VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:25ba094be3ffd75f4d99011149936416
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 修改注册表_安装输入法项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-*\Keyboard Layout\Preload\2
Behavior description: 设置特殊文件属性
details: C:\WINDOWS\system32\login.dll
C:\WINDOWS\system32\h55ui10.dll
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description: 获取TickCount值
details: TickCount = 5372994, SleepMilliseconds = 5041.
TickCount = 5379244, SleepMilliseconds = 5041.
Behavior description: 杀掉进程
details: C:\WINDOWS\system32\client.exe
C:\WINDOWS\system32\TASLogin.exe
C:\WINDOWS\system32\qqlogin.exe
C:\WINDOWS\system32\Tencentdl.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe

Process behavior

Behavior description: 创建进程
details: ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" http://www.yixun.com/
ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:2224 CREDAT:79873
Behavior description: 创建本地线程
details: TargetProcess: taskmgr.exe, InheritedFromPID = 1944, ProcessID = 1620, ThreadID = 1388, StartAddress = 0105D4E0, Parameter = 00359D9D
TargetProcess: taskmgr.exe, InheritedFromPID = 1944, ProcessID = 1620, ThreadID = 1808, StartAddress = 0105D4E0, Parameter = 00359D9D
TargetProcess: taskmgr.exe, InheritedFromPID = 1944, ProcessID = 1620, ThreadID = 764, StartAddress = 0103188A, Parameter = 00000000
TargetProcess: patchupdate.exe, InheritedFromPID = 1952, ProcessID = 368, ThreadID = 1796, StartAddress = 00A4D4E0, Parameter = 00359D9D
TargetProcess: patchupdate.exe, InheritedFromPID = 1952, ProcessID = 368, ThreadID = 968, StartAddress = 00A4D4E0, Parameter = 00359D9D
TargetProcess: tm.exe, InheritedFromPID = 1952, ProcessID = 436, ThreadID = 796, StartAddress = 00A4D4E0, Parameter = 00359D9D
TargetProcess: patchupdate.exe, InheritedFromPID = 1952, ProcessID = 368, ThreadID = 1048, StartAddress = 00A2188A, Parameter = 00000000
TargetProcess: tm.exe, InheritedFromPID = 1952, ProcessID = 436, ThreadID = 1392, StartAddress = 00A4D4E0, Parameter = 00359D9D
TargetProcess: tm.exe, InheritedFromPID = 1952, ProcessID = 436, ThreadID = 1528, StartAddress = 00A2188A, Parameter = 00000000
TargetProcess: explorer.exe, InheritedFromPID = 1868, ProcessID = 1944, ThreadID = 2076, StartAddress = 041CD4E0, Parameter = 00359D9D
TargetProcess: explorer.exe, InheritedFromPID = 1868, ProcessID = 1944, ThreadID = 2080, StartAddress = 041CD4E0, Parameter = 00359D9D
TargetProcess: QQ.exe, InheritedFromPID = 1944, ProcessID = 240, ThreadID = 2084, StartAddress = 041FD4E0, Parameter = 00359D9D
TargetProcess: QQ.exe, InheritedFromPID = 1944, ProcessID = 240, ThreadID = 2088, StartAddress = 041FD4E0, Parameter = 00359D9D
TargetProcess: QQ.exe, InheritedFromPID = 1944, ProcessID = 240, ThreadID = 2092, StartAddress = 041D188A, Parameter = 00000000
TargetProcess: explorer.exe, InheritedFromPID = 1868, ProcessID = 1944, ThreadID = 2096, StartAddress = 041A188A, Parameter = 00000000
Behavior description: 枚举进程
details: N/A
Behavior description: 杀掉进程
details: C:\WINDOWS\system32\client.exe
C:\WINDOWS\system32\TASLogin.exe
C:\WINDOWS\system32\qqlogin.exe
C:\WINDOWS\system32\Tencentdl.exe
C:\Program Files\Tencent\QQ\Bin\TXPlatform.exe

File behavior

Behavior description: 创建文件
details: C:\WINDOWS\system32\login.dll
C:\WINDOWS\system32\h55ui10.dll
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E68D9E8E-49BD-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4134.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F132BE60-49BD-11E6-91BE-7B****28}.dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6A4F.tmp
Behavior description: 创建可执行文件
details: C:\WINDOWS\system32\login.dll
C:\WINDOWS\system32\h55ui10.dll
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6P4O8QNJ\wpad[1].dat
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4134.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6A4F.tmp
Behavior description: 查找文件
details: FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\My Documents
FileName = C:\Documents and Settings\All Users
FileName = C:\Documents and Settings\All Users\Documents
FileName = C:\Documents and Settings\Administrator\桌面
FileName = C:\Documents and Settings\All Users\桌面
FileName = C:\Program Files\Internet Explorer\IEXPLORE.EXE
FileName = C:\Program Files\Internet Explorer\iexplore.exe
FileName = C:\Program Files\Common Files\Adobe
FileName = C:\Program Files\Common Files\Adobe\Acrobat
FileName = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX
FileName = C:\Program Files\Java
FileName = C:\Program Files\Java\jre7
FileName = C:\Program Files\Java\jre7\bin
Behavior description: 设置特殊文件属性
details: C:\WINDOWS\system32\login.dll
C:\WINDOWS\system32\h55ui10.dll
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description: 修改文件内容
details: C:\WINDOWS\system32\login.dll ---> Offset = 0
C:\WINDOWS\system32\h55ui10.dll ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E68D9E8E-49BD-11E6-91BE-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E68D9E8E-49BD-11E6-91BE-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4134.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF4134.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E68D9E8E-49BD-11E6-91BE-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\RecoveryStore.{E68D9E8E-49BD-11E6-91BE-7B****28}.dat ---> Offset = 1536
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F132BE60-49BD-11E6-91BE-7B****28}.dat ---> Offset = 512
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F132BE60-49BD-11E6-91BE-7B****28}.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6A4F.tmp ---> Offset = 16383
C:\Documents and Settings\Administrator\Local Settings\Temp\~DF6A4F.tmp ---> Offset = 12288
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F132BE60-49BD-11E6-91BE-7B****28}.dat ---> Offset = 3072
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Recovery\Active\{F132BE60-49BD-11E6-91BE-7B****28}.dat ---> Offset = 1536

Network behavior

Behavior description: 联网打开网址
details: InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0004, Flags = 0x80000010
Behavior description: 连接指定站点
details: InternetConnectA: ServerName = **.133.40.**, PORT = 128, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000010
Behavior description: 打开HTTP连接
details: InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
Behavior description: 建立到一个指定的套接字连接
details: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x0000049c
Behavior description: 读取网络文件
details: hFile = 0x00cc000c, BytesToRead =4010, BytesRead = 4010.
Behavior description: 发送HTTP包
details: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128 Cache-Control: no-cache
Behavior description: 打开HTTP请求
details: HttpOpenRequestA: **.133.40.**:128/wpad.dat, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000010
Behavior description: 按名称获取主机地址
details: GetAddrInfoW: computer
GetAddrInfoW: wpad

Registry behavior

Behavior description: 修改注册表_安装输入法项
details: \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Ime File
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout Text
\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Keyboard Layouts\E0200804\Layout File
\REGISTRY\USER\S-*\Keyboard Layout\Preload\2
Behavior description: 删除注册表键
details: \REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{67ff5543-c5c9-11e0-9f6d-806d6172696f}\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\{61066b64-7a09-11e4-91b2-806d6172696f}\
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\CPC\Volume\
Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\SessionInformation\ProgramCount
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{E68D9E8E-49BD-11E6-91BE-7B****28}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Window_Placement
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU\MRUList
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Keyboard Layout\Preload\2
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL

Other behavior

Behavior description: 创建互斥体
details: CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ALH
MSCTF.Shared.MUTEX.AEF
MSCTF.Shared.MUTEX.AKF
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Local\!BrowserEmulation!SharedMemory!Mutex
RasPbFile
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.ALH.IC
EventName = MSCTF.SendReceiveConection.Event.ALH.IC
EventName = Isolation Signal Registry Event (E68D9E8B-49BD-11E6-91BE-7B****28, 0)
EventName = IE_EarlyTabStart_0x8b4
EventName = Isolation Signal Registry Event (E68D9E8C-49BD-11E6-91BE-7B****28, 0)
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IIH.IC
EventName = MSCTF.SendReceiveConection.Event.IIH.IC
EventName = MSCTF.SendReceive.Event.MJH.IC
EventName = MSCTF.SendReceiveConection.Event.MJH.IC
EventName = MSCTF.SendReceive.Event.ELH.IC
EventName = MSCTF.SendReceiveConection.Event.ELH.IC
EventName = Global\crypt32LogoffEvent
EventName = CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000040
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [地下城与勇士,地下城与勇士]
NtUserFindWindowEx: [Class,Window] = [TXGuiFoundation,QQ2013]
NtUserFindWindowEx: [Class,Window] = [CTXOPConntion_Class,OP_2269840561]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,]
NtUserFindWindowEx: [Class,Window] = [,DNF.exe]
Behavior description: 打开事件
details: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
_fCanRegisterWithShellService
Isolation Signal Registry Event (E68D9E8B-49BD-11E6-91BE-7B****28, 0)
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
MSCTF.SendReceiveConection.Event.ALH.IC
MSCTF.SendReceive.Event.ALH.IC
MSCTF.SendReceiveConection.Event.AKF.IC
MSCTF.SendReceive.Event.AKF.IC
MSCTF.SendReceiveConection.Event.AEF.IC
MSCTF.SendReceive.Event.AEF.IC
MSCTF.SendReceiveConection.Event.IIH.IC
MSCTF.SendReceive.Event.IIH.IC
MSCTF.SendReceiveConection.Event.MJH.IC
Behavior description: 获取TickCount值
details: TickCount = 5372994, SleepMilliseconds = 5041.
TickCount = 5379244, SleepMilliseconds = 5041.
Behavior description: 调整进程token权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 枚举窗口
details: N/A
Behavior description: 可执行文件签名信息
details: C:\WINDOWS\system32\login.dll(签名验证: 未通过)
C:\WINDOWS\system32\h55ui10.dll(签名验证: 未通过)
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 5041.
[2]: MilliSeconds = 5041.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [,Button]
[Window,Class] = [---智能强化功能--------------------------------- -------------------------------------------------- --------------------------------------------------,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [强 化 背包前 个装备,每个+1 自动强化背包前X个装备,每个装备+1 强化间隔延迟 毫秒 +10以上用此功能来批量强化,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [强 化 背包前 个装备 每个装备强化到 + 自动强化背包前X个装备,每个装备+X 最多+到10,如果装备碎了是无法继续强化 强化间隔延迟 毫秒,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [←自动买商城80W的魔锤 ←把盒子放快捷栏1,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [请把罐子放在物品快捷栏1.只能开罐子哦! 请把挑战书盒子放在物品快捷栏1,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [---不会设置别改------------------------------ ------------------------------------------------------------,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [自动攻击间隔: 毫秒 自动3SSS间隔: 毫秒,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [透明标签,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [,Afx:1030000:b:10011:1900015:0]
[Window,Class] = [地图选择: 进图时间: 毫秒 过图时间: 毫秒 翻牌时间: 毫秒 深渊房间等待时间: 毫秒 挂机装备处理方式: 每次卖物或分解时自动卖全部消耗品! 分解剩下红字装备(粉.紫) 回合后存粉、传说、SS装备 等待黑商时间: 毫秒 后买石头 挂镇魂请勿开加速!辅助会自动开启,Afx:1030000:b:10011
[Window,Class] = [----开始挂机鼠标请点在此处! 挂机不要开加速,否则各种问题 挂机前只需要把背包清理好,进图F8即可出图 点开始挂机,Edit]
[Window,Class] = [18000,Edit]
[Window,Class] = [已刷,Afx:1030000:b:10011:1900015:0]
Behavior description: 可执行文件MD5
details: C:\WINDOWS\system32\login.dll ---> b60da4e2e5aceba3ce3d87ee2cd872ee
C:\WINDOWS\system32\h55ui10.dll ---> 594729f6bf149e5fdbd1f01bd6ba9f22
Behavior description: 打开互斥体
details: ShimCacheMutex
Local\!IETld!Mutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!BrowserEmulation!SharedMemory!Mutex
RasPbFile
CtfmonInstMutexDefaultS-*
Local\RSS Eventing Connection Database Mutex 000008b0
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
Behavior description: 加载新释放的文件
details: Image: C:\WINDOWS\system32\login.dll.
Image: C:\WINDOWS\system32\h55ui10.dll.