删文件&killMBR vt 12家报

12695

12695 发表于 2021-8-23 21:12
卡巴miss

上报为安全文件？。。

12695

12695 发表于 2021-8-23 21:38
上报为安全文件？。。

现在卡巴网页拦截了

swizzer

mountvol。。。

SSF：

1. 2021/8/23 21:58:09,22896,C:\Windows\System32\conhost.exe,52,Allowed ;修改属于其它进程的窗口的属性 (a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe(pid=22880))
   
2. 2021/8/23 21:58:15,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,53,Blocked ;执行应用程序 (C:\Windows\system32\cmd.exe /c mountvol C: /D)
   
3. 2021/8/23 21:58:18,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,53,Blocked ;执行应用程序 (C:\Windows\system32\cmd.exe /c rd /s /q C:\)
   
4. 2021/8/23 21:58:19,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,53,Blocked ;执行应用程序 (C:\Windows\system32\cmd.exe /c rd /s /q C:\)
   
5. 2021/8/23 21:58:21,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,53,Blocked ;执行应用程序 (cmd.exe /c mountvol C: /D)
   
6. 2021/8/23 21:58:33,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,53,Terminated ;执行应用程序 (cmd.exe /c rd /s /q C:\)
   
7. 2021/8/23 21:58:35,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,53,Terminated ;执行应用程序 (cmd.exe /c rd /s /q C:\)
   
8. 2021/8/23 21:58:37,22880,C:\Program Files (x86)\Huorong\a6d209babee9369a36522c1007d33483279a9430b9d17b2e9b6ff5aa1afbfcf0.exe,26,Blocked ;修改受保护的注册表键值 (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,WDNMD)

复制代码

国人写的？

846472713

ESET病毒库: 23840 (20210823)未报

ANY.LNK

Microsoft Defender：当前ASR规则阻止运行

蓝雨风暴

EMSI/BD突然发力，火绒扫描miss

就只穿秋裤

蓝雨风暴 发表于 2021-8-24 01:33
EMSI/BD突然发力，火绒扫描miss

怎么还不睡

heavencc

智量扫描miss双击被过，连桌面都给我锤没了

swizzer

heavencc 发表于 2021-8-24 08:35
智量扫描miss双击被过，连桌面都给我锤没了

MalBehavior.A没有杀吗


@智量官方

sichuanwenxuan