收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 国外杀毒软件 玩梦幻西游手游PC桌面端Hitman报毒
返回列表 发新帖
查看: 2191|回复: 1
收起左侧

[求助] 玩梦幻西游手游PC桌面端Hitman报毒

[复制链接]
q400123
头像被屏蔽
发表于 2021-7-23 23:17:51 | 显示全部楼层 |阅读模式
HitmanPro.Alert更新3.8.14 build907,在论坛下载的这个。运行梦幻西游手游,登录游戏后,大概过个10来秒,游戏就自动关闭,Hitman就弹出警告。大佬们看看是什么问题,是误报还是怎么,如果是是误报需要怎么在Hitman设置排除呢?下面是报错图片的内容。

The application, one of its loaded modules, or another process, has attempted to allocate memory with executable permissions to introduce additional code not part of the base program.

MITRE ATT&CK

Supply Chain Compromise - ID: T1195, Tactic: Initial Access


Details
Mitigation   HeapHeapProtect
Timestamp    2021-07-23T15:14:16

Platform     10.0.19043/x64 v907 06_a5%
PID          16808
WoW          x86
Feature      007D0A30000001A6
Application  C:\Program Files (x86)\梦幻西游手游\My\mymain.exe
Created      2021-07-22T16:05:32
Description  《梦幻西游》手游 1.174

Callee Type  AllocateVirtualMemory

Shellcode (HHA) (0x0076A000 bytes)
Owner of CALLER: (anonymous; allocated by 012D9A3A, mymain.exe)

OwnerModule
Name         mymain.exe
Thumbprint   62eeeb283c1cffbfeb0618b4d5eb98018379a1a11292dc1b9a0b4eef13c704a1
SHA-256      c8bc07f2a3d223b730b07748664f34107624a8b8326a135de3718b58a64507f9
SHA-1        cea15c5331b6332e856ea222839c6a0561a1be15
MD5          b04742dd23761dfcaa677268875a97a7

33CCDBA8  ffd0                     CALL         EAX
33CCDBAA  8bf0                     MOV          ESI, EAX
33CCDBAC  85f6                     TEST         ESI, ESI
33CCDBAE  740e                     JZ           0x33ccdbbe
33CCDBB0  8b4d18                   MOV          ECX, [EBP+0x18]
33CCDBB3  33c0                     XOR          EAX, EAX
33CCDBB5  8901                     MOV          [ECX], EAX
33CCDBB7  8bc6                     MOV          EAX, ESI
33CCDBB9  5e                       POP          ESI
33CCDBBA  5d                       POP          EBP
33CCDBBB  c21400                   RET          0x14
33CCDBBE  ff15dc101934             CALL         DWORD [0x341910dc]
33CCDBC4  8b4d18                   MOV          ECX, [EBP+0x18]
33CCDBC7  8901                     MOV          [ECX], EAX
33CCDBC9  8bc6                     MOV          EAX, ESI
33CCDBCB  5e                       POP          ESI

----- SNIP HERE -----
AAMTAQDQzDOo28wzANDMMwBAOwC4BBMCAIlF7I2BvAQTAgCJRfCNgcAEEwIAVolF9IvyjYHEBBMCAIlF+I1N/DPAO85Xi30IG/aD5vmDxgeLCo1SBECJOTvGdfSLTfxfM81e6Kao8P+L5V3CBAATKsxVi+yD7BShKDEYNDPFiUX8DygNkFwNNI1V7LgCEwMAZg9uwVZmD3DQAI1N/IvyZg9uwDPAO85mD/LIG/ZmD/4NcF0NNIPm/GYP/sqDxgRXi30IDxFN7IsKjVIEQIk5O8Z19ItN/F8zzV7oCKjw/4vlXcIEABMszFWL7IPsCI2BHAMTAgBWiUX4jVX4jYFQAxMCAIvyiUX8jU0AM8A7zleLfQgb9oPm/oPGAosKjVIEQIk5O8Z19F9ei+VdwgQAExvMVYvsg+wQoSgxGDQzxYlF/I2BsAMTAgCJRfCNVfCNgbQDEwIAVolF9IvyjYG4AxMCAIlF+I1N/DPAO85Xi30IG/aD5v2DxgOLCo1SBECJOTvGdfSLTfxfM81e6Bqn8P+L5V3CBAATHsxVi+yB7KATAwChKDEYNDPFiUX8DygVkFwNNLoCEwMADyglEF0NNDPAZg9uwWYPcMgAZg9u2hMDZg8fhBMFAGYPbsBmD3DAAGYP/sJmD/LDZg/+xGYP/sEPEYSFYBMD/4PABIP4DHzXDyglUF0NNI2B6AMTAgCJRZCNgewDEwIAiUWUjYHwAxMCAIlFmI2B9AMTAgCJRZyNgfgDEwIAiUWgjYH8AxMCAIlFpI2BAAQTAgCJRaiNgRMCBBMCAIlFrI2BCAQTAgCJRbAzwGYPbsBmD3DAAGYP/sJmD/LDZg/+xGYP/sEPEUSFtIPABIP4CHzajYHcBBMCADPSiUXUjYE0BRMCAIlF2I2BOAUTAgCJRdyNgTwFEwIAiUXgjYFABRMCAIlF5I2BRAUTAgCJReiNgUgFEwIAiUXsjYFMBRMCAIlF8I2BUAUTAgBWiUX0jYFUBRMCABMCjWATA/+JRfiL8Y1F/DvGV4t9CBv2g+bZg8YnkIsBjUkEQok4O9Z19ItN/F8zzV7ofqXw/4vlXcIEABNizFWL7IPsEKEoMRg0M8WJRfyNgZQEEwIAiUXwjVXwjYGYBBMCAFaJRfSL8o2BnAQTAgCJRfiNTfwzwDvOV4t9CBv2g+b9g8YDiwqNUgRAiTk7xnX0i038XzPNXui6pPD/i+VdwgQAEx7MVYvsg7loARMDAItFJHUOi4n4AxMCAIkIM8BdwiAA/3UgxxMFAP91HIuBaAETAgD/dRj/dRT/dRD/dQz/dQj/0F3CIAATHMxVi+yLgcQCEwIAhcB1EYtFEIuJVAUTAgCJCDPAXcIMAFb/dQz/dQj/0IvwhfZ0DotNEDPAiQGLxl5dwgwA/xXcEBk0i00QiQGLxl5dwgwAExPMVYvsi4EMARMCAIXAdRGLRRSLiZwDEwIAiQgzwF3CEABW/3UQ/3UM/3UI/9CL8IX2dA6LTRQzwIkBi8ZeXcIQAP8V3BAZNItNFIkBi8ZeXcIQABMgzFWL7IuBcAETAgCFwHURi0UYi4kABBMCAIkIM8BdwhQAVv91FP91EP91DP91CP/Qi/CF9nQOi00YM8CJAYvGXl3CFAD/FdwQGTSLTRiJAYvGXl3CFAATHcxVi+yLRQiJgSgEEwIAXcIEABMQzFWL7IO5KAETAwCLRRx1DouJuAMTAgCJCDPAXcIYAP91GMcTBQD/dRSLgSgBEwIA/3UQ/3UM/3UI/9BdwhgAExLMVYvsg7kkARMDAItFGHURi4m0AxMCAIkIuAETAwBdwhQA/3UUxxMFAP91EIuBJAETAgD/dQz/dQj/0F3CFAATEsxVi+yDuSABEwMAi0UYdQ6LibADEwIAiQgzwF3CFAD/dRTHEwUA/3UQi4EgARMCAP91DP91CP/QXcIUABMVzFWL7ItVDFaLdQhXx0YQEwQAx0YUDxMDAMYGAItBEDvCciWLfRArwjvHD0L4g3kUEHICiwkDyldRi87od1Pw/1+Lxl5dwgwA6FzZ8P8TI8xVi+yLgeQTAwCFwHUSi0UMi4l0AxMCAIkIg8j/XcIIAFb/dQj/0Ivwg/7/dA6LTQwzwIkBi8ZeXcIIAP8V3BAZNItNDIkBi8ZeXcIIABMUzFWL7IuB4AETAgCFwHURi0UUi4lwBBMCAIkIM8BdwhAAVv91EP91DP91CP/Qi/CF9nQOi00UM8CJAYvGXl3CEAD/FdwQGTSLTRSJAYvGXl3CEAATIMxVi+yLgdgTAwCFwHURi0UQi4loAxMCAIkIM8BdwgwAVv91DP91CP/Qi/CF9nQOi00QM8CJAYvGXl3CDAD/FdwQGTSLTRCJAYvGXl3CDAATE8xVi+yLgdwTAwCFwHURi0UQi4lsAxMCAIkIM8BdwgwAVv91DP91CP/Qi/CF9nQOi00QM8CJAYvGXl3CDAD/FdwQGTSLTRCJAYvGXl3CDAATE8xVi+yDuVwBEwMAi0UMdQ6LiewDEwIAiQgzwF3CCAD/dQjHEwUAi4FcARMCAP/QXcIIABMOzFWL7IO5bAETAwCLRQx1DouJ/AMTAgCJCDPAXcIIAP91CMcTBQCLgWwBEwIA/9BdwggAEw7MVYvsi4F0ARMCAIXAdRGLRQyLiRMCBBMCAIkIM8BdwggAVv91CP/Qi/CF9nQOi00MM8CJAYvGXl3CCAD/FdwQGTSLTQyJAYvGXl3CCAATFsxVi+yLgfABEwIAhcB1EYtFEIuJgAQTAgCJCDPAXcIMAFb/dQz/dQj/0IvwhfZ0DotNEDPAiQGLxl5dwgwA/xXcEBk0i00QiQGLxl5dwgwAExPMVYvsi4EMAhMCAIXAdRGLRRiLiZwEEwIAiQgzwF3CFABW/3UU/3UQ/3UM/3UI/9CL8IX2dA6LTRgzwIkBi8ZeXcIUAP8V3BAZNItNGIkBi8ZeXcIUABMdzFWL7IO5gAITAwCLRRh1EIuJEAUTAgCJCDPAM9JdwhQA/3UUxxMFAP91EIuBgAITAgD/dQz/dQj/0F3CFAATE8xVi+yLgXwCEwIAhcB1EYtFGIuJDAUTAgCJCDPAXcIUAFb/dRT/dRD/dQz/dQj/0IvwhfZ0DotNGDPAiQGLxl5dwhQA/xXcEBk0i00YiQGLxl5dwhQAEx3MVYvsi0FohcB1EYtFGIuJ+AITAgCJCDPAXcIUAFb/dRT/dRD/dQz/dQj/0IvwhfZ0DotNGDPAiQGLxl5dwhQA/xXcEBk0i00YiQGLxl5dwhQAEyDMVYvsi0F4hcB1EYtFHIuJCAMTAgCJCDPAXcIYAFb/dRj/dRT/dRD/dQz/dQj/0IvwhfZ0DotNHDPAiQGLxl5dwhgA/xXcEBk0i00ciQGLxl5dwhgAEx3MVYvsi0FshcB1EYtFFIuJ/AITAgCJCDPAXcIQAFb/dRD/dQz/dQj/0IvwhfZ0DotNFDPAiQGLxl5dwhAA/xXcEBk0i00UiQGLxl5dwhAAExPMVYvsi0F8hcB1EYtFGIuJDAMTAgCJCDPAXcIUAFb/dRT/dRD/dQz/dQj/0IvwhfZ0DotNGDPAiQGLxl5dwhQA/xXcEBk0i00YiQGLxl5dwhQAEyDMVYvsi0FwhcB1EYtFGIuJAAMTAgCJCDPAXcIUAFb/dRT/dRD/dQz/dQj/0IvwhfZ0DotNGDPAiQGLxl5dwhQA/xXcEBk0i00YiQGLxl5dwhQAEyDMVYvsi4GAEwMAhcB1EYtFHIuJEAMTAgCJCDPAXcIYAFb/dRj/dRT/dRD/dQz/dQj/0IvwhfZ0DotNHDPAiQGLxl5dwhgA/xXcEBk0i00ciQGLxl5dwhgAExrMVYvsi0F0hcB1EYtFFIuJBAMTAgCJCDPAXcIQAFb/dRD/dQz/dQj/0IvwhfZ0DotNFDPAiQGLxl5dwhAA/xXcEBk0i00UiQGLxl5dwhAAExPMVYvsi4GEEwMAhcB1EYtFGIuJFAMTAgCJCDPAXcIUAFb/dRT/dRD/dQz/dQj/0IvwhfZ0DotNGDPAiQGLxl5dwhQA/xXcEBk0i00YiQGLxl5dwhQAEx3MVYvsi4GwEwMAhcB1EotFEIuJQAMTAgCJCIPI/13CDABW/3UM/3UI/9CL8IP+/3QOi00QM8CJAYvGXl3CDAD/FdwQGTSLTRCJAYvGXl3CDAATIcxVi+yDuZgBEwMAi0UUdRGLiSgEEwIAiQi4AAELgF3CEAD/dRDHEwUA/3UMi4GYARMCAP91CP/QXcIQABMVzFWL7IuBkBMDAIXAdRGLRQyLiSADEwIAiQgzwF3CCABW/3UI/9CL8IX2dA6LTQwzwIkBi8ZeXcIIAP8V3BAZNItNDIkBi8ZeXcIIABMWzA==
----- END SNIP -----

Stack Trace
#  Address  Module                   Location
-- -------- ------------------------ ----------------------------------------
1  76DA49F1 KernelBase.dll           VirtualAlloc +0x41

2  33CCDBAA (anonymous; mymain.exe)
            8bf0                     MOV          ESI, EAX
            85f6                     TEST         ESI, ESI
            740e                     JZ           0x33ccdbbe
            8b4d18                   MOV          ECX, [EBP+0x18]
            33c0                     XOR          EAX, EAX
            8901                     MOV          [ECX], EAX
            8bc6                     MOV          EAX, ESI
            5e                       POP          ESI
            5d                       POP          EBP
            c21400                   RET          0x14

3  33CAD64B (anonymous; mymain.exe)
4  33CAD52A (anonymous; mymain.exe)
5  33CA96C7 (anonymous; mymain.exe)
6  33C9A92F (anonymous; mymain.exe)
7  33C99FD2 (anonymous; mymain.exe)
8  33C2F8F9 (anonymous; mymain.exe)
9  33C2F339 (anonymous; mymain.exe)
10 33C2C8A6 (anonymous; mymain.exe)

Loaded Modules (125)
-----------------------------------------------------------------------------
005C0000-04155000 mymain.exe (Netease),
                  version: 1.174.0.0
77970000-77B13000 ntdll.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
763A0000-76490000 KERNEL32.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
74AD0000-74BDF000 hmpalert.dll (SurfRight B.V.),
                  version: 3.8.14.907
76C80000-76E94000 KERNELBASE.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
6D600000-6D69F000 apphelp.dll (Microsoft Corporation),
                  version: 10.0.19041.928 (WinBuild.160101.0800)
6A160000-6A3E4000 AcLayers.DLL (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
776A0000-7775F000 msvcrt.dll (Microsoft Corporation),
                  version: 7.0.19041.546 (WinBuild.160101.0800)
760B0000-76246000 USER32.dll (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
76B90000-76BA8000 win32u.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
76B60000-76B83000 GDI32.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
771D0000-772AC000 gdi32full.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
76EC0000-76F3B000 msvcp_win.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
77840000-77960000 ucrtbase.dll (Microsoft Corporation),
                  version: 10.0.19041.789 (WinBuild.160101.0800)
75880000-75E33000 SHELL32.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
75FA0000-75FE5000 SHLWAPI.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
77760000-777F6000 OLEAUT32.dll (Microsoft Corporation),
                  version: 10.0.19041.985 (WinBuild.160101.0800)
76F40000-771C1000 combase.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
75FF0000-760AF000 RPCRT4.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
76720000-76B55000 SETUPAPI.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
77800000-7783B000 cfgmgr32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
76EA0000-76EB9000 bcrypt.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
757D0000-757E9000 MPR.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
04590000-04593000 sfc.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
6A0F0000-6A15D000 WINSPOOL.DRV (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
6B300000-6B30F000 sfc_os.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75F70000-75F95000 IMM32.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
6A060000-6A0ED000 comctl32.dll (Microsoft Corporation),
                  version: 5.82 (WinBuild.160101.0800)
76610000-7668A000 ADVAPI32.dll (Microsoft Corporation),
                  version: 10.0.19041.1052 (WinBuild.160101.0800)
75E40000-75EB5000 sechost.dll (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
69390000-693B8000 winmm.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
67210000-67412000 NtUniSdkBase.dll (TODO: <公司名>),
                  version: 1.0.0.0
775B0000-77693000 ole32.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
76C10000-76C73000 WS2_32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
774C0000-77517000 WLDAP32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75030000-75062000 IPHLPAPI.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
75100000-75108000 VERSION.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
67000000-67210000 COMCTL32.dll (Microsoft Corporation),
                  version: 6.10 (WinBuild.160101.0800)
680F0000-68259000 gdiplus.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
64C30000-651BE000 ngrtc.dll (),
                  version:
6D5F0000-6D5F9000 msdmo.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
6E7D0000-6E7DA000 Secur32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74FD0000-74FDA000 CRYPTBASE.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74CF0000-74D11000 SSPICLI.DLL (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
66E70000-66FF5000 fmodexL.dll (Firelight Technologies),
                  version: 4.44.54
6A000000-6A008000 WSOCK32.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
69F80000-69F99000 MSACM32.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
69F50000-69F6D000 winmmbase.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
67E20000-67E9B000 fmod_event_netL.dll (Firelight Technologies),
                  version: 4.44.54
66960000-66AEF000 d3d9.dll (Microsoft Corporation),
                  version: 10.0.19041.928 (WinBuild.160101.0800)
750E0000-750EF000 kernel.appcore.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
69800000-69826000 dwmapi.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
75190000-75799000 windows.storage.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
75160000-75184000 Wldp.dll (Microsoft Corporation),
                  version: 10.0.19041.662 (WinBuild.160101.0800)
66760000-6695F000 d3dx9_43.dll (Microsoft Corporation),
                  version: 9.29.952.3111
649E0000-64AE3000 OPENGL32.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
69790000-697CF000 GLU32.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
77300000-773AF000 COMDLG32.dll (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
76690000-76717000 shcore.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
75EC0000-75EC6000 PSAPI.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
773B0000-774B1000 CRYPT32.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
75F50000-75F69000 imagehlp.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
772B0000-772F7000 WINTRUST.dll (Microsoft Corporation),
                  version: 10.0.19041.1110 (WinBuild.160101.0800)
750F0000-750FE000 MSASN1.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
69E10000-69E84000 uxtheme.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
762C0000-76394000 MSCTF.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
76250000-762AF000 bcryptPrimitives.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
64250000-64309000 textinputframework.dll (Microsoft Corporation),
                  version: 10.0.19041.964 (WinBuild.160101.0800)
628A0000-62B1E000 CoreUIComponents.dll (Microsoft Corporation),
                  version: 10.0.19041.546
641B0000-6424B000 CoreMessaging.dll (Microsoft Corporation),
                  version: 10.0.19041.867
73EE0000-73F09000 ntmarta.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
59580000-5965B000 wintypes.dll (Microsoft Corporation),
                  version: 10.0.19041.1081 (WinBuild.160101.0800)
75010000-75023000 CRYPTSP.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74FE0000-7500F000 rsaenh.dll (Microsoft Corporation),
                  version: 10.0.19041.1052 (WinBuild.160101.0800)
74FB0000-74FCE000 gpapi.dll (Microsoft Corporation),
                  version: 10.0.19041.572 (WinBuild.160101.0800)
74F80000-74FA6000 cryptnet.dll (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
75140000-75158000 profapi.dll (Microsoft Corporation),
                  version: 10.0.19041.844 (WinBuild.160101.0800)
762B0000-762B7000 NSI.dll (Microsoft Corporation),
                  version: 10.0.19041.610 (WinBuild.160101.0800)
74E30000-74E44000 dhcpcsvc6.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74E10000-74E26000 dhcpcsvc.DLL (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74C50000-74CE2000 DNSAPI.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
64730000-64932000 NtUniSdkMpay.dll (TODO: <公司名>),
                  version: 2.8.0.0
62260000-62893000 mpay.dll (网易互动娱乐有限公司),
                  version: 2.8.0.67
6CE90000-6CE96000 MSIMG32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
74D30000-74D82000 mswsock.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
09DA0000-09DEA000 NtUniSDKResources.dll (TODO: <公司名>),
                  version: 1.0.0.0
74C40000-74C48000 rasadhlp.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
6D6A0000-6D6F8000 fwpuclnt.dll (Microsoft Corporation),
                  version: 10.0.19041.964 (WinBuild.160101.0800)
75ED0000-75F4E000 clbcatq.dll (Microsoft Corporation),
                  version: 2001.12.10941.16384 (WinBuild.160101.080
6D480000-6D542000 propsys.dll (Microsoft Corporation),
                  version: 7.0.19041.1023 (WinBuild.160101.0800)
64520000-64727000 D3DCompiler_43.dll (Microsoft Corporation),
                  version: 9.29.952.3111
643E0000-6451C000 igdumdim32.dll (Intel Corporation),
                  version: 30.0.100.9684
5E750000-6225C000 igd9dxva32.dll (Intel Corporation),
                  version: 30.0.100.9684
5E4E0000-5E745000 igdgmm32.dll (Intel Corporation),
                  version: 30.0.100.9684
69880000-6989E000 igdinfo32.dll (),
                  version:
5BDE0000-5E4E0000 igc32.dll (Intel Corporation),
                  version: 30.0.100.9684
68C20000-68C4C000 dxcore.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
68280000-682EB000 MMDevApi.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
6C510000-6C534000 DEVOBJ.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
64070000-641A6000 AUDIOSES.DLL (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
73E90000-73ED4000 powrprof.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
73E60000-73E6D000 UMPDC.dll (),
                  version:
69FF0000-69FFF000 resourcepolicyclient.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
5BDA0000-5BDDA000 wdmaud.drv (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
69780000-69787000 ksuser.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
69770000-69778000 AVRT.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
68C10000-68C1A000 msacm32.drv (Microsoft Corporation),
                  version: 10.0.19041.488 (WinBuild.160101.0800)
68C00000-68C08000 midimap.dll (Microsoft Corporation),
                  version: 10.0.19041.488 (WinBuild.160101.0800)
5B7E0000-5B874000 TextShaping.dll (Microsoft Corporation),
                  version: 11.00.19041.1052 (WinBuild.160101.0800)
5A1A0000-5B7DA000 node.dll (Miniblink Corp.),
                  version: 18, 10, 18, 1
5BD30000-5BDA0000 msvcp60.dll (Microsoft Corporation),
                  version: 7.0.19041.1 (WinBuild.160101.0800)
75110000-75135000 USERENV.dll (Microsoft Corporation),
                  version: 10.0.19041.572 (WinBuild.160101.0800)
5B8D0000-5BD2A000 Wininet.dll (Microsoft Corporation),
                  version: 11.00.19041.1052 (WinBuild.160101.0800)
685C0000-685D7000 Usp10.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
5B890000-5B8C1000 dataexchange.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
1C000000-1C1E0000 d3d11.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
1C1E0000-1C345000 dcomp.dll (Microsoft Corporation),
                  version: 10.0.19041.1023 (WinBuild.160101.0800)
59D80000-59E43000 dxgi.dll (Microsoft Corporation),
                  version: 10.0.19041.964 (WinBuild.160101.0800)
651C0000-6534F000 twinapi.appcore.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
59D10000-59D75000 mfwmaaec.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
59C00000-59D06000 mfperfhelper.dll (Microsoft Corporation),
                  version: 10.0.19041.1 (WinBuild.160101.0800)
67510000-67603000 Windows.UI.dll (Microsoft Corporation),
                  version: 10.0.19041.746 (WinBuild.160101.0800)
685E0000-68653000 WindowManagementAPI.dll (),
                  version:
67420000-6750D000 InputHost.dll (Microsoft Corporation),
                  version: 10.0.19041.906 (WinBuild.160101.0800)
74F70000-74F7F000 WTSAPI32.dll (Microsoft Corporation),
                  version: 10.0.19041.546 (WinBuild.160101.0800)
184F0000-1856C000 DBGHELP.DLL (Microsoft Corporation),
                  version: 5.1.2600.0 (XPClient.010817-1148)

Process Trace
1  C:\Program Files (x86)\梦幻西游手游\My\mymain.exe [16808] 2021-07-23T15:13:49
   "C:\Program Files (x86)\梦幻西游手游\My\mymain.exe" __MYLAUNCHER_MYMAIN_TAG__
2  C:\Program Files (x86)\梦幻西游手游\My\myLauncher.exe [14704] 2021-07-23T15:13:49 87ms
3  C:\Windows\explorer.exe [10892] 2021-07-23T14:59:21
4  C:\Windows\System32\userinit.exe [4664] 2021-07-23T14:59:21 23.1s
5  C:\Windows\System32\winlogon.exe [9680] 2021-07-23T10:56:54
   C:\Windows\System32\WinLogon.exe -SpecialSession
6  C:\Windows\System32\smss.exe [14176] 2021-07-23T10:56:54 92ms
   \SystemRoot\System32\smss.exe 000000e8 00000084 C:\Windows\System32\WinLogon.exe -SpecialSession
7  C:\Windows\System32\smss.exe [700] 2021-07-23T06:47:37
   \SystemRoot\System32\smss.exe

Dropped Files
1  C:\PROGRAM FILES (X86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\MY\LOG.TXT
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
        Read by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
2  C:\PROGRAM FILES (X86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\MY\DOCUMENTS\USERDEFAULT.XML
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
3  C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\mymaindump8.zip
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
        Read by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
4  C:\Users\q0637\AppData\Roaming\Netease\Mpay\aecfhbkzlaaaaaco-g-g18-32-mpay.db-journal
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
5  C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\Documents\last_server_info
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
6  C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\Documents\272952789\sticker\sticker_group_list
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
7  C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\mymaindump9.dmp
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
8  C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\mymaindump9.di
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
9  C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\mymaindump9.log
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
10 C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\mymainupload.idx
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
11 C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\mymaindump9.other
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
12 C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\log_old_0.txt.other
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
13 C:\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\CrashDump\log.txt.other
     Dropped by \Device\HarddiskVolume4\Program Files (x86)\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸\My\mymain.exe [16808]
1  C:\Users\q0637\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\466d339d8f21cfbf.automaticDestinations-ms
     Dropped by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
        Read by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
2  C:\Users\q0637\AppData\Roaming\Microsoft\Windows\Recent\Internet.lnk
     Dropped by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
3  C:\Users\q0637\AppData\Roaming\Microsoft\Windows\Recent\AutomaticDestinations\1c7a9be1b15a03ba.automaticDestinations-ms
     Dropped by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
        Read by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
4  C:\Users\q0637\AppData\Roaming\Microsoft\Windows\Recent\ms-screensketcheditisTemporary=true&source=screenclip&sharedAccessToken=C3962B8E-9F8B-460E-B6A3-E908FFF772B4&secondarySharedAccessToken=A234D484-8519-460B-B7DA-E47421A450B3&viewId=-460055.lnk
     Dropped by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
5  C:\Users\q0637\Desktop\æ¢|å1»è¥¿æ¸¸æ‰‹æ¸¸.lnk
     Dropped by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
        Read by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
                \Device\HarddiskVolume4\Windows\System32\smartscreen.exe [5716]
                \Device\HarddiskVolume4\Windows\System32\SearchProtocolHost.exe [8340]
6  C:\Users\q0637\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000065.db
     Dropped by \Device\HarddiskVolume4\Windows\explorer.exe [10892]
        Read by \Device\HarddiskVolume4\Windows\System32\svchost.exe [10644]
                \Device\HarddiskVolume4\Windows\SystemApps\Microsoft.Windows.StartMenuExperienceHost_cw5n1h2txyewy\StartMenuExperienceHost.exe [3776]

Thumbprints
8eb552fc28f955a40a54a9a923c8622e9ae8be39fb25c0251eddc9bfccaa6d60 (code)
62eeeb283c1cffbfeb0618b4d5eb98018379a1a11292dc1b9a0b4eef13c704a1 (ownermodule)
251fee0e19026aecf468f4394e0d049983bcdf6d647b55a47b28a914d1336cef (pfn)



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

761773275
发表于 2021-7-23 23:49:07 | 显示全部楼层
排除,然后继续游戏

评分

参与人数 1人气 +1 收起 理由
huorong + 1 感谢解答: )

查看全部评分

回复

举报

返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-11-23 11:54 , Processed in 0.136176 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表