行为描述:inline hook 自身进程
附加信息:QQ空间高速刷日志浏览量助手(新版本).exe ntdll.dll!LdrAccessResource Ordinal: 49 HookType: InlineHook ntdll.dll!LdrFindResource_U Ordinal: 61 HookType: InlineHook USER32.dll!LoadStringA Ordinal: 457 HookType: InlineHook USER32.dll!LoadStringW Ordinal: 458 HookType: InlineHook ntdll.dll!LdrAccessResource Ordinal: 49 HookType: InlineHook ntdll.dll!LdrFindResource_U Ordinal: 61 HookType: InlineHook USER32.dll!LoadStringA Ordinal: 457 HookType: InlineHook USER32.dll!LoadStringW Ordinal: 458 HookType: InlineHook
行为描述:创建互斥体
附加信息:"shell._ie_sessioncount"
新增删除修改 注册表监控
HKEY_CURRENT_USER\\Software\Microsoft\Internet Explorer\Main
[Play_Background_Sounds] = [no]
HKEY_CURRENT_USER\\Software\Microsoft\Windows Script
HKEY_CURRENT_USER\\Software\Microsoft\Windows Script\Settings
[JITDebug] = [0x00000000]
网络监控
网络操作
[HTTP Request]GET http/xui.ptlogin2.qq.com/cgi-bin/xlogin?proxy_url=http%3A//qzs.qq.com/qzone/v6/portal/proxy.html&daid=5&pt_qzone_sig=1&hide_title_bar=1&low_login=0&qlogin_auto_login=1&no_verifyimg=1&link_target=blank&appid=549000912&style=22&target=self&s_url=http%3A%2F%2Fqzs.qq
[Open URL] http
链接:
