#Stealc (2023-09-15)

lvzhiwei

K7解压1X

心醉咖啡

金山毒霸

装甲未被击穿

华为乾坤MISS

t0kenzero

华为乾坤的HIPS蛮有趣，只记录但是不进行拦截。难不成相应规则没启用？

1. [2023-09-17 22:33:12.668][Info]        [1676] [GRAPH THREAT ROOT]: [hitRule] TN0940, [riskScore] 92, [filePath] C:\Users\RhineLab\Downloads\Haruhi\Haruhi.exe, [rootType] IMPLANTED@EC
   
2. [2023-09-17 22:33:12.668][Info]        [1676] [HIPS AGG STATISTIC][Insert SQL] rule_id: 1024005, pid: 4996, file_path: C:\Users\RhineLab\AppData\Roaming\Ledger Live\Local Storage\leveldb\, event_time: 133394347926492470.
   
3. [2023-09-17 22:33:12.668][Info]        [1676] [HIPS AGG STATISTIC] Check DB, rule id: 1024005, pid: 4996.
   
4. [2023-09-17 22:33:12.668][Info]        [1676] [HIPS AGG STATISTIC][Query Result] Max count = 1, arg1 = 4996.
   
5. [2023-09-17 22:33:12.668][Info]        [1676] [HIPS AGG STATISTIC]: Hit once, rule id: 1024005, stats count: 1, threshold attack count: 4.
   
6. [2023-09-17 22:33:12.669][Info]        [1676] [GRAPH THREAT ROOT]: [hitRule] TN0940, [riskScore] 92, [filePath] C:\Users\RhineLab\Downloads\Haruhi\Haruhi.exe, [rootType] IMPLANTED@EC
   
7. [2023-09-17 22:33:12.669][Info]        [1676] [HIPS AGG STATISTIC][Insert SQL] rule_id: 1024005, pid: 4996, file_path: C:\Users\RhineLab\AppData\Roaming\Ledger Live\Session Storage\, event_time: 133394347926492470.
   
8. [2023-09-17 22:33:12.669][Info]        [1676] [HIPS AGG STATISTIC] Check DB, rule id: 1024005, pid: 4996.
   
9. [2023-09-17 22:33:12.669][Info]        [1676] [HIPS AGG STATISTIC][Query Result] Max count = 2, arg1 = 4996.
   
10. [2023-09-17 22:33:12.669][Info]        [1676] [HIPS AGG STATISTIC]: Hit once, rule id: 1024005, stats count: 2, threshold attack count: 4.

复制代码

骨灰级小白

WD解压kill