本帖最后由 墨家小子 于 2015-12-14 19:06 编辑
SHA256: c735808ad1c5ee6b0ccae2cedf84b5d26af23c891ed0af270b68719e1219710e
File name: 13fjr1dkqwkjdqwkjbdqkbkdjbqkwjdbqk82.exe
Detection ratio: 5 / 55
Analysis date: 2015-12-14 10:58:31 UTC ( 0 minutes ago )
https://www.virustotal.com/en/fi ... nalysis/1450090711/
2015/12/14 19:03:58,C:\Windows\explorer.exe,53,Allowed ;执行应用程序 ("C:\Users\AAA\Desktop\W\13fjr1dkqwkjdqwkjbdqkbkdjbqkwjdbqk82.exe" )
2015/12/14 19:04:02,C:\Users\AAA\Desktop\W\13fjr1dkqwkjdqwkjbdqkbkdjbqkwjdbqk82.exe,53,Allowed ;执行应用程序 ("C:\windows\SysWOW64\explorer.exe")
2015/12/14 19:04:03,C:\Windows\System32\svchost.exe,53,Allowed ;执行应用程序 (C:\windows\system32\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5})
2015/12/14 19:04:04,C:\Windows\SysWOW64\explorer.exe,26,Blocked ;修改受保护的注册表键 (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,djSaS011arbaaa1za13a1)
2015/12/14 19:04:06,C:\Windows\SysWOW64\explorer.exe,26,Blocked ;修改受保护的注册表键 (HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce,djSaS011arbaaa1za13a1)
2015/12/14 19:04:24,C:\Windows\SysWOW64\explorer.exe,48,Blocked ;出站网络访问
建立 出站 网络连接 (TCP)
远程地址=109.236.88.13 远程端口=6600
|
发表于 2015-12-14 19:00:23
