VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00觉醒
file size: 101144
file type: application/x-dosexec
MD5: 6fc8dc19e6f61144a97c806e15438baf
sha1: b21667ea46c81a995dfb88dcb073d2d2093d7962

 CreateProcess

ApplicationName: C:\Users\Administrator\AppData\Local\Temp\Sysqemohhaq.exe
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemohhaq.exe"
childid: 536
childname: Sysqemohhaq.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\Sysqemohhaq.exe
drop_type:
name: 1618603228016_6fc8dc19e6f61144a97c806e15438baf.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618603228016_6fc8dc19e6f61144a97c806e15438baf.exe
pid: 2436
ApplicationName: C:\Users\Administrator\AppData\Local\Temp\Sysqemdekpi.exe
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemdekpi.exe"
childid: 2728
childname: Sysqemdekpi.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\Sysqemdekpi.exe
drop_type:
name: Sysqemohhaq.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\Sysqemohhaq.exe
pid: 536
ApplicationName: C:\Users\Administrator\AppData\Local\Temp\Sysqemdjjjc.exe
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemdjjjc.exe"
childid: 2932
childname: Sysqemdjjjc.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\Sysqemdjjjc.exe
drop_type:
name: Sysqemdekpi.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\Sysqemdekpi.exe
pid: 2728
ApplicationName: C:\Users\Administrator\AppData\Local\Temp\Sysqemafqtt.exe
CmdLine: "C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemafqtt.exe"
childid: 1776
childname: Sysqemafqtt.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\Sysqemafqtt.exe
drop_type:
name: Sysqemdjjjc.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\Sysqemdjjjc.exe
pid: 2932
ApplicationName:
CmdLine:
childid: 2436
childname: 1618603228016_6fc8dc19e6f61144a97c806e15438baf.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618603228016_6fc8dc19e6f61144a97c806e15438baf.exe
drop_type:
name:
noNeedLine:
path:
pid: 2040

 Summary

buffer: C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemohhaq.exe
processid: 2436
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
type: REG_SZ
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
buffer: C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemdekpi.exe
processid: 536
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
type: REG_SZ
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
buffer: C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemdjjjc.exe
processid: 2728
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
type: REG_SZ
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
buffer: C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemafqtt.exe
processid: 2932
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
type: REG_SZ
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load
buffer: C:\Users\ADMINI~1\AppData\Local\Temp\Sysqemcbbfl.exe
processid: 1776
szSubkey: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows
type: REG_SZ
valuename: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows\load

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2