VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:89
Behavior list
Basic Information
MD5:a56a3ca25ae003fe519df0c9e2d23797
file type:EXE
Production company:Free PDF Solutions
version:1.0.0.0---1.0.0
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Key behavior
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取TickCount值
details:TickCount = 280578, SleepMilliseconds = 60000.
TickCount = 280734, SleepMilliseconds = 60000.
TickCount = 280765, SleepMilliseconds = 60000.
TickCount = 280781, SleepMilliseconds = 60000.
TickCount = 280796, SleepMilliseconds = 60000.
TickCount = 280890, SleepMilliseconds = 60000.
TickCount = 280953, SleepMilliseconds = 60000.
TickCount = 280968, SleepMilliseconds = 60000.
TickCount = 280984, SleepMilliseconds = 60000.
TickCount = 281000, SleepMilliseconds = 60000.
TickCount = 281015, SleepMilliseconds = 60000.
Process behavior
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2712, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2748, StartAddress = 00478177, Parameter = 0053A428
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2752, StartAddress = 00488CED, Parameter = 0012F808
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2768, StartAddress = 00488CED, Parameter = 0012F808
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2776, StartAddress = 00488CED, Parameter = 0012F138
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2800, StartAddress = 00487ED1, Parameter = 0012F4A4
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2808, StartAddress = 0046E888, Parameter = 0012FB24
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2824, StartAddress = 0045E2B0, Parameter = 00BE76F8
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2828, StartAddress = 7CAA203B, Parameter = 7CB75F50
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2872, StartAddress = 7CA9D8AF, Parameter = 0023A948
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2876, StartAddress = 7CADC288, Parameter = 0023AAA0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2888, StartAddress = 77E56C7D, Parameter = 002377E0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2892, StartAddress = 769AE43B, Parameter = 001F8FD0
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2944, StartAddress = 77E56C7D, Parameter = 0020B620
TargetProcess: %temp%\****.exe, InheritedFromPID = 2000, ProcessID = 2684, ThreadID = 2956, StartAddress = 7CA9D8AF, Parameter = 0023A948
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll
C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\holder0.aiph
C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\DC8C7E4\setup.msi
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\back.png
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\jquery-1.3.2.js
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\userexit.html
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\common.js
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\pngfix\DD_belatedPNG_0.0.8a.js
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\resume.html
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box-add-remove.png
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\check.png
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box-remove.png
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\cancel.png
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\aicustact.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\tempFiles.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\lzmaextractor.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\viewer.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\Prereq.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI9.tmp
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Application Data
FileName = C:\WINDOWS\system32\msi.dll
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\DC8C7E4
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\DC8C7E4\
FileName = C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install
FileName = C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\DC8C7E4
FileName = C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\DC8C7E4\setup.msi
FileName = C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscoreei.dll
FileName = C:\WINDOWS\Microsoft.NET\Framework\\*
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\back.png
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\jquery-1.3.2.js
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI9.tmp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\DC8C7E4\setup.msi ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 1024
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> Offset = 2048
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\back.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png ---> Offset = 1024
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png ---> Offset = 2048
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\box.png ---> Offset = 4096
C:\Documents and Settings\Administrator\Local Settings\Temp\{D873FD2B-E766-49DF-A63A-B42E3DC8C7E4}\Spring.742DA8B7\jquery-1.3.2.js ---> Offset = 0
Network behavior
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\AppEvents\Schemes\Apps\Explorer\Navigating\.Current\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Other behavior
Behavior description:获取光标位置
details:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 60000.
CursorPos = (4866,5437), SleepMilliseconds = 60000.
CursorPos = (32430,14605), SleepMilliseconds = 60000.
CursorPos = (3941,154), SleepMilliseconds = 60000.
CursorPos = (331,12383), SleepMilliseconds = 60000.
CursorPos = (17460,18717), SleepMilliseconds = 60000.
CursorPos = (19757,19896), SleepMilliseconds = 60000.
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\!PrivacIE!SharedMemory!Mutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AIK
MSIMGSIZECacheMutex
Behavior description:创建事件对象
details:EventName = Advinst_2F34DEEAB59342CE8CC250AC9C51C267
EventName = 2684_uigo_evt
EventName = 2684_mdl_evt
EventName = 2684_sho_evt
EventName = 2684_edlg_evt
EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = 2684_sti_evt
EventName = 2684_uis_evt
EventName = Caphyon.AI.ExtUI.IEClickSoundRemover
EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.AIK.IC
EventName = MSCTF.SendReceiveConection.Event.AIK.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2684
MSFT.VSA.IEC.STATUS.6c736db0
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000011
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000011
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000012
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000012
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Behavior description:获取TickCount值
details:TickCount = 280578, SleepMilliseconds = 60000.
TickCount = 280734, SleepMilliseconds = 60000.
TickCount = 280765, SleepMilliseconds = 60000.
TickCount = 280781, SleepMilliseconds = 60000.
TickCount = 280796, SleepMilliseconds = 60000.
TickCount = 280890, SleepMilliseconds = 60000.
TickCount = 280953, SleepMilliseconds = 60000.
TickCount = 280968, SleepMilliseconds = 60000.
TickCount = 280984, SleepMilliseconds = 60000.
TickCount = 281000, SleepMilliseconds = 60000.
TickCount = 281015, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_CREATE_TOKEN_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2684, Hwnd=0x4039a, Text = &Next >, ClassName = Button.
Pid = 2684, Hwnd=0x30366, Text = < &Back, ClassName = Button.
Pid = 2684, Hwnd=0x30362, Text = Welcome to the Free PDF to PNG Converter Setup Wizard, ClassName = Static.
Pid = 2684, Hwnd=0x50368, Text = The Setup Wizard will install Free PDF to PNG Converter on your computer. Click Next to continue or close the window to exit the Setup Wizard., ClassName = Static.
Pid = 2684, Hwnd=0x503b4, Text = Bitmap, ClassName = Static.
Pid = 2684, Hwnd=0xa0350, Text = Free PDF to PNG Converter Setup, ClassName = #32770.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\aicustact.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\tempFiles.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\lzmaextractor.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\viewer.exe(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\Prereq.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI7.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI9.tmp(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 60000.
[6]: MilliSeconds = 60000.
[7]: MilliSeconds = 60000.
[8]: MilliSeconds = 60000.
[9]: MilliSeconds = 60000.
[10]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll ---> 64016d43c1cee02f601f5013b798aa52
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI3.tmp ---> 4e1fa2084fb3ebcad3fc3ce72c3e8557
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI4.tmp ---> 0cb489f9ee8269e23ea72c6a44993130
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI5.tmp ---> 0cb489f9ee8269e23ea72c6a44993130
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI6.tmp ---> 0cb489f9ee8269e23ea72c6a44993130
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\aicustact.dll ---> 0cb489f9ee8269e23ea72c6a44993130
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\tempFiles.dll ---> 4e1fa2084fb3ebcad3fc3ce72c3e8557
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\lzmaextractor.dll ---> 261152d0967f3678d78365462b211348
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\viewer.exe ---> f0cc3db24d002f76f843e04f7140cba2
C:\Documents and Settings\Administrator\Local Settings\Temp\AI_EXTUI_BIN_2684\Prereq.dll ---> 02001092db7cd807605e044df91ff4d5
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI7.tmp ---> 02001092db7cd807605e044df91ff4d5
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI8.tmp ---> 0cb489f9ee8269e23ea72c6a44993130
C:\Documents and Settings\Administrator\Local Settings\Temp\MSI9.tmp ---> 4e1fa2084fb3ebcad3fc3ce72c3e8557
Behavior description:打开互斥体
details:ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
RasPbFile
CtfmonInstMutexDefaultS-*
Behavior description:加载新释放的文件
details:Image: C:\Documents and Settings\Administrator\Application Data\Free PDF Solutions\Free PDF to PNG Converter 1.0.0\install\decoder.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI3.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI4.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI5.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI6.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI7.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI8.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\MSI9.tmp.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号