2024-4-8 21x.zip

YYT2013

https://pan.huang1111.cn/s/b3ybhY

莒县小哥

卡巴杀15枚

DisaPDB

360 14x

二扫 1x

hhhq316

EMSI 16

利刀1937

1. 危险文件：12个
   
2. ----------------------------------------------------------------
   
3. F:\浏览器下载\2024-4-8 21x\67e98b854287c893a3325f6843c6c5d15c6b4e18d782defb22316c1d2e919ba0.exe 03c4dbcc93b56201636b50d45cd7520f [QOWL - 启发式病毒检测引擎][Trojan.Win64.Cobaltstrike.A][建议删除][0x00000100][删除成功][diskfile,diskfile]
   
4. 
   
5. F:\浏览器下载\2024-4-8 21x\6bdbdc86379897e95f815c26d1f587851819bbd996a1b4d3efacc7a5d0a1adb1.exe ddb65214717098d86f875ca34fb99544 [QOWL - 启发式病毒检测引擎][Virus.Win32.Parite.Gen][建议修复][0x00002000][修复成功][diskfile,diskfile]
   
6. 
   
7. F:\浏览器下载\2024-4-8 21x\f421cb44949f6d5c52a9d235564fc1f108d006a15dbed2b9d3863d0cb04d57df.exe 60ecd88f50a3a5e5ae29657f2f0cba26 [QOWL - 启发式病毒检测引擎][Trojan.Win.EvilEPL.7a5cb168][建议删除][0x00000100][删除成功][diskfile,diskfile]
   
8. 
   
9. F:\浏览器下载\2024-4-8 21x\884696ca951c34fbd4fbc8ecf6993e87f690dfa7b64175c801e01821d6b21f67.exe 51758fdb86c3b60a0f82309ef78e06d0 [QOWL - 启发式病毒检测引擎][Trojan.Win.Generic.7b6dc816][建议删除][0x00000100][删除成功][diskfile,diskfile]
   
10. 
    
11. F:\浏览器下载\2024-4-8 21x\9ed6760bb23fbd6092faafa653d45d766e3cb255d0be17342970d58e0bcaac68.exe e1421d02f575b2ca1cb028354eb41303 [QOWL - 启发式病毒检测引擎][Virus.Win32.Parite.Gen][建议修复][0x00002000][修复成功][diskfile,diskfile]
    
12. 
    
13. F:\浏览器下载\2024-4-8 21x\cfde9c73413e50faeae537291524dd2f420485ecb863723e1cdb0181ed5930ca.exe e37f8ac5a77f2aeaf144471518fb32f4 [QOWL - 启发式病毒检测引擎][Trojan.Win.Bingoml.2fd52541][建议删除][0x00000100][删除成功][diskfile,diskfile]
    
14. 
    
15. F:\浏览器下载\2024-4-8 21x\baee4e0ae202ed4c1a59a235bcdba4a679562fef6ceeb87051cf65e03082f7c6.exe f4b4a6c8a9a511fadc06ceaf2418451c [QOWL - 启发式病毒检测引擎][Backdoor.Win32.FBHZQ.A][建议删除][0x00000100][删除成功][diskfile,diskfile]
    
16. 
    
17. F:\浏览器下载\2024-4-8 21x\ad086f90fe88eb5502d86c423ff0ab195a1ec3b58db79a58b5b618955e586a19.exe a9197f4f2c99459548f38ee173714e22 [QDE - 人工智能检测引擎][QDE.V2.3.SP53MIWK2.L9][建议删除][0x00000100][删除成功][diskfile,diskfile]
    
18. 
    
19. F:\浏览器下载\2024-4-8 21x\d8a05a8a9b59d3428c7f6e6683a3147db75c273ff96ccbe59d565a0a8eb5c706.exe bd95df0f24de41771dbc0d9d07fa4fae [QOWL - 启发式病毒检测引擎][Trojan.Win32.Generic.NH][建议删除][0x00000100][删除成功][diskfile,diskfile]
    
20. 
    
21. F:\浏览器下载\2024-4-8 21x\05ba3226db08c6fce1fab0f66d04a743d53a15125b163c318035ec0fee541876.exe 55fc72ef7d566d9550c38d2d6b20dd3f [QOWL - 启发式病毒检测引擎][Backdoor.MPE.CobaltStrike.A][建议删除][0x00000100][删除成功][diskfile,diskfile]
    
22. 
    
23. F:\浏览器下载\2024-4-8 21x\d30dbeea71c2a6474f79c4644851c69aa84b3afab734d0e6be98afb7f48ad3e7.exe f586ca5da301a13b5b325edee153a81a [QDE - 人工智能检测引擎][QDE.V2.3.76A9UUNYH.1LP][建议删除][0x00000100][删除成功][diskfile,diskfile]
    
24. 
    
25. F:\浏览器下载\2024-4-8 21x\981927b1e1056f23b031c565a6b8ccabc1217b46b16e02190508ae4d671b62f7.exe 5bd5d851cce7bedabb3aa17189f4aaf7 [QDE - 人工智能检测引擎][QDE.V2.3.76A9Z0OAQ.1A5][建议删除][0x00000100][删除成功][diskfile,diskfile]
    

复制代码

anxiety520

F-Secure
扫描剩b47c6070dddd82d294ee8a093a42e73176255455711bea8b51d9529caa65cf74.exe
双击 DeepGuard MISS

scottxzt

Avira  16X （3X 报APC) 用繁体字反而顺眼些

ZLD  3X
剩余 ：财政票据客户端为正常可安装程序，运行后没有恶意威胁。可安装可拆卸

Fadouse

Kaspersky Premium + ESET Smart Security Premium Kill 18/21 (85.714%)

剩下3x沙箱运行均自退

日志：

1. Event: Malicious object detected
   
2. User: LAPTOP\Fadouse
   
3. User type: Initiator
   
4. Application name: Listary.exe
   
5. Application path: C:\Program Files\Listary
   
6. Component: File Anti-Virus
   
7. Result description: Detected
   
8. Type: Trojan
   
9. Name: UDS:Trojan.Win32.CobaltStrike
   
10. Precision: Exactly
    
11. Threat level: High
    
12. Object type: File
    
13. Object name: 8dacac65d2e98f2c8308dcd72114deba5cf907ae001c587e8198a50ce0570583.exe
    
14. Object path: E:\Code\Virus\2024-4-8 21x
    
15. MD5 of an object: A9DEB47F8E7ECB2FDEDE26AB26973D09
    
16. Reason: Cloud Protection
    
17. Event: Malicious object detected
    
18. User: LAPTOP\Fadouse
    
19. User type: Initiator
    
20. Application name: Listary.exe
    
21. Application path: C:\Program Files\Listary
    
22. Component: File Anti-Virus
    
23. Result description: Detected
    
24. Type: Trojan
    
25. Name: UDS:Trojan.Win32.Generic
    
26. Precision: Exactly
    
27. Threat level: High
    
28. Object type: File
    
29. Object name: 6e08479b90c0adeb8c948c6286a477515cab3a90abf741d76fe1aa253dad6744.exe
    
30. Object path: E:\Code\Virus\2024-4-8 21x
    
31. MD5 of an object: D690A73F97C7EBCD50FDCBE5A97AC644
    
32. Reason: Cloud Protection
    
33. Event: Malicious object detected
    
34. User: LAPTOP\Fadouse
    
35. User type: Initiator
    
36. Application name: explorer.exe
    
37. Application path: C:\Windows
    
38. Component: File Anti-Virus
    
39. Result description: Detected
    
40. Type: Trojan
    
41. Name: UDS:Backdoor.Win32.Xkcp.it
    
42. Precision: Exactly
    
43. Threat level: High
    
44. Object type: File
    
45. Object name: 5e9c582d30e9a74e4f7ba086e5feb30e9ee1999f1009ee5866ae21943a099b96.exe
    
46. Object path: E:\Code\Virus\2024-4-8 21x
    
47. MD5 of an object: 1F4309ED4CD297996D41CC7A84444273
    
48. Reason: Cloud Protection

复制代码

1. Time;Scanner;Object type;Object;Detection;Action;User;Information;Hash;First seen here
   
2. 4/8/2024 4:52:57 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\6bdbdc86379897e95f815c26d1f587851819bbd996a1b4d3efacc7a5d0a1adb1.exe;Win32/Parite.B virus;cleaned;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;025CED096472BFA8AA79A6B7FCEA106F35B7B1EB;4/8/2024 1:15:07 PM
   
3. 4/8/2024 4:52:57 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\9ed6760bb23fbd6092faafa653d45d766e3cb255d0be17342970d58e0bcaac68.exe;Win32/Parite.B virus;cleaned;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;0ACC92FF51C9DD147C18FB5B708D4FBE78252641;4/8/2024 1:15:07 PM
   
4. 4/8/2024 4:55:07 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\05ba3226db08c6fce1fab0f66d04a743d53a15125b163c318035ec0fee541876.exe;a variant of Win64/CobaltStrike.Artifact.A trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;1533FFF4CD6BAA1A2CBE4D5FA257D52F89DE15A0;4/8/2024 1:15:06 PM
   
5. 4/8/2024 4:55:09 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\073df3438a40914730861f5bcd1221f081304e5b898c2404b68c9d5979fbf018.exe;a variant of Win32/Packed.VMProtect.BC suspicious application;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;15C252C2916257906F1692290E6C3261B7C91B0B;4/8/2024 1:15:07 PM
   
6. 4/8/2024 4:55:10 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\32a9d0ea1868a1b905900408f86b75996a4738d20a7d36573b8ace10f64286c4.exe;a variant of Win64/Kryptik.EIN trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4DC0EF1FBBF93B120CD5B6B49CD67C1178D8A7FE;4/8/2024 1:15:06 PM
   
7. 4/8/2024 4:55:10 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\884696ca951c34fbd4fbc8ecf6993e87f690dfa7b64175c801e01821d6b21f67.exe;Win32/FlyStudio.OQE trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;7A0CEF622C2E870A24A3E5A4F2EEF059C6B87546;4/8/2024 1:15:08 PM
   
8. 4/8/2024 4:55:12 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\f421cb44949f6d5c52a9d235564fc1f108d006a15dbed2b9d3863d0cb04d57df.exe;a variant of Win32/TrojanDropper.FlyStudio.AB trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4D6264140D084EB3969A1A483B78762E9008BC5D;4/8/2024 1:15:08 PM
   
9. 4/8/2024 4:55:12 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\d30dbeea71c2a6474f79c4644851c69aa84b3afab734d0e6be98afb7f48ad3e7.exe;a variant of MSIL/Agent.CFW trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;1DA6A01673E669BFB0FBB4639437D75DA438FBF6;4/8/2024 1:15:07 PM
   
10. 4/8/2024 4:55:12 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\67e98b854287c893a3325f6843c6c5d15c6b4e18d782defb22316c1d2e919ba0.exe;a variant of Win64/CobaltStrike.Artifact.A trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;A5286C8919AB52D2D9957D9E99025DF07111FEC9;4/8/2024 1:15:08 PM
    
11. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\de4d2d69ea6a9bd726b883415833ca2cd9c445072df41b5a756db39107e3e923.exe;a variant of WinGo/Agent.TL.gen trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;4F146EBF77A2C182236F5C8AD41EF2D93F0ECA2C;4/8/2024 1:15:06 PM
    
12. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\baee4e0ae202ed4c1a59a235bcdba4a679562fef6ceeb87051cf65e03082f7c6.exe;a variant of MSIL/GenKryptik.GUQP trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;D92F687F25AEE951121F359D9164328C19107954;4/8/2024 1:15:06 PM
    
13. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\981927b1e1056f23b031c565a6b8ccabc1217b46b16e02190508ae4d671b62f7.exe;a variant of Win32/Packed.FlyStudio.AA potentially unwanted application;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;B80A2B9BB23440A804A9B1380A0237D1F4BB2AA9;4/8/2024 1:15:08 PM
    
14. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\d8a05a8a9b59d3428c7f6e6683a3147db75c273ff96ccbe59d565a0a8eb5c706.exe;a variant of Win32/Rozena.AA trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;28CAB37D3E6A44C040F4AD75A23ECF3E55E49E3E;4/8/2024 1:15:06 PM
    
15. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\cfde9c73413e50faeae537291524dd2f420485ecb863723e1cdb0181ed5930ca.exe;a variant of Win32/Packed.FlyStudio.AA potentially unwanted application;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;430C21ACA7E4A1E88F23BE6027C845F8B3FF7AB7;4/8/2024 1:15:07 PM
    
16. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\27bb4402801f7e37b8f769e56b5fa5042a87ac39d43c762e70d5c0418656964a.exe;a variant of Win32/Packed.Themida.HEK trojan;cleaned by deleting (after the next restart);LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;B92422017775A8FF32C29C192F0828865C787EE3;4/8/2024 1:15:07 PM
    
17. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\ad086f90fe88eb5502d86c423ff0ab195a1ec3b58db79a58b5b618955e586a19.exe;a variant of Win32/Adware.VrBrothers.AI potentially unwanted application;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;06FDDACFEA857ED8F924FC9209D866FB6E008EA3;4/8/2024 1:15:07 PM
    
18. 4/8/2024 4:55:13 PM;Real-time file system protection;file;E:\Code\Virus\2024-4-8 21x\ba795ac49ebc9f660334433ade02ea41b5b28c01e3f702b365709b5c71d69ca6.exe;ML/Augur trojan;cleaned by deleting;LAPTOP\Fadouse;Event occurred on a new file created by the application: C:\Program Files\Bandizip\Bandizip.exe (AB7C5C3728A1B132444C69A31DA61541F2BF4B25).;EB67B41E6FB59D05EA52EDD09D7EF09BC5D8FFDB;4/8/2024 1:15:08 PM
    

复制代码

biue

，就一个.

DI 静态20X 双击1X