Ultra String Reference Plugin
Address Disassembly Text String
10003120 push 1000D984 \??\
100032B6 mov ecx, 1000D73C dll
100032BD mov ecx, 1000D808 exe
1000338F mov ecx, 1000D73C dll
10003396 mov ecx, 1000D808 exe
1000354F push 1000D810 125?
10003A94 push 1000D814 ?
10003C05 push 1000D814 ?
10003CE5 push 1000D818 rdl
10003D37 mov eax, 1000D73C dll
10003D3E mov eax, 1000D808 exe
10003E6B push 1000D818 rdl
100042C4 mov esi, 1000D7A4 \r\n
10004366 push 1000D820 url
10004450 push 1000D828 /
10004495 push 1000D82C suid
100044C1 push 1000D834 r
1000458C push 1000D838 dl
10004E0F push 1000D8A8 \
10004E3B push 1000D8A8 \
10004E67 push 1000D8A8 \
10004E8F push 1000D8A8 \
10004F8B push 1000D8AC :\
10004FCB push 1000D73C dll
100050CD push 1000D8A8 \
100050F9 push 1000D8B4 .
1000523C push 1000D8A8 \
10005250 push 1000D8B4 .
100053BD push 1000D73C dll
10005DFC push 1000D824
10005E14 push 1000D824
10006271 push 1000D8D8 Global\wuauserv
10006311 push 1000D8D8 Global\wuauserv
10006426 push 10010B48 Software\Microsoft\Security Center
1000644F push 10010BE8 UpdatesDisableNotify
100064AE push 10010C88 Software\Microsoft\Security Center\Svc
100064C0 push 1000D8A8 \
1000650C push 10010D28 EnableNotifications
10006520 push 10010DC8 EnableNotifications\Ref
10006548 push 1000D8E0 wuauserv
1000664A mov dword ptr [ebp-44], 1000D8EC SYSTEM
1000665A mov dword ptr [ebp-24], 1000D8F4 CURRENT_USER
1000666A mov dword ptr [ebp-4], 1000D904 Everyone
100066B4 mov esi, 1000D910 S-1-16-4096Advapi32.dll
10006719 mov esi, 1000D91C Advapi32.dll
10006749 push 1000D92C ConvertStringSidToSidA
100068F6 mov esi, 100110F8 85.12.43.103
10006BED mov esi, 1000D960 shell32.dllSHGetKnownFolderPath
10006C08 push 1000D96C SHGetKnownFolderPath
10006C3D push 1000D8A8 \
10006C5B push 1000D600 mrt.exe
10006CAF mov edi, 1000D470 explorer.exe
10006E30 push 100108C8 SYSTEM\CurrentControlSet\Control\Session Manager
10006E8E push 10010968 PendingFileRenameOperations
10006EAA push 10010A08 PendingFileRenameOperations2
10006EDF mov esi, 1000D570 Global\
10006F29 push 10010828 Software\Microsoft
10006F3B push 1000D990 \Internet Explorer\PhishingFilter
10006F86 mov esi, 1000D9D4 Enabled
10007039 push 1000D9E4 wininet.dllInternetOpenUrlA
10007068 push 1000D9F0 InternetOpenUrlA
10007070 push 1000DA04 HttpOpenRequestA
10007082 push 1000DA18 InternetCloseHandleInternetConnectA
10007094 push 1000DA2C InternetConnectA
100070A6 push 1000DA40 InternetOpenA
100070B8 push 1000DA50 InternetSetOptionA
100070CA push 1000DA64 InternetQueryOptionA
100070DC push 1000DA7C HttpQueryInfoA
100070EE push 1000DA8C HttpSendRequestA
10007100 push 1000DAA0 InternetReadFile
10007112 push 1000DAB4 HttpAddRequestHeadersA
100077BB push 10010328 SYSTEM\CurrentControlSet\Control\Lsa
100077E6 push 100103C8 Notification Packages
10007825 push 10010468 Software\Microsoft\Windows NT\CurrentVersion\Windows
1000783F push 10010508 AppInit_DLLs
10007BA8 mov ebx, 1000D424 wscntfy_mtx
10007CBC push 1000DACC Rundll32.exe "
10007CE0 push 1000DAEC ",
10007CEE push 1000D408 s
10007D36 push 10010148 Software\Microsoft\Windows\CurrentVersion\Run
10007E7A push 10010788 Software\Microsoft\Windows\CurrentVersion\Ext\Settings
10007EB3 push 100101E8 Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects
10007ED2 push 1000D8A8 \
10007F2B push 10010288 CLSID
10007F44 push 1000D8A8 \
10007F7F push 1000D8B8 InprocServer32
10008052 push 1000DAF4 ThreadingModel
1000806A push 1000DB14 Both
10008082 push 1000DB14 Both
1000808A push 1000DAF4 ThreadingModel
100080DA mov esi, 10010328 SYSTEM\CurrentControlSet\Control\Lsa
10008107 push 100103C8 Notification Packages
10008157 mov esi, 10010468 Software\Microsoft\Windows NT\CurrentVersion\Windows
10008184 push 10010508 AppInit_DLLs
100081A3 push 100105A8 LoadAppInit_DLLs
1000834C push 1000D8A8 \
10008354 push 1000D43C mrt.exe
1000847D push 1000D744 Mozilla/4.0 (compatible; MSIE 6.0) WinNT 5.1
100084F8 push 1000DB20 HTTP/1.1
10008504 push 1000DB2C POST
10008583 push 1000DB34 200 OK
100085B0 push 1000DB3C Content-Length
10008617 push 1000DB4C 407
100086D6 push 1000D744 Mozilla/4.0 (compatible; MSIE 6.0) WinNT 5.1
100087BB push 1000DB34 200 OK
100087F5 push 1000DB3C Content-Length
10008857 push 1000DB4C 407
1000892D mov edi, 10010648 Software\Microsoft\Internet Explorer\Main
10008992 mov edi, 100106E8 Check_Associations
100089AC push 1000DB54 no
10008A3B push 1000DB60 \Internet Explorer\ieuser.exe -Embedding
10008D90 push 1000DBB4 tmp
10009042 push 100106E8 Check_Associations
100090CD mov edi, 1000DBBC :
10009397 push 1000D7A4 \r\n
100093C1 mov esi, 1000D7A4 \r\n
1000A1F4 push 1000D3B4 Global\ldradmodule
1000A229 push 1000D83C dsl_trm_evnt
1000A23C push 1000D84C AfMainMutexLocal_AfMainMutex
1000A24D push 1000D858 Local_AfMainMutex
1000A266 push 1000DC8C +
1000A27B push 1000DC90 :0
1000A574 push 10010098 YnkPYl1aD3ZAUTo
1000A5BD push 100100B8 YnkScVtAJ2BAXS1teUE2Zkw
1000A62C push 1000DC94 c:\setupapi.dll
1000A6FF push 1000DC98 setupapi.dll
1000A710 push 1000DCA8 IsUserAdminBITS
1000A7DD push 10010828 Software\Microsoft
1000A967 push 10010828 Software\Microsoft
1000AA11 push 1000DCB4 BITS
1000B784 jmp 1000B664 (Initial CPU selection)
1000C37F mov ecx, 10011108 N9
1000D619 push 76692558 class="CommandSection" layoutpos="bottom" layout="borderlayout()"><CCCheckBox layoutpos="left" id="atom(chkForAll)" content="resstr(13601)"/><element layoutpos="right" layout="flowlayout()"><CCPushButton id="atom(btnSkip)" content="resstr(13602)"/><CCPus
1001C1E0 push 77365F35 3 |
发表于 2009-4-2 20:34:51
发表于 2009-4-2 20:38:33
发表于 2009-4-2 20:42:48
