VirSCAN VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载Virscan Uploader进行上传。

选择语言
服务器负载
Server Load

VirSCAN
VirSCAN

1, 你可以上传任何文件,但是文件的尺寸不能超过20兆。
2, 我们支持RAR或ZIP格式的自动解压缩,但压缩文件中不能包含超过20个文件。
3, 我们可以识别并检测密码为 'infected' 或 'virus' 的压缩文件包。
4, 如果您的浏览器无法上传文件,请下载夸克浏览器。

   文件信息

virscan.org多引擎扫描报告
行为分析报告:         哈勃文件分析

基本信息

MD5:987b65cd9b9f4e9a1afd8f8b48cf64a7
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:

关键行为

行为描述: 常规加载驱动
详细信息: \??\C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\996E.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys
行为描述: 查找PE资源信息
详细信息: (FindResourceExExW) hModule = 0x40000000, ResName: e7(ID), ResType: KERNEL

进程行为

行为描述: 创建本地线程
详细信息: ProcessId = 3372, ThreadId = 4044.
ProcessId = 3372, ThreadId = 1884.
ProcessId = 3372, ThreadId = 3272.
ProcessId = 3372, ThreadId = 1580.
ProcessId = 3372, ThreadId = 3576.

文件行为

行为描述: 创建文件
详细信息: C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys
C:\Users\Administrator\AppData\Local\%temp%\996E.sys
C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys
C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys
C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys
C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys
C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys
C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys
C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys
C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys
C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys
C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys
C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys
C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys
C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys
行为描述: 删除文件
详细信息: C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys
C:\Users\Administrator\AppData\Local\%temp%\996E.sys
C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys
C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys
C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys
C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys
C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys
C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys
C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys
C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys
C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys
C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys
C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys
C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys
C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys
行为描述: 创建可执行文件
详细信息: C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys
C:\Users\Administrator\AppData\Local\%temp%\996E.sys
C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys
C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys
C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys
C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys
C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys
C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys
C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys
C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys
C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys
C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys
C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys
C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys
C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys
行为描述: 修改文件内容
详细信息: C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\996E.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys ---> Offset = 0
C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys ---> Offset = 0

网络行为

行为描述: 联网打开网址
详细信息: InternetOpenUrlA: http://ww****om/PCHunter_StandardV1.56=CAAC842A698B6337296D0526629D89F745EE67C015D71F0F13EB0DD3824C08EBC94B548EDAED6BE88B31687B2C229E64, hInternet = 0x00cc0004, Flags = 0x00000001
行为描述: 连接指定站点
详细信息: InternetConnectW: ServerName = ww****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
行为描述: 打开HTTP连接
详细信息: InternetOpenA: UserAgent: 996E, hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.2; Win64; x64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729), hSession = 0x00cc0004
行为描述: 读取网络文件
详细信息: hFile = 0x00cc000c, BytesToRead =2048, BytesRead = 2048.
行为描述: 打开HTTP请求
详细信息: HttpOpenRequestW: ww****om:80/pchunter/pchunter_free, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x00400010
行为描述: 按名称获取主机地址
详细信息: GetAddrInfoW: ww****om

注册表行为

行为描述: 修改注册表
详细信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996Eas\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996Eas\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996E\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996E\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uqtbgimwgwlyyax\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uqtbgimwgwlyyax\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ohhlyyikginhkpad\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ohhlyyikginhkpad\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tguwkyyadxenqnis\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tguwkyyadxenqnis\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\xceycjnnydimez\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\xceycjnnydimez\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\efxovijjtaxxhtrz\Type
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\efxovijjtaxxhtrz\ErrorControl
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ukskjtmihuizrdw\Type
行为描述: 删除注册表键
详细信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996Eas\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996E\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uqtbgimwgwlyyax\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ohhlyyikginhkpad\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tguwkyyadxenqnis\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\xceycjnnydimez\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\efxovijjtaxxhtrz\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ukskjtmihuizrdw\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\shaqksxdqeuytv\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\eusmoxjkbdsfvscdo\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\kidcgynfonsupvurj\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uzsucgluvowcmpjcb\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\hugzlqliuhdntvl\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\htgfauhjebztotmj\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\duynuvewpenobyypq\
行为描述: 修改注册表_服务项
详细信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996Eas\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996Eas\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996E\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\996E\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uqtbgimwgwlyyax\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\uqtbgimwgwlyyax\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ohhlyyikginhkpad\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ohhlyyikginhkpad\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tguwkyyadxenqnis\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\tguwkyyadxenqnis\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\xceycjnnydimez\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\xceycjnnydimez\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\efxovijjtaxxhtrz\Start
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\efxovijjtaxxhtrz\ImagePath
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\ukskjtmihuizrdw\Start
行为描述: 删除注册表键_安全模式启动项
详细信息: \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\uqtbgimwgwlyyax.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\uqtbgimwgwlyyax.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ohhlyyikginhkpad.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ohhlyyikginhkpad.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\tguwkyyadxenqnis.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\tguwkyyadxenqnis.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\xceycjnnydimez.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\xceycjnnydimez.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\efxovijjtaxxhtrz.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\efxovijjtaxxhtrz.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\ukskjtmihuizrdw.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\ukskjtmihuizrdw.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\shaqksxdqeuytv.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Network\shaqksxdqeuytv.sys\
\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\SafeBoot\Minimal\eusmoxjkbdsfvscdo.sys\
行为描述: 删除注册表键值
详细信息: \REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-1-5-21-1170589654-2814428265-349930785-500\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\AutoDetect

其他行为

行为描述: 检测自身是否被调试
详细信息: IsDebuggerPresent
行为描述: 创建互斥体
详细信息: Local\SessionImmersiveColorMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
行为描述: 创建事件对象
详细信息: EventName = PC Hunter StandardMadeByEpoolsoft
行为描述: 常规加载驱动
详细信息: \??\C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\996E.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys
\??\C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys
行为描述: 查找指定窗口
详细信息: FindWindowExW: [Class,Window] = [OleMainThreadWndClass,]
行为描述: 窗口信息
详细信息: Pid = 3372, Hwnd=0x13037a, Text = 确定, ClassName = Button.
Pid = 3372, Hwnd=0x1803f8, Text = 加载驱动失败!, ClassName = Static.
Pid = 3372, Hwnd=0x1103a6, Text = roviebxoxu, ClassName = #32770.
Pid = 3372, Hwnd=0xd0326, Text = Tab1, ClassName = SysTabControl32.
Pid = 3372, Hwnd=0xc02b0, Text = List1, ClassName = SysListView32.
Pid = 3372, Hwnd=0xb03ca, Text = 进程: 0, 隐藏进程: 0, 应用层不可访问进程: 0, ClassName = Static.
Pid = 3372, Hwnd=0xd02b2, Text = List1, ClassName = SysListView32.
Pid = 3372, Hwnd=0x1f0396, Text = List1, ClassName = SysListView32.
Pid = 3372, Hwnd=0xc02fa, Text = Tab1, ClassName = SysTabControl32.
Pid = 3372, Hwnd=0xd02ac, Text = Tab1, ClassName = SysTabControl32.
Pid = 3372, Hwnd=0xb029e, Text = Tab1, ClassName = SysTabControl32.
Pid = 3372, Hwnd=0x1902ce, Text = Tab1, ClassName = SysTabControl32.
Pid = 3372, Hwnd=0xb03f6, Text = Tree1, ClassName = SysTreeView32.
Pid = 3372, Hwnd=0x1103c2, Text = List1, ClassName = SysListView32.
Pid = 3372, Hwnd=0x1302f2, Text = Tree1, ClassName = SysTreeView32.
行为描述: 调整进程token权限
详细信息: SE_DEBUG_PRIVILEGE
SE_LOAD_DRIVER_PRIVILEGE
行为描述: 打开事件
详细信息: \SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
行为描述: 查找PE资源信息
详细信息: (FindResourceExExW) hModule = 0x40000000, ResName: e7(ID), ResType: KERNEL
行为描述: 可执行文件签名信息
详细信息: C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\996E.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys(签名验证: 通过)
C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys(签名验证: 通过)
行为描述: 调用Sleep函数
详细信息: [1]: MilliSeconds = 8000.
[2]: MilliSeconds = 8000.
[3]: MilliSeconds = 10000.
[4]: MilliSeconds = 8000.
[5]: MilliSeconds = 8000.
[6]: MilliSeconds = 8000.
[7]: MilliSeconds = 8000.
[8]: MilliSeconds = 8000.
[9]: MilliSeconds = 8000.
[10]: MilliSeconds = 8000.
行为描述: 隐藏指定窗口
详细信息: [Window,Class] = [List1,SysListView32]
[Window,Class] = [,ComboLBox]
[Window,Class] = [Email: PCHunter@epoolsoft.com,Static]
[Window,Class] = [Home Page: www.epoolsoft.com,Static]
[Window,Class] = [MicroBlog: http://t.qq.com/epoolsoft,Static]
[Window,Class] = [Introduction Link,Static]
[Window,Class] = [BuyLink,Static]
[Window,Class] = [Check new version,Static]
行为描述: 获取光标位置
详细信息: CursorPos = (151,18467), SleepMilliseconds = 8000.
CursorPos = (6444,26500), SleepMilliseconds = 8000.
行为描述: 可执行文件MD5
详细信息: C:\Users\Administrator\AppData\Local\%temp%\996Eas.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\996E.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\uqtbgimwgwlyyax.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\ohhlyyikginhkpad.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\tguwkyyadxenqnis.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\xceycjnnydimez.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\efxovijjtaxxhtrz.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\ukskjtmihuizrdw.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\shaqksxdqeuytv.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\eusmoxjkbdsfvscdo.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\kidcgynfonsupvurj.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\uzsucgluvowcmpjcb.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\hugzlqliuhdntvl.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\htgfauhjebztotmj.sys ---> 5eb2f44651d3e4b90664bab3070409ff
C:\Users\Administrator\AppData\Local\%temp%\duynuvewpenobyypq.sys ---> 5eb2f44651d3e4b90664bab3070409ff
行为描述: 打开互斥体
详细信息: Local\ShimViewer
Local\MSCTF.Asm.MutexDefault1S-1-5-21-1170589654-2814428265-349930785-500
CicLoadWinStaWinSta0
Local\MSCTF.CtfMonitorInstMutexDefault1