关键行为
行为描述: 关机或重启
详情信息:
N/A
行为描述: 获取窗口截图信息
详情信息:
Foreground window Info: HWND = 0x00000000, DC = 0x4a01069f.
其他行为
行为描述: 创建互斥体
详情信息:
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.EMJ
行为描述: 创建事件对象
详情信息:
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.EMJ.IC
EventName = MSCTF.SendReceiveConection.Event.EMJ.IC
行为描述: 查找指定窗口
详情信息:
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 打开事件
详情信息:
HookSwitchHookEnabledEvent
CTF.ThreadMIConnectionEvent.000007B4.00000000.00000053
CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000053
MSCTF.SendReceiveConection.Event.ELH.IC
MSCTF.SendReceive.Event.ELH.IC
行为描述: 调整进程token权限
详情信息:
SE_SHUTDOWN_PRIVILEGE
行为描述: 窗口信息
详情信息:
Pid = 2496, Hwnd=0xa03b0, Text = 是(&Y), ClassName = Button.
Pid = 2496, Hwnd=0x303dc, Text = 否(&N), ClassName = Button.
Pid = 2496, Hwnd=0x16032e, Text = 你是不是猪?, ClassName = Static.
Pid = 2496, Hwnd=0x140306, Text = 信息:, ClassName = #32770.
Pid = 2496, Hwnd=0x17032e, Text = 确定, ClassName = Button.
Pid = 2496, Hwnd=0x2202bc, Text = 你就是猪~, ClassName = Static.
Pid = 2496, Hwnd=0x150306, Text = 信息:, ClassName = #32770.
行为描述: 获取窗口截图信息
详情信息:
Foreground window Info: HWND = 0x00000000, DC = 0x4a01069f.
行为描述: 关机或重启
详情信息:
N/A
行为描述: 打开互斥体
详情信息:
ShimCacheMutex
