1, Herhangi bir dosyayı YÜKLEYEBİLİRSİNİZ, ancak dosya başına 20 MB sınır vardır.
2, VirSCAN, içeriğinde en fazla 20 dosya olmak kaydıyla Rar/Zip sıkıştırmasını destekler.
3, VirSCAN 'infected' ya da 'virus' kelimesiyle şifrelenip sıkıştırılmış dosyaları tarayabilir.
4, Eğer tarayıcınız dosyaları yükleyemezse, lütfen VirSCAN yükleyicisini yüklemek için indirin.
| Virscan.org çok motorlu tarama raporu |
| Davranış analizi raporu: Habo dosya analizi |
| MD5:dcd6fd3e253e41632e81f2533a95ac9c |
| 文件大小:5.58MB |
| 上传时间: 2014-09-22 10:36:30 (CST) |
| Paket adı: |
| Minimum çalışma ortamı: |
| telif hakkı: |
| Davranış açıklaması: | 创建系统服务 |
| Daha fazla bilgi için: | [服务创建成功]: BazisVirtualCDBus, system32\DRIVERS\BazisVirtualCDBus.sys |
| Davranış açıklaması: | 获取TickCount值 |
| Daha fazla bilgi için: | TickCount = 5360828, SleepMilliseconds = 250. |
| TickCount = 5360843, SleepMilliseconds = 250. | |
| TickCount = 5360953, SleepMilliseconds = 250. | |
| TickCount = 5360968, SleepMilliseconds = 250. | |
| TickCount = 5361000, SleepMilliseconds = 250. | |
| TickCount = 5361687, SleepMilliseconds = 250. | |
| TickCount = 5380078, SleepMilliseconds = 250. |
| Davranış açıklaması: | 创建进程 |
| Daha fazla bilgi için: | ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll" |
| ImagePath = C:\WINDOWS\system32\regsvr32.exe, CmdLine = "C:\WINDOWS\system32\regsvr32.exe" /s "C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll" | |
| ImagePath = C:\WINDOWS\system32\runonce.exe, CmdLine = runonce -r | |
| Davranış açıklaması: | 创建本地线程 |
| Daha fazla bilgi için: | TargetProcess: %temp%\****.exe, InheritedFromPID = 1944, ProcessID = 2040, ThreadID = 124, StartAddress = 00401020, Parameter = 00A04728 |
| TargetProcess: uninstall.exe, InheritedFromPID = 2040, ProcessID = 2140, ThreadID = 2168, StartAddress = 77DC845A, Parameter = 00000000 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2316, StartAddress = 77DC845A, Parameter = 00000000 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2332, StartAddress = 7C947EBB, Parameter = 00000000 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2336, StartAddress = 7C930230, Parameter = 00000000 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2340, StartAddress = 7C949B6F, Parameter = 00000000 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2348, StartAddress = 765E964D, Parameter = 0019A5D0 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2368, StartAddress = 759D8761, Parameter = 00000000 | |
| TargetProcess: drvinst32.exe, InheritedFromPID = 2040, ProcessID = 2308, ThreadID = 2472, StartAddress = 757D4D37, Parameter = 022C0E60 | |
| TargetProcess: vmnt.exe, InheritedFromPID = 2040, ProcessID = 2548, ThreadID = 2556, StartAddress = 7C947EBB, Parameter = 00000000 | |
| TargetProcess: vmnt.exe, InheritedFromPID = 2040, ProcessID = 2548, ThreadID = 2560, StartAddress = 7C930230, Parameter = 00000000 | |
| TargetProcess: vmnt.exe, InheritedFromPID = 2040, ProcessID = 2548, ThreadID = 2564, StartAddress = 7C949B6F, Parameter = 00000000 | |
| TargetProcess: vmnt.exe, InheritedFromPID = 2040, ProcessID = 2548, ThreadID = 2568, StartAddress = 765E964D, Parameter = 0019D578 | |
| TargetProcess: vmnt.exe, InheritedFromPID = 2040, ProcessID = 2548, ThreadID = 2576, StartAddress = 759D8761, Parameter = 00000000 | |
| TargetProcess: vmnt.exe, InheritedFromPID = 2040, ProcessID = 2548, ThreadID = 2592, StartAddress = 77DC845A, Parameter = 00000000 | |
| Davranış açıklaması: | 创建新文件进程 |
| Daha fazla bilgi için: | ImagePath = C:\Program Files\WinCDEmu\uninstall.exe, CmdLine = "C:\Program Files\WinCDEmu\uninstall.exe" /UPDATE |
| ImagePath = C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe, CmdLine = "C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe" /RegServer | |
| ImagePath = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ssi50.tmp\drvinst32.exe, CmdLine = C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\ssi50.tmp\drvinst32.exe instroot "root\BazisVirtualCDBus" "C:\Program Files\WinCDEmu\BazisVirtualCDBus.inf" | |
| ImagePath = C:\Program Files\WinCDEmu\vmnt.exe, CmdLine = "C:\Program Files\WinCDEmu\vmnt" /uacdisable |
| Davranış açıklaması: | 创建文件 |
| Daha fazla bilgi için: | C:\Documents and Settings\Administrator\Local Settings\Temp\ssi50.tmp |
| C:\Program Files\WinCDEmu\x64\VirtualAutorunDisablerPS.dll | |
| C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll | |
| C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll | |
| C:\Program Files\WinCDEmu\batchmnt.exe | |
| C:\Program Files\WinCDEmu\batchmnt64.exe | |
| C:\Program Files\WinCDEmu\uninstall.exe | |
| C:\Program Files\WinCDEmu\uninstall64.exe | |
| C:\Program Files\WinCDEmu\vmnt.exe | |
| C:\Program Files\WinCDEmu\vmnt64.exe | |
| C:\Program Files\WinCDEmu\x64\VirtualAutorunDisabler.exe | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe | |
| C:\Program Files\WinCDEmu\langfiles\vmnt_bulgarian.lng | |
| C:\Program Files\WinCDEmu\langfiles\vmnt_dansk.lng | |
| Davranış açıklaması: | 在系统敏感位置(如开始菜单等)释放链接或快捷方式 |
| Daha fazla bilgi için: | C:\Documents and Settings\All Users\「开始」菜单\程序\WinCDEmu\WinCDEmu Settings.lnk |
| Davranış açıklaması: | 创建可执行文件 |
| Daha fazla bilgi için: | C:\Program Files\WinCDEmu\x64\VirtualAutorunDisablerPS.dll |
| C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll | |
| C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll | |
| C:\Program Files\WinCDEmu\batchmnt.exe | |
| C:\Program Files\WinCDEmu\batchmnt64.exe | |
| C:\Program Files\WinCDEmu\uninstall.exe | |
| C:\Program Files\WinCDEmu\uninstall64.exe | |
| C:\Program Files\WinCDEmu\vmnt.exe | |
| C:\Program Files\WinCDEmu\vmnt64.exe | |
| C:\Program Files\WinCDEmu\x64\VirtualAutorunDisabler.exe | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe | |
| C:\Program Files\WinCDEmu\x64\BazisVirtualCDBus.sys | |
| C:\Program Files\WinCDEmu\x86\BazisVirtualCDBus.sys | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\ssi50.tmp\drvinst32.exe | |
| Davranış açıklaması: | 覆盖已有文件 |
| Daha fazla bilgi için: | C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5D.tmp |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5E.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5F.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Tar60.tmp | |
| C:\WINDOWS\inf\oem12.inf | |
| C:\WINDOWS\inf\oem12.PNF | |
| Davranış açıklaması: | 复制文件 |
| Daha fazla bilgi için: | c:\program files\wincdemu\bazisvirtualcdbus.inf ---> C:\WINDOWS\INF\oem12.inf |
| c:\program files\wincdemu\x86\BazisVirtualCDBus.sys ---> C:\WINDOWS\system32\DRIVERS\SET63.tmp | |
| Davranış açıklaması: | 删除文件 |
| Daha fazla bilgi için: | C:\Documents and Settings\Administrator\Local Settings\Temp\ssi50.tmp |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5D.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Tar5E.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Cab5F.tmp | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\Tar60.tmp | |
| C:\WINDOWS\system32\drivers\SET63.tmp | |
| Davranış açıklaması: | 查找文件 |
| Daha fazla bilgi için: | FileName = C:\GAMES\*.* |
| FileName = D:\GAMES\*.* | |
| FileName = C:\Yarovit\*.* | |
| FileName = D:\Yarovit\*.* | |
| FileName = C:\Documents and Settings\All Users\「开始」菜单\程序\WinCDEmu\*.* | |
| FileName = C:\Program Files | |
| FileName = C:\Program Files\WinCDEmu | |
| FileName = C:\Program Files\WinCDEmu\vmnt.exe | |
| FileName = C:\Documents and Settings | |
| FileName = C:\Documents and Settings\Administrator | |
| FileName = C:\Documents and Settings\Administrator\My Documents | |
| FileName = C:\Documents and Settings\All Users | |
| FileName = C:\Documents and Settings\All Users\Documents | |
| FileName = C:\Documents and Settings\Administrator\桌面 | |
| FileName = C:\Documents and Settings\All Users\桌面 | |
| Davranış açıklaması: | 重命名文件 |
| Daha fazla bilgi için: | C:\WINDOWS\LastGood\TMP61.tmp ---> C:\WINDOWS\LastGood\INF\oem12.inf |
| C:\WINDOWS\LastGood\TMP62.tmp ---> C:\WINDOWS\LastGood\INF\oem12.PNF | |
| C:\WINDOWS\system32\drivers\SET63.tmp ---> C:\WINDOWS\system32\DRIVERS\BazisVirtualCDBus.sys | |
| Davranış açıklaması: | 修改文件内容 |
| Daha fazla bilgi için: | C:\Program Files\WinCDEmu\x64\VirtualAutorunDisablerPS.dll ---> Offset = 0 |
| C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\batchmnt.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\batchmnt64.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\uninstall.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\uninstall64.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\vmnt.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\vmnt64.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\x64\VirtualAutorunDisabler.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\langfiles\vmnt_bulgarian.lng ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\langfiles\vmnt_dansk.lng ---> Offset = 0 | |
| C:\Program Files\WinCDEmu\langfiles\vmnt_dutch.lng ---> Offset = 0 |
| Davranış açıklaması: | 连接指定站点 |
| Daha fazla bilgi için: | WinHttpConnect: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x01a52000, hConnect = 0x01a52100, Flags = 0x00000000 |
| Davranış açıklaması: | 打开HTTP连接 |
| Daha fazla bilgi için: | WinHttpOpen: UserAgent: Microsoft-CryptoAPI/5.131.2600.5512, hSession = 0x01a52000 |
| Davranış açıklaması: | 建立到一个指定的套接字连接 |
| Daha fazla bilgi için: | URL: w****., IP: **.133.40.**:80, SOCKET = 0x0000035c |
| URL: w****., IP: **.133.40.**:80, SOCKET = 0x00000364 | |
| URL: ww****om, IP: **.133.40.**:80, SOCKET = 0x00000360 | |
| Davranış açıklaması: | 发送HTTP包 |
| Daha fazla bilgi için: | GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: **.133.40.** Connection: Keep-Alive � |
| GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1 Accept: */* User-Agent: Microsoft-CryptoAPI/5.131.2600.5512 Host: ww****om Connection: Keep-Alive Cache-Control: no-cache Pragma: no-cache � | |
| Davranış açıklaması: | 打开HTTP请求 |
| Daha fazla bilgi için: | WinHttpOpenRequest: ww****om:80/msdownload/update/v3/static/trustedr/en/authrootseq.txt, hConnect = 0x01a52100, hRequest = 0x01ac0000, Verb: GET, Referer: , Flags = 0x00000100 |
| Davranış açıklaması: | 按名称获取主机地址 |
| Daha fazla bilgi için: | gethostbyname: w****. |
| GetAddrInfoW: ww****om |
| Davranış açıklaması: | 修改注册表 |
| Daha fazla bilgi için: | \REGISTRY\MACHINE\SOFTWARE\Classes\Applications\vmnt.exe\shell\open\command\ |
| \REGISTRY\MACHINE\SOFTWARE\Classes\WinRAR\shell\open\command\ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.iso\Application | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\.cue\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Cue\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Cue\DefaultIcon\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Cue\shell\open\command\ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cue\Application | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\.img\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Img\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Img\DefaultIcon\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Img\shell\open\command\ | |
| \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.img\Application | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\.nrg\ | |
| \REGISTRY\MACHINE\SOFTWARE\Classes\BazisVirtualCD.Nrg\ | |
| Davranış açıklaması: | 删除注册表键值 |
| Daha fazla bilgi için: | \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\root#bazisvirtualcdbus\LowerFilters |
| \REGISTRY\MACHINE\SYSTEM\ControlSet002\Control\CriticalDeviceDatabase\root#bazisvirtualcdbus\UpperFilters |
| Davranış açıklaması: | 创建互斥体 |
| Daha fazla bilgi için: | CTF.LBES.MutexDefaultS-* |
| CTF.Compart.MutexDefaultS-* | |
| CTF.Asm.MutexDefaultS-* | |
| CTF.Layouts.MutexDefaultS-* | |
| CTF.TMD.MutexDefaultS-* | |
| CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-* | |
| MSCTF.Shared.MUTEX.ELH | |
| MSCTF.Shared.MUTEX.IGE | |
| Local\ZonesCounterMutex | |
| Local\ZoneAttributeCacheCounterMutex | |
| Local\ZonesCacheCounterMutex | |
| Local\ZonesLockedCacheCounterMutex | |
| RasPbFile | |
| Davranış açıklaması: | 创建事件对象 |
| Daha fazla bilgi için: | EventName = MSCTF.SendReceive.Event.IGE.IC |
| EventName = MSCTF.SendReceiveConection.Event.IGE.IC | |
| EventName = Global\userenv: User Profile setup event | |
| EventName = Global\crypt32LogoffEvent | |
| EventName = DINPUTWINMM | |
| Davranış açıklaması: | 打开事件 |
| Daha fazla bilgi için: | HookSwitchHookEnabledEvent |
| CTF.ThreadMIConnectionEvent.000007B4.00000000.00000041 | |
| CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000041 | |
| MSCTF.SendReceiveConection.Event.ELH.IC | |
| MSCTF.SendReceive.Event.ELH.IC | |
| _fCanRegisterWithShellService | |
| Global\crypt32LogoffEvent | |
| \SECURITY\LSA_AUTHENTICATION_INITIALIZED | |
| Global\SvcctrlStartEvent_A3752DX | |
| Global\userenv: Machine Group Policy has been applied | |
| userenv: User Group Policy has been applied | |
| \INSTALLATION_SECURITY_HOLD | |
| CTF.ThreadMIConnectionEvent.000007B4.00000000.00000042 | |
| CTF.ThreadMarshalInterfaceEvent.000007B4.00000000.00000042 | |
| MSCTF.SendReceiveConection.Event.ELH.IO | |
| Davranış açıklaması: | 查找指定窗口 |
| Daha fazla bilgi için: | NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,] |
| NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,] | |
| NtUserFindWindowEx: [Class,Window] = [NDDEAgnt,NetDDE Agent] | |
| NtUserFindWindowEx: [Class,Window] = [OleMainThreadWndClass,] | |
| Davranış açıklaması: | 枚举窗口 |
| Daha fazla bilgi için: | N/A |
| Davranış açıklaması: | 获取TickCount值 |
| Daha fazla bilgi için: | TickCount = 5360828, SleepMilliseconds = 250. |
| TickCount = 5360843, SleepMilliseconds = 250. | |
| TickCount = 5360953, SleepMilliseconds = 250. | |
| TickCount = 5360968, SleepMilliseconds = 250. | |
| TickCount = 5361000, SleepMilliseconds = 250. | |
| TickCount = 5361687, SleepMilliseconds = 250. | |
| TickCount = 5380078, SleepMilliseconds = 250. | |
| Davranış açıklaması: | 调整进程token权限 |
| Daha fazla bilgi için: | SE_LOAD_DRIVER_PRIVILEGE |
| SE_TAKE_OWNERSHIP_PRIVILEGE | |
| Davranış açıklaması: | 窗口信息 |
| Daha fazla bilgi için: | Pid = 2040, Hwnd=0x80358, Text = Install, ClassName = Button. |
| Pid = 2040, Hwnd=0xd035e, Text = Cancel, ClassName = Button. | |
| Pid = 2040, Hwnd=0x1802fe, Text = Ready to install, ClassName = Static. | |
| Pid = 2040, Hwnd=0x503b0, Text = WinCDEmu 3.6, ClassName = Static. | |
| Pid = 2040, Hwnd=0x703ba, Text = WinCDEmu allows mounting CD/DVD/BD images directly from Explorer. Just double-click (or press ENTER) on a CD/DVD/BD image in E, ClassName = Edit. | |
| Pid = 2040, Hwnd=0x40392, Text = Customize installation options, ClassName = Button(CheckBox). | |
| Pid = 2040, Hwnd=0x403a2, Text = Installation directory:, ClassName = Static. | |
| Pid = 2040, Hwnd=0x1902ce, Text = C:\Program Files\WinCDEmu, ClassName = Edit. | |
| Pid = 2040, Hwnd=0x7038a, Text = Invisible, used to resize dialog, ClassName = Button(GroupBox). | |
| Pid = 2040, Hwnd=0x7037c, Text = Require administrator rights (UAC) to mount images, ClassName = Button(CheckBox). | |
| Pid = 2040, Hwnd=0x1702d8, Text = To get more information, visit the WinCDEmu homepage:, ClassName = Static. | |
| Pid = 2040, Hwnd=0x9039c, Text = <a>http://wincdemu.sysprogs.org/</a>, ClassName = SysLink. | |
| Pid = 2040, Hwnd=0x702b2, Text = WinCDEmu installation, ClassName = #32770. | |
| Pid = 2040, Hwnd=0x1802fe, Text = Finalizing installation..., ClassName = Static. | |
| Pid = 2040, Hwnd=0x1802fe, Text = Installing drivers..., ClassName = Static. | |
| Davranış açıklaması: | 直接操作物理设备 |
| Daha fazla bilgi için: | \??\PhysicalDrive0 |
| Davranış açıklaması: | 可执行文件签名信息 |
| Daha fazla bilgi için: | C:\Program Files\WinCDEmu\x64\VirtualAutorunDisablerPS.dll(签名验证: 未通过) |
| C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\batchmnt.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\batchmnt64.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\uninstall.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\uninstall64.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\vmnt.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\vmnt64.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\x64\VirtualAutorunDisabler.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe(签名验证: 未通过) | |
| C:\Program Files\WinCDEmu\x64\BazisVirtualCDBus.sys(签名验证: 通过) | |
| C:\Program Files\WinCDEmu\x86\BazisVirtualCDBus.sys(签名验证: 通过) | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\ssi50.tmp\drvinst32.exe(签名验证: 未通过) | |
| Davranış açıklaması: | 调用Sleep函数 |
| Daha fazla bilgi için: | [1]: MilliSeconds = 250. |
| [2]: MilliSeconds = 250. | |
| Davranış açıklaması: | 隐藏指定窗口 |
| Daha fazla bilgi için: | [Window,Class] = [Installation directory:,Static] |
| [Window,Class] = [,Edit] | |
| [Window,Class] = [Require administrator rights (UAC) to mount images,Button] | |
| [Window,Class] = [帮助,Button] | |
| [Window,Class] = [完成,Button] | |
| [Window,Class] = [,msctls_progress32] | |
| [Window,Class] = [,Static] | |
| [Window,Class] = [,#32770] | |
| [Window,Class] = [,SysTabControl32] | |
| [Window,Class] = [资源(&E)...,Button] | |
| [Window,Class] = [下一步(&N) >,Button] | |
| Davranış açıklaması: | 可执行文件MD5 |
| Daha fazla bilgi için: | C:\Program Files\WinCDEmu\x64\VirtualAutorunDisablerPS.dll ---> a211e060f81ed1eb0ba1f9385951a180 |
| C:\Program Files\WinCDEmu\x64\WinCDEmuContextMenu.dll ---> 0323b086c784591420e0574b0acb4ec1 | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll ---> fa657c4ea76fdc70e996b96301a9214d | |
| C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll ---> f9d515b5498d57ba209d758ff20b1315 | |
| C:\Program Files\WinCDEmu\batchmnt.exe ---> c94ce2ed89ef6a2afcfff51cec5862d9 | |
| C:\Program Files\WinCDEmu\batchmnt64.exe ---> 9e99abd9fa34f0e16d5e23c2dee310ab | |
| C:\Program Files\WinCDEmu\uninstall.exe ---> 291e21034c5624a80e9453785fdf63f6 | |
| C:\Program Files\WinCDEmu\uninstall64.exe ---> 03a8130b15afdac27244fb0f1ac58444 | |
| C:\Program Files\WinCDEmu\vmnt.exe ---> 43bd2dcdaf987486c5ba5d79dc9f9629 | |
| C:\Program Files\WinCDEmu\vmnt64.exe ---> 4b41a75123cfe10af9a9b904249314df | |
| C:\Program Files\WinCDEmu\x64\VirtualAutorunDisabler.exe ---> d58d8cc595fad84b273c7c1842d635cb | |
| C:\Program Files\WinCDEmu\x86\VirtualAutorunDisabler.exe ---> c0c74e0bc0af505ef12eea81781a6a52 | |
| C:\Program Files\WinCDEmu\x64\BazisVirtualCDBus.sys ---> e70215552f07e771f4083245d3ebc287 | |
| C:\Program Files\WinCDEmu\x86\BazisVirtualCDBus.sys ---> 1bab373a270207f600c9cf8f167f3f03 | |
| C:\Documents and Settings\Administrator\Local Settings\Temp\ssi50.tmp\drvinst32.exe ---> 89a62f871fbe2e1b00e1ed2a59f6c873 | |
| Davranış açıklaması: | 打开互斥体 |
| Daha fazla bilgi için: | ShimCacheMutex |
| Local\!IETld!Mutex | |
| RasPbFile | |
| Davranış açıklaması: | 创建系统服务 |
| Daha fazla bilgi için: | [服务创建成功]: BazisVirtualCDBus, system32\DRIVERS\BazisVirtualCDBus.sys |
| Davranış açıklaması: | 加载新释放的文件 |
| Daha fazla bilgi için: | Image: C:\Program Files\WinCDEmu\x86\VirtualAutorunDisablerPS.dll. |
| Image: C:\Program Files\WinCDEmu\x86\WinCDEmuContextMenu.dll. |
ANA SAYFA
