VirSCAN VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.
4, Als uw browser geen bestanden kan uploaden, kunt u VirSCAN uploaden.

Taal
Serverbelasting
Server Load
VirSCAN
VirSCAN

1, U kunt elk bestandstype UPLOADEN, bestandsgrootte max. 20 Mb.
2, VirSCAN ondersteunt Rar/Zip decompressie, max. 20 bestanden per Rar/Zip
3, VirSCAN kan Rar/Zip bestanden scannen die beveiligd zijn met wachtwoord 'infected' of 'virus'.

Basis informatie

Bestandsnaam: 00我的妹妹
Bestandsgrootte: 8325632
Bestandstype: application/x-dosexec
MD5: 8bd51a151cbb02b7332ff1016a6012fc
sha1: f94f2213b771520107eb85f66da051c0fba0acd4

 CreateProcess

ApplicationName:
CmdLine: C:\Windows\system32\Ebbimj32.exe
childid: 2152
childname: Ebbimj32.exe
childpath: C:\Windows\SysWOW64\Ebbimj32.exe
drop_type:
name: 1620910819482_8bd51a151cbb02b7332ff1016a6012fc.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1620910819482_8bd51a151cbb02b7332ff1016a6012fc.exe
pid: 2856
ApplicationName:
CmdLine: C:\Windows\system32\Eqgodqgp.exe
childid: 2100
childname: Eqgodqgp.exe
childpath: C:\Windows\SysWOW64\Eqgodqgp.exe
drop_type:
name: Ebbimj32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Ebbimj32.exe
pid: 2152
ApplicationName:
CmdLine: C:\Windows\system32\Giamakhm.exe
childid: 2976
childname: Giamakhm.exe
childpath: C:\Windows\SysWOW64\Giamakhm.exe
drop_type:
name: Eqgodqgp.exe
noNeedLine:
path: C:\Windows\SysWOW64\Eqgodqgp.exe
pid: 2100
ApplicationName:
CmdLine: C:\Windows\system32\Hajngl32.exe
childid: 324
childname: Hajngl32.exe
childpath: C:\Windows\SysWOW64\Hajngl32.exe
drop_type:
name: Giamakhm.exe
noNeedLine:
path: C:\Windows\SysWOW64\Giamakhm.exe
pid: 2976
ApplicationName:
CmdLine: C:\Windows\system32\Mcbkffok.exe
childid: 2776
childname: Mcbkffok.exe
childpath: C:\Windows\SysWOW64\Mcbkffok.exe
drop_type:
name: Hajngl32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hajngl32.exe
pid: 324
ApplicationName:
CmdLine: C:\Windows\system32\Pqbdbgfd.exe
childid: 2864
childname: Pqbdbgfd.exe
childpath: C:\Windows\SysWOW64\Pqbdbgfd.exe
drop_type:
name: Mcbkffok.exe
noNeedLine:
path: C:\Windows\SysWOW64\Mcbkffok.exe
pid: 2776
ApplicationName:
CmdLine: C:\Windows\system32\Bcjllo32.exe
childid: 2812
childname: Bcjllo32.exe
childpath: C:\Windows\SysWOW64\Bcjllo32.exe
drop_type:
name: Pqbdbgfd.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pqbdbgfd.exe
pid: 2864
ApplicationName:
CmdLine: C:\Windows\system32\Dgkndg32.exe
childid: 1840
childname: Dgkndg32.exe
childpath: C:\Windows\SysWOW64\Dgkndg32.exe
drop_type:
name: Bcjllo32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Bcjllo32.exe
pid: 2812
ApplicationName:
CmdLine: C:\Windows\system32\Hjfljmfj.exe
childid: 2656
childname: Hjfljmfj.exe
childpath: C:\Windows\SysWOW64\Hjfljmfj.exe
drop_type:
name: Dgkndg32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dgkndg32.exe
pid: 1840
ApplicationName:
CmdLine: C:\Windows\system32\Icafop32.exe
childid: 2816
childname: Icafop32.exe
childpath: C:\Windows\SysWOW64\Icafop32.exe
drop_type:
name: Hjfljmfj.exe
noNeedLine:
path: C:\Windows\SysWOW64\Hjfljmfj.exe
pid: 2656
ApplicationName:
CmdLine: C:\Windows\system32\Kbeliddo.exe
childid: 2332
childname: Kbeliddo.exe
childpath: C:\Windows\SysWOW64\Kbeliddo.exe
drop_type:
name: Icafop32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Icafop32.exe
pid: 2816
ApplicationName:
CmdLine: C:\Windows\system32\Moobkb32.exe
childid: 2392
childname: Moobkb32.exe
childpath: C:\Windows\SysWOW64\Moobkb32.exe
drop_type:
name: Kbeliddo.exe
noNeedLine:
path: C:\Windows\SysWOW64\Kbeliddo.exe
pid: 2332
ApplicationName:
CmdLine: C:\Windows\system32\Oenmijoc.exe
childid: 812
childname: Oenmijoc.exe
childpath: C:\Windows\SysWOW64\Oenmijoc.exe
drop_type:
name: Moobkb32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Moobkb32.exe
pid: 2392
ApplicationName:
CmdLine: C:\Windows\system32\Pbegeh32.exe
childid: 2764
childname: Pbegeh32.exe
childpath: C:\Windows\SysWOW64\Pbegeh32.exe
drop_type:
name: Oenmijoc.exe
noNeedLine:
path: C:\Windows\SysWOW64\Oenmijoc.exe
pid: 812
ApplicationName:
CmdLine: C:\Windows\system32\Dbahobpb.exe
childid: 2280
childname: Dbahobpb.exe
childpath: C:\Windows\SysWOW64\Dbahobpb.exe
drop_type:
name: Pbegeh32.exe
noNeedLine:
path: C:\Windows\SysWOW64\Pbegeh32.exe
pid: 2764
ApplicationName:
CmdLine: C:\Windows\system32\Jcgeehbb.exe
childid: 3060
childname: Jcgeehbb.exe
childpath: C:\Windows\SysWOW64\Jcgeehbb.exe
drop_type:
name: Dbahobpb.exe
noNeedLine:
path: C:\Windows\SysWOW64\Dbahobpb.exe
pid: 2280
ApplicationName:
CmdLine: C:\Windows\system32\Mahnahik.exe
childid: 2760
childname: Mahnahik.exe
childpath: C:\Windows\SysWOW64\Mahnahik.exe
drop_type:
name: Jcgeehbb.exe
noNeedLine:
path: C:\Windows\SysWOW64\Jcgeehbb.exe
pid: 3060
ApplicationName:
CmdLine:
childid: 2856
childname: 1620910819482_8bd51a151cbb02b7332ff1016a6012fc.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1620910819482_8bd51a151cbb02b7332ff1016a6012fc.exe
drop_type:
name:
noNeedLine:
path:
pid: 1704

 Summary

buffer: C:\Windows\system32\Ogqelbmm.dll
processid: 2856
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2856
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2856
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Mfoeii32.dll
processid: 2152
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2152
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2152
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Hekqbq32.dll
processid: 2100
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2100
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2100
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nhcnpi32.dll
processid: 2976
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2976
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2976
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Qgocba32.dll
processid: 324
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 324
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 324
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Joamcpeo.dll
processid: 2776
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2776
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2776
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nkkbpm32.dll
processid: 2864
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2864
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2864
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Odfenhem.dll
processid: 2812
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2812
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2812
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Klnppjil.dll
processid: 1840
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 1840
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 1840
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Pnbgjkcl.dll
processid: 2656
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2656
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2656
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Klpmdc32.dll
processid: 2816
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2816
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2816
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Ccqpndoh.dll
processid: 2332
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2332
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2332
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Gacjfi32.dll
processid: 2392
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2392
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2392
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Igfedgjo.dll
processid: 812
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 812
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 812
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Kplhgacp.dll
processid: 2764
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2764
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2764
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Lbhdnjed.dll
processid: 2280
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 2280
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 2280
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger
buffer: C:\Windows\system32\Nlcafe32.dll
processid: 3060
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32\(Default)
buffer: Apartment
processid: 3060
szSubkey: HKEY_CLASSES_ROOT\CLSID\{79FEACFF-FFCE-815E-A900-316290B5B738}\InProcServer32
type: REG_SZ
valuename: ThreadingModel
buffer: {79FEACFF-FFCE-815E-A900-316290B5B738}
processid: 3060
szSubkey: HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad
type: REG_SZ
valuename: Web Event Logger

 Malicious

attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 3
process_id: 2856
process_name: 1620910819482_8bd51a151cbb02b7332ff1016a6012fc.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2152
process_name: Ebbimj32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2100
process_name: Eqgodqgp.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2976
process_name: Giamakhm.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 324
process_name: Hajngl32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2776
process_name: Mcbkffok.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2864
process_name: Pqbdbgfd.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2812
process_name: Bcjllo32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 1840
process_name: Dgkndg32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2656
process_name: Hjfljmfj.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2816
process_name: Icafop32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2332
process_name: Kbeliddo.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2392
process_name: Moobkb32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 812
process_name: Oenmijoc.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2764
process_name: Pbegeh32.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 2280
process_name: Dbahobpb.exe
rulename: 拷贝文件到系统目录
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 2
process_id: 3060
process_name: Jcgeehbb.exe
rulename: 拷贝文件到系统目录