魔盾安全分析报告
| 分析类型 | 开始时间 | 结束时间 | 持续时间 | 分析引擎版本 |
|---|---|---|---|---|
| FILE | 2019-07-21 13:27:32 | 2019-07-21 13:30:06 | 154 秒 | 1.4-Maldun |
| 虚拟机机器名 | 标签 | 虚拟机管理 | 开机时间 | 关机时间 |
|---|---|---|---|---|
| win7-sp1-x64-hpdapp01-1 | win7-sp1-x64-hpdapp01-1 | KVM | 2019-07-21 13:27:46 | 2019-07-21 13:30:08 |
| 魔盾分数 |
|---|
2.4可疑的 |
文件详细信息
| 文件名 | tttd(2).exe |
|---|---|
| 文件大小 | 6711331 字节 |
| 文件类型 | PE32 executable (console) Intel 80386, for MS Windows |
| CRC32 | FD29549A |
| MD5 | 30c6f1ea28b51f289c85d212d0ff1bf0 |
| SHA1 | 11f02fbf4a3e16d9551290c305dc393633d83c4e |
| SHA256 | f9de88e09f6949002bf1ea78887058d22d09342a876d5ee10dd6305bab12e79f |
| SHA512 | 27e2a57c82b1d2c87b502debcacd77bcdc8334eea5b5387425b130ca00b1aed3017f33f032d07efddc42517d223410e0c3b26ad732bf472c44dddfda6e9d2c3e |
| Ssdeep | 196608:91SE4J5q9D4ImjXEMGBO7oL4Zn7IwimDinkbtaD:qJWWKOy4VLbikbO |
| PEiD | 无匹配 |
| Yara |
|
| VirusTotal | 无此文件扫描结果 |
特征
创建RWX内存
二进制文件可能包含加密或压缩数据
section: name: .rsrc, entropy: 7.30, characteristics: IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ, raw_size: 0x0000ec00, virtual_size: 0x0000ea38
从文件自身的二进制镜像中读取数据
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00000000, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0003fe3d, length: 0x0000c000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0004b72a, length: 0x00007000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0005172d, length: 0x0000a000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0005aa6a, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0005d430, length: 0x0000d000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00069622, length: 0x00018000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00080920, length: 0x00005000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0008496f, length: 0x00015000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00098e22, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0009c370, length: 0x00005000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000a086c, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000a3c1c, length: 0x00008000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000ab49c, length: 0x0000c000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000b6a2d, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000b95f6, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000bc10b, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000bec29, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000c1777, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000c471c, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000c7254, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000c9e09, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000cc946, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000cf536, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000d20f0, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000d4d20, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000d7bde, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000da7c6, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000dd364, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000dffaf, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000e2e03, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000e5a19, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000e851e, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000eb039, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000edba3, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000f093b, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000f3555, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000f61c4, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000f8d3b, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000fb84f, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x000fe911, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x001014e7, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00104330, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00106fa1, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00109be2, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0010d58f, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0011074a, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00113a97, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00116e8c, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00119d43, length: 0x00003000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0011c9ad, length: 0x000ba000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x001d5b44, length: 0x00027000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x001fc039, length: 0x00012000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0020def4, length: 0x0017b000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00388137, length: 0x0000b000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00392e79, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0039602e, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0039710c, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x003972ec, length: 0x00068000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x003ff1a9, length: 0x0005f000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0045da42, length: 0x0000a000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x00467a31, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0046d361, length: 0x00034000
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x0066591b, length: 0x00000f08
self_read: process: tttd_2_.exe, pid: 2648, offset: 0x006667c3, length: 0x00000060
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00000000, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003ba00, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003bb07, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003bf61, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003d07a, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003ed74, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003f4bc, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0003f8ed, length: 0x00001000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004a1247, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004a19aa, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004a2411, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004b99c8, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004b9b63, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004bebc2, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004bf066, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004bff46, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c039f, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c052a, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c1164, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c3499, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c39be, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c4bfb, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c62e6, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c6388, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c8356, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c8f5f, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004c9ce4, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004ca101, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004cccee, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004cef8a, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004d0eaf, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004d1a4d, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004d404c, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004d8310, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004da7af, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004db145, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004df4f2, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004df859, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004e0afe, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004e64c6, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004e6510, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004e6796, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004ea4ff, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004eaf47, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004ec949, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004ec9e6, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004ed7f1, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004eee83, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004f08f8, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004f0d2a, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004f1633, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004f2273, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x004fcfdd, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00505af6, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00505d76, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0050d147, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0050e7fd, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0050fed2, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005105c6, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00512676, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005129a5, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005131c1, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00515c50, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005199b7, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00519e16, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0051d741, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0051ee57, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0051fcfc, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00521109, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00524817, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0052645c, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005286e7, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0052a454, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0052b17c, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0052bc96, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0052c43b, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00531217, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00531e63, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0053b2ac, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00540c03, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005487a4, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00549a2a, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00549c5d, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0054acf6, length: 0x0000a000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00552e17, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00553e7d, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00555035, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005563df, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00556883, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0055c1ec, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0056060c, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005619e9, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005631f7, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00565f91, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005706d4, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00570d7b, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00572fa2, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00575de1, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00577daf, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0057999d, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0057b243, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0057b600, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0057c53d, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00581807, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005897d6, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0058db8a, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005957fa, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005bfd9f, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005c0cf0, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005c1921, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005c3cf9, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005c4cab, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005c7423, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005ca9a8, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005ce6f7, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005d2fb4, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005d6e24, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005d74f9, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005d83aa, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005d9317, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005e3e0d, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005e79a3, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005eaf9d, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005eb7a4, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005edc99, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005edd51, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005ef4b8, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005f02f1, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005f1636, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005f3fea, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005f6535, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005f7b52, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005fb299, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x005fe134, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x006026ad, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00604503, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060563e, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00609bdf, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060ae76, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060aff6, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060b182, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060b30e, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060c79a, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060eb47, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0060fe29, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x006131e8, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00614c39, length: 0x0000c000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x00621494, length: 0x00006000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0063115f, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x006311a5, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x006316bc, length: 0x00004000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x006347c2, length: 0x00008000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0063c25e, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0063c7d1, length: 0x00002000
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x0066591b, length: 0x00000f08
self_read: process: tttd_2_.exe, pid: 3040, offset: 0x006667c3, length: 0x00000060
魔盾安全Yara规则检测结果 - 高危
Informational: Detected Entropy signature
Informational: Detected Overlay signature
Informational: Detected Debug Data
Informational: Detected Rich Signature
Warning: Create a new process
Warning: Communications over RAW socket
Warning: Affect private profile
Critical: Detects malicious behaviors from a small size app
Informational: Detected no presence of any attachment
Critical: maldoc_find_kernel32_base_method_1
Informational: Detected no presence of any image
Informational: Detected no presence of any url
Informational: Look for CRC32 [poly]
Informational: Look for CRC32 table
运行截图
网络分析
静态分析
PE 信息
| 初始地址 | 0x00400000 |
|---|---|
| 入口地址 | 0x0040779a |
| 声明校验值 | 0x00000000 |
| 实际校验值 | 0x006669d9 |
| 最低操作系统版本要求 | 5.1 |
| 编译时间 | 2018-09-04 22:42:13 |
| 载入哈希 | 4df47bd79d7fe79953651a03293f0e8f |
PE数据组成
| 名称 | 虚拟地址 | 虚拟大小 | 原始数据大小 | 特征 | 熵(Entropy) |
|---|---|---|---|---|---|
| .text | 0x00001000 | 0x0001f224 | 0x0001f400 | IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ | 6.65 |
| .rdata | 0x00021000 | 0x0000b0ec | 0x0000b200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 6.10 |
| .data | 0x0002d000 | 0x0000e680 | 0x00000a00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE | 1.94 |
| .gfids | 0x0003c000 | 0x000000b8 | 0x00000200 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 1.89 |
| .rsrc | 0x0003d000 | 0x0000ea38 | 0x0000ec00 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ | 7.30 |
| .reloc | 0x0004c000 | 0x000017b8 | 0x00001800 | IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ | 6.65 |
覆盖
| 偏移量: | 0x0004d7b8 |
| 大小: | 0x0061906b |
导入
库 KERNEL32.dll:
• 0x421000 - GetLastError
• 0x421004 - SetDllDirectoryW
• 0x421008 - GetModuleFileNameW
• 0x42100c - GetProcAddress
• 0x421010 - GetCommandLineW
• 0x421014 - GetEnvironmentVariableW
• 0x421018 - SetEnvironmentVariableW
• 0x42101c - ExpandEnvironmentStringsW
• 0x421020 - GetTempPathW
• 0x421024 - WaitForSingleObject
• 0x421028 - Sleep
• 0x42102c - GetExitCodeProcess
• 0x421030 - CreateProcessW
• 0x421034 - GetStartupInfoW
• 0x421038 - LoadLibraryExW
• 0x42103c - GetShortPathNameW
• 0x421040 - FormatMessageW
• 0x421044 - LoadLibraryA
• 0x421048 - MultiByteToWideChar
• 0x42104c - WideCharToMultiByte
• 0x421050 - DecodePointer
• 0x421054 - UnhandledExceptionFilter
• 0x421058 - SetUnhandledExceptionFilter
• 0x42105c - GetCurrentProcess
• 0x421060 - TerminateProcess
• 0x421064 - IsProcessorFeaturePresent
• 0x421068 - QueryPerformanceCounter
• 0x42106c - GetCurrentProcessId
• 0x421070 - GetCurrentThreadId
• 0x421074 - GetSystemTimeAsFileTime
• 0x421078 - InitializeSListHead
• 0x42107c - IsDebuggerPresent
• 0x421080 - GetModuleHandleW
• 0x421084 - RtlUnwind
• 0x421088 - SetLastError
• 0x42108c - EnterCriticalSection
• 0x421090 - LeaveCriticalSection
• 0x421094 - DeleteCriticalSection
• 0x421098 - InitializeCriticalSectionAndSpinCount
• 0x42109c - TlsAlloc
• 0x4210a0 - TlsGetValue
• 0x4210a4 - TlsSetValue
• 0x4210a8 - TlsFree
• 0x4210ac - FreeLibrary
• 0x4210b0 - GetCommandLineA
• 0x4210b4 - ReadFile
• 0x4210b8 - CreateFileW
• 0x4210bc - GetDriveTypeW
• 0x4210c0 - GetFileType
• 0x4210c4 - CloseHandle
• 0x4210c8 - PeekNamedPipe
• 0x4210cc - SystemTimeToTzSpecificLocalTime
• 0x4210d0 - FileTimeToSystemTime
• 0x4210d4 - GetFullPathNameW
• 0x4210d8 - GetFullPathNameA
• 0x4210dc - CreateDirectoryW
• 0x4210e0 - RemoveDirectoryW
• 0x4210e4 - FindClose
• 0x4210e8 - FindFirstFileExW
• 0x4210ec - FindNextFileW
• 0x4210f0 - SetStdHandle
• 0x4210f4 - SetConsoleCtrlHandler
• 0x4210f8 - DeleteFileW
• 0x4210fc - GetStdHandle
• 0x421100 - WriteFile
• 0x421104 - ExitProcess
• 0x421108 - GetModuleHandleExW
• 0x42110c - GetACP
• 0x421110 - HeapFree
• 0x421114 - HeapAlloc
• 0x421118 - GetConsoleMode
• 0x42111c - ReadConsoleW
• 0x421120 - SetFilePointerEx
• 0x421124 - GetConsoleCP
• 0x421128 - CompareStringW
• 0x42112c - LCMapStringW
• 0x421130 - GetCurrentDirectoryW
• 0x421134 - FlushFileBuffers
• 0x421138 - SetEnvironmentVariableA
• 0x42113c - GetFileAttributesExW
• 0x421140 - IsValidCodePage
• 0x421144 - GetOEMCP
• 0x421148 - GetCPInfo
• 0x42114c - GetEnvironmentStringsW
• 0x421150 - FreeEnvironmentStringsW
• 0x421154 - GetStringTypeW
• 0x421158 - GetProcessHeap
• 0x42115c - WriteConsoleW
• 0x421160 - GetTimeZoneInformation
• 0x421164 - HeapSize
• 0x421168 - HeapReAlloc
• 0x42116c - SetEndOfFile
• 0x421170 - RaiseException
库 WS2_32.dll:
• 0x421178 - ntohl
投放文件
行为分析
互斥量(Mutexes)
无信息
执行的命令
- "C:\Users\test\AppData\Local\Temp\tttd_2_.exe"
创建的服务
无信息
启动的服务
无信息
进程
tttd_2_.exe PID: 2648, 上一级进程 PID: 2296
tttd_2_.exe PID: 3040, 上一级进程 PID: 2648
访问的文件
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\system\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\api-ms-win-core-fibers-l1-1-1.DLL
- C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\wbem\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Program Files (x86)\WinRAR\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Users\test\AppData\Local\Temp\tttd_2_.exe
- C:\Users\test\AppData\Local\Temp
- C:\Users\test\AppData\Local\Temp\_MEI26482
- C:\Users\test\AppData\Local\Temp\_MEI26482\VCRUNTIME140.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\_asyncio.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_bz2.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_contextvars.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_ctypes.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_decimal.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_hashlib.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_lzma.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_multiprocessing.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_overlapped.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_queue.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_socket.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_ssl.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-console-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-datetime-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-debug-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-errorhandling-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l2-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-handle-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-heap-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-interlocked-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-libraryloader-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-localization-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-memory-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-namedpipe-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-processenvironment-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-processthreads-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-processthreads-l1-1-1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-profile-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-rtlsupport-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-string-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-synch-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-synch-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-sysinfo-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-timezone-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-util-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-convert-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-environment-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-filesystem-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-heap-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-locale-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-math-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-runtime-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-stdio-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-string-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-time-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-utility-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\libcrypto-1_1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\libssl-1_1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\pyexpat.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\python37.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\pywintypes37.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\select.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\tornado
- C:\Users\test\AppData\Local\Temp\_MEI26482\tornado\speedups.cp37-win32.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\tttd.exe.manifest
- C:\Users\test\AppData\Local\Temp\_MEI26482\ucrtbase.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\unicodedata.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\win32api.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\win32evtlog.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\base_library.zip
- C:\Users\test\AppData\Local\Temp\_MEI26482\VERSION.dll
- C:\Windows\System32\version.dll
- C:\Users\test\AppData\Local\Temp\ucrtbase.DLL
- C:\Windows\System32\ucrtbase.dll
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-timezone-l1-1-0.dll
- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-file-l2-1-0.dll
- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-localization-l1-2-0.dll
- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-processthreads-l1-1-1.dll
- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-file-l1-2-0.dll
- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-process-l1-1-0.dll
- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-conio-l1-1-0.dll
- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-path-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-path-l1-1-0.dll
- C:\Windows\System32\api-ms-win-core-path-l1-1-0.dll
- C:\Windows\system\api-ms-win-core-path-l1-1-0.dll
- C:\Windows\api-ms-win-core-path-l1-1-0.dll
- C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-path-l1-1-0.dll
- C:\Windows\System32\wbem\api-ms-win-core-path-l1-1-0.dll
- C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-path-l1-1-0.dll
- C:\Program Files (x86)\WinRAR\api-ms-win-core-path-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\python37._pth
- C:\Users\test\AppData\Local\Temp\tttd_2_._pth
- C:\Users\test\AppData\Local\Temp\pyvenv.cfg
- C:\Users\test\AppData\Local\pyvenv.cfg
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-file-l2-1-1.DLL
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l2-1-1.DLL
- C:\Windows\System32\api-ms-win-core-file-l2-1-1.DLL
- C:\Windows\system\api-ms-win-core-file-l2-1-1.DLL
- C:\Windows\api-ms-win-core-file-l2-1-1.DLL
- C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-file-l2-1-1.DLL
- C:\Windows\System32\wbem\api-ms-win-core-file-l2-1-1.DLL
- C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-file-l2-1-1.DLL
- C:\Program Files (x86)\WinRAR\api-ms-win-core-file-l2-1-1.DLL
- C:\Windows\System32\tzres.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\base_library.zip\encodings
- C:\Users\test\AppData\Local\Temp\_MEI26482\*.*
- C:\Users\test\AppData\Local\Temp\tttd_2_.exe?4854343
- C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
- C:\python3.dll
- C:\DLLs\python3.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\eggs
- C:\Users\test\AppData\Local\Temp\_MEI26482\base_library.zip\collections
- C:\Users\test\AppData\Local\Temp\_MEI26482\tornado\*.*
- C:\Users\test\AppData\Local\Temp\_MEI26482\kernel32
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Windows\System32\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Windows\system\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Windows\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\ProgramData\Oracle\Java\javapath\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Windows\System32\wbem\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Windows\System32\WindowsPowerShell\v1.0\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Program Files (x86)\WinRAR\api-ms-win-core-sysinfo-l1-2-1.DLL
- C:\Program Files (x86)\Common Files\SSL\cert.pem
读取的文件
- C:\Users\test\AppData\Local\Temp\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Windows\System32\api-ms-win-core-fibers-l1-1-1.DLL
- C:\Users\test\AppData\Local\Temp\tttd_2_.exe
- C:\Users\test\AppData\Local\Temp\_MEI26482\tttd.exe.manifest
- C:\Users\test\AppData\Local\Temp\_MEI26482\python37.dll
- C:\Windows\System32\version.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\VCRUNTIME140.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-runtime-l1-1-0.dll
- C:\Windows\System32\ucrtbase.dll
- C:\Windows\System32\api-ms-win-core-timezone-l1-1-0.dll
- C:\Windows\System32\api-ms-win-core-file-l2-1-0.dll
- C:\Windows\System32\api-ms-win-core-localization-l1-2-0.dll
- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-1.dll
- C:\Windows\System32\api-ms-win-core-file-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-string-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-heap-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-stdio-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-convert-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-math-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-locale-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-time-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-environment-l1-1-0.dll
- C:\Windows\System32\api-ms-win-crt-process-l1-1-0.dll
- C:\Windows\System32\api-ms-win-crt-conio-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-filesystem-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\pyvenv.cfg
- C:\Users\test\AppData\Local\pyvenv.cfg
- C:\Windows\System32\tzres.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\base_library.zip
- C:\Users\test\AppData\Local\Temp\_MEI26482
- C:\Windows\SysWOW64\zh-CN\KERNELBASE.dll.mui
- C:\Users\test\AppData\Local\Temp\_MEI26482\_ctypes.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_socket.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\select.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_hashlib.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\libcrypto-1_1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-utility-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\_ssl.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\libssl-1_1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\_bz2.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_lzma.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_contextvars.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_asyncio.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_overlapped.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_queue.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\tornado\speedups.cp37-win32.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\unicodedata.pyd
- C:\Program Files (x86)\Common Files\SSL\cert.pem
修改的文件
- C:\Users\test\AppData\Local\Temp\_MEI26482\VCRUNTIME140.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\_asyncio.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_bz2.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_contextvars.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_ctypes.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_decimal.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_hashlib.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_lzma.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_multiprocessing.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_overlapped.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_queue.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_socket.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\_ssl.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-console-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-datetime-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-debug-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-errorhandling-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-file-l2-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-handle-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-heap-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-interlocked-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-libraryloader-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-localization-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-memory-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-namedpipe-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-processenvironment-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-processthreads-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-processthreads-l1-1-1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-profile-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-rtlsupport-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-string-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-synch-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-synch-l1-2-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-sysinfo-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-timezone-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-core-util-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-convert-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-environment-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-filesystem-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-heap-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-locale-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-math-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-runtime-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-stdio-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-string-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-time-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\api-ms-win-crt-utility-l1-1-0.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\libcrypto-1_1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\libssl-1_1.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\pyexpat.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\python37.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\pywintypes37.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\select.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\tornado\speedups.cp37-win32.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\tttd.exe.manifest
- C:\Users\test\AppData\Local\Temp\_MEI26482\ucrtbase.dll
- C:\Users\test\AppData\Local\Temp\_MEI26482\unicodedata.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\win32api.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\win32evtlog.pyd
- C:\Users\test\AppData\Local\Temp\_MEI26482\base_library.zip
删除的文件
无信息
注册表键
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\SideBySide
- HKEY_LOCAL_MACHINE\Software\Python\PythonCore\3.7-32\PythonPath
- HKEY_CURRENT_USER\Software\Python\PythonCore\3.7-32\PythonPath
- HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\Windows Error Reporting\WMR
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\OLEAUT
- HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\crypt32
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
- HKEY_LOCAL_MACHINE\Software\Microsoft\Cryptography\OID
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\CustomLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\ExtendedLocale
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\#16
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 0\CertDllOpenStoreProv\Ldap
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Cryptography\OID\EncodingType 1\CertDllOpenStoreProv
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\CA
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\CA\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\ROOT\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\ROOT
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\Root\ProtectedRoots
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\AuthRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\CTLs
- HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\SystemCertificates\ROOT
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\ROOT\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\ROOT\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\SystemCertificates\ROOT\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\ROOT\PhysicalStores
- HKEY_LOCAL_MACHINE\Software\Microsoft\EnterpriseCertificates\ROOT
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\EnterpriseCertificates\ROOT\CTLs
- HKEY_LOCAL_MACHINE\Software\Microsoft\SystemCertificates\SmartCardRoot
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\Certificates
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CRLs
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\SmartCardRoot\CTLs
读取的注册表键
- HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\Windows Error Reporting\WMR\Disable
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DebugHeapFlags
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagLevel
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\crypt32\DiagMatchAnyMask
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\CustomLocale\en-US
- HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Nls\ExtendedLocale\en-US
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\109F1CAED645BB78B3EA2B94C0697C740733031C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\475BA6DA2AFD5AE3ADAE78A261CA0E3E548B9532\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\D559A586669B08F46A30A133F8A9ED3D038E2EA8\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\Certificates\FEE449EE0E3965A5246F000E87FDE2A065FD89D4\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\CA\CRLs\A377D1B1C0538833035211F4083D00FECC414DAB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\18F7C1FCC3090203FD5BAA2F861A754976C8DD25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\245C97DF7514E7CF2DF8BE72AE957B9E04741E85\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\7F88CD7223F3C813818C994614A89C99FA3B5247\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\8F43288AD272F3103B6FB1428485EA3014C0BCFE\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A43489159A520F0D93D032CCAF37E7FE20A8B419\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\A7217F919843199C958C128449DD52D2723B0A8A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\BE36A4562FB2EE05DBB3D32323ADF445084ED656\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CDD4EEAE6000AC7F40C3802C171E30148030C072\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\D85213E038F309D02A40917B59E142368AE6B1C0\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DBB84423C928ABE889D0E368FC3191D151DDB1AB\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\02FAF3E291435468607857694DF5E45B68851868\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\3E2BF7F2031B96F38CE6C4D8A85D3E2D58476A0F\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\6252DC40F71143A22FDE9EF7348E064251B18118\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\742C3192E607E424EB4549542BE1BBC53E6174E2\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\97817950D81C9670CC34D809CF794431367EF474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D23209AD23D314232174E40D7F9D62139786633A\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DE28F4A4FFE5B92FA3C503D1A349A7F9962A8212\Blob
- HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob
修改的注册表键
无信息
删除的注册表键
无信息
API解析
- kernel32.dll.FlsAlloc
- kernel32.dll.FlsSetValue
- kernel32.dll.FlsGetValue
- api-ms-win-core-localization-l1-2-1.dll.LCMapStringEx
- kernel32.dll.CreateActCtxW
- kernel32.dll.ActivateActCtx
- kernel32.dll.InitializeCriticalSectionEx
- python37.dll.Py_DontWriteBytecodeFlag
- python37.dll.Py_FileSystemDefaultEncoding
- python37.dll.Py_FrozenFlag
- python37.dll.Py_IgnoreEnvironmentFlag
- python37.dll.Py_NoSiteFlag
- python37.dll.Py_NoUserSiteDirectory
- python37.dll.Py_OptimizeFlag
- python37.dll.Py_VerboseFlag
- python37.dll.Py_BuildValue
- python37.dll.Py_DecRef
- python37.dll.Py_Finalize
- python37.dll.Py_IncRef
- python37.dll.Py_Initialize
- python37.dll.Py_SetPath
- python37.dll.Py_GetPath
- python37.dll.Py_SetProgramName
- python37.dll.Py_SetPythonHome
- python37.dll.PyDict_GetItemString
- python37.dll.PyErr_Clear
- python37.dll.PyErr_Occurred
- python37.dll.PyErr_Print
- python37.dll.PyImport_AddModule
- python37.dll.PyImport_ExecCodeModule
- python37.dll.PyImport_ImportModule
- python37.dll.PyList_Append
- python37.dll.PyList_New
- python37.dll.PyLong_AsLong
- python37.dll.PyModule_GetDict
- python37.dll.PyObject_CallFunction
- python37.dll.PyObject_SetAttrString
- python37.dll.PyRun_SimpleString
- python37.dll.PySys_AddWarnOption
- python37.dll.PySys_SetArgvEx
- python37.dll.PySys_GetObject
- python37.dll.PySys_SetObject
- python37.dll.PySys_SetPath
- python37.dll.PyEval_EvalCode
- python37.dll.PyMarshal_ReadObjectFromString
- python37.dll.PyUnicode_FromString
- python37.dll.Py_DecodeLocale
- python37.dll.PyUnicode_FromFormat
- python37.dll.PyUnicode_Decode
- python37.dll.PyUnicode_DecodeFSDefault
- cryptsp.dll.CryptAcquireContextA
- cryptsp.dll.CryptGenRandom
- kernel32.dll.GetFileInformationByHandleEx
- _ctypes.pyd.PyInit__ctypes
- kernel32.dll.GetLastError
- _socket.pyd.PyInit__socket
- select.pyd.PyInit_select
- _hashlib.pyd.PyInit__hashlib
- _ssl.pyd.PyInit__ssl
- _bz2.pyd.PyInit__bz2
- _lzma.pyd.PyInit__lzma
- _contextvars.pyd.PyInit__contextvars
- _asyncio.pyd.PyInit__asyncio
- _overlapped.pyd.PyInit__overlapped
- kernel32.dll.CancelIoEx
- _queue.pyd.PyInit__queue
- speedups.cp37-win32.pyd.PyInit_speedups
- unicodedata.pyd.PyInit_unicodedata
- kernel32.dll.SetHandleInformation
- cryptsp.dll.CryptAcquireContextW
- cryptsp.dll.CryptReleaseContext
- kernel32.dll.AreFileApisANSI