Siêu engine GG CHESS 2010 -1.52MB

[tien210]

Con này bị các chương trình diệt Virus như : Avira, AVG, Comodo, F-Prot, NOD32, Panda, Sophos, Sunbelt cho là có virus, đó là sự phát hiện nhầm thôi, mình thấy không có Virus gì cả, mời các bạn xem về cách làm việc của file Cyclone.exe (GGChess) này khi lần đầu khởi chạy :

General information about this executable :

Filename: Cyclone.exe
MD5: ba7881c816492eefae4b0463b90436b6
SHA-1: 57ae89fe3678ba94917871ae703f749ac4e45295
File Size: 1597952 Bytes
Command Line: "C:\Cyclone.exe"
Process-status
Exit Code: 0

- Load-time Dlls
Module Name Base Address Size
C:\​WINDOWS\​system32\​ ntdll.dll 0x7C900000 0x000AF000
C:\​WINDOWS\​system32\​ kernel32.dll 0x7C800000 0x000F6000
C:\​WINDOWS\​system32\​ COMCTL32.dll 0x5D090000 0x0009A000
C:\​WINDOWS\​system32\​ ADVAPI32.dll 0x77DD0000 0x0009B000
C:\​WINDOWS\​system32\​ RPCRT4.dll 0x77E70000 0x00092000
C:\​WINDOWS\​system32\​ Secur32.dll 0x77FE0000 0x00011000
C:\​WINDOWS\​system32\​ GDI32.dll 0x77F10000 0x00049000
C:\​WINDOWS\​system32\​ USER32.dll 0x7E410000 0x00091000

- Run-time Dlls
Module Name Base Address Size
C:\​WINDOWS\​system32\​ NETAPI32.dll 0x5B860000 0x00055000
C:\​WINDOWS\​system32\​ WS2HELP.dll 0x71AA0000 0x00008000
C:\​WINDOWS\​system32\​ WS2_32.dll 0x71AB0000 0x00017000
C:\​WINDOWS\​system32\​ SAMLIB.dll 0x71BF0000 0x00013000
C:\​WINDOWS\​system32\​ MSCTF.dll 0x74720000 0x0004C000
C:\​WINDOWS\​system32\​ ATL.DLL 0x76B20000 0x00011000
C:\​WINDOWS\​system32\​ winmm.dll 0x76B40000 0x0002D000
C:\​WINDOWS\​system32\​ MPRAPI.dll 0x76D40000 0x00018000
C:\​WINDOWS\​system32\​ Iphlpapi.dll 0x76D60000 0x00019000
C:\​WINDOWS\​system32\​ adsldpc.dll 0x76E10000 0x00025000
C:\​WINDOWS\​system32\​ rtutils.dll 0x76E80000 0x0000E000
C:\​WINDOWS\​system32\​ WLDAP32.dll 0x76F60000 0x0002C000
C:\​WINDOWS\​system32\​ OLEAUT32.dll 0x77120000 0x0008B000
C:\​WINDOWS\​system32\​ ole32.dll 0x774E0000 0x0013D000
C:\​WINDOWS\​system32\​ SETUPAPI.dll 0x77920000 0x000F3000
C:\​WINDOWS\​system32\​ msvcrt.dll 0x77C10000 0x00058000
C:\​WINDOWS\​system32\​ ACTIVEDS.dll 0x77CC0000 0x00032000

- Registry Keys Created:
HKLM\​Software\​WLkt
HKLM\​SOFTWARE\​WinLicense
HKLM\​SOFTWARE\​WinLicense\​ WLdebugTrial
HKLM\​SOFTWARE\​WinLicense\​ WLdebugTrial\​Instance
HKLM\​SOFTWARE\​WinLicense\​ WLdebugTrial\​Instance\​24790129


- Registry Keys Deleted:
HKLM\​Software\​WLkt

- Registry Values Modified:
Key Name New Value
HKLM\​SOFTWARE\​WinLicense\​ WLdebugTrial\​Instance\​24790129 Data_18913271 0xf2812252c63aaba83cc999fb
HKLM\​SOFTWARE\​WinLicense\​ WLdebugTrial\​Instance\​24790129 Data_75641108 0x9181d551c8ba6ea9dbc999fb
HKLM\​Software\​WLkt CheckIN 1


- Registry Values Read:
Key Name Value Times

HKLM\​SOFTWARE\​Microsoft\ ​CTF\​SystemShared\​ CUAS 0 1
HKLM\​SOFTWARE\​ WinLicense\​WLdebugTrial\​Instance\​24790129 Data_18913271 0xf2812252c63aaba83cc999fb 1
HKLM\​SOFTWARE\​ WinLicense\​WLdebugTrial\​Instance\​24790129 Data_75641108 0x708a22ae021b44b096b32202 1
HKLM\​SYSTEM\​ CurrentControlSet\​Control\​Session Manager CriticalSectionTimeout 2592000 1
HKLM\​SYSTEM\​Setup OsLoaderPath \​ 2
HKLM\​SYSTEM\​Setup SystemPartition \​Device\​HarddiskVolume1 2
HKLM\​Software\​Microsoft\ ​Windows\​CurrentVersion DevicePath %SystemRoot%\​inf 1
HKLM\​Software\​Microsoft\ ​Windows\​CurrentVersion\​Setup DriverCachePath %SystemRoot%\​Driver Cache 2
HKLM\​Software\​Microsoft\ ​Windows\​CurrentVersion\​Setup LogLevel 0 2
HKLM\​Software\​Microsoft\ ​Windows\​CurrentVersion\​Setup ServicePackCachePath c:\​windows\​ ServicePackFiles\​ServicePackCache 2
HKLM\​Software\​Microsoft\ ​Windows\​CurrentVersion\​Setup ServicePackSourcePath D:\​ 2
HKLM\​Software\​Microsoft\ ​Windows\​CurrentVersion\​Setup SourcePath D:\​ 2
HKLM\​Software\​Policies\​ Microsoft\​Windows\​Safer\​CodeIdentifiers TransparentEnabled 1 1
HKLM\​System\​ CurrentControlSet\​Control\​ComputerName\​ActiveComputerName ComputerName PC 1
HKLM\​System\​ CurrentControlSet\​Control\​MediaProperties\​PrivateProperties\​ Joystick\​Winmm wheel 1 1
HKLM\​System\​ CurrentControlSet\​Services\​LDAP LdapClientIntegrity 1 1
HKLM\​System\​ CurrentControlSet\​Services\​Tcpip\​Parameters Domain 1
HKLM\​System\​ CurrentControlSet\​Services\​Tcpip\​Parameters Hostname pc 1
HKLM\​System\​Setup SystemSetupInProgress 0 1
HKLM\​System\​WPA\​PnP seed 1274198464 1
HKU\​ S-1-5-21-842925246-1425521274-308236825-500\​Keyboard Layout\​Toggle Language Hotkey 1 2
HKU\​ S-1-5-21-842925246-1425521274-308236825-500\​Keyboard Layout\​Toggle


- Files Read:
C:\WINDOWS\system32\ADVAPI32.dll
C:\WINDOWS\system32\KERNEL32.dll
C:\WINDOWS\system32\USER32.dll
C:\WINDOWS\system32\ntdll.dll

- Memory Mapped Files:
File Name
C:\WINDOWS\system32\ACTIVEDS.dll
C:\WINDOWS\system32\ATL.DLL
C:\WINDOWS\system32\COMCTL32.dll
C:\WINDOWS\system32\Iphlpapi.dll
C:\WINDOWS\system32\MPRAPI.dll
C:\WINDOWS\system32\MSCTF.dll
C:\WINDOWS\system32\SAMLIB.dll
C:\WINDOWS\system32\SETUPAPI.dll
C:\WINDOWS\system32\WS2HELP.dll
C:\WINDOWS\system32\WS2_32.dll
C:\WINDOWS\system32\adsldpc.dll
C:\WINDOWS\system32\imm32.dll
C:\WINDOWS\system32\rtutils.dll
C:\WINDOWS\system32\winmm.dll


Thông qua phân tích ta thấy không có những tác động nguy hiểm gây hại đến hệ thống.

Và thông qua phân tích ta thấy đây là Engine chỉ cho phép dùng thử, có thể có ngày hết hạn.