#PACKAGE 0816

Jerry.Lin

蓝奏



Total : 18


#勿传VT
#在样本有效期内（24小时），建议无需手动上报样本至厂商，便于其他人测试行为拦截，响应速度等
#样本序号以收集时间顺序排序，越大代表越接近现在时间


#原始样本在ESET LiveGrid 云系统 被发现的时间






回帖格式建议

杀软名称 + 时间
查杀数量+查杀率


例如：
XXX 20:39
Samples(5/10) 50%

静影沉璧

BD2019

时间21:19-21:27

----------扫描部分----------

8/18
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(17).exe Trojan.Agent.DDEA Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(16).exe Trojan.GenericKD.40403354 Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(11).exe Trojan.GenericKD.40404284 Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(2).exe Gen:Trojan.Heur.VP2.2m1@a4WSLbbi Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(15).exe=>(AutoIT o)=>(AutoIT Script)=>(unicode) AIT:Trojan.Agent.DADA Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(1).exe Gen:Suspicious.Cloud.8.ou1@auNNr6lc Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(4).exe Gen:Suspicious.Cloud.8.lu1@auIElepc Deleted
C:\Users\Administrator\Desktop\PACKAGE 0816\0816(14).exe Gen:Suspicious.Cloud.8.lu1@a0AQu3mc Deleted

C:\Users\Administrator\Desktop\PACKAGE 0816\0816(15).exe=>(AutoIT Script)=>(unicode) AIT:Trojan.Agent.DADA Deleted

----------双击部分----------

The file c:\users\administrator\desktop\package 0816\0816(3).exe is infected with Gen:Suspicious.Cloud.8.Em1@a4RCtFji and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(5).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(6).exe is infected with Gen:Suspicious.Cloud.8.Em1@aWhaxkmi and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(7).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(8).exe is infected with Gen:Suspicious.Cloud.8.Em1@am8D6Odi and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(9).exe is infected with Gen:Suspicious.Cloud.8.kq1@aGWHkklO and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(12).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(13).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
The file c:\users\administrator\desktop\package 0816\0816(18).exe is infected with Atc4.Detection and was moved to quarantine. It is recommended that you run a System Scan to make sure your system is clean.
剩余样本双击结果：
10号样本运行后杀衍生物，本体未杀
Total：17/18 94.4%

静影沉璧

avast高级版 时间21:50-22:16
扫描+监控：9/18
双击：
IDP清除：
1号样本
5号样本
15号样本过了扫描，之后IDP杀
剩余样本双击结果：
18号样本过扫描，之后自退
7号样本过了扫描
8号样本过了扫描
10号样本过了扫描
14号样本无法运行
9号样本驻留内存
Total：12/18 66.7%

vm001

360国内
16/18

剩余


5号样本双击，后台启动IE
360拦截启动项


11号样本运行报错

dreams521

卡巴 20:49           7/18=38.8%


16.08.2018 20.48.57;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(15).exe;C:\Users\Administrator\Desktop\123\0816(15).exe;VHO:Trojan-Spy.Multi.Generic;木马程序;08/16/2018 20:48:57
16.08.2018 20.48.54;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(18).exe;C:\Users\Administrator\Desktop\123\0816(18).exe;HEUR:Backdoor.Win32.Agent.gen;木马程序;08/16/2018 20:48:54
16.08.2018 20.48.54;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(16).exe;C:\Users\Administrator\Desktop\123\0816(16).exe;HEUR:Trojan.MSIL.Agent.gen;木马程序;08/16/2018 20:48:54
16.08.2018 20.48.54;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(13).exe;C:\Users\Administrator\Desktop\123\0816(13).exe;HEUR:Trojan.Win32.Generic;木马程序;08/16/2018 20:48:54
16.08.2018 20.48.54;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(6).exe;C:\Users\Administrator\Desktop\123\0816(6).exe;Trojan-PSW.Win32.Fareit.ehpx;木马程序;08/16/2018 20:48:54
16.08.2018 20.48.54;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(12).exe;C:\Users\Administrator\Desktop\123\0816(12).exe;VHO:Trojan.Multi.Generic;木马程序;08/16/2018 20:48:54
16.08.2018 20.48.54;检测到的对象 ( 文件 ) 已删除;C:\Users\Administrator\Desktop\123\0816(11).exe;C:\Users\Administrator\Desktop\123\0816(11).exe;HEUR:Backdoor.Win32.Agent.gen;木马程序;08/16/2018 20:48:54


剩余样本



双击剩余样本




1号样本:PDM 回滚
2号样本:PDM 回滚
3号样本:双击停止工作
4号样本:PDM 回滚
5号样本:双击后删除自身退出
7号样本:PDM 回滚
8号样本:双击停止工作
9号样本:PDM 回滚
10号样本:PDM 回滚 发生了未知错误。无法安装 SSL 证书到 Firefox
14号样本:PDM 回滚
17号样本:PDM 回滚

BE_HC

Norton统计信息:
扫描开始:

本地: 2018/8/16/周四 20:49

UTC: 2018/8/16/周四 12:49

扫描时间: 74 秒


Total：16/18 ≈ 89%


剩余样本（7）（10）双击被HMPA拦截

√×√×√√×

vm001 发表于 2018-8-16 20:47
360国内
16/18

囧，我这里11号样本跑起来了，主防拦截

倒是5号样本运行后，主防全程没反应，囧囧


囧，15号样本为云拉黑，修改md5后会被QVM再度检出，不过由于目前国际版QVM对于部分类型样本不参与防御（跟官人确认过），正好可以拿来测主防，结果主防再次无反应被过，而且连衍生物添加的自启动项都给提示安全自动放过了。
囧，我不记得有点过允许，甚至连拦截窗口都没看见过， 只看到了右下角已经自动放过添加启动项的提示 囧囧囧

√×√×√√×

囧，数字国际版报16个，QVM引擎报15个，云拉黑只有一例，这次表现还不错 囧囧囧

stupid1man

紅傘 20:55
實時防護：0
右鍵掃描：3（本地）+15（傳送APC）
Total：18/18 (100%)

——————掃描部份——————

Start of the scan: 2018-08-16 20:55:24
08/16/2018,20-55-26        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(1).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-26        [INFO]        Successful Cloud SDK initialization and license check.
08/16/2018,20-55-26        [INFO]        The file 'c:\users\desktop\package 0816\0816(1).exe' was scanned with the Protection Cloud. SHA256 = 85D8829D7795AF046E238D9981592F96AD49DCB2CCB9E5C6BB938BC04B1E8552
08/16/2018,20-55-28        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0816\0816(10).exe'
08/16/2018,20-55-28        [INFO]        c:\users\desktop\package 0816\0816(10).exe
08/16/2018,20-55-28        [INFO]        [DETECTION] file contains 'TR/Tinukebot.zoodb'
08/16/2018,20-55-28        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(11).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-28        [INFO]        The file 'c:\users\desktop\package 0816\0816(11).exe' was scanned with the Protection Cloud. SHA256 = 2623021AFD3DCA853FA09E36D31539FF55B9843CBEC915DD64375CA31943DDCA
08/16/2018,20-55-28        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(12).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-28        [INFO]        The file 'c:\users\desktop\package 0816\0816(12).exe' was scanned with the Protection Cloud. SHA256 = 7C74F5E5D32FBA69C79F0E0C2FBBB74D72C8B7AC03A2E96034957AD74B63CD76
08/16/2018,20-55-29        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(13).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-29        [INFO]        The file 'c:\users\desktop\package 0816\0816(13).exe' was scanned with the Protection Cloud. SHA256 = 325673F7E2623E2BA8CF03C73D7B863DB45C129101F1CEC10AFBBDBE8074CF33
08/16/2018,20-55-29        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(14).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-29        [INFO]        The file 'c:\users\desktop\package 0816\0816(14).exe' was scanned with the Protection Cloud. SHA256 = 7180C521FE7811187732CF8EFB522BCE97752594ED1ABF30A4F946E5D5AD1161
08/16/2018,20-55-30        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0816\0816(15).exe'
08/16/2018,20-55-30        [INFO]        c:\users\desktop\package 0816\0816(15).exe
08/16/2018,20-55-30        [INFO]        [DETECTION] file contains 'TR/Dropper.Gen'
08/16/2018,20-55-30        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(16).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-30        [INFO]        The file 'c:\users\desktop\package 0816\0816(16).exe' was scanned with the Protection Cloud. SHA256 = 0778F464EC6336B2D91B525970B6BCFA7AF9C9987DD026FE75372ADAB8E663E6
08/16/2018,20-55-30        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(17).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-30        [INFO]        The file 'c:\users\desktop\package 0816\0816(17).exe' was scanned with the Protection Cloud. SHA256 = EEC8BFD71413F66015B2A5FFF218DF1B23E91720AA459A9C1B065FB9FA22351F
08/16/2018,20-55-30        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\desktop\package 0816\0816(18).exe'
08/16/2018,20-55-30        [INFO]        c:\users\desktop\package 0816\0816(18).exe
08/16/2018,20-55-30        [INFO]        [DETECTION] file contains 'TR/ATRAPS.Gen'
08/16/2018,20-55-31        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(2).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-31        [INFO]        The file 'c:\users\desktop\package 0816\0816(2).exe' was scanned with the Protection Cloud. SHA256 = 42EF9786694483987E92146817745BAB9E56209CC35051F158C5CCC6BFFA51B7
08/16/2018,20-55-31        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(3).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-31        [INFO]        The file 'c:\users\desktop\package 0816\0816(3).exe' was scanned with the Protection Cloud. SHA256 = 1ED126D8F50D12691BF10DC63136EED86968F38E1AB594CAD82366AA128B70E5
08/16/2018,20-55-31        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(4).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-31        [INFO]        The file 'c:\users\desktop\package 0816\0816(4).exe' was scanned with the Protection Cloud. SHA256 = 4005A451470C7A4A5E0D4A6BF0FD52D29B7B779F8D5DC3FB36886DF73310E09D
08/16/2018,20-55-32        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(5).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-32        [INFO]        The file 'c:\users\shane siu\desktop\package 0816\0816(5).exe' was scanned with the Protection Cloud. SHA256 = 1059D6AE32E9E4994A026D65CEDBDF5EFED220B216099276C91A6324EB101E9E
08/16/2018,20-55-32        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(6).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-32        [INFO]        The file 'c:\users\desktop\package 0816\0816(6).exe' was scanned with the Protection Cloud. SHA256 = D0B0877B68421830BDBC484496BB0D739C987883B7FBAE23A94BE4A764586C99
08/16/2018,20-55-32        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(7).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-32        [INFO]        The file 'c:\users\\desktop\package 0816\0816(7).exe' was scanned with the Protection Cloud. SHA256 = 4A2BE32B049965F0C96E7DE5941FC5B1E13713C4E3B3A3061D95F9330390EAF4
08/16/2018,20-55-32        [INFO]        [CLOUD] File 'c:\users\desktop\package 0816\0816(8).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-32        [INFO]        The file 'c:\users\desktop\package 0816\0816(8).exe' was scanned with the Protection Cloud. SHA256 = D0CECB962062EA8B381704BB3E84DF4F672ED7118FA1FEE773A3C06F25BC545C
08/16/2018,20-55-33        [INFO]        [CLOUD] File 'c:\users\shane siu\desktop\package 0816\0816(9).exe' needs to be uploaded to cloud. User confirmation is needed.
08/16/2018,20-55-33        [INFO]        The file 'c:\users\desktop\package 0816\0816(9).exe' was scanned with the Protection Cloud. SHA256 = CE92ACB3B48528425C726EF2E44099BC6E142EB745604B257ED2BCFF71076BA9
08/16/2018,20-55-54        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(1).exe'
08/16/2018,20-55-54        [INFO]        The file 'c:\users\desktop\package 0816\0816(1).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 85D8829D7795AF046E238D9981592F96AD49DCB2CCB9E5C6BB938BC04B1E8552
08/16/2018,20-55-54        [INFO]        c:\users\shane siu\desktop\package 0816\0816(1).exe
08/16/2018,20-55-54        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.Gen8'
08/16/2018,20-56-16        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(11).exe'
08/16/2018,20-56-16        [INFO]        The file 'c:\users\desktop\package 0816\0816(11).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 2623021AFD3DCA853FA09E36D31539FF55B9843CBEC915DD64375CA31943DDCA
08/16/2018,20-56-16        [INFO]        c:\users\desktop\package 0816\0816(11).exe
08/16/2018,20-56-16        [INFO]        [DETECTION] file contains 'DR/Delphi.Gen'
08/16/2018,20-56-38        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(12).exe'
08/16/2018,20-56-38        [INFO]        The file 'c:\users\desktop\package 0816\0816(12).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 7C74F5E5D32FBA69C79F0E0C2FBBB74D72C8B7AC03A2E96034957AD74B63CD76
08/16/2018,20-56-38        [INFO]        c:\users\shane siu\desktop\package 0816\0816(12).exe
08/16/2018,20-56-38        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.Gen7'
08/16/2018,20-56-52        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(13).exe'
08/16/2018,20-56-52        [INFO]        The file 'c:\users\desktop\package 0816\0816(13).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 325673F7E2623E2BA8CF03C73D7B863DB45C129101F1CEC10AFBBDBE8074CF33
08/16/2018,20-56-52        [INFO]        c:\users\desktop\package 0816\0816(13).exe
08/16/2018,20-56-52        [INFO]        [DETECTION] file contains 'TR/Dropper.MSIL.Gen7'
08/16/2018,20-57-05        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(14).exe'
08/16/2018,20-57-05        [INFO]        The file 'c:\users\desktop\package 0816\0816(14).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 7180C521FE7811187732CF8EFB522BCE97752594ED1ABF30A4F946E5D5AD1161
08/16/2018,20-57-05        [INFO]        c:\users\desktop\package 0816\0816(14).exe
08/16/2018,20-57-05        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.Gen8'
08/16/2018,20-57-26        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(16).exe'
08/16/2018,20-57-26        [INFO]        The file 'c:\users\desktop\package 0816\0816(16).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 0778F464EC6336B2D91B525970B6BCFA7AF9C9987DD026FE75372ADAB8E663E6
08/16/2018,20-57-26        [INFO]        c:\users\desktop\package 0816\0816(16).exe
08/16/2018,20-57-26        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.0778f4'
08/16/2018,20-57-45        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(17).exe'
08/16/2018,20-57-45        [INFO]        The file 'c:\users\desktop\package 0816\0816(17).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = EEC8BFD71413F66015B2A5FFF218DF1B23E91720AA459A9C1B065FB9FA22351F
08/16/2018,20-57-45        [INFO]        c:\users\desktop\package 0816\0816(17).exe
08/16/2018,20-57-45        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.Gen4'
08/16/2018,20-58-05        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(2).exe'
08/16/2018,20-58-05        [INFO]        The file 'c:\users\desktop\package 0816\0816(2).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 42EF9786694483987E92146817745BAB9E56209CC35051F158C5CCC6BFFA51B7
08/16/2018,20-58-05        [INFO]        c:\users\desktop\package 0816\0816(2).exe
08/16/2018,20-58-05        [INFO]        [DETECTION] file contains 'HEUR/APC'
08/16/2018,20-58-29        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(3).exe'
08/16/2018,20-58-29        [INFO]        The file 'c:\users\desktop\package 0816\0816(3).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1ED126D8F50D12691BF10DC63136EED86968F38E1AB594CAD82366AA128B70E5
08/16/2018,20-58-29        [INFO]        c:\users\desktop\package 0816\0816(3).exe
08/16/2018,20-58-29        [INFO]        [DETECTION] file contains 'TR/Dropper.VB.1ed126'
08/16/2018,20-58-43        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(4).exe'
08/16/2018,20-58-43        [INFO]        The file 'c:\users\desktop\package 0816\0816(4).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 4005A451470C7A4A5E0D4A6BF0FD52D29B7B779F8D5DC3FB36886DF73310E09D
08/16/2018,20-58-43        [INFO]        c:\users\desktop\package 0816\0816(4).exe
08/16/2018,20-58-43        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.Gen8'
08/16/2018,20-58-57        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(5).exe'
08/16/2018,20-58-57        [INFO]        The file 'c:\users\desktop\package 0816\0816(5).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 1059D6AE32E9E4994A026D65CEDBDF5EFED220B216099276C91A6324EB101E9E
08/16/2018,20-58-57        [INFO]        c:\users\shane siu\desktop\package 0816\0816(5).exe
08/16/2018,20-58-57        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.Gen2'
08/16/2018,20-59-23        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(6).exe'
08/16/2018,20-59-23        [INFO]        The file 'c:\users\desktop\package 0816\0816(6).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = D0B0877B68421830BDBC484496BB0D739C987883B7FBAE23A94BE4A764586C99
08/16/2018,20-59-23        [INFO]        c:\users\desktop\package 0816\0816(6).exe
08/16/2018,20-59-23        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.d0b087'
08/16/2018,20-59-40        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(7).exe'
08/16/2018,20-59-40        [INFO]        The file 'c:\users\desktop\package 0816\0816(7).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = 4A2BE32B049965F0C96E7DE5941FC5B1E13713C4E3B3A3061D95F9330390EAF4
08/16/2018,20-59-40        [INFO]        c:\users\desktop\package 0816\0816(7).exe
08/16/2018,20-59-40        [INFO]        [DETECTION] file contains 'HEUR/APC'
08/16/2018,20-59-58        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(8).exe'
08/16/2018,20-59-58        [INFO]        The file 'c:\users\desktop\package 0816\0816(8).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = D0CECB962062EA8B381704BB3E84DF4F672ED7118FA1FEE773A3C06F25BC545C
08/16/2018,20-59-58        [INFO]        c:\users\desktop\package 0816\0816(8).exe
08/16/2018,20-59-58        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.Gen7'
08/16/2018,21-00-13        [INFO]        FP reports status 'NO False Positive' for file 'c:\users\shane siu\desktop\package 0816\0816(9).exe'
08/16/2018,21-00-13        [INFO]        The file 'c:\users\desktop\package 0816\0816(9).exe' has been uploaded to the Protection Cloud and analyzed. SHA256 = CE92ACB3B48528425C726EF2E44099BC6E142EB745604B257ED2BCFF71076BA9
08/16/2018,21-00-13        [INFO]        c:\users\desktop\package 0816\0816(9).exe
08/16/2018,21-00-13        [INFO]        [DETECTION] file contains 'TR/Crypt.Agent.ce92ac'

vm001

√×√×√√× 发表于 2018-8-16 21:02
囧，我这里11号样本跑起来了，主防拦截

倒是5号样本运行后，主防全程没反应，囧囧

今天我这里国内版也出现qvm不参与监控现象了。。