VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:9344f0ec0732a9911df98bbe092528a0
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 设置消息钩子
details: C:\WINDOWS\system32\DINPUT8.dll
Behavior description: 获取TickCount值
details: TickCount = 496875, SleepMilliseconds = 10000.
TickCount = 496890, SleepMilliseconds = 10000.
TickCount = 496921, SleepMilliseconds = 10000.
TickCount = 496937, SleepMilliseconds = 10000.
TickCount = 496953, SleepMilliseconds = 10000.
TickCount = 496968, SleepMilliseconds = 10000.
TickCount = 496984, SleepMilliseconds = 10000.
TickCount = 497000, SleepMilliseconds = 10000.
TickCount = 497015, SleepMilliseconds = 10000.
TickCount = 497046, SleepMilliseconds = 10000.
TickCount = 497062, SleepMilliseconds = 10000.
TickCount = 497078, SleepMilliseconds = 10000.
TickCount = 497093, SleepMilliseconds = 10000.
TickCount = 497125, SleepMilliseconds = 10000.
TickCount = 497140, SleepMilliseconds = 10000.
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000202a4, Text = 流量宝-免费专业的流量提升工具, ClassName = #32770.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x0e010495.
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\A18JD8ZA
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\VW1URTJP
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\W2P7L1PJ
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description: 修改注册表_启动项
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\流量宝

Process behavior

Behavior description: 创建本地线程
details: TargetProcess: %temp%\1461234238.157208.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 124, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: %temp%\1461234238.157590.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 716, StartAddress = 004BFC9A, Parameter = 011FB518
TargetProcess: %temp%\1461234238.157968.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 252, StartAddress = 004BFC9A, Parameter = 011FD400
TargetProcess: %temp%\1461234238.158345.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 1500, StartAddress = 004BFC9A, Parameter = 011FD788
TargetProcess: %temp%\1461234238.158720.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 168, StartAddress = 004BFC9A, Parameter = 011FDB58
TargetProcess: %temp%\1461234238.159095.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 180, StartAddress = 004BFC9A, Parameter = 011FDFE8
TargetProcess: %temp%\1461234238.159470.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 508, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: %temp%\1461234238.159844.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 484, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: %temp%\1461234238.160218.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 1856, StartAddress = 004BFC9A, Parameter = 011FE6A0
TargetProcess: %temp%\1461234238.160602.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 1388, StartAddress = 004BFC9A, Parameter = 011FF220
TargetProcess: %temp%\1461234238.160976.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 1360, StartAddress = 004BFC9A, Parameter = 011FF5A0
TargetProcess: %temp%\1461234238.161352.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 412, StartAddress = 004BFC9A, Parameter = 011FFA60
TargetProcess: %temp%\1461234238.161726.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 1396, StartAddress = 004BFC9A, Parameter = 011F4B68
TargetProcess: %temp%\1461234238.162104.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 784, StartAddress = 004BFC9A, Parameter = 011FF5A0
TargetProcess: %temp%\1461234238.162479.exe, InheritedFromPID = 1944, ProcessID = 1868, ThreadID = 1044, StartAddress = 004BFC9A, Parameter = 011FD400
Behavior description: 枚举进程
details: N/A

File behavior

Behavior description: 创建文件
details: C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\desktop.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\desktop.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\index.dat
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\desktop.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\A18JD8ZA\desktop.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\VW1URTJP\desktop.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\W2P7L1PJ\desktop.ini
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\f8[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\CFGUpdate[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\h1[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\f2[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\log.txt
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\clthang2[1]
Behavior description: 覆盖已有文件
details: C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\NativeCache\NativeCache.directory
Behavior description: 查找文件
details: FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\Temporary Files\*
FileName = C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\*
FileName = C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cookies\*
FileName = C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\\Temporary Internet Files\Content.IE5\*.*
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = \\?\C:\WINDOWS\system32\Macromed\Flash\ss.sgn
FileName = \\?\C:\WINDOWS\system32\Macromed\Flash\ss.cfg
FileName = \\?\C:\Documents and Settings\Administrator\Application Data\Adobe\Flash Player\NativeCache
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
Behavior description: 删除文件
details: C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\f8[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\CFGUpdate[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\h1[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\f2[1]
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\clthang2[1]
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\A18JD8ZA
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\VW1URTJP
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\W2P7L1PJ
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
Behavior description: 修改文件内容
details: C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 70
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\L609CVH3\desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\A18JD8ZA\desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\VW1URTJP\desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\Temporary Internet Files\Content.IE5\W2P7L1PJ\desktop.ini ---> Offset = 0
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 105
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 129
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 121
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 164
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\cfg.ini ---> Offset = 118
C:\Documents and Settings\Administrator\Application Data\LiuliangbaoEx\log.txt ---> Offset = 0

Network behavior

Behavior description: 连接指定站点
details: InternetConnectA: ServerName = ap**************cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ap**************cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000000
InternetConnectA: ServerName = ap**************cn, PORT = 80, UserName = , Password = , hSession = 0x00cc001c, hConnect = 0x00cc0020, Flags = 0x00000000
InternetConnectA: ServerName = ap**************cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0028, hConnect = 0x00cc002c, Flags = 0x00000000
InternetConnectA: ServerName = ap*************cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ap***********om, PORT = 8011, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
Behavior description: 打开HTTP连接
details: InternetOpenA: UserAgent: llb/2.3.1362.813, hSession = 0x00cc0004
InternetOpenA: UserAgent: llb/2.3.1362.813, hSession = 0x00cc0010
InternetOpenA: UserAgent: llb/2.3.1362.813, hSession = 0x00cc001c
InternetOpenA: UserAgent: llb/2.3.1362.813, hSession = 0x00cc0028
Behavior description: 建立到一个指定的套接字连接
details: URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x000004bc
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x000004b8
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x000004b0
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x000004ac
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000514
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000494
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000438
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000454
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000424
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000434
URL: ap*************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000388
URL: ap**************cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000360
URL: ap***********om, IP: <FAKE_SERVER_IP>:8011, SOCKET = 0x00000360
Behavior description: 读取网络文件
details: hFile = 0x00cc000c, BytesToRead =102400, BytesRead = 102400.
hFile = 0x00cc0024, BytesToRead =102400, BytesRead = 102400.
hFile = 0x00cc0030, BytesToRead =102400, BytesRead = 102400.
hFile = 0x00cc0018, BytesToRead =102400, BytesRead = 102400.
Behavior description: 发送HTTP包
details: POST /as/2/h1/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 218 Connection: Keep-Alive Cache-Control: no-cache d=7773e6b3cf3470c1da8adb9758906af76ea9fcebb6aa34eb8bc90b850a01c4a2276d8fe710b682b7b0b5ce162fc230e6218335056a736f210c7912f7fcf094802b05f31866a373769c7e4e3dd08f88a7d6cb9e12d633ad902844be1fb6a1d8bfb0b5ce162fc230e6a4dda650
GET /redirect/CFGUpdate?number=2.3&checksum=&cid=48A8266918774239B33BCFDF4B0B523A&rd=14246 HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: llb/2.3.1362.813 Host: ap**************cn Connection: Keep-Alive Cache-Control: no-cache
POST /as/c/f8/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 92 Connection: Keep-Alive Cache-Control: no-cache d=2077457a7927114f21f4c2b16547661b52bcc175331990e6c7fe3f148f60ae147122dbaec6a43cb8ab036f6a0f
POST /as/c/f8/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 92 Connection: Keep-Alive Cache-Control: no-cache d=3c1e263bb03a98a6511664dd6cd7c91cd3c8273ca7ba6fe3e429fc41d8f1ba7e6960b1b98dfc824719335cd73e
POST /as/c/f8/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 156 Connection: Keep-Alive Cache-Control: no-cache d=548a05a2fec86f9852c1da54c337e239ce4919084b7ea8335c1b07b2d542ba4b785c4bca10d1483842433253ebe827a02a12acbd3f63185966841b0b991d041233f850242d96c3a74b902d1194
POST /as/c/f8/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 156 Connection: Keep-Alive Cache-Control: no-cache d=f00abf4b3b06eb8bbe4adb382b83e1d0a1185ae169a2ba8a29869ba4516ceb3df023f1e439a280bfab7759e29ff200d12c09484a9669247fc9d547fa70d4c51e0203bd4e0d7195e367c38ce9c2
POST /as/c/f8/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 156 Connection: Keep-Alive Cache-Control: no-cache d=21c7367b64627ede68db21457201604c35729180458f4eda487d348474f72243fef7f5681ea364d81747fe1afb94cbe9162ce1127d9290a5f318c0ca79db1479ec2396b0120d07f4c267b36a64
POST /ts/f2.2/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 220 Connection: Keep-Alive Cache-Control: no-cache d=7147a7d4dc898a3ba817cdf4900abb8333dc52054d7ff869ad4d670f80dc7dcecb0b17f98e6963a7ade23a67b060a1406fc2a3990b1572797f8875422c583e17e10ba4c8a29e7795ed7bafb50ea44cc58e0bf7694ae9eeaa88fd2c67774518e6505573f40424b4674ff03b6082
POST /as/c/f8/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 1146 Connection: Keep-Alive Cache-Control: no-cache
GET /redirect/clthang2?preventCache=491140&cid=48A8266918774239B33BCFDF4B0B523A&v=2.3.1362 HTTP/1.1 Accept-Encoding: gzip, deflate User-Agent: llb/2.3.1362.813 Host: ap*************cn Connection: Keep-Alive Cache-Control: no-cache
POST /as/2/h1/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap**************cn Content-Length: 218 Connection: Keep-Alive Cache-Control: no-cache d=7773e6b3cf3470c1da8adb9758906af79abe27d621320bc89c53bb7c54870097b0948de505a7ad9eb173da5afcb0329465d82cbb3f170d075c42be32c372b1fcbd7cbf8f70a75778981b488947d7da940e764dfc14abc6c58c440d38f3719627b173da5afcb032941d3df536
POST /as/2/h1/ HTTP/1.1 Accept-Encoding: gzip, deflate Content-Type: application/x-www-form-urlencoded User-Agent: llb/2.3.1362.813 Host: ap***********om:8011 Content-Length: 218 Connection: Keep-Alive Cache-Control: no-cache d=7773e6b3cf3470c1da8adb9758906af7f6a0f036058024c816939dea48bd078fdf6295bc174acd885f6d1210df432b693c270e7e12c59b5c0e9cad04f501d4e734265d197912df654581206d364fb3f5537042f8db440aa1094bd2e14e94bbc85f6d1210df432b690ea94fa2
Behavior description: 打开HTTP请求
details: HttpOpenRequestA: ap**************cn:80/as/c/f8/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap**************cn:80/as/c/f8/, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap**************cn:80/redirect/cfgupdate?number=2.3&checksum=&cid=48a8266918774239b33bcfdf4b0b523a&rd=14246, hConnect = 0x00cc0020, hRequest = 0x00cc0024, Verb: GET, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap**************cn:80/as/2/h1/, hConnect = 0x00cc002c, hRequest = 0x00cc0030, Verb: POST, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap**************cn:80/as/c/f8/, hConnect = 0x00cc0020, hRequest = 0x00cc0024, Verb: POST, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap**************cn:80/ts/f2.2/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap*************cn:80/redirect/clthang2?preventcache=491140&cid=48a8266918774239b33bcfdf4b0b523a&v=2.3.1362, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap**************cn:80/as/2/h1/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0xa0400000
HttpOpenRequestA: ap***********om:8011/as/2/h1/, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: POST, Referer: , Flags = 0xa0400000
Behavior description: 按名称获取主机地址
details: GetAddrInfoW: ap**************cn
gethostbyname: computer
GetAddrInfoW: ap*************cn
GetAddrInfoW: ap***********om

Registry behavior

Behavior description: 修改注册表
details: \REGISTRY\USER\S-*\Software\CHtmlDialog\International\AutoDetect
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
Behavior description: 删除注册表键值
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description: 修改注册表_启动项
details: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Run\流量宝

Other behavior

Behavior description: 创建互斥体
details: DirectSound DllMain mutex (0x0000074C)
__PDH_PLA_MUTEX__
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Global\GPKEEPER_Instance_Mutex
Global\TFKEEPER_Instance_Mutex
Local\c:!documents and settings!administrator!application data!liuliangbaoex!!temporary internet files!content.ie5!
RasPbFile
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Behavior description: 创建事件对象
details: EventName = DINPUTWINMM
EventName = Global\crypt32LogoffEvent
EventName = Global\userenv: User Profile setup event
EventName = MSCTF.SendReceive.Event.IEB.IC
EventName = MSCTF.SendReceiveConection.Event.IEB.IC
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
Behavior description: 获取TickCount值
details: TickCount = 496875, SleepMilliseconds = 10000.
TickCount = 496890, SleepMilliseconds = 10000.
TickCount = 496921, SleepMilliseconds = 10000.
TickCount = 496937, SleepMilliseconds = 10000.
TickCount = 496953, SleepMilliseconds = 10000.
TickCount = 496968, SleepMilliseconds = 10000.
TickCount = 496984, SleepMilliseconds = 10000.
TickCount = 497000, SleepMilliseconds = 10000.
TickCount = 497015, SleepMilliseconds = 10000.
TickCount = 497046, SleepMilliseconds = 10000.
TickCount = 497062, SleepMilliseconds = 10000.
TickCount = 497078, SleepMilliseconds = 10000.
TickCount = 497093, SleepMilliseconds = 10000.
TickCount = 497125, SleepMilliseconds = 10000.
TickCount = 497140, SleepMilliseconds = 10000.
Behavior description: 屏蔽窗口关闭消息
details: hWnd = 0x000202a4, Text = 流量宝-免费专业的流量提升工具, ClassName = #32770.
Behavior description: 窗口信息
details: Pid = 1868, Hwnd=0x202cc, Text = 刷流量, ClassName = Button.
Pid = 1868, Hwnd=0x202b4, Text = 提升人气, ClassName = Button.
Pid = 1868, Hwnd=0x202b2, Text = 广告优化, ClassName = Button.
Pid = 1868, Hwnd=0x302ba, Text = 关键字排名, ClassName = Button.
Pid = 1868, Hwnd=0x302bc, Text = 刷Alexa, ClassName = Button.
Pid = 1868, Hwnd=0x202d4, Text = 刷电商人气, ClassName = Button.
Pid = 1868, Hwnd=0x202c2, Text = 优化列表, ClassName = Button(GroupBox).
Pid = 1868, Hwnd=0x202c4, Text = 客户端信息, ClassName = Button(GroupBox).
Pid = 1868, Hwnd=0x202ca, Text = 今日在线:, ClassName = Static.
Pid = 1868, Hwnd=0x202c6, Text = 今日优化累计:, ClassName = Static.
Pid = 1868, Hwnd=0x302da, Text = 可建任务数:, ClassName = Static.
Pid = 1868, Hwnd=0x302b8, Text = 当前任务数:, ClassName = Static.
Pid = 1868, Hwnd=0x202b0, Text = 优化速度选择:, ClassName = Static.
Pid = 1868, Hwnd=0x202ae, Text = 隐藏挂机, ClassName = Button.
Pid = 1868, Hwnd=0x202aa, Text = -- 小时, ClassName = Static.
Behavior description: 获取窗口截图信息
details: Foreground window Info: HWND = 0x00000000, DC = 0x0e010495.
Behavior description: 调用Sleep函数
details: [1]: MilliSeconds = 10000.
[2]: MilliSeconds = 10000.
[3]: MilliSeconds = 250.
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,ComboLBox]
[Window,Class] = [,CMainInfoBoard]
[Window,Class] = [,CHyperLinkCtrl]
[Window,Class] = [,AtlAxWin100]
[Window,Class] = [流量宝-免费专业的流量提升工具,#32770]