本帖最后由 zst470396853 于 2017-9-10 15:53 编辑
小BD Q管国际版 miss
哈勃 高分险 https://habo.qq.com/file/showdet ... =ADAGY11uB24IOls%2F
文件名称: | 4db1adb6de07be91c8bdbc...886830301ad9c1c848519.exe | MD5: | cc5b767f452ff5310651dcc7d8e2384f | 文件类型: | EXE | 上传时间: | 2017-09-10 15:48:40 | 出品公司: | Macromedia, Inc. | 版本: | 8.0.22.0---8,0,22,0 | 壳或编译器信息: | COMPILER:Microsoft Visual C++ 6.0 - 8.0 [Overlay] * |
进程行为行为描述: | 创建本地线程 | 详情信息: | TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2624, ThreadID = 2636, StartAddress = 77DC845A, Parameter = 00000000 TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2624, ThreadID = 2644, StartAddress = 76B2AEAF, Parameter = 00000000 |
文件行为行为描述: | 查找文件 | 详情信息: | FileName = C:\Documents and Settings\Administrator\Application Data\Macromedia\Flash Player\#SharedObjects\* |
其他行为行为描述: | 创建互斥体 | 详情信息: | CTF.LBES.MutexDefaultS-* CTF.Compart.MutexDefaultS-* CTF.Asm.MutexDefaultS-* CTF.Layouts.MutexDefaultS-* CTF.TMD.MutexDefaultS-* CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* MSCTF.Shared.MUTEX.IOH MSCTF.Shared.MUTEX.EEK | 行为描述: | 创建事件对象 | 详情信息: | EventName = Global\crypt32LogoffEvent EventName = DINPUTWINMM EventName = MSCTF.SendReceive.Event.EEK.IC EventName = MSCTF.SendReceiveConection.Event.EEK.IC | 行为描述: | 查找指定窗口 | 详情信息: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,] | 行为描述: | 打开事件 | 详情信息: | HookSwitchHookEnabledEvent Global\crypt32LogoffEvent Global\SvcctrlStartEvent_A3752DX CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010 CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010 MSCTF.SendReceiveConection.Event.IOH.IC MSCTF.SendReceive.Event.IOH.IC | 行为描述: | 窗口信息 | 详情信息: | Pid = 2624, Hwnd=0x10342, Text = Macromedia Flash Player 8, ClassName = ShockwaveFlash. | 行为描述: | 打开互斥体 | 详情信息: | ShimCacheMutex |
进程树- [url=]****.exe (PID: 0x00[/url]
|