本帖最后由 swizzer 于 2020-10-24 19:29 编辑
virscan不值得用了。
https://www.virustotal.com/gui/f ... 859325ec7/detection
看展现出的行为危害不大。报不报均有理由。
- 19:18:16:883, Deskrun.exe, 5184:2272, 5184, FILE_touch, C:\Windows\vocx43ub, access:0x00100001 alloc_size:0 attrib:0x00000080 share_access:0x00000003 disposition:0x00000002 options:0x00200021 , 0x00000000 [操作成功完成。 ],
- 19:18:17:085, Deskrun.exe, 5184:2272, 5184, REG_openkey, HKEY_USERS\S-1-5-21-3548940820-3977051365-2280043047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume, access:0x00020019 , 0x00000000 [操作成功完成。 ],
- 19:18:17:085, Deskrun.exe, 5184:2272, 5184, REG_openkey, HKEY_USERS\S-1-5-21-3548940820-3977051365-2280043047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{504e4244-ef23-11e8-89e0-806e6f6e6963}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
- 19:18:17:085, Deskrun.exe, 5184:2272, 5184, REG_getval, HKEY_USERS\S-1-5-21-3548940820-3977051365-2280043047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{504e4244-ef23-11e8-89e0-806e6f6e6963}\Generation, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
- 19:18:17:086, Deskrun.exe, 5184:2272, 5184, REG_openkey, HKEY_USERS\S-1-5-21-3548940820-3977051365-2280043047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume, access:0x00020019 , 0x00000000 [操作成功完成。 ],
- 19:18:17:086, Deskrun.exe, 5184:2272, 5184, REG_openkey, HKEY_USERS\S-1-5-21-3548940820-3977051365-2280043047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{504e4244-ef23-11e8-89e0-806e6f6e6963}, access:0x00020019 , 0x00000000 [操作成功完成。 ],
- 19:18:17:086, Deskrun.exe, 5184:2272, 5184, REG_getval, HKEY_USERS\S-1-5-21-3548940820-3977051365-2280043047-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{504e4244-ef23-11e8-89e0-806e6f6e6963}\Generation, type:0x00000000 datalen:0 data:, 0x00000000 [操作成功完成。 ],
- 19:18:17:086, Deskrun.exe, 5184:2272, 5184, FILE_truncate, C:\Users\Administrator\Desktop\Google Chrome.lnk, eof:0x00000000 , 0x00000000 [操作成功完成。 ],
- 19:18:17:086, Deskrun.exe, 5184:2272, 5184, FILE_write, C:\Users\Administrator\Desktop\Google Chrome.lnk, offset:0x00000000 datalen:0x00000790 , 0x00000000 [操作成功完成。 ],
- 19:18:17:087, Deskrun.exe, 5184:0, 5184, FILE_modified, C:\Users\Administrator\Desktop\Google Chrome.lnk, , 0x00000000 [操作成功完成。 ],
- 19:18:17:290, Deskrun.exe, 5184:0, 5184, FILE_open, D:\$aa\未命名文件夹\Deskrun.exe, access:0x00120089 alloc_size:0 attrib:0x00000000 share_access:0x00000003 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
- 19:18:17:291, Deskrun.exe, 5184:0, 5184, FILE_open, C:\Windows\SysWOW64\cmd.exe, access:0x001000A1 alloc_size:0 attrib:0x00000000 share_access:0x00000005 disposition:0x00000001 options:0x00000060 , 0x00000000 [操作成功完成。 ],
- 19:19:04:901, Deskrun.exe, 5636:0, 5636, PROC_exec, C:\Windows\SysWOW64\cmd.exe, target_pid:3020 cmdline:'C:\Windows\system32\cmd.exe /c regedit /s "C:\Users\ADMINI~1\AppData\Local\Temp\W10_YH.reg"' , 0x00000000 [操作成功完成。 ],
相关reg:
顺便:
|
发表于 2020-10-24 18:52:05
