VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

   File information

Virscan.org multi-engine scan report
Behavior analysis report:         Habo file analysis

Basic Information

MD5:fd5c372639276a9cafceb3efc212ec17
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
Package names:
Minimum operating environment:
copyright:

Key behavior

Behavior description: 修改注册表_Winsock劫持
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\Proxifier.lnk
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
[Window,Class] = [安装 - Proxifier,TWizardForm]
[Window,Class] = [流量,Afx:ControlBar:400000:8:10011:10]
[Window,Class] = [连接,Afx:ControlBar:400000:8:10011:10]
[Window,Class] = [统计,Afx:ControlBar:400000:8:10011:10]
[Window,Class] = [Proxifier,Proxifier32Cls]
Behavior description: 按名称获取主机地址
details: www.hanzify.org
www.google.com

Process behavior

Behavior description: 创建进程
details: ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\WINDOWS\system32\ProxifierShellExt.dll"
ImagePath = C:\WINDOWS\notepad.exe, CmdLine = "C:\WINDOWS\notepad.exe" C:\Program Files\Proxifier\汉化新世纪.txt
Behavior description: 创建新文件进程
details: ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-OP55C.tmp\sample.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-OP55C.tmp\sample.tmp" /SL5="$A0186,3336897,52224,c:\%temp%\1413517944.269620.exe"
ImagePath = C:\Program Files\Proxifier\SysSettings32.exe, CmdLine = "C:\Program Files\Proxifier\SysSettings32.exe" silent-install
ImagePath = C:\Program Files\Proxifier\Proxifier.exe, CmdLine = "C:\Program Files\Proxifier\Proxifier.exe"
ImagePath = C:\Program Files\Proxifier\SysSettings32.exe, CmdLine = "C:\Program Files\Proxifier\SysSettings32.exe" silent-check

File behavior

Behavior description: 在系统敏感位置(如开始菜单等)释放链接或快捷方式
details: C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\Proxifier.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\系统设置.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\代理检查器.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\Proxifier 文档.lnk
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\卸载 Proxifier.lnk
Behavior description: 创建可执行文件
details: C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-OP55C.tmp\sample.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0H9VD.tmp\_isetup\_RegDLL.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0H9VD.tmp\_isetup\_shfoldr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-0H9VD.tmp\_isetup\_iscrypt.dll
C:\Program Files\Proxifier\is-Q542T.tmp
C:\Program Files\Proxifier\is-H8JKP.tmp
C:\Program Files\Proxifier\is-94AFC.tmp
C:\Program Files\Proxifier\is-KBHQJ.tmp
C:\Program Files\Proxifier\is-FD8HT.tmp
C:\WINDOWS\system32\is-KL7R6.tmp
C:\WINDOWS\system32\is-E5545.tmp
C:\WINDOWS\system32\is-84RA5.tmp
C:\WINDOWS\system32\is-VL56H.tmp
Behavior description: 在桌面创建快捷方式
details: C:\Documents and Settings\Administrator\桌面\Proxifier.lnk
Behavior description: 写权限映射文件
details: \WINDOWS\system32\zh-cn\ieframe.dll.mui
Local\UrlZonesSM_Administrator
Behavior description: 重命名文件
details: C:\Program Files\Proxifier\is-Q542T.tmp ---> C:\Program Files\Proxifier\unins000.exe
C:\Program Files\Proxifier\is-H8JKP.tmp ---> C:\Program Files\Proxifier\Proxifier.exe
C:\Program Files\Proxifier\is-94AFC.tmp ---> C:\Program Files\Proxifier\ProxyChecker.exe
C:\Program Files\Proxifier\is-KBHQJ.tmp ---> C:\Program Files\Proxifier\SysSettings32.exe
C:\Program Files\Proxifier\is-FD8HT.tmp ---> C:\Program Files\Proxifier\SysSettings64.exe
C:\Program Files\Proxifier\is-AGS2L.tmp ---> C:\Program Files\Proxifier\Proxifier.chm
C:\Program Files\Proxifier\is-NEF3M.tmp ---> C:\Program Files\Proxifier\汉化说明.txt
C:\Program Files\Proxifier\is-5HDB2.tmp ---> C:\Program Files\Proxifier\汉化新世纪.txt
C:\WINDOWS\system32\is-KL7R6.tmp ---> C:\WINDOWS\system32\ProxifierShellExt.dll
C:\WINDOWS\system32\is-E5545.tmp ---> C:\WINDOWS\system32\PrxerDrv.dll
C:\WINDOWS\system32\is-84RA5.tmp ---> C:\WINDOWS\system32\PrxerNsp.dll
C:\WINDOWS\system32\is-VL56H.tmp ---> C:\WINDOWS\system32\SPORDER.DLL
Behavior description: 设置特殊文件夹属性
details: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
Behavior description: 修改文件内容
details: C:\Program Files\Proxifier\is-AGS2L.tmp---> Offset = 262144
C:\Program Files\Proxifier\is-NEF3M.tmp---> Offset = 0
C:\Program Files\Proxifier\is-5HDB2.tmp---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\Proxifier.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\系统设置.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\代理检查器.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\Proxifier 文档.lnk---> Offset = 0
C:\Documents and Settings\All Users\「开始」菜单\程序\Proxifier\卸载 Proxifier.lnk---> Offset = 0
C:\Documents and Settings\Administrator\桌面\Proxifier.lnk---> Offset = 0
C:\Program Files\Proxifier\unins000.dat---> Offset = 460
C:\Documents and Settings\Administrator\Application Data\Proxifier\Profiles\Default.ppx---> Offset = 0
Behavior description: 修改新生成的可执行文件
details: C:\Program Files\Proxifier\is-Q542T.tmp---> Offset = 723014

Network behavior

Behavior description: 按名称获取主机地址
details: www.hanzify.org
www.google.com

Registry behavior

Behavior description: 删除注册表键_分层网络协议
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\00000004
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\00000005
Behavior description: 修改注册表_文件关联
details: \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\ProxifierShellExt\
Behavior description: 删除注册表键
details: \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41EE0809-7C22-4081-B9F3-564D08CC4F73}\InprocServer32
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41EE0809-7C22-4081-B9F3-564D08CC4F73}
\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\ProxifierShellExt
Behavior description: 删除注册表键值_IE连接设置
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
Behavior description: 修改注册表_Winsock劫持
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014\PackedCatalogItem
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Num_Catalog_Entries
Behavior description: 修改注册表
details: \REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\X\BaseClass
\REGISTRY\MACHINE\SOFTWARE\Classes\.prx\
\REGISTRY\MACHINE\SOFTWARE\Classes\.ppx\
\REGISTRY\MACHINE\SOFTWARE\Classes\Proxifier.Document\DefaultIcon\
\REGISTRY\MACHINE\SOFTWARE\Classes\Proxifier.Document\shell\open\command\
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Initex\Proxifier\License\Owner
\REGISTRY\USER\S-1-5-21-1482476501-1645522239-1417001333-500\Software\Initex\Proxifier\License\Key
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41EE0809-7C22-4081-B9F3-564D08CC4F73}\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41EE0809-7C22-4081-B9F3-564D08CC4F73}\InprocServer32\
\REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{41EE0809-7C22-4081-B9F3-564D08CC4F73}\InprocServer32\ThreadingModel
\REGISTRY\MACHINE\SOFTWARE\Classes\exefile\shellex\ContextMenuHandlers\ProxifierShellExt\
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Proxifier_is1\Inno Setup: Setup Version
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Proxifier_is1\Inno Setup: App Path
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Proxifier_is1\InstallLocation
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Proxifier_is1\Inno Setup: Icon Group
Behavior description: 修改注册表_分层网络协议
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\LibraryPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\DisplayString
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\ProviderId
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\SupportedNameSpace
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Enabled
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\Version
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001\StoresServiceClassInfo
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\LibraryPath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\DisplayString
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\ProviderId
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\SupportedNameSpace
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Enabled
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\Version
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002\StoresServiceClassInfo
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003\LibraryPath
Behavior description: 删除注册表键_Winsock劫持
details: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000012
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000013
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\00000005
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000014
Behavior description: 删除注册表键_文件关联
details: \REGISTRY\MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\ProxifierShellExt

Other behavior

Behavior description: 创建互斥体
details: SHIMLIB_LOG_MUTEX
RasPbFile
_SHuassist.mtx
Global\ProxifierProcIdMutex3792
Global\ProxifierRunning
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
Global\Proxifier32Mutex1040
Proxifier32Mutex1040
Global\ProxifierStd300Mutex
Behavior description: 隐藏指定窗口
details: [Window,Class] = [,Auto-Suggest Dropdown]
[Window,Class] = [,ComboLBox]
[Window,Class] = [安装 - Proxifier,TWizardForm]
[Window,Class] = [流量,Afx:ControlBar:400000:8:10011:10]
[Window,Class] = [连接,Afx:ControlBar:400000:8:10011:10]
[Window,Class] = [统计,Afx:ControlBar:400000:8:10011:10]
[Window,Class] = [Proxifier,Proxifier32Cls]
Behavior description: 查找指定窗口
details: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [Proxifier32Cls,]
Behavior description: 窗口信息
details: Pid = 1288, Hwnd=0xc01b6, Text = 欢迎访问汉化新世纪, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xd0190, Text = 欢迎使用 Proxifier 安装向导 , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb0174, Text = 现在将安装 Proxifier 3.15 汉化版 到您的电脑中。 推荐您在继续安装前关闭所有其它应用程序。 本汉化软件由汉化新世纪成员吕达嵘, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xa018c, Text = C:\Program Files\Proxifier, ClassName = TEdit.
Pid = 1288, Hwnd=0xb0192, Text = 下一步(&N) >, ClassName = TNewButton.
Pid = 1288, Hwnd=0xb0164, Text = 取消, ClassName = TNewButton.
Pid = 1288, Hwnd=0xd01c2, Text = 安装 - Proxifier, ClassName = TWizardForm.
Pid = 1288, Hwnd=0xa01f0, Text = 汉化新世纪 吕达嵘 出品 , ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb018a, Text = 信息, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01ee, Text = 请在继续安装前阅读下列重要信息。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xc01a6, Text = 如果您想继续安装,单击“下一步”。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb019c, Text = 请输入密码,然后单击“下一步”继续。密码区分大小写。, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01a2, Text = 密码(&P):, ClassName = TNewStaticText.
Pid = 1288, Hwnd=0xb01e0, Text = 20040212, ClassName = TPasswordEdit.
Pid = 1288, Hwnd=0xc01da, Text = < 上一步(&B), ClassName = TNewButton.
Behavior description: 获取系统权限
details: SE_LOAD_DRIVER_PRIVILEGE
Behavior description: 枚举窗口
details: N/A