VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:79
Behavior list
Basic Information
MD5:d421affc0f03296da4dfcc416fca51a7
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual Studio .NET 2005 -- 2008 -> Microsoft Corporation [Overlay] *
Subfile information:key.txt / 59cbcb882218aaf59d6a3705b73413c6 / Unknown
netlimiter-4.0.32.0.exe / ccf559fc965026f3174040f7e6429634 / EXE
Visit My Blog!.url / c5abecaa5c2cf684f53514160e13bd16 / Unknown
Key behavior
Behavior description:直接获取CPU时钟
details:EAX = 0x26ee3f6e, EDX = 0x00000076
EAX = 0x29760ef7, EDX = 0x00000076
EAX = 0x3416dc10, EDX = 0x00000076
EAX = 0x3416dc5c, EDX = 0x00000076
EAX = 0x413f78b2, EDX = 0x00000076
EAX = 0x43c7483b, EDX = 0x00000076
EAX = 0x75e1e972, EDX = 0x00000076
EAX = 0x75e1e9be, EDX = 0x00000076
EAX = 0x7894e93a, EDX = 0x00000076
EAX = 0x7894e986, EDX = 0x00000076
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x000701ec, DC = 0x0f010716.
Foreground window Info: HWND = 0x000701ec, DC = 0x1001097e.
Behavior description:获取TickCount值
details:TickCount = 203187, SleepMilliseconds = 60000.
TickCount = 203406, SleepMilliseconds = 60000.
TickCount = 203484, SleepMilliseconds = 60000.
TickCount = 203890, SleepMilliseconds = 60000.
TickCount = 203906, SleepMilliseconds = 60000.
TickCount = 204046, SleepMilliseconds = 60000.
TickCount = 204078, SleepMilliseconds = 60000.
TickCount = 204093, SleepMilliseconds = 60000.
File behavior
Behavior description:创建文件
details:C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\holder0.aiph
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86\netlimiter-4.0.32.0.msi
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86\netlimiter-4.0.32.0.x64.msi
C:\Users\Administrator\AppData\Local\Temp\Cab2B1D.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2B3E.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2B8E.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B8F.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2EAD.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2EBE.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI321A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI3383.tmp
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\frame_bottom_left.bmp
Behavior description:创建可执行文件
details:C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll
C:\Users\Administrator\AppData\Local\Temp\MSI321A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI3383.tmp
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\DotNetNativeImage.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\NLCALib.dll_1
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\Prereq.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\ResourceCleaner.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\aicustact.dll
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\lzmaextractor.dll
C:\Users\Administrator\AppData\Local\Temp\MSI34EB.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI354A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI356A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI35F8.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI3647.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI3686.tmp
Behavior description:覆盖已有文件
details:C:\Users\Administrator\AppData\Local\Temp\Cab2B1D.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2B3E.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2B8E.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B8F.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2EAD.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2EBE.tmp
Behavior description:查找文件
details:FileName = C:\Windows\system32\msi.dll
FileName = \\?\C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll
FileName = \\?\C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\
FileName = \\?\C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86
FileName = \\?\C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86\
FileName = C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86\netlimiter-4.0.32.0.mst
FileName = C:\Users
FileName = C:\Users\Administrator\AppData
FileName = C:\Users\Administrator\AppData\Roaming
FileName = C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install
FileName = C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\Certificates\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CRLs\*
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\SystemCertificates\My\CTLs\*
FileName = C:\Users\Administrator\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_*
Behavior description:删除文件
details:C:\Users\Administrator\AppData\Local\Temp\Cab2B1D.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2B3E.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2B8E.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2B8F.tmp
C:\Users\Administrator\AppData\Local\Temp\Cab2EAD.tmp
C:\Users\Administrator\AppData\Local\Temp\Tar2EBE.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI321A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI3383.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI34EB.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI354A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI356A.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI35F8.tmp
C:\Users\Administrator\AppData\Local\Temp\MSI3647.tmp
Behavior description:修改文件内容
details:C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll ---> Offset = 65536
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll ---> Offset = 131072
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86\netlimiter-4.0.32.0.msi ---> Offset = 0
C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\3468A86\netlimiter-4.0.32.0.x64.msi ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Cab2B1D.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\Tar2B1E.tmp ---> Offset = 98304
C:\Users\Administrator\AppData\Local\Temp\Cab2B3E.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp ---> Offset = 0
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp ---> Offset = 32768
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp ---> Offset = 65536
C:\Users\Administrator\AppData\Local\Temp\Tar2B3F.tmp ---> Offset = 98304
Network behavior
Behavior description:连接指定站点
details:WinHttpConnect: ServerName = oc****om, PORT = 80, UserName = , Password = , hSession = 0x003725c0, hConnect = 0x0216f9a8, Flags = 0x00000000
WinHttpConnect: ServerName = cr****et, PORT = 80, UserName = , Password = , hSession = 0x003ba728, hConnect = 0x0039fee8, Flags = 0x00000000
WinHttpConnect: ServerName = oc****om, PORT = 80, UserName = , Password = , hSession = 0x003a3540, hConnect = 0x003725a8, Flags = 0x00000000
WinHttpConnect: ServerName = cr****om, PORT = 80, UserName = , Password = , hSession = 0x003e8380, hConnect = 0x003e8468, Flags = 0x00000000
WinHttpConnect: ServerName = oc****om, PORT = 80, UserName = , Password = , hSession = 0x003e8380, hConnect = 0x003e8468, Flags = 0x00000000
Behavior description:打开HTTP连接
details:WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x003725c0
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x003ba728
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x003a3540
WinHttpOpen: UserAgent: Microsoft-CryptoAPI/6.1, hSession = 0x003e8380
Behavior description:打开HTTP请求
details:WinHttpOpenRequest: oc****om:80/extendedsslsha256cacross/mewwsjbimeywrdajbgurdgmcgguabbs3v7w2naf4fimtjpdjkg6%2bmggqmqquyhtmgkunl8qjuc99bm00qp%2f8%2fusccwqaaaaaasuhhfmv, hConnect = 0x0216f9a8, hRequest = 0x0216fa90, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****et:80/root.crl, hConnect = 0x0039fee8, hRequest = 0x003a3330, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: oc****om:80/rootr3/me8wttblmekwrzajbgurdgmcgguabbt1ngh%2fjbjwknkpdzizb1bqhelhbwquj%2fblf6gurssutvd6y5ql3uldg7wcdkgbagepqkweqv7zzfep, hConnect = 0x003725a8, hRequest = 0x021b6f68, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****om:80/root-r3.crl, hConnect = 0x003e8468, hRequest = 0x003a3330, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: oc****om:80/gsextendcodesignsha2g3/me0wszbjmecwrtajbgurdgmcgguabbq3dav9n6welmgczstdniqjdmfhiaqu3cxylcpvns2fezwosf3ebt5tv7kcdafdtnu%2fcugycfsjha%3d%3d, hConnect = 0x003e8468, hRequest = 0x021b6f68, Verb: GET, Referer: , Flags = 0x00000000
WinHttpOpenRequest: cr****om:80/gsextendcodesignsha2g3.crl, hConnect = 0x003e8468, hRequest = 0x021b6f68, Verb: GET, Referer: , Flags = 0x00000000
Behavior description:按名称获取主机地址
details:GetAddrInfoW: oc****om
GetAddrInfoW: cr****et
GetAddrInfoW: cr****om
Registry behavior
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\B1BC968BD4F49D622AA89A81F2150152A41D829C
Other behavior
Behavior description:检测自身是否被调试
details:IsDebuggerPresent
Behavior description:创建事件对象
details:EventName = Advinst_E595C624545D4ED29E36BDCCABCF8C96
EventName = 2812_prepare_evt
EventName = 2812_uigo_evt
EventName = 2812_uidone_evt
EventName = 2812_mdl_evt
EventName = 2812_sho_evt
EventName = 2812_edlg_evt
EventName = 2812_ddlg_evt
EventName = OleDfRootAD5AFCAC6278E45A
EventName = OleDfRoot981D0419D5A8D9EF
EventName = OleDfRoot7C664C370F7F1383
EventName = OleDfRoot7852C923EDC8B52B
EventName = OleDfRoot8D7A587029F3D3BA
EventName = OleDfRoot62C21C382E2D9FC0
EventName = OleDfRootE99A939A985F0660
Behavior description:打开互斥体
details:Local\MSCTF.Asm.MutexDefault1
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description:窗口信息
details:Pid = 2812, Hwnd=0x701d4, Text = DirectUIHost, ClassName = AI_DirectUIWindow.
Pid = 2812, Hwnd=0x701e4, Text = DirectUIHost, ClassName = AI_DirectUIWindow.
Pid = 2812, Hwnd=0x701dc, Text = DirectUIHost, ClassName = AI_DirectUIWindow.
Pid = 2812, Hwnd=0x701e0, Text = Setup requires 21 MB in:, ClassName = Static.
Pid = 2812, Hwnd=0x701ec, Text = C:\Program Files\Locktime Software\NetLimiter 4\, ClassName = RichEdit20W.
Pid = 2812, Hwnd=0xa01ea, Text = DirectUIHost, ClassName = AI_DirectUIWindow.
Pid = 2812, Hwnd=0x60170, Text = You must agree to the <a>Licenses terms and conditions</a> before you can install NetLimiter 4., ClassName = Static.
Pid = 2812, Hwnd=0x50176, Text = DirectUIHost, ClassName = AI_DirectUIWindow.
Pid = 2812, Hwnd=0xc01ca, Text = Advanced Installer, ClassName = Static.
Pid = 2812, Hwnd=0x3013c, Text = DirectUIHost, ClassName = AI_DirectUIWindow.
Pid = 2812, Hwnd=0xd01ba, Text = NetLimiter 4, ClassName = Static.
Pid = 2812, Hwnd=0x4013e, Text = Locktime Software, ClassName = Static.
Pid = 2812, Hwnd=0x8019e, Text = ProductLogo, ClassName = Static.
Pid = 2812, Hwnd=0x5024a, Text = Bitmap, ClassName = Static.
Pid = 2812, Hwnd=0x60184, Text = NetLimiter 4 Setup, ClassName = #32770.
Behavior description:获取TickCount值
details:TickCount = 203187, SleepMilliseconds = 60000.
TickCount = 203406, SleepMilliseconds = 60000.
TickCount = 203484, SleepMilliseconds = 60000.
TickCount = 203890, SleepMilliseconds = 60000.
TickCount = 203906, SleepMilliseconds = 60000.
TickCount = 204046, SleepMilliseconds = 60000.
TickCount = 204078, SleepMilliseconds = 60000.
TickCount = 204093, SleepMilliseconds = 60000.
Behavior description:调整进程token权限
details:SE_CREATE_TOKEN_PRIVILEGE
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
Global\SvcctrlStartEvent_A3752DX
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2812
MSFT.VSA.IEC.STATUS.6c736db0
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x000701ec, DC = 0x0f010716.
Foreground window Info: HWND = 0x000701ec, DC = 0x1001097e.
Behavior description:可执行文件签名信息
details:C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\MSI321A.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI3383.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\DotNetNativeImage.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\NLCALib.dll_1(签名验证: 未通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\Prereq.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\aicustact.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\ResourceCleaner.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\lzmaextractor.dll(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI34EB.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI354A.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI356A.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI35F8.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI3647.tmp(签名验证: 通过)
C:\Users\Administrator\AppData\Local\Temp\MSI3686.tmp(签名验证: 通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
Behavior description:隐藏指定窗口
details:[Window,Class] = [Skip,Button]
[Window,Class] = [DirectUIHost,AI_DirectUIWindow]
Behavior description:可执行文件MD5
details:C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll ---> bf436648d11de396f4b4cf1faeb63366
C:\Users\Administrator\AppData\Local\Temp\MSI321A.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\MSI3383.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\DotNetNativeImage.dll ---> efe5113bc9cf1d8c15ce309dd72d0fb3
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\NLCALib.dll_1 ---> c000c79512da84c82ecbe21f17887e18
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\Prereq.dll ---> 5671bcffa38c8bccc620a298ab0e6b58
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\aicustact.dll ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\ResourceCleaner.dll ---> 3d5cf8cce1dc80666d27914c88d340bb
C:\Users\Administrator\AppData\Local\Temp\AI_EXTUI_BIN_2812\lzmaextractor.dll ---> 92e2830df02dc4d20b52eba56901f979
C:\Users\Administrator\AppData\Local\Temp\MSI34EB.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\MSI354A.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\MSI356A.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\MSI35F8.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
C:\Users\Administrator\AppData\Local\Temp\MSI3647.tmp ---> 5671bcffa38c8bccc620a298ab0e6b58
C:\Users\Administrator\AppData\Local\Temp\MSI3686.tmp ---> e0d0d82f22d7cc1a1cacd486799d5d96
Behavior description:直接获取CPU时钟
details:EAX = 0x26ee3f6e, EDX = 0x00000076
EAX = 0x29760ef7, EDX = 0x00000076
EAX = 0x3416dc10, EDX = 0x00000076
EAX = 0x3416dc5c, EDX = 0x00000076
EAX = 0x413f78b2, EDX = 0x00000076
EAX = 0x43c7483b, EDX = 0x00000076
EAX = 0x75e1e972, EDX = 0x00000076
EAX = 0x75e1e9be, EDX = 0x00000076
EAX = 0x7894e93a, EDX = 0x00000076
EAX = 0x7894e986, EDX = 0x00000076
Behavior description:导入密钥
details:[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0215B050, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0215C538, DataLen: 532, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0215C228, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x021B05F0, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x021B6E30, DataLen: 276, Flags: 0x00000000
[CryptImportKey] Algorithm: CALG_RSA_KEYX (0x0000a400), Data: 0x0215A6C0, DataLen: 276, Flags: 0x00000000
Behavior description:加载新释放的文件
details:Image: C:\Users\Administrator\AppData\Roaming\Locktime Software\NetLimiter 4 4.0.32.0\install\decoder.dll.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI321A.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI3383.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI34EB.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI354A.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI356A.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI35F8.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI3647.tmp.
Image: C:\Users\ADMINI~1\AppData\Local\Temp\MSI3686.tmp.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号