VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:80
Behavior list
Basic Information
MD5:6409ac48d5457bb46d27ebf198baf0ab
file type:EXE
Production company:Red Gate Software Ltd
version:8.0.1.1383---1.8.3.738
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:104dumpFile / 4c32dd76dbe581a7e0220203c843b58f / EXE
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x79d2982b, EDX = 0x00000096
EAX = 0x79d29877, EDX = 0x00000096
EAX = 0x7f389723, EDX = 0x00000096
EAX = 0x7f38976f, EDX = 0x00000096
EAX = 0xa6b26bd9, EDX = 0x00000096
EAX = 0xa6b26c25, EDX = 0x00000096
EAX = 0xa6b26c71, EDX = 0x00000096
EAX = 0xa6b26cbd, EDX = 0x00000096
EAX = 0xa6b26d09, EDX = 0x00000096
EAX = 0xa6b26d55, EDX = 0x00000096
Behavior description:跨进程写入数据
details:TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x00150000, Size = 0x000005dc TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x7ffdf1e8, Size = 0x00000004 TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x00160000, Size = 0x00000020 TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x00160020, Size = 0x00000034 TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000e50
Behavior description:获取TickCount值
details:TickCount = 237375, SleepMilliseconds = 60000.
TickCount = 237515, SleepMilliseconds = 60000.
TickCount = 237531, SleepMilliseconds = 60000.
TickCount = 237640, SleepMilliseconds = 60000.
TickCount = 238125, SleepMilliseconds = 60000.
TickCount = 238187, SleepMilliseconds = 60000.
TickCount = 238578, SleepMilliseconds = 60000.
TickCount = 238718, SleepMilliseconds = 60000.
TickCount = 239562, SleepMilliseconds = 60000.
TickCount = 239609, SleepMilliseconds = 60000.
TickCount = 239750, SleepMilliseconds = 60000.
TickCount = 239968, SleepMilliseconds = 60000.
TickCount = 240031, SleepMilliseconds = 60000.
TickCount = 240046, SleepMilliseconds = 60000.
TickCount = 240343, SleepMilliseconds = 60000.
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x01360000, ResName: 72(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 71(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 70(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6f(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6e(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6d(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6c(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6b(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6a(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 68(ID), ResType: TOOLKIT
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\URLInfoAbout
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x00150000, Size = 0x000005dc TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x7ffdf1e8, Size = 0x00000004 TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x00160000, Size = 0x00000020 TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x00160020, Size = 0x00000034 TargetPID = 0x00000e50
TargetProcess = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000e50
Behavior description:创建新文件进程
details:[0x00000e50]ImagePath = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe, CmdLine = "C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe" RG_I="Red Gate Software Ltd."
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Local\Temp\CabA270.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp
C:\Users\Administrator\AppData\Local\Temp\CabA2B0.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp
C:\Users\Administrator\AppData\Local\Temp\CabA4A6.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp
C:\Users\Administrator\AppData\Local\Temp\{8FC54662-5A8F-4BDC-B469-8D325A8088D5}
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\projectitems.xml
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\sqltoolbeltinstaller.project
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.parameterparsing.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.usage.dotnet2client.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.longfilename.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\log4net.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.compressengine.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.interfaces.dll
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.parameterparsing.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.usage.dotnet2client.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.longfilename.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\log4net.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.compressengine.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.interfaces.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.model.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.engine.dll
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\.NET Framework 4.6 or greater.ess
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi
Behavior description:覆盖已有文件
details:C:\Users\Administrator\AppData\Local\Temp\CabA270.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp
C:\Users\Administrator\AppData\Local\Temp\CabA2B0.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp
C:\Users\Administrator\AppData\Local\Temp\CabA4A6.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp
C:\Users\Administrator\AppData\Local\GDIPFONTCACHEV1.DAT
Behavior description:查找文件
details:FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Users
FileName = C:\Users\ADMINI~1
FileName = C:\Users\ADMINI~1\AppData
FileName = C:\Users\ADMINI~1\AppData\Local
FileName = C:\Users\ADMINI~1\AppData\Local\Temp
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\*.*
FileName = C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\Windows\Microsoft.NET\Framework\\*
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\*
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}
FileName = C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe
FileName = C:\Windows\assembly\NativeImages_v4.0.30319_32\RedGate.Inseb9f0418#\*
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Local\Temp\CabA270.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp
C:\Users\Administrator\AppData\Local\Temp\CabA2B0.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp
C:\Users\Administrator\AppData\Local\Temp\CabA4A6.tmp
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp
C:\Users\Administrator\AppData\Local\Temp\{8FC54662-5A8F-4BDC-B469-8D325A8088D5}
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\.NET Framework 4.6 or greater.ess.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Data Tools.ess.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Management Studio or Visual Studio.ess.~1
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\extension.vsixmanifest.~1
Behavior description:复制文件
details:\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\.NET Framework 4.6 or greater.ess.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\.NET Framework 4.6 or greater.ess
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Data Tools.ess.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Data Tools.ess
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Management Studio or Visual Studio.ess.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Management Studio or Visual Studio.ess
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\extension.vsixmanifest.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\extension.vsixmanifest
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\PackageIcon.png.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\PackageIcon.png
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\PackagePreview.png.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\PackagePreview.png
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\RedGate.SQLPrompt.VsPackage.pkgdef.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\RedGate.SQLPrompt.VsPackage.pkgdef
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\extension.vsixmanifest.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\extension.vsixmanifest
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\PackageIcon.png.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\PackageIcon.png
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\PackagePreview.png.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\PackagePreview.png
\\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\RedGate.SQLPrompt.VsPackage.pkgdef.~1 ---> \\?\C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\RedGate.SQLPrompt.VsPackage.pkgdef
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Local\Temp\CabA270.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\TarA271.tmp ---> Offset = 98304
C:\Users\Administrator\AppData\Local\Temp\CabA2B0.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\TarA2B1.tmp ---> Offset = 98304
C:\Users\Administrator\AppData\Local\Temp\CabA4A6.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\TarA4A7.tmp ---> Offset = 98304
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x002f8a78, hConnect = 0x00305af0, Flags = 0x00000000
WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00305c10, hConnect = 0x00308f58, Flags = 0x00000000
WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x03055d38, hConnect = 0x0038fc20, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x002f8a78
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x00305c10
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x03055d38
Behavior description:下载文件
details:C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Data Tools.ess
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Server Management Studio or Visual Studio.ess
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\extension.vsixmanifest
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\PackageIcon.png
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\PackagePreview.png
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Common7\IDE\Extensions\SQLPrompt\RedGate.SQLPrompt.VsPackage.pkgdef
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\extension.vsixmanifest
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\PackageIcon.png
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\PackagePreview.png
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensions\SQLPrompt\RedGate.SQLPrompt.VsPackage.pkgdef
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\ManagementStudio\Extensions\SQLPrompt\extension.vsixmanifest
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: cr****om:80/comodorsaaddtrustca.crt, hConnect = 0x00305af0, hRequest = 0x00306d18, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/authrootstl.cab, hConnect = 0x00308f58, hRequest = 0x00311100, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/afe5d244a8d1194230ff479fe2f897bbcd7a8cb4.crt, hConnect = 0x0038fc20, hRequest = 0x0038fd08, Verb: GET, Referer: , Flags = 0x00000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: cr****om
GetAddrInfoW: ww****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Red Gate\Usage\featureUsageEnabled
\REGISTRY\USER\S-*\Software\Microsoft\GDIPlus\FontCachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Nqzvavfgengbe\NccQngn\Ybpny\Grzc\{2NR59922-030P-47Q7-O769-244420N1R3N4}\erqtngr.vafgnyyrejvmneq.hv.rkr
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\UserAssist\{CEBFF5CD-ACE2-4F4F-9178-9926F41749EA}\Count\P:\Hfref\Nqzvavfgengbe\NccQngn\Ybpny\Grzc\RO93N6\o70p.rkr
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Action Center\Checks\{945a8954-c147-4acd-923f-40c45405a658}.check.42\CheckSetting
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Behavior description:查询注册表_检测虚拟机相关
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions\URLInfoAbout
Other behavior
Behavior description:设置对象安全信息
details:C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Behavior description:窗口信息
details:Pid = 2896, Hwnd=0x101b6, Text = Verification of SQL Prompt failed. Do you wish to continue?, ClassName = Static.
Pid = 2896, Hwnd=0x101b8, Text = The certificate in the signature cannot be verified. , ClassName = Static.
Pid = 2896, Hwnd=0x101bc, Text = Yes, ClassName = Button.
Pid = 2896, Hwnd=0x101be, Text = No, ClassName = Button.
Pid = 2896, Hwnd=0x301b0, Text = SQL Prompt, ClassName = #32770.
Pid = 3664, Hwnd=0x102b8, Text = horizontalLineControl1, ClassName = WindowsForms10.Window.8.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102ba, Text = &Next >, ClassName = WindowsForms10.BUTTON.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102bc, Text = Cancel, ClassName = WindowsForms10.BUTTON.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102c0, Text = End User License Agreement, ClassName = WindowsForms10.STATIC.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102ca, Text = &Print..., ClassName = WindowsForms10.BUTTON.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102cc, Text = I &accept the terms in the license agreement, ClassName = WindowsForms10.BUTTON.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102ce, Text = To continue you must accept the terms of this agreement. If you do not want to accept the license terms, click Cancel., ClassName = WindowsForms10.STATIC.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x102b4, Text = Red Gate Standard EULA Any use of the Software (as defined below) is subject to the terms of this licence agreement (“Agreemen, ClassName = WindowsForms10.RichEdit20W.app.0.15a303f_r14_ad1.
Pid = 3664, Hwnd=0x402b0, Text = SQL Prompt, ClassName = WindowsForms10.Window.8.app.0.15a303f_r14_ad1.
Behavior description:创建事件对象
details:EventName = Global\CPFATE_3664_v4.0.30319
EventName = OleDfRoot2EAC6BEA3CED379F
EventName = OleDfRootE3CB392666F7DBB0
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:直接获取CPU时钟
details:EAX = 0x79d2982b, EDX = 0x00000096
EAX = 0x79d29877, EDX = 0x00000096
EAX = 0x7f389723, EDX = 0x00000096
EAX = 0x7f38976f, EDX = 0x00000096
EAX = 0xa6b26bd9, EDX = 0x00000096
EAX = 0xa6b26c25, EDX = 0x00000096
EAX = 0xa6b26c71, EDX = 0x00000096
EAX = 0xa6b26cbd, EDX = 0x00000096
EAX = 0xa6b26d09, EDX = 0x00000096
EAX = 0xa6b26d55, EDX = 0x00000096
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
MSFT.VSA.COM.DISABLE.3664
MSFT.VSA.IEC.STATUS.6c736db0
\KernelObjects\MaximumCommitCondition
{A1965210-3A9D-4bca-822B-433645B3F5A2}
Behavior description:获取TickCount值
details:TickCount = 237375, SleepMilliseconds = 60000.
TickCount = 237515, SleepMilliseconds = 60000.
TickCount = 237531, SleepMilliseconds = 60000.
TickCount = 237640, SleepMilliseconds = 60000.
TickCount = 238125, SleepMilliseconds = 60000.
TickCount = 238187, SleepMilliseconds = 60000.
TickCount = 238578, SleepMilliseconds = 60000.
TickCount = 238718, SleepMilliseconds = 60000.
TickCount = 239562, SleepMilliseconds = 60000.
TickCount = 239609, SleepMilliseconds = 60000.
TickCount = 239750, SleepMilliseconds = 60000.
TickCount = 239968, SleepMilliseconds = 60000.
TickCount = 240031, SleepMilliseconds = 60000.
TickCount = 240046, SleepMilliseconds = 60000.
TickCount = 240343, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_CREATE_TOKEN_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:查找PE资源信息
details:(FindResourceExExW) hModule = 0x01360000, ResName: 72(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 71(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 70(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6f(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6e(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6d(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6c(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6b(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 6a(ID), ResType: TOOLKIT
(FindResourceExExW) hModule = 0x01360000, ResName: 68(ID), ResType: TOOLKIT
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002DD860, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x002DA258, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00311788, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00304CF0, DataLen: 532, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x003119D0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x00305740, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x002FAFB0, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x004528A4, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x004545E4, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x005EEFD0, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00455524, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0045571C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00469624, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0046962C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x00455DAC, DataLen: 148, Flags: 0x00000000
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.parameterparsing.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.usage.dotnet2client.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.longfilename.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\log4net.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.compressengine.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.interfaces.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.model.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.engine.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\.NET Framework 4.6 or greater.ess(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
Behavior description:获取光标位置
details:CursorPos = (48,18794), SleepMilliseconds = 60000.
CursorPos = (6341,26827), SleepMilliseconds = 60000.
CursorPos = (19176,16051), SleepMilliseconds = 60000.
CursorPos = (11485,29685), SleepMilliseconds = 60000.
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.parameterparsing.dll ---> 5109f8701b4e826fb3730a38f404b414
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.usage.dotnet2client.dll ---> 506e3b3c5e0ae1a40674449e21c3a2e5
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\log4net.dll ---> b89cb7f3f1a1e2807e708f5435deb13d
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.longfilename.dll ---> 38cfe94de7e3f7a5a6dcfe319c946e34
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.compressengine.dll ---> b068faf9a9bbcf997f87d5fb3f7f696b
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.interfaces.dll ---> bcb78b12604e347f897a3adf2763197c
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.dll ---> 8c1a49f445677596a80d5d94383d2a8a
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.model.dll ---> 4a8ab24eecb751d2b6c33ab2a261d5f2
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe ---> 4c32dd76dbe581a7e0220203c843b58f
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.engine.dll ---> f571027fce9da90f284313b6c4cb8f11
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\.NET Framework 4.6 or greater.ess ---> d0966601ecd6239a9ce0241c9aa21571
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio Express.prq ---> d0966601ecd6239a9ce0241c9aa21571
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for SQL Server Management Studio.prq ---> d0966601ecd6239a9ce0241c9aa21571
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\Extensibility for Visual Studio 2017.prq ---> d0966601ecd6239a9ce0241c9aa21571
C:\Users\Administrator\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\SQL Prompt\SQL Prompt_8.0.1.1383_x86.msi ---> d0966601ecd6239a9ce0241c9aa21571
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:加载新释放的文件
details:Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.ui.exe.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\log4net.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerwizard.engine.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.usage.dotnet2client.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.parameterparsing.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installerengine.interfaces.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.compressengine.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\{2AE59922-030C-47D7-B769-244420A1E3A4}\redgate.installer.longfilename.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号