#Ransomware #Medusa? (2021-01-31)

Jirehlov1234

https://jirehlov.lanzoui.com/iGunwl87j0f

https://www.virustotal.com/gui/f ... 077fe45da/detection
我怀疑是论坛流出去的样本，如果重复了说一声

a233

Avast
Win64:Trojan-gen

hsks

huorong scan miss

正在缓冲

ESET kill

henry217

红小诺云杀

Antivirus Pro
报告文件日期： 2021-02-02 18:33:03

Windows 版本: 10.0.19041
启动模式      : 已正常启动
用户名       : SYSTEM
计算机名称     : DESKTOP-K797MPU

版本信息：
build.dat : 15.0.2101.2070   124403 Bytes   2021/1/15 11:31:43
scanui.exe: 15.0.2101.2067  3320928 Bytes   2021/1/11 04:28:47
scanuirc.dll: 1.0.2004.608    84792 Bytes   2020/4/28 12:15:59
gpscan.dll: 15.0.2101.2069   934288 Bytes   2021/1/13 07:30:10
remediation.dll: 1.0.2102.341  3324528 Bytes    2021/2/2 10:17:35
remediation.rdf: 1.0.2102.341   595165 Bytes    2021/2/2 10:17:40
avreg.dll : 15.0.2010.1999   641328 Bytes  2020/10/12 13:48:21
avlode.dll: 15.0.2101.2070  3677720 Bytes   2021/1/15 02:36:56
avlode.rdf: 15.0.2101.2070   215542 Bytes   2021/1/15 02:39:06
引擎版本      : 8.3.62.126
xbv00043.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00044.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00045.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00046.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00047.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00048.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00049.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00050.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00051.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00052.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00053.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00054.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00055.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00056.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00057.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00058.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00059.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00060.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00061.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00062.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00063.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00064.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00065.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00066.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00067.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00068.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00069.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00070.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00071.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00072.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00073.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00074.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00075.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00076.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00077.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00078.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00079.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00080.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00081.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00082.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00083.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00084.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00085.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00086.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00087.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00088.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00089.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00090.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00091.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00092.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00093.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00094.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00095.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00096.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00097.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00098.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00099.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00100.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00101.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00102.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00103.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00104.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00105.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00106.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00107.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00108.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00109.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00110.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00111.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00112.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00113.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00114.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00115.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00116.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00117.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00118.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00119.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00120.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00121.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00122.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00123.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00124.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00125.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00126.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00127.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00128.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00129.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00130.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00131.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00132.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00133.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00134.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00135.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00136.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00137.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00138.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00139.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00140.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00141.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00142.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00143.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00144.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00145.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00146.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00147.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00148.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00149.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00150.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00151.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00152.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00153.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00154.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00155.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00156.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00157.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00158.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00159.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00160.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00161.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00162.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00163.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00164.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00165.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00166.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00167.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00168.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00169.vdf: 8.18.0.182      2408 Bytes   2021/1/15 02:48:10
xbv00254.vdf: 8.18.22.102     2408 Bytes    2021/2/2 10:17:22
xbv00255.vdf: 8.18.22.102     2408 Bytes    2021/2/2 10:17:23
xbv00000.vdf: 7.18.0.98   26622824 Bytes   2021/1/15 02:48:10
xbv00001.vdf: 8.18.0.150   5592936 Bytes   2021/1/15 02:48:09
xbv00002.vdf: 8.18.0.154  10489192 Bytes   2021/1/15 02:48:09
xbv00003.vdf: 8.18.0.182   3298664 Bytes   2021/1/15 02:48:09
xbv00004.vdf: 8.18.0.184   4118888 Bytes   2021/1/15 02:48:09
xbv00005.vdf: 8.18.0.204   6638440 Bytes   2021/1/15 02:48:10
xbv00006.vdf: 8.18.1.78     416616 Bytes   2021/1/15 02:48:10
xbv00007.vdf: 8.18.1.192    478568 Bytes   2021/1/15 02:48:10
xbv00008.vdf: 8.18.2.52     466792 Bytes   2021/1/15 02:48:10
xbv00009.vdf: 8.18.2.166    478056 Bytes   2021/1/15 02:48:10
xbv00010.vdf: 8.18.3.24     382312 Bytes   2021/1/15 02:48:10
xbv00011.vdf: 8.18.3.154    501608 Bytes   2021/1/15 02:48:10
xbv00012.vdf: 8.18.4.10     770408 Bytes   2021/1/15 02:48:10
xbv00013.vdf: 8.18.4.124    283496 Bytes   2021/1/15 02:48:10
xbv00014.vdf: 8.18.4.238    462696 Bytes   2021/1/15 02:48:10
xbv00015.vdf: 8.18.5.44     224616 Bytes   2021/1/15 02:48:10
xbv00016.vdf: 8.18.5.230    781160 Bytes   2021/1/15 02:48:10
xbv00017.vdf: 8.18.6.110    783208 Bytes   2021/1/15 02:48:10
xbv00018.vdf: 8.18.6.212   1197416 Bytes   2021/1/15 02:48:10
xbv00019.vdf: 8.18.7.104   1189224 Bytes   2021/1/15 02:48:10
xbv00020.vdf: 8.18.8.22    1059176 Bytes   2021/1/15 02:48:10
xbv00021.vdf: 8.18.8.184   1195880 Bytes   2021/1/15 02:48:10
xbv00022.vdf: 8.18.9.82    1190248 Bytes   2021/1/15 02:48:10
xbv00023.vdf: 8.18.9.220   1213288 Bytes   2021/1/15 02:48:10
xbv00024.vdf: 8.18.10.102  1269608 Bytes   2021/1/15 02:48:10
xbv00025.vdf: 8.18.10.240  1232232 Bytes   2021/1/15 02:48:10
xbv00026.vdf: 8.18.11.130  1225576 Bytes   2021/1/15 02:48:10
xbv00027.vdf: 8.18.12.56   1005416 Bytes   2021/1/15 02:48:10
xbv00028.vdf: 8.18.12.230   928104 Bytes   2021/1/15 02:48:10
xbv00029.vdf: 8.18.13.152  1101160 Bytes   2021/1/15 02:48:10
xbv00030.vdf: 8.18.14.78   1040232 Bytes   2021/1/15 02:48:10
xbv00031.vdf: 8.18.14.242  1272168 Bytes   2021/1/15 02:48:10
xbv00032.vdf: 8.18.15.166   916328 Bytes   2021/1/15 02:48:10
xbv00033.vdf: 8.18.16.88   1223016 Bytes   2021/1/15 02:48:10
xbv00034.vdf: 8.18.17.10   1170280 Bytes   2021/1/15 02:48:10
xbv00035.vdf: 8.18.17.186  1148776 Bytes   2021/1/15 02:48:10
xbv00036.vdf: 8.18.18.108   764776 Bytes   2021/1/15 02:48:10
xbv00037.vdf: 8.18.19.26    554344 Bytes   2021/1/15 02:48:10
xbv00038.vdf: 8.18.19.202   713064 Bytes   2021/1/15 02:48:10
xbv00039.vdf: 8.18.20.122   694632 Bytes   2021/1/15 02:48:10
xbv00040.vdf: 8.18.21.40    734056 Bytes   2021/1/15 02:48:10
xbv00041.vdf: 8.18.21.180  1218408 Bytes    2021/2/2 10:15:48
xbv00042.vdf: 8.18.22.102  1093992 Bytes    2021/2/2 10:15:50
xbv00170.vdf: 8.18.22.104    28008 Bytes    2021/2/2 10:15:51
xbv00171.vdf: 8.18.22.106    40296 Bytes    2021/2/2 10:15:52
xbv00172.vdf: 8.18.22.108    18792 Bytes    2021/2/2 10:15:53
xbv00173.vdf: 8.18.22.110     4456 Bytes    2021/2/2 10:15:53
xbv00174.vdf: 8.18.22.112    13160 Bytes    2021/2/2 10:15:54
xbv00175.vdf: 8.18.22.114    13160 Bytes    2021/2/2 10:15:55
xbv00176.vdf: 8.18.22.116    13672 Bytes    2021/2/2 10:15:56
xbv00177.vdf: 8.18.22.118    31592 Bytes    2021/2/2 10:15:57
xbv00178.vdf: 8.18.22.120    29544 Bytes    2021/2/2 10:15:58
xbv00179.vdf: 8.18.22.122    32104 Bytes    2021/2/2 10:15:59
xbv00180.vdf: 8.18.22.124    13672 Bytes    2021/2/2 10:16:00
xbv00181.vdf: 8.18.22.126    31592 Bytes    2021/2/2 10:16:01
xbv00182.vdf: 8.18.22.128    30568 Bytes    2021/2/2 10:16:02
xbv00183.vdf: 8.18.22.130    42856 Bytes    2021/2/2 10:16:04
xbv00184.vdf: 8.18.22.132     4456 Bytes    2021/2/2 10:16:05
xbv00185.vdf: 8.18.22.134    19816 Bytes    2021/2/2 10:16:06
xbv00186.vdf: 8.18.22.136    17768 Bytes    2021/2/2 10:16:06
xbv00187.vdf: 8.18.22.138    14696 Bytes    2021/2/2 10:16:07
xbv00188.vdf: 8.18.22.140    30056 Bytes    2021/2/2 10:16:08
xbv00189.vdf: 8.18.22.142    23912 Bytes    2021/2/2 10:16:09
xbv00190.vdf: 8.18.22.144    53608 Bytes    2021/2/2 10:16:11
xbv00191.vdf: 8.18.22.146    10600 Bytes    2021/2/2 10:16:11
xbv00192.vdf: 8.18.22.148    13160 Bytes    2021/2/2 10:16:12
xbv00193.vdf: 8.18.22.150    14184 Bytes    2021/2/2 10:16:14
xbv00194.vdf: 8.18.22.152     3432 Bytes    2021/2/2 10:16:14
xbv00195.vdf: 8.18.22.154    15208 Bytes    2021/2/2 10:16:15
xbv00196.vdf: 8.18.22.156    25960 Bytes    2021/2/2 10:16:17
xbv00197.vdf: 8.18.22.158    12136 Bytes    2021/2/2 10:16:18
xbv00198.vdf: 8.18.22.160    11112 Bytes    2021/2/2 10:16:20
xbv00199.vdf: 8.18.22.162     8552 Bytes    2021/2/2 10:16:21
xbv00200.vdf: 8.18.22.164    22376 Bytes    2021/2/2 10:16:23
xbv00201.vdf: 8.18.22.166    21352 Bytes    2021/2/2 10:16:25
xbv00202.vdf: 8.18.22.168    37736 Bytes    2021/2/2 10:16:27
xbv00203.vdf: 8.18.22.170    10088 Bytes    2021/2/2 10:16:29
xbv00204.vdf: 8.18.22.172    11624 Bytes    2021/2/2 10:16:30
xbv00205.vdf: 8.18.22.174    14696 Bytes    2021/2/2 10:16:32
xbv00206.vdf: 8.18.22.176    41320 Bytes    2021/2/2 10:16:35
xbv00207.vdf: 8.18.22.178    25960 Bytes    2021/2/2 10:16:36
xbv00208.vdf: 8.18.22.180    12136 Bytes    2021/2/2 10:16:38
xbv00209.vdf: 8.18.22.182    63336 Bytes    2021/2/2 10:16:41
xbv00210.vdf: 8.18.22.184    21864 Bytes    2021/2/2 10:16:42
xbv00211.vdf: 8.18.22.186    48488 Bytes    2021/2/2 10:16:44
xbv00212.vdf: 8.18.22.188    16744 Bytes    2021/2/2 10:16:45
xbv00213.vdf: 8.18.22.190    23400 Bytes    2021/2/2 10:16:47
xbv00214.vdf: 8.18.22.192    14184 Bytes    2021/2/2 10:16:48
xbv00215.vdf: 8.18.22.194    18280 Bytes    2021/2/2 10:16:49
xbv00216.vdf: 8.18.22.196    25448 Bytes    2021/2/2 10:16:50
xbv00217.vdf: 8.18.22.198    11624 Bytes    2021/2/2 10:16:51
xbv00218.vdf: 8.18.22.200    11112 Bytes    2021/2/2 10:16:51
xbv00219.vdf: 8.18.22.202    13160 Bytes    2021/2/2 10:16:53
xbv00220.vdf: 8.18.22.204    18280 Bytes    2021/2/2 10:16:54
xbv00221.vdf: 8.18.22.206    44904 Bytes    2021/2/2 10:16:55
xbv00222.vdf: 8.18.22.208    26472 Bytes    2021/2/2 10:16:56
xbv00223.vdf: 8.18.22.210    10088 Bytes    2021/2/2 10:16:58
xbv00224.vdf: 8.18.22.212    11624 Bytes    2021/2/2 10:16:58
xbv00225.vdf: 8.18.22.214    12648 Bytes    2021/2/2 10:16:59
xbv00226.vdf: 8.18.22.216    11112 Bytes    2021/2/2 10:17:00
xbv00227.vdf: 8.18.22.218    15208 Bytes    2021/2/2 10:17:01
xbv00228.vdf: 8.18.22.220    12648 Bytes    2021/2/2 10:17:02
xbv00229.vdf: 8.18.22.222     9064 Bytes    2021/2/2 10:17:03
xbv00230.vdf: 8.18.22.224    11624 Bytes    2021/2/2 10:17:03
xbv00231.vdf: 8.18.22.226    25448 Bytes    2021/2/2 10:17:04
xbv00232.vdf: 8.18.22.228    34664 Bytes    2021/2/2 10:17:05
xbv00233.vdf: 8.18.22.230    45416 Bytes    2021/2/2 10:17:07
xbv00234.vdf: 8.18.22.232    24424 Bytes    2021/2/2 10:17:08
xbv00235.vdf: 8.18.22.234    13160 Bytes    2021/2/2 10:17:09
xbv00236.vdf: 8.18.22.236    15720 Bytes    2021/2/2 10:17:09
xbv00237.vdf: 8.18.22.238    21864 Bytes    2021/2/2 10:17:10
xbv00238.vdf: 8.18.22.240    23400 Bytes    2021/2/2 10:17:11
xbv00239.vdf: 8.18.22.242    19304 Bytes    2021/2/2 10:17:12
xbv00240.vdf: 8.18.22.244    17768 Bytes    2021/2/2 10:17:12
xbv00241.vdf: 8.18.22.246    11624 Bytes    2021/2/2 10:17:13
xbv00242.vdf: 8.18.22.248     9576 Bytes    2021/2/2 10:17:14
xbv00243.vdf: 8.18.22.250    33128 Bytes    2021/2/2 10:17:15
xbv00244.vdf: 8.18.22.252    13672 Bytes    2021/2/2 10:17:15
xbv00245.vdf: 8.18.22.254    11624 Bytes    2021/2/2 10:17:16
xbv00246.vdf: 8.18.23.0       5480 Bytes    2021/2/2 10:17:16
xbv00247.vdf: 8.18.23.2       4968 Bytes    2021/2/2 10:17:17
xbv00248.vdf: 8.18.23.4      47464 Bytes    2021/2/2 10:17:18
xbv00249.vdf: 8.18.23.6      19304 Bytes    2021/2/2 10:17:19
xbv00250.vdf: 8.18.23.8      24424 Bytes    2021/2/2 10:17:19
xbv00251.vdf: 8.18.23.10     21352 Bytes    2021/2/2 10:17:20
xbv00252.vdf: 8.18.23.12     33640 Bytes    2021/2/2 10:17:21
xbv00253.vdf: 8.18.23.14     12136 Bytes    2021/2/2 10:17:22
local000.vdf: 8.18.23.14  83398656 Bytes    2021/2/2 10:18:09
aebb.dll  : 8.1.3.2018     72056 Bytes   2019/3/22 00:48:16
aecore.dll: 8.3.24.2020   290056 Bytes  2020/12/11 01:25:07
aecrypto.dll: 8.2.1.2020    143088 Bytes  2020/12/11 01:25:07
aedroid.dll: 8.4.14.2020  2821064 Bytes   2020/12/4 02:24:39
aeemu.dll : 8.1.3.2018    421160 Bytes   2019/3/22 00:48:16
aeexp.dll : 8.4.6.2020    404296 Bytes   2020/9/24 12:18:44
aegen.dll : 8.1.9.2020    735752 Bytes   2020/12/4 02:24:39
aehelp.dll: 8.3.6.2020    302704 Bytes   2020/2/12 06:29:13
aeheur.dll: 8.1.9.2021  11114816 Bytes    2021/2/2 10:14:21
aelibinf.dll: 8.2.1.2018     80376 Bytes   2019/3/22 00:48:16
aeml.dll  : 8.0.2.2020    347736 Bytes   2021/1/12 14:06:52
aemobile.dll: 8.1.22.2020   364368 Bytes  2020/12/11 01:25:07
aeoffice.dll: 8.5.1.2020    839352 Bytes   2021/1/12 14:06:52
aepack.dll: 8.5.0.2021    853624 Bytes    2021/2/2 10:14:43
aerdl.dll : 8.2.3.2020   1269704 Bytes    2020/3/5 01:24:51
aesbx.dll : 8.2.22.2020  1669696 Bytes   2020/4/17 00:31:54
aescn.dll : 8.3.10.2020   163856 Bytes    2020/7/2 03:05:45
aescript.dll: 8.3.7.2021   1274976 Bytes    2021/2/2 10:14:46
aevdf.dll : 8.3.3.2020    156752 Bytes   2020/12/4 02:24:39

Configuration settings for the scan:
AutoActionOnDetection: off
Network scanning enabled: on
Upload to cloud enabled: on
Upload to cloud confirmation needed: off
DetectionUnpackedGen: off
DetectionDamagedGen: off
Maximum number of clients: 10
Heuristic macro: 1
Heuristic files: 2
Scan archives: on
Smart extensions: on
Archive scan types:
Limit recursion depth: on
Recursion depth: 20
Maximum unpack size: 1073741824
Unpack ratio: 250
Excluded files:

扫描开始时间： 2021-02-02 18:33:04
02/02/2021,18:33:32.981        [INFO]        FP 报告文件 'C:\Users\Henry\Desktop\2.exe' 的“无误报”状态 [I:10, S:111]
02/02/2021,18:33:32.991        [INFO]        文件 'C:\Users\Henry\Desktop\2.exe' 已上传至 Protection Cloud 并已进行分析。 SHA256 = 0DD34E1326F18AB113BE5EC91003577845F62CE25BBED8F92BFF0B4077FE45DA [I:2, S:0]
02/02/2021,18:33:32.995        [INFO]        C:\Users\Henry\Desktop\2.exe
02/02/2021,18:33:32.998        [INFO]        [DETECTION] file contains 'HEUR/APC'
02/02/2021,18:33:55.418        [INFO]        [REMED]        License date: 2021-02-01T00:00:00Z
02/02/2021,18:33:55.736        [INFO]        [REMED]        Remediation is running in full mode until expiration (2025-06-30T00:00:00Z)
02/02/2021,18:33:56.490        [INFO]        [REMED]        remediation.rdf loaded (version: 1.0.2102.341)
02/02/2021,18:34:05.105        [INFO]        [REMED]        Remediation of Generic started.
02/02/2021,18:34:05.141        [WARN]        [REMED]        Can't set registry value:  RootKey: HKEY_USERS SubKey: S-1-5-21-388483870-485841831-1886440485-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ValueName: shell (64 bit): 系统找不到指定的文件。
02/02/2021,18:34:05.145        [WARN]        [REMED]        Can't set registry value:  RootKey: HKEY_USERS SubKey: S-1-5-21-388483870-485841831-1886440485-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System ValueName: shell (32 bit): 系统找不到指定的文件。
02/02/2021,18:34:05.504        [WARN]        [REMED]        Could not copy not existing file C:\Users\Henry\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\gadiuispsal.lnk to quarantine.
02/02/2021,18:34:05.507        [WARN]        [REMED]        Could not copy not existing file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\gadiuispsal.lnk to quarantine.
02/02/2021,18:34:05.512        [WARN]        [REMED]        Could not copy not existing file C:\Users\Henry\AppData\Roaming\conhost.exe to quarantine.
02/02/2021,18:34:05.515        [WARN]        [REMED]        Could not copy not existing file C:\Sysdll32.lnk to quarantine.
02/02/2021,18:34:05.542        [WARN]        [REMED]        Could not copy not existing file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\explorer.lnk to quarantine.
02/02/2021,18:34:05.544        [WARN]        [REMED]        Could not copy not existing file C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\start.lnk to quarantine.
02/02/2021,18:34:05.560        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\sync to quarantine.
02/02/2021,18:34:05.563        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Tasks\Web\Host to quarantine.
02/02/2021,18:34:05.565        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\Web\Host to quarantine.
02/02/2021,18:34:05.567        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Tasks\System Core to quarantine.
02/02/2021,18:34:05.569        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\System Core to quarantine.
02/02/2021,18:34:05.571        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Tasks\win defender run to quarantine.
02/02/2021,18:34:05.574        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\win defender run to quarantine.
02/02/2021,18:34:05.576        [WARN]        [REMED]        Could not copy not existing file C:\Windows\TEMP\initTool to quarantine.
02/02/2021,18:34:05.590        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Tasks\Mysa to quarantine.
02/02/2021,18:34:05.593        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\Mysa to quarantine.
02/02/2021,18:34:05.596        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Tasks\ok to quarantine.
02/02/2021,18:34:05.600        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\ok to quarantine.
02/02/2021,18:34:05.602        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Tasks\oka to quarantine.
02/02/2021,18:34:05.604        [WARN]        [REMED]        Could not copy not existing file C:\Windows\System32\Tasks\oka to quarantine.
02/02/2021,18:34:05.607        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Help\lsmosee.exe to quarantine.
02/02/2021,18:34:05.610        [WARN]        [REMED]        Could not copy not existing file C:\Windows\Help\lsmose.exe to quarantine.
02/02/2021,18:34:05.612        [WARN]        [REMED]        Could not copy not existing file C:\Windows\debug\lsmose.exe to quarantine.
02/02/2021,18:34:05.614        [WARN]        [REMED]        Could not copy not existing file C:\Windows\debug\lsmosee.exe to quarantine.
02/02/2021,18:34:10.739        [INFO]        [REMED]        Send Mixpanel event succeed
02/02/2021,18:34:10.915        [INFO]        [REMED]        Remediation of Generic finished successfully.
02/02/2021,18:34:11.081        [INFO]        [REMED]        Remediation of HEUR/APC started.
02/02/2021,18:34:18.208        [INFO]        [REMED]        Remediation of HEUR/APC finished successfully.
02/02/2021,18:34:18.213        [INFO]        C:\Users\Henry\Desktop\2.exe
02/02/2021,18:34:18.215        [INFO]        [ACTION] Clean

---------------------------------------------------------

End of scan : 2021-02-02 18:34:18
Duration : 01m:13s:476ms

The scan has been done completely.

      0 Scanned directories
      1 Scanned archives
      1 Scanned files
      0 Skipped files
      0 Ignored files
      1 Detected files
      1 Infected files cleaned
     26 Warnings

---------------------------------------------------------

yiyq

fsp TR/DelShad.0dd34e

舞尽繁华

小蜘蛛双击

k2132

智量

秋日之殇

卡巴斯基

Yuki丶

趋势双击拦截