举报热门网游总版主发控
[*]基本信息
[*]关键行为
[*]进程行为
[*]文件行为
[*]网络行为
[*]注册表行为
[*]
其他行为
举报个远控狗,传了下哈勃,有后,这逼拿版主职位恶意发远控小马,下载过他的辅助的朋友速度断网杀毒【不免杀】
此人空间:https://www.2fzb.com/?11691
我就随便看了看他帖子就有问题。随便找的一个帖子
https://www.2fzb.com/thread-25554-1-1.html
@JiuRu 考虑一下封号吧,感觉发的东西全是控
文件名称:审判者破.vmp.rar
MD5:3c1f5b7e3332a2fe0c7c2c9ebbf7336c
文件类型:Rar5
上传时间:2020-07-28 22:14:39
出品公司:N/A
版本:N/A
壳或编译器信息:N/A
子文件信息:详情
关键行为
行为描述:修改原系统的EXE文件
详情信息:C:\Documents and Settings\Administrator\Application Data\SogouExplorer\Extension\com.sogou.snapTaker\0.4.2\npprintscreen.dll
行为描述:直接调用系统关键API
详情信息:Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00EF0297Index = 0x0000009A, Name: NtQueryInformationProcess, Instruction Address = 0x00462E90
行为描述:设置特殊文件夹属性
详情信息:C:\DiskX\RECYCLERC:\Documents and Settings\Administrator\Local Settings\Temporary Internet FilesC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5C:\Documents and Settings\Administrator\Local Settings\HistoryC:\Documents and Settings\Administrator\Local Settings\History\History.IE5C:\Documents and Settings\Administrator\CookiesC:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds CacheC:\Documents and Settings\Administrator\IECompatCache
行为描述:直接获取CPU时钟
详情信息:EAX = 0xe538b524, EDX = 0x000000b8EAX = 0xe538b570, EDX = 0x000000b8EAX = 0xe538b5bc, EDX = 0x000000b8EAX = 0xe538b608, EDX = 0x000000b8EAX = 0xe538b654, EDX = 0x000000b8EAX = 0xf26152aa, EDX = 0x000000b8EAX = 0x834b3757, EDX = 0x000000b9EAX = 0x834b37a3, EDX = 0x000000b9EAX = 0x834b37ef, EDX = 0x000000b9EAX = 0x834b383b, EDX = 0x000000b9EAX = 0xe297996c, EDX = 0x000000bbEAX = 0xe29799b8, EDX = 0x000000bbEAX = 0xe2979a04, EDX = 0x000000bbEAX = 0xe2979a50, EDX = 0x000000bbEAX = 0xe2979a9c, EDX = 0x000000bb
行为描述:修改注册表_启动项
详情信息:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit
支持,我刚传了下哈勃,有远控{:5_175:} 啥也不说了,感谢楼主分享哇! 正需要,支持楼主大人了! 回的人少,我来小顶一下 啥也不说了,感谢楼主分享哇! 早就发现了 每次都被我火绒秒杀掉 不过为了玩辅助无所谓了 人家是管理咱也不敢说咱也不敢问 对啊,小清的东西都他妈的有远控,当时控制我电脑,他妈的直接吓死我{:5_157:} 么有分,谁能送我点积分啊::>_<:: 啥也不说了,感谢楼主分享哇! 人善被人欺,有事不要虚 我只是路过打酱油的 珍惜生命,果断回帖。
页:
[1]
2