VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 21.exe
file size: 10240
file type: application/x-dosexec
MD5: 29595b09689b3439923b259f853d7fa2
sha1: 4a5d2a9dca02355bc84ac7bcdea94267d6fbbc56

 CreateProcess

ApplicationName:
CmdLine:
childid: 1944
childname: 1620581421810_29595b09689b3439923b259f853d7fa2.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620581421810_29595b09689b3439923b259f853d7fa2.exe
drop_type:
name:
noNeedLine:
path:
pid: 2332

 Summary

buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1944
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1944
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1944
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1944
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1944
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 279
process_id: 1944
process_name: 1620581421810_29595b09689b3439923b259f853d7fa2.exe
rulename: 调用加密算法库
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 493
process_id: 1944
process_name: 1620581421810_29595b09689b3439923b259f853d7fa2.exe
rulename: 获取当前鼠标位置