AVA 偽Bypass 2017.08.08

zdzwhrfz

只能暫時PASS
先開AVA-Bypass
在啟動遊戲

q000804

真可惜,我買不到 :@

q000804

為什麼不能下載

25641321

想請問一下這效果是什麼

KinKALaw

給了大家分析一下 看看是否下載

基本資訊:

檔案名稱：                         AVA-Bypass.exe

MD5：                                dbf2471f23e205552fbe6029298b9943

檔案類型：                        EXE

出品公司：                        N/A

版本：                                1.0.0.0---1.0.0.0

殼或編譯器信息：           COMPILER:Elan

關鍵行為

行為描述：殺掉進程

詳情信息：C:\\WINDOWS\\system32\\AVA.exe

進程行為

行為描述：創建本地執行緒

詳情信息： TargetProcess: %temp%\\****.exe, InheritedFromPID = 2000, ProcessID= 2680, ThreadID = 2748, StartAddress = 77C0A341, Parameter = 009B6920

TargetProcess:%temp%\\****.exe, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2804,StartAddress = 6F7AF79C, Parameter = 00E24308

TargetProcess:%temp%\\****.exe, InheritedFromPID = 2000, ProcessID = 2680, ThreadID = 2808,

StartAddress= 0043A050, Parameter = 00B57938

文件行為

行為描述：創建文件

詳情信息： C:\\Documents andSettings\\Administrator\\Local Settings\\%temp%\\1.wavC:\\Documents and Settings\\Administrator\\Application

Data\\Microsoft\\Speech\\Files\\UserLexicons\\SP_352B2CD5214344E8B9AF99810B2A7804.dat

行為描述：覆蓋已有文件

詳情信息： C:\\Documents and Settings\\Administrator\\ApplicationData\\Microsoft\\Speech\\Files\\UserLexicons\\SP_352B2CD5214344E8B9AF99810B2A7804.dat

行為描述：修改檔內容

詳情信息： C:\\Documents and Settings\\Administrator\\ApplicationData\\Microsoft\\Speech\\Files\\UserLexicons\\SP_352B2CD5214344E8B9AF99810B2A7804.dat---> Offset = 0

C:\\Documentsand Settings\\Administrator\\ApplicationData\\Microsoft\\Speech\\Files\\UserLexicons\\SP_352B2CD5214344E8B9AF99810B2A7804.dat---> Offset = 140

C:\\Documentsand Settings\\Administrator\\ApplicationData\\Microsoft\\Speech\\Files\\UserLexicons\\SP_352B2CD5214344E8B9AF99810B2A7804.dat---> Offset = 540

C:\\Documentsand Settings\\Administrator\\Local Settings\\%temp%\\1.wav ---> Offset = 0C:\\Documents and Settings\\Administrator\\Local Settings\\%temp%\\1.wav --->Offset = 8192 C:\\Documents and Settings\\Administrator\\Local Settings\\%temp%\\1.wav --->Offset = 16384 C:\\Documents and Settings\\Administrator\\Local Settings\\%temp%\\1.wav --->Offset = 24576 C:\\Documents and Settings\\Administrator\\Local Settings\\%temp%\\1.wav --->Offset = 32768

行為描述：查找文件

詳情信息：   FileName = C:\\Documents andSettings\\Administrator\\Local Settings\\%temp%\\1.wav

其他行為

行為描述：創建互斥體

詳情信息： CTF.LBES.MutexDefaultS-*

CTF.Compart.MutexDefaultS-*

CTF.Asm.MutexDefaultS-*

CTF.Layouts.MutexDefaultS-*

CTF.TMD.MutexDefaultS-*

CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*

HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_MutexHKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_Mutex

HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_MutexHKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Japanese_Mutex

HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_Mutex

30F1B4D6-EEDA-11d2-9C23-00C04F8EF87C

{09F6C5C9-322C-4866-8445-327D6FC51D56}

{B8EB6CB1-A292-4F57-BEDC-0922EC3DED05}

HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lex_Mutex

行為描述：創建事件物件

詳情信息：EventName = DINPUTWINMM

EventName= HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_EventEventName =HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Chinese_EventEventName = HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_English_EventEventName = HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_PhoneConverters_Tokens_Japanese_EventEventName = HKEY_CURRENT_USER_SOFTWARE_Microsoft_Speech_CurrentUserLexicon_EventEventName   =  {1924FDFA-3F0D-45D3-B39A-62BB16E3941C}

EventName= {23D6A711-0276-4905-B5CF-9B6910D7ADEB}

EventName= HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lex_

EventEventName =HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lts_Event

EventName = HKEY_LOCAL_MACHINE_SOFTWARE_Microsoft_Speech_Voices_Tokens_MSSam_Lts_Phon

eConverter_Event

EventName= MSCTF.SendReceive.Event.MHK.IC EventName = MSCTF.SendReceiveConection.Event.MHK.IC

行為描述：查找指定視窗

詳情信息： NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]NtUserFindWindowEx:  [Class,Window]  = [CicLoaderWndClass,]

行為描述：打開事件

詳情信息： HookSwitchHookEnabledEvent MSFT.VSA.COM.DISABLE.2680 MSFT.VSA.IEC.STATUS.6c736db0

Global\\SvcctrlStartEvent_A3752DXCTF.ThreadMIConnectionEvent.000007E8.00000000.00000010CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010MSCTF.SendReceiveConection.Event.IOH.IC MSCTF.SendReceive.Event.IOH.IC

行為描述：視窗資訊

詳情信息： Pid = 2680, Hwnd=0x10350, Text = Bingfeng.tw, ClassName =_EL_Label. Pid = 2680, Hwnd=0x1034e, Text = By.zdzwhrfz, ClassName =  _EL_Label.

Pid = 2680, Hwnd=0x1034c, Text = Waitingfor the game to start, ClassName = _EL_Label.Pid = 2680, Hwnd=0x10346, Text = AVA bypass , ClassName = WTWindow.

行為描述：隱藏指定視窗

詳情信息：  [Window,Class] = [,_EL_Timer]

行為描述：打開互斥體詳情資訊：  

  ShimCacheMutex

進程樹

• [url=]****.exe (PID: 0x00000a78)[/url]
  

文件分析圖譜(PortEx)

q000804

找人下載了的轉給我

q000804

為什麼不給我買呀

hao851104

請問這個效果是甚麼?

wsh1123

這個目前還有效嗎 需要!

黃治傑

請問一下這個下載ˋ裝在ava裡有什麼效果

DennisKeny

新手 無緣 權限太高

j626043

用戶權限哭哭!  我還是慢慢累積

azsx8665

沒有錢錢