本帖最后由 QVM360 于 2019-11-9 22:18 编辑
果然,跑出行为了
微步 3/24
https://s.threatbook.cn/report/f ... p1_enx64_office2013
释放了一堆可执行文件,包括PE文件和dll文件
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\D3EC7F7F0\3A90awQuh.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\G63BA07FF016\6C2DWMm7r.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\B28A70ED\A199hLZGz.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\C1485EF\10111OExk.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\B95DF43F\7D26BtFvW.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\H7F5BE\65E4HFNub.dll
file
C:\Users\vbccsb\Desktop\5df8dc6edc8e959f81784ab7358bcc6c613ca29bbba38f084bc7e6f368f82f39.lnk
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\B728E6\6913DqpK3.dll
file
C:\Users\vbccsb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KA3TG0K\core[1].js
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\G63BA07FF016\403ECG5sf.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\A11E098\F91FlsMLp.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\EC768B\8284MXpZ3.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\D78BF7\CDF7QYjQD.dll
file
C:\Users\vbccsb\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7KA3TG0K\z_stat[1].js
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\G4784333E3\CB212PmlG.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\AB953FF2\2AjIycD.dll
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\C7CDFD\7D11jnIE2.dll
file
C:\Windows\SysWOW64\5DA432mN6.sys
file
C:\Users\vbccsb\AppData\Local\Temp\FA7CF9\CA5FE0B8D70\AB953FF2\17A0KMI1i.dll
|