VirSCAN VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้
4, ถ้าเบราว์เซอร์ของคุณไม่สามารถอัปโหลดไฟล์กรุณาดาวน์โหลด Virscan uploader สำหรับการอัปโหลด

ภาษา
การทำงานของเซิฟเวอร์
Server Load
VirSCAN
VirSCAN

1, คุณสามารถอัพโหลดไฟล์ไดๆก็ได้ที่มีขนาดไม่ใหญ่กว่า 20 เมกกะไบต์
2, VirSCAN สามารถสแกนไฟล์ที่ถูกบีบอัดในรูปแบบของ ZIP และ RAR โดยจะต้องมีไฟล์ในนั้นไม่สูงกว่า 20 ไฟล์
3, VirSCAN สามารถสแกนไฟล์บีบอัดที่มีรหัสผ่านด้วยคำว่า 'infected' และ 'virus' ได้

ข้อมูลพื้นฐาน

ชื่อไฟล์: 00超人正义联盟
ขนาดไฟล์: 129567
ประเภทไฟล์: application/msword
MD5: 4fafe9915ddec8985c69ad60038d66a1
sha1: aeaf2972078a4b33fd724b45a81750e440394f94

 CreateProcess

ApplicationName:
CmdLine:
childid: 2004
childname: WINWORD.EXE
childpath: c:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE
drop_type:
name:
noNeedLine:
path:
pid: 1660
ApplicationName:
CmdLine:
childid: 2960
childname: WmiPrvSE.exe
childpath: C:\Windows\System32\wbem\WmiPrvSE.exe
drop_type:
name:
noNeedLine:
path:
pid: 596
ApplicationName:
CmdLine:
childid: 1816
childname: powershell.exe
childpath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
drop_type:
name: WmiPrvSE.exe
noNeedLine:
path: C:\Windows\System32\wbem\WmiPrvSE.exe
pid: 2960

 Summary

buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 1816
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885\LanguageList

 Malicious

attck_tactics: 执行
level: 3
matchedinfo: 恶意文档发生溢出行为时,可能通过Dcom创建进程
num: 0
process_id: 2960
process_name: WmiPrvSE.exe
rulename: 通过Dcom创建进程
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 5284
process_id: 1816
process_name: powershell.exe
rulename: 调用加密算法库
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 5473
process_id: 1816
process_name: powershell.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 6235
process_id: 1816
process_name: powershell.exe
rulename: 加载资源到内存