VirSCAN VirSCAN

1, Můžete nahrát libovolné soubory, ale existuje limit 20Mb na soubor.
2, VirSCAN podporuje dekompresi Rar / Zip, ale musí obsahovat méně než 20 souborů.
3, VirSCAN otestuje komprimované soubory, které jsou chráněné heslem 'infected' nebo 'virus'.

Vyberte jazyk
Zatížení serveru
Server Load

Informace o souboru
Bezpečnostní hodnocení:76
Seznam chování
Základní informace
MD5:6064fe7257ef66f1c10a0dd45550ae52
Typ souboru:gzip
Produkční společnost:
Verze:
Informace o Shell nebo kompilátoru:
Informace o podsouborech:996E / 81751a0fdb1702bad9b105f33e1e2173 / Unknown
klíčová opatření
Popis chování:设置特殊文件夹属性
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018120720181208
C:\Documents and Settings\Administrator\IECompatCache
Popis chování:设置消息钩子
Podrobnosti:C:\WINDOWS\system32\IEFRAME.dll
Chování procesu
Popis chování:创建进程
Podrobnosti:[0x000009b0]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2392 CREDAT:79873
[0x00000db0]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:2392 CREDAT:14340
Popis chování:创建本地线程
Podrobnosti:TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2416, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2444, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2448, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2452, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2456, StartAddress = 77E56C7D, Parameter = 00196878
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2460, StartAddress = 5DE05ABD, Parameter = 001987C8
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2464, StartAddress = 5DE05BC0, Parameter = 001941D8
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2468, StartAddress = 0122F74F, Parameter = 00000210
TargetProcess: iexplore.exe, InheritedFromPID = 2392, ProcessID = 2480, ThreadID = 2488, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2496, StartAddress = 77C0A341, Parameter = 003F6C40
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2500, StartAddress = 77E56C7D, Parameter = 001B61B8
TargetProcess: iexplore.exe, InheritedFromPID = 2392, ProcessID = 2480, ThreadID = 2504, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2000, ProcessID = 2392, ThreadID = 2508, StartAddress = 769AE43B, Parameter = 001B8C58
TargetProcess: iexplore.exe, InheritedFromPID = 2392, ProcessID = 2480, ThreadID = 2512, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 2392, ProcessID = 2480, ThreadID = 2516, StartAddress = 7C949B6F, Parameter = 00000000
Chování souborů
Popis chování:创建文件
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6B3A8C9C-F9D3-11E8-91C0-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA434.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B3A8C9D-F9D3-11E8-91C0-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC29F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\z_stat[1].php
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018120720181208\index.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{719BB76A-F9D3-11E8-91C0-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4109.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\yixun_com[1]
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5DFA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5E0F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5FFF.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6018.tmp
Popis chování:创建可执行文件
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Popis chování:查找文件
Podrobnosti:FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\Program Files\Java
FileName = C:\Program Files\Java\jre7
FileName = C:\Program Files\Java\jre7\bin
FileName = C:\Program Files\Java\jre7\bin\jp2ssv.dll
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe_7zdump\%temp%\****.html
FileName = C:\Program Files\Internet Explorer\iexplore.exe
Popis chování:删除文件
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA434.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC29F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favicon[1].ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\z_stat[1].php
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4109.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5DFA.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5E0F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF5FFF.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6018.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF62C5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6307.tmp
Popis chování:设置特殊文件夹属性
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018120720181208
C:\Documents and Settings\Administrator\IECompatCache
Popis chování:修改文件内容
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6B3A8C9C-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6B3A8C9C-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA434.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFA434.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6B3A8C9C-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{6B3A8C9C-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B3A8C9D-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B3A8C9D-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC29F.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DFC29F.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B3A8C9D-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{6B3A8C9D-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012018120720181208\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{719BB76A-F9D3-11E8-91C0-7B****28}.dat ---> Offset = 512
Chování sítě
Popis chování:下载文件
Podrobnosti:URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Popis chování:连接指定站点
Podrobnosti:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ww****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00800000
InternetConnectA: ServerName = s4****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
Popis chování:打开HTTP连接
Podrobnosti:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
Popis chování:建立到一个指定的套接字连接
Podrobnosti:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000574
URL: ww****om, IP: **.133.40.**:443, SOCKET = 0x000005a4
URL: s4****om, IP: **.133.40.**:80, SOCKET = 0x00000488
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000448
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x00000584
Popis chování:读取网络文件
Podrobnosti:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00cc0018, BytesToRead =4095, BytesRead = 4095.
Popis chování:发送HTTP包
Podrobnosti:GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
GET /z_stat.php?id=1256693129 HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: s4****om Connection: Keep-Alive
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
Popis chování:打开HTTP请求
Podrobnosti:HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: ww****om:443/analytics.js, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00c00000
HttpOpenRequestA: s4****om:80/z_stat.php?id=1256693129, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=okkxz%2bx4bxaychqvekpeoq%3d%3d&msurs-patented-lock=atpwiygjdji%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
Popis chování:按名称获取主机地址
Podrobnosti:GetAddrInfoW: ww****om
GetAddrInfoW: s4****om
GetAddrInfoW: ur****om
Chování registru
Popis chování:修改注册表
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{6B3A8C9C-F9D3-11E8-91C0-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Time
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
Popis chování:删除注册表键值
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
Popis chování:删除注册表键
Podrobnosti:\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBB}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBC}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{CAFEEFAC-0017-0000-FFFF-ABCDEFFEDCBA}\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\InprocServer32\
\REGISTRY\USER\S-*_CLASSES\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\
\REGISTRY\USER\S-*_CLASSES\JavaPlugin.1000\CLSID\
Další chování
Popis chování:创建互斥体
Podrobnosti:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
ConnHashTable<2392>_HashTable_Mutex
oleacc-msaa-loaded
Local\ZonesCounterMutex
Local\RSS Eventing Connection Database Mutex 00000958
Popis chování:创建事件对象
Podrobnosti:EventName = Isolation Signal Registry Event (6B3A8C99-F9D3-11E8-91C0-7B****28, 0)
EventName = IE_EarlyTabStart_0x95c
EventName = Isolation Signal Registry Event (6B3A8C9A-F9D3-11E8-91C0-7B****28, 0)
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = Local\RSS Eventing Event Event 00000958
EventName = Global\crypt32LogoffEvent
EventName = IEFrame.EventCheckDefaultBrowser
EventName = IE_EarlyTabStart_0xdac
EventName = Isolation Signal Registry Event (6B3A8C9E-F9D3-11E8-91C0-7B****28, 0)
EventName = MSCTF.SendReceive.Event.MFJ.IC
EventName = MSCTF.SendReceiveConection.Event.MFJ.IC
EventName = MSCTF.SendReceiveConection.Event.IOJ.IC
EventName = MSCTF.SendReceive.Event.IOJ.IC
EventName = Local\Feed Arbitration Lock Event [ Process : 0x00000958 ]
Popis chování:查找指定窗口
Podrobnosti:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Popis chování:窗口信息
Podrobnosti:Pid = 2392, Hwnd=0x1035c, Text = 导航栏, ClassName = WorkerW.
Pid = 2392, Hwnd=0x10366, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x1036a, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x1037a, Text = 搜索..., ClassName = Edit.
Pid = 2392, Hwnd=0x1037e, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x10380, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x1039a, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x10392, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x10386, Text = LinksBand, ClassName = LinksBandClass.
Pid = 2392, Hwnd=0x1038e, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x1038a, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 2480, Hwnd=0x203be, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 2480, Hwnd=0x103c4, Text = 菜单栏, ClassName = WorkerW.
Pid = 2480, Hwnd=0x103d6, Text = 缩放级别, ClassName = ToolbarWindow32.
Pid = 2392, Hwnd=0x10340, Text = Windows Internet Explorer, ClassName = IEFrame.
Popis chování:调整进程token权限
Podrobnosti:SE_LOAD_DRIVER_PRIVILEGE
Popis chování:打开事件
Podrobnosti:\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Isolation Signal Registry Event (6B3A8C99-F9D3-11E8-91C0-7B****28, 0)
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2392
MSFT.VSA.IEC.STATUS.6c736db0
Isolation Signal Registry Event (6B3A8C9A-F9D3-11E8-91C0-7B****28, 0)
IE_EarlyTabStart_0x95c
MSFT.VSA.COM.DISABLE.2480
Local\RSS Eventing Event Event 00000958
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Popis chování:可执行文件签名信息
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
Popis chování:隐藏指定窗口
Podrobnosti:[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,AddressDisplay Control]
[Window,Class] = [,CtrlNotifySink]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [http://www.yixun.com/ - Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
[Window,Class] = [,CommandBarClass]
[Window,Class] = [,ReBarWindow32]
[Window,Class] = [,TabBandClass]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
Popis chování:可执行文件MD5
Podrobnosti:C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
Popis chování:打开互斥体
Podrobnosti:Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!BrowserEmulation!SharedMemory!Mutex
ShimCacheMutex
RasPbFile
CtfmonInstMutexDefaultS-*
Local\!IETld!Mutex
Local\RSS Eventing Connection Database Mutex 00000958
ConnHashTable<2392>_HashTable_Mutex
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
Spustit snímek obrazovky
VirSCAN

O VirSCAN | Ochrana soukromí | Kontakt | Přátelský odkaz | Pomozte VirSCAN
Překlad strongy
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号