- Mark as New
- Bookmark
- Subscribe
- Permalink
- Report Inappropriate Content
Hello:
Early Saturday morning, we received a notice of a possible ransomware attack originating from our 4 workstations with ProSeries installed. Sophos and our IT Company both believe this to be a false positive. However, out of an abundance of caution, we are looking for confirmation from ProSeries or the Community that these are legitimate files.
Provided below is the list of files that were detected as Ransomware:
Detection Generic.Ransom.X
1*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZNC.xml
Overwritten L0, Read T4096 H4096|^45837|^b5565, Write T5120 H4893|^55318|^b6741 #1,r2,LN
2*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZNC.xml
Opened L4893, Read T5120|100% H4893|^55406|^b6764 #2,w1,LN
3 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023MSI.xml
Overwritten L0, Read T4096 H4096|^44589|^b5588, Write T4608 H4507|^49562|^b6129 #3,r4,LN
4 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023MSI.xml
Opened L4507, Read T4608|100% H4507|^49697|^b6164 #4,w3,LN
5*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023MNO.xml
Overwritten L0, Read T2048 H1554|^18315|^b2178, Write T2048 H1554|^18315|^b2178 #5,r6,LT
6*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023MNO.xml
Opened L1554, Read T2048|100% H1554|^18304|^b2175 #6,w5,LT
7 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMN.xml
Overwritten L0, Read T4096 H4096|^46461|^b5887, Write T12800 H12661|^144551|^b18365 #7,r8,LN
8 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMN.xml
Opened L12661, Read T12800|100% H12661|^144788|^b18427 #8,w7,LN
9 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMI.xml
Overwritten L0, Read T4096 H4096|^47496|^b5623, Write T22528 H22498|^273509|^b32853 #9,r10,LN
10 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMI.xml
Opened L22498, Read T22528|100% H22498|^273578|^b32871 #10,w9,LN
11 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMD.xml
Overwritten L0, Read T4096 H4096|^48003|^b6040, Write T6144 H5707|^67048|^b8321 #11,r12,LN
12 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMD.xml
Opened L5707, Read T6144|100% H5707|^67250|^b8374 #12,w11,LN
13*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMA.xml
Overwritten L0, Read T4096 H4096|^47527|^b5927, Write T11264 H11080|^132998|^b16554 #13,r14,LN
14*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZMA.xml
Opened L11080, Read T11264|100% H11080|^133028|^b16561 #14,w13,LN
15 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZIL.xml
Overwritten L0, Read T4096 H4096|^47648|^b5912, Write T8192 H7734|^91937|^b11364 #15,r16,LN
16 D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZIL.xml
Opened L7734, Read T8192|100% H7734|^91953|^b11368 #16,w15,LN
19*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZHI.xml
Overwritten L0, Read T4096 H4096|^46970|^b5689, Write T7680 H7366|^85832|^b10343 #19,r20,LN
20*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZHI.xml
Opened L7366, Read T7680|100% H7366|^85947|^b10373, Write T7680|100% H7366|^85832|^b10343 #20,w19,LN
29*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZCA.xml
Overwritten L0, Read T4096 H4096|^45954|^b5620, Write T23552 H23209|^267067|^b33281 #29,r30,LN
30*D:\Programs\APPL\ProSeries\ProWin23\FormsAvail\S2023ZCA.xml
Opened L23209, Read T23552|100% H23209|^267463|^b33385, Write T23552|100% H23209|^267067|^b33281 #30,w29,LN
Dropped Files
1 C:\Windows\system32\LogFiles\WMI\SUM.etl
Dropped by [4]
