kf13勒索(修复不可解密的bug)

117054487

卡巴已经拉黑了

zfc234

AhnLab
Date,Malware,File Location,Status,Scan Method
"14/04/2023 23:17:11","Ransom/MDP.Command.M1751","c:\windows\syswow64\cmd.exe","","Behavior Watcher"
"14/04/2023 23:17:11","Ransom/MDP.Command.M1751","c:\users\noah\desktop\kf13\kf13.exe","","Behavior Watcher"
"14/04/2023 23:17:09","Ransom/MDP.Cerber.M1214","c:\windows\syswow64\wbem\wmic.exe","","Behavior Watcher"
"14/04/2023 23:17:09","Ransom/MDP.Cerber.M1214","c:\windows\syswow64\cmd.exe","","Behavior Watcher"
"14/04/2023 23:17:09","Ransom/MDP.Cerber.M1214","c:\users\noah\desktop\kf13\kf13.exe","","Behavior Watcher"
"14/04/2023 23:16:55","Program Execution Notification","c:\Users\Noah\Desktop\kf13\kf13.exe","","Reputation-based Protection"
"14/04/2023 23:16:43","Program Execution Notification","c:\Users\Noah\Desktop\kf13\kf13.exe","","Reputation-based Protection"

zkr090612

联管跟到这了（
看毒名应该是火绒静态

python无名氏

761773275 发表于 2023-4-14 18:35
试试白加黑，或者试试搞个窃取小偷和勒索的整合，例如把一些文档上传，然后命令行把文档删除，然后要输入 ...

有没有可能，其他电脑也可以用浏览器直接访问被加密文件？

雨过天晴_123

360木马查杀扫描日志
开始时间: 2023-4-15 10:52:44
扫描用时: 00:00:01
扫描类型: 自定义扫描
扫描引擎:360云查杀引擎（本地木马库）  360启发式引擎  QEX脚本查杀引擎
             QVM Ⅱ人工智能引擎
扫描文件数: 1
系统关键位置文件: 0
系统内存运行模块: 0
压缩包文件: 0
安全的文件数: 1
发现安全威胁: 0
已处理安全威胁: 0


扫描选项
扫描后自动关机: 否
扫描模式: 速度最快
管理员：是


扫描内容
C:\Users\admin\Desktop\kf13.exe


白名单设置
任务栏外观被修改

扫描结果
未发现安全威胁

netweb

ESET

infected.exe;Python/Filecoder.SG
kf13.exe;Python/Filecoder.SL
save.exe;Suspicious Object

---

生如夏花之绚烂，死如秋叶之静美  
2023/4/15 下午2:11:59
bye  
From The Amazing Artifact：Netscape         

不是一只耳

edge浏览器下载提示拦截，智量解压和手动扫描pass，没试双击

python无名氏

。。。

kaspersky与火绒

智量