VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:55
Behavior list
Basic Information
MD5:e7450f217f39658dad27a1c8260cfc53
file type:Rar
Production company:
version:
Shell or compiler information:COMPILER:Microsoft Visual C++ 6.0 DLL [调试]
Subfile information:listpredef.dat / 7b4d53072f6d557202a243c1e3a570e3 / Unknown
cloudsec2.dll / 317ef6016303addb3059cade1b7b00d7 / DLL
MiniUI.dll / 5d16eec6fdcb74b735723af825b66698 / DLL
netm.tpi / 842d19a56905ff6a8a74980f196707e4 / DLL
360tray.exe / 767d45f7ee838e572d90e842b38f0cfd / EXE
360NetFos.dll / 9b250bf25411bf99fc110ab45cb0c6e9 / DLL
360netman.exe / 19d51b9aeabcb554bef56ad906c25227 / EXE
360tcpview.dll / 303aae15497e5bd6f9406d3ef39ccf77 / DLL
default.uil / b062d467c478716cda58b4085e683f0d / zip
Identify.dll / 0e9e46a3db6436d39174b8f7ccaa0fc0 / DLL
uninst.exe / ac459e81316e694be8ef6e8c74924909 / Nsis
360ps.dll / aced363069240ee3fb8da6d6f503fc57 / DLL
pedata.ui / 45d591dd2a0b7c5b0c285977da4e00b1 / zip
360netmon_50.sys / 38db22c3e91a73beba1870b6c6a95659 / SYS
360netctrl.dll / fa8eefc13a253862bf11a3aa6161059f / DLL
defaultskin.ui / 2b4c0c80562e77c0eb9ab9b0cd8f961d / zip
360compro.dll / 273f4d917eba6d41ac3d9692249bbd91 / DLL
netman.ui / 464f456e36eab1e2f0d52966a7917567 / zip
360verify.dll / 9468d919b3a6d024113d3664698ae17d / DLL
Key behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x00020000, Size = 0x00000830
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x7ffd9010, Size = 0x00000004
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x7ffd91e8, Size = 0x00000004
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.821284.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.821726.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x00020000, Size = 0x00000928
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.822162.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x7ffd6010, Size = 0x00000004
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.822595.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x7ffd61e8, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00010000, Size = 0x0000080a
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00020000, Size = 0x000007b0
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdc010, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdc1e8, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00020000, Size = 0x000007d0
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdf010, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdf1e8, Size = 0x00000004
Behavior description:查找杀软驱动文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.641782.exe_7zdump\360Safe.exe (360安全卫士)
Behavior description:获取TickCount值
details:TickCount = 491300, SleepMilliseconds = 50.
TickCount = 491315, SleepMilliseconds = 50.
TickCount = 491706, SleepMilliseconds = 50.
TickCount = 492378, SleepMilliseconds = 50.
TickCount = 492393, SleepMilliseconds = 50.
TickCount = 492425, SleepMilliseconds = 50.
TickCount = 492471, SleepMilliseconds = 50.
TickCount = 492487, SleepMilliseconds = 50.
TickCount = 492534, SleepMilliseconds = 50.
TickCount = 492550, SleepMilliseconds = 50.
TickCount = 492565, SleepMilliseconds = 50.
TickCount = 492596, SleepMilliseconds = 50.
TickCount = 492612, SleepMilliseconds = 50.
TickCount = 492831, SleepMilliseconds = 50.
TickCount = 493565, SleepMilliseconds = 50.
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x0a0104a0.
Foreground window Info: HWND = 0x00000000, DC = 0x0f010495.
Foreground window Info: HWND = 0x00000000, DC = 0x530104aa.
Foreground window Info: HWND = 0x00000000, DC = 0x3701032e.
Foreground window Info: HWND = 0x00000000, DC = 0x290102c4.
Foreground window Info: HWND = 0x00000000, DC = 0x010105c5.
Foreground window Info: HWND = 0x00000000, DC = 0x020105bf.
Foreground window Info: HWND = 0x00000000, DC = 0x1b0105ff.
Foreground window Info: HWND = 0x00000000, DC = 0x010106ea.
Foreground window Info: HWND = 0x00000000, DC = 0x060106e5.
Behavior description:关机或重启
details:N/A
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
Behavior description:自删除
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.788726.exe_7zdump\uninst.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.789050.exe_7zdump\safemon\360tray.exe
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\360safeuninst
Process behavior
Behavior description:跨进程写入数据
details:TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x00020000, Size = 0x00000830
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x7ffd9010, Size = 0x00000004
TargetProcess = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, WriteAddress = 0x7ffd91e8, Size = 0x00000004
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.821284.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x00010000, Size = 0x000007c2
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.821726.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x00020000, Size = 0x00000928
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.822162.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x7ffd6010, Size = 0x00000004
TargetProcess = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.822595.exe_7zdump\safemon\360tray.exe, WriteAddress = 0x7ffd61e8, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00010000, Size = 0x0000080a
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00020000, Size = 0x000007b0
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdc010, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdc1e8, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x00020000, Size = 0x000007d0
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdf010, Size = 0x00000004
TargetProcess = C:\Program Files\Internet Explorer\iexplore.exe, WriteAddress = 0x7ffdf1e8, Size = 0x00000004
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe" _?=C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248197.984448.exe_7zdump\
ImagePath = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248197.984959.exe_7zdump\safemon\360tray.exe, CmdLine = "C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248197.984959.exe_7zdump\safemon\360tray.exe" /uninstsp
Behavior description:枚举进程
details:N/A
Behavior description:创建本地线程
details:TargetProcess: 360tray.exe, InheritedFromPID = 3280, ProcessID = 3336, ThreadID = 3360, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: Au_.exe, InheritedFromPID = 3248, ProcessID = 3280, ThreadID = 3388, StartAddress = 00404EB3, Parameter = 000202B0
TargetProcess: Au_.exe, InheritedFromPID = 3248, ProcessID = 3280, ThreadID = 3460, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3472, StartAddress = 77DC845A, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3476, StartAddress = 7C947EBB, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3480, StartAddress = 7C930230, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3484, StartAddress = 7C949B6F, Parameter = 00000000
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3488, StartAddress = 77E56C7D, Parameter = 001960D8
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3492, StartAddress = 5DE05ABD, Parameter = 00198128
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3496, StartAddress = 5DE05BC0, Parameter = 001961B8
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3500, StartAddress = 0122F74F, Parameter = 00000208
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3516, StartAddress = 01214EEC, Parameter = 00000090
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3528, StartAddress = 6302B849, Parameter = 001A63D0
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3532, StartAddress = 77C0A341, Parameter = 003F67E8
TargetProcess: iexplore.exe, InheritedFromPID = 3280, ProcessID = 3464, ThreadID = 3536, StartAddress = 77E56C7D, Parameter = 001C83B0
Behavior description:创建进程
details:ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome
ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3464 CREDAT:79873
ImagePath = C:\Program Files\Internet Explorer\iexplore.exe, CmdLine = "C:\Program Files\Internet Explorer\IEXPLORE.EXE" SCODEF:3556 CREDAT:79873
File behavior
Behavior description:创建文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsh4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AlgorithmLib.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SafeDriverCtrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiMon.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiProc.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\dmcl.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\ioSpecial.ini
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\modern-wizard.bmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\modern-header.bmp
Behavior description:查找杀软驱动文件
details:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.641782.exe_7zdump\360Safe.exe (360安全卫士)
Behavior description:创建可执行文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe
C:\Documents and Settings\Administrator\Local Settings\Temp\AlgorithmLib.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SafeDriverCtrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiProc.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\System.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\nsplugin.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\InstallOptions.dll
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno9.tmp
Behavior description:覆盖已有文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\background_gradient[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno9.tmp
Behavior description:复制文件
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.600229.exe_7zdump\uninst.exe ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
Behavior description:删除文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsh4.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi6.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp
C:\Documents and Settings\Administrator\Local Settings\Temp\AlgorithmLib.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\SafeDriverCtrl.dll
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiMon.sys
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiProc.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.602884.exe_7zdump\360verify.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.603236.exe_7zdump\MiniUI.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.603585.exe_7zdump\deepscan\cloudsec2.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.603947.exe_7zdump\deepscan\Identify\Identify.dll
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.604319.exe_7zdump\config\config.xml
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.604683.exe_7zdump\config\defaultskin\360Safe-16new.png
Behavior description:查找文件
details:FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.850677.exe_7zdump
FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\~nsu.tmp\Au_.exe
FileName = C:\Documents and Settings\ADMINI~1
FileName = C:\Documents and Settings\Administrator\LOCALS~1
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp
Behavior description:修改BAT脚本文件
details:C:\Documents and Settings\Administrator\Local Settings\Temp\remove360.bat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\remove360.bat ---> Offset = 104
C:\Documents and Settings\Administrator\Local Settings\Temp\remove360.bat ---> Offset = 208
C:\Documents and Settings\Administrator\Local Settings\Temp\remove360.bat ---> Offset = 312
C:\Documents and Settings\Administrator\Local Settings\Temp\remove360.bat ---> Offset = 417
Behavior description:设置特殊文件夹属性
details:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
C:\Documents and Settings\Administrator\IETldCache
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~\WebSlices~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds\{5588ACFD-6436-411B-A5CE-666AE6A92D3D}~
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
C:\Documents and Settings\Administrator\IECompatCache
Behavior description:修改文件内容
details:C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsh5.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe ---> Offset = 131072
C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe ---> Offset = 196608
C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe ---> Offset = 262144
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp ---> Offset = 32768
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp ---> Offset = 65536
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp ---> Offset = 98304
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi7.tmp ---> Offset = 106428
C:\Documents and Settings\Administrator\Local Settings\Temp\AlgorithmLib.dll ---> Offset = 0
Behavior description:自删除
details:C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.788726.exe_7zdump\uninst.exe
C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.789050.exe_7zdump\safemon\360tray.exe
Network behavior
Behavior description:联网打开网址
details:InternetOpenUrlA: http://<FAKE_SERVER_IP>:128/wpad.dat, hInternet = 0x00cc0004, Flags = 0x80000010
InternetOpenUrlA: http://<FAKE_SERVER_IP>:128/wpad.dat, hInternet = 0x00cc0010, Flags = 0x00000010
Behavior description:下载文件
details:URLDownloadToFileW: http://ww********om/favicon.ico ---> C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico
URLDownloadToFileW: https://go************om/fwlink/?LinkId=141260 ---> C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\Kno9.tmp
Behavior description:打开指定IE网页
details:http://ww******cn/360safeuninstall.html?ver=
Behavior description:连接指定站点
details:InternetConnectA: ServerName = <FAKE_SERVER_IP>, PORT = 128, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x80000010
InternetConnectA: ServerName = ww******cn, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = <FAKE_SERVER_IP>, PORT = 128, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000010
InternetConnectA: ServerName = ww********om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
InternetConnectA: ServerName = ur*************om, PORT = 443, UserName = , Password = , hSession = 0x00cc0010, hConnect = 0x00cc0014, Flags = 0x00000200
InternetConnectA: ServerName = go************om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00800000
Behavior description:打开HTTP连接
details:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0010
InternetOpenA: UserAgent: VCSoapClient, hSession = 0x00cc0010
Behavior description:建立到一个指定的套接字连接
details:URL: wpad, IP: <FAKE_SERVER_IP>:128, SOCKET = 0x0000034c
URL: wpad, IP: <FAKE_SERVER_IP>:128, SOCKET = 0x000004b4
URL: wpad, IP: <FAKE_SERVER_IP>:128, SOCKET = 0x00000548
URL: ww******cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x0000054c
URL: ww********om, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x000005e8
URL: ww******cn, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x00000578
URL: ur*************om, IP: <FAKE_SERVER_IP>:443, SOCKET = 0x000005f0
URL: ww********om, IP: <FAKE_SERVER_IP>:80, SOCKET = 0x000004e4
URL: go************om, IP: <FAKE_SERVER_IP>:443, SOCKET = 0x0000051c
Behavior description:读取网络文件
details:hFile = 0x00cc000c, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc0018, BytesToRead =4010, BytesRead = 4010.
hFile = 0x00cc000c, BytesToRead =4096, BytesRead = 4096.
Behavior description:发送HTTP包
details:GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: <FAKE_SERVER_IP>:128 Cache-Control: no-cache
GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: <FAKE_SERVER_IP>:128
GET /360safeuninstall.html?ver= HTTP/1.1 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Accept-Encoding: gzip, deflate Host: ww******cn Connection: Keep-Alive
GET /favicon.ico HTTP/1.1 Accept: */* Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww********om Connection: Keep-Alive
GET /360safeuninstall.html?ver= HTTP/1.1 Accept: */* Accept-Language: zh-cn Accept-Encoding: gzip, deflate User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489) Host: ww******cn Connection: Keep-Alive
Behavior description:打开HTTP请求
details:HttpOpenRequestA: <FAKE_SERVER_IP>:128/wpad.dat, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80000010
HttpOpenRequestA: ww******cn:80/360safeuninstall.html?ver=, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400000
HttpOpenRequestA: <FAKE_SERVER_IP>:128/wpad.dat, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: GET, Referer: , Flags = 0x00000010
HttpOpenRequestA: ww********om:80/favicon.ico, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00600010
HttpOpenRequestA: ww******cn:80/360safeuninstall.html?ver=, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
HttpOpenRequestA: ur*************om:443/urs.asmx?msurs-client-key=4kblkx0vdoa2ee0hj9bj7w%3d%3d&msurs-patented-lock=c/pteqnsohw%3d, hConnect = 0x00cc0014, hRequest = 0x00cc0018, Verb: POST, Referer: , Flags = 0x04880300
HttpOpenRequestA: go************om:443/fwlink/?linkid=141260, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00c00010
Behavior description:按名称获取主机地址
details:GetAddrInfoW: computer
GetAddrInfoW: wpad
GetAddrInfoW: ww******cn
GetAddrInfoW: ww********om
GetAddrInfoW: ur*************om
GetAddrInfoW: go************om
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{DF4167CC-10E3-11E6-91BE-000000000000}
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\Enable
\REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{1EA4DBF0-3C3B-11CF-810C-00AA00389B71}\1.1\0\win32\
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Recovery\Active\{E11BDBC2-10E3-11E6-91BE-000000000000}
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Main\Window_Placement
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\Security\AntiPhishing\2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2\UserFile
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\DownloadRetries
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\Version
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\SearchScopes\UpgradeTime
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\DisplayName
Behavior description:删除注册表键
details:\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\{63800dac-e7ca-4df9-9a5c-20765055488d}\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\0x00000000\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\LanguageProfile\
\REGISTRY\USER\S-*\Software\Microsoft\CTF\TIP\{1188450c-fdab-47ae-80d8-c9633f71be64}\
Behavior description:修改注册表_延迟重命名项
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\Session Manager\PendingFileRenameOperations
Behavior description:删除注册表键值
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\ShowNewLogo
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{3B158F69-0988-48bf-A3CD-93E0A4B0339F}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\{E2A91EC5-8DF7-4d9c-9723-509CBC1015CB}
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\360Safetray
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\360Antiarp
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\360Mipan
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\360Safe
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
Behavior description:修改注册表_启动项
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce\360safeuninst
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
1830B7BD-F7A3-4c4d-989B-C004DE465EDE 3336
Global\Q360MipanUsedMutex
MSCTF.Shared.MUTEX.ELH
Local\c:!documents and settings!administrator!ietldcache!
Local\!BrowserEmulation!SharedMemory!Mutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
RasPbFile
Behavior description:创建事件对象
details:EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = Isolation Signal Registry Event (DF4167C9-10E3-11E6-91BE-000000000000, 0)
EventName = IE_EarlyTabStart_0xd8c
EventName = Isolation Signal Registry Event (DF4167CA-10E3-11E6-91BE-000000000000, 0)
EventName = Local\IEDDEExecuteEvent
EventName = MSCTF.SendReceive.Event.ENM.IC
EventName = MSCTF.SendReceiveConection.Event.ENM.IC
EventName = Global\crypt32LogoffEvent
EventName = Isolation Signal Registry Event (E11BDBBF-10E3-11E6-91BE-000000000000, 0)
EventName = IE_EarlyTabStart_0xdec
EventName = Isolation Signal Registry Event (E11BDBC0-10E3-11E6-91BE-000000000000, 0)
EventName = Local\RSS Eventing Event Event 00000d88
EventName = Local\RSS Eventing Event Event 00000de4
EventName = MSCTF.SendReceive.Event.MIN.IC
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [360MipanFloat,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [360Down,]
NtUserFindWindowEx: [Class,Window] = [LiveUpdate360,]
NtUserFindWindowEx: [Class,Window] = [360_newlogo_msg_wnd,]
NtUserFindWindowEx: [Class,Window] = [360RepairLeakClass,]
NtUserFindWindowEx: [Class,Window] = [360SoftManagerClass,]
NtUserFindWindowEx: [Class,Window] = [360DeepScanClass,]
NtUserFindWindowEx: [Class,Window] = [360DSMainClass,]
NtUserFindWindowEx: [Class,Window] = [360AntiarpClass,]
NtUserFindWindowEx: [Class,Window] = [Q360FWMainClass,]
NtUserFindWindowEx: [Class,Window] = [360SysSweeper,]
NtUserFindWindowEx: [Class,Window] = [Q360WDClass,]
NtUserFindWindowEx: [Class,Window] = [WDSafeDownDlg,]
NtUserFindWindowEx: [Class,Window] = [360LeakFixer,]
Behavior description:窗口信息
details:Pid = 3280, Hwnd=0x202b4, Text = 下一步(&N) >, ClassName = Button.
Pid = 3280, Hwnd=0x202b2, Text = 取消(&C), ClassName = Button.
Pid = 3280, Hwnd=0x202d8, Text = 360.CN , ClassName = Static.
Pid = 3280, Hwnd=0x202c2, Text = 360.CN, ClassName = Static.
Pid = 3280, Hwnd=0x202c8, Text = 正在卸载, ClassName = Static.
Pid = 3280, Hwnd=0x202ca, Text = “360安全卫士”正在卸载,请等候..., ClassName = Static.
Pid = 3280, Hwnd=0x302b8, Text = 显示细节(&D), ClassName = Button.
Pid = 3280, Hwnd=0x202ae, Text = 输出目录: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp, ClassName = Static.
Pid = 3280, Hwnd=0x502a4, Text = 360安全卫士 解除安装 , ClassName = #32770.
Pid = 3280, Hwnd=0x202ae, Text = 删除文件: C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248199.166901.exe_7zdump\netmon\360gmps.dat, ClassName = Static.
Pid = 3280, Hwnd=0x202ae, Text = 运行外部程序: open http://www.360.cn/360safeuninstall.html?ver=, ClassName = Static.
Pid = 3280, Hwnd=0x202cc, Text = < 上一步(&P), ClassName = Button.
Pid = 3280, Hwnd=0x202c8, Text = 卸载已完成, ClassName = Static.
Pid = 3280, Hwnd=0x202ca, Text = 卸载已成功地完成。, ClassName = Static.
Pid = 3280, Hwnd=0x5026a, Text = 卸载即将完成, ClassName = Static.
Behavior description:获取TickCount值
details:TickCount = 491300, SleepMilliseconds = 50.
TickCount = 491315, SleepMilliseconds = 50.
TickCount = 491706, SleepMilliseconds = 50.
TickCount = 492378, SleepMilliseconds = 50.
TickCount = 492393, SleepMilliseconds = 50.
TickCount = 492425, SleepMilliseconds = 50.
TickCount = 492471, SleepMilliseconds = 50.
TickCount = 492487, SleepMilliseconds = 50.
TickCount = 492534, SleepMilliseconds = 50.
TickCount = 492550, SleepMilliseconds = 50.
TickCount = 492565, SleepMilliseconds = 50.
TickCount = 492596, SleepMilliseconds = 50.
TickCount = 492612, SleepMilliseconds = 50.
TickCount = 492831, SleepMilliseconds = 50.
TickCount = 493565, SleepMilliseconds = 50.
Behavior description:调整进程token权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
Behavior description:枚举窗口
details:N/A
Behavior description:获取窗口截图信息
details:Foreground window Info: HWND = 0x00000000, DC = 0x0a0104a0.
Foreground window Info: HWND = 0x00000000, DC = 0x0f010495.
Foreground window Info: HWND = 0x00000000, DC = 0x530104aa.
Foreground window Info: HWND = 0x00000000, DC = 0x3701032e.
Foreground window Info: HWND = 0x00000000, DC = 0x290102c4.
Foreground window Info: HWND = 0x00000000, DC = 0x010105c5.
Foreground window Info: HWND = 0x00000000, DC = 0x020105bf.
Foreground window Info: HWND = 0x00000000, DC = 0x1b0105ff.
Foreground window Info: HWND = 0x00000000, DC = 0x010106ea.
Foreground window Info: HWND = 0x00000000, DC = 0x060106e5.
Behavior description:可执行文件签名信息
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\AlgorithmLib.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\SafeDriverCtrl.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiProc.dll(签名验证: 通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\System.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\nsplugin.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\InstallOptions.dll(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico(签名验证: 未通过)
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno9.tmp(签名验证: 未通过)
Behavior description:调用Sleep函数
details:[1]: MilliSeconds = 250.
Behavior description:隐藏指定窗口
details:[Window,Class] = [,Button]
[Window,Class] = [显示细节(&D),Button]
[Window,Class] = [,BrowserFrameGripperClass]
[Window,Class] = [360.CN,Static]
[Window,Class] = [360.CN ,Static]
[Window,Class] = [,Static]
[Window,Class] = [卸载已完成,Static]
[Window,Class] = [卸载已成功地完成。,Static]
[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
[Window,Class] = [,SysLink]
[Window,Class] = [文件大小未知,Static]
[Window,Class] = [打开此类文件前总是询问(&W),Button]
[Window,Class] = [发行者:,Static]
[Window,Class] = [Windows Internet Explorer,IEFrame]
Behavior description:关机或重启
details:N/A
Behavior description:可执行文件MD5
details:C:\Documents and Settings\Administrator\Local Settings\Temp\~nsu.tmp\Au_.exe ---> ac459e81316e694be8ef6e8c74924909
C:\Documents and Settings\Administrator\Local Settings\Temp\AlgorithmLib.dll ---> 0b8f3cfe24294822394fe0745749ce30
C:\Documents and Settings\Administrator\Local Settings\Temp\SafeDriverCtrl.dll ---> 872e39cc6058b7771be6a9dc033333f2
C:\Documents and Settings\Administrator\Local Settings\Temp\EfiProc.dll ---> f9329365c9a9ccefa58e0b6e666c3a38
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\System.dll ---> 7d85b1f619a3023cc693a88f040826d2
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\nsplugin.dll ---> 6ee003875c43a2f2578710710ee9fb56
C:\Documents and Settings\Administrator\Local Settings\Temp\nsi8.tmp\InstallOptions.dll ---> 32aa6334fc543e70ef0f792bb9a0c45a
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Internet Explorer\Services\search_{0633EE93-D776-472f-A0FF-E1416B8B2E3A}.ico ---> fe1d0ee5901dd167ee9b28eece31786c
C:\Documents and Settings\Administrator\Local Settings\Temp\Kno9.tmp ---> fe1d0ee5901dd167ee9b28eece31786c
Behavior description:加载新释放的文件
details:Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi8.tmp\System.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\SafeDriverCtrl.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi8.tmp\nsplugin.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.646263.exe_7zdump\netmon\360netctrl.dll.
Image: C:\Documents and Settings\Administrator\Local Settings\%temp%\1462248198.646611.exe_7zdump\netmon\netmstart.dll.
Image: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\nsi8.tmp\InstallOptions.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号