可疑文件
| Name | Value |
| Size | 501248 |
| MD5 | baf0d50d5bad678ba1ce84afd8731b71 |
| SHA1 | c9fd5f4da7a8f8fc60c8d7c3deb3452051250f3b |
| SHA256 | d7e0bdb952fe943ee3d12d5fa2558bfe101b6a435f020e2df888ee2e09ed62f5 |
| Process | Active |
• Keys Created• Keys Changed• Keys Deleted• Values Created• Values Changed• Values Deleted• Directories Created• Directories Changed• Directories Deleted• Files Created
| Name | Size | Last Write Time | Creation Time | Last Access Time | Attr |
| C:\Documents and Settings\User\Local Settings\Temp\~DFBD61.tmp | 98304 | 2009.01.12 14:47:58.312 | 2009.01.12 14:47:58.218 | 2009.01.12 14:47:58.218 | 0x20 |
• Files Changed• Files Deleted• Directories Hidden• Files Hidden• Drivers Loaded• Drivers Unloaded• Processes Created• Processes Terminated• Threads Created
| PId | Process Name | TId | Start | Start Mem | Win32 Start | Win32 Start Mem |
| 0x4 | System | 0x36c | 0xf8dacb32 | MEM_FREE | 0x0 | MEM_FREE |
| 0x4 | System | 0x370 | 0xf8dacb32 | MEM_FREE | 0x0 | MEM_FREE |
| 0x344 | svchost.exe | 0x170 | 0x7c810856 | MEM_IMAGE | 0x7c910760 | MEM_IMAGE |
| 0x404 | svchost.exe | 0x374 | 0x7c810856 | MEM_IMAGE | 0x7509b647 | MEM_IMAGE |
• Modules Loaded
| PId | Process Name | Base | Size | Flags | Image Name |
| 0x404 | svchost.exe | 0x71c80000 | 0x7000 | 0x800c4006 | C:\WINDOWS\System32\NETRAP.dll |
| 0x404 | svchost.exe | 0x72080000 | 0x19000 | 0x800c4004 | C:\WINDOWS\System32\xactsrv.dll |
附件:
您所在的用户组无法下载或查看附件用户系统信息:Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; CNCDialer; .NET CLR 2.0.50727; MAXTHON 2.0)
