VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:900e6adba414efd92f8095c356e038c2
file type:EXE
Production company:四川迅游网络科技股份有限公司
version:2.0.0.279---2, 0, 0, 279
Shell or compiler information:COMPILER:Borland Delphi DLL
Key behavior
Behavior description:查找杀软驱动文件
details:FileName = C:\222c25ed\DNF.exe (DNF游戏)
FileName = C:\222c25ed\IE8-Setup-Full\DNF.exe (DNF游戏)
FileName = C:\222c25ed\IE8-Setup-Full\log\DNF.exe (DNF游戏)
FileName = C:\AnalyzeControl\DNF.exe (DNF游戏)
FileName = C:\DiskD\DNF.exe (DNF游戏)
FileName = C:\DiskX\DNF.exe (DNF游戏)
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x81010558.
Behavior description:获取TickCount值
details:TickCount = 5435878, SleepMilliseconds = 3.
TickCount = 5435893, SleepMilliseconds = 3.
TickCount = 5436237, SleepMilliseconds = 3.
TickCount = 5436253, SleepMilliseconds = 3.
TickCount = 5436331, SleepMilliseconds = 3.
TickCount = 5436393, SleepMilliseconds = 3.
TickCount = 5436409, SleepMilliseconds = 3.
TickCount = 5437659, SleepMilliseconds = 3.
TickCount = 5437893, SleepMilliseconds = 3.
TickCount = 5437971, SleepMilliseconds = 3.
TickCount = 5438034, SleepMilliseconds = 3.
TickCount = 5438143, SleepMilliseconds = 3.
TickCount = 5451971, SleepMilliseconds = 3.
TickCount = 5452065, SleepMilliseconds = 3.
TickCount = 5452284, SleepMilliseconds = 3.
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\update.exe" download
ImagePath = , CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\XunYouGU\XunYouGU.exe" /1 1432 "5468,194,6183,2317,252,4581,9691,15011,1616,7808"
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\ntvdm.exe, CmdLine = "C:\WINDOWS\system32\ntvdm.exe" -f -i1 -o
Behavior description:创建本地线程
details:TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 252, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 1188, StartAddress = 01872770, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2112, StartAddress = 0057E5A6, Parameter = 017C4D48
TargetProcess: ntvdm.exe, InheritedFromPID = 1432, ProcessID = 2104, ThreadID = 2116, StartAddress = 0F03BEA4, Parameter = 00000000
TargetProcess: ntvdm.exe, InheritedFromPID = 1432, ProcessID = 2104, ThreadID = 2120, StartAddress = 0F0121A5, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2152, StartAddress = 01C8B687, Parameter = 01E91040
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2408, StartAddress = 0210F44C, Parameter = 007148E0
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2412, StartAddress = 02101A40, Parameter = 02D9EC80
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2416, StartAddress = 02104E50, Parameter = 00000000
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2420, StartAddress = 0057E5A6, Parameter = 017C4D48
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2436, StartAddress = 0057E5A6, Parameter = 017C4D48
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2456, StartAddress = 0057E5A6, Parameter = 017C8CE8
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2460, StartAddress = 02BAEAB6, Parameter = 045BAB60
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2584, StartAddress = 6359727B, Parameter = 00839600
TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 1432, ThreadID = 2592, StartAddress = 0057E5A6, Parameter = 017C9448
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb67.tmp, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\XunYouTM.exe" %temp%\****.exe \\.\pipe\xunyou_protramon_named_piped
Behavior description:枚举进程
details:N/A
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_dcff734b-bc3f-43cb-8911-9b5d467629cf
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp
C:\WINDOWS\Temp\scs5D.tmp
C:\WINDOWS\Temp\scs5E.tmp
Behavior description:查找杀软驱动文件
details:FileName = C:\222c25ed\DNF.exe (DNF游戏)
FileName = C:\222c25ed\IE8-Setup-Full\DNF.exe (DNF游戏)
FileName = C:\222c25ed\IE8-Setup-Full\log\DNF.exe (DNF游戏)
FileName = C:\AnalyzeControl\DNF.exe (DNF游戏)
FileName = C:\DiskD\DNF.exe (DNF游戏)
FileName = C:\DiskX\DNF.exe (DNF游戏)
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb60.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb61.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb62.tmp
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb51.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb60.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb61.tmp
Behavior description:查找文件
details:FileName = c:\documents and settings
FileName = c:\Documents and Settings\administrator
FileName = c:\Documents and Settings\Administrator\local settings
FileName = c:\Documents and Settings\Administrator\Local Settings\temp
FileName = c:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = c:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = c:\windows
FileName = c:\WINDOWS\system32
FileName = c:\docume~1
FileName = c:\Documents and Settings\admini~1
FileName = c:\Documents and Settings\Administrator\locals~1
FileName = c:\Documents and Settings\Administrator\my documents
FileName = c:\Documents and Settings\all users
FileName = c:\Documents and Settings\All Users\documents
FileName = c:\program files
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp
C:\WINDOWS\Temp\scs5D.tmp
C:\WINDOWS\Temp\scs5E.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5F.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\evb60.tmp
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp ---> Offset = 0
C:\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys\fc1e3851f429ea606d6ff1e01a5229f1_dcff734b-bc3f-43cb-8911-9b5d467629cf ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp ---> Offset = 0
C:\WINDOWS\Temp\scs5D.tmp ---> Offset = 0
C:\WINDOWS\Temp\scs5D.tmp ---> Offset = 31
C:\WINDOWS\Temp\scs5D.tmp ---> Offset = 33
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://up****om/gamelogo2014/5395.ico, hInternet = 0x00cc0004, Flags = 0x80000000
Behavior description:连接指定站点
details:InternetConnectA: ServerName = up****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: GetHttp, hSession = 0x00cc0004
Behavior description:建立到一个指定的套接字连接
details:URL: up****om, IP: **.133.40.**:80, SOCKET = 0x000005f0
Behavior description:发送HTTP包
details:GET /gamelogo2014/5395.ico HTTP/1.1 User-Agent: GetHttp Host: up****om Cache-Control: no-cache
Behavior description:打开HTTP请求
details:HttpOpenRequestA: up****om:80/gamelogo2014/5395.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000000
Behavior description:按名称获取主机地址
details:gethostbyname: ww****om
gethostbyname: ms****om
GetAddrInfoW: up****om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\lamyu\xunyou2008\path
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
Behavior description:删除注册表键
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
Other behavior
Behavior description:创建互斥体
details:__PDH_PLA_MUTEX__
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
RasPbFile
bmvpnclient
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
xunyou_ptmsvc_
Behavior description:创建事件对象
details:EventName = EVB_61AA6C497A7A4572_00000598
EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
EventName = xunyou_ptm_plugin_CExportImp_wait_cmd_event
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [ConsoleWindowClass,ntvdm-838.83c.670002]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
Behavior description:获取TickCount值
details:TickCount = 5435878, SleepMilliseconds = 3.
TickCount = 5435893, SleepMilliseconds = 3.
TickCount = 5436237, SleepMilliseconds = 3.
TickCount = 5436253, SleepMilliseconds = 3.
TickCount = 5436331, SleepMilliseconds = 3.
TickCount = 5436393, SleepMilliseconds = 3.
TickCount = 5436409, SleepMilliseconds = 3.
TickCount = 5437659, SleepMilliseconds = 3.
TickCount = 5437893, SleepMilliseconds = 3.
TickCount = 5437971, SleepMilliseconds = 3.
TickCount = 5438034, SleepMilliseconds = 3.
TickCount = 5438143, SleepMilliseconds = 3.
TickCount = 5451971, SleepMilliseconds = 3.
TickCount = 5452065, SleepMilliseconds = 3.
TickCount = 5452284, SleepMilliseconds = 3.
Behavior description:获取光标位置
details:CursorPos = (96,18500), SleepMilliseconds = 3.
CursorPos = (6389,26533), SleepMilliseconds = 3.
CursorPos = (19224,15757), SleepMilliseconds = 3.
CursorPos = (11533,29391), SleepMilliseconds = 3.
Behavior description:打开事件
details:HookSwitchHookEnabledEvent
Global\crypt32LogoffEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
\INSTALLATION_SECURITY_HOLD
MSFT.VSA.COM.DISABLE.1432
MSFT.VSA.IEC.STATUS.6c736db0
Global\SvcctrlStartEvent_A3752DX
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x81010558.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5F.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb60.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb61.tmp(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\evb62.tmp(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 3.
[2]: MilliSeconds = 3.
[3]: MilliSeconds = 3.
[4]: MilliSeconds = 3.
[5]: MilliSeconds = 3.
[6]: MilliSeconds = 3.
[7]: MilliSeconds = 3.
[8]: MilliSeconds = 3.
[9]: MilliSeconds = 3.
[10]: MilliSeconds = 3.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,#32770]
[Window,Class] = [,AtlAxWin140]
[Window,Class] = [,ATL:018C5D80]
[Window,Class] = [消息盒子,#32770]
[Window,Class] = [,Edit]
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\evb52.tmp ---> 548477e77506fedb57f141def1bcaaa1
C:\Documents and Settings\Administrator\Local Settings\Temp\evb53.tmp ---> 75bdfe46cfa4bcbf71f5a5a7749510a7
C:\Documents and Settings\Administrator\Local Settings\Temp\evb54.tmp ---> 26a5bf8ec0242ced28500a389065f852
C:\Documents and Settings\Administrator\Local Settings\Temp\evb55.tmp ---> cd7134ba29dc7b8b3f397346b856781a
C:\Documents and Settings\Administrator\Local Settings\Temp\evb56.tmp ---> dc8d9e69f9775259c7339abb96a278c9
C:\Documents and Settings\Administrator\Local Settings\Temp\evb57.tmp ---> 209be38ad7b0c838725c6b0f51fe05a2
C:\Documents and Settings\Administrator\Local Settings\Temp\evb58.tmp ---> 89b219423df24f6ad8b3a8024a066eed
C:\Documents and Settings\Administrator\Local Settings\Temp\evb59.tmp ---> 9cde6362527a2d65e2e8f096bc66f5d4
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5A.tmp ---> 9e29598cd69cfa337fbaae60ac546566
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5B.tmp ---> 9b87b2c0bdd0143f6e179209aa70f364
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5C.tmp ---> aed167d955e969796326dc2f7e46ce4d
C:\Documents and Settings\Administrator\Local Settings\Temp\evb5F.tmp ---> ebcff7722eed693a417d25fddc5f5c5d
C:\Documents and Settings\Administrator\Local Settings\Temp\evb60.tmp ---> 47b8dea57b0bb9afe80c7904ce19c52c
C:\Documents and Settings\Administrator\Local Settings\Temp\evb61.tmp ---> a8da68810a5b039d067c502217ca4ba3
C:\Documents and Settings\Administrator\Local Settings\Temp\evb62.tmp ---> 35c6aa377f809dc4dadd9f2849481442
Behavior description:打开互斥体
details:ShimCacheMutex
RasPbFile
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
DBWinMutex
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb52.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb53.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb54.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb55.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb56.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb57.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb58.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb59.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb5A.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb5B.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb5C.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb5F.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb60.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb61.tmp.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\evb62.tmp.
Behavior description:VMWare特殊指令检测虚拟机
details:N/A
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号