本帖最后由 yx464136869 于 2016-12-11 19:25 编辑
研究了下,发现一个不太完整的新功能
网上下了个win10工具箱,解压,右键
代码如下:
[
{ "path":"C:\\Users\\yx\\Desktop\\qwins.exe",
"data":{
"file": {
"fileKey": "Ntfs vsn=xeeb2e332 fid=x1f0000000000f5",
"fileData": {
"source": "Unknown",
"sfi": "Unknown",
"streams": {
"$DATA": {
"zone": "Unknown",
"creatorApp": {
"path": "C:\\Program Files\\2345Soft\\HaoZip\\HaoZip.exe",
"sha1": "e19202fd1b7d831763c07b52d697790f714fcd80"
},
"creatorUsr": {
"user": {
"sid": "S-1-5-21-3377012562-2989841691-3636419295-1001",
"account": "DESKTOP-69KLN2I\\yx",
"hash": 3742706083829975075
},
"groups": [
{
"sid": "S-1-2-0",
"account": "\\LOCAL",
"hash": 14689316069542902008
},
{
"sid": "S-1-5-32-544",
"account": "BUILTIN\\Administrators",
"hash": 4289368063023534611
},
{
"sid": "S-1-1-0",
"account": "\\Everyone",
"hash": 16414851240591982385
},
{
"sid": "S-1-2-1",
"account": "\\CONSOLE LOGON",
"hash": 13882221730091152639
},
{
"sid": "S-1-5-32-545",
"account": "BUILTIN\\Users",
"hash": 15757103258801830051
},
{
"sid": "S-1-5-64-36",
"account": "NT AUTHORITY\\云帐户身份验证",
"hash": 12817869963140237185
},
{
"sid": "S-1-5-4",
"account": "NT AUTHORITY\\INTERACTIVE",
"hash": 15442440883094171861
},
{
"sid": "S-1-5-113",
"account": "NT AUTHORITY\\本地帐户",
"hash": 9026701036646277071
},
{
"sid": "S-1-5-11",
"account": "NT AUTHORITY\\Authenticated Users",
"hash": 15132054613119377581
},
{
"sid": "S-1-5-5-0-307185",
"account": "NT AUTHORITY\\LogonSessionId_0_307185",
"hash": 18326674142170932262
},
{
"sid": "S-1-5-114",
"account": "NT AUTHORITY\\本地帐户和管理员组成员",
"hash": 4453242721360935002
},
{
"sid": "S-1-11-96-3623454863-58364-18864-2661722203-1597581903-3342941245-3831717359-2550429378-2641861233-2169494164",
"account": "MicrosoftAccount\\**************@**.com",
"hash": 13222593303450888005
},
{
"sid": "S-1-5-15",
"account": "NT AUTHORITY\\This Organization",
"hash": 9565883008376526722
},
{
"sid": "S-1-16-8192",
"account": "Mandatory Label\\Medium Mandatory Level",
"hash": 10316135614647560349
}
]
}
}
}
}
}
}
}
]
自己的微软账户已经打星。
把这个工具复制到一个新建的文件夹里面,再右键
[
{ "path":"C:\\Users\\yx\\Desktop\\新建文件夹\\qwins.exe",
"data":{
"file": {
"fileKey": "Ntfs vsn=xeeb2e332 fid=x1f00000001c8b3",
"fileData": {
"source": "Fixed drive",
"sfi": "Safe",
"streams": {
"$DATA": {
"zone": "Unknown",
"creatorApp": {
"path": "C:\\Program Files\\2345Soft\\HaoZip\\HaoZip.exe",
"sha1": "e19202fd1b7d831763c07b52d697790f714fcd80"
},
"creatorUsr": {
"user": {
"sid": "S-1-5-21-3377012562-2989841691-3636419295-1001",
"account": "DESKTOP-69KLN2I\\yx",
"hash": 3742706083829975075
},
"groups": [
{
"sid": "S-1-2-0",
"account": "\\LOCAL",
"hash": 14689316069542902008
},
{
"sid": "S-1-5-32-544",
"account": "BUILTIN\\Administrators",
"hash": 4289368063023534611
},
{
"sid": "S-1-1-0",
"account": "\\Everyone",
"hash": 16414851240591982385
},
{
"sid": "S-1-2-1",
"account": "\\CONSOLE LOGON",
"hash": 13882221730091152639
},
{
"sid": "S-1-5-32-545",
"account": "BUILTIN\\Users",
"hash": 15757103258801830051
},
{
"sid": "S-1-5-64-36",
"account": "NT AUTHORITY\\云帐户身份验证",
"hash": 12817869963140237185
},
{
"sid": "S-1-5-4",
"account": "NT AUTHORITY\\INTERACTIVE",
"hash": 15442440883094171861
},
{
"sid": "S-1-5-113",
"account": "NT AUTHORITY\\本地帐户",
"hash": 9026701036646277071
},
{
"sid": "S-1-5-11",
"account": "NT AUTHORITY\\Authenticated Users",
"hash": 15132054613119377581
},
{
"sid": "S-1-5-5-0-307185",
"account": "NT AUTHORITY\\LogonSessionId_0_307185",
"hash": 18326674142170932262
},
{
"sid": "S-1-5-114",
"account": "NT AUTHORITY\\本地帐户和管理员组成员",
"hash": 4453242721360935002
},
{
"sid": "S-1-11-96-3623454863-58364-18864-2661722203-1597581903-3342941245-3831717359-2550429378-2641861233-2169494164",
"account": "MicrosoftAccount\\*********@****.com",
"hash": 13222593303450888005
},
{
"sid": "S-1-5-15",
"account": "NT AUTHORITY\\This Organization",
"hash": 9565883008376526722
},
{
"sid": "S-1-16-8192",
"account": "Mandatory Label\\Medium Mandatory Level",
"hash": 10316135614647560349
}
]
},
"isPe": true,
"contentRef": {
"timestamp": "2016-12-11T11:03:48.492Z",
"content": {
"contentKey": "c9f682c6c4812b680285763e1afb13f2d9dec5b3",
"contentData": {
"added": "2016-12-11T11:03:47.878Z",
"changed": "2016-12-11T11:03:58.321Z",
"isInstalledTI": false,
"cavseInstaller": {
"timestamp": "2016-12-11T11:03:58.321Z",
"isInstaller": false,
"avdbver": 1
},
"cavse": {
"timestamp": "2016-12-11T11:03:50.722Z",
"avdbver": 1,
"type": "empty"
},
"fls": {
"timestamp": "2016-12-11T11:03:51.053Z",
"verdict": "Not exists"
},
"user": {
"timestamp": "2016-12-11T11:03:58.055Z",
"verdict": "Trusted"
}
}
}
},
"submit": {
"submitKey": "c9f682c6c4812b680285763e1afb13f2d9dec5b3",
"submitData": {
"added": "2016-12-11T11:03:47.879Z",
"changed": "2016-12-11T11:06:17.437Z",
"Camas": {
"timestamp": "2016-12-11T11:06:17.437Z",
"hr": 0
}
}
}
}
}
}
}
}
}
]
注意代码中:
"contentKey": "c9f682c6c4812b680285763e1afb13f2d9dec5b3"
再附上这个文件的hash
Path : C:\Users\yx\Desktop\qwins.exe(10.85 MB)
Runtime : 2016-12-11 19:04:13, 2016-12-11 19:04:14
CRC32 : 6458BEE3
MD5 : 63DA2E803B0D08E3B5B5C75958A27557
SHA-1 : C9F682C6C4812B680285763E1AFB13F2D9DEC5B3
SHA-256: 98373358FB3735E26C053E007E56CA8C9639428C91539353B81A5D3BC9385622
SHA-384: A7858B85C326E4DC59807151530412B751FA3ED8BCF438E80CB9076E5BDB74C2584F9F05B50C5BC76B6AE6FD6DA84FE0
SHA-512: 28D1EDE69FCBF2E70D1C7F5D02C33761A68F635F54A90BEC339BCA0B8C90B314951254627D0F09613114414DABC451380E6422DD0D20946A2C1202B4E535A631
与SHA-1符合
而comodo的Valkyrie是使用SHA-1值的
目前这个功能集成在文件的右键属性中,refresh旁边的下拉菜单内没有可选择内容 |
楼主: Candygu
[复制链接]
发表于 2016-12-11 00:09:38
发表于 2016-12-18 16:47:22