收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 (双击有惊喜)Are you ok?
1234567
返回列表 发新帖
楼主: 引领五基生活
 收起左侧

[病毒样本] (双击有惊喜)Are you ok?

  [复制链接]
cwmz2005
发表于 2017-9-5 12:07:12 | 显示全部楼层
本帖最后由 cwmz2005 于 2017-9-5 12:08 编辑

https://habo.qq.com/file/showdetail?md5=b1c05acd8cbbf1bd9a2448da0c10c411&pk=ADAGY11tB2cIP1s1
某讯某勃报告基本信息
文件名称:
XXPlayer.exe
MD5:b1c05acd8cbbf1bd9a2448da0c10c411
文件类型:Autoit
上传时间:2017-09-05 11:15:30
出品公司:N/A
版本:2.2.3.3---2.2.3.3
壳或编译器信息:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
子文件信息:[url=]详情[/url]


关键行为
行为描述:屏蔽窗口关闭消息
详情信息:
hWnd = 0x00050340, Text = , ClassName = AutoIt v3 GUI.
行为描述:设置特殊文件夹属性
详情信息:
C:\Documents and Settings\Administrator\桌面\32607145
C:\Documents and Settings\Administrator\桌面\29792036
C:\Documents and Settings\Administrator\桌面\77951872
C:\Documents and Settings\Administrator\桌面\84739999
C:\Documents and Settings\Administrator\桌面\36065676
C:\Documents and Settings\Administrator\桌面\65341610
C:\Documents and Settings\Administrator\桌面\96887196
C:\Documents and Settings\Administrator\桌面\98269237
C:\Documents and Settings\Administrator\桌面\64537427
C:\Documents and Settings\Administrator\桌面\55050707
C:\Documents and Settings\Administrator\桌面\86136661
C:\Documents and Settings\Administrator\桌面\46244561
C:\Documents and Settings\Administrator\桌面\67520112
C:\Documents and Settings\Administrator\桌面\77715266
C:\Documents and Settings\Administrator\桌面\18781476
行为描述:在桌面创建文件
详情信息:
C:\Documents and Settings\Administrator\桌面\32607145\Desktop.ini
C:\Documents and Settings\Administrator\桌面\29792036\Desktop.ini
C:\Documents and Settings\Administrator\桌面\77951872\Desktop.ini
C:\Documents and Settings\Administrator\桌面\84739999\Desktop.ini
C:\Documents and Settings\Administrator\桌面\36065676\Desktop.ini
C:\Documents and Settings\Administrator\桌面\65341610\Desktop.ini
C:\Documents and Settings\Administrator\桌面\96887196\Desktop.ini
C:\Documents and Settings\Administrator\桌面\98269237\Desktop.ini
C:\Documents and Settings\Administrator\桌面\64537427\Desktop.ini
C:\Documents and Settings\Administrator\桌面\55050707\Desktop.ini
C:\Documents and Settings\Administrator\桌面\86136661\Desktop.ini
C:\Documents and Settings\Administrator\桌面\46244561\Desktop.ini
C:\Documents and Settings\Administrator\桌面\67520112\Desktop.ini
C:\Documents and Settings\Administrator\桌面\77715266\Desktop.ini
C:\Documents and Settings\Administrator\桌面\18781476\Desktop.ini
行为描述:跨进程写入数据
详情信息:
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00010000, Size = 0x000007c2 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00020000, Size = 0x000006e0 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd6010, Size = 0x00000004 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00030000, Size = 0x00000184 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd61e8, Size = 0x00000004 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00010000, Size = 0x000007c2 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00020000, Size = 0x000006e0 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd4010, Size = 0x00000004 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00030000, Size = 0x00000184 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd41e8, Size = 0x00000004 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00010000, Size = 0x000007c2 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00020000, Size = 0x000006e0 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd3010, Size = 0x00000004 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00030000, Size = 0x00000184 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd31e8, Size = 0x00000004 TargetPID = 0x00000a68


进程行为
行为描述:隐藏窗口创建进程
详情信息:
ImagePath = , CmdLine = cmd.exe /c md "Are you OK...\"
行为描述:创建进程
详情信息:
[0x00000b10]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b18]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b20]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b28]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b30]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b38]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b40]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b48]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b50]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b78]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b88]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b90]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000b98]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000ba0]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
[0x00000ba8]ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd.exe /c md "Are you OK...\"
行为描述:创建本地线程
详情信息:
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2744, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2720, ThreadID = 2748, StartAddress = 0044B252, Parameter = 01673010
行为描述:跨进程写入数据
详情信息:
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00010000, Size = 0x000007c2 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00020000, Size = 0x000006e0 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd6010, Size = 0x00000004 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00030000, Size = 0x00000184 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd61e8, Size = 0x00000004 TargetPID = 0x00000988
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00010000, Size = 0x000007c2 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00020000, Size = 0x000006e0 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd4010, Size = 0x00000004 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00030000, Size = 0x00000184 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd41e8, Size = 0x00000004 TargetPID = 0x00000a30
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00010000, Size = 0x000007c2 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00020000, Size = 0x000006e0 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd3010, Size = 0x00000004 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x00030000, Size = 0x00000184 TargetPID = 0x00000a68
TargetProcess = C:\WINDOWS\system32\VBoxService.exe, WriteAddress = 0x7ffd31e8, Size = 0x00000004 TargetPID = 0x00000a68


文件行为
行为描述:创建文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temp\aut3.tmp
C:\Documents and Settings\Administrator\Application Data\83908025.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp
C:\Documents and Settings\Administrator\Application Data\57641833.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp
C:\Documents and Settings\Administrator\Application Data\99077484.reg
行为描述:覆盖已有文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temp\aut3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp
行为描述:查找文件
详情信息:
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings\Administrator\Application Data\83908025.ico
FileName = C:\Documents and Settings\Administrator\Application Data\57641833.bmp
FileName = C:\Documents and Settings\Administrator\Application Data\99077484.reg
FileName = C:\Documents and Settings\Administrator\桌面\32607145\
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\cmd.exe
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\Administrator\桌面\32607145
行为描述:删除文件
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temp\aut3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp
行为描述:在桌面创建文件
详情信息:
C:\Documents and Settings\Administrator\桌面\32607145\Desktop.ini
C:\Documents and Settings\Administrator\桌面\29792036\Desktop.ini
C:\Documents and Settings\Administrator\桌面\77951872\Desktop.ini
C:\Documents and Settings\Administrator\桌面\84739999\Desktop.ini
C:\Documents and Settings\Administrator\桌面\36065676\Desktop.ini
C:\Documents and Settings\Administrator\桌面\65341610\Desktop.ini
C:\Documents and Settings\Administrator\桌面\96887196\Desktop.ini
C:\Documents and Settings\Administrator\桌面\98269237\Desktop.ini
C:\Documents and Settings\Administrator\桌面\64537427\Desktop.ini
C:\Documents and Settings\Administrator\桌面\55050707\Desktop.ini
C:\Documents and Settings\Administrator\桌面\86136661\Desktop.ini
C:\Documents and Settings\Administrator\桌面\46244561\Desktop.ini
C:\Documents and Settings\Administrator\桌面\67520112\Desktop.ini
C:\Documents and Settings\Administrator\桌面\77715266\Desktop.ini
C:\Documents and Settings\Administrator\桌面\18781476\Desktop.ini
行为描述:设置特殊文件夹属性
详情信息:
C:\Documents and Settings\Administrator\桌面\32607145
C:\Documents and Settings\Administrator\桌面\29792036
C:\Documents and Settings\Administrator\桌面\77951872
C:\Documents and Settings\Administrator\桌面\84739999
C:\Documents and Settings\Administrator\桌面\36065676
C:\Documents and Settings\Administrator\桌面\65341610
C:\Documents and Settings\Administrator\桌面\96887196
C:\Documents and Settings\Administrator\桌面\98269237
C:\Documents and Settings\Administrator\桌面\64537427
C:\Documents and Settings\Administrator\桌面\55050707
C:\Documents and Settings\Administrator\桌面\86136661
C:\Documents and Settings\Administrator\桌面\46244561
C:\Documents and Settings\Administrator\桌面\67520112
C:\Documents and Settings\Administrator\桌面\77715266
C:\Documents and Settings\Administrator\桌面\18781476
行为描述:修改文件内容
详情信息:
C:\Documents and Settings\Administrator\Local Settings\Temp\aut3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\83908025.ico ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\83908025.ico ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\aut4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\57641833.bmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\aut5.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\99077484.reg ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\32607145\Desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\32607145\Desktop.ini ---> Offset = 54
C:\Documents and Settings\Administrator\桌面\32607145\Desktop.ini ---> Offset = 138
C:\Documents and Settings\Administrator\桌面\29792036\Desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\29792036\Desktop.ini ---> Offset = 54
C:\Documents and Settings\Administrator\桌面\29792036\Desktop.ini ---> Offset = 138
C:\Documents and Settings\Administrator\桌面\77951872\Desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\桌面\77951872\Desktop.ini ---> Offset = 54


其他行为
行为描述:检测自身是否被调试
详情信息:
IsDebuggerPresent
行为描述:创建互斥体
详情信息:
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.EKK
行为描述:创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.EKK.IC
EventName = MSCTF.SendReceiveConection.Event.EKK.IC
行为描述:查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:调整进程token权限
详情信息:
SE_LOAD_DRIVER_PRIVILEGE
行为描述:屏蔽窗口关闭消息
详情信息:
hWnd = 0x00050340, Text = , ClassName = AutoIt v3 GUI.
行为描述:打开事件
详情信息:
HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
行为描述:隐藏指定窗口
详情信息:
[Window,Class] = [AutoIt v3,AutoIt v3]
行为描述:打开互斥体
详情信息:
ShimCacheMutex


进程树
  • [url=]****.exe (PID: 0x00000aa0)[/url]
    • [url=]cmd.exe (PID: 0x00000b10)[/url]
    • [url=]cmd.exe (PID: 0x00000b18)[/url]
    • [url=]cmd.exe (PID: 0x00000b20)[/url]
    • [url=]cmd.exe (PID: 0x00000b28)[/url]
    • [url=]cmd.exe (PID: 0x00000b30)[/url]
    • [url=]cmd.exe (PID: 0x00000b38)[/url]
    • [url=]cmd.exe (PID: 0x00000b40)[/url]
    • [url=]cmd.exe (PID: 0x00000b48)[/url]
    • [url=]cmd.exe (PID: 0x00000b50)[/url]
    • [url=]cmd.exe (PID: 0x00000b78)[/url]
    • [url=]cmd.exe (PID: 0x00000b88)[/url]
    • [url=]cmd.exe (PID: 0x00000b90)[/url]
    • [url=]cmd.exe (PID: 0x00000b98)[/url]
    • [url=]cmd.exe (PID: 0x00000ba0)[/url]
    • [url=]cmd.exe (PID: 0x00000ba8)[/url]
    • [url=]cmd.exe (PID: 0x00000bb0)[/url]
    • [url=]cmd.exe (PID: 0x00000bb8)[/url]
    • [url=]cmd.exe (PID: 0x00000bc0)[/url]
    • [url=]cmd.exe (PID: 0x00000bc8)[/url]
    • [url=]cmd.exe (PID: 0x00000bd0)[/url]
    • [url=]cmd.exe (PID: 0x00000bd8)[/url]
    • [url=]cmd.exe (PID: 0x00000bf8)[/url]
    • [url=]cmd.exe (PID: 0x00000c04)[/url]
    • [url=]cmd.exe (PID: 0x00000c0c)[/url]
    • [url=]cmd.exe (PID: 0x00000c14)[/url]
    • [url=]cmd.exe (PID: 0x00000c1c)[/url]
    • [url=]cmd.exe (PID: 0x00000c24)[/url]
    • [url=]cmd.exe (PID: 0x00000c2c)[/url]
    • [url=]cmd.exe (PID: 0x00000c34)[/url]
    • [url=]cmd.exe (PID: 0x00000c3c)[/url]
    • [url=]cmd.exe (PID: 0x00000c44)[/url]
    • [url=]cmd.exe (PID: 0x00000c4c)[/url]
    • [url=]cmd.exe (PID: 0x00000c54)[/url]
    • [url=]cmd.exe (PID: 0x00000c5c)[/url]
    • [url=]cmd.exe (PID: 0x00000c74)[/url]
    • [url=]cmd.exe (PID: 0x00000c84)[/url]
    • [url=]cmd.exe (PID: 0x00000c8c)[/url]
    • [url=]cmd.exe (PID: 0x00000c94)[/url]
    • [url=]cmd.exe (PID: 0x00000c9c)[/url]
    • [url=]cmd.exe (PID: 0x00000ca4)[/url]
    • [url=]cmd.exe (PID: 0x00000cac)[/url]
    • [url=]cmd.exe (PID: 0x00000cb4)[/url]
    • [url=]cmd.exe (PID: 0x00000cbc)[/url]
    • [url=]cmd.exe (PID: 0x00000cc4)[/url]
    • [url=]cmd.exe (PID: 0x00000ccc)[/url]
    • [url=]cmd.exe (PID: 0x00000ce0)[/url]
    • [url=]cmd.exe (PID: 0x00000d10)[/url]
    • [url=]cmd.exe (PID: 0x00000d4c)[/url]
    • [url=]cmd.exe (PID: 0x00000d5c)[/url]
    • [url=]cmd.exe (PID: 0x00000d64)[/url]
    • [url=]cmd.exe (PID: 0x00000d78)[/url]
    • [url=]cmd.exe (PID: 0x00000d80)[/url]
    • [url=]cmd.exe (PID: 0x00000d88)[/url]
    • [url=]cmd.exe (PID: 0x00000d90)[/url]
    • [url=]cmd.exe (PID: 0x00000d98)[/url]
    • [url=]cmd.exe (PID: 0x00000da0)[/url]
    • [url=]cmd.exe (PID: 0x00000dd4)[/url]
    • [url=]cmd.exe (PID: 0x00000dec)[/url]
    • [url=]cmd.exe (PID: 0x00000dfc)[/url]
    • [url=]cmd.exe (PID: 0x00000e0c)[/url]
    • [url=]cmd.exe (PID: 0x00000e18)[/url]
    • [url=]cmd.exe (PID: 0x00000e20)[/url]
    • [url=]cmd.exe (PID: 0x00000e28)[/url]
    • [url=]cmd.exe (PID: 0x00000e30)[/url]
    • [url=]cmd.exe (PID: 0x00000e38)[/url]
    • [url=]cmd.exe (PID: 0x00000e40)[/url]
    • [url=]cmd.exe (PID: 0x00000e50)[/url]
    • [url=]cmd.exe (PID: 0x00000e68)[/url]
    • [url=]cmd.exe (PID: 0x00000e70)[/url]
    • [url=]cmd.exe (PID: 0x00000e78)[/url]
    • [url=]cmd.exe (PID: 0x00000e84)[/url]
    • [url=]cmd.exe (PID: 0x00000e8c)[/url]
    • [url=]cmd.exe (PID: 0x00000e94)[/url]
    • [url=]cmd.exe (PID: 0x00000e9c)[/url]
    • [url=]cmd.exe (PID: 0x00000ea4)[/url]
    • [url=]cmd.exe (PID: 0x00000eac)[/url]
    • [url=]cmd.exe (PID: 0x00000eb4)[/url]
    • [url=]cmd.exe (PID: 0x00000ebc)[/url]
    • [url=]cmd.exe (PID: 0x00000ec4)[/url]
    • [url=]cmd.exe (PID: 0x00000ed8)[/url]
    • [url=]cmd.exe (PID: 0x00000eec)[/url]
    • [url=]cmd.exe (PID: 0x00000ef4)[/url]
    • [url=]cmd.exe (PID: 0x00000efc)[/url]
    • [url=]cmd.exe (PID: 0x00000f04)[/url]
    • [url=]cmd.exe (PID: 0x00000f0c)[/url]
    • [url=]cmd.exe (PID: 0x00000f14)[/url]
    • [url=]cmd.exe (PID: 0x00000f1c)[/url]
    • [url=]cmd.exe (PID: 0x00000f24)[/url]
    • [url=]cmd.exe (PID: 0x00000f2c)[/url]
    • [url=]cmd.exe (PID: 0x00000f34)[/url]
    • [url=]cmd.exe (PID: 0x00000f3c)[/url]
    • [url=]cmd.exe (PID: 0x00000f44)[/url]
    • [url=]cmd.exe (PID: 0x00000f5c)[/url]
    • [url=]cmd.exe (PID: 0x00000f6c)[/url]
    • [url=]cmd.exe (PID: 0x00000f74)[/url]
    • [url=]cmd.exe (PID: 0x00000f7c)[/url]
    • [url=]cmd.exe (PID: 0x00000f84)[/url]
    • [url=]cmd.exe (PID: 0x00000f90)[/url]
    • [url=]cmd.exe (PID: 0x00000f98)[/url]
    • [url=]cmd.exe (PID: 0x00000fa0)[/url]
    • [url=]cmd.exe (PID: 0x00000fa8)[/url]
    • [url=]cmd.exe (PID: 0x00000fb0)[/url]
    • [url=]cmd.exe (PID: 0x00000fbc)[/url]
    • [url=]cmd.exe (PID: 0x00000fc4)[/url]
    • [url=]cmd.exe (PID: 0x00000fcc)[/url]
    • [url=]cmd.exe (PID: 0x00000ff0)[/url]
    • [url=]cmd.exe (PID: 0x00000ff8)[/url]
    • [url=]cmd.exe (PID: 0x00000784)[/url]
    • [url=]cmd.exe (PID: 0x00000070)[/url]
    • [url=]cmd.exe (PID: 0x00000798)[/url]
    • [url=]cmd.exe (PID: 0x000006d4)[/url]
    • [url=]cmd.exe (PID: 0x000001d8)[/url]
    • [url=]cmd.exe (PID: 0x00000090)[/url]
    • [url=]cmd.exe (PID: 0x00000228)[/url]
    • [url=]cmd.exe (PID: 0x000001c0)[/url]
    • [url=]cmd.exe (PID: 0x0000014c)[/url]
    • [url=]cmd.exe (PID: 0x00000538)[/url]
    • [url=]cmd.exe (PID: 0x0000078c)[/url]
    • [url=]cmd.exe (PID: 0x00000674)[/url]
    • [url=]cmd.exe (PID: 0x00000654)[/url]
    • [url=]cmd.exe (PID: 0x00000680)[/url]
    • [url=]cmd.exe (PID: 0x0000067c)[/url]
    • [url=]cmd.exe (PID: 0x000000c4)[/url]
    • [url=]cmd.exe (PID: 0x0000066c)[/url]
    • [url=]cmd.exe (PID: 0x000001b4)[/url]
    • [url=]cmd.exe (PID: 0x000003ec)[/url]
    • [url=]cmd.exe (PID: 0x000000a8)[/url]
    • [url=]cmd.exe (PID: 0x000000c0)[/url]
    • [url=]cmd.exe (PID: 0x000005c8)[/url]
    • [url=]cmd.exe (PID: 0x000005f4)[/url]
    • [url=]cmd.exe (PID: 0x00000504)[/url]
    • [url=]cmd.exe (PID: 0x00000718)[/url]
    • [url=]cmd.exe (PID: 0x000002c4)[/url]
    • [url=]cmd.exe (PID: 0x0000021c)[/url]
    • [url=]cmd.exe (PID: 0x00000710)[/url]
    • [url=]cmd.exe (PID: 0x00000750)[/url]
    • [url=]cmd.exe (PID: 0x00000714)[/url]
    • [url=]cmd.exe (PID: 0x00000774)[/url]
    • [url=]cmd.exe (PID: 0x00000550)[/url]
    • [url=]cmd.exe (PID: 0x00000568)[/url]
    • [url=]cmd.exe (PID: 0x000008b4)[/url]
    • [url=]cmd.exe (PID: 0x00000874)[/url]
    • [url=]cmd.exe (PID: 0x000008bc)[/url]
    • [url=]cmd.exe (PID: 0x0000087c)[/url]
    • [url=]cmd.exe (PID: 0x000008a4)[/url]
    • [url=]cmd.exe (PID: 0x000008b0)[/url]
    • [url=]cmd.exe (PID: 0x000008e0)[/url]
    • [url=]cmd.exe (PID: 0x000008e8)[/url]
    • [url=]cmd.exe (PID: 0x00000700)[/url]
    • [url=]cmd.exe (PID: 0x00000778)[/url]
    • [url=]cmd.exe (PID: 0x00000804)[/url]
    • [url=]cmd.exe (PID: 0x0000080c)[/url]
    • [url=]cmd.exe (PID: 0x00000814)[/url]
    • [url=]cmd.exe (PID: 0x00000820)[/url]
    • [url=]cmd.exe (PID: 0x00000828)[/url]
    • [url=]cmd.exe (PID: 0x00000830)[/url]
    • [url=]cmd.exe (PID: 0x00000848)[/url]
    • [url=]cmd.exe (PID: 0x00000858)[/url]
    • [url=]cmd.exe (PID: 0x00000860)[/url]
    • [url=]cmd.exe (PID: 0x00000890)[/url]
    • [url=]cmd.exe (PID: 0x000008a8)[/url]
    • [url=]cmd.exe (PID: 0x000002f8)[/url]
    • [url=]cmd.exe (PID: 0x000005ac)[/url]
    • [url=]cmd.exe (PID: 0x000008c4)[/url]
    • [url=]cmd.exe (PID: 0x000008b8)[/url]
    • [url=]cmd.exe (PID: 0x000008c8)[/url]
    • [url=]cmd.exe (PID: 0x00000508)[/url]
    • [url=]cmd.exe (PID: 0x0000090c)[/url]
    • [url=]cmd.exe (PID: 0x00000914)[/url]
    • [url=]cmd.exe (PID: 0x00000980)[/url]
    • [url=]cmd.exe (PID: 0x000009b0)[/url]
    • [url=]cmd.exe (PID: 0x000009a8)[/url]
    • [url=]cmd.exe (PID: 0x00000998)[/url]
    • [url=]cmd.exe (PID: 0x000009e0)[/url]
    • [url=]vboxservice.exe guestsession --session-id=5 --session-proto=2 --user Administrator (PID: 0x00000988)[/url]
    • [url=]cmd.exe (PID: 0x00000994)[/url]
    • [url=]cmd.exe (PID: 0x00000a18)[/url]
    • [url=]cmd.exe (PID: 0x00000a28)[/url]
    • [url=]cmd.exe (PID: 0x00000a3c)[/url]
    • [url=]cmd.exe (PID: 0x00000a50)[/url]
    • [url=]cmd.exe (PID: 0x00000a58)[/url]
    • [url=]vboxservice.exe guestsession --session-id=5 --session-proto=2 --user Administrator (PID: 0x00000a30)[/url]
    • [url=]cmd.exe (PID: 0x00000a7c)[/url]
    • [url=]cmd.exe (PID: 0x00000a20)[/url]
    • [url=]cmd.exe (PID: 0x00000a9c)[/url]
    • [url=]cmd.exe (PID: 0x00000ab4)[/url]
    • [url=]cmd.exe (PID: 0x00000aac)[/url]
    • [url=]cmd.exe (PID: 0x00000a74)[/url]
    • [url=]vboxservice.exe guestsession --session-id=5 --session-proto=2 --user Administrator (PID: 0x00000a68)[/url]
    • [url=]cmd.exe (PID: 0x00000ad4)[/url]
    • [url=]cmd.exe /c md "Are you OK...\" (PID: 0x00000acc)[/url]




回复

举报

巭孬嫑勥烎
发表于 2017-9-7 11:37:27 | 显示全部楼层
惊喜是什么?
回复

举报

1234567
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-18 11:08 , Processed in 0.094309 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表