本帖最后由 墨家小子 于 2015-12-14 19:03 编辑
SHA256: b7ae75a856fa0b4d6b5bfd7e273538d7316f651158b8721d1b55a3ef0b8f0cb6
File name: 110fjr1dkqwkjdqwkjbdqkbkdjbqkwjdbqk82.exe
Detection ratio: 4 / 55
Analysis date: 2015-12-14 10:58:42 UTC ( 0 minutes ago )
https://www.virustotal.com/en/fi ... nalysis/1450090722/
2015/12/14 19:01:23,C:\Windows\explorer.exe,53,Allowed ;执行应用程序 ("C:\Users\QQQ\Desktop\W\110fjr1dkqwkjdqwkjbdqkbkdjbqkwjdbqk82.exe" )
2015/12/14 19:01:27,C:\Users\QQQ\Desktop\W\110fjr1dkqwkjdqwkjbdqkbkdjbqkwjdbqk82.exe,53,Allowed ;执行应用程序 ("C:\windows\SysWOW64\explorer.exe")
2015/12/14 19:01:28,C:\Windows\SysWOW64\explorer.exe,26,Blocked ;修改受保护的注册表键 (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,a12121zq)
2015/12/14 19:01:31,C:\Windows\SysWOW64\explorer.exe,26,Blocked ;修改受保护的注册表键 (HKCU\Software\Microsoft\Windows\CurrentVersion\RunOnce,a12121zq)
2015/12/14 19:01:52,C:\Windows\SysWOW64\explorer.exe,48,Blocked ;出站网络访问
建立 出站 网络连接 (TCP)
远程地址=94.23.33.110 远程端口=6600
|
发表于 2015-12-14 19:01:16
