本站可以使用搜狗云输入法,开启快捷键是CTRL+SHIFT+Q,打字更 快捷方便
0000004D 0040004D 0 !This program cannot be run in DOS mode.
000000A8 004000A8 0 Richk<
000001B0 004001B0 0 .text
000001D8 004001D8 0 .data
00000200 00400200 0 .rsrc
00000238 00400238 0 MSVBVM60.DLL
00001006 00401006 0 yr1hzrbrzr
0000101E 0040101E 0 wr)uxr
0000103A 0040103A 0 yr&nxr*ayr
00001066 00401066 0 vr$Fxr
00001092 00401092 0 yrEjxr
000010A1 004010A1 0 5jrtLxr
000010BA 004010BA 0 yrtjxr-
000010CE 004010CE 0 xr0jxr
00001286 00401286 0 as St
000012FC 004012FC 0 Form1
0000181E 0040181E 0 ##*! ".j
0000183A 0040183A 0 z+,++''''+)%"
00001859 00401859 0 z-''(]____](&'+#
00001882 00401882 0 zlll('-&$
000018C6 004018C6 0 {nl-(U+f
000018E7 004018E7 0 zrqVUX'
00001908 00401908 0 ytqX]X[
0000195C 0040195C 0 TB:?>7;
00001972 00401972 0 idm
0000197C 0040197C 0 36:F@IHHB
0000198D 0040198D 0 nbbY/
0000199B 0040199B 0 t33N=EPOLMJ
000019AE 004019AE 0 bmdw\~ddo
000019CE 004019CE 0 sdop~oooo
00001BDB 00401BDB 0 Form1
00001CF9 00401CF9 0 #vb6chs.dll
00001D6F 00401D6F 0 Kingsoft Antispy
0000221C 0040221C 0 Form1
0000226D 0040226D 0 Y{l:O
00002298 00402298 0 C:\Program Files\VB
000022B1 004022B1 0 \VB6.OLB
000022EC 004022EC 0 advapi32.dll
00002300 00402300 0 RegCreateKeyA
00002348 00402348 0 RegOpenKeyA
0000238C 0040238C 0 RegSetValueExA
000023D4 004023D4 0 RegCloseKey
00002418 00402418 0 RegDeleteKeyA
000025B0 004025B0 0 kernel32
000025C0 004025C0 0 OpenProcess
00002604 00402604 0 TerminateProcess
00002650 00402650 0 CreateToolhelp32Snapshot
000026A4 004026A4 0 Process32First
000026B4 004026B4 0 __vbaFreeVarList
00002700 00402700 0 Process32Next
00002748 00402748 0 CloseHandle
00002864 00402864 0 VBA6.DLL
00002870 00402870 0 __vbaFreeStrList
00002884 00402884 0 __vbaVarDup
00002890 00402890 0 __vbaLenVarB
000028A0 004028A0 0 __vbaVarAdd
000028AC 004028AC 0 __vbaI4Var
000028B8 004028B8 0 __vbaFreeStr
000028C8 004028C8 0 __vbaSetSystemError
000028DC 004028DC 0 __vbaStrToAnsi
0000290C 0040290C 0 __vbaErrorOverflow
00002920 00402920 0 __vbaStrCmp
0000292C 0040292C 0 __vbaFreeVar
0000293C 0040293C 0 __vbaLsetFixstr
0000294C 0040294C 0 __vbaStrFixstr
0000295C 0040295C 0 __vbaStrMove
0000296C 0040296C 0 __vbaInStr
00002978 00402978 0 __vbaI2I4
00002984 00402984 0 __vbaRecAnsiToUni
00002998 00402998 0 __vbaRecUniToAnsi
00002ABE 00402ABE 0 p4Vhl$@
00003474 00403474 0 MSVBVM60.DLL
00003484 00403484 0 _CIcos
0000348E 0040348E 0 _adj_fptan
0000349C 0040349C 0 __vbaFreeVar
000034AC 004034AC 0 __vbaFreeVarList
000034C0 004034C0 0 _adj_fdiv_m64
000034D0 004034D0 0 _adj_fprem1
000034DE 004034DE 0 __vbaRecAnsiToUni
000034F2 004034F2 0 __vbaLsetFixstr
00003504 00403504 0 __vbaSetSystemError
0000351A 0040351A 0 _adj_fdiv_m32
0000352A 0040352A 0 _adj_fdiv_m16i
0000353C 0040353C 0 _adj_fdivr_m16i
0000354E 0040354E 0 __vbaStrFixstr
00003560 00403560 0 _CIsin
0000356A 0040356A 0 __vbaChkstk
00003578 00403578 0 EVENT_SINK_AddRef
0000358C 0040358C 0 __vbaStrCmp
0000359A 0040359A 0 __vbaI2I4
000035A6 004035A6 0 DllFunctionCall
000035B8 004035B8 0 _adj_fpatan
000035C6 004035C6 0 __vbaRecUniToAnsi
000035DA 004035DA 0 EVENT_SINK_Release
000035F0 004035F0 0 _CIsqrt
000035FA 004035FA 0 EVENT_SINK_QueryInterface
00003616 00403616 0 __vbaExceptHandler
0000362C 0040362C 0 _adj_fprem
0000363A 0040363A 0 _adj_fdivr_m64
0000364C 0040364C 0 __vbaFPException
00003660 00403660 0 _CIlog
0000366A 0040366A 0 __vbaErrorOverflow
00003680 00403680 0 __vbaInStr
0000368E 0040368E 0 _adj_fdiv_m32i
000036A0 004036A0 0 _adj_fdivr_m32i
000036B2 004036B2 0 __vbaFreeStrList
000036C6 004036C6 0 _adj_fdivr_m32
000036D8 004036D8 0 _adj_fdiv_r
000036E6 004036E6 0 __vbaI4Var
000036F4 004036F4 0 __vbaVarAdd
00003702 00403702 0 __vbaStrToAnsi
00003714 00403714 0 __vbaVarDup
00003722 00403722 0 _CIatan
0000372C 0040372C 0 __vbaStrMove
0000373C 0040373C 0 _allmul
00003746 00403746 0 __vbaLenVarB
00003756 00403756 0 _CItan
00003760 00403760 0 _CIexp
0000376A 0040376A 0 __vbaFreeStr
0000596A 0040596A 0 ##*! ".j
00005986 00405986 0 z+,++''''+)%"
000059A5 004059A5 0 z-''(]____](&'+#
000059CE 004059CE 0 zlll('-&$
00005A12 00405A12 0 {nl-(U+f
00005A33 00405A33 0 zrqVUX'
00005A54 00405A54 0 ytqX]X[
00005AA8 00405AA8 0 TB:?>7;
00005ABE 00405ABE 0 idm
00005AC8 00405AC8 0 36:F@IHHB
00005AD9 00405AD9 0 nbbY/
00005AE7 00405AE7 0 t33N=EPOLMJ
00005AFA 00405AFA 0 bmdw\~ddo
00005B1A 00405B1A 0 sdop~oooo
00001C33 00401C33 0 @ws;C:\WindowP
0000246C 0040246C 0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
000024E8 004024E8 0 RestrictRun
00002504 00402504 0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
00002798 00402798 0 369fix
000027AC 004027AC 0 369fix.scr
000027D4 004027D4 0 369.exe
000027F4 004027F4 0 me.exe
00002814 00402814 0 regedit.exe
00002830 00402830 0 Explorer
00002848 00402848 0 Explorer.exe
000028F0 004028F0 0 explorer.exe
000050F6 004050F6 0 VS_VERSION_INFO
00005152 00405152 0 VarFileInfo
00005172 00405172 0 Translation
00005196 00405196 0 StringFileInfo
000051BA 004051BA 0 080404B0
000051D2 004051D2 0 Comments
000051E4 004051E4 0 kasmain
000051FA 004051FA 0 CompanyName
00005214 00405214 0 Kingsoft Corporation
00005246 00405246 0 FileDescription
00005268 00405268 0 kasmain
0000527E 0040527E 0 LegalCopyright
0000529C 0040529C 0 Copyright (C) 1998-2010 Kingsoft Corporation
000052FE 004052FE 0 LegalTrademarks
00005320 00405320 0 Kingsoft Internet Security
0000535E 0040535E 0 ProductName
00005378 00405378 0 Kingsoft Antispy
000053A2 004053A2 0 FileVersion
000053BC 004053BC 0 7.21.0004
000053D6 004053D6 0 ProductVersion
000053F4 004053F4 0 7.21.0004
0000540E 0040540E 0 InternalName
00005436 00405436 0 OriginalFilename
00005458 00405458 0 me.exe
创建文件
C:\me.exe
创建注册表
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ]
创建键值
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ],
Value Name: [ RestrictRun ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ 369 ], New Value: [ 369.exe ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ 369fix ], New Value: [ 369fix.scr ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ ??? ], New Value: [ regedit.exe ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ Explorer ], New Value: [ Explorer.exe ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ me ], New Value: [ me.exe ]
以上键值的作用是限制大多数程序运行了,除了 369.exe 369fix.scr regedit.exe Explorer.exe,运行其他程序,会弹出"本次操作由于这台计算机的限制而被取消。请与您的系统管理员联系"
分析报告下载
000000A8 004000A8 0 Richk<
000001B0 004001B0 0 .text
000001D8 004001D8 0 .data
00000200 00400200 0 .rsrc
00000238 00400238 0 MSVBVM60.DLL
00001006 00401006 0 yr1hzrbrzr
0000101E 0040101E 0 wr)uxr
0000103A 0040103A 0 yr&nxr*ayr
00001066 00401066 0 vr$Fxr
00001092 00401092 0 yrEjxr
000010A1 004010A1 0 5jrtLxr
000010BA 004010BA 0 yrtjxr-
000010CE 004010CE 0 xr0jxr
00001286 00401286 0 as St
000012FC 004012FC 0 Form1
0000181E 0040181E 0 ##*! ".j
0000183A 0040183A 0 z+,++''''+)%"
00001859 00401859 0 z-''(]____](&'+#
00001882 00401882 0 zlll('-&$
000018C6 004018C6 0 {nl-(U+f
000018E7 004018E7 0 zrqVUX'
00001908 00401908 0 ytqX]X[
0000195C 0040195C 0 TB:?>7;
00001972 00401972 0 idm
0000197C 0040197C 0 36:F@IHHB
0000198D 0040198D 0 nbbY/
0000199B 0040199B 0 t33N=EPOLMJ
000019AE 004019AE 0 bmdw\~ddo
000019CE 004019CE 0 sdop~oooo
00001BDB 00401BDB 0 Form1
00001CF9 00401CF9 0 #vb6chs.dll
00001D6F 00401D6F 0 Kingsoft Antispy
0000221C 0040221C 0 Form1
0000226D 0040226D 0 Y{l:O
00002298 00402298 0 C:\Program Files\VB
000022B1 004022B1 0 \VB6.OLB
000022EC 004022EC 0 advapi32.dll
00002300 00402300 0 RegCreateKeyA
00002348 00402348 0 RegOpenKeyA
0000238C 0040238C 0 RegSetValueExA
000023D4 004023D4 0 RegCloseKey
00002418 00402418 0 RegDeleteKeyA
000025B0 004025B0 0 kernel32
000025C0 004025C0 0 OpenProcess
00002604 00402604 0 TerminateProcess
00002650 00402650 0 CreateToolhelp32Snapshot
000026A4 004026A4 0 Process32First
000026B4 004026B4 0 __vbaFreeVarList
00002700 00402700 0 Process32Next
00002748 00402748 0 CloseHandle
00002864 00402864 0 VBA6.DLL
00002870 00402870 0 __vbaFreeStrList
00002884 00402884 0 __vbaVarDup
00002890 00402890 0 __vbaLenVarB
000028A0 004028A0 0 __vbaVarAdd
000028AC 004028AC 0 __vbaI4Var
000028B8 004028B8 0 __vbaFreeStr
000028C8 004028C8 0 __vbaSetSystemError
000028DC 004028DC 0 __vbaStrToAnsi
0000290C 0040290C 0 __vbaErrorOverflow
00002920 00402920 0 __vbaStrCmp
0000292C 0040292C 0 __vbaFreeVar
0000293C 0040293C 0 __vbaLsetFixstr
0000294C 0040294C 0 __vbaStrFixstr
0000295C 0040295C 0 __vbaStrMove
0000296C 0040296C 0 __vbaInStr
00002978 00402978 0 __vbaI2I4
00002984 00402984 0 __vbaRecAnsiToUni
00002998 00402998 0 __vbaRecUniToAnsi
00002ABE 00402ABE 0 p4Vhl$@
00003474 00403474 0 MSVBVM60.DLL
00003484 00403484 0 _CIcos
0000348E 0040348E 0 _adj_fptan
0000349C 0040349C 0 __vbaFreeVar
000034AC 004034AC 0 __vbaFreeVarList
000034C0 004034C0 0 _adj_fdiv_m64
000034D0 004034D0 0 _adj_fprem1
000034DE 004034DE 0 __vbaRecAnsiToUni
000034F2 004034F2 0 __vbaLsetFixstr
00003504 00403504 0 __vbaSetSystemError
0000351A 0040351A 0 _adj_fdiv_m32
0000352A 0040352A 0 _adj_fdiv_m16i
0000353C 0040353C 0 _adj_fdivr_m16i
0000354E 0040354E 0 __vbaStrFixstr
00003560 00403560 0 _CIsin
0000356A 0040356A 0 __vbaChkstk
00003578 00403578 0 EVENT_SINK_AddRef
0000358C 0040358C 0 __vbaStrCmp
0000359A 0040359A 0 __vbaI2I4
000035A6 004035A6 0 DllFunctionCall
000035B8 004035B8 0 _adj_fpatan
000035C6 004035C6 0 __vbaRecUniToAnsi
000035DA 004035DA 0 EVENT_SINK_Release
000035F0 004035F0 0 _CIsqrt
000035FA 004035FA 0 EVENT_SINK_QueryInterface
00003616 00403616 0 __vbaExceptHandler
0000362C 0040362C 0 _adj_fprem
0000363A 0040363A 0 _adj_fdivr_m64
0000364C 0040364C 0 __vbaFPException
00003660 00403660 0 _CIlog
0000366A 0040366A 0 __vbaErrorOverflow
00003680 00403680 0 __vbaInStr
0000368E 0040368E 0 _adj_fdiv_m32i
000036A0 004036A0 0 _adj_fdivr_m32i
000036B2 004036B2 0 __vbaFreeStrList
000036C6 004036C6 0 _adj_fdivr_m32
000036D8 004036D8 0 _adj_fdiv_r
000036E6 004036E6 0 __vbaI4Var
000036F4 004036F4 0 __vbaVarAdd
00003702 00403702 0 __vbaStrToAnsi
00003714 00403714 0 __vbaVarDup
00003722 00403722 0 _CIatan
0000372C 0040372C 0 __vbaStrMove
0000373C 0040373C 0 _allmul
00003746 00403746 0 __vbaLenVarB
00003756 00403756 0 _CItan
00003760 00403760 0 _CIexp
0000376A 0040376A 0 __vbaFreeStr
0000596A 0040596A 0 ##*! ".j
00005986 00405986 0 z+,++''''+)%"
000059A5 004059A5 0 z-''(]____](&'+#
000059CE 004059CE 0 zlll('-&$
00005A12 00405A12 0 {nl-(U+f
00005A33 00405A33 0 zrqVUX'
00005A54 00405A54 0 ytqX]X[
00005AA8 00405AA8 0 TB:?>7;
00005ABE 00405ABE 0 idm
00005AC8 00405AC8 0 36:F@IHHB
00005AD9 00405AD9 0 nbbY/
00005AE7 00405AE7 0 t33N=EPOLMJ
00005AFA 00405AFA 0 bmdw\~ddo
00005B1A 00405B1A 0 sdop~oooo
00001C33 00401C33 0 @ws;C:\WindowP
0000246C 0040246C 0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer
000024E8 004024E8 0 RestrictRun
00002504 00402504 0 Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun
00002798 00402798 0 369fix
000027AC 004027AC 0 369fix.scr
000027D4 004027D4 0 369.exe
000027F4 004027F4 0 me.exe
00002814 00402814 0 regedit.exe
00002830 00402830 0 Explorer
00002848 00402848 0 Explorer.exe
000028F0 004028F0 0 explorer.exe
000050F6 004050F6 0 VS_VERSION_INFO
00005152 00405152 0 VarFileInfo
00005172 00405172 0 Translation
00005196 00405196 0 StringFileInfo
000051BA 004051BA 0 080404B0
000051D2 004051D2 0 Comments
000051E4 004051E4 0 kasmain
000051FA 004051FA 0 CompanyName
00005214 00405214 0 Kingsoft Corporation
00005246 00405246 0 FileDescription
00005268 00405268 0 kasmain
0000527E 0040527E 0 LegalCopyright
0000529C 0040529C 0 Copyright (C) 1998-2010 Kingsoft Corporation
000052FE 004052FE 0 LegalTrademarks
00005320 00405320 0 Kingsoft Internet Security
0000535E 0040535E 0 ProductName
00005378 00405378 0 Kingsoft Antispy
000053A2 004053A2 0 FileVersion
000053BC 004053BC 0 7.21.0004
000053D6 004053D6 0 ProductVersion
000053F4 004053F4 0 7.21.0004
0000540E 0040540E 0 InternalName
00005436 00405436 0 OriginalFilename
00005458 00405458 0 me.exe
创建文件
C:\me.exe
创建注册表
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ]
创建键值
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer ],
Value Name: [ RestrictRun ], New Value: [ 1 ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ 369 ], New Value: [ 369.exe ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ 369fix ], New Value: [ 369fix.scr ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ ??? ], New Value: [ regedit.exe ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ Explorer ], New Value: [ Explorer.exe ]
Key: [ HKU\S-1-5-21-842925246-1425521274-308236825-500\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\RestrictRun ],
Value Name: [ me ], New Value: [ me.exe ]
以上键值的作用是限制大多数程序运行了,除了 369.exe 369fix.scr regedit.exe Explorer.exe,运行其他程序,会弹出"本次操作由于这台计算机的限制而被取消。请与您的系统管理员联系"
分析报告下载
下载文件作者:mouse_0232@幸福的耗子洞穴
地址:http://www.mouse0232.com/post/841/
版权所有。转载时必须以链接形式注明作者和原始出处及本声明!
Windows Live
Real Player 
