查看: 1060|回复: 9
收起左侧

[病毒样本] #MrDec #Ransomware (2020-04-16)

[复制链接]
swizzer
发表于 2020-4-17 08:22:37 | 显示全部楼层
智量
Heur.ML.PE.A

a233
发表于 2020-4-17 09:56:38 | 显示全部楼层
Avast
Win32:Trojan-gen

评分

参与人数 1人气 +1 收起 理由
QVM360 + 1 长期回帖奖励

查看全部评分

Xw1nd极风
发表于 2020-4-17 10:02:28 | 显示全部楼层
Norton
Heur.AdvML.B

评分

参与人数 1人气 +3 收起 理由
zwl2828 + 3 感谢支持,欢迎常来: )

查看全部评分

a27573
发表于 2020-4-17 11:26:23 | 显示全部楼层
ESET Win32/Filecoder.NPA
陌染淡殇
发表于 2020-4-17 11:30:39 | 显示全部楼层
WD
Trojan:Win32/Occamy.C
54ss
发表于 2020-4-17 16:56:35 | 显示全部楼层
本帖最后由 54ss 于 2020-4-17 16:58 编辑

Bitdefender
实时防护检测到威胁。文件已被隔离。c:\users\ljsjo\desktop\searchfiles.exe 是恶意软件 Gen:Trojan.Heur.PM.1
BEST双击
高级威胁防护已拦截一个恶意进程。进程路径: C:\Users\ljsjo\Desktop\searchfiles.exe.

病毒探索者
发表于 2020-4-17 21:34:10 | 显示全部楼层
Malwarebytes

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
病毒探索者
发表于 2020-4-17 23:57:52 | 显示全部楼层
App Check
  1. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Common Files\Services\verisign.bmp,,Restoration Failed,RansomGuard
  2. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Services\verisign.bmp,,Restoration Failed,RansomGuard
  3. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Windows\searchfiles.exe,,Removed,RansomGuard
  4. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Windows\ncler.txt,,Removed,RansomGuard
  5. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Decoding help.hta,,Removed,RansomGuard
  6. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Decoding help.hta,,Removed,RansomGuard
  7. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Decoding help.hta,,Removed,RansomGuard
  8. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Users\Decoding help.hta,,Removed,RansomGuard
  9. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\Decoding help.hta,,Removed,RansomGuard
  10. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Decoding help.hta,,Removed,RansomGuard
  11. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\Decoding help.hta,,Removed,RansomGuard
  12. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\defexclist.txt,,Restored,RansomGuard
  13. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\defexclist.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  14. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\Decoding help.hta,,Removed,RansomGuard
  15. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\defexclist.txt,,Restored,RansomGuard
  16. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Mail\Decoding help.hta,,Removed,RansomGuard
  17. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\Decoding help.hta,,Removed,RansomGuard
  18. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Multimedia Platform\Decoding help.hta,,Removed,RansomGuard
  19. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Photo Viewer\Decoding help.hta,,Removed,RansomGuard
  20. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender Advanced Threat Protection\Decoding help.hta,,Removed,RansomGuard
  21. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Portable Devices\Decoding help.hta,,Removed,RansomGuard
  22. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Mail\Decoding help.hta,,Removed,RansomGuard
  23. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Decoding help.hta,,Removed,RansomGuard
  24. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Multimedia Platform\Decoding help.hta,,Removed,RansomGuard
  25. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Portable Devices\Decoding help.hta,,Removed,RansomGuard
  26. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Windows Photo Viewer\Decoding help.hta,,Removed,RansomGuard
  27. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Recovery\WindowsRE\Decoding help.hta,,Removed,RansomGuard
  28. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Common Files\Services\Decoding help.hta,,Removed,RansomGuard
  29. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Common Files\Services\verisign.bmp.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  30. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Users\Public\Decoding help.hta,,Removed,RansomGuard
  31. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Services\Decoding help.hta,,Removed,RansomGuard
  32. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Services\verisign.bmp.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  33. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\en-US\Decoding help.hta,,Removed,RansomGuard
  34. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft.NET\RedistList\Decoding help.hta,,Removed,RansomGuard
  35. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\en-US\Decoding help.hta,,Removed,RansomGuard
  36. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\images\Decoding help.hta,,Removed,RansomGuard
  37. 04/17/2020 11:56:10 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\SIGNUP\Decoding help.hta,,Removed,RansomGuard
  38. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Internet Explorer\zh-CN\Decoding help.hta,,Removed,RansomGuard
  39. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\Media Renderer\Decoding help.hta,,Removed,RansomGuard
  40. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\Skins\Decoding help.hta,,Removed,RansomGuard
  41. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Defender\zh-CN\Decoding help.hta,,Removed,RansomGuard
  42. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Media Player\zh-CN\Decoding help.hta,,Removed,RansomGuard
  43. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\Decoding help.hta,,Removed,RansomGuard
  44. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\TableTextService\Decoding help.hta,,Removed,RansomGuard
  45. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\Accessories\Decoding help.hta,,Removed,RansomGuard
  46. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender Advanced Threat Protection\Classification\Decoding help.hta,,Removed,RansomGuard
  47. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender\Offline\Decoding help.hta,,Removed,RansomGuard
  48. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\IDM Backup Manager\Decoding help.hta,,Removed,RansomGuard
  49. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows Photo Viewer\zh-CN\Decoding help.hta,,Removed,RansomGuard
  50. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender Advanced Threat Protection\zh-CN\Decoding help.hta,,Removed,RansomGuard
  51. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Defender\zh-CN\Decoding help.hta,,Removed,RansomGuard
  52. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Media Renderer\Decoding help.hta,,Removed,RansomGuard
  53. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Skins\Decoding help.hta,,Removed,RansomGuard
  54. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\Accessories\Decoding help.hta,,Removed,RansomGuard
  55. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\TableTextService\Decoding help.hta,,Removed,RansomGuard
  56. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\Network Sharing\Decoding help.hta,,Removed,RansomGuard
  57. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Media Player\zh-CN\Decoding help.hta,,Removed,RansomGuard
  58. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Photo Viewer\zh-CN\Decoding help.hta,,Removed,RansomGuard
  59. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Security\BrowserCore\Decoding help.hta,,Removed,RansomGuard
  60. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\regid.1991-06.com.microsoft\Decoding help.hta,,Removed,RansomGuard
  61. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\logs\Decoding help.hta,,Removed,RansomGuard
  62. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Decoding help.hta,,Removed,RansomGuard
  63. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\AccountPictures\Decoding help.hta,,Removed,RansomGuard
  64. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Bandizip.lnk,,Restored,RansomGuard
  65. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Bandizip.lnk.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  66. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\Microsoft Shared\DAO\Decoding help.hta,,Removed,RansomGuard
  67. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\ado\Decoding help.hta,,Removed,RansomGuard
  68. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\Accessories\zh-CN\Decoding help.hta,,Removed,RansomGuard
  69. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Windows NT\TableTextService\zh-CN\Decoding help.hta,,Removed,RansomGuard
  70. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\Accessories\zh-CN\Decoding help.hta,,Removed,RansomGuard
  71. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows NT\TableTextService\zh-CN\Decoding help.hta,,Removed,RansomGuard
  72. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Windows Security\BrowserCore\en-US\Decoding help.hta,,Removed,RansomGuard
  73. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\AppV\Setup\Decoding help.hta,,Removed,RansomGuard
  74. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Diagnosis\Decoding help.hta,,Removed,RansomGuard
  75. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\MF\Decoding help.hta,,Removed,RansomGuard
  76. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\virus\3D Objects\Decoding help.hta,,Removed,RansomGuard
  77. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\ado\zh-CN\Decoding help.hta,,Removed,RansomGuard
  78. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta,,Removed,RansomGuard
  79. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta,,Removed,RansomGuard
  80. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Bandizip.lnk,,Restored,RansomGuard
  81. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.0\Decoding help.hta,,Removed,RansomGuard
  82. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\MSBuild\Microsoft\Windows Workflow Foundation\v3.5\Decoding help.hta,,Removed,RansomGuard
  83. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Decoding help.hta,,Removed,RansomGuard
  84. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\Decoding help.hta,,Removed,RansomGuard
  85. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Crypto\SystemKeys\Decoding help.hta,,Removed,RansomGuard
  86. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Diagnosis\DownloadedSettings\Decoding help.hta,,Removed,RansomGuard
  87. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\EdgeUpdate\Decoding help.hta,,Removed,RansomGuard
  88. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\Decoding help.hta,,Removed,RansomGuard
  89. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\DiagnosticLogCSP\Collectors\Decoding help.hta,,Removed,RansomGuard
  90. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\EdgeUpdate\Log\Decoding help.hta,,Removed,RansomGuard
  91. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Diagnosis\ScenariosSqlStore\Decoding help.hta,,Removed,RansomGuard
  92. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta,,Removed,RansomGuard
  93. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\Decoding help.hta,,Removed,RansomGuard
  94. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Decoding help.hta,,Removed,RansomGuard
  95. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\manifest.txt,,Restored,RansomGuard
  96. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\manifest.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  97. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\manifest.txt,,Restored,RansomGuard
  98. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware VGAuth\Decoding help.hta,,Removed,RansomGuard
  99. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Decoding help.hta,,Removed,RansomGuard
  100. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\Decoding help.hta,,Removed,RansomGuard
  101. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\Decoding help.hta,,Removed,RansomGuard
  102. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\zh-CN\Decoding help.hta,,Removed,RansomGuard
  103. 04/17/2020 11:56:09 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Device\{8702d817-5aad-4674-9ef3-4d3decd87120}\Decoding help.hta,,Removed,RansomGuard
  104. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Device\{113527a4-45d4-4b6f-b567-97838f1b04b0}\Decoding help.hta,,Removed,RansomGuard
  105. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\SIGNUP\Decoding help.hta,,Removed,RansomGuard
  106. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Explorer\zh-CN\Decoding help.hta,,Removed,RansomGuard
  107. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Documents\Decoding help.hta,,Removed,RansomGuard
  108. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Downloads\Decoding help.hta,,Removed,RansomGuard
  109. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Pictures\Decoding help.hta,,Removed,RansomGuard
  110. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Music\Decoding help.hta,,Removed,RansomGuard
  111. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Libraries\Decoding help.hta,,Removed,RansomGuard
  112. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Videos\Decoding help.hta,,Removed,RansomGuard
  113. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\EdgeUpdate\1.3.121.21\Decoding help.hta,,Removed,RansomGuard
  114. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Microsoft Edge.lnk,,Restored,RansomGuard
  115. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Microsoft Edge.lnk.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  116. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\Decoding help.hta,,Removed,RansomGuard
  117. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\Public\Desktop\Microsoft Edge.lnk,,Restored,RansomGuard
  118. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\msadc\Decoding help.hta,,Removed,RansomGuard
  119. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Task\{e35be42d-f742-4d96-a50a-1775fb1a7a42}\Decoding help.hta,,Removed,RansomGuard
  120. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\Ole DB\Decoding help.hta,,Removed,RansomGuard
  121. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\Decoding help.hta,,Removed,RansomGuard
  122. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\ArkLicense.txt,,Restored,RansomGuard
  123. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\ArkLicense.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  124. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\ArkLicense.txt,,Restored,RansomGuard
  125. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\EULA.rtf,,Restored,RansomGuard
  126. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\EULA.rtf.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  127. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Bandizip\data\EULA.rtf,,Restored,RansomGuard
  128. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\RedistList\Decoding help.hta,,Removed,RansomGuard
  129. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\open_source_licenses.txt,,Restored,RansomGuard
  130. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\open_source_licenses.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  131. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Decoding help.hta,,Removed,RansomGuard
  132. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\SubsetList\Decoding help.hta,,Removed,RansomGuard
  133. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\open_source_licenses.txt,,Restored,RansomGuard
  134. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Decoding help.hta,,Removed,RansomGuard
  135. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Adobe{过}{滤}Flashcs3.txt,,Restored,RansomGuard
  136. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Adobe{过}{滤}Flashcs3.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  137. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\USOShared\Logs\User\Decoding help.hta,,Removed,RansomGuard
  138. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\Decoding help.hta,,Removed,RansomGuard
  139. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\Decoding help.hta,,Removed,RansomGuard
  140. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\Decoding help.hta,,Removed,RansomGuard
  141. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\RedistList\Decoding help.hta,,Removed,RansomGuard
  142. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Test\Decoding help.hta,,Removed,RansomGuard
  143. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\Decoding help.hta,,Removed,RansomGuard
  144. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.5\zh-CHS\Decoding help.hta,,Removed,RansomGuard
  145. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\zh-CHS\Decoding help.hta,,Removed,RansomGuard
  146. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\Edge\Application\Decoding help.hta,,Removed,RansomGuard
  147. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\RawdskCompatibility\Decoding help.hta,,Removed,RansomGuard
  148. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PowerShellGet\1.0.0.1\zh-CN\Decoding help.hta,,Removed,RansomGuard
  149. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Users\virus\Decoding help.hta,,Removed,RansomGuard
  150. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Device Stage\Task\{07deb856-fc6e-4fb9-8add-d8f2cf8722c9}\zh-CN\Decoding help.hta,,Removed,RansomGuard
  151. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\Ole DB\zh-CN\Decoding help.hta,,Removed,RansomGuard
  152. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Reference Assemblies\Microsoft\Framework\v3.0\SubsetList\Decoding help.hta,,Removed,RansomGuard
  153. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\tips.txt,,Restored,RansomGuard
  154. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\tips.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  155. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\tips.txt,,Restored,RansomGuard
  156. 04/17/2020 11:56:08 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\Adobe{过}{滤}Flashcs3.txt,,Restored,RansomGuard
  157. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt,,Restored,RansomGuard
  158. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt.[ID]-IKv7+XEVkydb4X2[ID],,Removed,RansomGuard
  159. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\VMware\VMware Tools\Unity Filters\adobephotoshopcs3.txt,,Restored,RansomGuard
  160. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\SmsRouter\MessageStore\Decoding help.hta,,Removed,RansomGuard
  161. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\Network\Downloader\Decoding help.hta,,Removed,RansomGuard
  162. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\Microsoft\IdentityCRL\INT\Decoding help.hta,,Removed,RansomGuard
  163. 04/17/2020 11:56:07 下午,Ransomware Behavior Detected,File,C:\Users\virus\Downloads\searchfiles.exe,bb8b076e29b4441390d282f66d7f6851,Blocked,RansomGuard
  164. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Documents\Decoding help.hta,,Removed,RansomGuard
  165. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\ProgramData\kingsoft\office6\mtfont\Decoding help.hta,,Removed,RansomGuard
  166. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Toolbar\Decoding help.hta,,Removed,RansomGuard
  167. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Sounds\Decoding help.hta,,Removed,RansomGuard
  168. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\plugins\vmusr\Decoding help.hta,,Removed,RansomGuard
  169. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\plugins\common\Decoding help.hta,,Removed,RansomGuard
  170. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\messages\de\Decoding help.hta,,Removed,RansomGuard
  171. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\plugins\vmsvc\Decoding help.hta,,Removed,RansomGuard
  172. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Internet Download Manager\Languages\Decoding help.hta,,Removed,RansomGuard
  173. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\Common Files\microsoft shared\MSInfo\Decoding help.hta,,Removed,RansomGuard
  174. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\Common Files\microsoft shared\ink\Decoding help.hta,,Removed,RansomGuard
  175. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Music\Decoding help.hta,,Removed,RansomGuard
  176. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Links\Decoding help.hta,,Removed,RansomGuard
  177. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Downloads\Decoding help.hta,,Removed,RansomGuard
  178. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Favorites\Decoding help.hta,,Removed,RansomGuard
  179. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Desktop\Decoding help.hta,,Removed,RansomGuard
  180. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Users\virus\Contacts\Decoding help.hta,,Removed,RansomGuard
  181. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Microsoft\Edge\Application\80.0.361.109\Decoding help.hta,,Removed,RansomGuard
  182. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\Common Files\VMware\InstallerCache\Decoding help.hta,,Removed,RansomGuard
  183. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\Common Files\System\zh-CN\Decoding help.hta,,Removed,RansomGuard
  184. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\WindowsPowerShell\Modules\PSReadline\2.0.0\zh-HANS\Decoding help.hta,,Removed,RansomGuard
  185. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Simple\Decoding help.hta,,Removed,RansomGuard
  186. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files (x86)\WindowsPowerShell\Modules\Microsoft.PowerShell.Operation.Validation\1.0.1\Diagnostics\Comprehensive\Decoding help.hta,,Removed,RansomGuard
  187. 04/17/2020 11:56:07 下午,File Created by Ransomware,File,C:\Program Files\VMware\VMware Tools\VMware VGAuth\Decoding help.hta,,Removed,RansomGuard
复制代码
epattack
发表于 2020-4-18 18:16:25 | 显示全部楼层
微点

本帖子中包含更多资源

您需要 登录 才可以下载或查看,没有帐号?快速注册

x
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2024-3-29 16:23 , Processed in 0.130307 second(s), 18 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表