VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load

VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

File information

Scanner results
Scanner results:0%Antivirus software(0/32)found malware!
Behavior analysis report:         Habo file analysis
Time: 2017-06-30 18:03:54 (CST)
Scanner Engine Ver Sig Ver Sig Date Scan result Time
antiy AVL SDK 2.0 1970-01-01 Found nothing 18
asquared 9.0.0.4799 9.0.0.4799 2015-03-08 Found nothing 3
avast 170303-1 4.7.4 2017-03-03 Found nothing 60
avg 2109/14122 10.0.1405 2017-06-29 Found nothing 60
baidu 2.0.1.0 4.1.3.52192 2.0.1.0 Found nothing 6
baidusd 1.0 1.0 2017-03-22 Found nothing 1
bitdefender 7.58879 7.90123 2015-01-16 Found nothing 60
clamav 23503 0.97.5 2017-06-24 Found nothing 60
drweb 5.0.2.3300 5.0.1.1 2017-06-18 Found nothing 60
fortinet 49.844, 49.844, 49.844 5.4.233 2017-06-30 Found nothing 60
fprot 4.6.2.117 6.5.1.5418 2016-02-05 Found nothing 60
fsecure 2015-08-01-02 9.13 2015-08-01 Found nothing 60
gdata 25.13117 25.13117 2017-06-29 Found nothing 26
ikarus 1.06.01 V1.32.31.0 2016-11-28 Found nothing 60
jiangmin 16.0.100 1.0.0.0 2017-06-28 Found nothing 3
kaspersky 5.5.33 5.5.33 2014-04-01 Found nothing 60
kingsoft 2.1 2.1 2017-06-29 Found nothing 60
mcafee 8261 5400.1158 2016-08-18 Found nothing 60
nod32 1777 3.0.21 2015-06-12 Found nothing 60
panda 9.05.01 9.05.01 2017-06-28 Found nothing 5
pcc 13.302.06 9.500-1005 2017-03-27 Found nothing 60
qh360 1.0.1 1.0.1 1.0.1 Found nothing 11
qqphone 1.0.0.0 1.0.0.0 2015-12-30 Found nothing 60
quickheal 14.00 14.00 2017-06-28 Found nothing 6
rising 26.28.00.01 26.28.00.01 2016-07-18 Found nothing 34
sophos 5.32 3.65.2 2016-10-10 Found nothing 60
symantec 20151230.005 1.3.0.24 2015-12-30 Found nothing 60
tachyon 9.9.9 9.9.9 2013-12-27 Found nothing 9
thehacker 6.8.0.5 6.8.0.5 2017-06-27 Found nothing 12
tws 17.47.17308 1.0.2.2108 2017-06-29 Found nothing 32
vba 3.12.29.5 beta 3.12.29.5 beta 2017-06-28 Found nothing 60
virusbuster 15.0.985.0 5.5.2.13 2014-12-05 Found nothing 60

没有相关的权限信息

文件信息
VirSCANVirSCAN
安全评分 :
基本信息
VirSCANVirSCAN
MD5:e4eff15533fa73ceb9ce053edabecb12
文件大小:5.58MB
上传时间: 2014-09-22 10:36:30 (CST)
包名:
最低运行环境:
版权:
关键行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000b34
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\ipsec32.sys
行为描述: 获取TickCount值
详情信息: TickCount = 129281, SleepMilliseconds = 60000.
TickCount = 129296, SleepMilliseconds = 60000.
TickCount = 129312, SleepMilliseconds = 60000.
TickCount = 129343, SleepMilliseconds = 60000.
TickCount = 129546, SleepMilliseconds = 60000.
TickCount = 129562, SleepMilliseconds = 60000.
TickCount = 129593, SleepMilliseconds = 60000.
TickCount = 129609, SleepMilliseconds = 60000.
TickCount = 129625, SleepMilliseconds = 60000.
TickCount = 129656, SleepMilliseconds = 60000.
TickCount = 129906, SleepMilliseconds = 60000.
TickCount = 129921, SleepMilliseconds = 60000.
TickCount = 129937, SleepMilliseconds = 60000.
TickCount = 129953, SleepMilliseconds = 60000.
TickCount = 130015, SleepMilliseconds = 60000.
行为描述: 查找PE资源信息
详情信息: (FindResourceExExW) hModule = 0x00000000, ResName: 95(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 140(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 97(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x3da48480, EDX = 0x00000039
EAX = 0x405783fc, EDX = 0x00000039
EAX = 0x40578448, EDX = 0x00000039
EAX = 0x40578494, EDX = 0x00000039
EAX = 0x5033201a, EDX = 0x00000039
EAX = 0x50332066, EDX = 0x00000039
EAX = 0x6d3757f6, EDX = 0x00000039
EAX = 0x6d375842, EDX = 0x00000039
EAX = 0x6fea57be, EDX = 0x00000039
EAX = 0x6fea580a, EDX = 0x00000039
EAX = 0x26abdd27, EDX = 0x0000003b
EAX = 0x314caa40, EDX = 0x0000003b
EAX = 0x4b9de2a0, EDX = 0x0000003b
EAX = 0x4bc912df, EDX = 0x0000003b
行为描述: 创建系统服务
详情信息: [服务创建成功]: ipsec32.sys, C:\Windows\ipsec32.sys
进程行为
VirSCANVirSCAN
行为描述: 跨进程写入数据
详情信息: TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150000, Size = 0x00000020 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x00150020, Size = 0x00000034 TargetPID = 0x00000b34
TargetProcess = C:\Windows\supportf18.exe, WriteAddress = 0x7ffdf238, Size = 0x00000004 TargetPID = 0x00000b34
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\ipsec32.sys
行为描述: 获取TickCount值
详情信息: TickCount = 129281, SleepMilliseconds = 60000.
TickCount = 129296, SleepMilliseconds = 60000.
TickCount = 129312, SleepMilliseconds = 60000.
TickCount = 129343, SleepMilliseconds = 60000.
TickCount = 129546, SleepMilliseconds = 60000.
TickCount = 129562, SleepMilliseconds = 60000.
TickCount = 129593, SleepMilliseconds = 60000.
TickCount = 129609, SleepMilliseconds = 60000.
TickCount = 129625, SleepMilliseconds = 60000.
TickCount = 129656, SleepMilliseconds = 60000.
TickCount = 129906, SleepMilliseconds = 60000.
TickCount = 129921, SleepMilliseconds = 60000.
TickCount = 129937, SleepMilliseconds = 60000.
TickCount = 129953, SleepMilliseconds = 60000.
TickCount = 130015, SleepMilliseconds = 60000.
行为描述: 查找PE资源信息
详情信息: (FindResourceExExW) hModule = 0x00000000, ResName: 95(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 140(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 97(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x3da48480, EDX = 0x00000039
EAX = 0x405783fc, EDX = 0x00000039
EAX = 0x40578448, EDX = 0x00000039
EAX = 0x40578494, EDX = 0x00000039
EAX = 0x5033201a, EDX = 0x00000039
EAX = 0x50332066, EDX = 0x00000039
EAX = 0x6d3757f6, EDX = 0x00000039
EAX = 0x6d375842, EDX = 0x00000039
EAX = 0x6fea57be, EDX = 0x00000039
EAX = 0x6fea580a, EDX = 0x00000039
EAX = 0x26abdd27, EDX = 0x0000003b
EAX = 0x314caa40, EDX = 0x0000003b
EAX = 0x4b9de2a0, EDX = 0x0000003b
EAX = 0x4bc912df, EDX = 0x0000003b
行为描述: 创建系统服务
详情信息: [服务创建成功]: ipsec32.sys, C:\Windows\ipsec32.sys
文件行为
VirSCANVirSCAN
行为描述: 创建文件
详情信息: C:\Windows\libegl.dll
C:\Windows\supportf18.exe
C:\Windows\ipsec32.sys
C:\Windows\System32\PanData\log\20170705075501.log
C:\Windows\System32\PanData\aria2c.exe
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\wpad[1].dat
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\api[1]
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
行为描述: 创建可执行文件
详情信息: C:\Windows\libegl.dll
C:\Windows\supportf18.exe
C:\Windows\ipsec32.sys
C:\Windows\System32\PanData\aria2c.exe
行为描述: 查找文件
详情信息: FileName = C:\Windows\libegl.zh-CN
FileName = C:\Windows\libegl.zh-Hans
FileName = C:\Windows\libegl.zh
FileName = C:\Windows\libegl.en-US
FileName = C:\Windows\libegl.en
FileName = C:\Windows\libegl.CHS
FileName = C:\Windows\libegl.CH
FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk
FileName = C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Windows\system32\Ras\*.pbk
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk
FileName = C:\Users\Administrator\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk
FileName = C:\Windows
FileName = C:\Windows\*.*
FileName = C:\Users\Administrator\Desktop\QQ浏览器.lnk
行为描述: 删除文件
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\wpad[1].dat
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\2KQWVTOD\api[1]
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb
C:\Users\Administrator\AppData\Local\Microsoft\Windows\WER\ERC\statecache.lock
行为描述: 设置特殊文件夹属性
详情信息: C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5
C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Cookies
C:\Users\Administrator\AppData\Local\Microsoft\Windows\History\History.IE5
行为描述: 修改文件内容
详情信息: C:\Windows\libegl.dll ---> Offset = 0
C:\Windows\supportf18.exe ---> Offset = 0
C:\Windows\ipsec32.sys ---> Offset = 0
C:\Windows\System32\PanData\log\20170705075501.log ---> Offset = 0
C:\Windows\System32\PanData\aria2c.exe ---> Offset = 0
C:\Windows\WindowsUpdate.log ---> Offset = 53248
C:\Windows\WindowsUpdate.log ---> Offset = 54288
C:\Windows\WindowsUpdate.log ---> Offset = 54408
C:\Windows\WindowsUpdate.log ---> Offset = 54492
C:\Windows\WindowsUpdate.log ---> Offset = 54575
C:\Windows\WindowsUpdate.log ---> Offset = 54631
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 0
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 393216
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 131072
C:\Windows\SoftwareDistribution\DataStore\Logs\tmp.edb ---> Offset = 65536
网络行为
VirSCANVirSCAN
行为描述: 联网打开网址
详情信息: InternetOpenUrlA: http://u.****om/gameall/api?a=s&nm=ggggg&q=d43&v=1.0.0&s3=0&m=08-00-27-48-89-80, hInternet = 0x00cc0004, Flags = 0x00000001
InternetOpenUrlA: http://**.133.40.**:128/wpad.dat, hInternet = 0x00cc0008, Flags = 0x00000010
行为描述: 打开HTTP连接
详情信息: InternetOpenA: UserAgent: b70c, hSession = 0x00cc0004
InternetOpenA: UserAgent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0), hSession = 0x00cc0008
行为描述: 建立到一个指定的套接字连接
详情信息: URL: wpad, IP: **.133.40.**:128, SOCKET = 0x00000424
URL: u.****om, IP: **.133.40.**:80, SOCKET = 0x00000420
行为描述: 读取网络文件
详情信息: hFile = 0x00cc0010, BytesToRead =4010, BytesRead = 4010.
行为描述: 发送HTTP包
详情信息: GET /wpad.dat HTTP/1.1 Accept: */* User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Win32; Trident/4.0) Host: **.133.40.**:128
GET /gameall/api?a=s&nm=ggggg&q=d43&v=1.0.0&s3=0&m=08-00-27-48-89-80 HTTP/1.1 User-Agent: b70c Host: u.****om
行为描述: 按名称获取主机地址
详情信息: GetAddrInfoW: a-PC
GetAddrInfoW: wpad
GetAddrInfoW: u.****om
注册表行为
VirSCANVirSCAN
行为描述: 修改注册表
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows Script\Settings\JITDebug
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASAPI32\FileDirectory
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableFileTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\EnableConsoleTracing
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\ConsoleTracingMask
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\MaxFileSize
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Tracing\b70c_RASMANCS\FileDirectory
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\SavedLegacySettings
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-*\RefCount
行为描述: 删除注册表键值
详情信息: \REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyServer
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ProxyOverride
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\AutoConfigURL
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
\REGISTRY\USER\S-*\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
\REGISTRY\MACHINE\SYSTEM\ControlSet001\services\BITS\Performance\PerfMMFileName
其他行为
VirSCANVirSCAN
行为描述: 检测自身是否被调试
详情信息: IsDebuggerPresent
行为描述: 创建互斥体
详情信息: Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
RasPbFile
PanDownload
Local\ZonesCounterMutex
Local\ZoneAttributeCacheCounterMutex
Local\ZonesCacheCounterMutex
Local\ZonesLockedCacheCounterMutex
IESQMMUTEX_0_208
Local\!IETld!Mutex
行为描述: 常规加载驱动
详情信息: \??\C:\Windows\ipsec32.sys
行为描述: 打开互斥体
详情信息: Local\MSCTF.Asm.MutexDefault1
Local\_!MSFTHISTORY!_
Local\c:!users!administrator!appdata!local!microsoft!windows!temporary internet files!content.ie5!
Local\c:!users!administrator!appdata!roaming!microsoft!windows!cookies!
Local\c:!users!administrator!appdata!local!microsoft!windows!history!history.ie5!
Local\WininetStartupMutex
Local\WininetConnectionMutex
Local\WininetProxyRegistryMutex
Local\!IETld!Mutex
CDBurnNotify
Global\CDBurnExclusive
行为描述: 查找指定窗口
详情信息: NtUserFindWindowEx: [Class,Window] = [Shell_TrayWnd,]
NtUserFindWindowEx: [Class,Window] = [SystemTray_Main,]
行为描述: 启动系统服务
详情信息: [服务启动成功]: , ipsec32.sys, \??\C:\Windows\ipsec32.sys
行为描述: 窗口信息
详情信息: Pid = 2868, Hwnd=0x20168, Text = 本软件仅供学习交流使用,不得用于商业用途!, ClassName = MsgBoxUI.
Pid = 2484, Hwnd=0x20186, Text = 1:, ClassName = Static.
Pid = 2484, Hwnd=0x20184, Text = load, ClassName = Button.
Pid = 2484, Hwnd=0x20182, Text = 1, ClassName = Button.
Pid = 2484, Hwnd=0x20180, Text = 2, ClassName = Button.
Pid = 2484, Hwnd=0x201ba, Text = 3, ClassName = Button.
Pid = 2484, Hwnd=0x201e6, Text = 4, ClassName = Button.
Pid = 2484, Hwnd=0x30172, Text = C:\Users\Administrator\Desktop, ClassName = MFCEditBrowse.
行为描述: 获取TickCount值
详情信息: TickCount = 129281, SleepMilliseconds = 60000.
TickCount = 129296, SleepMilliseconds = 60000.
TickCount = 129312, SleepMilliseconds = 60000.
TickCount = 129343, SleepMilliseconds = 60000.
TickCount = 129546, SleepMilliseconds = 60000.
TickCount = 129562, SleepMilliseconds = 60000.
TickCount = 129593, SleepMilliseconds = 60000.
TickCount = 129609, SleepMilliseconds = 60000.
TickCount = 129625, SleepMilliseconds = 60000.
TickCount = 129656, SleepMilliseconds = 60000.
TickCount = 129906, SleepMilliseconds = 60000.
TickCount = 129921, SleepMilliseconds = 60000.
TickCount = 129937, SleepMilliseconds = 60000.
TickCount = 129953, SleepMilliseconds = 60000.
TickCount = 130015, SleepMilliseconds = 60000.
行为描述: 调整进程token权限
详情信息: SE_SECURITY_PRIVILEGE
SE_SHUTDOWN_PRIVILEGE
SE_ASSIGNPRIMARYTOKEN_PRIVILEGE
SE_MANAGE_VOLUME_PRIVILEGE
行为描述: 打开事件
详情信息: HookSwitchHookEnabledEvent
\KernelObjects\MaximumCommitCondition
MSFT.VSA.COM.DISABLE.2484
MSFT.VSA.IEC.STATUS.6c736db0
Local\MSCTF.CtfActivated.Default1
Local\MSCTF.AsmCacheReady.Default1
\SECURITY\LSA_AUTHENTICATION_INITIALIZED
Global\SvcctrlStartEvent_A3752DX
SC_AutoStartComplete
行为描述: 查找PE资源信息
详情信息: (FindResourceExExW) hModule = 0x00000000, ResName: 95(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 140(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00000000, ResName: 97(ID), ResType: WIN32EXE
(FindResourceExExW) hModule = 0x00400000, ResName: 84(ID), ResType: EXE
行为描述: 可执行文件签名信息
详情信息: C:\Windows\libegl.dll(签名验证: 未通过)
C:\Windows\supportf18.exe(签名验证: 未通过)
C:\Windows\ipsec32.sys(签名验证: 未通过)
C:\Windows\System32\PanData\aria2c.exe(签名验证: 未通过)
行为描述: 调用Sleep函数
详情信息: [1]: MilliSeconds = 60000.
[2]: MilliSeconds = 60000.
[3]: MilliSeconds = 60000.
[4]: MilliSeconds = 60000.
[5]: MilliSeconds = 0.
[6]: MilliSeconds = 60000.
[1]: MilliSeconds = 1.
[2]: MilliSeconds = 1.
[3]: MilliSeconds = 1.
[4]: MilliSeconds = 1.
[5]: MilliSeconds = 1.
[6]: MilliSeconds = 1.
[7]: MilliSeconds = 1.
[8]: MilliSeconds = 1.
[9]: MilliSeconds = 1.
行为描述: 可执行文件MD5
详情信息: C:\Windows\libegl.dll ---> 65b2f8a9e6d8975b740d3653d0b074bd
C:\Windows\supportf18.exe ---> 998547ca9f737daa7aac927fd46a3b56
C:\Windows\ipsec32.sys ---> 41c44e42120549e5222c3c6a2b5ad3b4
C:\Windows\System32\PanData\aria2c.exe ---> 4943ba11f55a2140a95847f09ead2fe6
行为描述: 直接获取CPU时钟
详情信息: EAX = 0x3da48480, EDX = 0x00000039
EAX = 0x405783fc, EDX = 0x00000039
EAX = 0x40578448, EDX = 0x00000039
EAX = 0x40578494, EDX = 0x00000039
EAX = 0x5033201a, EDX = 0x00000039
EAX = 0x50332066, EDX = 0x00000039
EAX = 0x6d3757f6, EDX = 0x00000039
EAX = 0x6d375842, EDX = 0x00000039
EAX = 0x6fea57be, EDX = 0x00000039
EAX = 0x6fea580a, EDX = 0x00000039
EAX = 0x26abdd27, EDX = 0x0000003b
EAX = 0x314caa40, EDX = 0x0000003b
EAX = 0x4b9de2a0, EDX = 0x0000003b
EAX = 0x4bc912df, EDX = 0x0000003b
行为描述: 创建系统服务
详情信息: [服务创建成功]: ipsec32.sys, C:\Windows\ipsec32.sys
行为描述: 加载新释放的文件
详情信息: Image: C:\Windows\libegl.dll.
Image: C:\Windows\supportf18.exe.
运行截图
VirSCANVirSCAN
VirSCAN