VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Language
Server load
Server Load

File information
Safety rating:60
Behavior list
Behavior analysis report:         Threatbook file behavior analysis report
Basic Information
MD5:fd634c66ae6b3e33924cc28db93aff87
file type:EXE
Production company:Microsoft
version:5.0.0.0---2.0
Shell or compiler information:COMPILER:Borland Delphi 2.0 [Overlay]
Key behavior
Behavior description:设置消息钩子
details:C:\Program Files\Common Files\csdser\DHook.dll
C:\Program Files\Common Files\csdser\GetKey.dll
Behavior description:常规加载驱动
details:system32\drivers\netfilter2.sys
system32\drivers\profilter2.sys
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Common Files\csdser\server.exe
Behavior description:设置特殊文件夹属性
details:C:\netfilter2
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description:创建系统服务
details:[服务创建成功]: AppUpdate, C:\Program Files\Common Files\csdser\SerInst.exe
[服务创建成功]: netfilter2, system32\drivers\netfilter2.sys
[服务创建成功]: profilter2, system32\drivers\profilter2.sys
[服务已存在]: profilter2, system32\drivers\profilter2.sys
Process behavior
Behavior description:隐藏窗口创建进程
details:ImagePath = , CmdLine = "c:\program files\common files\csdser\terminateproc.exe"
ImagePath = , CmdLine = "c:\program files\common files\csdser\serinst.exe" -u
ImagePath = , CmdLine = "c:\program files\common files\csdser\serinst.exe" -i
ImagePath = , CmdLine = "c:\windows\system32\cmd.exe" /c ""c:\program files\common files\csdser\install_driver.bat""
Behavior description:创建进程
details:ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = cmd /c "C:\Program Files\Common Files\csdser\addfire.bat"
ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = netsh advfirewall firewall show rule name="Windows SerInst"
ImagePath = C:\WINDOWS\system32\cmd.exe, CmdLine = "C:\WINDOWS\system32\cmd.exe" /C ""C:\Program Files\Common Files\csdser\install_driver.bat""
ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = netsh advfirewall firewall add rule name="Windows SerInst" dir=in program="C:\Program Files\Common Files\csdser\server.exe" action=allow
ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = netsh advfirewall firewall show rule name="Windows SerInstOut"
ImagePath = C:\WINDOWS\system32\netsh.exe, CmdLine = netsh advfirewall firewall add rule name="Windows SerInstOut" dir=out program="C:\Program Files\Common Files\csdser\server.exe" action=allow
Behavior description:创建新文件进程
details:ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp, CmdLine = "C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp" /SL5="$202A2,7751277,56832,C:\DOCUME~1\ADMINI~1\LOCALS~1\%temp%\1450707397.106052.exe"
ImagePath = C:\Program Files\Common Files\csdser\TerminateProc.exe, CmdLine = "C:\Program Files\Common Files\csdser\TerminateProc.exe"
ImagePath = C:\Program Files\Common Files\csdser\SerInst.exe, CmdLine = "C:\Program Files\Common Files\csdser\SerInst.exe" -u
ImagePath = C:\Program Files\Common Files\csdser\SerInst.exe, CmdLine = "C:\Program Files\Common Files\csdser\SerInst.exe" -i
ImagePath = C:\Program Files\Common Files\csdser\SerInst.exe, CmdLine = "C:\Program Files\Common Files\csdser\SerInst.exe"
ImagePath = C:\Program Files\Common Files\csdser\server.exe, CmdLine = "C:\Program Files\Common Files\csdser\server.exe"
ImagePath = C:\Program Files\Common Files\csdser\DllLoader.exe, CmdLine = "C:\Program Files\Common Files\csdser\DllLoader.exe" server.exe
ImagePath = C:\Program Files\Common Files\csdser\nfregdrv.exe, CmdLine = nfregdrv.exe netfilter2
ImagePath = C:\Program Files\Common Files\csdser\nfregdrv.exe, CmdLine = nfregdrv.exe profilter2
Behavior description:枚举进程
details:N/A
Behavior description:创建本地线程
details:N/A
Behavior description:进程退出
details:N/A
File behavior
Behavior description:创建文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup\_shfoldr.dll
C:\Program Files\Common Files\csdser\is-C1I8P.tmp
C:\Program Files\Common Files\csdser\is-DMMMD.tmp
C:\Program Files\Common Files\csdser\is-AMECL.tmp
C:\Program Files\Common Files\csdser\is-QTKN8.tmp
C:\Program Files\Common Files\csdser\is-7FBKF.tmp
C:\Program Files\Common Files\csdser\is-ISQFQ.tmp
C:\Program Files\Common Files\csdser\is-4PQ6Q.tmp
C:\Program Files\Common Files\csdser\import_root_cert\is-21C12.tmp
C:\Program Files\Common Files\csdser\import_root_cert\is-L7D8I.tmp
C:\Program Files\Common Files\csdser\nss\is-AJ437.tmp
C:\Program Files\Common Files\csdser\nss\is-QEHIO.tmp
C:\Program Files\Common Files\csdser\nss\is-CE5JN.tmp
C:\Program Files\Common Files\csdser\nss\is-BO4OP.tmp
Behavior description:创建可执行文件
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup\_shfoldr.dll
C:\Program Files\Common Files\csdser\is-C1I8P.tmp
C:\Program Files\Common Files\csdser\is-DMMMD.tmp
C:\Program Files\Common Files\csdser\is-AMECL.tmp
C:\Program Files\Common Files\csdser\is-QTKN8.tmp
C:\Program Files\Common Files\csdser\is-7FBKF.tmp
C:\Program Files\Common Files\csdser\is-ISQFQ.tmp
C:\Program Files\Common Files\csdser\is-4PQ6Q.tmp
C:\Program Files\Common Files\csdser\import_root_cert\is-21C12.tmp
C:\Program Files\Common Files\csdser\nss\is-AJ437.tmp
C:\Program Files\Common Files\csdser\nss\is-QEHIO.tmp
C:\Program Files\Common Files\csdser\nss\is-CE5JN.tmp
C:\Program Files\Common Files\csdser\nss\is-BO4OP.tmp
C:\Program Files\Common Files\csdser\nss\is-2DFJA.tmp
Behavior description:查找文件
details:FileName = C:\DOCUME~1
FileName = C:\DOCUME~1\ADMINI~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp
FileName = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\「开始」菜单
FileName = C:\Documents and Settings\Administrator\「开始」菜单\程序
FileName = C:\*.*
FileName = C:\Program Files\Common Files\csdser\nss\certutil.exe
FileName = C:\Program Files\Common Files\csdser\nss\mozcrt19.dll
FileName = C:\Program Files\Common Files\csdser\nss\nspr4.dll
FileName = C:\Program Files\Common Files\csdser\nss\nss3.dll
Behavior description:删除文件
details:C:\Program Files\Common Files\csdser\nss\certutil.exe
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup\_shfoldr.dll
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup\_shfoldr.dll-newfile
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp
C:\Documents and Settings\Administrator\Local Settings\Application Data\netmon\log.db-journal
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp
Behavior description:修改BAT脚本文件
details:C:\Program Files\Common Files\csdser\addfire.bat
Behavior description:重命名文件
details:C:\Program Files\Common Files\csdser\is-C1I8P.tmp ---> C:\Program Files\Common Files\csdser\TerminateProc.exe
C:\Program Files\Common Files\csdser\is-DMMMD.tmp ---> C:\Program Files\Common Files\csdser\server.exe
C:\Program Files\Common Files\csdser\is-AMECL.tmp ---> C:\Program Files\Common Files\csdser\gdiplus.dll
C:\Program Files\Common Files\csdser\is-QTKN8.tmp ---> C:\Program Files\Common Files\csdser\GetKey.dll
C:\Program Files\Common Files\csdser\is-7FBKF.tmp ---> C:\Program Files\Common Files\csdser\MyCommFun.dll
C:\Program Files\Common Files\csdser\is-ISQFQ.tmp ---> C:\Program Files\Common Files\csdser\rv.dll
C:\Program Files\Common Files\csdser\is-4PQ6Q.tmp ---> C:\Program Files\Common Files\csdser\serinst.exe
C:\Program Files\Common Files\csdser\import_root_cert\is-21C12.tmp ---> C:\Program Files\Common Files\csdser\import_root_cert\import_root_cert.exe
C:\Program Files\Common Files\csdser\import_root_cert\is-L7D8I.tmp ---> C:\Program Files\Common Files\csdser\import_root_cert\NetFilterSDK.cer
C:\Program Files\Common Files\csdser\nss\is-AJ437.tmp ---> C:\Program Files\Common Files\csdser\nss\certutil.exe
C:\Program Files\Common Files\csdser\nss\is-QEHIO.tmp ---> C:\Program Files\Common Files\csdser\nss\mozcrt19.dll
C:\Program Files\Common Files\csdser\nss\is-CE5JN.tmp ---> C:\Program Files\Common Files\csdser\nss\nspr4.dll
C:\Program Files\Common Files\csdser\nss\is-BO4OP.tmp ---> C:\Program Files\Common Files\csdser\nss\nss3.dll
C:\Program Files\Common Files\csdser\nss\is-2DFJA.tmp ---> C:\Program Files\Common Files\csdser\nss\plc4.dll
C:\Program Files\Common Files\csdser\nss\is-QIOU6.tmp ---> C:\Program Files\Common Files\csdser\nss\plds4.dll
Behavior description:设置特殊文件夹属性
details:C:\netfilter2
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
Behavior description:修改文件内容
details:C:\Program Files\Common Files\csdser\import_root_cert\is-L7D8I.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-LIEMR.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-1M0QT.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-2FKQG.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-K9VGK.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-LGUOJ.tmp---> Offset = 262144
C:\Program Files\Common Files\csdser\data\is-R5JUK.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-GC2K4.tmp---> Offset = 262144
C:\Program Files\Common Files\csdser\data\is-77BJP.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\data\is-HIUN9.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\sres\is-B5T64.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\sres\is-13UNJ.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\is-GA8IM.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\is-JN7KD.tmp---> Offset = 0
C:\Program Files\Common Files\csdser\is-I7DPI.tmp---> Offset = 0
Network behavior
Behavior description:连接指定站点
details:InternetConnectA: ServerName = go.microsoft.com, PORT = 443
Behavior description:打开HTTP请求
details:HttpOpenRequestA: go.microsoft.com:443/fwlink/?linkid=141260, hConnect = 0x0000062c
Registry behavior
Behavior description:修改注册表
details:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\FWCFG\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\ControlFlags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\Guid
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\NAP\Netsh\Napmontr\BitNames
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\LogSessionName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\Active
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\ControlFlags
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Tracing\Microsoft\qagent\traceIdentifier\Guid
Behavior description:删除注册表键值
details:\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0\Expiration
\REGISTRY\USER\S-*\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1\Expiration
Behavior description:修改注册表_系统防火墙可信进程列表
details:\REGISTRY\MACHINE\SYSTEM\ControlSet002\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\C:\Program Files\Common Files\csdser\server.exe
Other behavior
Behavior description:创建互斥体
details:CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
MSCTF.Shared.MUTEX.ELH
MSCTF.Shared.MUTEX.IBI
SHIMLIB_LOG_MUTEX
Global\supereye
RasPbFile
oleacc-msaa-loaded
DllLoader
AK_MUTEX_NAME
Local\Feed Arbitration Shared Memory Mutex [ User : S-* ]
Behavior description:隐藏指定窗口
details:[Window,Class] = [,ComboLBox]
[Window,Class] = [安装 - 超级眼局域网监控软件-员工端(内网版),TWizardForm]
[Window,Class] = [缩放级别,ToolbarWindow32]
Behavior description:常规加载驱动
details:system32\drivers\netfilter2.sys
system32\drivers\profilter2.sys
Behavior description:查找指定窗口
details:NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [THookLoader,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
NtUserFindWindowEx: [Class,Window] = [TFrmDllLoader,]
NtUserFindWindowEx: [Class,Window] = [,Windows Task Manager]
NtUserFindWindowEx: [Class,Window] = [,Windows 任务管理器]
NtUserFindWindowEx: [Class,Window] = [Static,]
Behavior description:启动系统服务
details:[服务启动成功]: LocalSystem, Application Update Service, C:\Program Files\Common Files\csdser\SerInst.exe
[服务启动成功]: , netfilter2, system32\drivers\netfilter2.sys
[服务启动成功]: , profilter2, system32\drivers\profilter2.sys
Behavior description:枚举窗口
details:N/A
Behavior description:获取系统权限
details:SE_LOAD_DRIVER_PRIVILEGE
SE_DEBUG_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
Behavior description:窗口信息
details:Pid = 2068, Hwnd=0x102ec, Text = 准备安装, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102ea, Text = 安装程序现在准备开始安装 超级眼局域网监控软件-员工端(内网版)。, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102e4, Text = 内网分组ID,用于把经理端和员工端分组(可不填), ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102e2, Text = *(可以不填此项,经理端启动后会自动搜索网络), ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102de, Text = 输入"经理端"的电脑IP,如:192.168.1.99 ,软件将主动连接至经理端:, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x202d0, Text = 点击“安装”继续安装。, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x302c2, Text = C:\Program Files\Common Files\csdser, ClassName = TEdit.
Pid = 2068, Hwnd=0x502b6, Text = 安装(&I), ClassName = TNewButton.
Pid = 2068, Hwnd=0x702ce, Text = 取消, ClassName = TNewButton.
Pid = 2068, Hwnd=0x402bc, Text = 安装 - 超级眼局域网监控软件-员工端(内网版), ClassName = TWizardForm.
Pid = 2068, Hwnd=0x102ec, Text = 正在安装, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102ea, Text = 正在你的计算机中安装 超级眼局域网监控软件-员工端(内网版),请稍等..., ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102f2, Text = 正在提取文件..., ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x102f0, Text = C:\Program Files\Common Files\csdser\DHook_64.dll, ClassName = TNewStaticText.
Pid = 2068, Hwnd=0x502b6, Text = 继续(&N) >, ClassName = TNewButton.
Behavior description:可执行文件签名信息
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp(签名验证: 未通过)
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup\_shfoldr.dll(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-C1I8P.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-DMMMD.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-AMECL.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-QTKN8.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-7FBKF.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-ISQFQ.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\is-4PQ6Q.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\import_root_cert\is-21C12.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\nss\is-AJ437.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\nss\is-QEHIO.tmp(签名验证: 通过)
C:\Program Files\Common Files\csdser\nss\is-CE5JN.tmp(签名验证: 通过)
C:\Program Files\Common Files\csdser\nss\is-BO4OP.tmp(签名验证: 未通过)
C:\Program Files\Common Files\csdser\nss\is-2DFJA.tmp(签名验证: 通过)
Behavior description:创建事件对象
details:EventName = Global\crypt32LogoffEvent
EventName = MSCTF.SendReceiveConection.Event.IBI.IC
EventName = MSCTF.SendReceive.Event.IBI.IC
EventName = Global\userenv: User Profile setup event
EventName = DINPUTWINMM
EventName = Global\SuperEUn
EventName = MSCTF.SendReceive.Event.ELH.IC
EventName = MSCTF.SendReceiveConection.Event.ELH.IC
EventName = CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000013
EventName = CTF.ThreadMIConnectionEvent.000007B4.00000000.00000013
EventName = Local\Feed Arbitration Lock Event [ Process : 0x00000278 ]
EventName = Local\Feed Arbitration Unlock Event [ Process : 0x00000278 ]
Behavior description:可执行文件MD5
details:C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-8G3BG.tmp\996E.tmp ---> 9303156631ee2436db23827e27337be4
C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\is-G885H.tmp\_isetup\_shfoldr.dll ---> 92dc6ef532fbb4a5c3201469a5b5eb63
C:\Program Files\Common Files\csdser\is-C1I8P.tmp ---> b8bd8086d6a9cf83a7aa0a8496178a4e
C:\Program Files\Common Files\csdser\is-DMMMD.tmp ---> d83b8ca65f5cd29413423dee3b482b59
C:\Program Files\Common Files\csdser\is-AMECL.tmp ---> bd43a07485e416b2b65afb9d71f79de2
C:\Program Files\Common Files\csdser\is-QTKN8.tmp ---> 7224449c6a1fc486b7b2bd98f61c293f
C:\Program Files\Common Files\csdser\is-7FBKF.tmp ---> 92de76c82c40db225f4e05761ba7d4f6
C:\Program Files\Common Files\csdser\is-ISQFQ.tmp ---> b325aa92e5a36ffff9c568df53e4de64
C:\Program Files\Common Files\csdser\is-4PQ6Q.tmp ---> 5f1b878b1847aea88aae9c6dd6c5fff9
C:\Program Files\Common Files\csdser\import_root_cert\is-21C12.tmp ---> 1c76d7defa116a328f47036b54126e6c
C:\Program Files\Common Files\csdser\nss\is-AJ437.tmp ---> a253cbbfbceee37dd90b999d26542038
C:\Program Files\Common Files\csdser\nss\is-QEHIO.tmp ---> 0847bc96e23565dbae072ca335a212c9
C:\Program Files\Common Files\csdser\nss\is-CE5JN.tmp ---> 32b2685234074047263d4a0cc8bf5d56
C:\Program Files\Common Files\csdser\nss\is-BO4OP.tmp ---> 09cacf1074663b90a88c2345f42425ff
C:\Program Files\Common Files\csdser\nss\is-2DFJA.tmp ---> 1cce55587f95d57759e36f387c4f9dee
Behavior description:创建系统服务
details:[服务创建成功]: AppUpdate, C:\Program Files\Common Files\csdser\SerInst.exe
[服务创建成功]: netfilter2, system32\drivers\netfilter2.sys
[服务创建成功]: profilter2, system32\drivers\profilter2.sys
[服务已存在]: profilter2, system32\drivers\profilter2.sys
Behavior description:加载新释放的文件
details:Image: C:\Program Files\Common Files\csdser\htmlayout.dll.
Image: C:\Program Files\Common Files\csdser\nfapi.dll.
Image: C:\Program Files\Common Files\csdser\ProtocolFilters.dll.
Image: C:\Program Files\Common Files\csdser\ssleay32.dll.
Image: C:\Program Files\Common Files\csdser\libeay32.dll.
Image: C:\Program Files\Common Files\csdser\DHook.dll.
Image: C:\Program Files\Common Files\csdser\MyCommFun.dll.
Image: C:\Program Files\Common Files\csdser\GetKey.dll.
Run screenshot
VirSCAN

About VirSCAN | Privacy Policy | Contact us | Links | Help VirSCAN
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号