VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:94
Behavior list
Basic Information
MD5:5be101d18f0b069d5db0d9c7134f42b2
file type:EXE
Production company:360.cn
version:8.1.1.158---8.1.1.158
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:360safeDlgBG.png / 929e3b8e9f0ef998ce0aec6e1a83f70f / Unknown
recyclebin_animated.png / c0e6e3a4b8aa1c607535cc278a0babc3 / Unknown
Sidebar_transbg.bmp / 34aec38945cb51c4ea39b769399cc8ff / Unknown
360se.xml / 5c32eb7e76fb3ba524fa838c82bedc79 / Unknown
360se_ie6.xml / 84f82d543bf6c9950255c9a1d02dfc67 / Unknown
360se_ie6.xml / 01f0e418f5a1bde2c02373645e67775d / Unknown
mirror_button.png / d8308e87147f1b10ef886b54c8555383 / Unknown
BH_headmask.png / e62a84868ade9bd4a8928ac1c23c9b2e / Unknown
BH_headmask.png / 42bfe12bcbb6dd6f5f1cc0b22bbb0c90 / Unknown
s7_phone_bind.png / 0f98d262dc96558180808406f05335f3 / Unknown
360se.xml / 15031432b57d29c8931bcf21f4dea8ee / Unknown
360se.xml / 5bf88618d5d2d592d84a8731f8b817e2 / Unknown
360se.xml / 2225f8cdc2e33a3c26a31e861ca059f6 / Unknown
360se.xml / 1f7aa1957fbba342f3f11907f27c7d72 / Unknown
AddressBGWarning.png / e684229a7f0d0f80dd10c54b49a6cce9 / Unknown
AddressBGSafe.png / a1569d1b193faf375ade67adceb0baa6 / Unknown
360se.xml / c3b28e6f31731873567b210ef75f6123 / Unknown
360se_ie6.xml / fbabbca93fa8d736e883c24063fcc04f / Unknown
360se_ie6.xml / 497b84d7389d2edd0a0ac842ce3b647a / Unknown
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000fa4
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000fa4
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x00000fa4
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x0000095c
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x0000095c
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffd8238, Size = 0x00000004 TargetPID = 0x0000095c
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000a74
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000a74
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffd6238, Size = 0x00000004 TargetPID = 0x00000a74
Behavior description:设置特殊文件夹属性
details:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\Low
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache
Behavior description:直接获取CPU时钟
details:EAX = 0x8e965cbe, EDX = 0x00000077
EAX = 0x993729d7, EDX = 0x00000077
EAX = 0x988be038, EDX = 0x00000078
EAX = 0x9b13afc1, EDX = 0x00000078
EAX = 0x9b13b00d, EDX = 0x00000078
EAX = 0x9b13b059, EDX = 0x00000078
EAX = 0x9b13b0a5, EDX = 0x00000078
EAX = 0x9b13b0f1, EDX = 0x00000078
EAX = 0x9b13b13d, EDX = 0x00000078
EAX = 0x9b13b189, EDX = 0x00000078
Process behavior
Behavior description:创建进程
details:[0x00000fa4]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\iexplore.exe" http://down.360safe.com/se/360se6_setup.exe
[0x0000095c]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\iexplore.exe" SCODEF:4004 CREDAT:79873
[0x00000a74]ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:1576 CREDAT:79873
Behavior description:跨进程写入数据
details:TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000fa4
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000fa4
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffd3238, Size = 0x00000004 TargetPID = 0x00000fa4
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x0000095c
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x0000095c
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffd8238, Size = 0x00000004 TargetPID = 0x0000095c
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040000, Size = 0x00000020 TargetPID = 0x00000a74
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00040020, Size = 0x00000034 TargetPID = 0x00000a74
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffd6238, Size = 0x00000004 TargetPID = 0x00000a74
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0ACF3FF-CF9D-11E7-828E-080027488980}.dat
C:\Users\Administrator\AppData\Local\Temp\~DFA7457178090BE6D6.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0ACF400-CF9D-11E7-828E-080027488980}.dat
C:\Users\Administrator\AppData\Local\Temp\~DF95661BBD4572074B.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\360se6_setup[1].exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\favicon[1].ico
C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D503FBD3-CF9D-11E7-828E-080027488980}.dat
C:\Users\Administrator\AppData\Local\Temp\~DF6312E9E340F357E7.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D503FBD4-CF9D-11E7-828E-080027488980}.dat
C:\Users\Administrator\AppData\Local\Temp\~DF4D1EDBEFF33F3FD1.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\yixun_com[1]
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Local\%temp%\*
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Local
FileName = C:\Users\Administrator\AppData\Local\Temp
FileName = C:\Users\Administrator\AppData\Local\%temp%
FileName = C:\Users\Administrator\AppData\Local\%temp%\b70c.exe
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\Program Files\Java
FileName = C:\Program Files\Java\jre1.8.0_144\bin
FileName = C:\Program Files\Java\jre1.8.0_144\bin\ssv.dll
FileName = C:\Program Files\Java\jre1.8.0_144\bin\jp2ssv.dll
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Local\Temp\~DFA7457178090BE6D6.TMP
C:\Users\Administrator\AppData\Local\Temp\~DF95661BBD4572074B.TMP
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\favicon[1].ico
C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\Administrator\AppData\Local\Temp\~DF6312E9E340F357E7.TMP
C:\Users\Administrator\AppData\Local\Temp\~DF4D1EDBEFF33F3FD1.TMP
Behavior description:设置特殊文件夹属性
details:C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Virtualized
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\PrivacIE\Low
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache\Low
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IETldCache\Low
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Users\Administrator\AppData\Local\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Users\Administrator\AppData\Local\Microsoft\Feeds Cache
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\IECompatCache
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0ACF3FF-CF9D-11E7-828E-080027488980}.dat ---> Offset = 512
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0ACF3FF-CF9D-11E7-828E-080027488980}.dat ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\~DFA7457178090BE6D6.TMP ---> Offset = 16383
C:\Users\Administrator\AppData\Local\Temp\~DFA7457178090BE6D6.TMP ---> Offset = 12288
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0ACF3FF-CF9D-11E7-828E-080027488980}.dat ---> Offset = 3072
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D0ACF3FF-CF9D-11E7-828E-080027488980}.dat ---> Offset = 1536
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0ACF400-CF9D-11E7-828E-080027488980}.dat ---> Offset = 512
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0ACF400-CF9D-11E7-828E-080027488980}.dat ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\~DF95661BBD4572074B.TMP ---> Offset = 16383
C:\Users\Administrator\AppData\Local\Temp\~DF95661BBD4572074B.TMP ---> Offset = 12288
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0ACF400-CF9D-11E7-828E-080027488980}.dat ---> Offset = 3072
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{D0ACF400-CF9D-11E7-828E-080027488980}.dat ---> Offset = 1536
C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> Offset = 0
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D503FBD3-CF9D-11E7-828E-080027488980}.dat ---> Offset = 512
C:\Users\Administrator\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{D503FBD3-CF9D-11E7-828E-080027488980}.dat ---> Offset = 0
Network behavior
Behavior description:下载文件
details:URLDownloadToFileW: http://ww****om/favicon.ico ---> C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
Behavior description:打开指定IE网页
details:http://do****om/se/360se6_setup.exe
Behavior description:连接指定站点
details:InternetConnectA: ServerName = do****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ur****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E), hSession = 0x00cc0004
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
Behavior description:建立到一个指定的套接字连接
details:URL: do****om, IP: **.133.40.**:80, SOCKET = 0x00000430
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000056c
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x000005f8
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000434
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000564
URL: ur****om, IP: **.133.40.**:443, SOCKET = 0x00000604
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
hFile = 0x00cc0018, BytesToRead =4095, BytesRead = 4095.
Behavior description:发送HTTP包
details:GET /se/360se6_setup.exe HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: do****om Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Host: ww****om Connection: Keep-Alive
GET / HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E) Accept-Encoding: gzip, deflate Host: ww****om Connection: Keep-Alive
Behavior description:打开HTTP请求
details:HttpOpenRequestA: do****om:80/se/360se6_setup.exe, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ww****om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=riulz7asmtljubdbdi6xiw%3d%3d&msurs-patented-lock=i7lffrwqp1u%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ur****om:443/urs.asmx?msurs-client-key=17ht3haihzswuqnbwmqzgw%3d%3d&msurs-patented-lock=dp5fbqrcuqe%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
Behavior description:按名称获取主机地址
details:GetAddrInfoW: do****om
GetAddrInfoW: ww****om
GetAddrInfoW: ur****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\360\360se6\Chrome\launch_fail
\REGISTRY\USER\S-*\Software\360\360se6\default\uioption\IsChangedSE8Skin
\REGISTRY\USER\S-*\Software\360\360se6\default\uioption\IsNeedUseLastSkinForMultiTabStyle
\REGISTRY\USER\S-*\Software\360\360se6\default\uioption\LastSkinPath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{D0ACF3FF-CF9D-11E7-828E-080027488980}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{92780B25-18CC-41C8-B9BE-3C9C571A8263}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9}\iexplore\Count
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\USER\S-*\Software\360\360se6\Chrome\launch_fail
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:1830B7BD-F7A3-4c4d-989B-C004DE465EDE 3416
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!BrowserEmulation!SharedMemory!Mutex
Local\!IETld!Mutex
RasPbFile
Behavior description:创建事件对象
details:EventName = Isolation Signal Registry Event (D0ACF3FD-CF9D-11E7-828E-080027488980, 0)
EventName = IE_EarlyTabStart_0xfb0
EventName = Isolation Signal Registry Event (D0ACF3FE-CF9D-11E7-828E-080027488980, 0)
EventName = OleDfRootA69C6DABB1AF4A28
EventName = OleDfRootDEFBD304612595EC
EventName = Local\RSS Eventing Event Event 00000fa4
EventName = Local\95c_18be
EventName = IEFrame.EventCheckDefaultBrowser
EventName = Isolation Signal Registry Event (D503FBD1-CF9D-11E7-828E-080027488980, 0)
EventName = IE_EarlyTabStart_0x638
EventName = Isolation Signal Registry Event (D503FBD2-CF9D-11E7-828E-080027488980, 0)
EventName = OleDfRoot5EA4951B383C8407
EventName = OleDfRootDAD88F33B1887042
EventName = Local\RSS Eventing Event Event 00000628
EventName = Local\a74_29
Behavior description:打开互斥体
details:Q360MonMutex
Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!BrowserEmulation!SharedMemory!Mutex
Local\!IETld!Mutex
Local\RSS Eventing Connection Database Mutex 00000fa4
Local\c:!users!administrator!appdata!local!microsoft!feeds cache!
RasPbFile
Local\!IECompat!Mutex
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [360se6_Frame,]
NtUserFindWindowEx: [Class,Window] = [Chrome_MessageWindow,C:\Users\Administrator\AppData\Roaming\User Data]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [Static,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\KernelObjects\MaximumCommitCondition
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Isolation Signal Registry Event (D0ACF3FD-CF9D-11E7-828E-080027488980, 0)
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.4004
MSFT.VSA.IEC.STATUS.6c736db0
Isolation Signal Registry Event (D0ACF3FE-CF9D-11E7-828E-080027488980, 0)
IE_EarlyTabStart_0xfb0
Global\TabletHardwarePresent
MSFT.VSA.COM.DISABLE.2396
Local\RSS Eventing Event Event 00000fa4
Local\95c_18be
Behavior description:窗口信息
details:Pid = 3416, Hwnd=0x40196, Text = 确定, ClassName = Button.
Pid = 3416, Hwnd=0x40184, Text = 取消, ClassName = Button.
Pid = 3416, Hwnd=0x4024a, Text = 检测到浏览器核心文件缺失,请点击“确定”重新下载安装360安全浏览器。, ClassName = Static.
Pid = 3416, Hwnd=0x401b2, Text = 浏览器核心文件缺失, ClassName = #32770.
Pid = 3416, Hwnd=0x501ac, Text = 360安全浏览器 8.1, ClassName = 360se6_Frame.
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
Behavior description:隐藏指定窗口
details:[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [http://down.360safe.com/se/360se6_setup.exe - Windows Internet Explorer,IEFrame]
[Window,Class] = [,UniversalSearchBand]
[Window,Class] = [,TravelBand]
[Window,Class] = [,CommandBarClass]
[Window,Class] = [,ReBarWindow32]
[Window,Class] = [,TabBandClass]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [http://www.yixun.com/ - Windows Internet Explorer,IEFrame]
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> d0966601ecd6239a9ce0241c9aa21571
Behavior description:直接获取CPU时钟
details:EAX = 0x8e965cbe, EDX = 0x00000077
EAX = 0x993729d7, EDX = 0x00000077
EAX = 0x988be038, EDX = 0x00000078
EAX = 0x9b13afc1, EDX = 0x00000078
EAX = 0x9b13b00d, EDX = 0x00000078
EAX = 0x9b13b059, EDX = 0x00000078
EAX = 0x9b13b0a5, EDX = 0x00000078
EAX = 0x9b13b0f1, EDX = 0x00000078
EAX = 0x9b13b13d, EDX = 0x00000078
EAX = 0x9b13b189, EDX = 0x00000078
Behavior description:加载新释放的文件
details:Image: C:\Users\Administrator\AppData\LocalLow\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号