VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Lingua
Carico del server
Server Load

Informazioni sui file
Valutazione di sicurezza:84
Elenco dei comportamenti
Informazioni di base
MD5:20d5dc4fc873276826dc0ce29b6f626c
Tipo di file:EXE
Società di produzione:Cheat Engine
versione:6.8.1.2---6.8.1.2
Informazioni sulla shell o sul compilatore:COMPILER:Borland Delphi 2.0 [Overlay]
Comportamento chiave
Descrizione del comportamento:屏蔽窗口关闭消息
Per ulteriori informazioni:hWnd = 0x00010340, Text = Setup, ClassName = TApplication.
Descrizione del comportamento:获取TickCount值
Per ulteriori informazioni:TickCount = 226818, SleepMilliseconds = 100.
TickCount = 226834, SleepMilliseconds = 100.
TickCount = 226850, SleepMilliseconds = 100.
TickCount = 226865, SleepMilliseconds = 100.
TickCount = 226881, SleepMilliseconds = 100.
TickCount = 226896, SleepMilliseconds = 100.
TickCount = 226928, SleepMilliseconds = 100.
TickCount = 226990, SleepMilliseconds = 100.
TickCount = 227006, SleepMilliseconds = 100.
TickCount = 227037, SleepMilliseconds = 100.
TickCount = 227068, SleepMilliseconds = 100.
TickCount = 227303, SleepMilliseconds = 100.
TickCount = 227412, SleepMilliseconds = 100.
TickCount = 227428, SleepMilliseconds = 100.
TickCount = 227537, SleepMilliseconds = 100.
Descrizione del comportamento:查找PE资源信息
Per ulteriori informazioni:(FindResourceA) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType:
Descrizione del comportamento:设置特殊文件夹属性
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrizione del comportamento:查询注册表_检测虚拟机相关
Per ulteriori informazioni:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Comportamento del processo
Descrizione del comportamento:创建本地线程
Per ulteriori informazioni:TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2916, StartAddress = 0120C864, Parameter = 016C3510
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2920, StartAddress = 0120C864, Parameter = 016C3550
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2948, StartAddress = 765E964D, Parameter = 001D6848
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2952, StartAddress = 0120C864, Parameter = 016C3690
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2960, StartAddress = 0120C864, Parameter = 016C3890
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2964, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2992, StartAddress = 01223708, Parameter = 016D9220
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 2996, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3000, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3004, StartAddress = 01223708, Parameter = 016D9220
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3008, StartAddress = 6359727B, Parameter = 00233228
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3052, StartAddress = 77E56C7D, Parameter = 00252920
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3056, StartAddress = 769AE43B, Parameter = 001F6240
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3112, StartAddress = 0120C864, Parameter = 016C37D0
TargetProcess: 996E.tmp, InheritedFromPID = 2688, ProcessID = 2716, ThreadID = 3120, StartAddress = 6359727B, Parameter = 00289160
Descrizione del comportamento:创建新文件进程
Per ulteriori informazioni:[0x00000a9c]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JQANE.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JQANE.tmp\996E.tmp" /SL5="$1033C,14068795,56832,C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe"
Descrizione del comportamento:枚举进程
Per ulteriori informazioni:N/A
Comportamento del file
Descrizione del comportamento:创建文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\_isetup\_shfoldr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\00036EF7.log
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\csshover3.htc
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\ie6_main.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\main.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\browse.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\button.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\checkbox.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\progress-bar.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\images\button-bg.png
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\images\progress-bg-corner.png
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\images\progress-bg.png
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\images\progress-bg2.png
Descrizione del comportamento:创建可执行文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\_isetup\_shfoldr.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll
Descrizione del comportamento:查找文件
Per ulteriori informazioni:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JQANE.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-JQANE.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\WINDOWS\Registration\R????????????.clb
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsd2250788778\bootstrap_23487.html
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
Descrizione del comportamento:删除文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\00036EF7.log
C:\Documents and Settings\Administrator\Local Settings\Temp\000374D3.log
C:\Documents and Settings\Administrator\Local Settings\Temp\00037602.log
C:\Program Files\0003839F.log
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\bootstrap_23487.html
C:\Documents and Settings\Administrator\Local Settings\Temp\0003CA9B.log
C:\Documents and Settings\Administrator\Local Settings\Temp\ns0E4282F7\0DD1AD7D.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\0003CB85.log
C:\Documents and Settings\Administrator\Local Settings\Temp\0003CB95.log
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\ie6_main.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\main.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\browse.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\button.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\checkbox.css
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\sdk-ui\images\button-bg.png
Descrizione del comportamento:设置特殊文件夹属性
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrizione del comportamento:修改文件内容
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\_isetup\_shfoldr.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\00036EF7.log ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\csshover3.htc ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\ie6_main.css ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsd2250788778\css\main.css ---> Offset = 0
Comportamento di rete
Descrizione del comportamento:连接指定站点
Per ulteriori informazioni:InternetConnectA: ServerName = rp****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = os****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Descrizione del comportamento:打开HTTP连接
Per ulteriori informazioni:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727, hSession = 0x00cc0004
Descrizione del comportamento:建立到一个指定的套接字连接
Per ulteriori informazioni:URL: rp****om, IP: **.133.40.**:80, SOCKET = 0x00000388
URL: os****om, IP: **.133.40.**:80, SOCKET = 0x000002f0
URL: os****om, IP: **.133.40.**:80, SOCKET = 0x000001a4
URL: rp****om, IP: **.133.40.**:80, SOCKET = 0x000002a8
Descrizione del comportamento:读取网络文件
Per ulteriori informazioni:hFile = 0x00cc000c, BytesToRead =20480, BytesRead = 20480.
Descrizione del comportamento:发送HTTP包
Per ulteriori informazioni:POST / HTTP/1.1 Accept: */* Host: rp****om User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727 Content-Length: 1376 Cache-Control: no-cache
POST /Fusioncheatengine/ HTTP/1.1 Accept: */* Host: os****om User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727 Content-Length: 1744 Cache-Control: no-cache
POST / HTTP/1.1 Accept: */* Host: rp****om User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727 Content-Length: 1872 Cache-Control: no-cache
Descrizione del comportamento:打开HTTP请求
Per ulteriori informazioni:HttpOpenRequestA: rp****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x04080000
HttpOpenRequestA: os****om:80/fusioncheatengine/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0x04080000
Descrizione del comportamento:按名称获取主机地址
Per ulteriori informazioni:GetAddrInfoW: rp****om
GetAddrInfoW: os****om
Comportamento del registro
Descrizione del comportamento:修改注册表
Per ulteriori informazioni:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Descrizione del comportamento:删除注册表键值
Per ulteriori informazioni:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Descrizione del comportamento:查询注册表_检测虚拟机相关
Per ulteriori informazioni:\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion
Altro comportamento
Descrizione del comportamento:获取光标位置
Per ulteriori informazioni:CursorPos = (80,18468), SleepMilliseconds = 100.
CursorPos = (6373,26501), SleepMilliseconds = 100.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 100.
CursorPos = (27001,24465), SleepMilliseconds = 100.
CursorPos = (5744,28146), SleepMilliseconds = 10.
CursorPos = (23320,16828), SleepMilliseconds = 10.
CursorPos = (10000,492), SleepMilliseconds = 10.
CursorPos = (3034,11943), SleepMilliseconds = 10.
CursorPos = (4866,5437), SleepMilliseconds = 100.
CursorPos = (32430,14605), SleepMilliseconds = 100.
CursorPos = (3941,154), SleepMilliseconds = 100.
CursorPos = (331,12383), SleepMilliseconds = 100.
CursorPos = (17460,18717), SleepMilliseconds = 100.
CursorPos = (19757,19896), SleepMilliseconds = 100.
Descrizione del comportamento:创建互斥体
Per ulteriori informazioni:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!PrivacIE!SharedMemory!Mutex
RasPbFile
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.AKK
Descrizione del comportamento:隐藏指定窗口
Per ulteriori informazioni:[Window,Class] = [Setup - Cheat Engine 6.8.1,TWizardForm]
[Window,Class] = [Setup - Cheat Engine 6.8.1,TMainForm]
[Window,Class] = [Setup,TApplication]
[Window,Class] = [,Internet Explorer_Server]
Descrizione del comportamento:窗口信息
Per ulteriori informazioni:Pid = 2716, Hwnd=0x1044c, Text = Welcome to the Cheat Engine 6.8.1 Setup Wizard , ClassName = TNewStaticText.
Pid = 2716, Hwnd=0x1044a, Text = This will install Cheat Engine 6.8.1 on your computer. It is recommended that you close all other applications before continuing. Click Next to continue, or Cancel to exit Setup., ClassName = TNewStaticText.
Pid = 2716, Hwnd=0x1036e, Text = A: Cheat Engine License B: installCore Terms of Service A: 1) This license agreement is a legal agreement between you and the, ClassName = TRichEditViewer.
Pid = 2716, Hwnd=0x10374, Text = Cheat Engine 6.8.1 Fixes: Fixed several issues with the structure compare Fixed the commonality scanner from picking up unrel, ClassName = TRichEditViewer.
Pid = 2716, Hwnd=0x2035c, Text = DirEdit, ClassName = TEdit.
Pid = 2716, Hwnd=0x10446, Text = &Next >, ClassName = TNewButton.
Pid = 2716, Hwnd=0x10444, Text = Cancel, ClassName = TNewButton.
Pid = 2716, Hwnd=0x2034e, Text = Setup - Cheat Engine 6.8.1, ClassName = TWizardForm.
Pid = 2716, Hwnd=0x20494, Text = 是(&Y), ClassName = Button.
Pid = 2716, Hwnd=0x10496, Text = 否(&N), ClassName = Button.
Pid = 2716, Hwnd=0x1049a, Text = Setup is not complete. If you exit now, the program will not be installed. You may run Setup again at another time to complete the installation. Exit Setup?, ClassName = Static.
Pid = 2716, Hwnd=0x70492, Text = Exit Setup, ClassName = #32770.
Descrizione del comportamento:查找指定窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descrizione del comportamento:枚举窗口
Per ulteriori informazioni:N/A
Descrizione del comportamento:获取TickCount值
Per ulteriori informazioni:TickCount = 226818, SleepMilliseconds = 100.
TickCount = 226834, SleepMilliseconds = 100.
TickCount = 226850, SleepMilliseconds = 100.
TickCount = 226865, SleepMilliseconds = 100.
TickCount = 226881, SleepMilliseconds = 100.
TickCount = 226896, SleepMilliseconds = 100.
TickCount = 226928, SleepMilliseconds = 100.
TickCount = 226990, SleepMilliseconds = 100.
TickCount = 227006, SleepMilliseconds = 100.
TickCount = 227037, SleepMilliseconds = 100.
TickCount = 227068, SleepMilliseconds = 100.
TickCount = 227303, SleepMilliseconds = 100.
TickCount = 227412, SleepMilliseconds = 100.
TickCount = 227428, SleepMilliseconds = 100.
TickCount = 227537, SleepMilliseconds = 100.
Descrizione del comportamento:调整进程token权限
Per ulteriori informazioni:SE_LOAD_DRIVER_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Descrizione del comportamento:屏蔽窗口关闭消息
Per ulteriori informazioni:hWnd = 0x00010340, Text = Setup, ClassName = TApplication.
Descrizione del comportamento:打开事件
Per ulteriori informazioni:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
Global\SvcctrlStartEvent_A3752DX
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.2716
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceive.Event.IOH.IC
MSCTF.SendReceiveConection.Event.IOH.IC
Descrizione del comportamento:查找PE资源信息
Per ulteriori informazioni:(FindResourceA) hModule = 0x00400000, ResName: SHFOLDERDLL, ResType:
Descrizione del comportamento:可执行文件签名信息
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll(签名验证: 未通过)
Descrizione del comportamento:调用Sleep函数
Per ulteriori informazioni:[1]: MilliSeconds = 100.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 100.
[4]: MilliSeconds = 100.
[5]: MilliSeconds = 100.
[6]: MilliSeconds = 100.
[7]: MilliSeconds = 100.
[8]: MilliSeconds = 100.
[9]: MilliSeconds = 100.
[10]: MilliSeconds = 100.
[1]: MilliSeconds = 50.
[2]: MilliSeconds = 250.
[3]: MilliSeconds = 250.
[4]: MilliSeconds = 250.
[5]: MilliSeconds = 250.
Descrizione del comportamento:创建事件对象
Per ulteriori informazioni:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.AKK.IC
EventName = MSCTF.SendReceiveConection.Event.AKK.IC
Descrizione del comportamento:可执行文件MD5
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temp\is-JQANE.tmp\996E.tmp ---> 92a31de32064d2e184f63116ac3a817f
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
C:\Documents and Settings\Administrator\Local Settings\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll ---> 3aaeb56975a75ee77823576fd81b0233
Descrizione del comportamento:打开互斥体
Per ulteriori informazioni:ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
CtfmonInstMutexDefaultS-*
Descrizione del comportamento:加载新释放的文件
Per ulteriori informazioni:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-5Q043.tmp\wsCVuKLFeRNdI.dll.
Esegui screenshot
VirSCAN

A proposito di VirSCAN | Tutela della privacy | Contattaci | Collegamento amichevole | Aiuta VirSCAN
Tradotto da Riccardo Vianello, Italia
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号