本帖最后由 54ss 于 2020-3-29 16:20 编辑
BEST MISS
触发上传到沙箱
沙盒杀
To know when the registry keys are modified,the original file c:\users\jojo\desktop\________2.5.exe asks to be notified when the registry key hklm\software\classes\wow6432node\clsid is changed. Network accesses can be used for the following reasons: check for Internet connection, report a new infection to its author, receive configuration or other data, receive instructions, search for its location, upload information etc. Sends data to or reads data from different domains. Malware can do so to upload stolen information, receive instructions, report a successful infection, etc. The original file c:\users\jojo\desktop\________2.5.exe communicates with timelost.cn/mzgx/2.22.txt, www.baidu.com, yp.timelost.cn/api.php?action=ini, yp.timelost.cn/api.php?action=notice. The original file c:\users\jojo\desktop\________2.5.exe writes the following registry keys: hkcu\software\microsoft\multimedia\drawdib\1024x768x24(bgr 0) : 31,31,31,31, hkcu\software\microsoft\multimedia\drawdib\ 1024x768x24(bgr 0) : 31,31,31,31.
| 
发表于 2020-3-29 16:02:30
发表于 2020-3-29 16:16:20
