华为mate9华为钱包怎么捆绑公交卡
点击联系发帖人
时间:2017-10-17 08:48
1, You can UPLOAD any files, but there is 20Mb limit per file. 2,
VirSCAN supports Rar/Zip decompression, but it must be less than 20 files. 3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Portuguese Brazil
Русский
укра?нська
Nederlands
Espa?ol (Latin America)
Server load
File information
File Name :
(File not down)
File Size :629970 byte
File Type :application/jar
文件行为分析
Scanner results
Scanner results:<font color="#%Scanner(s) (0/32)found malware!
Time: <font color="#15-06-16 23:23:40 (CST)
Engine Ver
Scan result
AVL SDK 3.0
Found nothing
9.0.0.4324
9.0.0.4324
Found nothing
Found nothing
Found nothing
4.1.3.52192
Found nothing
Found nothing
bitdefender
Found nothing
Found nothing
5.0.2.3300
Found nothing
23.345, 23.345
Found nothing
6.5.1.5418
Found nothing
Found nothing
Found nothing
V1.32.31.0
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
9.500-1005
Found nothing
Found nothing
Found nothing
Found nothing
25.46.06.04
25.46.06.04
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
17.47.17308
1.0.2.2108
Found nothing
Found nothing
virusbuster
15.0.985.0
Found nothing
■Heuristic/Suspicious ■Exact
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
Copy to clipboard
许可名称信息
android.permission.VIBRATE允许设备震动
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS访问额外的定位指令
android.permission.INTERNET连接网络(2G或3G)
android.permission.RECORD_AUDIO录音(使用AudioRecord)
android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
安全评分 :
包名:anzhi.games
最低运行环境:Android 2.3, 2.3.1, 2.3.2
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21----500
DfSharedHeap69933
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF993E.tmp
MSCTF.MarshalInterface.FileMap.EMK..CHAIF
MSCTF.MarshalInterface.FileMap.EMK.B.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.C.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.D.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.E.CIAIF
MSCTF.MarshalInterface.FileMap.EMK.F.BJAIF
MSCTF.MarshalInterface.FileMap.EMK.G.BJAIF
MSCTF.Shared.SFM.EMK
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [激活 Windows All VL,Button]
[Window,Class] = [激活 Office 2010 VL,Button]
[Window,Class] = [激活 Office 2013 VL,Button]
[Window,Class] = [一键激活(ALL)并自动续期,Button]
[Window,Class] = [查看 Windows 激活状态,Button]
[Window,Class] = [查看 Office 激活状态,Button]
[Window,Class] = [安装/卸载 自动续期服务,Button]
[Window,Class] = [暂停/重启 自动续期服务,Button]
[Window,Class] = [安装 Windows GVLK 密钥,Button]
[Window,Class] = [安装 Office
GVLK 密钥,Button]
[Window,Class] = [重置 Windows 激活状态,Button]
[Window,Class] = [重置 Office 激活状态,Button]
[Window,Class] = [KMS激活流程,Button]
[Window,Class] = [请输入服务器IP地址:,Static]
行为描述:隐藏窗口创建进程
详情信息:ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\7z.exe x c:\docume~1\admini~1\locals~1\temp\kmsmini.7z -y -oc:\docume~1\admini~1\locals~1\temp\heu_kms_mini_77\
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE x C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KMSmini.7z -y -oC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms.exe
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21----500
DfSharedHeap69933
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF993E.tmp
MSCTF.MarshalInterface.FileMap.EMK..CHAIF
MSCTF.MarshalInterface.FileMap.EMK.B.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.C.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.D.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.E.CIAIF
MSCTF.MarshalInterface.FileMap.EMK.F.BJAIF
MSCTF.MarshalInterface.FileMap.EMK.G.BJAIF
MSCTF.Shared.SFM.EMK
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\HEU_KMS_Service.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\KMSClient.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\KMSServer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms_x64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x64\SppExtComObj.Exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x86\SppExtComObj.Exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\srvany.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x64\SppExtComObjHook.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x86\SppExtComObjHook.dll
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut4.tmp---& Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KMSmini.7z---& Offset = 262144
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut5.tmp---& Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\left.jpg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\theme.jpg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\ICO_211.ico---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\ICO_221.ico---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\InstallXRMMS.cmd---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2013\visiopro\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2013\projectpro\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2013\proplus\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\proplus\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\projectpro\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\visio\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\standard\office.reg---& Offset = 0
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-1-5-21----500
<part.MutexDefaultS-1-5-21----500
CTF.Asm.MutexDefaultS-1-5-21----500
CTF.Layouts.MutexDefaultS-1-5-21----500
CTF.TMD.MutexDefaultS-1-5-21----500
CTF.TimListCache.FMPDefaultS-1-5-21----500MUTEX.DefaultS-1-5-21----500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EMK
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [激活 Windows All VL,Button]
[Window,Class] = [激活 Office 2010 VL,Button]
[Window,Class] = [激活 Office 2013 VL,Button]
[Window,Class] = [一键激活(ALL)并自动续期,Button]
[Window,Class] = [查看 Windows 激活状态,Button]
[Window,Class] = [查看 Office 激活状态,Button]
[Window,Class] = [安装/卸载 自动续期服务,Button]
[Window,Class] = [暂停/重启 自动续期服务,Button]
[Window,Class] = [安装 Windows GVLK 密钥,Button]
[Window,Class] = [安装 Office
GVLK 密钥,Button]
[Window,Class] = [重置 Windows 激活状态,Button]
[Window,Class] = [重置 Office 激活状态,Button]
[Window,Class] = [KMS激活流程,Button]
[Window,Class] = [请输入服务器IP地址:,Static]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 2752, Hwnd=0x10366, Text = 关于, ClassName = Static.
Pid = 2752, Hwnd=0x10368, Text =
v7.7, ClassName = Static.
Pid = 2752, Hwnd=0x10370, Text = 激活 Windows All VL, ClassName = Button.
Pid = 2752, Hwnd=0x10374, Text = 激活 Office 2010 VL, ClassName = Button.
Pid = 2752, Hwnd=0x10378, Text = 激活 Office 2013 VL, ClassName = Button.
Pid = 2752, Hwnd=0x1037c, Text = 一键激活(ALL)并自动续期, ClassName = Button.
Pid = 2752, Hwnd=0x10380, Text = 查看 Windows 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x10384, Text = 查看 Office 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x10388, Text = 安装/卸载 自动续期服务, ClassName = Button.
Pid = 2752, Hwnd=0x1038c, Text = 暂停/重启 自动续期服务, ClassName = Button.
Pid = 2752, Hwnd=0x10390, Text = 安装 Windows GVLK 密钥, ClassName = Button.
Pid = 2752, Hwnd=0x10394, Text = 安装 Office
GVLK 密钥, ClassName = Button.
Pid = 2752, Hwnd=0x10398, Text = 重置 Windows 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x1039c, Text = 重置 Office 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x103a0, Text = KMS激活流程, ClassName = Button(GroupBox).
行为描述:打开图片文件
详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\left.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\theme.jpg
动态列表行为
行为描述:初始化URL
详情信息:[u'/update.xml']
行为描述:读取文件
详情信息:path:/proc/meminfo length:535
行为描述:解析通用资源标识符
详情信息:content://downloads/my_downloads
content://downloads/all_downloads
content://downloads/public_downloads
webkit/android-weberror.png
行为描述:注册广播接收器
详情信息:[u'android.webkit.WebViewClassic$PackageListener@', u'android.content.IntentFilter@']
[u'android.webkit.WebViewClassic$ProxyReceiver@', u'android.content.IntentFilter@414dc210']
[u'android.webkit.WebViewClassic$TrustStorageListener@4153ec80', u'android.content.IntentFilter@414ed478']
[u'org.apache.cordova.CordovaWebView$1@414e4a88', u'android.content.IntentFilter@414e4560']
行为描述:对指定数据计算哈希
详情信息:c5d509c6bdbbf911
352bcfebcce64dccb9a5abcb2
行为描述:访问URL
详情信息:/update.xml
行为描述:初始化IntentFilter
详情信息:[u'android.intent.action.PACKAGE_ADDED']
行为描述:添加悬浮窗口
详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414fbb80', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810900 pfl=0x8 wanim=0x103028f}', u'patibilityInfoHolder@414b41a0']
行为描述:调用哈希算法
详情信息:MD5
行为描述:写入文件
详情信息:path:/data/anzhi.games/shared_prefs/mobclick_agent_anzhi.games.xml length:220
行为描述:数据库查询
详情信息:[u'formurl', u'null', u'null', u'null', u'null', u'null', u'null']
Activities
活动名类型
anzhi.games.MainActivityandroid.intent.action.MAIN
anzhi.games.MainActivityandroid.intent.category.LAUNCHER
函数名称信息
HttpC->execute请求远程服务器
TelephonyM->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
android/app/NotificationM->notify信息通知栏
DefaultHttpC->execute发送HTTP请求
java/net/URL;->openConnection连接URL
java/net/HttpURLC->connect连接URL
TelephonyM->getLine1Number获取手机号
TelephonyM->getSimSerialNumber获取SIM序列号
LocationM->getLastKnownLocation获取地址位置
MediaR->setAudioSource开启录音功能
java/net/URLC->connect连接URL
ContentR->delete删除短信、联系人
ContentR->query读取联系人、短信等数据库
许可名称信息
android.permission.VIBRATE允许设备震动
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS访问额外的定位指令
android.permission.INTERNET连接网络(2G或3G)
android.permission.RECORD_AUDIO录音(使用AudioRecord)
android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
res/layout/activity_main.xml
0x1c7c43e5
res/layout/customer_notitfication_layout.xml
0x3aa7b3ca
res/layout/customer_notitfication_layout_one.xml
0x6e339105
res/layout/simple.xml
0x9e42ff01
res/layout/softupdate_progress.xml
0x40e58174
res/layout/test.xml
0x3a85d1bb
res/menu/main.xml
0x4bc3e605
res/xml/config.xml
0xce6ec5a5
AndroidManifest.xml
0xc7753e43
resources.arsc
0x86ca47c2
res/drawable-hdpi/ic_launcher.png
0x5f8a1eb4
res/drawable-hdpi/icon.png
0x719f3755
res/drawable-ldpi/icon.png
0x719f3755
res/drawable-mdpi/ic_launcher.png
0xa5bfa0ca
res/drawable-mdpi/icon.png
0x719f3755
res/drawable-xhdpi/ic_launcher.png
0xc9c090e8
res/drawable-xhdpi/icon.png
0x719f3755
classes.dex
0x6d12d79e
lib/armeabi/libbdpush_V1_0.so
0x91a1b916
lib/mips/libbdpush_V1_0.so
0xd75b9a44
lib/x86/libbdpush_V1_0.so
0xd375eab3
META-INF/MANIFEST.MF
0x6fd2888b
META-INF/CERT.SF
0xf22d2797
META-INF/CERT.RSA
File upload
Please not close this windows,
If you do not have to upload response time, make sure you upload files less than 20M
You can view the results of the last scan or rescanmicrosoft project 2016 下载|Microsoft Project 位 简体中文版 含秘钥 - 河东下载站手游排行榜Which type of operating system are you running?
Don't know
& What is SppExtComObjPatcher.exe?
What is SppExtComObjPatcher.exe?SppExtComObjPatcher.exe is usually located in the 'C:\Windows\System32\' folder.Some of the anti-virus scanners at . If you have additional information about the file, please share it with the FreeFixer users by posting a
at the bottom of this page.VirusTotal report8 of the 57 anti-virus programs at VirusTotal detected the SppExtComObjPatcher.exe file. That's a 14% detection rate.ScannerDetection NameBaidu-International Hacktool.Win64.HackKMS.CESET-NOD32 a variant of Win64/HackKMS.C potentially unsafeMalwarebytes Trojan.ProxyMcAfee Artemis!94FEF1EEBF8BMcAfee-GW-Edition BehavesLike.Win64.BadFile.xtNANO-Antivirus Trojan.Win64.HackKMS.deintzNorman HackKMS.ARVIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious)SppExtComObjPatcher.exe removal instructionsThe instructions below shows how to remove SppExtComObjPatcher.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the SppExtComObjPatcher.exe file for removal, restart your computer and scan it again to verify that SppExtComObjPatcher.exe has been successfully removed. Here are the removal instructions in more detail:Please select the option that best describe your thoughts on the removal instructions given aboveThe uninstall instructions worked great. The file was successfully removed.I tried the removal, but I could not find the file in FreeFixer's scan result.I found the file in FreeFixer's scan result, checked it for removal, but after scanning again the file was still thereI think the file should be removed, but I will try to remove it manuallyI think the file should be removed, but I will use another removal tool to delete itI think the file is legitimate and it should not be removed.I don't have the file on my computer.None of the options in the poll matched what I'm trying to achieve.Error MessagesThese are some of the error messages that can appear related to sppextcomobjpatcher.exe:sppextcomobjpatcher.exe has encountered a problem and needs to close. We are sorry for the inconvenience.sppextcomobjpatcher.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.sppextcomobjpatcher.exe has stopped working.End Program - sppextcomobjpatcher.exe. This program is not responding.sppextcomobjpatcher.exe is not a valid Win32 application.sppextcomobjpatcher.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.What will you do with the file?To help other users, please let us know what you will do with the file:
I will keep it
I will remove itWhat did other users do?The poll result listed below shows what users chose to do with the file. 11% have voted for removal. Based on votes from 54 users.Русский
Portuguese
File details of most used file with name "sppextcomobj.exe"
Product: Microsoft(R) Windows(R) Operating SystemCompany: Microsoft CorporationDescription: KMS Connection BrokerVersion: 6.2.MD5: 6f559df7ea6b1d0cd49690SHA1: 2f41cc6ac5b18a4e1SHA256: 5b3ea80ca1be1b743bd3cd47ea5af25fdf836a7ceeSize: 104960Directory: C:\Windows\System32Operating System: Windows 8Occurence: High
Check your PC with our freeware tool
System Explorer is our freeware awards winning tool which provides easy way how to check all running processes via our database.
This tool will help you keep your system under control.
Is the Process "sppextcomobj.exe" Safe or Threat ?100% of reviewed files are marked as
Safe .100% of reviewed files are marked as
file.Latest new variant of the file with name "sppextcomobj.exe" was discovered 8 days ago. Our database contains 20 variants of the file "sppextcomobj.exe" with final rating
and 1 variants with final rating
Threat . Final ratings are based on file reviews, discovered date, users occurence and antivirus scan results.Filename "sppextcomobj.exe" is used by Microsoft Windows System files. Many threats uses filenames of System Processes to camouflage itself. You should consider suspected any file which uses system filename and
is not stored in system directory or has invalid file version information. Correct system file contains full file version information from Microsoft.
Add Review for "sppextcomobj.exe"More information about the file is needed for adding user review. If you know md5 ,size, sha1,sha256 or other attribute of the file which you want to review, then you can use Advanced Search in our . If you don't know details about the file, you can easily check your file with our free tool. .
Check your PC with our freeware tool
System Explorer is our freeware awards winning tool which provides easy way how to check all running processes via our database.
This tool will help you keep your system under control.
It's real freeware, no ads or bundles, available in installer or portable distribution.
Many satisfied users recommends to try it.
Cookies help us deliver our services. By using our services, you agree to our use of cookies.}
VirSCAN supports Rar/Zip decompression, but it must be less than 20 files. 3, VirSCAN can scan compressed files with password 'infected' or 'virus'.
Portuguese Brazil
Русский
укра?нська
Nederlands
Espa?ol (Latin America)
Server load
File information
File Name :
(File not down)
File Size :629970 byte
File Type :application/jar
文件行为分析
Scanner results
Scanner results:<font color="#%Scanner(s) (0/32)found malware!
Time: <font color="#15-06-16 23:23:40 (CST)
Engine Ver
Scan result
AVL SDK 3.0
Found nothing
9.0.0.4324
9.0.0.4324
Found nothing
Found nothing
Found nothing
4.1.3.52192
Found nothing
Found nothing
bitdefender
Found nothing
Found nothing
5.0.2.3300
Found nothing
23.345, 23.345
Found nothing
6.5.1.5418
Found nothing
Found nothing
Found nothing
V1.32.31.0
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
9.500-1005
Found nothing
Found nothing
Found nothing
Found nothing
25.46.06.04
25.46.06.04
Found nothing
Found nothing
Found nothing
Found nothing
Found nothing
17.47.17308
1.0.2.2108
Found nothing
Found nothing
virusbuster
15.0.985.0
Found nothing
■Heuristic/Suspicious ■Exact
NOTICE: Results are not 100% accurate and can be reported as a false positive by some scannerswhen and if malware is found. Please judge these results for yourself.
Copy to clipboard
许可名称信息
android.permission.VIBRATE允许设备震动
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS访问额外的定位指令
android.permission.INTERNET连接网络(2G或3G)
android.permission.RECORD_AUDIO录音(使用AudioRecord)
android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
安全评分 :
包名:anzhi.games
最低运行环境:Android 2.3, 2.3.1, 2.3.2
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21----500
DfSharedHeap69933
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF993E.tmp
MSCTF.MarshalInterface.FileMap.EMK..CHAIF
MSCTF.MarshalInterface.FileMap.EMK.B.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.C.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.D.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.E.CIAIF
MSCTF.MarshalInterface.FileMap.EMK.F.BJAIF
MSCTF.MarshalInterface.FileMap.EMK.G.BJAIF
MSCTF.Shared.SFM.EMK
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [激活 Windows All VL,Button]
[Window,Class] = [激活 Office 2010 VL,Button]
[Window,Class] = [激活 Office 2013 VL,Button]
[Window,Class] = [一键激活(ALL)并自动续期,Button]
[Window,Class] = [查看 Windows 激活状态,Button]
[Window,Class] = [查看 Office 激活状态,Button]
[Window,Class] = [安装/卸载 自动续期服务,Button]
[Window,Class] = [暂停/重启 自动续期服务,Button]
[Window,Class] = [安装 Windows GVLK 密钥,Button]
[Window,Class] = [安装 Office
GVLK 密钥,Button]
[Window,Class] = [重置 Windows 激活状态,Button]
[Window,Class] = [重置 Office 激活状态,Button]
[Window,Class] = [KMS激活流程,Button]
[Window,Class] = [请输入服务器IP地址:,Static]
行为描述:隐藏窗口创建进程
详情信息:ImagePath = , CmdLine = c:\docume~1\admini~1\locals~1\temp\7z.exe x c:\docume~1\admini~1\locals~1\temp\kmsmini.7z -y -oc:\docume~1\admini~1\locals~1\temp\heu_kms_mini_77\
行为描述:创建新文件进程
详情信息:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE x C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KMSmini.7z -y -oC:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms.exe
行为描述:写权限映射文件
详情信息:CiceroSharedMemDefaultS-1-5-21----500
DfSharedHeap69933
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DF993E.tmp
MSCTF.MarshalInterface.FileMap.EMK..CHAIF
MSCTF.MarshalInterface.FileMap.EMK.B.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.C.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.D.CHAIF
MSCTF.MarshalInterface.FileMap.EMK.E.CIAIF
MSCTF.MarshalInterface.FileMap.EMK.F.BJAIF
MSCTF.MarshalInterface.FileMap.EMK.G.BJAIF
MSCTF.Shared.SFM.EMK
行为描述:创建可执行文件
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\7Z.EXE
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\HEU_KMS_Service.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\KMSClient.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\KMSServer.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\kms_x64.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x64\SppExtComObj.Exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x86\SppExtComObj.Exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\srvany.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x64\SppExtComObjHook.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\x86\SppExtComObjHook.dll
行为描述:修改文件内容
详情信息:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut4.tmp---& Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\KMSmini.7z---& Offset = 262144
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\aut5.tmp---& Offset = 196608
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\left.jpg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\theme.jpg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\ICO_211.ico---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\ICO_221.ico---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\InstallXRMMS.cmd---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2013\visiopro\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2013\projectpro\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2013\proplus\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\proplus\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\projectpro\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\visio\office.reg---& Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\cert\kmscert2010\standard\office.reg---& Offset = 0
行为描述:检测自身是否被调试
详情信息:N/A
行为描述:创建互斥体
详情信息:CTF.LBES.MutexDefaultS-1-5-21----500
<part.MutexDefaultS-1-5-21----500
CTF.Asm.MutexDefaultS-1-5-21----500
CTF.Layouts.MutexDefaultS-1-5-21----500
CTF.TMD.MutexDefaultS-1-5-21----500
CTF.TimListCache.FMPDefaultS-1-5-21----500MUTEX.DefaultS-1-5-21----500
MSCTF.Shared.MUTEX.AEH
MSCTF.Shared.MUTEX.EMK
行为描述:隐藏指定窗口
详情信息:[Window,Class] = [AutoIt v3,AutoIt v3]
[Window,Class] = [激活 Windows All VL,Button]
[Window,Class] = [激活 Office 2010 VL,Button]
[Window,Class] = [激活 Office 2013 VL,Button]
[Window,Class] = [一键激活(ALL)并自动续期,Button]
[Window,Class] = [查看 Windows 激活状态,Button]
[Window,Class] = [查看 Office 激活状态,Button]
[Window,Class] = [安装/卸载 自动续期服务,Button]
[Window,Class] = [暂停/重启 自动续期服务,Button]
[Window,Class] = [安装 Windows GVLK 密钥,Button]
[Window,Class] = [安装 Office
GVLK 密钥,Button]
[Window,Class] = [重置 Windows 激活状态,Button]
[Window,Class] = [重置 Office 激活状态,Button]
[Window,Class] = [KMS激活流程,Button]
[Window,Class] = [请输入服务器IP地址:,Static]
行为描述:查找指定窗口
详情信息:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述:获取系统权限
详情信息:SE_LOAD_DRIVER_PRIVILEGE
行为描述:窗口信息
详情信息:Pid = 2752, Hwnd=0x10366, Text = 关于, ClassName = Static.
Pid = 2752, Hwnd=0x10368, Text =
v7.7, ClassName = Static.
Pid = 2752, Hwnd=0x10370, Text = 激活 Windows All VL, ClassName = Button.
Pid = 2752, Hwnd=0x10374, Text = 激活 Office 2010 VL, ClassName = Button.
Pid = 2752, Hwnd=0x10378, Text = 激活 Office 2013 VL, ClassName = Button.
Pid = 2752, Hwnd=0x1037c, Text = 一键激活(ALL)并自动续期, ClassName = Button.
Pid = 2752, Hwnd=0x10380, Text = 查看 Windows 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x10384, Text = 查看 Office 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x10388, Text = 安装/卸载 自动续期服务, ClassName = Button.
Pid = 2752, Hwnd=0x1038c, Text = 暂停/重启 自动续期服务, ClassName = Button.
Pid = 2752, Hwnd=0x10390, Text = 安装 Windows GVLK 密钥, ClassName = Button.
Pid = 2752, Hwnd=0x10394, Text = 安装 Office
GVLK 密钥, ClassName = Button.
Pid = 2752, Hwnd=0x10398, Text = 重置 Windows 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x1039c, Text = 重置 Office 激活状态, ClassName = Button.
Pid = 2752, Hwnd=0x103a0, Text = KMS激活流程, ClassName = Button(GroupBox).
行为描述:打开图片文件
详情信息:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\left.jpg
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\HEU_KMS_Mini_77\theme.jpg
动态列表行为
行为描述:初始化URL
详情信息:[u'/update.xml']
行为描述:读取文件
详情信息:path:/proc/meminfo length:535
行为描述:解析通用资源标识符
详情信息:content://downloads/my_downloads
content://downloads/all_downloads
content://downloads/public_downloads
webkit/android-weberror.png
行为描述:注册广播接收器
详情信息:[u'android.webkit.WebViewClassic$PackageListener@', u'android.content.IntentFilter@']
[u'android.webkit.WebViewClassic$ProxyReceiver@', u'android.content.IntentFilter@414dc210']
[u'android.webkit.WebViewClassic$TrustStorageListener@4153ec80', u'android.content.IntentFilter@414ed478']
[u'org.apache.cordova.CordovaWebView$1@414e4a88', u'android.content.IntentFilter@414e4560']
行为描述:对指定数据计算哈希
详情信息:c5d509c6bdbbf911
352bcfebcce64dccb9a5abcb2
行为描述:访问URL
详情信息:/update.xml
行为描述:初始化IntentFilter
详情信息:[u'android.intent.action.PACKAGE_ADDED']
行为描述:添加悬浮窗口
详情信息:[u'com.android.internal.policy.impl.PhoneWindow$DecorView@414fbb80', u'WM.LayoutParams{(0,0)(fillxfill) sim=#100 ty=1 fl=#1810900 pfl=0x8 wanim=0x103028f}', u'patibilityInfoHolder@414b41a0']
行为描述:调用哈希算法
详情信息:MD5
行为描述:写入文件
详情信息:path:/data/anzhi.games/shared_prefs/mobclick_agent_anzhi.games.xml length:220
行为描述:数据库查询
详情信息:[u'formurl', u'null', u'null', u'null', u'null', u'null', u'null']
Activities
活动名类型
anzhi.games.MainActivityandroid.intent.action.MAIN
anzhi.games.MainActivityandroid.intent.category.LAUNCHER
函数名称信息
HttpC->execute请求远程服务器
TelephonyM->getDeviceId搜集用户手机IMEI码、电话号码、系统版本号等信息
android/app/NotificationM->notify信息通知栏
DefaultHttpC->execute发送HTTP请求
java/net/URL;->openConnection连接URL
java/net/HttpURLC->connect连接URL
TelephonyM->getLine1Number获取手机号
TelephonyM->getSimSerialNumber获取SIM序列号
LocationM->getLastKnownLocation获取地址位置
MediaR->setAudioSource开启录音功能
java/net/URLC->connect连接URL
ContentR->delete删除短信、联系人
ContentR->query读取联系人、短信等数据库
许可名称信息
android.permission.VIBRATE允许设备震动
android.permission.ACCESS_COARSE_LOCATION获取粗略的位置(通过wifi、基站)
android.permission.ACCESS_FINE_LOCATION获取精确的位置(通过GPS)
android.permission.ACCESS_LOCATION_EXTRA_COMMANDS访问额外的定位指令
android.permission.INTERNET连接网络(2G或3G)
android.permission.RECORD_AUDIO录音(使用AudioRecord)
android.permission.MODIFY_AUDIO_SETTINGS修改声音设置
android.permission.WRITE_EXTERNAL_STORAGE写外部存储器(如:SD卡)
android.permission.ACCESS_NETWORK_STATE读取网络状态(2G或3G)
res/layout/activity_main.xml
0x1c7c43e5
res/layout/customer_notitfication_layout.xml
0x3aa7b3ca
res/layout/customer_notitfication_layout_one.xml
0x6e339105
res/layout/simple.xml
0x9e42ff01
res/layout/softupdate_progress.xml
0x40e58174
res/layout/test.xml
0x3a85d1bb
res/menu/main.xml
0x4bc3e605
res/xml/config.xml
0xce6ec5a5
AndroidManifest.xml
0xc7753e43
resources.arsc
0x86ca47c2
res/drawable-hdpi/ic_launcher.png
0x5f8a1eb4
res/drawable-hdpi/icon.png
0x719f3755
res/drawable-ldpi/icon.png
0x719f3755
res/drawable-mdpi/ic_launcher.png
0xa5bfa0ca
res/drawable-mdpi/icon.png
0x719f3755
res/drawable-xhdpi/ic_launcher.png
0xc9c090e8
res/drawable-xhdpi/icon.png
0x719f3755
classes.dex
0x6d12d79e
lib/armeabi/libbdpush_V1_0.so
0x91a1b916
lib/mips/libbdpush_V1_0.so
0xd75b9a44
lib/x86/libbdpush_V1_0.so
0xd375eab3
META-INF/MANIFEST.MF
0x6fd2888b
META-INF/CERT.SF
0xf22d2797
META-INF/CERT.RSA
File upload
Please not close this windows,
If you do not have to upload response time, make sure you upload files less than 20M
You can view the results of the last scan or rescanmicrosoft project 2016 下载|Microsoft Project 位 简体中文版 含秘钥 - 河东下载站手游排行榜Which type of operating system are you running?
Don't know
& What is SppExtComObjPatcher.exe?
What is SppExtComObjPatcher.exe?SppExtComObjPatcher.exe is usually located in the 'C:\Windows\System32\' folder.Some of the anti-virus scanners at . If you have additional information about the file, please share it with the FreeFixer users by posting a
at the bottom of this page.VirusTotal report8 of the 57 anti-virus programs at VirusTotal detected the SppExtComObjPatcher.exe file. That's a 14% detection rate.ScannerDetection NameBaidu-International Hacktool.Win64.HackKMS.CESET-NOD32 a variant of Win64/HackKMS.C potentially unsafeMalwarebytes Trojan.ProxyMcAfee Artemis!94FEF1EEBF8BMcAfee-GW-Edition BehavesLike.Win64.BadFile.xtNANO-Antivirus Trojan.Win64.HackKMS.deintzNorman HackKMS.ARVIPRE RiskTool.Win32.ProcessPatcher.Sml!cobra (v) (not malicious)SppExtComObjPatcher.exe removal instructionsThe instructions below shows how to remove SppExtComObjPatcher.exe with help from the FreeFixer removal tool. Basically, you install FreeFixer, scan your computer, check the SppExtComObjPatcher.exe file for removal, restart your computer and scan it again to verify that SppExtComObjPatcher.exe has been successfully removed. Here are the removal instructions in more detail:Please select the option that best describe your thoughts on the removal instructions given aboveThe uninstall instructions worked great. The file was successfully removed.I tried the removal, but I could not find the file in FreeFixer's scan result.I found the file in FreeFixer's scan result, checked it for removal, but after scanning again the file was still thereI think the file should be removed, but I will try to remove it manuallyI think the file should be removed, but I will use another removal tool to delete itI think the file is legitimate and it should not be removed.I don't have the file on my computer.None of the options in the poll matched what I'm trying to achieve.Error MessagesThese are some of the error messages that can appear related to sppextcomobjpatcher.exe:sppextcomobjpatcher.exe has encountered a problem and needs to close. We are sorry for the inconvenience.sppextcomobjpatcher.exe - Application Error. The instruction at "0xXXXXXXXX" referenced memory at "0xXXXXXXXX". The memory could not be "read/written". Click on OK to terminate the program.sppextcomobjpatcher.exe has stopped working.End Program - sppextcomobjpatcher.exe. This program is not responding.sppextcomobjpatcher.exe is not a valid Win32 application.sppextcomobjpatcher.exe - Application Error. The application failed to initialize properly (0xXXXXXXXX). Click OK to terminate the application.What will you do with the file?To help other users, please let us know what you will do with the file:
I will keep it
I will remove itWhat did other users do?The poll result listed below shows what users chose to do with the file. 11% have voted for removal. Based on votes from 54 users.Русский
Portuguese
File details of most used file with name "sppextcomobj.exe"
Product: Microsoft(R) Windows(R) Operating SystemCompany: Microsoft CorporationDescription: KMS Connection BrokerVersion: 6.2.MD5: 6f559df7ea6b1d0cd49690SHA1: 2f41cc6ac5b18a4e1SHA256: 5b3ea80ca1be1b743bd3cd47ea5af25fdf836a7ceeSize: 104960Directory: C:\Windows\System32Operating System: Windows 8Occurence: High
Check your PC with our freeware tool
System Explorer is our freeware awards winning tool which provides easy way how to check all running processes via our database.
This tool will help you keep your system under control.
Is the Process "sppextcomobj.exe" Safe or Threat ?100% of reviewed files are marked as
Safe .100% of reviewed files are marked as
file.Latest new variant of the file with name "sppextcomobj.exe" was discovered 8 days ago. Our database contains 20 variants of the file "sppextcomobj.exe" with final rating
and 1 variants with final rating
Threat . Final ratings are based on file reviews, discovered date, users occurence and antivirus scan results.Filename "sppextcomobj.exe" is used by Microsoft Windows System files. Many threats uses filenames of System Processes to camouflage itself. You should consider suspected any file which uses system filename and
is not stored in system directory or has invalid file version information. Correct system file contains full file version information from Microsoft.
Add Review for "sppextcomobj.exe"More information about the file is needed for adding user review. If you know md5 ,size, sha1,sha256 or other attribute of the file which you want to review, then you can use Advanced Search in our . If you don't know details about the file, you can easily check your file with our free tool. .
Check your PC with our freeware tool
System Explorer is our freeware awards winning tool which provides easy way how to check all running processes via our database.
This tool will help you keep your system under control.
It's real freeware, no ads or bundles, available in installer or portable distribution.
Many satisfied users recommends to try it.
Cookies help us deliver our services. By using our services, you agree to our use of cookies.}
我要回帖
更多关于 华为mate9钱包怎么用 的文章
更多推荐
- ·百度账号注销多久可以重新注册贴吧注销后注销前账号发的评论,别人还能回复你吗?你还能收到吗
- ·朋友圈我多次被禁?我又没触犯什么法律法规,为何长时间禁言要多久恢复?请平台审核人解封
- ·电脑音响连接智能电视没有音频输出口怎么连接音响上怎么没声音,有一条音频线不知道该插电视没有音频输出口怎么连接音响上哪儿,有谁知道吗?求求各位帮帮忙!
- ·可以用电脑清除荣耀手机恢复出厂设置密码密码并保留数据?
- ·win10系统,QQ输入法打字谷歌拼音输入法不在框内?
- ·Password required,but none butset是为什么
- ·彻底删除微信聊天记录录删除了怎么知道给谁聊过
- ·z17 小米6一加5努比亚z17 一加5 哪个好
- ·拉卡拉支付公司的软件手机可以用吗?
- ·android中的findviewbyid找不到id是怎么回事啊,找不到控件,是null-CSDN论坛
- ·微信卸载找回聊天记录重新安装以后发送微信找不到微信群是怎么回事?怎样才能找到微信群?
- ·excel 超过不显示15位为什么显示0
- ·亚马逊kyc审核 kyc 审核 周末会进行吗
- ·大神 求教如何使jetson tx1 摄像头的风扇转动
- ·怎么样用一个手机号注册两个2017微信解绑手机号
- ·如何用64signer给驱动c 文件数字签名算法
- ·安装xposed框架必备模块后添加模块重启就黑屏了怎么办
- ·百度贴吧发帖机器在贴吧里怎么发帖的,求教
- ·请提供电信中兴联通光猫桥接路由器路由和桥接转换选项网页
- ·新买了苹果6s plus 128gg 硬盘类型未知 这个有问题吗
- ·华为mate9华为钱包怎么捆绑公交卡
- ·sql语句中select嵌套 怎么实现类似 在like语句里嵌套查询
- ·lgg6美版使用体验iPhone8价格多少?iPhone8lgg6美版使用体验在国内可以使用吗
- ·求这两个图片对应的斯派克可爱狗头像图片
- ·华为荣耀v9和p10那个好9和v9以及p10的区别
- ·8848钛金手机价格的价格大概是多少?是高端产品吗?
- ·美团团购验证码外卖图片验证码不显示怎么办?
- ·请教cadence仿真工具中baluns的仿真问题
- ·比特币分叉11月升级分叉将要迎来什么样的结局
- ·我想下载个手机微信安装
- ·华为mate10和华为华为v9和mate9哪个好好
- ·高通手机pcb采用的什么pcb设计软件件
- ·对游戏显卡渲染引擎加载失败很感兴趣,想学一学,有哪些书推荐吗
- ·WiFi突然不能用了,我是只拉了网线突然断了装了WiFi,没有电脑。今天停电了一会,来电以后就不能用了。求
