虚拟机
进程(VirtualBox、Vmware)
- vmtoolsd.exe
- Vmwaretrat.exe
- vmwareuser.exe
- Vmacthlp.exe
- vboxservice.exe
- vboxtray.exe
- VirtuBox
- VMware
- Sandbox
- BSA
-
杀软
卡巴斯基
- avp.exe
- avpui.exe
- McAfee
- mcagent.exe
- McNASvc.exe
- MpfSrv.exe
- McProxy.exe
- mcmscsvc.exe
- McUICnt.exe
- McAPExe.exe
- mfefire.exe
- McCSPServiceHost.exe
- mcshield.exe
- mfevtps.exe
- McSvHost.exe
- McVulCtr.exe
- 趋势科技
- uiWatchDog.exe
- uiseagnt.exe
- ufseagnt.exe
- uiwinmgr.exe
- coreserviceshell.exe
- coreframeworkhost.exe
- 360
- ZhuDongFangYu.exe
- 360tray.exe
- 360sd.exe
- 360rp.exe
- qhsafetray.exe
- qhwatchdog.exe
- qhactivedefense.exe
- ALYac
- ayagent.aye
- ayrtsrv.aye
- ayupdsrv.aye
- AntiVir
- avguard.exe
- avgnt.exe
- avcenter.exe
- 诺顿
- ccsvchst.exe
- nis.exe
- ns.exe
- AVG
- avgtray.exe
- avgui.exe
- avgidsagent.exe
- avgwdsvc.exe
- avgrsa.exe
- avgcsrva.exe
- avgcsrvx.exe
- Avast
- afwServ.exe
- avastui.exe
- avastsvc.exe
- 微软
- msseces.exe
- msmpeng.exe
- nissrv.exe
- Eset NOD32
- egui.exe
- ekrn.exe
- AdAwareInstaller
- AdAwareDesktop.exe
- AdAwareService.exe
- AdAwareTray.exe
- AdAwareUpdater.exe
- 百度
- BHipsSvc.exe
- bavhm.exe
- BavSvc.exe
- BavTray.exe
- BavUpdater.exe
- Bav.exe
- BaiduHips.exe
- BaiduSdTray.exe
- BaiduSdSvc.exe
- BitDefender
- bdagent.exe
- bdwtxag.exe
- 金山毒霸
- kxetray.exe
- kxescore.exe
- Comodo
- CisTray.exe
- cavwp.exe
- cmdagent.exe
- cis.exe
- cmdupd.exe
- Malwarebytes
- mbam.exe
- mbamscheduler.exe
- mbamservice.exe
- Panda
- PSUAMain.exe
- PSUAService.exe
- PSANHost.exe
- Dr.Web
- dwscanner.exe
- dwengine.exe
- dwarkdaemon.exe
- dwnetfilter.exe
- dwservice.exe
- 瑞星
- RsMgrSvc.exe
- RavMonD.exe
- RavMonD.exe
- RsTray.exe
- 腾讯
- QQPCRTP.exe
- QQPCTray.exe
- K7TotalSecurity
- K7TSHlpr.exe
- K7TSMain.exe
- K7TSMngr.exe
- K7TSecurity.exe
- K7CrvSvc.exe
- K7EmlPxy.exe
- K7CTScan.exe
- K7SysMon.Exe
- K7FWSrvc.exe
- K7PSSrvc.exe
其他
检查 PEB 的 NumberOfProcessors 是否为 2 或更少
检查 MACAddress 是否是 Vmware 使用的地址
调试
检查调试工具正在运行
WinDbg
- x64_dbg
- OllyICE
- OllyDBG
- Immunity
- idaq
若有收获,就点个赞吧
0 人点赞
