新鮮 1X (2023-10-04)

761773275

1. https://userscloud.com/czc8pqsh45jd
   

复制代码

1. https://t.wss.ink/f/cccsh9atc14

复制代码

1. https://krakenfiles.com/view/eUN47M7axY/file.html

复制代码

biue

GreatMOLA

Norton 执行
IPS拦截，弹窗提示使用NPE扫描。

1. 类别： Norton Community Watch
   
2. 日期和时间,风险,活动,状态,推荐的操作,更新日期,提交者,说明,提交详细信息
   
3. 2023/10/4 23:36:48,信息,IPS 检测统计提交,已提交,不需要操作,2023/10/4 23:36:51,Norton 360,IPS 检测统计提交,"Signature ID: 12041  <br>Local or Remote Attacker: 2  <br>Remote Port: 80  <br>Local Port: 59367  <br>Protocol: 6  <br>Signature Set Version: 20231003.064  <br>Application Name: \DEVICE\HARDDISKVOLUME7\SANDBOX\WANGL\DEFAULTBOX\USER\CURRENT\APPDATA\LOCAL\TEMP\㡑㡑瘸㐵䑆䐴䕸  <br>Offending URL: http://185.221.196.69/b744ecc28823cbcb/sqlite3.dll  <br>Date Detected: Wed, 04 Oct 2023 15:36:48 GMT  <br>Application File Checksum: ACA8440634AAB2C98E9382FC95528E51  <br>Application File Information: 0.78.0.0  <br>Network Data: 434D50520014000078DAED90CD4EC2401485A78246FC4113A22E8C894B5DD8868208CB865E68234CEBCCD4A89B0954A224280898F8883E88AF61E2380CFE6FDDDD2FB9994CEE9973DA43FDBA9723ABA44066586A16CCB9A126E7109251B725358BEABEAC9422125E4B72C1C06BCBA8D1E0205E17E7EF1D925547966C12C13CCA1BC0643D48E829F8B3FDB1B2222A304FEA41D8F265236C01F5DA307918F4A7BD927D3D1810EBC098AC9390CB9845179732E1738735ED9057090CCE12E042063E9341C445B17A6CBB6ED12ED62A76A546ACC0D86CFF52CA7A945061693FD7A8B67EABE28889588B4A26B4F02902CF87BF73578D63FE43DC0611447E565B316D95F99237DBBE371AD2661304B1325AB3A77A9A6B12163ADD9372B997A66EB5EA96D26EDA75BE95B6F2511A031E479483FA4B1F9E75E8B259EE7C5D52015448D57F530495974D25CBE9DC5DFD6D3F64E23286CE6834E8A79D697F78EF3C1DDD4DAE8793A3D1787833EEDC11ABA0DF6EEBB6CD5BD31107760ECC1B75D2DB9EE3DA65BB5CDC3F48BA8FF7D3C7C3F61541100441100441100441100441FE8F37295E801E  <br>Sub-signature ID: 65539  <br>Signature Properties: 29712  <br>Referer URL:   <br>Application File SHA256: F26749F8E2835FB875241CDC8FDDC708016062256435EF42689A2A28465ECDF7  <br>Application File CreateTime: 133409073897174928  <br>IPSSubmissionID: 968e881f-f6d8-11ee-8801-847b574c3caf  <br>Application File Reputation: 64  <br>Application File Prevalence: 111  <br>Forwarded For:   <br>Process ancestors: D:\edge download\setup (2)\setup.exe|C:\Program Files\Sandboxie-Plus\Start.exe|C:\Program Files\Sandboxie-Plus\SbieSvc.exe|C:\Windows\System32\services.exe|C:\Windows\System32\wininit.exe  <br>Signature Response: 2  <br>Remote Address: 185.221.196.69  <br>Message Disposition: 1  <br>  <br>OS-Country:86  <br>OS-Language:Chinese (Simplified)  <br>Processor:Intel64 Family 6 Model 154 Stepping 3  <br>System:Windows 10 build 22631   <br>Platform-GUID:7AED9607-4327-4FC2-A26B-57C191E5EAE1  <br>Telem-ID:8DB3996B-FF8E-432E-BD29-B5938CB4F77C  <br>HWID:9ED9E76C-0C69-A8D0-E74B-A574D2F49C81  <br>Hostname-MD5:C4B83ED3DC5E103A8B80FB8676C20896  <br>DateSubmitted:Wed, 04 Oct 2023 15:36:50 GMT  <br>Product:Norton Security 22.23.8.4"
   

复制代码

Jerry.Lin

Baby小尧

ESET，扫描miss，双击拦截本体未杀。第一个链接直接被ESET拦截
时间;扫描程序;对象类型;对象;检测;操作;用户;信息;哈希;此处首次所见
2023/10/4 23:48:29;高级内存扫描程序;文件;系统内存 > 癣戶䙆究捣(2200);Win32/Vidar.A 特洛伊木马 的变量;已包含被感染的文件;DESKTOP-58HLUBS\123;;60DE5989A9477E33FDED5459E8C0A3DE8CAFB829;

anxiety520

事件: 检测到恶意对象
应用程序: setup.exe
用户: DESKTOP\86137
用户类型: 发起者
组件: 系统监控
结果说明: 检测到
类型: 木马
名称: PDM:Trojan.Win32.Generic
威胁级别: 高
对象类型: 进程
对象路径: C:\Users\86137\Downloads\setup
对象名称: setup.exe
原因: 行为分析
数据库发布日期: 昨天，2023/10/4 下午 10:51:00
MD5: E52D85C1897DCA80AC0BD7B2FD327009

应用程序: PuTTY SSH authentication agent
应用程序名称: 䑄䔳癄硗兗㠳7
协议指向: 出站
协议: TCP
状态: 已阻止
远程地址: 185.221.196.69
远程端口: 80
本地地址: 192.168.0.100
本地端口: 50230
区域: 公用网络
用户: DESKTOP\86137
用户类型: 发起者
规则: KLPublic

hhhq316

蛛蛛扫描Miss，双击一会儿杀


FS失败，Miss
主机诺顿防火墙报警


avast扫描Miss，双击CC安全，一会儿阻止连接，不杀本体


咖啡漏了

心醉咖啡

金山毒霸扫描miss

UNknownOoo

火绒
扫描：MISS

双击：MISS

dght432

主防杀