VirSCAN VirSCAN

1, Puteți ÎNCĂRCA orice tip de fișier, însă limita este de 20Mb per fișier.
2, VirSCAN suportă decompresie Rar/Zip, însă arhiva nu trebuie să conțină mai mult de 20 fișiere.
3, VirSCAN poate scana fișiere arhivate cu parola 'infected' sau 'virus'

Limba
Nivelul de încărcare a serverului
Server Load

Informații despre fișiere
Evaluarea siguranței:50
Listă de comportamente
Raport de analiză a comportamentului:         Raport de analiză a comportamentului fișierului Threatbook
Informații de bază
MD5:68c03a3bfa2867848b684bb63862e4c6
Tip fișier:EXE
Compania producatoare:CrystalIDEA Software
Versiune:3.5.6.5591---3.5.6.5591
Shell sau informații despre compilator:COMPILER:NSIS
Subfile informații:UninstallTool_x64.dat / 53a79c8ae2a41a48a5dafaeff2c87d2f / EXE
UninstallTool_x86.dat / e8d8a9399c2c221d25dcafce9eabf392 / EXE
UninstallToolHelper.exe / 4d454f8abe7860306da91c55ba9be042 / EXE
UninstallTool.exe / ccda58e3bcd4da4fe22d5e80c3cfb27f / EXE
CisUtMonitor.sys / ce7f6aef1b27d41e7365700e74afc969 / SYS
CisUtMonitor.sys / f931dddb4084590cc4a8fc773b4385f3 / SYS
English.xml / 0fdb3264d678d048ecae17799df05cb4 / Unknown
Chinese_Traditional.xml / 9da97a8bbfe95b40c2431d6a442746ef / Unknown
Chinese_Simplified.xml / 8bfbde01cf624f2a61245ee0cc612632 / Unknown
System.dll / 883eff06ac96966270731e4e22817e11 / DLL
CisUtMonitor.inf / ab33006d71573c73ea639a4d90923bf7 / Unknown
[NSIS].nsi / 318535cb1f11b755911fed7f837edf59 / Unknown
423Down.Com.url / 54e90cfbf7dbdeb83afac8f10be8bb30 / Unknown
RemoveService.cmd / 3228676d08e31fda1655a02c7d9dbcd3 / Unknown
Comportamentul cheie
Descrierea comportamentului:打开注册表_检测虚拟机相关
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Descrierea comportamentului:获取文件属性探测虚拟机
Pentru mai multe informații:GetFileAttributes: FileName = \\?\C:\Program Files\VMware\VMware Tools\
Descrierea comportamentului:设置特殊文件夹属性
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 286296, SleepMilliseconds = 60000.
TickCount = 286312, SleepMilliseconds = 60000.
TickCount = 286343, SleepMilliseconds = 60000.
TickCount = 286359, SleepMilliseconds = 60000.
TickCount = 286375, SleepMilliseconds = 60000.
TickCount = 286390, SleepMilliseconds = 60000.
TickCount = 286546, SleepMilliseconds = 60000.
TickCount = 286562, SleepMilliseconds = 60000.
TickCount = 286593, SleepMilliseconds = 60000.
TickCount = 286609, SleepMilliseconds = 60000.
TickCount = 286625, SleepMilliseconds = 60000.
TickCount = 286640, SleepMilliseconds = 60000.
TickCount = 286687, SleepMilliseconds = 60000.
TickCount = 286703, SleepMilliseconds = 60000.
TickCount = 286718, SleepMilliseconds = 60000.
Descrierea comportamentului:查找文件方式探测虚拟机
Pentru mai multe informații:FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\Program Files\VMware\VMware Tools\*.exe
FindFirstFileEx: FileName = C:\Program Files\VMware\VMware Tools\bin\*.exe
FindFirstFileEx: FileName = C:\Program Files\VMware\VMware Tools\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\All Users\Application Data\VMware\*.*
Comportamentul procesului
Descrierea comportamentului:创建新文件进程
Pentru mai multe informații:[0x00000ea4]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall Tool\UninstallTool_x86.dat, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall Tool\UninstallTool_x86.dat"
[0x00000ec4]ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall Tool\UninstallToolHelper.exe, CmdLine = UninstallToolHelper.exe
Descrierea comportamentului:枚举进程
Pentru mai multe informații:N/A
Descrierea comportamentului:创建本地线程
Pentru mai multe informații:TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3756, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3760, StartAddress = 005A3EF7, Parameter = 001EEFF0
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3764, StartAddress = 4AEA7456, Parameter = 00000000
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3768, StartAddress = 005A3EF7, Parameter = 00221398
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3772, StartAddress = 005A3EF7, Parameter = 00227540
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3776, StartAddress = 005A3EF7, Parameter = 00228AF0
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3836, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3840, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3844, StartAddress = 005A3EF7, Parameter = 00221398
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3848, StartAddress = 005A3EF7, Parameter = 00227540
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3852, StartAddress = 77E56C7D, Parameter = 002825E8
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3856, StartAddress = 769AE43B, Parameter = 0028AFE8
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3860, StartAddress = 769AE43B, Parameter = 00284FE8
TargetProcess: UninstallTool_x86.dat, InheritedFromPID = 3512, ProcessID = 3748, ThreadID = 3888, StartAddress = 7C949B6F, Parameter = 00000000
Fișier comportament
Descrierea comportamentului:创建文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\nsl7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\423Down.Com.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\RemoveService.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x64.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x86.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\languages\Chinese_Simplified.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\languages\Chinese_Traditional.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\languages\English.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp\System.dll
C:\Documents and Settings\Administrator\Application Data\CrystalIdea Software\Uninstall Tool\CachedData.dat
C:\Documents and Settings\Administrator\Application Data\CrystalIdea Software\Uninstall Tool\preferences.xml
Descrierea comportamentului:获取文件属性探测虚拟机
Pentru mai multe informații:GetFileAttributes: FileName = \\?\C:\Program Files\VMware\VMware Tools\
Descrierea comportamentului:创建可执行文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x64.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x86.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp\System.dll
Descrierea comportamentului:覆盖已有文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp
C:\Documents and Settings\Administrator\Application Data\CrystalIdea Software\Uninstall Tool\CachedData.dat
Descrierea comportamentului:查找文件
Pentru mai multe informații:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu9.tmp
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Uninstall Tool\languages\*.xml
FileName = C:\Documents and Settings\Administrator\Application Data\CrystalIdea Software\Uninstall Tool\Traced\*.xml
FileName = C:\Program Files\*.*
FileName = C:\Program Files\NetMeeting\*.*
FileName = C:\Program Files\Outlook Express\*.*
Descrierea comportamentului:删除文件
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\nsl7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\423Down.Com.url
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\languages\Chinese_Simplified.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\languages\Chinese_Traditional.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\languages\English.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\RemoveService.cmd
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x64.dat
C:\Documents and Settings\Administrator\Application Data\CrystalIdea Software\Uninstall Tool\CachedData.dat
C:\Documents and Settings\Administrator\Application Data\CrystalIdea Software\Uninstall Tool\preferences.xml
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp\System.dll
Descrierea comportamentului:设置特殊文件夹属性
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Descrierea comportamentului:修改文件内容
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\423Down.Com.url ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\RemoveService.cmd ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 35733
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 64596
C:\Documents and Settings\Administrator\Local Settings\Temp\nsq8.tmp ---> Offset = 97364
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe ---> Offset = 49152
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe ---> Offset = 16384
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe ---> Offset = 32768
Comportamentul rețelei
Descrierea comportamentului:联网打开网址
Pentru mai multe informații:InternetOpenUrlA: https://ww****om/, hInternet = 0x00cc0004, Flags = 0x00000001
Descrierea comportamentului:连接指定站点
Pentru mai multe informații:InternetConnectA: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00800001
Descrierea comportamentului:打开HTTP连接
Pentru mai multe informații:InternetOpenA: UserAgent: Uninstall Tool 3.5.6, hSession = 0x00cc0004
Descrierea comportamentului:建立到一个指定的套接字连接
Pentru mai multe informații:URL: ww****om, IP: **.133.40.**:443, SOCKET = 0x000003f0
Descrierea comportamentului:读取网络文件
Pentru mai multe informații:hFile = 0x00cc000c, BytesToRead =5120, BytesRead = 5120.
Descrierea comportamentului:打开HTTP请求
Pentru mai multe informații:HttpOpenRequestA: ww****om:80/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00800001
Descrierea comportamentului:按名称获取主机地址
Pentru mai multe informații:GetAddrInfoW: ww****om
Înregistrare comportament
Descrierea comportamentului:修改注册表
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\CrystalIdea Software\Uninstall Tool\VH
\REGISTRY\USER\S-*\Software\CrystalIdea Software\Uninstall Tool\VL
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\CrystalIdea Software\Uninstall Tool\LastRunDate
Descrierea comportamentului:删除注册表键
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\CrystalIdea Software\Uninstall Tool\
\REGISTRY\USER\S-*\Software\CrystalIdea Software\
Descrierea comportamentului:打开注册表_检测虚拟机相关
Pentru mai multe informații:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Oracle VM VirtualBox Guest Additions
Descrierea comportamentului:删除注册表键值
Pentru mai multe informații:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Descrierea comportamentului:修改注册表_延迟重命名项
Pentru mai multe informații:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Alt comportament
Descrierea comportamentului:获取光标位置
Pentru mai multe informații:CursorPos = (80,18468), SleepMilliseconds = 60000.
CursorPos = (6373,26501), SleepMilliseconds = 60000.
CursorPos = (19208,15725), SleepMilliseconds = 60000.
CursorPos = (11517,29359), SleepMilliseconds = 60000.
CursorPos = (27001,24465), SleepMilliseconds = 60000.
CursorPos = (5744,28146), SleepMilliseconds = 60000.
CursorPos = (23320,16828), SleepMilliseconds = 60000.
CursorPos = (10000,492), SleepMilliseconds = 60000.
CursorPos = (3034,11943), SleepMilliseconds = 60000.
CursorPos = (4866,5437), SleepMilliseconds = 60000.
Descrierea comportamentului:创建互斥体
Pentru mai multe informații:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Uninstall Tool
oleacc-msaa-loaded
Local\UTOOL
MSCTF.Shared.MUTEX.IOH
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Descrierea comportamentului:创建事件对象
Pentru mai multe informații:EventName = DINPUTWINMM
EventName = Global\UninstallToolHelper_EventSent
EventName = Global\UninstallToolHelper_EventComplete
EventName = Local\UTOOL_ALREADY
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceive.Event.IKO.IC
EventName = MSCTF.SendReceiveConection.Event.IKO.IC
Descrierea comportamentului:查找指定窗口
Pentru mai multe informații:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Descrierea comportamentului:窗口信息
Pentru mai multe informații:Pid = 3748, Hwnd=0x10348, Text = xtpBarTop, ClassName = XTPDockBar.
Pid = 3748, Hwnd=0x10356, Text = 主工具栏, ClassName = XTPToolBar.
Pid = 3748, Hwnd=0x10350, Text = Menu Bar, ClassName = XTPToolBar.
Pid = 3748, Hwnd=0x1034a, Text = xtpBarBottom, ClassName = XTPDockBar.
Pid = 3748, Hwnd=0x10358, Text = 副工具栏, ClassName = XTPToolBar.
Pid = 3748, Hwnd=0x60342, Text = Uninstall Tool 3.5.6, ClassName = #32770.
Pid = 3748, Hwnd=0x10374, Text = 123456, ClassName = Edit.
Descrierea comportamentului:获取TickCount值
Pentru mai multe informații:TickCount = 286296, SleepMilliseconds = 60000.
TickCount = 286312, SleepMilliseconds = 60000.
TickCount = 286343, SleepMilliseconds = 60000.
TickCount = 286359, SleepMilliseconds = 60000.
TickCount = 286375, SleepMilliseconds = 60000.
TickCount = 286390, SleepMilliseconds = 60000.
TickCount = 286546, SleepMilliseconds = 60000.
TickCount = 286562, SleepMilliseconds = 60000.
TickCount = 286593, SleepMilliseconds = 60000.
TickCount = 286609, SleepMilliseconds = 60000.
TickCount = 286625, SleepMilliseconds = 60000.
TickCount = 286640, SleepMilliseconds = 60000.
TickCount = 286687, SleepMilliseconds = 60000.
TickCount = 286703, SleepMilliseconds = 60000.
TickCount = 286718, SleepMilliseconds = 60000.
Descrierea comportamentului:调整进程token权限
Pentru mai multe informații:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
Descrierea comportamentului:打开事件
Pentru mai multe informații:HookSwitchHookEnabledEvent
_fCanRegisterWithShellService
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
Global\UninstallToolHelper_EventSent
Global\UninstallToolHelper_EventComplete
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
MSFT.VSA.COM.DISABLE.3748
MSFT.VSA.IEC.STATUS.6c736db0
Descrierea comportamentului:可执行文件签名信息
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x64.dat(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x86.dat(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp\System.dll(签名验证: 未通过)
Descrierea comportamentului:调用Sleep函数
Pentru mai multe informații:[1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 0.
Descrierea comportamentului:隐藏指定窗口
Pentru mai multe informații:[Window,Class] = [,tooltips_class32]
[Window,Class] = [,Edit]
[Window,Class] = [,Static]
[Window,Class] = [1,Edit]
[Window,Class] = [12,Edit]
[Window,Class] = [123,Edit]
[Window,Class] = [1234,Edit]
[Window,Class] = [12345,Edit]
[Window,Class] = [123456,Edit]
Descrierea comportamentului:可执行文件MD5
Pentru mai multe informații:C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool.exe ---> ccda58e3bcd4da4fe22d5e80c3cfb27f
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallToolHelper.exe ---> 4d454f8abe7860306da91c55ba9be042
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x64.dat ---> 53a79c8ae2a41a48a5dafaeff2c87d2f
C:\Documents and Settings\Administrator\Local Settings\Temp\Uninstall Tool\UninstallTool_x86.dat ---> e8d8a9399c2c221d25dcafce9eabf392
C:\Documents and Settings\Administrator\Local Settings\Temp\nsu9.tmp\System.dll ---> 883eff06ac96966270731e4e22817e11
Descrierea comportamentului:打开互斥体
Pentru mai multe informații:ShimCacheMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
Local\!IETld!Mutex
Local\UTOOL
Descrierea comportamentului:加载新释放的文件
Pentru mai multe informații:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsu9.tmp\System.dll.
Descrierea comportamentului:查找文件方式探测虚拟机
Pentru mai multe informații:FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序\Oracle VM VirtualBox Guest Additions\*.*
FindFirstFileEx: FileName = C:\Program Files\VMware\VMware Tools\*.exe
FindFirstFileEx: FileName = C:\Program Files\VMware\VMware Tools\bin\*.exe
FindFirstFileEx: FileName = C:\Program Files\VMware\VMware Tools\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\Administrator\Local Settings\Application Data\VMware\*.*
FindFirstFileEx: FileName = C:\Documents and Settings\All Users\Application Data\VMware\*.*
Rulați captura de ecran
VirSCAN

Despre VirSCAN | Politica de confidențialitate | Contact | Linie prietenoasă | Ajută VirSCAN
Tradus de Viorel Petrișor Neculai & Mihai Chiş, România
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号