VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:11
Behavior list
Basic Information
MD5:4a7309a2c7413228f553bde63edfede2
file type:EXE
Production company:
version:0.0.0.0---
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Key behavior
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装 - Win 7 桌酷主题,TWizardForm]
[Window,Class] = [帮助,Button]
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\HaoZip\
Behavior description:探测 Virtual PC 是否存在
details:N/A
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\桌酷主题.url
C:\Documents and Settings\Administrator\桌面\桌酷壁纸.url
C:\Documents and Settings\Administrator\桌面\好压.lnk
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:按名称获取主机地址
details:download.ppstream.com
Process behavior
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\rundll32.exe, CmdLine = "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\shell32.dll,Control_RunDLL C:\WINDOWS\system32\desk.cpl desk,@Themes /Action:OpenTheme /file:"C:\WINDOWS\Resources\Themes\Win 7.Theme"
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-H7VTH.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-H7VTH.tmp\sample.tmp" /SL5="$A0186,6427046,116224,c:\monitor\sample.exe"
ImagePath = C:\WINDOWS\Resources\Themes\zhuoku\tool\pps_spl001@sp069.exe, CmdLine = "C:\WINDOWS\Resources\Themes\zhuoku\tool\pps_spl001@sp069.exe"
ImagePath = C:\WINDOWS\Resources\Themes\zhuoku\tool\haozip_silence.202133.exe, CmdLine = "C:\WINDOWS\Resources\Themes\zhuoku\tool\haozip_silence.202133.exe"
ImagePath = C:\WINDOWS\Resources\Themes\zhuoku\tool\DuomiDownI_V141.exe, CmdLine = "C:\WINDOWS\Resources\Themes\zhuoku\tool\DuomiDownI_V141.exe"
ImagePath = C:\Program Files\HaoZip\HaoZipLoader.exe, CmdLine = "C:\Program Files\HaoZip\HaoZipLoader.exe" -install
ImagePath = C:\Program Files\HaoZip\HaoZipUpdate.exe, CmdLine = "C:\Program Files\HaoZip\HaoZipUpdate.exe" -install
Behavior description:创建下载文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DuomiMusic_V141.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DuomiMusic_V141.exe
File behavior
Behavior description:在系统敏感位置(如开始菜单等)释放链接或快捷方式
details:C:\Documents and Settings\All Users\「开始」菜单\程序\桌酷主题\Win 7 桌酷主题.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\桌酷主题\免费下载更多桌酷主题.url
C:\Documents and Settings\All Users\「开始」菜单\程序\桌酷主题\免费下载更多桌酷壁纸.url
C:\Documents and Settings\Administrator\「开始」菜单\好压.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压软件实用工具\好压图片查看器.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压软件实用工具\好压MD5校验工具.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压软件实用工具\好压批量文件改名工具.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压软件实用工具\好压批量字符替换工具.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压软件实用工具\好压图片转换工具.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压帮助指南.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\好压版本升级.lnk
C:\Documents and Settings\Administrator\「开始」菜单\程序\好压软件\卸载好压.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\好压软件\好压.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\好压软件\好压软件实用工具\好压图片查看器.lnk
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-H7VTH.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\_isetup\_shfoldr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\callnsis.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\NewAdvSplash.DLL
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\UXTheme.exe
C:\WINDOWS\Resources\Themes\is-EIHKP.tmp
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-1N2HC.tmp
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-HGKEK.tmp
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-0L984.tmp
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-3K1BS.tmp
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-UVIJP.tmp
C:\WINDOWS\Resources\Themes\Win 7\is-50AC0.tmp
C:\WINDOWS\Resources\Themes\Win 7\Shell\NormalColor\is-JISSU.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsr4.tmp\System.dll
Behavior description:在桌面创建快捷方式
details:C:\Documents and Settings\Administrator\桌面\桌酷主题.url
C:\Documents and Settings\Administrator\桌面\桌酷壁纸.url
C:\Documents and Settings\Administrator\桌面\好压.lnk
Behavior description:写权限映射文件
details:Local\UrlZonesSM_Administrator
DfSharedHeapBDC75
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~DFDC7A.tmp
DfRoot0000BDC75
\WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\!PrivacIE!SharedMem!Counter
AtlDebugAllocator_FileMappingNameStatic3_c3c
E53E969B-A3F4-4a7a-A782-58997D219225
Behavior description:重命名文件
details:C:\WINDOWS\Resources\Themes\is-EIHKP.tmp ---> C:\WINDOWS\Resources\Themes\unins000.exe
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-1N2HC.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\tool\UXTheme.exe
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-HGKEK.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\tool\ChangeTheme.exe
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-0L984.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\tool\pps_spl001@sp069.exe
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-3K1BS.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\tool\haozip_silence.202133.exe
C:\WINDOWS\Resources\Themes\zhuoku\tool\is-UVIJP.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\tool\DuomiDownI_V141.exe
C:\WINDOWS\Resources\Themes\zhuoku\ico\is-8FC5I.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\ico\bizhi.ico
C:\WINDOWS\Resources\Themes\zhuoku\ico\is-CV4HP.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\ico\zhuti.ico
C:\WINDOWS\Resources\Themes\zhuoku\ico\is-CD1F3.tmp ---> C:\WINDOWS\Resources\Themes\zhuoku\ico\anzhuang.ico
C:\WINDOWS\Resources\Themes\is-TM92S.tmp ---> C:\WINDOWS\Resources\Themes\Win 7.theme
C:\WINDOWS\Resources\Themes\Win 7\is-50AC0.tmp ---> C:\WINDOWS\Resources\Themes\Win 7\Win 7.msstyles
C:\WINDOWS\Resources\Themes\Win 7\ico\is-3C0P0.tmp ---> C:\WINDOWS\Resources\Themes\Win 7\ico\1.ico
C:\WINDOWS\Resources\Themes\Win 7\ico\is-VD8M6.tmp ---> C:\WINDOWS\Resources\Themes\Win 7\ico\2.ico
C:\WINDOWS\Resources\Themes\Win 7\ico\is-OPFLD.tmp ---> C:\WINDOWS\Resources\Themes\Win 7\ico\3.ico
C:\WINDOWS\Resources\Themes\Win 7\ico\is-Q9NJN.tmp ---> C:\WINDOWS\Resources\Themes\Win 7\ico\4.ico
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\未命名 (小).JPG---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\top_header_en.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\finish_header_en.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\zhuoku_pic.bmp---> Offset = 0
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\install.bmp---> Offset = 0
C:\WINDOWS\Resources\Themes\zhuoku\ico\is-8FC5I.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\zhuoku\ico\is-CV4HP.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\zhuoku\ico\is-CD1F3.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\is-TM92S.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\Win 7\ico\is-3C0P0.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\Win 7\ico\is-VD8M6.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\Win 7\ico\is-OPFLD.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\Win 7\ico\is-Q9NJN.tmp---> Offset = 0
C:\WINDOWS\Resources\Themes\Win 7\ico\is-Q50MI.tmp---> Offset = 0
C:\WINDOWS\Cursors\Win 7\is-0JRM5.tmp---> Offset = 0
Network behavior
Behavior description:发送一个已连接的套接字数据
details:SOCKET = 0x000000ec, TotalSize = 127, Offset = 0, ReadSize = 127.
Behavior description:下载文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\DuomiMusic_V141.exe
Behavior description:连接指定站点
details:InternetConnectA: ServerName = down.duomi.com, PORT = 80
Behavior description:建立到一个指定的套接字连接
details:219.133.40.1:80
Behavior description:读取网络文件
details:hFile = 0x00000184, BytesToRead =8192, BytesRead = 8192.
Behavior description:打开HTTP请求
details:HttpOpenRequestA: down.duomi.com:80/duomimusic_v141.exe, hConnect = 0x00000188
Behavior description:按名称获取主机地址
details:download.ppstream.com
Registry behavior
Behavior description:修改注册表_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\HaoZip\
\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\HaoZip\
Behavior description:删除注册表键
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Desktop\Components\0
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Internet Explorer\Desktop\Components
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\HaoZip
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\PropertySheetHandlers\HaoZip
\REGISTRY\MACHINE\SOFTWARE\Classes\*\shellex\DragDropHandlers\HaoZip
\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\DragDropHandlers\HaoZip
\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\ContextMenuHandlers\HaoZip
\REGISTRY\MACHINE\SOFTWARE\Classes\Drive\shellex\DragDropHandlers\HaoZip
Behavior description:删除注册表键值_删除启动项
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Control Panel\Desktop\SCRNSAVE.EXE
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\Session Manager\PendingFileRenameOperations
Behavior description:修改注册表
details:\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\Inno Setup: Icon Group
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\Inno Setup: User
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\DisplayName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\UninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\QuietUninstallString
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\DisplayVersion
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\HelpLink
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\URLUpdateInfo
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\NoModify
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\NoRepair
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{ACBC6AF6-2762-4AC6-8BE3-3142DF23E54E}_is1\InstallDate
Behavior description:删除注册表键_删除启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\HaoZip
Behavior description:删除注册表键_系统右键菜单
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\ContextMenuHandlers\HaoZip
\REGISTRY\MACHINE\SOFTWARE\Classes\Folder\shellex\ContextMenuHandlers\HaoZip
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\ESENT\Process\rundll32\DEBUG\Trace Level
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\.Default\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\AppGPFault\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\Close\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\DeviceConnect\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\DeviceDisconnect\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\DeviceFail\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\LowBatteryAlarm\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\MailBeep\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\Maximize\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\MenuCommand\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\MenuPopup\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\Minimize\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\Open\.Current\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\AppEvents\Schemes\Apps\.Default\PrintComplete\.Current\
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Classes\Directory\shellex\DragDropHandlers\HaoZip\
Other behavior
Behavior description:创建互斥体
details:Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
SHIMLIB_LOG_MUTEX
PPSdown
H
Local\!PrivacIE!SharedMemory!Mutex
RasPbFile
Global\winlogon: Logon UserProfileMapping Mutex
Microsoft_WMP_70_CheckForOtherInstanceMutex
HaoZipUpdate_stat
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装 - Win 7 桌酷主题,TWizardForm]
[Window,Class] = [帮助,Button]
Behavior description:探测 Virtual PC 是否存在
details:N/A
Behavior description:窗口信息
details:Pid = 1288, Hwnd=0xc01c2, Text = _sp, ClassName = _sp.
Pid = 1288, Hwnd=0xd01ac, Text = 下载10000个最热门的桌酷主题, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01ce, Text = 主题补丁, ClassName = TButton.
Pid = 1288, Hwnd=0xb0170, Text = 第一次使用主题时,请您先点击左下方的[主题补丁]检测当前系统是否支持桌酷主题 如果主题补丁提示当前系统[未破解]请点击[破解], ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01b4, Text = 正在将《Win 7》安装到您的系统中,请熟读细则后再点击[下一步]安装 , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01b0, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 1288, Hwnd=0xb01aa, Text = 取消, ClassName = TNewButton.
Pid = 1288, Hwnd=0xc01c6, Text = 安装 - Win 7 桌酷主题, ClassName = TWizardForm.
Pid = 1288, Hwnd=0xc01b2, Text = 桌酷主题:一键安装,配套桌面壁纸 桌面图标 桌面主题 桌面鼠标,绿色易用!安全快捷! , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb019c, Text = 正在安装, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01a2, Text = 安装程序正在安装 Win 7 桌酷主题 到您的电脑中,请稍等......, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01b6, Text = 正在解压缩文件..., ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xd0190, Text = C:\WINDOWS\Cursors\Win 7\aero_unavail.cur, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb0174, Text = 目标位置: C:\WINDOWS\Resources\Themes 开始菜单文件夹: 桌酷主题 , ClassName = TNewMemo.
Pid = 1288, Hwnd=0xc01a6, Text = 您可以通过[开始菜单]-[所有程序]-[桌酷主题]管理您已经安装的桌酷主题 如果您忘记本站域名,请到百度搜索[桌酷主题],桌酷地址:http://ww, ClassName = TNewStaticText.
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:打开图片文件
details:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\未命名 (小).JPG
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\top_header_en.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\finish_header_en.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\zhuoku_pic.bmp
\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-O48NA.tmp\install.bmp
\WINDOWS\Resources\Themes\Win 7\WALLPAPER\Win 7.jpg
\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号