Перейти к содержанию
Новогодняя встреча Kaspersky Club. Записывайся скорее!

Шифровальщик C77L я так полАгаю

GenaCiT
 Поделиться

Рекомендуемые сообщения

GenaCiT

GenaCiT

Опубликовано
Опубликовано

Сегодня вечером словил шифровальщик судя по всему C77L

KES его почему то в упор не видит хотя работает

адрес для связи nullhex@2mail.co

два вопроса:

1.алгоритм остановки вируса и поиск точки входа

2.расшифровка

 

frst отчет

 

Desktop.7z

Очень прошу помощи

safety

safety

Опубликовано
Опубликовано (изменено)

Добавьте несколько зашифрованных файлов + записку о выкупе, в одном архиве, без пароля

2025-12-08 19:36 - 2025-12-08 19:36 - 000001740 _____ () C:\Program Files\READ-ME.txt

+

Если систему сканировали KVRT или Cureit добавьте в архиве без пароля отчеты о сканировании.

+

этот файл  загрузите на virustotal.com

2025-12-08 18:55 - 2022-05-15 03:14 - 001774696 _____ (voidtools) C:\Users\администратор.MEBELOBNINSKA\Desktop\c.exe

и дайте здесь ссылку на результат проверки

 

 

Изменено пользователем safety
  • safety изменил название на Шифровальщик C77L я так полАгаю
safety

safety

Опубликовано
Опубликовано (изменено)

По файлу понятно, что это был легальный инструмент Everything.exe, который часто используют злоумышленники.

Имя файла шифровальщика может быть c77l.exe

 

Логи и файлы чуть позже сегодня проверю.

 

Цитата

Если систему сканировали KVRT или Cureit добавьте в архиве без пароля отчеты о сканировании.

Здесь я просил результаты проверки в KVRT или Cureit. Логи FRST уже были в первом сообщении.

Изменено пользователем safety
safety

safety

Опубликовано
Опубликовано

Cureit ничего не нашел, кроме активаторов.

Total 499834147451 bytes in 500801 files scanned (542660 objects)
Total 500933 files (542658 objects) are clean
Total 2 files are infected
Scan time is 00:06:33.934
Возможно сэмпл попал в карантин Касперского при установке. Проверьте в карантине. c77l.exe

safety

safety

Опубликовано
Опубликовано (изменено)
2 часа назад, GenaCiT сказал:

на втором сервере поинтересней.

Здесь могут быть файлы злоумышленника.

2025-12-08 19:06 - 2025-12-08 19:38 - 000000000 ____D C:\Users\Администратор.MEBELOBNINSKA\Desktop\x64
проверьте этот файл на VT, он в процессах сейчас.

(© Intel Corporation) [Файл не подписан] C:\Windows\intel\intelrd.exe
Подробнее отвечу немного позже.

1 час назад, GenaCiT сказал:

вроде нашел 

Похоже что он.

Win64/Filecoder.TT Trojan

+

судя по тому что у вас идет сканирование Дрвеб, добавьте логи сканирования в архиве, без пароля.

Изменено пользователем safety
safety

safety

Опубликовано
Опубликовано

По логу сканирования:

Цитата

 

C:\Windows\intel\intelrd.exe - infected with Trojan.KeyLogger.43624
C:\Windows\intel\intelrd.exe - infected - 1549ms, 225280 bytes

 

C:\program files\mesh agent\meshagent.exe - is riskware program Program.MeshAgent.3
C:\program files\mesh agent\meshagent.exe - infected - 102ms, 3482240 bytes

 

C:\Users\Администратор.MEBELOBNINSKA\Desktop\x64\kprocesshacker.sys - is hacktool program Tool.ProcessHacker.2
C:\Users\Администратор.MEBELOBNINSKA\Desktop\x64\kprocesshacker.sys - infected - 123ms, 40088 bytes
C:\Users\Администратор.MEBELOBNINSKA\Desktop\x64\pomadachashin.exe - is hacktool program Tool.ProcessHacker.4

 

C:\Windows\IME\en-US\path\SC\vncCL.exe - infected - 611ms, 32768 bytes

 

>E:\update\svchost.exe - packed by UPX
E:\update\svchost.exe - infected with Trojan.Starter.7675
E:\update\svchost.exe - infected - 1515ms, 36864 bytes

E:\update\update.exe - infected - 1510ms, 1586688 bytes

 

 

Поочистке системы в FRST

 

Запускаем FRST.exe от имени Администратора (если не запущен)

Копируем скрипт из браузера в буфер обмена, браузер закрываем.

Ждем, когда будет готов к работе,

Нажимаем в FRST кнопку "исправить".

Скрипт очистит систему, и завершит работу c перезагрузкой системы 

Start::
(© Intel Corporation) [Файл не подписан] C:\Windows\intel\intelrd.exe
IFEO\1sass.exe: [Debugger] fixmapi.exe
IFEO\1svhost.exe: [Debugger] fixmapi.exe
IFEO\1task.exe: [Debugger] fixmapi.exe
IFEO\3306.exe: [Debugger] fixmapi.exe
IFEO\360tray.exe: [Debugger] fixmapi.exe
IFEO\a.exe: [Debugger] fixmapi.exe
IFEO\a1g.exe: [Debugger] fixmapi.exe
IFEO\a2guard.exe: [Debugger] fixmapi.exe
IFEO\a2service.exe: [Debugger] fixmapi.exe
IFEO\a2start.exe: [Debugger] fixmapi.exe
IFEO\aawservice.exe: [Debugger] fixmapi.exe
IFEO\acs.exe: [Debugger] fixmapi.exe
IFEO\Ad-Aware.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\AdAwareDesktop.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\AdAwareService.exe: [Debugger] fixmapi.exe
IFEO\AdAwareTray.exe: [Debugger] fixmapi.exe
IFEO\Adguard.exe: [Debugger] fixmapi.exe
IFEO\AdguardSvc.exe: [Debugger] fixmapi.exe
IFEO\Antivirus_Free_Edition_x86.exe: [Debugger] fixmapi.exe
IFEO\ANTIVIR▄.exe: [Debugger] fixmapi.exe
IFEO\AnVir.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\anvir64.exe: [Debugger] fixmapi.exe
IFEO\anvirlauncher.exe: [Debugger] fixmapi.exe
IFEO\apgr.exe: [Debugger] fixmapi.exe
IFEO\ApVxdWin.exe: [Debugger] fixmapi.exe
IFEO\ASCService.exe: [Debugger] fixmapi.exe
IFEO\ASCTray.exe: [Debugger] fixmapi.exe
IFEO\ASMAIN.EXE: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\ASP.NET.exe: [Debugger] fixmapi.exe
IFEO\aswclear.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\aswclear5.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\atiecla.exe: [Debugger] fixmapi.exe
IFEO\auditd.exe: [Debugger] fixmapi.exe
IFEO\autoDENGI.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\autoruns.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\AVENGINE.EXE: [Debugger] fixmapi.exe
IFEO\avgarkt.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\avgcefrend.exe: [Debugger] fixmapi.exe
IFEO\Avira.ServiceHost.exe: [Debugger] fixmapi.exe
IFEO\Avira.Systray.exe: [Debugger] fixmapi.exe
IFEO\avpmapp.exe: [Debugger] fixmapi.exe
IFEO\avz.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\BaiduAnSvc.exe: [Debugger] fixmapi.exe
IFEO\BaiduAnTray.exe: [Debugger] fixmapi.exe
IFEO\BaiduHips.exe: [Debugger] fixmapi.exe
IFEO\BaiduProtect.exe: [Debugger] fixmapi.exe
IFEO\bbservice.exe: [Debugger] fixmapi.exe
IFEO\bcn.exe: [Debugger] fixmapi.exe
IFEO\bdagent.exe: [Debugger] fixmapi.exe
IFEO\BDALeakfixer.exe: [Debugger] fixmapi.exe
IFEO\BDdaSvc.exe: [Debugger] fixmapi.exe
IFEO\bddownloader.exe: [Debugger] fixmapi.exe
IFEO\BDMiniDlUpdate.exe: [Debugger] fixmapi.exe
IFEO\bdsafecenter.exe: [Debugger] fixmapi.exe
IFEO\bdwtxag.exe: [Debugger] fixmapi.exe
IFEO\BitTorrentAntivirus.exe: [Debugger] fixmapi.exe
IFEO\bmc-cpu-32: [Debugger] fixmapi.exe
IFEO\bmc-cpu.exe: [Debugger] fixmapi.exe
IFEO\boost.exe: [Debugger] fixmapi.exe
IFEO\bootsvchost.exe: [Debugger] fixmapi.exe
IFEO\bot.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\brosec.exe: [Debugger] fixmapi.exe
IFEO\BrowserManager.exe: [Debugger] fixmapi.exe
IFEO\BrowserManagerGUI.exe: [Debugger] fixmapi.exe
IFEO\BrowserManagerShow.exe: [Debugger] fixmapi.exe
IFEO\brutb.exe: [Debugger] fixmapi.exe
IFEO\brute.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\BullGuard.exe: [Debugger] fixmapi.exe
IFEO\BullGuardBhvScanner.exe: [Debugger] fixmapi.exe
IFEO\BullGuardScanner.exe: [Debugger] fixmapi.exe
IFEO\BullGuardUpdate.exe: [Debugger] fixmapi.exe
IFEO\BurstTCPClient.exe: [Debugger] fixmapi.exe
IFEO\BusinessMessaging.exe: [Debugger] fixmapi.exe
IFEO\BWMeter.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\BWMeterConSvc.exe: [Debugger] fixmapi.exe
IFEO\ByteFence.exe: [Debugger] fixmapi.exe
IFEO\Cain.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\cavwp.exe: [Debugger] fixmapi.exe
IFEO\cbVSCService11.exe: [Debugger] fixmapi.exe
IFEO\CCleaner.exe: [Debugger] fixmapi.exe
IFEO\CCleaner64.exe: [Debugger] fixmapi.exe
IFEO\CcmEventCollector.exe: [Debugger] fixmapi.exe
IFEO\ccminer-x64.exe: [Debugger] fixmapi.exe
IFEO\CcmService.exe: [Debugger] fixmapi.exe
IFEO\ccsce.exe: [Debugger] fixmapi.exe
IFEO\ccSvcHst.exe: [Debugger] fixmapi.exe
IFEO\cdhtr.exe: [Debugger] fixmapi.exe
IFEO\cefutil.exe: [Debugger] fixmapi.exe
IFEO\certsvc.exe: [Debugger] fixmapi.exe
IFEO\cgminer.exe: [Debugger] fixmapi.exe
IFEO\chromodo_updater.exe: [Debugger] fixmapi.exe
IFEO\ciprotect.exe: [Debugger] fixmapi.exe
IFEO\CisTray.exe: [Debugger] fixmapi.exe
IFEO\clamd.exe: [Debugger] fixmapi.exe
IFEO\ClamSentinel.exe: [Debugger] fixmapi.exe
IFEO\ClearLock.exe: [Debugger] fixmapi.exe
IFEO\Client Server Runtime Procces.exe: [Debugger] fixmapi.exe
IFEO\cmdagent.exe: [Debugger] fixmapi.exe
IFEO\cmdvirth.exe: [Debugger] fixmapi.exe
IFEO\CNTAoSMgr.exe: [Debugger] fixmapi.exe
IFEO\command.exe: [Debugger] fixmapi.exe
IFEO\conhostgui.exe: [Debugger] fixmapi.exe
IFEO\Conime.exe: [Debugger] fixmapi.exe
IFEO\consctl.exe: [Debugger] fixmapi.exe
IFEO\consctlx.exe: [Debugger] fixmapi.exe
IFEO\CpService.exe: [Debugger] fixmapi.exe
IFEO\cpuminer-aes-sse42.exe: [Debugger] fixmapi.exe
IFEO\cpuminer-sse42.exe: [Debugger] fixmapi.exe
IFEO\cpuminer.exe: [Debugger] fixmapi.exe
IFEO\cpuminer_opt_AES.exe: [Debugger] fixmapi.exe
IFEO\cpuminer_opt_AVX2_AES.exe: [Debugger] fixmapi.exe
IFEO\cpuminer_opt_AVX_AES.exe: [Debugger] fixmapi.exe
IFEO\cpuminer_x64_SSE2.exe: [Debugger] fixmapi.exe
IFEO\cputest.exe: [Debugger] fixmapi.exe
IFEO\cpx.exe: [Debugger] fixmapi.exe
IFEO\CrashService.exe: [Debugger] fixmapi.exe
IFEO\cscce.exe: [Debugger] fixmapi.exe
IFEO\csrcs.exe: [Debugger] fixmapi.exe
IFEO\csrs.exe: [Debugger] fixmapi.exe
IFEO\csrsc.exe: [Debugger] fixmapi.exe
IFEO\csrssas.exe: [Debugger] fixmapi.exe
IFEO\csrssl.exe: [Debugger] fixmapi.exe
IFEO\csrsst.exe: [Debugger] fixmapi.exe
IFEO\cssrs.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\fixmapi.exe
IFEO\cureit.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\dcsrv.exe: [Debugger] fixmapi.exe
IFEO\ddraw.exe: [Debugger] fixmapi.exe
IFEO\debugger: [Debugger] fixmapi.exe
IFEO\Defender.exe: [Debugger] fixmapi.exe
IFEO\DefenderDaemon.exe: [Debugger] fixmapi.exe
IFEO\DEKSTOP LOCKER.exe: [Debugger] fixmapi.exe
IFEO\DeskLock.exe: [Debugger] fixmapi.exe
IFEO\Desktop Locker.exe: [Debugger] fixmapi.exe
IFEO\Desktop_Locker: [Debugger] fixmapi.exe
IFEO\devencl.exe: [Debugger] fixmapi.exe
IFEO\dlhost.exe: [Debugger] fixmapi.exe
IFEO\dll32.exe: [Debugger] fixmapi.exe
IFEO\dmdjmg.exe: [Debugger] fixmapi.exe
IFEO\dmhelpserver.exe: [Debugger] fixmapi.exe
IFEO\Dr.Web.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\DriverBooster.exe: [Debugger] fixmapi.exe
IFEO\Drop Box Update.exe: [Debugger] fixmapi.exe
IFEO\DrWeb.exe: [Debugger] fixmapi.exe
IFEO\dsrviml.exe: [Debugger] fixmapi.exe
IFEO\DTLEP.exe: [Debugger] fixmapi.exe
IFEO\DUB8.2.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\DUBrute.2.2.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\DUBrute.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\DUMeter.exe: [Debugger] fixmapi.exe
IFEO\DUMeterSvc.exe: [Debugger] fixmapi.exe
IFEO\dumpnet.exe: [Debugger] fixmapi.exe
IFEO\dwmr.exe: [Debugger] fixmapi.exe
IFEO\dwwin.exe: [Debugger] fixmapi.exe
IFEO\econceal.exe: [Debugger] fixmapi.exe
IFEO\econser.exe: [Debugger] fixmapi.exe
IFEO\elogsvc.exe: [Debugger] fixmapi.exe
IFEO\EmailSpider.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\emlproxy.exe: [Debugger] fixmapi.exe
IFEO\endpointintegration.exe: [Debugger] fixmapi.exe
IFEO\endpointservice.exe: [Debugger] fixmapi.exe
IFEO\EnterpriseConsole.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\EOSNotify.exe: [Debugger] fixmapi.exe
IFEO\epag.exe: [Debugger] fixmapi.exe
IFEO\ErrorCheck.exe: [Debugger] fixmapi.exe
IFEO\ErrorsChecking.exe: [Debugger] fixmapi.exe
IFEO\escanmon.exe: [Debugger] fixmapi.exe
IFEO\ESERV.EXE: [Debugger] fixmapi.exe
IFEO\esetonlinescanner.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\esetonlinescanner_enu.exe: [Debugger] fixmapi.exe
IFEO\esetonlinescanner_sky.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\ESETPoweliksCleaner.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\eset_antivirus.exe: [Debugger] fixmapi.exe
IFEO\esif.exe: [Debugger] fixmapi.exe
IFEO\ess.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\EthDcrMiner64.exe: [Debugger] fixmapi.exe
IFEO\exe.exe: [Debugger] fixmapi.exe
IFEO\Explerer.exe: [Debugger] fixmapi.exe
IFEO\explores.exe: [Debugger] fixmapi.exe
IFEO\expmon.exe: [Debugger] fixmapi.exe
IFEO\Fiddlere.exe: [Debugger] fixmapi.exe
IFEO\firewall_rules.exe: [Debugger] fixmapi.exe
IFEO\fixmapi.exe: [Debugger] fixmapi.exe
IFEO\Fjabo.exe: [Debugger] fixmapi.exe
IFEO\fmefsh.exe: [Debugger] fixmapi.exe
IFEO\fmefss.exe: [Debugger] fixmapi.exe
IFEO\fmsh.exe: [Debugger] fixmapi.exe
IFEO\fmss.exe: [Debugger] fixmapi.exe
IFEO\ForcerX+__.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\ForServiceApp.exe: [Debugger] fixmapi.exe
IFEO\FrameworkService.exe: [Debugger] fixmapi.exe
IFEO\frdpb_v2.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\frog.exe: [Debugger] fixmapi.exe
IFEO\fsproflt.exe: [Debugger] fixmapi.exe
IFEO\fsproflt2.exe: [Debugger] fixmapi.exe
IFEO\fud15.exe: [Debugger] fixmapi.exe
IFEO\fud16.exe: [Debugger] fixmapi.exe
IFEO\fwnrww.exe: [Debugger] fixmapi.exe
IFEO\gcclient.exe: [Debugger] fixmapi.exe
IFEO\GDSC.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\GeekBuddyRSP.exe: [Debugger] fixmapi.exe
IFEO\getsusp.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\getsusp64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\Ghima.exe: [Debugger] fixmapi.exe
IFEO\GlassWire.exe: [Debugger] fixmapi.exe
IFEO\Go.EXE: [Debugger] fixmapi.exe
IFEO\gotopbr.exe: [Debugger] fixmapi.exe
IFEO\Gpava.exe: [Debugger] fixmapi.exe
IFEO\Gqeba.exe: [Debugger] fixmapi.exe
IFEO\gsam.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\GWCtlSrv.exe: [Debugger] fixmapi.exe
IFEO\GWIdlMon.exe: [Debugger] fixmapi.exe
IFEO\gy.exe: [Debugger] fixmapi.exe
IFEO\hale.exe: [Debugger] fixmapi.exe
IFEO\Hboqu.exe: [Debugger] fixmapi.exe
IFEO\help.exe: [Debugger] fixmapi.exe
IFEO\helper.exe: [Debugger] fixmapi.exe
IFEO\hitleap-viewer-browser.exe: [Debugger] fixmapi.exe
IFEO\hitleap-viewer.exe: [Debugger] fixmapi.exe
IFEO\HitmanPro x64.exe: [Debugger] fixmapi.exe
IFEO\hkcmd.exe: [Debugger] fixmapi.exe
IFEO\Hkufhbj.exe: [Debugger] fixmapi.exe
IFEO\hmac.exe: [Debugger] fixmapi.exe
IFEO\host32.exe: [Debugger] fixmapi.exe
IFEO\hostdl.exe: [Debugger] fixmapi.exe
IFEO\HostedAgent.exe: [Debugger] fixmapi.exe
IFEO\HostStore.exe: [Debugger] fixmapi.exe
IFEO\HostXmrig.exe: [Debugger] fixmapi.exe
IFEO\HpSrv.exe: [Debugger] fixmapi.exe
IFEO\hpssmhd.exe: [Debugger] fixmapi.exe
IFEO\hscangui.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\HS_Svc.exe: [Debugger] fixmapi.exe
IFEO\icsys.icn.exe: [Debugger] fixmapi.exe
IFEO\iddlen.exe: [Debugger] fixmapi.exe
IFEO\igateway.exe: [Debugger] fixmapi.exe
IFEO\Igoto.exe: [Debugger] fixmapi.exe
IFEO\iimaia.exe: [Debugger] fixmapi.exe
IFEO\IMF.exe: [Debugger] fixmapi.exe
IFEO\IMFsrv.exe: [Debugger] fixmapi.exe
IFEO\IMFTips.exe: [Debugger] fixmapi.exe
IFEO\indexer.exe: [Debugger] fixmapi.exe
IFEO\ingloca.exe: [Debugger] fixmapi.exe
IFEO\InjectWinSockServiceV3.exe: [Debugger] fixmapi.exe
IFEO\InoRPC.exe: [Debugger] fixmapi.exe
IFEO\InoRT.exe: [Debugger] fixmapi.exe
IFEO\InoTask.exe: [Debugger] fixmapi.exe
IFEO\InstantSupport.exe: [Debugger] fixmapi.exe
IFEO\Intelme.exe: [Debugger] fixmapi.exe
IFEO\Interl thesaurus service.exe: [Debugger] fixmapi.exe
IFEO\IObit Malware Fighter.exe: [Debugger] fixmapi.exe
IFEO\IObitUninstaler.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\IProtectorService.exe: [Debugger] fixmapi.exe
IFEO\iptray.exe: [Debugger] fixmapi.exe
IFEO\ipts.exe: [Debugger] fixmapi.exe
IFEO\ipz.exe: [Debugger] fixmapi.exe
IFEO\ipz2.exe: [Debugger] fixmapi.exe
IFEO\Isass.exe: [Debugger] fixmapi.exe
IFEO\ITbrain_AntiMalware_Service.exe: [Debugger] fixmapi.exe
IFEO\javacs.exe: [Debugger] fixmapi.exe
IFEO\Javagroup.exe: [Debugger] fixmapi.exe
IFEO\Javaj.exe: [Debugger] fixmapi.exe
IFEO\javal.exe: [Debugger] fixmapi.exe
IFEO\JavaUpdater.exe: [Debugger] fixmapi.exe
IFEO\Jhahi.exe: [Debugger] fixmapi.exe
IFEO\jingling.exe: [Debugger] fixmapi.exe
IFEO\jixlea.exe: [Debugger] fixmapi.exe
IFEO\jozruq.exe: [Debugger] fixmapi.exe
IFEO\jusched.exe: [Debugger] fixmapi.exe
IFEO\KasAVSrv.exe: [Debugger] fixmapi.exe
IFEO\KasperskyCleaner.exe: [Debugger] fixmapi.exe
IFEO\kavremvr.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\kes_win.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\klcfginst.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\klvk.exe: [Debugger] fixmapi.exe
IFEO\KMS-R@1n.exe: [Debugger] fixmapi.exe
IFEO\KMS-R@1nHook.exe: [Debugger] fixmapi.exe
IFEO\KPortScan3.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\kryptex.exe: [Debugger] fixmapi.exe
IFEO\kryptex7.exe: [Debugger] fixmapi.exe
IFEO\KSafeTray.exe: [Debugger] fixmapi.exe
IFEO\KSP.exe: [Debugger] fixmapi.exe
IFEO\KvMonXP.exe: [Debugger] fixmapi.exe
IFEO\kvpncsvc.exe: [Debugger] fixmapi.exe
IFEO\KVRT.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\lamescan3.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\lass.exe: [Debugger] fixmapi.exe
IFEO\launcher_service.exe: [Debugger] fixmapi.exe
IFEO\LoadStat.exe: [Debugger] fixmapi.exe
IFEO\Logo.exe: [Debugger] fixmapi.exe
IFEO\LP.exe: [Debugger] fixmapi.exe
IFEO\lsaoss.exe: [Debugger] fixmapi.exe
IFEO\lsasss.exe: [Debugger] fixmapi.exe
IFEO\lsasvc.exe: [Debugger] fixmapi.exe
IFEO\lsmosee.exe: [Debugger] fixmapi.exe
IFEO\lsynchost.exe: [Debugger] fixmapi.exe
IFEO\MailCracker.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\MalwareProtectionClient.exe: [Debugger] fixmapi.exe
IFEO\mark.exe: [Debugger] fixmapi.exe
IFEO\massscan_launcher.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\mbamscheduler.exe: [Debugger] fixmapi.exe
IFEO\MBAMService.exe: [Debugger] fixmapi.exe
IFEO\mbarw.exe: [Debugger] fixmapi.exe
IFEO\McClnUI.exe: [Debugger] fixmapi.exe
IFEO\mcLi.exe: [Debugger] fixmapi.exe
IFEO\MCPR.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\McScript_InUse.exe: [Debugger] fixmapi.exe
IFEO\mcshield.exe: [Debugger] fixmapi.exe
IFEO\McTray.exe: [Debugger] fixmapi.exe
IFEO\mfeann.exe: [Debugger] fixmapi.exe
IFEO\mfevtps.exe: [Debugger] fixmapi.exe
IFEO\MicroMiner.exe: [Debugger] fixmapi.exe
IFEO\Microsoft.exe: [Debugger] fixmapi.exe
IFEO\MicrosoftEdgeCP.exe: [Debugger] fixmapi.exe
IFEO\MicrosoftPage.exe: [Debugger] fixmapi.exe
IFEO\Mineos.exe: [Debugger] fixmapi.exe
IFEO\Miner.exe: [Debugger] fixmapi.exe
IFEO\miner65.exe: [Debugger] fixmapi.exe
IFEO\minerd.exe: [Debugger] fixmapi.exe
IFEO\minerd_cp_fr.exe: [Debugger] fixmapi.exe
IFEO\minerd_dp_com.exe: [Debugger] fixmapi.exe
IFEO\minergate-cli.exe: [Debugger] fixmapi.exe
IFEO\minergate-service.exe: [Debugger] fixmapi.exe
IFEO\minergate.exe: [Debugger] fixmapi.exe
IFEO\mine_cp.exe: [Debugger] fixmapi.exe
IFEO\mine_mx.exe: [Debugger] fixmapi.exe
IFEO\mmon32.exe: [Debugger] fixmapi.exe
IFEO\MONITOR.EXE: [Debugger] fixmapi.exe
IFEO\Mouse Lock.exe: [Debugger] fixmapi.exe
IFEO\Mouse Lock_v22.exe: [Debugger] fixmapi.exe
IFEO\MPK.exe: [Debugger] fixmapi.exe
IFEO\MpkL64.exe: [Debugger] fixmapi.exe
IFEO\mqsgmo.exe: [Debugger] fixmapi.exe
IFEO\mqtgcvc.exe: [Debugger] fixmapi.exe
IFEO\Mrolsmc.exe: [Debugger] fixmapi.exe
IFEO\MRT-KB890830.exe: [Debugger] fixmapi.exe
IFEO\MRT.exe: [Debugger] fixmapi.exe
IFEO\msapp.exe: [Debugger] fixmapi.exe
IFEO\MSASCuiL.exe: [Debugger] fixmapi.exe
IFEO\msbtce.exe: [Debugger] fixmapi.exe
IFEO\mscnhlp2.exe: [Debugger] fixmapi.exe
IFEO\Mscvin.exe: [Debugger] fixmapi.exe
IFEO\msdcsc.exe: [Debugger] fixmapi.exe
IFEO\msdts.exe: [Debugger] fixmapi.exe
IFEO\msinfo.exe: [Debugger] fixmapi.exe
IFEO\msmvp.exe: [Debugger] fixmapi.exe
IFEO\msrtn32.exe: [Debugger] fixmapi.exe
IFEO\mssecsvc.exe: [Debugger] fixmapi.exe
IFEO\mssm-xsc.exe: [Debugger] fixmapi.exe
IFEO\MSSysCtl.exe: [Debugger] fixmapi.exe
IFEO\MtxHotPlugService.exe: [Debugger] fixmapi.exe
IFEO\MvtApp.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\MWAGENT.EXE: [Debugger] fixmapi.exe
IFEO\MWASER.EXE: [Debugger] fixmapi.exe
IFEO\mworker.exe: [Debugger] fixmapi.exe
IFEO\mwse.exe: [Debugger] fixmapi.exe
IFEO\myAgtSvc.exe: [Debugger] fixmapi.exe
IFEO\N360.exe: [Debugger] fixmapi.exe
IFEO\N360ChkServ.exe: [Debugger] fixmapi.exe
IFEO\NableAVDBridge.exe: [Debugger] fixmapi.exe
IFEO\naPrdMgr.exe: [Debugger] fixmapi.exe
IFEO\native.exe: [Debugger] fixmapi.exe
IFEO\NetFramework.exe: [Debugger] fixmapi.exe
IFEO\NetGoodBar.exe: [Debugger] fixmapi.exe
IFEO\nethtsrv.exe: [Debugger] fixmapi.exe
IFEO\NetLibrary.exe: [Debugger] fixmapi.exe
IFEO\NetMonitor.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\netsvc.exe: [Debugger] fixmapi.exe
IFEO\NetTimeService.exe: [Debugger] fixmapi.exe
IFEO\NetTraffic.exe: [Debugger] fixmapi.exe
IFEO\netupdsrv.exe: [Debugger] fixmapi.exe
IFEO\network-app.exe: [Debugger] fixmapi.exe
IFEO\network-update.exe: [Debugger] fixmapi.exe
IFEO\networx.exe: [Debugger] fixmapi.exe
IFEO\nheqminer.exe: [Debugger] fixmapi.exe
IFEO\NiceHashMiner.exe: [Debugger] fixmapi.exe
IFEO\Nip.exe: [Debugger] fixmapi.exe
IFEO\NisSrv.exe: [Debugger] fixmapi.exe
IFEO\Njeeves.exe: [Debugger] fixmapi.exe
IFEO\NL.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\Nlas.exe: [Debugger] fixmapi.exe
IFEO\NLBrute 1.2 x64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\NLBrute 1.2.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\NLBrute.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\NLBrute1.2.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\NmService.exe: [Debugger] fixmapi.exe
IFEO\NmTaskTray.exe: [Debugger] fixmapi.exe
IFEO\NmWebService.exe: [Debugger] fixmapi.exe
IFEO\nsbu.exe: [Debugger] fixmapi.exe
IFEO\NsCpuapl.exe: [Debugger] fixmapi.exe
IFEO\NsCpuCNMiner.exe: [Debugger] fixmapi.exe
IFEO\NsCpuCNMiner32.exe: [Debugger] fixmapi.exe
IFEO\NsCpuCNMiner64.exe: [Debugger] fixmapi.exe
IFEO\Nsesvc.exe: [Debugger] fixmapi.exe
IFEO\nsl.exe: [Debugger] fixmapi.exe
IFEO\nssm.exe: [Debugger] fixmapi.exe
IFEO\NTRtScan.exe: [Debugger] fixmapi.exe
IFEO\NTTacP.EXE: [Debugger] fixmapi.exe
IFEO\nusb3mon.exe: [Debugger] fixmapi.exe
IFEO\nvnc.exe: [Debugger] fixmapi.exe
IFEO\ONLINENT.EXE: [Debugger] fixmapi.exe
IFEO\OOSU10.exe: [Debugger] fixmapi.exe
IFEO\OpenHardwareMonitor.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\OPSSVC.EXE: [Debugger] fixmapi.exe
IFEO\op_mon.exe: [Debugger] fixmapi.exe
IFEO\panbss.exe: [Debugger] fixmapi.exe
IFEO\Panda_URL_Filtering.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\PanGPA.exe: [Debugger] fixmapi.exe
IFEO\PanGPS.exe: [Debugger] fixmapi.exe
IFEO\Pastebin Spider.exe: [Debugger] fixmapi.exe
IFEO\PAUI.exe: [Debugger] fixmapi.exe
IFEO\Pauscher.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\payload.exe: [Debugger] fixmapi.exe
IFEO\PccNT.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\PccNTMon.exe: [Debugger] fixmapi.exe
IFEO\pccntupd.exe: [Debugger] fixmapi.exe
IFEO\PCloudCleaner.exe: [Debugger] fixmapi.exe
IFEO\perfmon.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\pex.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\Photo.scr: [Debugger] fixmapi.exe
IFEO\ph_exec.exe: [Debugger] fixmapi.exe
IFEO\player.exe: [Debugger] fixmapi.exe
IFEO\Plugin.exe: [Debugger] fixmapi.exe
IFEO\pr.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\praetorian.exe: [Debugger] fixmapi.exe
IFEO\pricefountainw.exe: [Debugger] fixmapi.exe
IFEO\Private Keeper.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\prkiller.exe: [Debugger] fixmapi.exe
IFEO\Process Explorer.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\Process Explorer64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\ProcessHacker.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\procexp.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\procexp64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\Procmon.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\Procmon64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\Procxp.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\Project1.exe: [Debugger] fixmapi.exe
IFEO\prtest.exe: [Debugger] fixmapi.exe
IFEO\PRTG Traffic Grapher.exe: [Debugger] fixmapi.exe
IFEO\prtgwatchdog.exe: [Debugger] fixmapi.exe
IFEO\PsCtrlC.exe: [Debugger] fixmapi.exe
IFEO\PSROL.exe: [Debugger] fixmapi.exe
IFEO\PSUAMain.exe: [Debugger] fixmapi.exe
IFEO\pu.com: [Debugger] fixmapi.exe
IFEO\Q.exe: [Debugger] fixmapi.exe
IFEO\QHActiveDefense.exe: [Debugger] fixmapi.exe
IFEO\QHActiveSecurity.exe: [Debugger] fixmapi.exe
IFEO\QHSafeMain.exe: [Debugger] fixmapi.exe
IFEO\QHSafeTray.exe: [Debugger] fixmapi.exe
IFEO\QHWatchdog.exe: [Debugger] fixmapi.exe
IFEO\qimlsrv.exe: [Debugger] fixmapi.exe
IFEO\Qleda.exe: [Debugger] fixmapi.exe
IFEO\qpis.exe: [Debugger] fixmapi.exe
IFEO\QpMonitor.exe: [Debugger] fixmapi.exe
IFEO\QQExternal.exe: [Debugger] fixmapi.exe
IFEO\QQLiveService.exe: [Debugger] fixmapi.exe
IFEO\QQProtect.exe: [Debugger] fixmapi.exe
IFEO\quhlpsvc.exe: [Debugger] fixmapi.exe
IFEO\QuikProtect.exe: [Debugger] fixmapi.exe
IFEO\RDP Brute_Cracked.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\RDP Recognizer.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\RDPSS.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\rdpthread.exe: [Debugger] fixmapi.exe
IFEO\rdrleakdag.exe: [Debugger] fixmapi.exe
IFEO\Realmon.exe: [Debugger] fixmapi.exe
IFEO\Rebel Botnet.exe: [Debugger] fixmapi.exe
IFEO\redsurf.exe: [Debugger] fixmapi.exe
IFEO\regsvr.exe: [Debugger] fixmapi.exe
IFEO\reminder.exe: [Debugger] fixmapi.exe
IFEO\restarter_x64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\revshow.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\rfusclient.exe: [Debugger] fixmapi.exe
IFEO\rkfree.exe: [Debugger] fixmapi.exe
IFEO\ROMFUSClient.exe: [Debugger] fixmapi.exe
IFEO\romserver.exe: [Debugger] fixmapi.exe
IFEO\rootkitremover.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\RouterScan.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\rthdcpd.exe: [Debugger] fixmapi.exe
IFEO\rutserv.exe: [Debugger] fixmapi.exe
IFEO\rvlkl.exe: [Debugger] fixmapi.exe
IFEO\safesurf.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\sapissvc.exe: [Debugger] fixmapi.exe
IFEO\SASCORE.EXE: [Debugger] fixmapi.exe
IFEO\SASCORE64.EXE: [Debugger] fixmapi.exe
IFEO\SBAMSvc.exe: [Debugger] fixmapi.exe
IFEO\SBAMTray.exe: [Debugger] fixmapi.exe
IFEO\scclient.exe: [Debugger] fixmapi.exe
IFEO\scriptrap.exe: [Debugger] fixmapi.exe
IFEO\scrss.exe: [Debugger] fixmapi.exe
IFEO\SCTCleanupService.exe: [Debugger] fixmapi.exe
IFEO\SDFSSvc.exe: [Debugger] fixmapi.exe
IFEO\sdhelp.exe: [Debugger] fixmapi.exe
IFEO\SDRootAlyzer.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SDScan.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SDShell.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SDShred.exe: [Debugger] fixmapi.exe
IFEO\SDSysRepair.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SDTools.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SDTray.exe: [Debugger] fixmapi.exe
IFEO\SDUpdate.exe: [Debugger] fixmapi.exe
IFEO\SDUpdSvc.exe: [Debugger] fixmapi.exe
IFEO\SDWelcome.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SDWSCSvc.exe: [Debugger] fixmapi.exe
IFEO\Search.exe: [Debugger] fixmapi.exe
IFEO\SearchProtocolHos.exe: [Debugger] fixmapi.exe
IFEO\seccenter.exe: [Debugger] fixmapi.exe
IFEO\secscan.exe: [Debugger] fixmapi.exe
IFEO\securesurf.browser.client.exe: [Debugger] fixmapi.exe
IFEO\Security.exe: [Debugger] fixmapi.exe
IFEO\server.dat: [Debugger] fixmapi.exe
IFEO\Service.exe: [Debugger] fixmapi.exe
IFEO\ServiceApp.exe: [Debugger] fixmapi.exe
IFEO\servicess.exe: [Debugger] fixmapi.exe
IFEO\servidor.exe: [Debugger] fixmapi.exe
IFEO\sessmgr.exe: [Debugger] fixmapi.exe
IFEO\setap_c.exe: [Debugger] fixmapi.exe
IFEO\seth.exe: [Debugger] drmsvc.exe
IFEO\setup_av_ep.exe: [Debugger] fixmapi.exe
IFEO\setup_kes.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\SFAUpdater.exe: [Debugger] fixmapi.exe
IFEO\sfc.exe: [Debugger] fixmapi.exe
IFEO\sgbider.exe: [Debugger] fixmapi.exe
IFEO\SH4Service.exe: [Debugger] fixmapi.exe
IFEO\ShKernel.exe: [Debugger] fixmapi.exe
IFEO\shost.exe: [Debugger] fixmapi.exe
IFEO\shtsenv.exe: [Debugger] fixmapi.exe
IFEO\sitehelp.exe: [Debugger] fixmapi.exe
IFEO\skrolls.exe: [Debugger] fixmapi.exe
IFEO\skying.exe: [Debugger] fixmapi.exe
IFEO\SmadavProtect32.exe: [Debugger] fixmapi.exe
IFEO\smartscreen.exe: [Debugger] fixmapi.exe
IFEO\smBootTime.exe: [Debugger] fixmapi.exe
IFEO\Smc.exe: [Debugger] fixmapi.exe
IFEO\smcc.exe: [Debugger] fixmapi.exe
IFEO\smsdefrag.exe: [Debugger] fixmapi.exe
IFEO\smssm.exe: [Debugger] fixmapi.exe
IFEO\smsss.exe: [Debugger] fixmapi.exe
IFEO\snetcfg.exe: [Debugger] fixmapi.exe
IFEO\snmptrap.exe: [Debugger] fixmapi.exe
IFEO\sntlkeyssrvr.exe: [Debugger] fixmapi.exe
IFEO\sntlsrtsrvr.exe: [Debugger] fixmapi.exe
IFEO\SombraLock.exe: [Debugger] fixmapi.exe
IFEO\soqkci.exe: [Debugger] fixmapi.exe
IFEO\sound.exe: [Debugger] fixmapi.exe
IFEO\splwowc.exe: [Debugger] fixmapi.exe
IFEO\spm.exe: [Debugger] fixmapi.exe
IFEO\spnsrvnt.exe: [Debugger] fixmapi.exe
IFEO\spomua.exe: [Debugger] fixmapi.exe
IFEO\spooIsv.exe: [Debugger] fixmapi.exe
IFEO\spools.exe: [Debugger] fixmapi.exe
IFEO\spoolv.exe: [Debugger] fixmapi.exe
IFEO\spoolvs.exe: [Debugger] fixmapi.exe
IFEO\Spred.exe: [Debugger] fixmapi.exe
IFEO\spsvc.exe: [Debugger] fixmapi.exe
IFEO\SpybotSD.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\spydetector323eng.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\SpyHunter4.exe: [Debugger] fixmapi.exe
IFEO\SpyHunter5.exe: [Debugger] fixmapi.exe
IFEO\spywareblaster.exe: [Debugger] fixmapi.exe
IFEO\SQLSystem.exe: [Debugger] fixmapi.exe
IFEO\srcver.exe: [Debugger] fixmapi.exe
IFEO\SRFeature.exe: [Debugger] fixmapi.exe
IFEO\SRManager.exe: [Debugger] fixmapi.exe
IFEO\srs.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\srs.exe.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\SRService.exe: [Debugger] fixmapi.exe
IFEO\srvan.exe: [Debugger] fixmapi.exe
IFEO\ssms32.exe: [Debugger] fixmapi.exe
IFEO\SSScheduler.exe: [Debugger] fixmapi.exe
IFEO\ssvchost.exe: [Debugger] fixmapi.exe
IFEO\ssyncer.exe: [Debugger] fixmapi.exe
IFEO\starter_avp.exe: [Debugger] fixmapi.exe
IFEO\StartupChecker.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\StartupCheckingService.exe: [Debugger] fixmapi.exe
IFEO\StartUpTool_w.exe: [Debugger] fixmapi.exe
IFEO\stinger.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\storectrl.dll: [Debugger] fixmapi.exe
IFEO\StSess.exe: [Debugger] fixmapi.exe
IFEO\stub.exe: [Debugger] fixmapi.exe
IFEO\Suo12_StartupManager.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\SUPERANTISPYWARE.EXE: [Debugger] fixmapi.exe
IFEO\surfblock.exe: [Debugger] fixmapi.exe
IFEO\surfguard.exe: [Debugger] fixmapi.exe
IFEO\svbhost.exe: [Debugger] fixmapi.exe
IFEO\svcGenericHost.exe: [Debugger] fixmapi.exe
IFEO\svch0st.exe: [Debugger] fixmapi.exe
IFEO\svchobst.exe: [Debugger] fixmapi.exe
IFEO\svchoct.exe: [Debugger] fixmapi.exe
IFEO\svchos.exe: [Debugger] fixmapi.exe
IFEO\svchosd.exe: [Debugger] fixmapi.exe
IFEO\svchose.exe: [Debugger] fixmapi.exe
IFEO\svchost.com: [Debugger] fixmapi.exe
IFEO\svchost.dll: [Debugger] fixmapi.exe
IFEO\svchost32.exe: [Debugger] fixmapi.exe
IFEO\svchosts.exe: [Debugger] fixmapi.exe
IFEO\svchots.exe: [Debugger] fixmapi.exe
IFEO\svchsot.exe: [Debugger] fixmapi.exe
IFEO\svcnoct.exe: [Debugger] fixmapi.exe
IFEO\svcohst.exe: [Debugger] fixmapi.exe
IFEO\svdhost.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\svehost.exe: [Debugger] fixmapi.exe
IFEO\svhosr.exe: [Debugger] fixmapi.exe
IFEO\svhost.exe: [Debugger] fixmapi.exe
IFEO\svncxhost.exe: [Debugger] fixmapi.exe
IFEO\svnhost.exe: [Debugger] fixmapi.exe
IFEO\SVRTcli.exe: [Debugger] fixmapi.exe
IFEO\SVRTgui.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SVRTservice.exe: [Debugger] fixmapi.exe
IFEO\svshost.exe: [Debugger] fixmapi.exe
IFEO\svsrv.exe: [Debugger] fixmapi.exe
IFEO\swdoctor.exe: [Debugger] fixmapi.exe
IFEO\SymRedistributable.exe: [Debugger] fixmapi.exe
IFEO\sys.exe: [Debugger] fixmapi.exe
IFEO\sys32.exe: [Debugger] fixmapi.exe
IFEO\sysdisk.exe: [Debugger] fixmapi.exe
IFEO\sysdown.exe: [Debugger] fixmapi.exe
IFEO\syshost.exe: [Debugger] fixmapi.exe
IFEO\SysInspector.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\System Idle Process.exe: [Debugger] fixmapi.exe
IFEO\system.exe: [Debugger] fixmapi.exe
IFEO\System32.exe: [Debugger] fixmapi.exe
IFEO\system64: [Debugger] fixmapi.exe
IFEO\system64.exe: [Debugger] fixmapi.exe
IFEO\SystemDriveHost.exe: [Debugger] fixmapi.exe
IFEO\SystemExplorer.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\SystemF0D7.exe: [Debugger] fixmapi.exe
IFEO\SystemHost.exe: [Debugger] fixmapi.exe
IFEO\SystemIDLE.exe: [Debugger] fixmapi.exe
IFEO\SystemNT.exe: [Debugger] fixmapi.exe
IFEO\systems.exe: [Debugger] fixmapi.exe
IFEO\SystemSetting.exe: [Debugger] fixmapi.exe
IFEO\systemsmss.exe: [Debugger] fixmapi.exe
IFEO\SystemTask.exe: [Debugger] fixmapi.exe
IFEO\SystemTaskinfo.exe: [Debugger] fixmapi.exe
IFEO\systemx.exe: [Debugger] fixmapi.exe
IFEO\Systms.exe: [Debugger] fixmapi.exe
IFEO\Systmss.exe: [Debugger] fixmapi.exe
IFEO\systrays.exe: [Debugger] fixmapi.exe
IFEO\szndesktop.exe: [Debugger] fixmapi.exe
IFEO\taschost.exe: [Debugger] fixmapi.exe
IFEO\task.exe: [Debugger] fixmapi.exe
IFEO\taskhostw.exe: [Debugger] fixmapi.exe
IFEO\taskhots.exe: [Debugger] fixmapi.exe
IFEO\TaskManagerService.exe: [Debugger] fixmapi.exe
IFEO\taskmgrr.exe: [Debugger] fixmapi.exe
IFEO\Taskmrg.exe: [Debugger] fixmapi.exe
IFEO\Tasksmgrs.exe: [Debugger] fixmapi.exe
IFEO\tcpscvs.exe: [Debugger] fixmapi.exe
IFEO\tcpvcon.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\Tcpview.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\netframework.vbs
IFEO\tcpzaw.exe: [Debugger] fixmapi.exe
IFEO\TeaTimer.exe: [Debugger] fixmapi.exe
IFEO\Terms.EXE: [Debugger] fixmapi.exe
IFEO\THGuard.exe: [Debugger] fixmapi.exe
IFEO\TIASPN~1.EXE: [Debugger] fixmapi.exe
IFEO\TINY.EXE: [Debugger] fixmapi.exe
IFEO\TMBMSRV.exe: [Debugger] fixmapi.exe
IFEO\TmListen.exe: [Debugger] fixmapi.exe
IFEO\tmmt.exe: [Debugger] fixmapi.exe
IFEO\tmmt64.exe: [Debugger] fixmapi.exe
IFEO\tmPfw.exe: [Debugger] fixmapi.exe
IFEO\TmProxy.exe: [Debugger] fixmapi.exe
IFEO\ToolbarUpdaterService.exe: [Debugger] fixmapi.exe
IFEO\TpmInit.exe: [Debugger] fixmapi.exe
IFEO\tps.exe: [Debugger] fixmapi.exe
IFEO\TrafAdmin.exe: [Debugger] fixmapi.exe
IFEO\TrafInsp.exe: [Debugger] fixmapi.exe
IFEO\TrafInspRep.exe: [Debugger] fixmapi.exe
IFEO\TrafMonitor.exe: [Debugger] fixmapi.exe
IFEO\TrafSvc.exe: [Debugger] fixmapi.exe
IFEO\traycser.exe: [Debugger] fixmapi.exe
IFEO\trayeser.exe: [Debugger] fixmapi.exe
IFEO\TRAYICOC.EXE: [Debugger] fixmapi.exe
IFEO\traysser.exe: [Debugger] fixmapi.exe
IFEO\Trjscan.exe: [Debugger] fixmapi.exe
IFEO\TrueImageMonitor.exe: [Debugger] fixmapi.exe
IFEO\turbomailer.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\runtime.vbs
IFEO\uamApp.exe: [Debugger] fixmapi.exe
IFEO\uamAppWOW.exe: [Debugger] fixmapi.exe
IFEO\UdaterUI.exe: [Debugger] fixmapi.exe
IFEO\UI0detect.exe: [Debugger] fixmapi.exe
IFEO\uistub.exe: [Debugger] fixmapi.exe
IFEO\uninst.exe: [Debugger] fixmapi.exe
IFEO\UninstallMonitor.exe: [Debugger] fixmapi.exe
IFEO\unit.exe: [Debugger] fixmapi.exe
IFEO\unit_manager.exe: [Debugger] fixmapi.exe
IFEO\updata.exe: [Debugger] fixmapi.exe
IFEO\update-api.exe: [Debugger] fixmapi.exe
IFEO\update-app.exe: [Debugger] fixmapi.exe
IFEO\updateservice.exe: [Debugger] fixmapi.exe
IFEO\USBGuard.exe: [Debugger] fixmapi.exe
IFEO\USBSRService.exe: [Debugger] fixmapi.exe
IFEO\V3Lite.exe: [Debugger] fixmapi.exe
IFEO\V3SP.exe: [Debugger] fixmapi.exe
IFEO\VC90.exe: [Debugger] fixmapi.exe
IFEO\vcsvc.exe: [Debugger] fixmapi.exe
IFEO\vcsvcc.exe: [Debugger] fixmapi.exe
IFEO\vercls.exe: [Debugger] fixmapi.exe
IFEO\Vip Slow.exe: [Debugger] fixmapi.exe
IFEO\VIRITSVC.EXE: [Debugger] fixmapi.exe
IFEO\vmms.exe: [Debugger] fixmapi.exe
IFEO\vnchosts.exe: [Debugger] fixmapi.exe
IFEO\volumedisk.exe: [Debugger] fixmapi.exe
IFEO\vprot.exe: [Debugger] fixmapi.exe
IFEO\vsmon.exe: [Debugger] fixmapi.exe
IFEO\vsserv.exe: [Debugger] fixmapi.exe
IFEO\VsTskMgr.exe: [Debugger] fixmapi.exe
IFEO\VVUDFHost.exe: [Debugger] fixmapi.exe
IFEO\wab32.exe: [Debugger] fixmapi.exe
IFEO\wahiver.exe: [Debugger] fixmapi.exe
IFEO\wahiver64.exe: [Debugger] fixmapi.exe
IFEO\wasp.exe: [Debugger] fixmapi.exe
IFEO\Wasppacer.exe: [Debugger] ipz.exe
IFEO\waspwing.exe: [Debugger] fixmapi.exe
IFEO\wasub.exe: [Debugger] fixmapi.exe
IFEO\wbox.exe: [Debugger] fixmapi.exe
IFEO\webengineDHA.exe: [Debugger] fixmapi.exe
IFEO\webisida.browser.exe: [Debugger] fixmapi.exe
IFEO\WebProtectorPlus.exe: [Debugger] fixmapi.exe
IFEO\WebProxy.exe: [Debugger] fixmapi.exe
IFEO\webtmr.exe: [Debugger] fixmapi.exe
IFEO\wfc.exe: [Debugger] fixmapi.exe
IFEO\wfcs.exe: [Debugger] fixmapi.exe
IFEO\win-active.exe: [Debugger] fixmapi.exe
IFEO\win-api.exe: [Debugger] fixmapi.exe
IFEO\win-app.exe: [Debugger] fixmapi.exe
IFEO\win-update.exe: [Debugger] fixmapi.exe
IFEO\win32.exe: [Debugger] fixmapi.exe
IFEO\WinApp.exe: [Debugger] fixmapi.exe
IFEO\WinCtrProc.exe: [Debugger] fixmapi.exe
IFEO\windefender.exe: [Debugger] fixmapi.exe
IFEO\windir.exe: [Debugger] fixmapi.exe
IFEO\windows nt.exe: [Debugger] fixmapi.exe
IFEO\Windows-KB890830-x64-V5.58.exe: [Debugger] fixmapi.exe
IFEO\windows.exe: [Debugger] fixmapi.exe
IFEO\Windows10Upgrade.exe: [Debugger] fixmapi.exe
IFEO\Windows10UpgraderApp.exe: [Debugger] fixmapi.exe
IFEO\WindowsUpdate.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\windrvs.exe: [Debugger] fixmapi.exe
IFEO\windrws.exe: [Debugger] fixmapi.exe
IFEO\winer.exe: [Debugger] fixmapi.exe
IFEO\WinHide.exe: [Debugger] fixmapi.exe
IFEO\WinHide.SB.exe: [Debugger] fixmapi.exe
IFEO\winhost.exe: [Debugger] fixmapi.exe
IFEO\winidow.exe: [Debugger] fixmapi.exe
IFEO\winIogon.exe: [Debugger] fixmapi.exe
IFEO\winlock.exe: [Debugger] fixmapi.exe
IFEO\winlog.exe: [Debugger] fixmapi.exe
IFEO\winlogn.exe: [Debugger] fixmapi.exe
IFEO\winlogon.exe(1): [Debugger] fixmapi.exe
IFEO\winlogon.exe.exe: [Debugger] fixmapi.exe
IFEO\winlogon4.exe: [Debugger] fixmapi.exe
IFEO\winlogon64.exe: [Debugger] fixmapi.exe
IFEO\winlogons.exe: [Debugger] fixmapi.exe
IFEO\winmgmnt: [Debugger] fixmapi.exe
IFEO\winmgmnt.exe: [Debugger] fixmapi.exe
IFEO\winmhjqkn.exe: [Debugger] fixmapi.exe
IFEO\winmm.exe: [Debugger] fixmapi.exe
IFEO\WinPatrol.exe: [Debugger] fixmapi.exe
IFEO\winpoint.exe: [Debugger] fixmapi.exe
IFEO\WinSvchost.exe: [Debugger] fixmapi.exe
IFEO\WinSys_Monitor.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\wintmr.exe: [Debugger] fixmapi.exe
IFEO\winup.exe: [Debugger] fixmapi.exe
IFEO\Win_Updater.exe: [Debugger] fixmapi.exe
IFEO\Wiswqcs.exe: [Debugger] fixmapi.exe
IFEO\wizard.exe: [Debugger] fixmapi.exe
IFEO\wmiapsvr.exe: [Debugger] fixmapi.exe
IFEO\WMIC.exe.exe: [Debugger] fixmapi.exe
IFEO\WmiPSrv.exe: [Debugger] fixmapi.exe
IFEO\wmpenc_st.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\wnhelp.exe: [Debugger] fixmapi.exe
IFEO\workout.exe: [Debugger] fixmapi.exe
IFEO\Wpeka.exe: [Debugger] fixmapi.exe
IFEO\Wprehwc.exe: [Debugger] fixmapi.exe
IFEO\wqscmc.exe: [Debugger] fixmapi.exe
IFEO\WRSA.exe: [Debugger] fixmapi.exe
IFEO\wsb.exe: [Debugger] fixmapi.exe
IFEO\wsntserv.exe: [Debugger] fixmapi.exe
IFEO\wssfcmai.exe: [Debugger] fixmapi.exe
IFEO\wtssvc.exe: [Debugger] fixmapi.exe
IFEO\wuauclm.exe: [Debugger] fixmapi.exe
IFEO\wuauclt.exe: [Debugger] fixmapi.exe
IFEO\wuaudt.exe: [Debugger] fixmapi.exe
IFEO\wuauser.exe: [Debugger] fixmapi.exe
IFEO\WUDFHost.exe: [Debugger] fixmapi.exe
IFEO\wwmeeg.exe: [Debugger] fixmapi.exe
IFEO\x64.exe: [Debugger] fixmapi.exe
IFEO\xDedicLogCleaner.exe: [Debugger] fixmapi.exe
IFEO\xmr-stak-cpu.exe: [Debugger] fixmapi.exe
IFEO\xmr-stak.exe: [Debugger] fixmapi.exe
IFEO\xmrig-notls.exe: [Debugger] fixmapi.exe
IFEO\xmrig.exe: [Debugger] fixmapi.exe
IFEO\xmrigDaemon.exe: [Debugger] fixmapi.exe
IFEO\xmrigMiner.exe: [Debugger] fixmapi.exe
IFEO\xngiesa.exe: [Debugger] fixmapi.exe
IFEO\xp64.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\xray.exe: [Debugger] fixmapi.exe
IFEO\xscan_gui.exe: [Debugger] cmd /c start /MIN wscript //nologo C:\Windows\framework.vbs
IFEO\xstartui.exe: [Debugger] fixmapi.exe
IFEO\XTray.exe: [Debugger] fixmapi.exe
IFEO\ybrwicon.exe: [Debugger] fixmapi.exe
IFEO\ytbrowser.exe: [Debugger] fixmapi.exe
IFEO\ytpumpchrome.exe: [Debugger] fixmapi.exe
IFEO\z.tmp: [Debugger] fixmapi.exe
IFEO\zam.exe: [Debugger] fixmapi.exe
IFEO\Zanda.exe: [Debugger] fixmapi.exe
IFEO\zlclient.exe: [Debugger] fixmapi.exe
IFEO\Zlh.exe: [Debugger] fixmapi.exe
IFEO\Zpgiupy.exe: [Debugger] fixmapi.exe
GroupPolicy: Ограничение ? <==== ВНИМАНИЕ
GroupPolicy\User: Ограничение ? <==== ВНИМАНИЕ
Policies: C:\ProgramData\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\Администратор.MEBELOBNINSKA\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\Алексей\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\горлица_аудит\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\диана\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\ирина\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\иринан\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\маша\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
Policies: C:\Users\Тоня\NTUSER.pol: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Mozilla\Firefox: Ограничение <==== ВНИМАНИЕ
HKLM\SOFTWARE\Policies\Google: Ограничение <==== ВНИМАНИЕ
2025-12-09 09:47 - 2025-12-08 20:21 - 278702048 _____ C:\oja0twqh.exe
2025-12-08 19:38 - 2025-12-08 19:38 - 002359350 _____ C:\ProgramData\Eclipse.bmp
2025-12-08 19:06 - 2025-12-08 19:38 - 000000000 ____D C:\Users\Администратор.MEBELOBNINSKA\Desktop\x64
2025-12-08 18:55 - 2022-05-15 03:14 - 001774696 _____ (voidtools) C:\Users\Администратор.MEBELOBNINSKA\Desktop\c.exe
2025-12-08 18:34 - 2025-12-09 01:22 - 000000000 ____D C:\Program Files\Mesh Agent
S4 Mesh Agent; C:\Program Files\Mesh Agent\MeshAgent.exe [3482240 2025-12-08] (zersrv.com-6db5a2 -> ) [Файл не подписан]
Reboot::
End::

После перезагрузки:

Добавьте файл Fixlog.txt из папки, откуда запускали FRST, в ваше сообщение

Папку C:\FRST\Quarantine заархивируйте с паролем virus, архив загрузите на облачный диск, и дайте ссылку на скачивание здесь.

safety

safety

Опубликовано
Опубликовано

Систему очистили. С расшифровкой файлов, увы, не сможем помочь.

 

Общие рекомендации:

 

Теперь, когда ваши файлы были зашифрованы, примите серьезные меры безопасности:


1. создание бэкапов данных на отдельном устройстве, которое не должно быть постоянно доступным;
2. установка актуальных обновлений для операционной системы;
3. установка надежной актуальной антивирусной защиты с регулярным обновлением антивирусных баз;
4. установка надежных паролей для аккаунтов из группы RDP;
5. настройка нестандартного порта (вместо стандартного 3389) для сервиса RDP;
6. настройки безопасности, которые защищают пароль к аккаунту от удаленного брутфорсинга
7. если есть такая возможность, настройте двухфакторную аутентификацию для доступа к рабочему столу
8. доступ к рабочему столу из внешней сети (если необходим для работы), либо через VPN подключение, либо только с доверенных IP (белый лист);

GenaCiT

GenaCiT

Опубликовано
  • Автор
Опубликовано

а этот скрипт на другом сервере тоже применим я так понимаю

 

safety

safety

Опубликовано
Опубликовано

По первому устройству, там многого нет, что есть в логе по второму серверу. Подождите немного, сейчас напишу для первого сервера скрипт очистки.

GenaCiT

GenaCiT

Опубликовано
  • Автор
Опубликовано

от актуальные от двух машин

FRST5.7zfrst3.rar

шифровщик один я поэтому и предположил что так

 

еще раз спасибо за помощь

Пожалуйста, войдите, чтобы комментировать

Вы сможете оставить комментарий после входа в



Войти
 Поделиться
Перейти к списку тем

  • Похожий контент

    • Sniv
      Помощь с шифровальщиком
      Автор Sniv
      Здравствуйте. Помогите пожалуйста с детекцией шифровальщика и расшифровкой файлов. Зашифрованные файлы в hex всегда начинаются на 
      AB BC CD DE EF F0 01 50
      есть текстовый файл #How-To-Decrypt-Files.txt - содержание:
      Your files have been stolen and encrypted.
      Contact us right now to restore your files.
      > Email: anubisa397@gmail.com
      > Telegram: @Scaro397
      > Decryption ID: 16A24BC4
      Warning:
      > Act quickly! delay means higher payment.
       
      создался диск a: и b:
       
       
       
      Примеры зашифрованных файлов в прикрепе



      encrypted.zip
    • Эльмир Д
      Зашифрован компьютер с базой данных
      Автор Эльмир Д
      Доброе утро, зашифрован компьютер с базой данных, на данный момент выключен.
      файлы с съемного диска который был к нему подключен.
      D.zip
    • Сергей Сергеевич_рн
      Шифровальщик
      Автор Сергей Сергеевич_рн
      Компьютер был взломан вирусом-шифровальщиком, все файлы на двух дисках перестали открываться, диск D очистил и установил новую ОС, на диске С так и лежит зараженная ОС с зашифрованными файлами, расширение некоторых файлов поменялось некоторых не поменялось, но в каждой папке появился файл .txt с указанием почты хакеров. Вопрос в том, как расшифровать файлы, что за вирус
      Индивидуальный проект.odp.[ID-82F537F3][emmo.encrypt@onionmail.org].zip #Restore-My-Files.txt
    • ВасяАкрил988
      Шифровальщик, помогите с расшифровкой
      Автор ВасяАкрил988
      Сегодня с утра обнаружили, что все важные файлы зашифрованы. На экране написано All your files are encrypted.
      На рабочем столе находится файл ZerSrv@mail2tor.co.exe. Сканирование показывает наличие HEUR:Trojan.Win32.Generic. Файл заархивировал с паролем virus
       
      Возможно как-то расшифровать файлы?
       

       
      ZerSrv@mail2tor.co.zip
    • stalkhunter
      Словил шифровальщика - Trojan-Ransom.Win64.Generic
      Автор stalkhunter
      Зашифрованы файлы по определению касперского Trojan-Ransom.Win64.Generic. Во вложении один из файлов щшифровщиков
      Addition.txt FRST.txt READ-ME.txt Плат поруч. 23.11.12 26 566=02.doc.[mrdarkness@onionmail.org].rar 86.rar
×
×
  • Создать...