VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:13
Behavior list
Basic Information
MD5:01c5060cc105375dc46d5cdb14869e15
file type:EXE
Production company:
version:1.1.0.0---1.01
Shell or compiler information:
Key behavior
Behavior description:修改原系统的EXE文件
details:C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 401408
Behavior description:跨进程写入数据
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362952.679644.exe
C:\%temp%\1446362952.686499.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362952.707113.exe
C:\%temp%\1446362952.713966.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
TargetProcess = iexplore.exe, WriteAddress = 0x00e20000, Size = 4096
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446362962.826895.exe
Behavior description:修改注册表_任务管理器关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr
Behavior description:修改注册表_UAC关键设置
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
Behavior description:常规加载驱动
details:system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\pqomm.sys
Behavior description:创建远程线程
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362953.279182.exe
C:\%temp%\1446362953.286046.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362953.306618.exe
C:\%temp%\1446362953.313522.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:内存映射方式修改可执行文件
details:\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
Behavior description:设置特殊文件属性
details:C:\ftpao.pif
C:\DiskD\wqeevp.exe
C:\DiskX\ayntv.pif
Behavior description:停止系统服务
details:ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
Behavior description:尝试连接RootKit驱动设备对象
details:\??\amsint32
Behavior description:写权限映射文件
details:hh8geqpHJTkdns0
purity_control_90833
Local\UrlZonesSM_Administrator
\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winysgxc.exe
\WINDOWS\system32\notepad.exe
\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
\DiskD\wqeevp.exe
Behavior description:在根目录创建自运行文件
details:C:\autorun.inf
C:\DiskD\autorun.inf
C:\DiskX\autorun.inf
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改注册表_禁用注册表编辑器项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools
Behavior description:创建系统服务
details:[服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\pqomm.sys
Process behavior
Behavior description:跨进程写入数据
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362952.679644.exe
C:\%temp%\1446362952.686499.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362952.707113.exe
C:\%temp%\1446362952.713966.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
TargetProcess = iexplore.exe, WriteAddress = 0x00e20000, Size = 4096
Behavior description:创建远程线程
details:C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Tencent\QQ\Bin\QQ.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe
C:\WINDOWS\system32\conime.exe
C:\WINDOWS\system32\PersonalBankPortal.exe
C:\%temp%\1446362953.279182.exe
C:\%temp%\1446362953.286046.exe
C:\WINDOWS\system32\taskmgr.exe
C:\%temp%\1446362953.306618.exe
C:\%temp%\1446362953.313522.exe
C:\WINDOWS\system32\patchupdate.exe
C:\WINDOWS\system32\tm.exe
C:\Program Files\Internet Explorer\iexplore.exe
Behavior description:枚举进程
details:N/A
Behavior description:创建进程
details:ImagePath = C:\Program Files\Internet Explorer\IEXPLORE.EXE, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.yixun.com/
File behavior
Behavior description:修改原系统的EXE文件
details:C:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE---> Offset = 12378112
C:\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe---> Offset = 401408
Behavior description:创建可执行文件
details:C:\WINDOWS\system32\drivers\pqomm.sys
C:\ftpao.pif
C:\DiskD\wqeevp.exe
C:\DiskX\ayntv.pif
Behavior description:查找文件
details:FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\*
FileName = C:\ANALYZECONTROL\*
FileName = D:\*
FileName = E:\*
FileName = F:\*
Behavior description:内存映射方式修改可执行文件
details:\device\harddiskvolume1\program files\microsoft office\office11\winword.exe
\device\harddiskvolume1\windows\system32\notepad.exe
\device\harddiskvolume1\windows\system32\cmb_pb_liveupdate.exe
Behavior description:设置特殊文件属性
details:C:\ftpao.pif
C:\DiskD\wqeevp.exe
C:\DiskX\ayntv.pif
Behavior description:写权限映射文件
details:hh8geqpHJTkdns0
purity_control_90833
Local\UrlZonesSM_Administrator
\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winysgxc.exe
\WINDOWS\system32\notepad.exe
\WINDOWS\system32\Cmb_Pb_LiveUpdate.exe
\DiskD\wqeevp.exe
Behavior description:在根目录创建自运行文件
details:C:\autorun.inf
C:\DiskD\autorun.inf
C:\DiskX\autorun.inf
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\WINDOWS\system.ini---> Offset = 231
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincafj.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyaiyjm.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winievm.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokaiov.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibhfh.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dyqj.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqdyudv.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jckjl.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winohtxm.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cprp.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fevpuk.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vrxec.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincwqxyp.exe---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxqis.exe---> Offset = 0
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://businecessity.com/logo.gif?77320=1952896 hInternet = 0x000005a8
InternetOpenUrlA: http://al-somow.com/images/logo.gif?7762b=1467009 hInternet = 0x000005ac
InternetOpenUrlA: http://amnisure.com.tr/images/logo.gif?77715=2935422 hInternet = 0x000005ac
InternetOpenUrlA: http://bhagavatirannade.org/logo.gif?777f0=4894560 hInternet = 0x000005ac
InternetOpenUrlA: http://ankara-cambalkon.net/images/logo.gif?7793b=2938722 hInternet = 0x000005a4
InternetOpenUrlA: http://aocuoikhanhlinh.vn/images/logo.gif?77a54=1960272 hInternet = 0x000005a4
InternetOpenUrlA: http://yeni.antalyahilal.com/logo.gif?10a23d=2180218 hInternet = 0x0000069c
InternetOpenUrlA: http://arimaexim.com/logo.gif?77bd8=2942736 hInternet = 0x0000069c
InternetOpenUrlA: http://businecessity.com/logo.gif?7a7ec=2508620 hInternet = 0x000005ac
InternetOpenUrlA: http://al-somow.com/images/logo.gif?78108=983568 hInternet = 0x0000059c
InternetOpenUrlA: http://amnisure.com.tr/images/logo.gif?78224=2460340 hInternet = 0x0000059c
InternetOpenUrlA: http://bhagavatirannade.org/logo.gif?785d0=4437072 hInternet = 0x0000059c
InternetOpenUrlA: http://ankara-cambalkon.net/images/logo.gif?782fc=492284 hInternet = 0x0000059c
InternetOpenUrlA: http://aocuoikhanhlinh.vn/images/logo.gif?78398=3939520 hInternet = 0x0000059c
InternetOpenUrlA: http://yeni.antalyahilal.com/logo.gif?7abc4=1005448 hInternet = 0x000005a8
Behavior description:下载文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincafj.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winyaiyjm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winievm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winokaiov.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winibhfh.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\dyqj.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winqdyudv.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\jckjl.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winohtxm.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\cprp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\fevpuk.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\vrxec.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\wincwqxyp.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\winxqis.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\hjdnrk.exe
Behavior description:读取网络文件
details:hFile = 0x000005a8, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005ac, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005a4, BytesToRead =1024, BytesRead = 1024.
hFile = 0x0000069c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x0000059c, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000005a0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000594, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000598, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000574, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000520, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000538, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000510, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000500, BytesToRead =1024, BytesRead = 1024.
hFile = 0x000004f0, BytesToRead =1024, BytesRead = 1024.
hFile = 0x00000534, BytesToRead =1024, BytesRead = 1024.
Registry behavior
Behavior description:修改注册表_Explorer文件显示相关属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Hidden
Behavior description:修改注册表_任务管理器关键属性
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableTaskMgr
Behavior description:删除注册表键_安全模式启动项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\AppMgmt
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Base
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Boot Bus Extender
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Boot file system
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\CryptSvc
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\DcomLaunch
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmadmin
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmboot.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmio.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmload.sys
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\dmserver
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\EventLog
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\File system
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Filter
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\Minimal\Netlogon
Behavior description:修改注册表_UAC关键设置
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\system\EnableLUA
Behavior description:删除注册表键值_安全模式启动项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\SafeBoot\AlternateShell
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\GlobalUserOffline
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DoNotAllowExceptions
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\DisableNotifications
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\1768776769
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-757413758
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\1011363011
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-1514827516
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\253949253
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\-993627007\-503464505
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A1_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A2_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A3_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A4_0
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A1_1
\REGISTRY\USER\S-*\Software\Aasppapmmxkvs\A2_1
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1446362962.826895.exe
Behavior description:修改注册表_安全中心相关属性
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\UacDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\AntiVirusDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\FirewallOverride
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UpdatesDisableNotify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Security Center\Svc\UacDisableNotify
Behavior description:修改注册表_禁用注册表编辑器项
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Policies\system\DisableRegistryTools
Other behavior
Behavior description:创建互斥体
details:uxJLpe1m
smss.exeM_532_
csrss.exeM_588_
winlogon.exeM_612_
services.exeM_656_
lsass.exeM_668_
33oxservice.exeM_828_
33acthlp.exeM_840_
svchost.exeM_880_
svchost.exeM_944_
svchost.exeM_984_
svchost.exeM_1068_
svchost.exeM_1100_
spoolsv.exeM_1240_
33upgradehelper.exeM_1504_
Behavior description:常规加载驱动
details:system32\DRIVERS\ipfltdrv.sys
\??\C:\WINDOWS\system32\drivers\pqomm.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
Behavior description:启动系统服务
details:[服务启动成功]: , IP Traffic Filter Driver, system32\DRIVERS\ipfltdrv.sys
[服务启动成功]: , amsint32, \??\C:\WINDOWS\system32\drivers\pqomm.sys
Behavior description:获取系统权限
details:SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
Behavior description:搜索kernel32.dll基地址
details:Instruction Address = 0x0040d17e
Behavior description:枚举窗口
details:N/A
Behavior description:停止系统服务
details:ServiceName = Application Layer Gateway Service
ServiceName = Windows Firewall/Internet Connection Sharing (ICS)
ServiceName = Security Center
Behavior description:尝试连接RootKit驱动设备对象
details:\??\amsint32
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 1024.
[2]: MilliSeconds = 300000.
[3]: MilliSeconds = 180000.
[4]: MilliSeconds = 10240.
[5]: MilliSeconds = -1.
[6]: MilliSeconds = 10000.
[7]: MilliSeconds = -1.
[8]: MilliSeconds = 180000.
[9]: MilliSeconds = 1024.
[10]: MilliSeconds = 4096.
Behavior description:获取TickCount值
details:TickCount = 484887, SleepMilliseconds = 12.
TickCount = 484918, SleepMilliseconds = 12.
TickCount = 484949, SleepMilliseconds = 12.
TickCount = 484965, SleepMilliseconds = 12.
TickCount = 664968, SleepMilliseconds = 180000.
TickCount = 485240, SleepMilliseconds = 256.
TickCount = 485256, SleepMilliseconds = 256.
TickCount = 485271, SleepMilliseconds = 256.
TickCount = 485287, SleepMilliseconds = 256.
TickCount = 485302, SleepMilliseconds = 256.
TickCount = 485318, SleepMilliseconds = 256.
TickCount = 485334, SleepMilliseconds = 256.
TickCount = 485349, SleepMilliseconds = 256.
TickCount = 485381, SleepMilliseconds = 256.
TickCount = 485396, SleepMilliseconds = 256.
Behavior description:创建系统服务
details:[服务已存在]: IPFILTERDRIVER, C:\WINDOWS\system32\drivers\ipfltdrv.sys
[服务创建成功]: amsint32, C:\WINDOWS\system32\drivers\pqomm.sys
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号