fsp miss 双击hmpa拦截
Mitigation CodeCave
Timestamp 2024-03-16T03:32:55
Platform 10.0.19045/x64 v979 06_4e%
PID 9696
WoW x86
Feature 00FD2E70000001A2
Application D:\ce5146211590c7a566d30aafa1629cd42cd6d46f1222b158a0325b7408683a46\未命名文件夹\steam.exe
Created 2024-03-16T03:32:00
Description Steam 1.0
Process Protection / Code Cave Mitigation: Cold heels
Process : 00400000
EP : 0054DBFD
EP section : 00401000 - 006E2643
SPC : 00571C31 - 0057323B
Process : 00400000
EP : 0054DBFD
Caller : 009B0474
CallType : 0EE
EP section : 00401000 - 006E2643
ProtectRange: 00572000 - 00574000
Loaded Modules (29)
-----------------------------------------------------------------------------
00400000-008B5000 steam.exe (Valve Corporation),
version: 08.63.11.84
77840000-779E4000 ntdll.dll (Microsoft Corporation),
version: 10.0.19041.3996 (WinBuild.160101.0800)
73240000-73384000 hmpalert.dll (Sophos B.V.),
version: 3.8.26.979
761A0000-76290000 KERNEL32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
758D0000-75B0A000 KERNELBASE.dll (Microsoft Corporation),
version: 10.0.19041.4170 (WinBuild.160101.0800)
76E50000-76FEC000 USER32.dll (Microsoft Corporation),
version: 10.0.19041.4170 (WinBuild.160101.0800)
756E0000-756F8000 win32u.dll (Microsoft Corporation),
version: 10.0.19041.4123 (WinBuild.160101.0800)
776E0000-77703000 GDI32.dll (Microsoft Corporation),
version: 10.0.19041.3996 (WinBuild.160101.0800)
76A10000-76AF5000 gdi32full.dll (Microsoft Corporation),
version: 10.0.19041.4123 (WinBuild.160101.0800)
76B80000-76BFB000 msvcp_win.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
775B0000-776D0000 ucrtbase.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
76B00000-76B7D000 ADVAPI32.dll (Microsoft Corporation),
version: 10.0.19041.4170 (WinBuild.160101.0800)
75E00000-75EBF000 msvcrt.dll (Microsoft Corporation),
version: 7.0.19041.3636 (WinBuild.160101.0800)
76DD0000-76E48000 sechost.dll (Microsoft Corporation),
version: 10.0.19041.4170 (WinBuild.160101.0800)
75B10000-75BCE000 RPCRT4.dll (Microsoft Corporation),
version: 10.0.19041.4123 (WinBuild.160101.0800)
756C0000-756D9000 bcrypt.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
763D0000-769A8000 SHELL32.dll (Microsoft Corporation),
version: 10.0.19041.4170 (WinBuild.160101.0800)
774C0000-775A3000 ole32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
75F20000-761A0000 combase.dll (Microsoft Corporation),
version: 10.0.19041.4123 (WinBuild.160101.0800)
75830000-758C6000 OLEAUT32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
776D0000-776D6000 PSAPI.DLL (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
76C00000-76CFF000 CRYPT32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
76D60000-76DC3000 WS2_32.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
71BC0000-71DD0000 COMCTL32.dll (Microsoft Corporation),
version: 6.10 (WinBuild.160101.0800)
72680000-72688000 VERSION.dll (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
73C30000-73C38000 WSOCK32.dll (Microsoft Corporation),
version: 10.0.19041.1 (WinBuild.160101.0800)
75040000-75092000 MSWSOCK.DLL (Microsoft Corporation),
version: 10.0.19041.3636 (WinBuild.160101.0800)
77490000-774B6000 IMM32.DLL (Microsoft Corporation),
version: 10.0.19041.3996 (WinBuild.160101.0800)
73BC0000-73C29000 fshook32.dll (WithSecure Corporation),
version: 6.4.39.70
SHA256:
ce5146211590c7a566d30aafa1629cd42cd6d46f1222b158a0325b7408683a46
Process Trace
1 D:\ce5146211590c7a566d30aafa1629cd42cd6d46f1222b158a0325b7408683a46\未命名文件夹\steam.exe [9696]
2 C:\Windows\explorer.exe [8824]
Dropped Files
1 C:\$RECYCLE.BIN\S-1-5-21-3986766133-3080875369-429236369-1001\$IU8848O.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [8824]
2 C:\$RECYCLE.BIN\S-1-5-21-3986766133-3080875369-429236369-1001\$I73WCST.txt
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [8824]
3 C:\Users\ak\AppData\Local\Microsoft\Windows\Caches\{3DA71D5A-20CC-432F-A115-DFE92379E91F}.3.ver0x0000000000000091.db
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [8824]
4 C:\Users\ak\AppData\Roaming\Microsoft\Windows\Recent\infected.lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [8824]
5 C:\Users\ak\AppData\Roaming\Microsoft\Windows\Recent\软件 (D) (2).lnk
Dropped by \Device\HarddiskVolume3\Windows\explorer.exe [8824]
Thumbprints
f00e9e72b95bb75988b543bb795914b10f84f39f5ca23d6bdbf540d35aec2dde
|