VirSCAN VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー

言語
サーバーロード
Server Load

ファイル情報
安全性評価:76
行動リスト
基本情報
MD5:dd7750cdba6d66abb6b64561d09f9558
ファイルタイプ:网页文件
制作会社:
バージョン:
シェルまたはコンパイラ情報:
主な行動
行動の説明:设置特殊文件夹属性
詳細:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
プロセスの動作
行動の説明:创建本地线程
詳細:TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2284, StartAddress = 6359727B, Parameter = 00258788
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2288, StartAddress = 77E56C7D, Parameter = 00272E38
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2380, StartAddress = 5DE05A52, Parameter = 001BF6A8
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2448, StartAddress = 6359727B, Parameter = 00279028
TargetProcess: iexplore.exe, InheritedFromPID = 1640, ProcessID = 712, ThreadID = 2452, StartAddress = 6359727B, Parameter = 002790C8
ファイルの動作
行動の説明:创建文件
詳細:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
行動の説明:覆盖已有文件
詳細:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2]
行動の説明:查找文件
詳細:FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.html
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\History
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016053020160531\*.*
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS
FileName = C:\WINDOWS\system32
FileName = C:\WINDOWS\system32\ieframe.dll
行動の説明:删除文件
詳細:C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\dnserrordiagoff[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\ErrorPageTemplate[2]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\errorPageStrings[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\httpErrorPagesScripts[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\noConnect[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\down[1]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\favcenter[3]
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[1]
行動の説明:设置特殊文件夹属性
詳細:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819
C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Feeds Cache
行動の説明:修改文件内容
詳細:C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016081820160819\index.dat ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\dnserrordiagoff[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\ErrorPageTemplate[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\errorPageStrings[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\httpErrorPagesScripts[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\6TLOMATB\noConnect[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\bullet[2] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\background_gradient[3] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\down[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\favcenter[1] ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\IUKHR8T2\tools[2] ---> Offset = 0
ネットワークの動作
行動の説明:打开HTTP连接
詳細:InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; .NET CLR 2.0.50727; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; .NET4.0C; .NET4.0E; KB974489), hSession = 0x00cc0004
レジストリの動作
行動の説明:修改注册表
詳細:\REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Default MHTML Editor\Last
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePath
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CachePrefix
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheLimit
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheOptions
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016081820160819\CacheRepair
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Count
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\Time
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTime
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}\iexplore\LoadTimeCount
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行動の説明:删除注册表键值
詳細:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
行動の説明:删除注册表键
詳細:\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016053020160531\
その他の動作
行動の説明:创建互斥体
詳細:Local\!PrivacIE!SharedMemory!Mutex
SmartScreen_UrsCacheMutex_2CEDBFBC-DBA8-43AA-B1FD-CC8E6316E3E2High_S-*
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
MSCTF.Shared.MUTEX.APH
RasPbFile
MSIMGSIZECacheMutex
行動の説明:创建事件对象
詳細:EventName = Global\crypt32LogoffEvent
EventName = DINPUTWINMM
EventName = Global\userenv: User Profile setup event
行動の説明:查找指定窗口
詳細:NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
行動の説明:打开事件
詳細:Global\crypt32LogoffEvent
Isolation Signal Registry Event (AC1E28A9-653A-11E6-91C0-7B****28, 0)
MSFT.VSA.COM.DISABLE.712
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007F0.00000000.00000020
CTF.ThreadMarshalInterfaceEvent.000007F0.00000000.00000020
MSCTF.SendReceiveConection.Event.APH.IC
MSCTF.SendReceive.Event.APH.IC
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
CTF.ThreadMIConnectionEvent.000007F0.00000001.00000023
CTF.ThreadMarshalInterfaceEvent.000007F0.00000001.00000023
行動の説明:窗口信息
詳細:Pid = 1640, Hwnd=0x1101ca, Text = 导航栏, ClassName = WorkerW.
Pid = 1640, Hwnd=0xe01ae, Text = 地址组合控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x5017c, Text = 页面控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x50182, Text = 搜索..., ClassName = Edit.
Pid = 1640, Hwnd=0x70178, Text = 搜索组合控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x80166, Text = 搜索控制, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x50176, Text = 命令栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x10022e, Text = 收藏夹命令栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0x5017a, Text = LinksBand, ClassName = LinksBandClass.
Pid = 1640, Hwnd=0x401a0, Text = 收藏夹栏, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0xb01a6, Text = 添加到收藏夹栏, ClassName = ToolbarWindow32.
Pid = 712, Hwnd=0x701a8, Text = ITBarHost, ClassName = InternetToolbarHost.
Pid = 712, Hwnd=0x501f4, Text = 菜单栏, ClassName = WorkerW.
Pid = 712, Hwnd=0x20250, Text = 缩放级别, ClassName = ToolbarWindow32.
Pid = 1640, Hwnd=0xe01f0, Text = C:\Documents and Settings\Administrator\Local Settings\%temp%\%temp%\****.html - Windows Internet Explorer, ClassName = IEFrame.
行動の説明:隐藏指定窗口
詳細:[Window,Class] = [缩放级别,ToolbarWindow32]
[Window,Class] = [,msctls_progress32]
行動の説明:打开互斥体
詳細:CtfmonInstMutexDefaultS-*
_!SHMSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!history!history.ie5!mshist012016081820160819!
Local\c:!documents and settings!administrator!local settings!application data!microsoft!feeds cache!
RasPbFile
スクリーンショットを実行する
VirSCAN

VirSCANについて | 免責事項 | コンタクト | フレンドリーなリンク | ヘルプ
中国反网络病毒联盟
Powered By CentOSpol

京ICP备11007605号-12

pol

京公网安备 11010802020746号