本帖最后由 墨家小子 于 2015-12-2 10:03 编辑
SHA256: 1a21ffc02ba39f7f1463a6b1e461c58b7318e2c954d8165d5814c4643d7f4531
File name: 1a21ffc02ba39f7f1463a6b1e461c58b7318e2c954d8165d5814c4643d7f4531.exe
Detection ratio: 3 / 54
Analysis date: 2015-12-02 01:56:51 UTC ( 0 minutes ago )
https://www.virustotal.com/en/fi ... nalysis/1449021411/
2015/12/2 9:57:25,C:\Windows\explorer.exe,53,Allowed ;Execution of an application ("C:\Users\AAAAAA\Desktop\1111\1a21ffc02ba39f7f1463a6b1e461c58b7318e2c954d8165d5814c4643d7f4531.exe" )
2015/12/2 9:57:29,C:\Users\AAAAAA\Desktop\1111\1a21ffc02ba39f7f1463a6b1e461c58b7318e2c954d8165d5814c4643d7f4531.exe,53,Allowed ;Execution of an application ("C:\Users\AAAAAA\AppData\Local\TempFix All Windows.exe" )
2015/12/2 9:57:31,C:\Users\AAAAAA\Desktop\1111\1a21ffc02ba39f7f1463a6b1e461c58b7318e2c954d8165d5814c4643d7f4531.exe,53,Allowed ;Execution of an application ("C:\Users\AAAAAA\AppData\Local\TempFix All Windows.exe" )
2015/12/2 9:57:38,C:\Users\AAAAAA\Desktop\1111\1a21ffc02ba39f7f1463a6b1e461c58b7318e2c954d8165d5814c4643d7f4531.exe,53,Allowed ;Execution of an application ("C:\Users\AAAAAA\AppData\Local\Tempaldalam.exe" )
2015/12/2 9:57:41,C:\Users\AAAAAA\AppData\Local\Tempaldalam.exe,53,Allowed ;Execution of an application ("C:\Users\AAAAAA\AppData\Roaming\svchost.exe" )
2015/12/2 9:57:44,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,53,Blocked ;Execution of an application (netsh firewall add allowedprogram "C:\Users\AAAAAA\AppData\Roaming\svchost.exe" "svchost.exe" ENABLE)
2015/12/2 9:57:46,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,26,Blocked ;Modifying protected registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,23556fb1360f366337f97c924e76ead3)
2015/12/2 9:57:50,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,41,Blocked ;Modifying protected file (C:\Users\AAAAAA\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\23556fb1360f366337f97c924e76ead3.exe)
2015/12/2 9:57:53,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,17,Blocked ;Recording keyboard input
2015/12/2 9:57:56,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,26,Blocked ;Modifying protected registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,23556fb1360f366337f97c924e76ead3)
2015/12/2 9:57:59,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,50,Allowed ;Accessing the network via DNSResolver service
2015/12/2 9:58:00,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,26,Blocked ;Modifying protected registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,23556fb1360f366337f97c924e76ead3)
2015/12/2 9:58:08,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,48,Allowed ;Outgoing network access
2015/12/2 9:58:10,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,18,Blocked ;Recording keyboard input
2015/12/2 9:58:11,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,26,Blocked ;Modifying protected registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,23556fb1360f366337f97c924e76ead3)
2015/12/2 9:58:13,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,26,Blocked ;Modifying protected registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,23556fb1360f366337f97c924e76ead3)
2015/12/2 9:58:17,C:\Users\AAAAAA\AppData\Roaming\svchost.exe,26,Terminated ;Modifying protected registry key (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,23556fb1360f366337f97c924e76ead3)
|
发表于 2015-12-2 10:02:54
