收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 Detection ratio: 2 / 55 69.exe
12下一页
返回列表 发新帖
查看: 2367|回复: 11
收起左侧

[可疑文件] Detection ratio: 2 / 55 69.exe

[复制链接]
墨家小子
发表于 2015-12-6 16:40:12 | 显示全部楼层 |阅读模式
https://www.virustotal.com/en/fi ... nalysis/1449391032/
SHA256:        66e5e5ca9d0635ef547ae68f2771449e6ea1cf4a4d00f0d6cc51d2a49ecaac57
File name:        69.exe
Detection ratio:        2 / 55
Analysis date:        2015-12-06 08:37:12 UTC ( 0 minutes ago )

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x

评分

参与人数 1经验 +5 收起 理由
wjy19800315 + 5 版区有你更精彩: )

查看全部评分

回复

举报

挥泪斩情思
发表于 2015-12-6 16:47:19 | 显示全部楼层
kis miss
回复

举报

htc360
发表于 2015-12-6 16:50:23 | 显示全部楼层
wd杀杀杀

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

陌染淡殇
发表于 2015-12-6 16:52:58 | 显示全部楼层
挥泪斩情思 发表于 2015-12-6 16:47
kis miss

KES 清除

结果:     已删除: UDS:DangerousPattern.Multi.Generic
回复

举报

为你心碎
发表于 2015-12-6 17:42:17 | 显示全部楼层
AVAST

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Yuri1st
发表于 2015-12-6 17:49:21 | 显示全部楼层

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

Renascence
发表于 2015-12-6 17:52:27 | 显示全部楼层
扫描、双击过诺顿,沙盘内运行后触发IPS警报拦截病毒下载
回复

举报

电脑发烧友
发表于 2015-12-6 18:07:28 | 显示全部楼层
释放文件到Application Data目录下,之后的操作由释放的文件完成,添加启动项,写入启动目录,加密指定后缀的文件,被加密的文件后缀为VVV,加密的同时向还原目录写入exe文件,用于自动运行,之后自删除病毒文件,弹出敲诈信息,完了。   敲诈勒索类


P S:EQ直接复制日志会报错退出,我复制的TXT里面的

[mw_shl_code=css,true]


2015-12-06 17:56:16    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:18    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:18    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:19    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:19    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:21    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:22    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:24    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:25    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:27    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:28    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:28    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:29    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:31    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\桌面\69\69.exe->C:\Documents and Settings\Administrator\桌面\69\69.exe


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\桌面\69\69.exe->C:\Documents and Settings\Administrator\桌面\69\69.exe


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\桌面\69\69.exe->C:\Documents and Settings\Administrator\桌面\69\69.exe


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\桌面\69\69.exe->C:\Documents and Settings\Administrator\桌面\69\69.exe


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\桌面\69\69.exe->C:\Documents and Settings\Administrator\桌面\69\69.exe


2015-12-06 17:56:33    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
目标进程:C:\Documents and Settings\Administrator\桌面\69\69.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\桌面\69\69.exe->C:\Documents and Settings\Administrator\桌面\69\69.exe


2015-12-06 17:56:36    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\桌面\69\69.exe
文件路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*.exe


2015-12-06 17:56:50    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:53    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:56:56    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:00    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:09    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:09    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:10    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:15    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:16    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:18    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:19    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:20    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:20    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:21    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:21    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:22    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:23    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:25    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:所有程序规则->威胁提示Ⅱ->?:\Documents and Settings\*


2015-12-06 17:57:25    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe


2015-12-06 17:57:25    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe


2015-12-06 17:57:25    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe


2015-12-06 17:57:25    修改其它进程内存      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe


2015-12-06 17:57:40    创建注册表值      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
注册表路径:HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
注册表名称:Acronis
触发规则:所有程序规则->自动运行->*\SOFTWARE\Microsoft\Windows\CurrentVersion\Run*


2015-12-06 17:57:40    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:57:41    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:57:41    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:57:41    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:57:55    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\WINDOWS\system32\vssadmin.exe
命令行:delete shadows /all   /Quiet
触发规则:所有程序规则->威胁提示Ⅰ->%systemroot%\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\启动\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\附件\娱乐\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\附件\娱乐\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\附件\辅助工具\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\附件\辅助工具\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\附件\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\附件\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\魔法盾\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\魔法盾\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\程序\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:02    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\「开始」菜单\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:12    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\69.rar.vvv
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:58:18    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\69.rar.vvv
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:58:23    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\69.rar.vvv
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:58:23    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\69.rar.vvv
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\桌面\69.rar.vvv


2015-12-06 17:58:27    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:58:27    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv


2015-12-06 17:58:28    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv


2015-12-06 17:58:28    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv
触发规则:应用程序规则->自动创建规则->C:\Documents and Settings\Administrator\Application Data\grouj-a.exe->C:\Documents and Settings\Administrator\桌面\EQSecurePro_4.20_XiaZaiBa.zip.vvv


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\360安全中心\360压缩\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\360安全中心\360压缩\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\360安全中心\360驱动大师\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\360安全中心\360驱动大师\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\360安全中心\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\360安全中心\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\启动\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\启动\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\游戏\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\管理工具\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\娱乐\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\系统工具\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\辅助工具\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\通讯\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\附件\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\程序\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:29    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:30    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\All Users\「开始」菜单\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:30    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:58:30    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:58:30    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:58:30    删除文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\Application Data\Microsoft\Internet Explorer\brndlog.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\Application Data\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\启动\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\启动\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\附件\娱乐\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\附件\娱乐\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\附件\辅助工具\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\附件\辅助工具\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\附件\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\附件\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\程序\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\how_recover+igf.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:31    创建文件      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Default User\「开始」菜单\how_recover+igf.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\「开始」菜单\*


2015-12-06 17:58:35    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\RECYCLER\S-1-5-21-602162358-1960408961-1801674531-500\how_recover+igf.txt
触发规则:所有程序规则->回收站->?:\RECYCLE?\*


2015-12-06 17:58:39    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\RECYCLER\S-1-5-21-602162358-1960408961-1801674531-500\how_recover+igf.html
触发规则:所有程序规则->回收站->?:\RECYCLE?\*


2015-12-06 17:58:41    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\RECYCLER\how_recover+igf.txt
触发规则:所有程序规则->回收站->?:\RECYCLE?\*


2015-12-06 17:58:43    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\RECYCLER\how_recover+igf.html
触发规则:所有程序规则->回收站->?:\RECYCLE?\*


2015-12-06 17:58:53    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\System Volume Information\how_recover+igf.html
触发规则:所有程序规则->系统还原->?:\System Volume Information\*


2015-12-06 17:59:14    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\Howto_RESTORE_FILES.txt
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:59:16    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\Howto_RESTORE_FILES.html
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:59:19    运行应用程序      操作:阻止
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Program Files\Internet Explorer\IEXPLORE.EXE
命令行: -nohome
触发规则:所有程序规则->进程保护->C:\Program Files\Internet Explorer\IEXPLORE.exe


2015-12-06 17:59:23    创建文件      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\Documents and Settings\Administrator\桌面\Howto_RESTORE_FILES.bmp
触发规则:所有程序规则->Documents and Settings->?:\Documents and Settings\*\桌面\*


2015-12-06 17:59:27    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\WINDOWS\system32\rundll32.exe
命令行:C:\WINDOWS\system32\shimgvw.dll,ImageView_Fullscreen C:\Documents and Settings\Administrator\桌面\Howto_RESTORE_FILES.bmp
触发规则:所有程序规则->系统工具->%systemroot%\system32\rundll32.exe


2015-12-06 17:59:33    运行应用程序      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
文件路径:C:\WINDOWS\system32\vssadmin.exe
命令行:delete shadows /all   /Quiet
触发规则:所有程序规则->威胁提示Ⅰ->%systemroot%\*


2015-12-06 17:59:42    结束/挂起进程      操作:允许
进程路径:C:\Documents and Settings\Administrator\Application Data\grouj-a.exe
目标进程:C:\WINDOWS\system32\cmd.exe
触发规则:高优先规则->In Side->%systemroot%\system32\cmd.exe
[/mw_shl_code]




评分

参与人数 1经验 +5 收起 理由
wjy19800315 + 5 版区有你更精彩: )

查看全部评分

回复

举报

skyboybone
发表于 2015-12-6 18:44:09 | 显示全部楼层

云尚未入库

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

IntelVT
发表于 2015-12-7 01:04:57 | 显示全部楼层
Norton

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
回复

举报

下一页 »
12下一页
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-5-20 08:08 , Processed in 0.166231 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表