收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 HappyDayZZZ Ransomware
12下一页
返回列表 发新帖
查看: 3127|回复: 15
收起左侧

[病毒样本] HappyDayZZZ Ransomware

[复制链接]
Dolby123
发表于 2017-3-30 11:18:56 | 显示全部楼层 |阅读模式
https://www.upload.ee/files/6845330/protectedpinkpanter.7z.html



本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Agu
发表于 2017-3-30 11:23:20 | 显示全部楼层
360國際版 -

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Eset小粉絲
发表于 2017-3-30 11:41:51 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

心醉咖啡
发表于 2017-3-30 12:18:39 | 显示全部楼层
火绒扫描miss
回复

举报

诸葛亮
发表于 2017-3-30 13:10:46 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

学雷锋做人
发表于 2017-3-30 13:26:28 | 显示全部楼层
本帖最后由 学雷锋做人 于 2017-3-30 13:27 编辑

有时间就上毒区逛逛,附上分析结果
抓到一个IP:178.32.89.137
[mw_shl_code=css,true]13:23:59(1):(允许)程序启动:File_Analysis 行为记录成功开启

13:23:59(2):(允许)获取文件属性:C:\Users\wang\AppData\Roaming

13:23:59(3):(允许)读取文件:C:\Users\wang\Desktop\File_safe\protectedpinkpanter.exe     访问权限:-2147483648

13:23:59(4):(允许)读取文件:C:\Users\wang\Desktop\File_safe\protectedpinkpanter.exe     访问权限:-2147483648

13:25:00(5):(允许)获取文件属性:C:\Users\wang\Desktop\File_safe\adminsettings.ini

13:25:00(6):(安全环境)查找文件:C:\Users\wang\Desktop\File_safe\adminsettings.ini

13:25:00(7):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(8):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(9):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(10):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(11):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(12):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(13):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(14):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(15):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(16):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(17):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(18):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(19):(允许)创建文件目录:C:\Users\wang

13:25:00(20):(允许)获取文件属性:C:\Users\wang

13:25:00(21):(允许)创建文件目录:C:\Users\wang\AppData\Local

13:25:00(22):(允许)获取文件属性:C:\Users\wang\AppData\Local

13:25:00(23):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files

13:25:00(24):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files

13:25:00(25):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files

13:25:00(26):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files

13:25:00(27):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\desktop.ini

13:25:00(28):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

13:25:00(29):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5

13:25:00(30):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini

13:25:00(31):(允许)创建文件目录:C:\Users\wang

13:25:00(32):(允许)获取文件属性:C:\Users\wang

13:25:00(33):(允许)创建文件目录:C:\Users\wang\AppData\Roaming

13:25:00(34):(允许)获取文件属性:C:\Users\wang\AppData\Roaming

13:25:00(35):(允许)创建文件目录:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies

13:25:00(36):(允许)获取文件属性:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies

13:25:00(37):(允许)获取文件属性:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies

13:25:00(38):(允许)创建文件目录:C:\Users\wang

13:25:00(39):(允许)获取文件属性:C:\Users\wang

13:25:00(40):(允许)创建文件目录:C:\Users\wang\AppData\Local

13:25:00(41):(允许)获取文件属性:C:\Users\wang\AppData\Local

13:25:00(42):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\History

13:25:00(43):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History

13:25:00(44):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History

13:25:00(45):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History

13:25:00(46):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\desktop.ini

13:25:00(47):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5

13:25:00(48):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5

13:25:00(49):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini

13:25:00(50):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

13:25:00(51):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

13:25:00(52):(安全环境)写入文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat     访问权限:-1073741824

13:25:00(53):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

13:25:00(54):(安全环境)写入文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat     访问权限:-1073741824

13:25:00(55):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat

13:25:00(56):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

13:25:00(57):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini

13:25:00(58):(允许)读取文件:C:\Windows\system32\rsaenh.dll     访问权限:-2147483648

13:25:00(59):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD9U5ON0

13:25:00(60):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD9U5ON0

13:25:00(61):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OD9U5ON0

13:25:00(62):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW2J5Q2H

13:25:00(63):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW2J5Q2H

13:25:00(64):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\AW2J5Q2H

13:25:00(65):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9F7BY4P1

13:25:00(66):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9F7BY4P1

13:25:00(67):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9F7BY4P1

13:25:00(68):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1VX3T9

13:25:00(69):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1VX3T9

13:25:00(70):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\7T1VX3T9

13:25:00(71):(允许)查找文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\*.*

13:25:00(72):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\*.*9C1K6332\desktop.ini

13:25:00(73):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(74):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(75):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(76):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(77):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(78):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(79):(允许)查找文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\*.*

13:25:00(80):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\all_async_search_1ae0913[1].js

13:25:00(81):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\baidu_com[1].htm

13:25:00(82):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\desktop.ini

13:25:00(83):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\every_cookie_a70bc15[1].js

13:25:00(84):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2\his[1]

13:25:00(85):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2

13:25:00(86):(阻止)删除文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\DBDLK1W2

13:25:00(87):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(88):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(89):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(90):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(91):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(92):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(93):(允许)查找文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\*.*

13:25:00(94):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\bd_logo1[1].png

13:25:00(95):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\content-search[1].xml

13:25:00(96):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\desktop.ini

13:25:00(97):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\icons_5859e57[1].png

13:25:00(98):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP\nu_instant_search_7881c1c[1].js

13:25:00(99):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP

13:25:00(100):(阻止)删除文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\V9I9Y7PP

13:25:00(101):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(102):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(103):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(104):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(105):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(106):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(107):(允许)查找文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\*.*

13:25:00(108):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\baidu_com[1].htm

13:25:00(109):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\baidu_jgylogo3[1].gif

13:25:00(110):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\bdsug_async_97a395d[1].js

13:25:00(111):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\desktop.ini

13:25:00(112):(阻止)删除文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH\quickdelete_33e3eb8[1].png

13:25:00(113):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH

13:25:00(114):(阻止)删除文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\WK6LWGIH

13:25:00(115):(允许)获取文件属性:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies\

13:25:00(116):(安全环境)设置文件属性:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies\

13:25:00(117):(允许)写入文件:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

13:25:00(118):(允许)获取文件属性:C:\Users\wang\AppData\Roaming\Microsoft\Windows\Cookies\index.dat

13:25:00(119):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\

13:25:00(120):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\

13:25:00(121):(安全环境)写入文件:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat     访问权限:-1073741824

13:25:00(122):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat

13:25:00(123):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\

13:25:00(124):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\desktop.ini

13:25:00(125):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\

13:25:00(126):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\History\History.IE5\desktop.ini

13:25:00(127):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(128):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(129):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(130):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(131):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(132):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(133):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(134):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(135):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(136):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(137):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(138):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(139):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(140):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(141):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(142):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(143):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(144):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(145):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(146):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(147):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(148):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(149):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(150):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(151):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(152):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(153):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(154):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(155):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(156):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(157):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(158):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(159):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(160):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(161):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(162):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(163):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(164):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(165):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(166):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(167):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(168):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(169):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(170):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:00(171):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(172):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(173):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(174):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(175):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(176):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(177):(安全环境)查找文件:C:\ProgramData\Microsoft\Network\Connections\Pbk\rasphone.pbk

13:25:01(178):(允许)查找文件:C:\ProgramData\Microsoft\Network\Connections\Pbk\*.pbk

13:25:01(179):(允许)查找文件:C:\Windows\system32\Ras\*.pbk

13:25:01(180):(允许)查找文件:C:\Users\wang\AppData\Roaming\Microsoft\Network\Connections\Pbk\rasphone.pbk

13:25:01(181):(允许)查找文件:C:\Users\wang\AppData\Roaming\Microsoft\Network\Connections\Pbk\*.pbk

13:25:01(182):(允许)打开驱动对象:Sens

13:25:01(183):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(184):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(185):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(186):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(187):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(188):(阻止)创建注册表键:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings

13:25:01(189):(允许)创建文件目录:C:\Users\wang

13:25:01(190):(允许)获取文件属性:C:\Users\wang

13:25:01(191):(允许)创建文件目录:C:\Users\wang\AppData\Local

13:25:01(192):(允许)获取文件属性:C:\Users\wang\AppData\Local

13:25:01(193):(安全环境)创建文件目录:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files

13:25:01(194):(允许)获取文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files

13:25:01(195):(允许)读取文件:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low     访问权限:655360

13:25:01(196):(安全环境)设置文件属性:C:\Users\wang\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low

13:25:01(197):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(198):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(199):(允许)连接指定站点:178.32.89.137(网址)     端口:     用户名:     密码:

13:25:01(200):(允许)联网获取数据:/test.php?id=DeEznunSmdzY88N

13:25:01(201):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(202):(允许)读取文件:\\.\Nsi     访问权限:0

13:25:01(203):(阻止)删除注册表值:\ProxyBypass

13:25:01(204):(阻止)删除注册表值:\IntranetName

13:25:01(205):(阻止)写注册表值:\UNCAsIntranet

13:25:01(206):(阻止)写注册表值:\AutoDetect

13:25:01(207):(阻止)删除注册表值:\ProxyBypass

13:25:01(208):(阻止)删除注册表值:\IntranetName

13:25:01(209):(阻止)写注册表值:\UNCAsIntranet

13:25:01(210):(阻止)写注册表值:\AutoDetect

13:25:01(211):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(212):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(213):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(214):(阻止)创建注册表键:932\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections

13:25:01(215):(阻止)创建TCP连接:178.32.89.137(IP)     端口:8090[/mw_shl_code]
回复

举报

pal家族
发表于 2017-3-30 14:11:40 | 显示全部楼层
30.03.2017 14.07.11;检测到的对象 ( 文件 ) 已删除;D:\360安全浏览器下载\protectedpinkpanter.exe;D:\360安全浏览器下载\protectedpinkpanter.exe;Trojan-Ransom.Win32.Gen.djz;木马程序;03/30/2017 14:07:11

网断了,kafan也上不去了
回复

举报

dongwenqi
发表于 2017-3-30 14:33:08 | 显示全部楼层
pal家族 发表于 2017-3-30 14:11
30.03.2017 14.07.11;检测到的对象 ( 文件 ) 已删除;D:\360安全浏览器下载\protectedpinkpanter.exe;D:\360 ...

卡饭也上不去,有时能上有时无法上
回复

举报

轩夏
发表于 2017-3-30 14:41:22 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

DF快递
发表于 2017-3-30 15:45:11 | 显示全部楼层
avast 先是右键无反应
后面双击在自带的沙河中运行无反应
这时右键kill
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-4-17 00:39 , Processed in 0.131088 second(s), 17 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表