VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Lingua
Carico del server
Server Load

Informazioni sui file
Valutazione di sicurezza:50
Elenco dei comportamenti
Informazioni di base
MD5:8c91754451027ecdf776e3b26128c634
Tipo di file:zip
Società di produzione:
versione:
Informazioni sulla shell o sul compilatore:
Informazioni sul file secondario:利剑 分享版v2.7.exe / 83c36e5b4b3515da2b677b5f07c28452 / EXE
D3DX9_43.dll / 86e39e9161c3d930d93822f1563c280d / DLL
d3dx9_42.dll / c6a44fc3cf2f5801561804272217b14d / DLL
DirectX Repair win7.exe / 529ecadde86c4baf3d5ca604002433ba / EXE
DirectX_Repair_win8_win10.exe / 38339cc7cb1cd26d3cb7b0d494023a08 / EXE
方框闪烁卡顿解决方法(还不行就设置成均衡).png / 752d6a1165e302f895cefde5e1222c3b / Unknown
荒野行动过设备锁.exe / 4cfaa85715a3de5f89f73b792931be4c / EXE
Win7系统方框不准解决方法【必看】.png / a8fa2656327c7efdeb332d027fe81d95 / Unknown
性能选项-让Windows选择计算机最佳设置.png / b68722a2005674df1691d5420ca76ba2 / Unknown
小部分系统软件停止工作解决方法.png / a6847cb3329bb9b2fc3f350070e85ef2 / Unknown
Win8-Win10系统方框不准解决方法【必看】.png / a95da9914915f2b4eaa05548e51337ab / Unknown
方框只显示200米内解决方法【必看】.png / 1bdcdf7699297933e5d6e2e9dd9278c6 / Unknown
大部分系统软件停止解决方法.jpg / 5f1fc5355a11c2efb384f7238edc8089 / Unknown
aero.theme / d3d9f0bfbe24bfdbcff4a314d6549279 / Unknown
软件疑难解决【必看】.txt / 32841a5d2c9ffa2ba32bd1a05bde145e / Unknown
游戏黑屏解决-双击我运行.bat / f79cd6fd0a1766a508cb89b40cdf2d5e / Unknown
log.dat / 9b015995392f9a10a1f3eb39a2d4178b / Unknown
必看说明.txt / 7aa3afa284947ef2b415ebfed8bb6d06 / Unknown
方框不准解决方法【必看】.txt / 7aa7f46011b95a506195484dd91f9e04 / Unknown
Comportamento chiave
Descrizione del comportamento:探测 Virtual PC是否存在
Per ulteriori informazioni:N/A
Descrizione del comportamento:直接获取CPU时钟
Per ulteriori informazioni:EAX = 0xc16f816e, EDX = 0x000000b8
EAX = 0xc16f81ba, EDX = 0x000000b8
EAX = 0xc16f8206, EDX = 0x000000b8
EAX = 0xc16f8252, EDX = 0x000000b8
EAX = 0xc16f829e, EDX = 0x000000b8
EAX = 0xc16f82ea, EDX = 0x000000b8
EAX = 0xc16f8336, EDX = 0x000000b8
EAX = 0xc16f8382, EDX = 0x000000b8
EAX = 0xc16f83ce, EDX = 0x000000b8
EAX = 0xc16f841a, EDX = 0x000000b8
Descrizione del comportamento:尝试打开调试器或监控软件的驱动设备对象
Per ulteriori informazioni:\??\NTICE
Descrizione del comportamento:获取TickCount值
Per ulteriori informazioni:TickCount = 293828, SleepMilliseconds = 60000.
TickCount = 293843, SleepMilliseconds = 60000.
TickCount = 293859, SleepMilliseconds = 60000.
TickCount = 293890, SleepMilliseconds = 60000.
TickCount = 234021, SleepMilliseconds = 100.
TickCount = 234053, SleepMilliseconds = 100.
TickCount = 234068, SleepMilliseconds = 100.
TickCount = 234084, SleepMilliseconds = 100.
TickCount = 234100, SleepMilliseconds = 100.
TickCount = 234131, SleepMilliseconds = 100.
TickCount = 234193, SleepMilliseconds = 100.
TickCount = 234209, SleepMilliseconds = 100.
TickCount = 234240, SleepMilliseconds = 100.
TickCount = 294234, SleepMilliseconds = 60000.
TickCount = 294250, SleepMilliseconds = 60000.
Descrizione del comportamento:设置特殊文件夹属性
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrizione del comportamento:直接调用系统关键API
Per ulteriori informazioni:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x007FEAE6
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x0075BE3A
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x007CE1B7
Descrizione del comportamento:查找反病毒常用工具窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
Descrizione del comportamento:VMWare特殊指令检测虚拟机
Per ulteriori informazioni:N/A
Comportamento del processo
Descrizione del comportamento:创建本地线程
Per ulteriori informazioni:TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3804, StartAddress = 0075C969, Parameter = 001AFB50
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3808, StartAddress = 0075C969, Parameter = 001AFB50
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3812, StartAddress = 0075C969, Parameter = 001AFB50
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3816, StartAddress = 0075C969, Parameter = 001AFBA8
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3820, StartAddress = 0075C969, Parameter = 001AFBA8
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3824, StartAddress = 0075C969, Parameter = 001AFBA8
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3920, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3984, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 3988, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 4008, StartAddress = 77E56C7D, Parameter = 001E44E0
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 4012, StartAddress = 769AE43B, Parameter = 001EEF58
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 4016, StartAddress = 0215507F, Parameter = 001296D0
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 4056, StartAddress = 6359727B, Parameter = 00273E20
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 1940, StartAddress = 6359727B, Parameter = 03920AA0
TargetProcess: 利剑 分享版v2.7.exe, InheritedFromPID = 2000, ProcessID = 3728, ThreadID = 1748, StartAddress = 6359727B, Parameter = 03920B40
Comportamento del file
Descrizione del comportamento:创建文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\i-wz-803058[1].html
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\264843023201672411421552[1]
Descrizione del comportamento:覆盖已有文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1]
Descrizione del comportamento:查找文件
Per ulteriori informazioni:FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\urlmon.dll
FileName = C:\WINDOWS\system32\ieframe.dll
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\*.*
Descrizione del comportamento:删除文件
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\i-wz-803058[1].html
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\info_48[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\264843023201672411421552[1]
Descrizione del comportamento:设置特殊文件夹属性
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrizione del comportamento:修改文件内容
Per ulteriori informazioni:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\navcancl[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\background_gradient[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\info_48[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\bullet[1] ---> Offset = 0
Comportamento di rete
Descrizione del comportamento:打开指定IE网页
Per ulteriori informazioni:https://jq****om/?_wv=1027&k=5tYIM6a
ww****om
http://ww****om/
Descrizione del comportamento:连接指定站点
Per ulteriori informazioni:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = qs****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000000
Descrizione del comportamento:打开HTTP连接
Per ulteriori informazioni:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0), hSession = 0x00cc0010
Descrizione del comportamento:建立到一个指定的套接字连接
Per ulteriori informazioni:URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000364
URL: qs****om, IP: **.133.40.**:80, SOCKET = 0x00000450
URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x0000044c
Descrizione del comportamento:读取网络文件
Per ulteriori informazioni:hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
hFile = 0x00cc0018, BytesToRead =512, BytesRead = 512.
Descrizione del comportamento:发送HTTP包
Per ulteriori informazioni:GET /i-wz-803058.html HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww****om Connection: Keep-Alive
GET /blog/static/264843023201672411421552/ HTTP/1.1 Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */* Referer: http://qs1923472225.blog.163.com/blog/static/264843023201672411421552/ Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.0) Host: qs****om Cache-Control: no-cache
Descrizione del comportamento:打开HTTP请求
Per ulteriori informazioni:HttpOpenRequestA: ww****om:80/i-wz-803058.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400200
HttpOpenRequestA: ww****om:80/i-wz-803058.html, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: qs****om:80/blog/static/264843023201672411421552/, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x80000000
Descrizione del comportamento:按名称获取主机地址
Per ulteriori informazioni:GetAddrInfoW: ww****om
GetAddrInfoW: qs****om
Comportamento del registro
Descrizione del comportamento:修改注册表
Per ulteriori informazioni:\REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Descrizione del comportamento:删除注册表键值
Per ulteriori informazioni:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Altro comportamento
Descrizione del comportamento:直接调用系统关键API
Per ulteriori informazioni:Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x007FEAE6
Index = 0x0000009B, Name: NtQueryInformationThread, Instruction Address = 0x0075BE3A
Index = 0x000000E5, Name: NtSetInformationThread, Instruction Address = 0x007CE1B7
Descrizione del comportamento:探测 Virtual PC是否存在
Per ulteriori informazioni:N/A
Descrizione del comportamento:创建互斥体
Per ulteriori informazioni:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Local\!PrivacIE!SharedMemory!Mutex
CritOpMutex
MSIMGSIZECacheMutex
MSCTF.Shared.MUTEX.IOH
Descrizione del comportamento:创建事件对象
Per ulteriori informazioni:EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.ALP.IC
EventName = MSCTF.SendReceiveConection.Event.ALP.IC
Descrizione del comportamento:窗口信息
Per ulteriori informazioni:Pid = 3728, Hwnd=0x1047e, Text = 您想运行或保存此文件吗?, ClassName = Static.
Pid = 3728, Hwnd=0x10482, Text = 名称:, ClassName = Static.
Pid = 3728, Hwnd=0x10484, Text = update.exe, ClassName = SysLink.
Pid = 3728, Hwnd=0x10486, Text = 发行者:, ClassName = Static.
Pid = 3728, Hwnd=0x1048a, Text = 类型:, ClassName = Static.
Pid = 3728, Hwnd=0x1048c, Text = 应用程序, 358KB, ClassName = Static.
Pid = 3728, Hwnd=0x1048e, Text = 从:, ClassName = Static.
Pid = 3728, Hwnd=0x10490, Text = www.qqniubi.com, ClassName = Static.
Pid = 3728, Hwnd=0x10492, Text = 运行(&R), ClassName = Button.
Pid = 3728, Hwnd=0x10494, Text = 保存(&S), ClassName = Button.
Pid = 3728, Hwnd=0x10496, Text = 取消, ClassName = Button.
Pid = 3728, Hwnd=0x10498, Text = 打开此类文件前总是询问(&W), ClassName = Button(CheckBox).
Pid = 3728, Hwnd=0x1049e, Text = 来自 Internet 的文件可能对您有所帮助,但此文件类型可能危害您的计算机。如果您不信任其来源,请不要运行或保存该软件。<A>有何风险?</A>, ClassName = SysLink.
Pid = 3728, Hwnd=0x1047c, Text = 文件下载 - 安全警告, ClassName = #32770.
Pid = 3728, Hwnd=0x403de, Text = 下载完毕, ClassName = Static.
Descrizione del comportamento:打开互斥体
Per ulteriori informazioni:ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
CtfmonInstMutexDefaultS-*
Descrizione del comportamento:查找指定窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [4823-00000029,]
NtUserFindWindowEx: [Class,Window] = [18467-41,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [,Microsoft Internet Explorer]
Descrizione del comportamento:尝试打开调试器或监控软件的驱动设备对象
Per ulteriori informazioni:\??\NTICE
Descrizione del comportamento:获取TickCount值
Per ulteriori informazioni:TickCount = 293828, SleepMilliseconds = 60000.
TickCount = 293843, SleepMilliseconds = 60000.
TickCount = 293859, SleepMilliseconds = 60000.
TickCount = 293890, SleepMilliseconds = 60000.
TickCount = 234021, SleepMilliseconds = 100.
TickCount = 234053, SleepMilliseconds = 100.
TickCount = 234068, SleepMilliseconds = 100.
TickCount = 234084, SleepMilliseconds = 100.
TickCount = 234100, SleepMilliseconds = 100.
TickCount = 234131, SleepMilliseconds = 100.
TickCount = 234193, SleepMilliseconds = 100.
TickCount = 234209, SleepMilliseconds = 100.
TickCount = 234240, SleepMilliseconds = 100.
TickCount = 294234, SleepMilliseconds = 60000.
TickCount = 294250, SleepMilliseconds = 60000.
Descrizione del comportamento:调整进程token权限
Per ulteriori informazioni:SE_LOAD_DRIVER_PRIVILEGE
Descrizione del comportamento:打开事件
Per ulteriori informazioni:HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.3728
MSFT.VSA.IEC.STATUS.6c736db0
_fCanRegisterWithShellService
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Descrizione del comportamento:调用Sleep函数
Per ulteriori informazioni:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 100.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 0.
[5]: MilliSeconds = 0.
Descrizione del comportamento:隐藏指定窗口
Per ulteriori informazioni:[Window,Class] = [,SysLink]
[Window,Class] = [,Static]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [,Shell Embedding]
[Window,Class] = [,Internet Explorer_Server]
Descrizione del comportamento:获取光标位置
Per ulteriori informazioni:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
Descrizione del comportamento:直接获取CPU时钟
Per ulteriori informazioni:EAX = 0xc16f816e, EDX = 0x000000b8
EAX = 0xc16f81ba, EDX = 0x000000b8
EAX = 0xc16f8206, EDX = 0x000000b8
EAX = 0xc16f8252, EDX = 0x000000b8
EAX = 0xc16f829e, EDX = 0x000000b8
EAX = 0xc16f82ea, EDX = 0x000000b8
EAX = 0xc16f8336, EDX = 0x000000b8
EAX = 0xc16f8382, EDX = 0x000000b8
EAX = 0xc16f83ce, EDX = 0x000000b8
EAX = 0xc16f841a, EDX = 0x000000b8
Descrizione del comportamento:查找反病毒常用工具窗口
Per ulteriori informazioni:NtUserFindWindowEx: [Class,Window] = [Regmonclass,]
NtUserFindWindowEx: [Class,Window] = [Filemonclass,]
Descrizione del comportamento:VMWare特殊指令检测虚拟机
Per ulteriori informazioni:N/A
Esegui screenshot
VirSCAN

A proposito di VirSCAN | Tutela della privacy | Contattaci | Collegamento amichevole | Aiuta VirSCAN
Tradotto da Riccardo Vianello, Italia
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号