VirSCAN VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.
4, Se il tuo browser non può caricare file, per favore scarica uploader VirSCAN per caricare.

Lingua
Carico del server
Server Load
VirSCAN
VirSCAN

1, E' possibile CARICARE qualsiasi file, ma c'è un limite di 20 MB per file.
2, VirSCAN supporta la decompressione Rar/Zip, ma deve essere minore di 20 file.
3, VirSCAN può eseguire la scansione dei file compressi con password 'infected' o 'virus'.

Informazioni di base

Nome del file: 00降世神通
Dimensione del file: 675840
Tipo di file: application/x-dosexec
MD5: e3ddc4aab87930a5019ad5152eed224e
sha1: 880489bcb9113990fc77f811019981c7fb2cd2d6

 CreateProcess

ApplicationName:
CmdLine: C:\Windows\system32\Ahaokfqe.exe
childid: 2624
childname: Ahaokfqe.exe
childpath: C:\Windows\SysWOW64\Ahaokfqe.exe
drop_type:
name: 1620558021838_e3ddc4aab87930a5019ad5152eed224e.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620558021838_e3ddc4aab87930a5019ad5152eed224e.exe
pid: 2368
ApplicationName:
CmdLine: C:\Windows\system32\Dhdmoa32.exe
childid: 3040
childname: Dhdmoa32.exe
childpath: C:\Windows\SysWOW64\Dhdmoa32.exe
drop_type:
name: Ahaokfqe.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ahaokfqe.exe
pid: 2624
ApplicationName:
CmdLine: C:\Windows\system32\Aailjf32.exe
childid: 1384
childname: Aailjf32.exe
childpath: C:\Windows\SysWOW64\Aailjf32.exe
drop_type:
name: Dhdmoa32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dhdmoa32.exe
pid: 3040
ApplicationName:
CmdLine: C:\Windows\system32\Cdjnbobh.exe
childid: 2480
childname: Cdjnbobh.exe
childpath: C:\Windows\SysWOW64\Cdjnbobh.exe
drop_type:
name: Aailjf32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Aailjf32.exe
pid: 1384
ApplicationName:
CmdLine: C:\Windows\system32\Eknble32.exe
childid: 1212
childname: Eknble32.exe
childpath: C:\Windows\SysWOW64\Eknble32.exe
drop_type:
name: Cdjnbobh.exe
noNeedLine:
path: C:\Windows\SysWOW64\Cdjnbobh.exe
pid: 2480
ApplicationName:
CmdLine: C:\Windows\system32\Gcgpjp32.exe
childid: 2352
childname: Gcgpjp32.exe
childpath: C:\Windows\SysWOW64\Gcgpjp32.exe
drop_type:
name: Eknble32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Eknble32.exe
pid: 1212
ApplicationName:
CmdLine: C:\Windows\system32\Hbfoakqa.exe
childid: 100
childname: Hbfoakqa.exe
childpath: C:\Windows\SysWOW64\Hbfoakqa.exe
drop_type:
name: Gcgpjp32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gcgpjp32.exe
pid: 2352
ApplicationName:
CmdLine: C:\Windows\system32\Iohllm32.exe
childid: 2716
childname: Iohllm32.exe
childpath: C:\Windows\SysWOW64\Iohllm32.exe
drop_type:
name: Hbfoakqa.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hbfoakqa.exe
pid: 100
ApplicationName:
CmdLine: C:\Windows\system32\Mfjlgahk.exe
childid: 2796
childname: Mfjlgahk.exe
childpath: C:\Windows\SysWOW64\Mfjlgahk.exe
drop_type:
name: Iohllm32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Iohllm32.exe
pid: 2716
ApplicationName:
CmdLine: C:\Windows\system32\Nblmgaca.exe
childid: 2756
childname: Nblmgaca.exe
childpath: C:\Windows\SysWOW64\Nblmgaca.exe
drop_type:
name: Mfjlgahk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mfjlgahk.exe
pid: 2796
ApplicationName:
CmdLine: C:\Windows\system32\Ogfeinpk.exe
childid: 2392
childname: Ogfeinpk.exe
childpath: C:\Windows\SysWOW64\Ogfeinpk.exe
drop_type:
name: Nblmgaca.exe
noNeedLine:
path: C:\Windows\SysWOW64\Nblmgaca.exe
pid: 2756
ApplicationName:
CmdLine: C:\Windows\system32\Pgdakl32.exe
childid: 2784
childname: Pgdakl32.exe
childpath: C:\Windows\SysWOW64\Pgdakl32.exe
drop_type:
name: Ogfeinpk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ogfeinpk.exe
pid: 2392
ApplicationName:
CmdLine: C:\Windows\system32\Agpqfj32.exe
childid: 1216
childname: Agpqfj32.exe
childpath: C:\Windows\SysWOW64\Agpqfj32.exe
drop_type:
name: Pgdakl32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pgdakl32.exe
pid: 2784
ApplicationName:
CmdLine: C:\Windows\system32\Bgkpbh32.exe
childid: 2844
childname: Bgkpbh32.exe
childpath: C:\Windows\SysWOW64\Bgkpbh32.exe
drop_type:
name: Agpqfj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Agpqfj32.exe
pid: 1216
ApplicationName:
CmdLine: C:\Windows\system32\Djooqqll.exe
childid: 2760
childname: Djooqqll.exe
childpath: C:\Windows\SysWOW64\Djooqqll.exe
drop_type:
name: Bgkpbh32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bgkpbh32.exe
pid: 2844
ApplicationName:
CmdLine: C:\Windows\system32\Fheefbkp.exe
childid: 2816
childname: Fheefbkp.exe
childpath: C:\Windows\SysWOW64\Fheefbkp.exe
drop_type:
name: Djooqqll.exe
noNeedLine:
path: C:\Windows\SysWOW64\Djooqqll.exe
pid: 2760
ApplicationName:
CmdLine: C:\Windows\system32\Gejnfd32.exe
childid: 2372
childname: Gejnfd32.exe
childpath: C:\Windows\SysWOW64\Gejnfd32.exe
drop_type:
name: Fheefbkp.exe
noNeedLine:
path: C:\Windows\SysWOW64\Fheefbkp.exe
pid: 2816
ApplicationName:
CmdLine: C:\Windows\system32\Idmgiodo.exe
childid: 2932
childname: Idmgiodo.exe
childpath: C:\Windows\SysWOW64\Idmgiodo.exe
drop_type:
name: Gejnfd32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Gejnfd32.exe
pid: 2372
ApplicationName:
CmdLine: C:\Windows\system32\Jfmmjomo.exe
childid: 2768
childname: Jfmmjomo.exe
childpath: C:\Windows\SysWOW64\Jfmmjomo.exe
drop_type:
name: Idmgiodo.exe
noNeedLine:
path: C:\Windows\SysWOW64\Idmgiodo.exe
pid: 2932
ApplicationName:
CmdLine: C:\Windows\system32\Lnikeolg.exe
childid: 2676
childname: Lnikeolg.exe
childpath: C:\Windows\SysWOW64\Lnikeolg.exe
drop_type:
name: Jfmmjomo.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jfmmjomo.exe
pid: 2768
ApplicationName:
CmdLine: C:\Windows\system32\Mokpamlb.exe
childid: 1548
childname: Mokpamlb.exe
childpath: C:\Windows\SysWOW64\Mokpamlb.exe
drop_type:
name: Lnikeolg.exe
noNeedLine:
path: C:\Windows\SysWOW64\Lnikeolg.exe
pid: 2676
ApplicationName:
CmdLine: C:\Windows\system32\Oolihj32.exe
childid: 2764
childname: Oolihj32.exe
childpath: C:\Windows\SysWOW64\Oolihj32.exe
drop_type:
name: Mokpamlb.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mokpamlb.exe
pid: 1548
ApplicationName:
CmdLine: C:\Windows\system32\Poooeh32.exe
childid: 1120
childname: Poooeh32.exe
childpath: C:\Windows\SysWOW64\Poooeh32.exe
drop_type:
name: Oolihj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Oolihj32.exe
pid: 2764
ApplicationName:
CmdLine: C:\Windows\system32\Dfeikk32.exe
childid: 2912
childname: Dfeikk32.exe
childpath: C:\Windows\SysWOW64\Dfeikk32.exe
drop_type:
name: Poooeh32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Poooeh32.exe
pid: 1120
ApplicationName:
CmdLine: C:\Windows\system32\Iagghl32.exe
childid: 1188
childname: Iagghl32.exe
childpath: C:\Windows\SysWOW64\Iagghl32.exe
drop_type:
name: Dfeikk32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dfeikk32.exe
pid: 2912
ApplicationName:
CmdLine:
childid: 2368
childname: 1620558021838_e3ddc4aab87930a5019ad5152eed224e.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620558021838_e3ddc4aab87930a5019ad5152eed224e.exe
drop_type:
name: Ogfeinpk.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ogfeinpk.exe
pid: 2392

 Summary

buffer: C:\Windows\system32\Ilpifejd.dll
processid: 2368
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2368
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2368
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bijcnn32.dll
processid: 2624
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2624
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2624
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bingieag.dll
processid: 3040
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 3040
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 3040
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Jnajhd32.dll
processid: 1384
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 1384
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 1384
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Pnbegh32.dll
processid: 2480
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2480
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2480
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Bjcdhfoh.dll
processid: 1212
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 1212
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 1212
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Cjdnbhag.dll
processid: 2352
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2352
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2352
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Epamhbga.dll
processid: 100
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 100
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 100
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kqgeiccd.dll
processid: 2716
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2716
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2716
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Omefhb32.dll
processid: 2796
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2796
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2796
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lleckaio.dll
processid: 2756
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2756
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2756
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Habbcbaf.dll
processid: 2392
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2392
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2392
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kdadji32.dll
processid: 2784
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2784
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2784
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Qhhfbban.dll
processid: 1216
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 1216
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 1216
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ecglbmbh.dll
processid: 2844
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2844
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2844
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lhldkoje.dll
processid: 2760
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2760
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2760
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nqjfplaf.dll
processid: 2816
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2816
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2816
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hogdaf32.dll
processid: 2372
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2372
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2372
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kllhlo32.dll
processid: 2932
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2932
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2932
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Npinkcia.dll
processid: 2768
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2768
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2768
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ffiocj32.dll
processid: 2676
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2676
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2676
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Fbqiaocf.dll
processid: 1548
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 1548
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 1548
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ndcmli32.dll
processid: 2764
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2764
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2764
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Aololf32.dll
processid: 1120
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 1120
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 1120
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lalfbj32.dll
processid: 2912
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 2912
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 2912
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lbklaama.dll
processid: 1188
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32\(Default)
buffer: Apartment
processid: 1188
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79ECA078-17FF-726B-E811-213280E5C831}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79ECA078-17FF-726B-E811-213280E5C831}
processid: 1188
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 3
process_id: 2368
process_name: 1620558021838_e3ddc4aab87930a5019ad5152eed224e.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2624
process_name: Ahaokfqe.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 3040
process_name: Dhdmoa32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1384
process_name: Aailjf32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2480
process_name: Cdjnbobh.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1212
process_name: Eknble32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2352
process_name: Gcgpjp32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 100
process_name: Hbfoakqa.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2716
process_name: Iohllm32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2796
process_name: Mfjlgahk.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2756
process_name: Nblmgaca.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2392
process_name: Ogfeinpk.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2784
process_name: Pgdakl32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1216
process_name: Agpqfj32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2844
process_name: Bgkpbh32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2760
process_name: Djooqqll.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2816
process_name: Fheefbkp.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2372
process_name: Gejnfd32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2932
process_name: Idmgiodo.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2768
process_name: Jfmmjomo.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2676
process_name: Lnikeolg.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1548
process_name: Mokpamlb.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2764
process_name: Oolihj32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1120
process_name: Poooeh32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2912
process_name: Dfeikk32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1188
process_name: Iagghl32.exe
rulename: 拷贝文件到系统目录