00459F51 8B83 FC020000 mov eax,dword ptr ds:[ebx+2FC]
00459F57 8B80 20020000 mov eax,dword ptr ds:[eax+220]
00459F5D 8B08 mov ecx,dword ptr ds:[eax]
00459F5F FF51 38 call dword ptr ds:[ecx+38]
; 隐藏的进程ID:1804
00459F62 8D45 DC lea eax,dword ptr ss:[ebp-24]
00459F65 8B0D B8DC4500 mov ecx,dword ptr ds:[45DCB8]
00459F6B BA CCA24500 mov edx,超强灰鸽.0045A2CC
00459F70 E8 6BA2FAFF call 超强灰鸽.004041E0
00459F75 8B55 DC mov edx,dword ptr ss:[ebp-24]
00459F78 8B83 FC020000 mov eax,dword ptr ds:[ebx+2FC]
00459F7E 8B80 20020000 mov eax,dword ptr ds:[eax+220]
00459F84 8B08 mov ecx,dword ptr ds:[eax]
00459F86 FF51 38 call dword ptr ds:[ecx+38]
; 安装文件名: LWVVK�L_
00459F89 8D45 D8 lea eax,dword ptr ss:[ebp-28]
00459F8C 8B0D BCDC4500 mov ecx,dword ptr ds:[45DCBC]
00459F92 BA E4A24500 mov edx,超强灰鸽.0045A2E4
00459F97 E8 44A2FAFF call 超强灰鸽.004041E0
00459F9C 8B55 D8 mov edx,dword ptr ss:[ebp-28]
00459F9F 8B83 FC020000 mov eax,dword ptr ds:[ebx+2FC]
00459FA5 8B80 20020000 mov eax,dword ptr ds:[eax+220]
00459FAB 8B08 mov ecx,dword ptr ds:[eax]
00459FAD FF51 38 call dword ptr ds:[ecx+38]
; 主DLL文件名: 3WVVK�+3
00459FB0 8D45 D4 lea eax,dword ptr ss:[ebp-2C]
00459FB3 E8 94FDFFFF call 超强灰鸽.00459D4C
; GetWindowsDirectoryA()
00459FB8 FF75 D4 push dword ptr ss:[ebp-2C]
|
