VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:23c387f674f1c7ec9b2040074378a1b4
file type:EXE
Production company:Kingsoft Corporation
version:2017.7.18.18665---2017,07,18,18665
Shell or compiler information:COMPILER:NSIS
Subfile information:kcleaner.dll / dda6bfd0e761962ddb2bf658756dde4e / DLL
kismain.dll / e43fa546bb0f02ce2e3e47dc5c02b54b / DLL
kxetray.exe / 054f8994fd4a72506db3d6d86477d43a / EXE
kaccclear.dat / bfe5dc85298d703d6732a5dfe6ed2fe2 / Unknown
ksreng3.dll / 2e9e94adc982d061745b4c7dbe603201 / DLL
ksreng3.dll / 2e9e94adc982d061745b4c7dbe603201 / DLL
ktrashscan.dll / dfe2372e00f365a3d537bf984efa627f / DLL
kskinmgr.dll / 9152c4b02a92bdc24dc63efc86fcbc4e / DLL
msvcr100.dll / 366fd6f3a451351b5df2d7c4ecf4c73a / DLL
msvcr80.dll / e4fece18310e23b1d8fee993e35e7a6f / DLL
msvcp80.dll / 4c8a880eabc0b4d462cc4b2472116ea1 / DLL
index.dat / 8cdb571d5c2236a8168e30bac84e98fc / Unknown
plugin.dat / 080e9d277da0af257fcbcbee15016c1c / Unknown
plugin.nlb / 351ad94734ef5b05d925e5adbc623c8d / Unknown
70003245.png / 3334d5db2d99fd197256b25f35b6b2fd / Unknown
index.dat / a987a668837af5734c9827a7cd264d73 / Unknown
70003245.png / b0d74176136e8360dd7a8b9221352bdd / Unknown
config3a.dat / 457d1808def819b70d2d0173402b5883 / Unknown
63011179.png / 647ead45918fe52b2912fa3752ebdcec / Unknown
Key behavior
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
\REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Workstation
Behavior description:获取文件属性探测虚拟机
details:GetFileAttributes: FileName = C:\Documents and Settings\Administrator\.VirtualBox
GetFileAttributes: FileName = C:\Program Files\Oracle\VirtualBox
GetFileAttributes: FileName = D:\Program Files\Oracle\VirtualBox
Behavior description:设置消息钩子
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe
Behavior description:获取TickCount值
details:TickCount = 246003, SleepMilliseconds = 50.
TickCount = 246065, SleepMilliseconds = 50.
TickCount = 246268, SleepMilliseconds = 50.
TickCount = 246362, SleepMilliseconds = 50.
TickCount = 246428, SleepMilliseconds = 100.
TickCount = 246475, SleepMilliseconds = 100.
TickCount = 246440, SleepMilliseconds = 50.
TickCount = 246456, SleepMilliseconds = 50.
TickCount = 246503, SleepMilliseconds = 50.
TickCount = 246518, SleepMilliseconds = 50.
TickCount = 246534, SleepMilliseconds = 50.
TickCount = 246550, SleepMilliseconds = 50.
TickCount = 246565, SleepMilliseconds = 50.
TickCount = 246581, SleepMilliseconds = 50.
TickCount = 246596, SleepMilliseconds = 50.
Process behavior
Behavior description:创建新文件进程
details:[0x00000ff0]ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe"
Behavior description:枚举进程
details:N/A
Behavior description:创建本地线程
details:TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 4088, StartAddress = 004C477A, Parameter = 005970F8
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 4092, StartAddress = 781329E1, Parameter = 00C276D8
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1924, StartAddress = 004CFA97, Parameter = 005976B0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1940, StartAddress = 781329E1, Parameter = 00C276D8
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 112, StartAddress = 781329E1, Parameter = 00C280A0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 2008, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 560, StartAddress = 781329E1, Parameter = 012DCBD0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1852, StartAddress = 0195A7F4, Parameter = 012CFCA0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1648, StartAddress = 781329E1, Parameter = 012DCBD0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1652, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1668, StartAddress = 00464401, Parameter = 012DDD58
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1620, StartAddress = 0049AF7E, Parameter = 00596EB8
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1656, StartAddress = 781329E1, Parameter = 012DCBD0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 1664, StartAddress = 02A0A48D, Parameter = 022F62D0
TargetProcess: kxetray.exe, InheritedFromPID = 3484, ProcessID = 4080, ThreadID = 304, StartAddress = 781329E1, Parameter = 0132E948
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kskinmgr.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\ktrashscan.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\microsoft.vc80.crt.manifest
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\microsoft.vc80.mfc.manifest
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcp80.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr100.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr80.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\kaccclear.dat
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\plugin.dat
Behavior description:获取文件属性探测虚拟机
details:GetFileAttributes: FileName = C:\Documents and Settings\Administrator\.VirtualBox
GetFileAttributes: FileName = C:\Program Files\Oracle\VirtualBox
GetFileAttributes: FileName = D:\Program Files\Oracle\VirtualBox
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kskinmgr.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\ktrashscan.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcp80.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr100.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr80.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\security\kxescan\ksreng3.dll
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\security\kxescan\ksreng3.dll ---> C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner_bak\trashign.dat
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner_bak\deepignorelist.dat
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\MSVCR80.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\Microsoft.VC80.CRT.manifest
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\log
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.log
FileName = C:\Documents and Settings\All Users\Application Data\Skype\*.*
FileName = C:\Documents and Settings\All Users\Skype\*.*
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp ---> Offset = 70875
C:\Documents and Settings\Administrator\Local Settings\Temp\nsr4.tmp ---> Offset = 103643
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll ---> Offset = 65536
Network behavior
Behavior description:建立到一个指定的套接字连接
details:URL: dl****om, IP: **.133.40.**:128, SOCKET = 0x00000490
URL: dl****om, IP: **.133.40.**:128, SOCKET = 0x00000550
Behavior description:按名称获取主机地址
details:gethostbyname: localhost
GetAddrInfoW: dl****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Kingsoft\antivirus\operation_game_mode_manual_Exit
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Kingsoft Internet Security\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\antivirus\Recommend
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\shoujizhushou\cfg\dubasilent
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\antivirus\operation_service_reboot_kxetray_time
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\antivirus\operation_game_mode_auto
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\antivirus\operation_kxetray_icon_show
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ControlFlags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\CtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\ServiceCtlGuid\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\WLanDiagCtlGuid\Guid
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\kcalendar
\REGISTRY\MACHINE\SOFTWARE\Kingsoft\antivirus\uninstall_flag
Behavior description:打开注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
\REGISTRY\MACHINE\SOFTWARE\VMware, Inc.\VMware Workstation
Other behavior
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
{6E8BF4D4-75FE-4e6e-8F22-E2AC2E900DF3}
Global\{CEECC180-4028-4817-A9B7-E89AE362A2C4}
MSCTF.Shared.MUTEX.IOH
Global\C:/Documents and Settings/Administrator/Local Settings/Temp/EB93A6/kcleaner/log/ktrashscan.dll.log
Global\KPERDATA_9E871687-1EBD-4d2c-83AD-104156B71DC2C:_Documents and Settings_Administrator_Local Settings_Temp_EB93A6_kcleaner_data_clearplugin_4271434480_kxetray.exe.che
Global\KPERDATA_9E871687-1EBD-4d2c-83AD-104156B71DC2C:_Documents and Settings_Administrator_Local Settings_Temp_EB93A6_kcleaner_data_clearplugin_urlinfo_kxetray.exe.che
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = Global\7BB9524A-D0A6-490b-BCFE-9C04329A0F89-manual
EventName = Global\0CAC304D-8762-42bd-9C9B-A3D6D63EB989-auto
EventName = Global\75AFC8EA-7E8D-4acf-A630-2A20C90CBE1B-4080
EventName = Global\tray_notifystart{0658E1E0-1873-4491-B7A4-9FB0CB8B4983}
EventName = Global\tray_notifyexit{20123719-F558-4fc5-B5DA-E2FEFD226F47}
EventName = Global\D5B4DE12-FD1E-466c-8C72-BF1F50E2533C
EventName = Global\KxetrayStatusNotify{28758114-8E0E-47f8-9F68-47F2C0769C8F}
EventName = Global\wifiPop{A73D8F23-9FE3-559F-A0B3-6E3F19D4C5EA}
EventName = Global\Kismain_Window_Event{43872917-4083-4982-BEC7-E4E1BF7DC7E3}
EventName = DINPUTWINMM
EventName = Global\kvipcore{B71D7DC2-4FD9-494f-8A34-326B911D2FD5}
EventName = kxetray{8ABB6B8B-C08D-4cb4-B289-4626AD20F5C9}
EventName = Global\284CA2B7-5747-4305-A306-B972DDF7C547
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:窗口信息
details:Pid = 4080, Hwnd=0x1041c, Text = 金山毒霸, ClassName = kismain{1ACD30B1-18F3-4f4d-B52D-4709D099998C}.
Pid = 4080, Hwnd=0x10428, Text = 垃圾清理, ClassName = ATL:02804710.
Behavior description:获取TickCount值
details:TickCount = 246003, SleepMilliseconds = 50.
TickCount = 246065, SleepMilliseconds = 50.
TickCount = 246268, SleepMilliseconds = 50.
TickCount = 246362, SleepMilliseconds = 50.
TickCount = 246428, SleepMilliseconds = 100.
TickCount = 246475, SleepMilliseconds = 100.
TickCount = 246440, SleepMilliseconds = 50.
TickCount = 246456, SleepMilliseconds = 50.
TickCount = 246503, SleepMilliseconds = 50.
TickCount = 246518, SleepMilliseconds = 50.
TickCount = 246534, SleepMilliseconds = 50.
TickCount = 246550, SleepMilliseconds = 50.
TickCount = 246565, SleepMilliseconds = 50.
TickCount = 246581, SleepMilliseconds = 50.
TickCount = 246596, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Global\crypt32LogoffEvent
Global\rebootupdate2{591B3A69-3AD5-43a1-8961-4757057B4345}
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\reboottray{7A919E60-708A-42f8-8AC8-9308F18546F2}
{34115DF9-B9DE-49d2-A0B0-AF60FE6EF9D2}
Global\{84D2D42D-D629-45fa-BB12-5F3C49ACF11E}-kxehost
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\{FF3682E2-BD3E-495d-8486-2531321A9354}
Global\KNetPayMode{37AE7F92-C10F-456a-821B-A29BFE97868D}
Global\LBSafePayEvent
Behavior description:枚举WLAN信息
details:N/A
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kskinmgr.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\ktrashscan.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcp80.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr100.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr80.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\security\kxescan\ksreng3.dll(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 50.
Behavior description:隐藏指定窗口
details:[Window,Class] = [bkmsgwnd,ATL:02804680]
[Window,Class] = [,ATL:005952D8]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll ---> dda6bfd0e761962ddb2bf658756dde4e
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll ---> e43fa546bb0f02ce2e3e47dc5c02b54b
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kskinmgr.dll ---> 9152c4b02a92bdc24dc63efc86fcbc4e
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\ktrashscan.dll ---> dfe2372e00f365a3d537bf984efa627f
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kxetray.exe ---> 054f8994fd4a72506db3d6d86477d43a
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcp80.dll ---> 4c8a880eabc0b4d462cc4b2472116ea1
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr100.dll ---> 366fd6f3a451351b5df2d7c4ecf4c73a
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr80.dll ---> e4fece18310e23b1d8fee993e35e7a6f
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll ---> 2e9e94adc982d061745b4c7dbe603201
C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\security\kxescan\ksreng3.dll ---> 2e9e94adc982d061745b4c7dbe603201
Behavior description:打开互斥体
details:ShimCacheMutex
{6E8BF4D4-75FE-4e6e-8F22-E2AC2E900DF3}
Global\{59CDB5EB-1672-47be-97AB-CD2F7FF7F61C}_qm
Global\{41ECF2AE-2715-4cf1-83E2-32C02A36F03F}_popmsgmode
KStartMenuMutex
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcp80.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\msvcr80.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kskinmgr.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kismain.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\kcleaner.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\ktrashscan.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\kcleaner\data\clearplugin\ksreng3.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号