VirSCAN VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.
4, If your browser cannot upload files, please download VirSCAN uploader to upload.

Language
Server load
Server Load
VirSCAN
VirSCAN

1, You can UPLOAD any files, but there is 20Mb limit per file.
2, VirSCAN supports Rar/Zip decompression, but it must be less than 20 files.
3, Aplikace VirSCAN může skenovat komprimované soubory s heslem 'infected'nebo'virus'.

Basic Information

file name: 00神魔养殖场
file size: 212992
file type: application/x-dosexec
MD5: 5329602fbc26bed9611da9d9465aae54
sha1: 48212f88d8db157c2a410ede85ccd020e84b405c

 CreateProcess

ApplicationName:
CmdLine: "C:\windows\system\TVPWLQ.exe.bat"
childid: 1636
childname: cmd.exe
childpath: C:\Windows\SysWOW64\cmd.exe
drop_type:
name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
noNeedLine: 1
path: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
pid: 2432
ApplicationName:
CmdLine: "C:\windows\system32\AEOXD.exe.bat"
childid: 3052
childname: cmd.exe
childpath: C:\Windows\SysWOW64\cmd.exe
drop_type:
name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
pid: 2432
ApplicationName:
CmdLine: "C:\windows\system\GUWVOIQ.exe.bat"
childid: 2540
childname: cmd.exe
childpath: C:\Windows\SysWOW64\cmd.exe
drop_type:
name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
pid: 2432
ApplicationName: C:\Windows\system\TVPWLQ.exe
CmdLine: C:\windows\system\TVPWLQ.exe
childid: 2216
childname: TVPWLQ.exe
childpath: C:\Windows\system\TVPWLQ.exe
drop_type:
name: cmd.exe
noNeedLine:
path: C:\Windows\SysWOW64\cmd.exe
pid: 1636
ApplicationName: C:\Windows\System32\AEOXD.exe
CmdLine: C:\windows\system32\AEOXD.exe
childid: 1176
childname: AEOXD.exe
childpath: C:\Windows\System32\AEOXD.exe
drop_type:
name: cmd.exe
noNeedLine:
path: C:\Windows\SysWOW64\cmd.exe
pid: 3052
ApplicationName: C:\Windows\system\GUWVOIQ.exe
CmdLine: C:\windows\system\GUWVOIQ.exe
childid: 2744
childname: GUWVOIQ.exe
childpath: C:\Windows\system\GUWVOIQ.exe
drop_type:
name: cmd.exe
noNeedLine:
path: C:\Windows\SysWOW64\cmd.exe
pid: 2540
ApplicationName:
CmdLine:
childid: 2432
childname: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
drop_type:
name:
noNeedLine:
path:
pid: 2236

 Summary

buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\Users\Administrator\AppData\Local\Temp\1618992031126_5329602fbc26bed9611da9d9465aae54.exe
processid: 2432
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: e3b37e72
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9
buffer: C:\windows\system\GUWVOIQ.exe
processid: 2744
szSubkey: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
type: REG_SZ
valuename: 940b48e9

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 162
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 获取当前鼠标位置
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过从资源段释放文件并运行的方式,以达到隐藏恶意代码的目的
num: 205
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 从资源段释放文件并运行
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 427
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 745
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序创建隐藏进程在背后偷偷运行
num: 808
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 创建隐藏子进程
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 810
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 持久化
level: 3
matchedinfo: 恶意程序通过写文件到自启动目录,以达到开机自启动的目的
num: 818
process_id: 2432
process_name: 1618992031126_5329602fbc26bed9611da9d9465aae54.exe
rulename: 新增自动运行功能 (通过写文件到自启动目录)
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 2
process_id: 1636
process_name: cmd.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 27
process_id: 1636
process_name: cmd.exe
rulename: 遍历文件
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 2
process_id: 3052
process_name: cmd.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 27
process_id: 3052
process_name: cmd.exe
rulename: 遍历文件
attck_tactics: 执行
level: 2
matchedinfo: 恶意程序通过打开线程,以达到操作其它线程的目的
num: 2
process_id: 2540
process_name: cmd.exe
rulename: 打开其他线程
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 27
process_id: 2540
process_name: cmd.exe
rulename: 遍历文件
attck_tactics: 防御逃逸
level: 2
matchedinfo: 检查程序运行时监视鼠标是否移动。一般被恶意软件用于沙盒逃逸
num: 161
process_id: 2744
process_name: GUWVOIQ.exe
rulename: 获取当前鼠标位置
attck_tactics: 基础信息获取
level: 1
matchedinfo: 通过文件遍历查找指定目标文件
num: 431
process_id: 2744
process_name: GUWVOIQ.exe
rulename: 遍历文件
attck_tactics: 持久化
level: 2
matchedinfo: 恶意程序通过修改注册表的方式实现随系统自启动,以达到长期控制或驻留系统的目的
num: 1166
process_id: 2744
process_name: GUWVOIQ.exe
rulename: 写入自启动注册表,增加自启动2
attck_tactics: 持久化
level: 3
matchedinfo: 恶意程序通过写文件到自启动目录,以达到开机自启动的目的
num: 1174
process_id: 2744
process_name: GUWVOIQ.exe
rulename: 新增自动运行功能 (通过写文件到自启动目录)