CLR 3.0。 4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489)Accept-Encoding:gzip,deflate主机:ww **** om连接:保持活动
GET /favicon.ico HTTP / 1.1接受:* / *接受编码:gzip,压缩用户代{过}{滤}理:Mozilla / 4.0(兼容; MSIE 8.0; Windows NT 5.1; Trident / 4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489)主机:ww **** om连接:保持活动
行为描述::HTTP请求
详细信息:HttpOpenRequestA:ww **** om:80 /,hConnect = 0x00cc0008,hRequest = 0x00cc000c,Verb:GET,Referer:,标志= 0x00400200
HttpOpenRequestA:ww **** om:80 / favicon.ico,hConnect = 0x00cc0008,hRequest = 0x00cc000c,动词:GET,引荐来源地址:,标志= 0x00600010
HttpOpenRequestA:ur **** om:443 / urs.asmx?msurs-client-key = p3i7jxlvwuigv0czobly6q%3d%3d&msurs-patented-lock = tvphcosm2xa%3d,hConnect = 0x00cc0014,hRequest = 0x00cc0018,Verb:标志= 0x04880300
行为描述:按名称获取主机地址
详细信息:gethostbyname:go **** om
gethostbyname:fg **** om
GetAddrInfoW:ww **** om
GetAddrInfoW:ur **** om
宣传行为
行为描述:修改注册表
详细信息:\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet设置\ Connections \ SavedLegacySettings
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Internet Explorer \ Recovery \ Active \ {C6E44272-60E4-11E9-91C0-7B **** 28}
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ CTF \ TIP \ {1188450c-fdab-47ae-80d8-c9633f71be64} \ LanguageProfile \ 0x00000000 \ {63800dac-e7ca-4df9-9a5c-20765055488d} \启用
\ REGISTRY \ MACHINE \ SOFTWARE \ Classes \ TypeLib \ {1EA4DBF0-3C3B-11CF-810C-00AA00389B71} \ 1.1 \ 0 \ win32 \
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Internet Explorer \ Main \ Window_Placement
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} \ iexplore \ Count
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} \ iexplore \ Time
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} \ iexplore \ LoadTime
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {18DF081C-E8AD-4283-A596-FA578C2EBDC3} \ iexplore \ LoadTimeCount
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {DBC80044-A445-435B-BC74-9C25C1C588A9} \ iexplore \ Count
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Ext \ Stats \ {DBC80044-A445-435B-BC74-9C25C1C588A9} \ iexplore \ Time
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} \ InprocServer32 \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} \ InprocServer32 \ ThreadingModel
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB} \
行为描述:删除删除键值
详细信息:\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet设置\ ProxyServer
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet设置\ ProxyOverride
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ Windows \ CurrentVersion \ Internet设置\ AutoConfigURL
行为描述:删除删除键
详细信息:\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ CTF \ TIP \ {1188450c-fdab-47ae-80d8-c9633f71be64} \ LanguageProfile \ 0x00000000 \ {63800dac-e7ca-4df9-9a5c-20765055488d} \
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ CTF \ TIP \ {1188450c-fdab-47ae-80d8-c9633f71be64} \ LanguageProfile \ 0x00000000 \
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ CTF \ TIP \ {1188450c-fdab-47ae-80d8-c9633f71be64} \ LanguageProfile \
\ REGISTRY \ USER \ S-* \ Software \ Microsoft \ CTF \ TIP \ {1188450c-fdab-47ae-80d8-c9633f71be64} \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} \ InprocServer32 \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB} \ InprocServer32 \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB} \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC} \ InprocServer32 \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC} \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA} \ InprocServer32 \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA} \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {8AD9C840-044E-11D1-B3E9-00805F499D93} \ InprocServer32 \
\ REGISTRY \ USER \ S-* _ CLASSES \ CLSID \ {8AD9C840-044E-11D1-B3E9-00805F499D93} \
\ REGISTRY \ USER \ S-* _ CLASSES \ JavaPlugin.1000 \ CLSID \
行为描述:修改注册表_启动项
详细信息:\ REGISTRY \ MACHINE \ SOFTWARE \ Microsoft \ Windows NT \ CurrentVersion \ Winlogon \ Userinit
其他行为
行为描述:创建互斥体
详细信息:KyUffThOkYwRRtgPP
CTF.LBES.MutexDefaultS- *
CTF.Compart.MutexDefaultS- *
CTF.Asm.MutexDefaultS- *
CTF.Layouts.MutexDefaultS- *
CTF.TMD.MutexDefaultS- *
CTF.TimListCache.FMPDefaultS- * MUTEX.DefaultS- *
本地\!浏览器仿真!共享内存!Mutex
Local \ ZoneAttributeCacheCounterMutex
本地\ ZonesCacheCounterMutex
本地\ ZonesLockedCacheCounterMutex
RasPb文件
ConnHashTable <2772> _HashTable_Mutex
oleacc-msaa加载
Local \ ZonesCounterMutex
行为描述:隐藏指定窗口
详细信息:[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放等级,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,静态]
[Window,Class] = [http://www.yixun.com/-Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
[Window,Class] = [,CommandBarClass]
[Window,Class] = [,ReBarWindow32]
[Window,Class] = [,TabBandClass]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发布者:,静态]
行为描述:修改后的重组文件MD5
详细信息:C:\ Documents and Settings \ Administrator \ Application Data \ SogouExplorer \ Extension \ com.sogou.snapTaker \ 0.4.2 \ npprintscreen.dll ---> 0966f2da1a04c41b0db8980ab29c7a62
行为描述:调整进程令牌权限
详细信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述::事件
详细信息:\ SECURITY \ LSA_AUTHENTICATION_INITIALIZED
隔离信号注册表事件(C6E4426F-60E4-11E9-91C0-7B **** 28,0)
全局\ SvcctrlStartEvent_A3752DX
\ INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2772
MSFT.VSA.IEC.STATUS.6c736db0
隔离信号注册表事件(C6E44270-60E4-11E9-91C0-7B **** 28,0)
IE_EarlyTabStart_0xad8
_fCanRegisterWithShellService
MSFT.VSA.COM.DISABLE.2840
本地\ RSS事件事件事件00000ad4
全局\ crypt32LogoffEvent
本地\ b18_29
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
行为描述:修改后的重组文件签名信息
详细信息:C:\ Documents and Settings \ Administrator \ Application Data \ SogouExplorer \ Extension \ com.sogou.snapTaker \ 0.4.2 \ npprintscreen.dll(签名验证:未通过)
行为描述:初始文件签名信息
详细信息:C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe(签名验证:未通过)
C:\ Program Files \ Microsoft \ DesktopLayer.exe(签名验证:未通过)
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} .ico(签名验证:未通过)
行为描述:创建事件对象
详细信息:EventName =隔离信号注册表事件(C6E4426F-60E4-11E9-91C0-7B **** 28,0)
EventName = IE_EarlyTabStart_0xad8
EventName =隔离信号注册表事件(C6E44270-60E4-11E9-91C0-7B **** 28,0)
EventName = DINPUTWINMM
EventName = Global \ userenv:用户配置文件设置事件
EventName = Local \ RSS事件事件事件00000ad4
EventName =本地\ b18_29
EventName = IEFrame.EventCheckDefaultBrowser
EventName =全局\ crypt32LogoffEvent
行为描述:初始化文件MD5
详细信息:C:\ Documents and Settings \ Administrator \ Local Settings \%temp%\ 996ESrv.exe ---> ff5e1f27193ce51eec318714ef038bef
C:\ Program Files \ Microsoft \ DesktopLayer.exe ---> ff5e1f27193ce51eec318714ef038bef
C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ Microsoft \ Internet Explorer \ Services \ search_ {0633EE93-D776-472f-A0FF-E1416B8B2E3A} .ico ---> fe1d0ee5901dd167ee9b28eece31786c
行为描述::互斥体
详细信息:ShimCacheMutex
本地\ _!MSFTHISTORY!_
本地\ c :!文档和设置管理员本地设置临时Internet文件content.ie5!
本地\ c:文档和设置管理员cookie。
本地\ c:文档和设置管理员本地设置历史记录history.ie5!
本地\ WininetStartupMutex
本地\ WininetConnectionMutex
本地\ WininetProxyRegistryMutex
本地\!浏览器仿真!共享内存!Mutex
本地\!IETld!Mutex
RasPb文件
CtfmonInstMutexDefaultS- *
本地\ RSS事件连接数据库互斥量00000ad4
本地\ c:文档和设置管理员本地设置应用程序数据Microsoft提要缓存!
本地\!IECompat!Mutex
行为描述:发现指定窗口
详细信息:NtUserFindWindowEx:[Class,Window] = [Static,]
NtUserFindWindowEx:[Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx:[Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx:[Class,Window] = [MS_WebCheckMonitor,]
行为描述:发现文件方式探测虚拟机
详细信息:FindFirstFileEx:FileName = C:\ Documents and Settings \ Administrator \ Local Settings \ Application Data \ VMware \ *。*
FindFirstFileEx:FileName = C:\ Documents and Settings \ Administrator \ Local Settings \ Temp \ VMwareDnD \ *。*

按照火绒提供路径在C盘找到报毒文件

按照火绒提供路径在C盘找到报毒文件

安装PR插件要结束时候火绒弹窗警告

安装PR插件要结束时候火绒弹窗警告

插件有这样的提示信息

插件有这样的提示信息

virscan的扫描结果很吓人

virscan的扫描结果很吓人
llt1981 发表于 2020-4-4 10:41
tyr1995 发表于 2020-4-4 10:45
大衬衫 发表于 2020-4-4 10:48
谢谢,非常需要这个插件
jonejiang 发表于 2020-4-4 10:53
感谢分享,下载试试
gan1meng 发表于 2020-4-4 10:55
感谢楼主无私奉献
registryone 发表于 2020-4-4 10:59
不错的教程 正需要
zhaode 发表于 2020-4-4 11:03
谢楼主无私奉献       赞一个
香蕉球 发表于 2020-4-4 11:04
昨天试了下我的电脑,带不动pr,哎可惜了。
lytton 发表于 2020-4-4 11:07
很需要这个东东,谢谢
您需要登录后才可以回帖 登录 | 注册[Register]

本版积分规则

返回列表

RSS订阅|小黑屋|处罚记录|联系我们|吾爱破解 - LCG - LSG ( 京ICP备16042023号 | 京公网安备 11010502030087号 )

GMT+8, 2024-11-1 07:34

Powered by Discuz!

Copyright © 2001-2020, Tencent Cloud.

快速回复 返回顶部 返回列表