VirSCAN VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー

言語
サーバーロード
Server Load

VirSCAN
VirSCAN

1, あなた、しかしいずれもファイルする20MbあるUPLOADがファイル.
2, VirSCANがRar/Zip減圧を支持しますが、それが20個未満のファイル.
3, であるに違いない、VirSCAN缶のスキャンがパスワー

ファイル情報

ファイル名 :28.apk (ファイルのダウンロードを提供していません)
ファイルサイズ :13000605 byte
ファイル形式 : Zip archive data
MD5:112cf211e225ff3d6415d4ed10f6fafd
SHA1:a4cea7df504ae498ffcc66980969dd863935f5e4
SHA256:db113805ece00f0a823d675b14a99d4b9b2f6e9ec452e89a744d1ad4425cf37f
SSDEEP:
スキャン結果
スキャン結果:6%ウイルス対策ソフト(2/32)マルウェアと判定しました
行動分析レポート:         Haboファイル解析
時間: 2019-05-16 22:23:59 (CST)
スキャナ エンジンVer 定義ファイルのバージョン 作成日時 スキャン結果 時間
antiy AVL SDK 3.0 AVL SDK 3.0 2019-05-16 発見されませんでした 1
avast 18.4.3895.0 18.4.3895.0 2019-05-16 発見されませんでした 46
avg 10.0.1405 10.0.1405 2019-05-16 発見されませんでした 1
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 発見されませんでした 1
baidusd 1.0 1.0 2019-05-16 発見されませんでした 1
bitdefender 7.141118 7.141118 2019-05-16 発見されませんでした 13
clamav 25450 0.100.2 2019-05-15 PUA.Andr.Trojan.Mobidash-6888313-0 1
drweb 11.0.10.1810231600 11.0.10.1810231600 2019-03-26 Android.DownLoader.255.origin 18
emsisoft 9.0.0.4324 9.0.0.4324 2014-07-03 発見されませんでした 5
fortinet 1.000, 68.511, 68.346, 68.370 5.4.247 2019-05-16 発見されませんでした 12
fprot 4.6.2.117 6.5.1.5418 2014-12-31 発見されませんでした 2
fsecure 2015-08-01-02 9.13 2019-05-16 発見されませんでした 21
gdata 25.21965 25.21965 2019-05-16 発見されませんでした 21
ikarus 5.01.05 V1.32.39.0 2019-05-16 発見されませんでした 8
jiangmin 16.0.100 1.0.0.0 2019-05-16 発見されませんでした 5
kaspersky 5.5.33 5.5.33 2019-05-16 発見されませんでした 28
kingsoft 2.1 2.1 2013-09-22 発見されませんでした 9
mcafee 9149 5400.1158 2019-01-27 発見されませんでした 20
nod32 9075 4.5.15 2019-05-16 発見されませんでした 2
panda 9.05.01 9.05.01 2017-03-30 発見されませんでした 6
pcc 13.302.06 9.500-1005 2019-05-16 発見されませんでした 7
qh360 1.0.1 1.0.1 2019-05-16 発見されませんでした 6
qqphone 2.0.0.0 2.0.0.0 2019-05-16 発見されませんでした 1
quickheal 14.00 14.00 2019-02-10 発見されませんでした 7
rising 5031 5031 2019-05-15 発見されませんでした 11
sophos 4.62 3.16.1 2016-09-20 発見されませんでした 60
symantec 20151230.005 1.3.0.24 2015-12-30 発見されませんでした 1
tachyon 9.9.9 9.9.9 2013-12-27 発見されませんでした 15
thehacker 6.8.0.5 6.8.0.5 2017-03-30 発見されませんでした 8
tws 17.47.17308 1.0.2.2108 2019-05-15 発見されませんでした 16
vba 4.0.0 4.0.0 2019-05-16 発見されませんでした 7
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 発見されませんでした 7

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:112cf211e225ff3d6415d4ed10f6fafd
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x94354530, EDX = 0x000000b9
EAX = 0x9435457c, EDX = 0x000000b9
EAX = 0x943545c8, EDX = 0x000000b9
EAX = 0x94354614, EDX = 0x000000b9
EAX = 0x94354660, EDX = 0x000000b9
EAX = 0xb03b604c, EDX = 0x000000c3
EAX = 0xb8292e35, EDX = 0x000000c3
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00010516, DC = 0x01010746.
Foreground window Info: HWND = 0x00010518, DC = 0x0101074f.
Foreground window Info: HWND = 0x0001051a, DC = 0x01010746.
Foreground window Info: HWND = 0x0001051c, DC = 0x0101074f.
Foreground window Info: HWND = 0x0001051e, DC = 0x01010746.
Foreground window Info: HWND = 0x00010524, DC = 0x0101074f.
Foreground window Info: HWND = 0x00010520, DC = 0x01010746.
Foreground window Info: HWND = 0x00010508, DC = 0x01010746.
Foreground window Info: HWND = 0x00010506, DC = 0x0101074f.
Foreground window Info: HWND = 0x00010504, DC = 0x01010746.
行为描述: 获取TickCount值
详情信息: TickCount = 226916, SleepMilliseconds = 10.
TickCount = 226931, SleepMilliseconds = 10.
TickCount = 286937, SleepMilliseconds = 60000.
TickCount = 226947, SleepMilliseconds = 10.
TickCount = 226963, SleepMilliseconds = 10.
TickCount = 226978, SleepMilliseconds = 10.
TickCount = 226994, SleepMilliseconds = 10.
TickCount = 227010, SleepMilliseconds = 10.
TickCount = 227025, SleepMilliseconds = 10.
TickCount = 227041, SleepMilliseconds = 10.
TickCount = 227056, SleepMilliseconds = 10.
TickCount = 227072, SleepMilliseconds = 10.
TickCount = 227103, SleepMilliseconds = 10.
TickCount = 227119, SleepMilliseconds = 10.
进程行为
VirSCANVirSCAN
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x94354530, EDX = 0x000000b9
EAX = 0x9435457c, EDX = 0x000000b9
EAX = 0x943545c8, EDX = 0x000000b9
EAX = 0x94354614, EDX = 0x000000b9
EAX = 0x94354660, EDX = 0x000000b9
EAX = 0xb03b604c, EDX = 0x000000c3
EAX = 0xb8292e35, EDX = 0x000000c3
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00010516, DC = 0x01010746.
Foreground window Info: HWND = 0x00010518, DC = 0x0101074f.
Foreground window Info: HWND = 0x0001051a, DC = 0x01010746.
Foreground window Info: HWND = 0x0001051c, DC = 0x0101074f.
Foreground window Info: HWND = 0x0001051e, DC = 0x01010746.
Foreground window Info: HWND = 0x00010524, DC = 0x0101074f.
Foreground window Info: HWND = 0x00010520, DC = 0x01010746.
Foreground window Info: HWND = 0x00010508, DC = 0x01010746.
Foreground window Info: HWND = 0x00010506, DC = 0x0101074f.
Foreground window Info: HWND = 0x00010504, DC = 0x01010746.
行为描述: 获取TickCount值
详情信息: TickCount = 226916, SleepMilliseconds = 10.
TickCount = 226931, SleepMilliseconds = 10.
TickCount = 286937, SleepMilliseconds = 60000.
TickCount = 226947, SleepMilliseconds = 10.
TickCount = 226963, SleepMilliseconds = 10.
TickCount = 226978, SleepMilliseconds = 10.
TickCount = 226994, SleepMilliseconds = 10.
TickCount = 227010, SleepMilliseconds = 10.
TickCount = 227025, SleepMilliseconds = 10.
TickCount = 227041, SleepMilliseconds = 10.
TickCount = 227056, SleepMilliseconds = 10.
TickCount = 227072, SleepMilliseconds = 10.
TickCount = 227103, SleepMilliseconds = 10.
TickCount = 227119, SleepMilliseconds = 10.
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\WINDOWS\content\weixinSearchBlackMp.txt
C:\WINDOWS\content\weixinSearchBlackKey.txt
C:\WINDOWS\content\weixinSearchHistory.txt
C:\WINDOWS\content\weixinsearchRecord.edb
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\stat[1].htm
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe-up.txt
行为描述: 删除文件
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\C1OS62RY\stat[1].htm
行为描述: 修改文件内容
详情信息: C:\WINDOWS\content\weixinsearchRecord.edb ---> Offset = 0
C:\WINDOWS\content\weixinsearchRecord.edb ---> Offset = 112
C:\WINDOWS\content\weixinsearchRecord.edb ---> Offset = 116
C:\WINDOWS\content\weixinsearchRecord.edb ---> Offset = 188
C:\WINDOWS\content\weixinsearchRecord.edb ---> Offset = 260
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe-up.txt ---> Offset = 0
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe-up.txt ---> Offset = 32
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe-up.txt ---> Offset = 78
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe-up.txt ---> Offset = 124
C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe-up.txt ---> Offset = 170
行为描述: 设置特殊文件夹属性
详情信息: C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files
C:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5
C:\Documents and Settings\Administrator\Local Settings\History
C:\Documents and Settings\Administrator\Local Settings\History\History.IE5
C:\Documents and Settings\Administrator\Cookies
行为描述: 查找文件
详情信息: FileName = C:\Documents and Settings\Administrator\Local Settings\Temp
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%
FileName = C:\Documents and Settings\Administrator\Local Settings\%temp%\****.exe
FileName = C:\Documents and Settings
FileName = C:\Documents and Settings\Administrator
FileName = C:\Documents and Settings\Administrator\Local Settings
FileName = C:\Windows\content
FileName = C:\Windows\content\weixinSearchBlackMp.txt
FileName = C:\Windows\content\weixinSearchBlackKey.txt
FileName = C:\Windows\content\weixinSearchHistory.txt
FileName = C:\Windows\content\weixinsearchRecord.edb
FileName = C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\WINDOWS\system32\Ras\*.pbk
FileName = C:\Documents and Settings\Administrator\Application Data\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Documents and Settings\Administrator\Local Settings\History\History.IE5\MSHist012016091220160913\*.*
网络行为
VirSCANVirSCAN
行为描述: 连接指定站点
详情信息: WinHttpConnect: ServerName = ap****om, PORT = 80, UserName = , Password = , hSession = 0x04503100, hConnect = 0x04503200, Flags = 0x00000000
WinHttpConnect: ServerName = ap****om, PORT = 80, UserName = , Password = , hSession = 0x04503100, hConnect = 0x04503300, Flags = 0x00000000
InternetConnectA: ServerName = z1****om, PORT = 80, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
WinHttpConnect: ServerName = we****cn, PORT = 80, UserName = , Password = , hSession = 0x04502100, hConnect = 0x04502200, Flags = 0x00000000
InternetConnectA: ServerName = we****om, PORT = 443, UserName = , Password = , hSession = 0x00cc0004, hConnect = 0x00cc0008, Flags = 0x00000000
WinHttpConnect: ServerName = we****om, PORT = 443, UserName = , Password = , hSession = 0x04502000, hConnect = 0x04502100, Flags = 0x00000000
行为描述: 打开HTTP连接
详情信息: WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x04503100
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1), hSession = 0x00cc0004
WinHttpOpen: UserAgent: Mozilla/4.0 (compatible; Win32; WinHttp.WinHttpRequest.5), hSession = 0x04502100
行为描述: 建立到一个指定的套接字连接
详情信息: URL: ap****om, IP: **.133.40.**:80, SOCKET = 0x000003ac
URL: ap****om, IP: **.133.40.**:80, SOCKET = 0x000003c4
URL: ap****om, IP: **.133.40.**:80, SOCKET = 0x000003c8
URL: we****cn, IP: **.133.40.**:80, SOCKET = 0x0000028c
URL: z1****om, IP: **.133.40.**:80, SOCKET = 0x00000394
URL: we****om, IP: **.133.40.**:443, SOCKET = 0x000002b8
URL: we****om, IP: **.133.40.**:443, SOCKET = 0x000004b8
行为描述: 读取网络文件
详情信息: hFile = 0x00cc000c, BytesToRead =1024, BytesRead = 1024.
行为描述: 发送HTTP包
详情信息: POST /api/soft/soft_update_info.php HTTP/1.1 Accept: */* Referer: http://api.soft.xbw0.com/api/soft/soft_update_info.php Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Content-Type: application/x-www-form-urlencoded Content-Length: 8 Host: ap****om Connection: Keep-Alive softId=1
504F5354202F736F6674776172652F6D6573736167652F7365617263685F6A736F6E2E70687020485454502F312E310D0A4163636570743A202A2F2A0D0A526566657265723A20687474703A2F2F77656978696E2E6A75796966782E636E2F736F6674776172652F6D6573736167652F7365617263685F6A736F6E2E7068700D0A4163636570742D4C616E67756167653A207A682D636E0D0A557365722D4167656E743A204D6F7A696C6C612F342E302028636F6D70617469626C653B204D53494520392E303B2057696E646F7773204E5420362E31290D0A436F6E74656E742D547970653A206170706C69636174696F6E2F782D7777772D666F726D2D75726C656E636F6465643B20436861727365743D5554462D380D0A436F6E74656E742D4C656E6774683A2034330D0A486F73743A2077656978696E2E6A75796966782E636E0D0A436F6E6E656374696F6E3A204B6565702D416C6976650D0A0D0A736F66745F747970653DE5BEAEE4BFA1E585ACE4BC97E58FB7E69687E7ABA0E6909CE7B4A2E58AA9E6898B00
GET /stat.htm?id=1262860248&r=&iw=1&showp=0x0&lg=undefined&cnzz_eid=none&p=http://www.juyifx.cn/from=weixinsearch01&rnd=1558017800000 HTTP/1.1 Referer: http://www.juyifx.cn/from=weixinsearch01 Accept: */* Accept-Language: zh-cn User-Agent: Mozilla/4.0 (compatible; MSIE 9.0; Windows NT 6.1) Host: z1****om Cache-Control: no-cache
行为描述: 打开HTTP请求
详情信息: WinHttpOpenRequest: ap****om:80/api/soft/soft_update_info.php, hConnect = 0x04503200, hRequest = 0x040c0000, Verb: POST, Referer: , Flags = 0x00000080
WinHttpOpenRequest: ap****om:80/api/soft/soft_update_info.php, hConnect = 0x04503300, hRequest = 0x040c0000, Verb: POST, Referer: , Flags = 0x00000080
HttpOpenRequestA: z1****om:80/stat.htm?id=1262860248&r=&iw=1&showp=0x0&lg=undefined&cnzz_eid=none&p=http://www.juyifx.cn/from=weixinsearch01&rnd=1558017800000, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80004010
WinHttpOpenRequest: we****cn:80/software/message/search_json.php, hConnect = 0x04502200, hRequest = 0x037e0000, Verb: POST, Referer: , Flags = 0x00000080
HttpOpenRequestA: we****om:443/login_check.php?siteid=1262860248&url=jiwzkfmtizrwcmak&t=login, hConnect = 0x00cc0008, hRequest = 0x00cc000c, Verb: GET, Referer: , Flags = 0x80800010
WinHttpOpenRequest: we****om:443/main.php?c=site&a=overview&ajax=module%3dsummary&siteid=1262860248&_=1558017805000, hConnect = 0x04502100, hRequest = 0x03800000, Verb: GET, Referer: , Flags = 0x00800000
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: ap****om
GetAddrInfoW: we****cn
GetAddrInfoW: z1****om
GetAddrInfoW: we****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Multimedia\DrawDib\vga.drv 1920x973x32(BGR 0)
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
行为描述: 删除注册表键
详情信息: \REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\MACHINE\SOFTWARE\Microsoft\PCHealth\ErrorReporting\DW\DWFileTreeRoot
其他行为
VirSCANVirSCAN
行为描述: 创建互斥体
详情信息: RasPbFile
CTF.LBES.MutexDefaultS-*
CTF.Compart.MutexDefaultS-*
CTF.Asm.MutexDefaultS-*
CTF.Layouts.MutexDefaultS-*
CTF.TMD.MutexDefaultS-*
CTF.TimListCache.FMPDefaultS-*MUTEX.DefaultS-*
Local\!PrivacIE!SharedMemory!Mutex
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
MSCTF.Shared.MUTEX.IOH
MSCTF.Shared.MUTEX.MFK
行为描述: 创建事件对象
详情信息: EventName = DINPUTWINMM
EventName = MSCTF.SendReceive.Event.MFK.IC
EventName = MSCTF.SendReceiveConection.Event.MFK.IC
EventName = Global\userenv: User Profile setup event
EventName = Global\crypt32LogoffEvent
行为描述: 打开互斥体
详情信息: RasPbFile
ShimCacheMutex
Local\WininetStartupMutex
Local\_!MSFTHISTORY!_
Local\c:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Local\c:!documents and settings!administrator!cookies!
Local\c:!documents and settings!administrator!local settings!history!history.ie5!
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CtfmonInstMutexDefaultS-*
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [MS_AutodialMonitor,]
NtUserFindWindowEx: [Class,Window] = [MS_WebCheckMonitor,]
NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [CicLoaderWndClass,]
行为描述: 窗口信息
详情信息: Pid = 2648, Hwnd=0x1052e, Text = 确定, ClassName = Button.
Pid = 2648, Hwnd=0x10532, Text = 检测版本更新失败,请重新打开软件再次尝试,如若多次任然不行,请联系qq 2271745691反馈问题, ClassName = Static.
Pid = 2648, Hwnd=0x1052a, Text = 错误提示, ClassName = #32770.
Pid = 2648, Hwnd=0x10524, Text = 微 信 扫 码, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x10520, Text = 领超值福利, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x1051e, Text = 立即更新, ClassName = Button.
Pid = 2648, Hwnd=0x1051c, Text = 不能更新点我, ClassName = Button.
Pid = 2648, Hwnd=0x1051a, Text = 忽略更新, ClassName = Button.
Pid = 2648, Hwnd=0x10518, Text = 故障修复, ClassName = Button.
Pid = 2648, Hwnd=0x10516, Text = 是否播放语音, ClassName = Button(CheckBox).
Pid = 2648, Hwnd=0x1050e, Text = 文件尺寸, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x1050c, Text = 下载进度, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x1050a, Text = 下载速度, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x10508, Text = 历史更新内容:, ClassName = Afx:400000:b:10011:1900015:0.
Pid = 2648, Hwnd=0x10506, Text = 最新版本号:, ClassName = Afx:400000:b:10011:1900015:0.
行为描述: 获取TickCount值
详情信息: TickCount = 226916, SleepMilliseconds = 10.
TickCount = 226931, SleepMilliseconds = 10.
TickCount = 286937, SleepMilliseconds = 60000.
TickCount = 226947, SleepMilliseconds = 10.
TickCount = 226963, SleepMilliseconds = 10.
TickCount = 226978, SleepMilliseconds = 10.
TickCount = 226994, SleepMilliseconds = 10.
TickCount = 227010, SleepMilliseconds = 10.
TickCount = 227025, SleepMilliseconds = 10.
TickCount = 227041, SleepMilliseconds = 10.
TickCount = 227056, SleepMilliseconds = 10.
TickCount = 227072, SleepMilliseconds = 10.
TickCount = 227103, SleepMilliseconds = 10.
TickCount = 227119, SleepMilliseconds = 10.
行为描述: 获取光标位置
详情信息: CursorPos = (80,18468), SleepMilliseconds = 10.
CursorPos = (6373,26501), SleepMilliseconds = 10.
CursorPos = (19208,15725), SleepMilliseconds = 10.
CursorPos = (11517,29359), SleepMilliseconds = 10.
CursorPos = (27001,24465), SleepMilliseconds = 10.
CursorPos = (5744,28146), SleepMilliseconds = 10.
CursorPos = (23320,16828), SleepMilliseconds = 10.
CursorPos = (10000,492), SleepMilliseconds = 10.
CursorPos = (3034,11943), SleepMilliseconds = 10.
CursorPos = (4866,5437), SleepMilliseconds = 10.
CursorPos = (32430,14605), SleepMilliseconds = 10.
CursorPos = (3941,154), SleepMilliseconds = 10.
CursorPos = (331,12383), SleepMilliseconds = 10.
CursorPos = (17460,18717), SleepMilliseconds = 10.
CursorPos = (19757,19896), SleepMilliseconds = 10.
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
MSFT.VSA.COM.DISABLE.2648
MSFT.VSA.IEC.STATUS.6c736db0
CTF.ThreadMIConnectionEvent.000007E8.00000000.0000000F
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.0000000F
MSCTF.SendReceiveConection.Event.IOH.IC
MSCTF.SendReceive.Event.IOH.IC
CTF.ThreadMIConnectionEvent.000007E8.00000000.00000010
CTF.ThreadMarshalInterfaceEvent.000007E8.00000000.00000010
Global\SvcctrlStartEvent_A3752DX
\INSTALLATION_SECURITY_HOLD
Global\crypt32LogoffEvent
行为描述: 获取窗口截图信息
详情信息: Foreground window Info: HWND = 0x00010516, DC = 0x01010746.
Foreground window Info: HWND = 0x00010518, DC = 0x0101074f.
Foreground window Info: HWND = 0x0001051a, DC = 0x01010746.
Foreground window Info: HWND = 0x0001051c, DC = 0x0101074f.
Foreground window Info: HWND = 0x0001051e, DC = 0x01010746.
Foreground window Info: HWND = 0x00010524, DC = 0x0101074f.
Foreground window Info: HWND = 0x00010520, DC = 0x01010746.
Foreground window Info: HWND = 0x00010508, DC = 0x01010746.
Foreground window Info: HWND = 0x00010506, DC = 0x0101074f.
Foreground window Info: HWND = 0x00010504, DC = 0x01010746.
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 10.
[2]: MilliSeconds = 10.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 10.
[5]: MilliSeconds = 10.
[6]: MilliSeconds = 10.
[7]: MilliSeconds = 10.
[8]: MilliSeconds = 10.
[9]: MilliSeconds = 10.
[10]: MilliSeconds = 10.
行为描述: 隐藏指定窗口
详情信息: [Window,Class] = [<,AfxWnd42s]
[Window,Class] = [>,AfxWnd42s]
[Window,Class] = [,ComboLBox]
[Window,Class] = [搜索配置,Button]
[Window,Class] = [微信登录 | 二次搜索,Button]
[Window,Class] = [登录,Button]
[Window,Class] = [注册,Button]
[Window,Class] = [其他,Button]
[Window,Class] = [,SysListView32]
[Window,Class] = [所有文章,Button]
[Window,Class] = [更新日志,Button]
[Window,Class] = [,Afx:400000:8]
[Window,Class] = [,_EL_CommonDlg]
[Window,Class] = [建议反馈,Button]
[Window,Class] = [免费激活,Button]
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x94354530, EDX = 0x000000b9
EAX = 0x9435457c, EDX = 0x000000b9
EAX = 0x943545c8, EDX = 0x000000b9
EAX = 0x94354614, EDX = 0x000000b9
EAX = 0x94354660, EDX = 0x000000b9
EAX = 0xb03b604c, EDX = 0x000000c3
EAX = 0xb8292e35, EDX = 0x000000c3
运行截图
VirSCANVirSCAN
VirSCAN