Ransom #4 (19.01.24)

YU2711

Avira 清空

1. 01/24/2019,18-20-53        [INFO]        FP reports status 'NO False Positive' for file 'c:\idm\idm\downloads\compressed\gamgwf\vir\c.exe'
   
2. 01/24/2019,18-20-53        [INFO]        The file 'c:\idm\idm\downloads\compressed\gamgwf\vir\c.exe' was scanned with the Protection Cloud. SHA256 = E806636F6240E952F4540C19FA26FFE171CB3F0A87B7BB6C41E48E4DB5AA632F
   
3. 01/24/2019,18-20-53        [INFO]        c:\idm\idm\downloads\compressed\gamgwf\vir\c.exe
   
4. 01/24/2019,18-20-53        [INFO]        [DETECTION] file contains 'TR/Crypt.ZPACK.e80663'
   
5. 01/24/2019,18-20-54        [INFO]        FP reports status 'NO False Positive' for file 'c:\idm\idm\downloads\compressed\gamgwf\vir\s.exe'
   
6. 01/24/2019,18-20-54        [INFO]        The file 'c:\idm\idm\downloads\compressed\gamgwf\vir\s.exe' was scanned with the Protection Cloud. SHA256 = C0C4B90379EF98AA9A6D4F62106A17E4492EF7BFBE4446270F11C713C2B76DA9
   
7. 01/24/2019,18-20-54        [INFO]        c:\idm\idm\downloads\compressed\gamgwf\vir\s.exe
   
8. 01/24/2019,18-20-54        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.c0c4b9'
   
9. 01/24/2019,18-20-54        [INFO]        FP reports status 'NO False Positive' for file 'c:\idm\idm\downloads\compressed\gamgwf\vir\s1.exe'
   
10. 01/24/2019,18-20-54        [INFO]        The file 'c:\idm\idm\downloads\compressed\gamgwf\vir\s1.exe' was scanned with the Protection Cloud. SHA256 = C80DF024A87872E53A1DF50061079E2E973673C68FC81DBDFD79D989DD8212B5
    
11. 01/24/2019,18-20-54        [INFO]        c:\idm\idm\downloads\compressed\gamgwf\vir\s1.exe
    
12. 01/24/2019,18-20-54        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.c80df0'
    
13. 01/24/2019,18-20-55        [INFO]        FP reports status 'NO False Positive' for file 'c:\idm\idm\downloads\compressed\gamgwf\vir\s2.exe'
    
14. 01/24/2019,18-20-55        [INFO]        The file 'c:\idm\idm\downloads\compressed\gamgwf\vir\s2.exe' was scanned with the Protection Cloud. SHA256 = 2F414441E592BB2BC853C8C2F2E216D0F55EA23091FC87EF2F202EC087F5CEEA
    
15. 01/24/2019,18-20-55        [INFO]        c:\idm\idm\downloads\compressed\gamgwf\vir\s2.exe
    
16. 01/24/2019,18-20-55        [INFO]        [DETECTION] file contains 'TR/Crypt.XPACK.2f4144'

复制代码

Jerry.Lin

www-tekeze

智量Heur清空，火绒 kill 3X，准备双击。。

www-tekeze

www-tekeze 发表于 2019-1-24 19:40
智量Heur清空，火绒 kill 3X，准备双击。。

第一个弹窗就是主防报勒索，over 。。

YU2711

Trend Micro Scan 2X

1. 2019/1/24 20:48,TROJ_GEN.F0C2C00AO19,病毒,C:\Users\TEST-3\Downloads\gamgwf\Vir\s2.exe,已移除,即時掃瞄
   
2. 2019/1/24 20:48,Ransom.Win32.GANDCRAB.BH,安全威脅,C:\Users\TEST-3\Downloads\gamgwf\Vir\c.exe,已移除,手動掃瞄

复制代码

Run Blocked 2X

1. 2019/1/24 20:50,C:\Users\TEST-3\Downloads\gamgwf\Vir\s.exe,未知,51.1052.0.0,,C:\Users\TEST-3\Downloads\gamgwf\Vir\s.exe,已終止
   
2. 2019/1/24 20:53,C:\Users\TEST-3\Downloads\gamgwf\Vir\s1.exe,未知,51.1052.0.0,,C:\Users\TEST-3\Downloads\gamgwf\Vir\s1.exe,已終止
   

复制代码

S.exe 衍生物

1. 2019/1/24 20:50,HEU_CDPLCEXT,安全威脅,C:\ProgramData\Windows\csrss.exe,已移除,關聯掃瞄
   
2. 2019/1/24 20:50,HEU_CDPLC016,安全威脅,C:\Users\TEST-3\AppData\Local\Temp\6893A5D897\state,已移除,關聯掃瞄

复制代码

心心相印

eset kill all

www-tekeze

安天智甲，1X 。。。管家无BD，2X 。