VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, VirSCAN can scan compressed files with password 'infected' or 'virus'.

Language
Server load
Server Load

File information
Safety rating:85
Basic Information
MD5:794b67812eec682dac087685722f827a
file type:EXE
Production company:Apowersoft Ltd.
version:1.7.0.0---1.7.0
Shell or compiler information:COMPILER:Borland Delphi 6.0 - 7.0 [Overlay]
Key behavior
Behavior description:杀掉进程
details:TASKKILL = "C:\WINDOWS\system32\taskkill.exe" /f /t /im "Apowersoft Online Launcher.exe"
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
Behavior description:获取TickCount值
details:TickCount = 226515, SleepMilliseconds = 250.
TickCount = 226546, SleepMilliseconds = 250.
TickCount = 229925, SleepMilliseconds = 50.
TickCount = 229987, SleepMilliseconds = 50.
TickCount = 230050, SleepMilliseconds = 50.
TickCount = 230112, SleepMilliseconds = 50.
TickCount = 230175, SleepMilliseconds = 50.
TickCount = 230237, SleepMilliseconds = 50.
TickCount = 230300, SleepMilliseconds = 50.
TickCount = 230362, SleepMilliseconds = 50.
TickCount = 230425, SleepMilliseconds = 50.
TickCount = 230487, SleepMilliseconds = 50.
TickCount = 230550, SleepMilliseconds = 50.
TickCount = 230628, SleepMilliseconds = 50.
TickCount = 230690, SleepMilliseconds = 50.
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\WINDOWS\system32\taskkill.exe" /f /t /im "Apowersoft Online Launcher.exe"
ImagePath = , CmdLine = "C:\WINDOWS\system32\netsh.exe" firewall delete allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe"
ImagePath = , CmdLine = "C:\WINDOWS\system32\netsh.exe" firewall add allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe" "Apowersoft Online Launcher" ENABLE
Behavior description:创建进程
details:[0x00000adc]ImagePath = C:\WINDOWS\system32\taskkill.exe, CmdLine = "C:\WINDOWS\system32\taskkill.exe" /f /t /im "Apowersoft Online Launcher.exe"
[0x00000b88]ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = "C:\WINDOWS\system32\netsh.exe" firewall delete allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe"
[0x00000bfc]ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = "C:\WINDOWS\system32\netsh.exe" firewall add allowedprogram "C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe" "Apowersoft Online Launcher" ENABLE
Behavior description:创建本地线程
details:TargetProcess: 996E.tmp, InheritedFromPID = 2636, ProcessID = 2660, ThreadID = 2724, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: taskkill.exe, InheritedFromPID = 2660, ProcessID = 2780, ThreadID = 2812, StartAddress = 77E56C7D, Parameter = 000EAC60
TargetProcess: taskkill.exe, InheritedFromPID = 2660, ProcessID = 2780, ThreadID = 2816, StartAddress = 769AE43B, Parameter = 000ED4C0
TargetProcess: taskkill.exe, InheritedFromPID = 2660, ProcessID = 2780, ThreadID = 2820, StartAddress = 77E56C7D, Parameter = 000EDB88
TargetProcess: Apowersoft Online Launcher.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 2960, StartAddress = 792A741C, Parameter = 00000000
TargetProcess: Apowersoft Online Launcher.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 2964, StartAddress = 791F59C0, Parameter = 001B0370
TargetProcess: netsh.exe, InheritedFromPID = 2660, ProcessID = 2952, ThreadID = 2992, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: Apowersoft Online Launcher.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 3012, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: netsh.exe, InheritedFromPID = 2660, ProcessID = 2952, ThreadID = 3016, StartAddress = 77E56C7D, Parameter = 001B7478
TargetProcess: netsh.exe, InheritedFromPID = 2660, ProcessID = 2952, ThreadID = 3020, StartAddress = 769AE43B, Parameter = 001B9058
TargetProcess: netsh.exe, InheritedFromPID = 2660, ProcessID = 2952, ThreadID = 3024, StartAddress = 77E56C7D, Parameter = 001BE458
TargetProcess: netsh.exe, InheritedFromPID = 2660, ProcessID = 3068, ThreadID = 3076, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: Apowersoft Online Launcher.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 3088, StartAddress = 792F7F68, Parameter = 00000000
TargetProcess: Apowersoft Online Launcher.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 3092, StartAddress = 77E56C7D, Parameter = 001E04F0
TargetProcess: Apowersoft Online Launcher.exe, InheritedFromPID = 2660, ProcessID = 2944, ThreadID = 3096, StartAddress = 769AE43B, Parameter = 001E2C08
Behavior description:创建新文件进程
details:[0x00000a64]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-IJOE6.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-IJOE6.tmp\996E.tmp" /SL5="$10340,1163598,548864,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
[0x00000b80]ImagePath = C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe"
Behavior description:杀掉进程
details:TASKKILL = "C:\WINDOWS\system32\taskkill.exe" /f /t /im "Apowersoft Online Launcher.exe"
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup Log 2017-11-07 #001.txt
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\unins000.dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-Q2NMV.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-E4G67.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-7C58P.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-3AS4S.tmp
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-Q2NMV.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-E4G67.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-7C58P.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-3AS4S.tmp
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\unins000.dat
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-IJOE6.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-IJOE6.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\taskkill.exe
FileName = C:\*.*
FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\unins???.*
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll
Behavior description:重命名文件
details:C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-Q2NMV.tmp ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\unins000.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-E4G67.tmp ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-7C58P.tmp ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\SuperSocket.SocketEngine.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-3AS4S.tmp ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\SuperSocket.WebSocket.dll
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup Log 2017-11-07 #001.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup Log 2017-11-07 #001.txt ---> Offset = 3
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup Log 2017-11-07 #001.txt ---> Offset = 29
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup Log 2017-11-07 #001.txt ---> Offset = 63
C:\Documents and Settings\Administrator\Local Settings\Temp\Setup Log 2017-11-07 #001.txt ---> Offset = 65
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-Q2NMV.tmp ---> Offset = 0
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*_CLASSES\apowersoft-launcher\shell\
\REGISTRY\USER\S-*_CLASSES\apowersoft-launcher\shell\open\
\REGISTRY\USER\S-*_CLASSES\apowersoft-launcher\shell\open\command\
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Lsa\FipsAlgorithmPolicy\Enabled
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\Inno Setup: Setup Version
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\Inno Setup: App Path
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\InstallLocation
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\Inno Setup: Icon Group
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\Inno Setup: User
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\Inno Setup: Language
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\DisplayName
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\DisplayIcon
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\UninstallString
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\QuietUninstallString
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Uninstall\{20BF67A8-D81A-4489-8225-FABAA0896E2D}_is1\DisplayVersion
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Lsa\FipsAlgorithmPolicy\Enabled
Behavior description:修改注册表_URL协议关联
details:\REGISTRY\USER\S-*_CLASSES\apowersoft-launcher\URL Protocol
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\Apowersoft Online Launcher.exe
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建互斥体
details:oleacc-msaa-loaded
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.IOH
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
_SHuassist.mtx
MSCTF.Shared.MUTEX.IGK
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = Global\CPFATE_2944_v4.0.30319
EventName = MSCTF.SendReceive.Event.IGK.IC
EventName = MSCTF.SendReceiveConection.Event.IGK.IC
Behavior description:窗口信息
details:Pid = 2660, Hwnd=0x3039c, Text = Apowersoft Online Launcher V1.7.0 (Build 07/20/2017) , ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x40368, Text = 正在安装, ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x4036a, Text = 请稍候,安装向导正在您的电脑上安装Apowersoft Online Launcher。, ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x303a2, Text = 正在结束安装…, ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x60364, Text = 点击“安装”开始安装。, ClassName = TNewStaticText.
Pid = 2660, Hwnd=0x1037c, Text = DirEdit, ClassName = TEdit.
Pid = 2660, Hwnd=0x20392, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 2660, Hwnd=0x20394, Text = 取消, ClassName = TNewButton.
Pid = 2660, Hwnd=0x30356, Text = 安装向导 - Apowersoft Online Launcher, ClassName = TWizardForm.
Pid = 2944, Hwnd=0x203d4, Text = 确定, ClassName = Button.
Pid = 2944, Hwnd=0x103d6, Text = #Error: System.IO.FileNotFoundException Could not load file or assembly "zip, Version=0.0.0.0, Culture=neutral, PublicKeyToken=61d399c239a12249" or one of its dependencies. 系统找不到指定的文件。 at netz.NetzStarter.UnZip(Byte[] data) at netz.NetzStarter.GetAss, ClassName = Static.
Pid = 2944, Hwnd=0x303d2, Text = Error, ClassName = #32770.
Pid = 2660, Hwnd=0x1042e, Text = 确定, ClassName = Button.
Pid = 2660, Hwnd=0x10436, Text = 安装完毕! 返回页面体验功能!, ClassName = Static.
Pid = 2660, Hwnd=0x1042c, Text = 安装向导, ClassName = #32770.
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
MSFT.VSA.COM.DISABLE.2780
MSFT.VSA.IEC.STATUS.6c736db0
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\crypt32LogoffEvent
Global\CLR_PerfMon_StartEnumEvent
\KernelObjects\LowMemoryCondition
Global\SvcctrlStartEvent_A3752DX
MSFT.VSA.COM.DISABLE.2952
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
Behavior description:获取TickCount值
details:TickCount = 226515, SleepMilliseconds = 250.
TickCount = 226546, SleepMilliseconds = 250.
TickCount = 229925, SleepMilliseconds = 50.
TickCount = 229987, SleepMilliseconds = 50.
TickCount = 230050, SleepMilliseconds = 50.
TickCount = 230112, SleepMilliseconds = 50.
TickCount = 230175, SleepMilliseconds = 50.
TickCount = 230237, SleepMilliseconds = 50.
TickCount = 230300, SleepMilliseconds = 50.
TickCount = 230362, SleepMilliseconds = 50.
TickCount = 230425, SleepMilliseconds = 50.
TickCount = 230487, SleepMilliseconds = 50.
TickCount = 230550, SleepMilliseconds = 50.
TickCount = 230628, SleepMilliseconds = 50.
TickCount = 230690, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x001D3C1C, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x001D94CC, DataLen: 148, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_SIGN (0x00002400), Data: 0x0356D51B, DataLen: 148, Flags: 0x00000000
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-Q2NMV.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-E4G67.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-7C58P.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-3AS4S.tmp(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = -1.
[2]: MilliSeconds = 20.
[3]: MilliSeconds = 250.
[1]: MilliSeconds = 50.
[2]: MilliSeconds = 50.
[3]: MilliSeconds = 50.
[4]: MilliSeconds = 50.
[5]: MilliSeconds = 50.
[6]: MilliSeconds = 50.
[7]: MilliSeconds = 50.
[8]: MilliSeconds = 50.
[9]: MilliSeconds = 50.
[10]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [安装向导,TApplication]
[Window,Class] = [,ComboLBox]
[Window,Class] = [安装向导 - Apowersoft Online Launcher,TWizardForm]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\is-IJOE6.tmp\996E.tmp ---> eaaf202751577bb2927726e11a127158
C:\Documents and Settings\Administrator\Local Settings\Temp\is-GTFNB.tmp\isxdl.dll ---> f7b445a6cb2064d7b459451e86ca6b0e
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-Q2NMV.tmp ---> b00dba6001316b4cfcbf8ec77e7b8295
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-E4G67.tmp ---> 4495477630b896675f49b7aa4eaa3f2d
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-7C58P.tmp ---> a9ad00e5686fae6e2c71dbf4c5675b94
C:\Documents and Settings\Administrator\Local Settings\Application Data\Apowersoft\Apowersoft Online Launcher\is-3AS4S.tmp ---> 1f6838be9d8376c0962575dc55cc797d
Behavior description:打开互斥体
details:ShimCacheMutex
Apowersoft Online Launcher
Global\Apowersoft Online Launcher
Local\!IETld!Mutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-GTFNB.tmp\isxdl.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | link | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号