VirSCAN.org - Free Multi-Engine Online Virus Scanner v1.02, Supports 47 AntiVirus Engines!

Main Menu

File information

Safety rating:77

Basic Information
MD5:	c13f5c474c42120cd0a4179d7e137e59
file type:	Rar
Production company:
version:
Shell or compiler information:
Subfile information:	Windows Loader.exedumpFile / f43aab2eaca2ecfa91c5eb31f19ad070 / EXE
	Windows Loader.exe / f43aab2eaca2ecfa91c5eb31f19ad070 / EXE
	upx30_dda5c574dumpFile / 29bedb7f398137a799727181555377d3 / EXE
	upx30_80bd5933dumpFile / 29bedb7f398137a799727181555377d3 / EXE
	激活后截图.jpgdumpFile / 5932f68b954152038a7f8ff748f0df7f / Unknown
	激活后截图.jpg / 5932f68b954152038a7f8ff748f0df7f / Unknown
	Read me.txtdumpFile / 05237812330d2ce967a5dffc8b74e5de / Unknown
	Read me.txt / 05237812330d2ce967a5dffc8b74e5de / Unknown
	Keys.inidumpFile / 08e787afba9de396d72075793ffe2e3d / Unknown
	Keys.ini / 08e787afba9de396d72075793ffe2e3d / Unknown
	168yeah网址之家，168yeah网址导航，168yeah网址大全，168yeah.com--中国超给力好用的网址导航站.urldumpFile / 345ef6299a724a668a801d649bc2c9ec / Unknown
	168yeah网址之家，168yeah网址导航，168yeah网址大全，168yeah.com--中国超给力好用的网址导航站.url / 345ef6299a724a668a801d649bc2c9ec / Unknown
	技术支持.txtdumpFile / 67f8d0334483591885ab5b619768fbb3 / Unknown
	技术支持.txt / 67f8d0334483591885ab5b619768fbb3 / Unknown
	Windows Server 2008 激活工具dumpFile / d41d8cd98f00b204e9800998ecf8427e / Unknown

Key behavior
Behavior description:	隐藏指定窗口
details:	[Window,Class] = [OS information,Button]
	[Window,Class] = [,RB_Pane]
	[Window,Class] = [Options,Button]
	[Window,Class] = [,ComboLBox]
	[Window,Class] = [,ComboBox]
	[Window,Class] = [,RICHEDIT50W]
	[Window,Class] = [,RB_CanvasPane]
	[Window,Class] = [Ignore OEM partitions,Button]
	[Window,Class] = [Ignore existing SLIC,Button]
	[Window,Class] = [Use legacy mode as default,Button]
	[Window,Class] = [Preserve current boot code,Button]
	[Window,Class] = [Use the default boot menu,Button]
	[Window,Class] = [Use a custom boot menu,Button]
	[Window,Class] = [Reverse search direction,Button]
	[Window,Class] = [Disable table sort,Button]

Process behavior
Behavior description:	枚举进程
details:	N/A

Registry behavior
Behavior description:	修改注册表
details:	\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
Behavior description:	删除注册表键
details:	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS

Other behavior
Behavior description:	创建互斥体
details:	WIN7LDRMU
Behavior description:	隐藏指定窗口
details:	[Window,Class] = [OS information,Button]
	[Window,Class] = [,RB_Pane]
	[Window,Class] = [Options,Button]
	[Window,Class] = [,ComboLBox]
	[Window,Class] = [,ComboBox]
	[Window,Class] = [,RICHEDIT50W]
	[Window,Class] = [,RB_CanvasPane]
	[Window,Class] = [Ignore OEM partitions,Button]
	[Window,Class] = [Ignore existing SLIC,Button]
	[Window,Class] = [Use legacy mode as default,Button]
	[Window,Class] = [Preserve current boot code,Button]
	[Window,Class] = [Use the default boot menu,Button]
	[Window,Class] = [Use a custom boot menu,Button]
	[Window,Class] = [Reverse search direction,Button]
	[Window,Class] = [Disable table sort,Button]
Behavior description:	查找指定窗口
details:	NtUserFindWindowEx: [Class,Window] = [STATIC,de.monkeybreadsoftware.realbasic.plugins00000570]
Behavior description:	窗口信息
details:	Pid = 1392, Hwnd=0xa01aa, Text = Unsupported OS information, ClassName = Button(GroupBox).
	Pid = 1392, Hwnd=0xe016e, Text = Options, ClassName = Button(GroupBox).
	Pid = 1392, Hwnd=0xd01a4, Text = Install, ClassName = Button.
	Pid = 1392, Hwnd=0xa0196, Text = Uninstall, ClassName = Button.
	Pid = 1392, Hwnd=0xd01c8, Text = Windows Loader v2.0.0 - By Daz, ClassName = RBWindow.
Behavior description:	获取系统权限
details:	SE_LOAD_DRIVER_PRIVILEGE
	SE_INC_BASE_PRIORITY_PRIVILEGE
Behavior description:	枚举窗口
details:	N/A

Run screenshot