[非 MC] CRCSN v3.0 将添加新的反控制操作
本帖最后由 MaxLHy 于 2024-1-14 11:03 编辑今天早上去学校机房收集了一些新信息,未来将会根据这些信息制作反控制方案添加进 CRCSN v3.0 中。如果下列列出的信息存在遗漏,或有不通用的条目,欢迎提出!
(注:PE 指可执行文件,REG 指注册表,SVR 指服务或驱动程序)
极域电子教室:PE:
DispcapHelper.exe
SpecialSet.exe
VRCwPlayer.exe
Error.exe
InstHelpApp.exe
TDOvrSet.exe
REG:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\TopDomain
HKEY_CLASSES_ROOT\Installer\Products\FDEE4BF597A63C540B94FE23C70AF3DC
HKEY_CLASSES_ROOT\Installer\UpgradeCodes\6E86339719C04A04984912F95897F792
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\FDEE4BF597A63C540B94FE23C70AF3DC
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\LowRegistry\Audio\PolicyConfig\PropertyStore\887ee324_0
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam
SVR:
STUDSRV
联想云教室:PE:
vncviewer.exe
tvnserver32.exe
WFDeskShow.exe
WfbsPnpInstall.exe
WFBSMon.exe
WFBSMlogon.exe
refreship.exe
LenovoLockScreen.exe
Install64.exe
Install32.exe
DeploymentManager.exe
DeploymentAgent.exe
WFBSSvrLogShow.exe
ResetIp.exe
uninstallCnt.exe
FuncForWIN64.exe
CertMgr.exe
Fireware.exe
BCDBootCopy.exe
REG:
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Uninstall\ADS
HKEY_CLASSES_ROOT\WOW6432Node\TypeLib\{AC2111F0-CE68-4693-A392-0D0432429B1B}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application\tvnserver
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\WFBS
HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\ADS
HKEY_LOCAL_MACHINE\SOFTWARE\Lenovo
HKEY_CLASSES_ROOT\TypeLib\{AC2111F0-CE68-4693-A392-0D0432429B1B}
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\bam
SVR:
BSAgentSvr
WFBSMlogon目前就收集了这么多,很快就会添加进来了,有什么建议也欢迎提出!
页: [1]