VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:50
Behavior list
Basic Information
MD5:c583b25fc9a9c4335f9a5c313d5da303
file type:Nsis
Production company:
version:1.7.2.56---1.7.2.0056
Shell or compiler information:
Subfile information:netpasd.exedumpFile / d4965e755f97c0c57cb6924ba052efe1 / EXE
netpasd.exe / d4965e755f97c0c57cb6924ba052efe1 / EXE
Netpas_Acc.exedumpFile / e843323359d881f4d3777ddb7c5dd35b / EXE
Netpas_Acc.exe / e843323359d881f4d3777ddb7c5dd35b / EXE
Netpas_Core.dlldumpFile / c7f85dbdcbda97b28d2fb762155e0b43 / DLL
Netpas_Core.dll / c7f85dbdcbda97b28d2fb762155e0b43 / DLL
Updater.exedumpFile / 900570b6583107c96fc4b19903da9fe9 / EXE
Updater.exe / 900570b6583107c96fc4b19903da9fe9 / EXE
netpasdu.exedumpFile / 900570b6583107c96fc4b19903da9fe9 / EXE
netpasdu.exe / 900570b6583107c96fc4b19903da9fe9 / EXE
drv_install.exedumpFile / b36c5e40f25c8afe8c8acc7e895d9c6d / EXE
drv_install.exe / b36c5e40f25c8afe8c8acc7e895d9c6d / EXE
modern-wizard.bmpdumpFile / cbe40fd2b1ec96daedc65da172d90022 / Unknown
modern-wizard.bmp / cbe40fd2b1ec96daedc65da172d90022 / Unknown
netpas.sysdumpFile / e7ae373c97a40ef777758a62d785e7c9 / SYS
netpas.sys / e7ae373c97a40ef777758a62d785e7c9 / SYS
[NSIS].nsidumpFile / c39befeabef9d28da7562f6ac0af6922 / Unknown
[NSIS].nsi / 72abfe96df6fb2f548d37f61471f630c / Unknown
InstallOptions.dlldumpFile / 325b008aec81e5aaa57096f05d4212b5 / DLL
Key behavior
Behavior description:修改注册表_Winsock劫持
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [联宇益通 - NETPAS,Static]
[Window,Class] = [联宇益通 - NETPAS ,Static]
[Window,Class] = [,Static]
[Window,Class] = [许可证协议,Static]
[Window,Class] = [在安装“NETPAS ACC 1.7.2.0056”之前,请阅读授权协议。,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,#32770]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [资源(&E)...,Button]
[Window,Class] = [下一步(&N) >,Button]
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\NETPAS 网络加速器.lnk
Behavior description:关机或重启
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
Behavior description:创建系统服务
details:[服务创建成功]: NetpasDaemon, c:\Windows\system32\netpas\netpasd.exe
[服务创建成功]: netpasadapter1, system32\DRIVERS\netpas.sys
[服务已存在]: PSched, system32\DRIVERS\psched.sys
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetpasAcc
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nse4.tmp\ns5.tmp" "c:\windows\system32\netpas\netpasd.exe" -install
ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nse4.tmp\ns6.tmp" "c:\windows\system32\netpas\netpasd.exe" -start
ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nse4.tmp\ns7.tmp" "c:\windows\system32\netpas\driver\drv_install.exe" findall netpasadapter1
ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nse4.tmp\ns8.tmp" "c:\windows\system32\netpas\driver\drv_install.exe" install "c:\windows\system32\netpas\driver\netpas.inf" netpasadapter1
ImagePath = , CmdLine = "c:\docume~1\admini~1\locals~1\temp\nse4.tmp\nsc.tmp" "c:\windows\system32\cscript.exe" "c:\windows\system32\netpas\driver\netpas_dft.vbs"
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\runonce.exe, CmdLine = runonce -r
ImagePath = C:\WINDOWS\system32\cscript.exe, CmdLine = "C:\WINDOWS\system32\cscript.exe" "c:\Windows\system32\netpas\driver\netpas_dft.vbs"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns5.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns5.tmp" "c:\Windows\system32\netpas\netpasd.exe" -install
ImagePath = c:\Windows\system32\netpas\netpasd.exe, CmdLine = "c:\Windows\system32\netpas\netpasd.exe" -install
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns6.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns6.tmp" "c:\Windows\system32\netpas\netpasd.exe" -start
ImagePath = c:\Windows\system32\netpas\netpasd.exe, CmdLine = "c:\Windows\system32\netpas\netpasd.exe" -start
ImagePath = c:\Windows\system32\netpas\netpasd.exe, CmdLine = c:\Windows\system32\netpas\netpasd.exe
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns7.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns7.tmp" "c:\Windows\system32\netpas\driver\drv_install.exe" findall netpasadapter1
ImagePath = c:\Windows\system32\netpas\driver\drv_install.exe, CmdLine = "c:\Windows\system32\netpas\driver\drv_install.exe" findall netpasadapter1
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns8.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns8.tmp" "c:\Windows\system32\netpas\driver\drv_install.exe" install "c:\Windows\system32\netpas\driver\netpas.inf" netpasadapter1
ImagePath = c:\Windows\system32\netpas\driver\drv_install.exe, CmdLine = "c:\Windows\system32\netpas\driver\drv_install.exe" install "c:\Windows\system32\netpas\driver\netpas.inf" netpasadapter1
ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\nsC.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\nsC.tmp" "C:\WINDOWS\system32\cscript.exe" "c:\Windows\system32\netpas\driver\netpas_dft.vbs"
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\Administrator\「开始」菜单\程序\NETPAS ACC\NETPAS 网络加速器.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NETPAS ACC\官方网站.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\NETPAS ACC\Uninstall.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\System.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\InstallOptions.dll
C:\Program Files\NETPAS\NETPAS ACC\Netpas_Acc.exe
C:\Program Files\NETPAS\NETPAS ACC\Netpas_Core.dll
C:\Program Files\NETPAS\NETPAS ACC\Updater.exe
C:\WINDOWS\system32\netpas\netpasd.exe
C:\WINDOWS\system32\netpas\netpasdu.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\nsExec.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns5.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\services.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns6.tmp
C:\WINDOWS\system32\netpas\driver\drv_install.exe
C:\WINDOWS\system32\netpas\driver\netpas.sys
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns7.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns8.tmp
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\NETPAS 网络加速器.lnk
Behavior description:写权限映射文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns5.tmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns6.tmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns7.tmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ns8.tmp
\WINDOWS\setupapi.log
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\nsC.tmp
\WINDOWS\system32\zh-cn\cscript.exe.mui
DfSharedHeapD222E
\WINDOWS\system32\zh-cn\wshext.dll.mui
Behavior description:重命名文件
details:C:\WINDOWS\LastGood\TMP9.tmp ---> C:\WINDOWS\LastGood\INF\oem9.inf
C:\WINDOWS\LastGood\TMPA.tmp ---> C:\WINDOWS\LastGood\INF\oem9.PNF
C:\WINDOWS\system32\drivers\SETB.tmp ---> C:\WINDOWS\system32\drivers\netpas.sys
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\LocalService\Local Settings\History
C:\Documents and Settings\LocalService\Local Settings\History\History.IE5
C:\Documents and Settings\LocalService\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 36
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\modern-wizard.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 124
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 33
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 43
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 60
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 277
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 325
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 380
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 388
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 400
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 225
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 349
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\ioSpecial.ini---> Offset = 641
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://www.netpas.cc/download/netcheck.lst?lang=zh_CN hInternet = 0x00000210
Registry behavior
Behavior description:删除注册表键_分层网络协议
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\NetBIOS
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Network\NetCfgLockHolder
Behavior description:修改注册表_Winsock劫持
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Serial_Access_Num
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NetpasDaemon\EventMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NetpasDaemon\ParameterMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NetpasDaemon\CategoryCount
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NetpasDaemon\CategoryMessageFile
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Eventlog\Application\NetpasDaemon\TypesSupported
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cookies
\REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\History
\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem9.inf
\REGISTRY\MACHINE\SYSTEM\LastKnownGoodRecovery\LastGood\INF/oem9.PNF
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Ndi\Service
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Ndi\Interfaces\UpperRange
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Ndi\Interfaces\LowerRange
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\Manufacturer
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\ProductName
Behavior description:修改注册表_分层网络协议
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Providers\NetBIOS\WinSock 2.0 Provider ID
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Winsock\Setup Migration\Provider List
Behavior description:删除注册表键_Winsock劫持
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\00000005
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\00000006
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0010\InfSectionExt
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Adapters\{706F6C7D-62CF-4251-BBAC-4ED163952DE7}\NumInterfaces
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD61BB6F-BAC7-4E0D-A2C9-77E74B6BDA63}\InterfaceMetric
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{DD61BB6F-BAC7-4E0D-A2C9-77E74B6BDA63}\ActiveConfigurations
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706F6C7D-62CF-4251-BBAC-4ED163952DE7}\InterfaceMetric
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706F6C7D-62CF-4251-BBAC-4ED163952DE7}\ActiveConfigurations
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\InfSectionExt
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\BindPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\Bind
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0011\Linkage\Route
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage\BindPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage\Bind
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0003\Linkage\Route
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\BindPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E972-E325-11CE-BFC1-08002bE10318}\0009\Linkage\Bind
Behavior description:修改注册表_网络设置
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706F6C7D-62CF-4251-BBAC-4ED163952DE7}\DefaultGateway
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\Tcpip\Parameters\Interfaces\{706F6C7D-62CF-4251-BBAC-4ED163952DE7}\NameServer
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\NetpasAcc
Other behavior
Behavior description:创建驱动文件镜像
details:C:\WINDOWS\system32\drivers\netpas.sys
Behavior description:创建互斥体
details:RasPbFile
Global\{84b06608-8026-11d2-b1f2-00c04fd912b2}
SHIMLIB_LOG_MUTEX
Global\NetCfgWriteLock
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [联宇益通 - NETPAS,Static]
[Window,Class] = [联宇益通 - NETPAS ,Static]
[Window,Class] = [,Static]
[Window,Class] = [许可证协议,Static]
[Window,Class] = [在安装“NETPAS ACC 1.7.2.0056”之前,请阅读授权协议。,Static]
[Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [帮助,Button]
[Window,Class] = [完成,Button]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,#32770]
[Window,Class] = [,SysTabControl32]
[Window,Class] = [资源(&E)...,Button]
[Window,Class] = [下一步(&N) >,Button]
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [#32770,]
NtUserFindWindowEx: [Class,Window] = [SysListView32,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, NetpasDaemon, c:\Windows\system32\netpas\netpasd.exe
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Behavior description:创建系统服务
details:[服务创建成功]: NetpasDaemon, c:\Windows\system32\netpas\netpasd.exe
[服务创建成功]: netpasadapter1, system32\DRIVERS\netpas.sys
[服务已存在]: PSched, system32\DRIVERS\psched.sys
Behavior description:窗口信息
details:Pid = 1024, Hwnd=0xb01de, Text = 下一步(&N) >, ClassName = Button.
Pid = 1024, Hwnd=0xc01d6, Text = 取消(&C), ClassName = Button.
Pid = 1024, Hwnd=0xb01b0, Text = 联宇益通 - NETPAS , ClassName = Static.
Pid = 1024, Hwnd=0xa018c, Text = 联宇益通 - NETPAS, ClassName = Static.
Pid = 1024, Hwnd=0xb0170, Text = 欢迎使用“NETPAS ACC 1.7.2.0056”安装向导, ClassName = Static.
Pid = 1024, Hwnd=0xb01ce, Text = 这个向导将指引你完成“NETPAS ACC 1.7.2.0056”的安装进程。 在开始安装之前,建议先关闭其他所有应用程序。这将允许“安装程序”更新, ClassName = Static.
Pid = 1024, Hwnd=0xd0180, Text = NETPAS ACC 1.7.2.0056 安装, ClassName = #32770.
Pid = 1024, Hwnd=0xb016a, Text = < 上一步(&P), ClassName = Button.
Pid = 1024, Hwnd=0xa0198, Text = 许可证协议, ClassName = Static.
Pid = 1024, Hwnd=0xd01a4, Text = 在安装“NETPAS ACC 1.7.2.0056”之前,请阅读授权协议。, ClassName = Static.
Pid = 1024, Hwnd=0xc01ce, Text = 按 [PgDn] 阅读“授权协议”的其余部分。, ClassName = Static.
Pid = 1024, Hwnd=0xd01b4, Text = 如果你接受协议中的条款,选择下方第一个选项。必须要接受协议才能安装 NETPAS ACC 1.7.2.0056。单击 [下一步(N)] 继续。, ClassName = Static.
Pid = 1024, Hwnd=0xd01ac, Text = 我接受“许可证协议”中的条款(&A), ClassName = Button(RadioButton).
Pid = 1024, Hwnd=0xb0164, Text = 我不接受“许可证协议”中的条款(&N), ClassName = Button(RadioButton).
Pid = 1024, Hwnd=0xb01de, Text = 下一步, ClassName = Button.
Behavior description:关机或重启
details:N/A
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nse4.tmp\modern-wizard.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Translated by Keith Miller, United States
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号