可扫描所有正在运行的进程。识别并转储各种潜在的恶意植入(替换/植入的 PE、shellcode、挂钩、内存中的补丁)。点击标题进入
exe和zip下载
运行完成后,所在目录有一个JSON结果:
{
"scan_date_time" : "02/05/22 10:31:01",
"scan_timestamp" : 1644028261,
"scan_time_ms" : 14062,
"scanned_count" : 137,
"suspicious_count" : 1,
"suspicious" : [
{
"pid" : 7432,
"is_managed" : 0,
"name" : "HipsTray.exe",
"replaced" : 0,
"hdr_modified" : 0,
"implanted_pe" : 4,
"implanted_shc" : 0,
"unreachable_file" : 0,
"other" : 0
}
]
}
|
pid是7432的进程是火绒安全软件的。被认为有植入危险