某中文TG利用的Foundation.dll
Dll劫持27号导出函数,?startLogging@fde@@YAXPB_W@Z
fde::startLogging
fde::startLogging
dump
Dump出来是upx压缩,无魔改
简单分析
c2
? 首次应该是 尝试连接d.nkking.com
失败就切换
192.168.1.216:15628
180.215.215.5:15628
103.146.13.63:15628
27.124.41.140:15628
103.80.24.52:15628
27.124.42.14:15628
8.210.94.213:15628
1.32.250.227:15628
handle
浙公网安备 33010602011771号