【开放测试】卡饭病毒样本包 20240715 第145期

QVM360

警告：本主题中所包含的任何文件和附件都有危害你的计算机的可能，并且没有安全软件可以100%防护这些样本。
          对于下载样本或附件所导致的任何数据泄露、破坏，以及所产生的任何损失，本人和卡饭论坛不负任何责任。

样本下载：
https://mc163.lanzoue.com/isskH24iiu8b
SHA256:

1. BFC092B384976E97153BAE0E29359461BFD65FCE5AD8188D6460DE57BC680EAF

复制代码

压缩包密码：infected

样本来源：MalwareBazaar，由于我们没有稳定的国内样本源（欢迎分享），
而MalwareBazaar等样本源以国外流行样本为主，所以测试结果不代表真实情况下的防护能力，仅供参考。

如果样本中包含.ps1文件(Powershell脚本)，则需要手动打开cmd.exe输入以下指令允许运行ps1脚本:

Powershell.exe Set-ExecutionPolicy Bypass

奖励/惩罚规则：
奖励规则：
1、上传扫描日志，+5经验。
2、上传双击结果，+10经验。
3、测试多款安全软件的，奖励累加。
惩罚规则：
1、占楼后2小时内未能给出测试结果的，视为灌水，按照论坛规定处理
2、其他违规行为，按照论坛相关规定处理。

注意：扫描/双击日志请以附件形式（压缩包）上传，或者以1号字体放在回复中。         
          对于日志过长以至于影响会员刷帖/回帖体验的回复，管理人员有权进行屏蔽处理。

当前测试阶段：开放测试

----------------------------------------------------
往期测试样本包下载：
https://mc163.lanzoue.com/b0edaxo1g
密码:GkNO64bFD5bf

Komeiji-Reimu

卡巴斯基免费版
扫描kill 26x

双击：
4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95      miss，自动打开了油管，并且浏览器自动全屏无法取消
a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03      和上面一样，访问了\AppData\Local\Microsoft\Windows\INetCookies
b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d     拦截网站

b13f23643fddce3f41b6908a00051b6688788668c81d698994c140bf6290c2d6    PDM，回滚


c8e5a24a6d2fa68d7976457a19576b381e6211202500af5280b0f3b256446bf5  和上面的bat一样
f0f496eccc61594c53ded581b6683a77072f607ab018ec0a770a0aa7c7f45ff4   同上





360
扫描kill all（无聊了）



Avast扫描之前卡死了，体验不好


更新之后扫描kill 13x，今天表现不好


双击：
0e4fc438decc9723b89bd0e71b9ee30c1a8390e697d790b2d5ce96e94accd791    kill

2c2e949171d86da9b5c58901de2e4a99c4fe86fe92c47556f53b833ce77c503c      kill

2ef0f582367a7674aef245acb06977bf646419f1f8d05c7fb07881a6102f982e  kill

3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671   kill


好奇怪，再扫一遍吧，多扫出来一个 1x



7c7cded8d1c0784881859ed03340d81c24ea9bf5d9972963cedf0e40b9856a0c    kill

97d29ffc3556069c807b5c0ae2e2b109ae329feafc912d64f8b7f437bea47d84      kill

0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd    kill

0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160    kill了svchost

752f5cc5a7b0f986286d09e8288c0958bc1b798477ca0d09dc2658c7ab109060      跑了一段时间后kill

25898c73a877d87ba289bb4ab9585eb36eba9d27d47af678a86befdbf9aa938f    一段时间kill

0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd    kill

68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4    miss
5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33    miss
ae1a168ff481173d18034d14a767c0801458e95cc3016dc8d82212d0c083a474    miss，文件被安装

b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d     miss
bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd  kill

c8e5a24a6d2fa68d7976457a19576b381e6211202500af5280b0f3b256446bf5   miss
c9736cdc4ade9fddb9b293e0366f182f972154d98169b58e532b7905c310bf97  miss，安装
d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0   kill

e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451     miss,kill了衍生物，命令行

1. "powershell.exe" -windowstyle hidden "$Acrasiales=Get-Content 'C:\Users\Marisa\AppData\Roaming\raffineredes\cerous\Chugging\Dialektologi.Alt';$Bodingly=$Acrasiales.SubString(40630,3);.$Bodingly($Acrasiales)

复制代码

f0f496eccc61594c53ded581b6683a77072f607ab018ec0a770a0aa7c7f45ff4      miss


华为（默认高误报模式）
扫描kill  27x



双击：
ae1a168ff481173d18034d14a767c0801458e95cc3016dc8d82212d0c083a474      miss，安装


b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d     miss
c8e5a24a6d2fa68d7976457a19576b381e6211202500af5280b0f3b256446bf5      miss
c9736cdc4ade9fddb9b293e0366f182f972154d98169b58e532b7905c310bf97      miss。安装
f0f496eccc61594c53ded581b6683a77072f607ab018ec0a770a0aa7c7f45ff4          miss


奇安信扫描
6x









智量（娱乐测试，个人勿使用）（默认最高启发）扫描 0（软件异常异常）


双击：
情况：

0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160   kill

c9736cdc4ade9fddb9b293e0366f182f972154d98169b58e532b7905c310bf97   Hips ps


其余情况：




火绒6（无高启发）
扫描kill  15x

病毒库时间：2024-07-14 18:20
开始时间：2024-07-15 18:25
总计用时：00:00:01
扫描对象：61
扫描文件：32
发现风险：15
已处理风险：15
病毒详情：
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\7021c9cba6c224272f01d04450c6c31c93857a21feacfa4295a878a4d7b04378.exe, 病毒名：Backdoor/MSIL.DcRat.a, 病毒ID：eb06897b83bd81bd, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\08b7620610fc30c54e5cc095a54ae6d2949f68b0f224c285283e1612c254ef65.exe, 病毒名：Backdoor/Meterpreter.bd, 病毒ID：428362f194d7f51d, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5.exe, 病毒名：TrojanSpy/MSIL.PwStealer.o, 病毒ID：693c4b0d8ed98a02, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe, 病毒名：Backdoor/MSIL.DDos.b, 病毒ID：85619156c23b5fc1, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305.exe, 病毒名：HVM:Ransom/LockFile.b, 病毒ID：5aec49e42e5faab0, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd.exe, 病毒名：TrojanDropper/MSIL.Agent.ct, 病毒ID：605c7fedf0471cee, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\752f5cc5a7b0f986286d09e8288c0958bc1b798477ca0d09dc2658c7ab109060.exe, 病毒名：TrojanSpy/MSIL.Stealer.ey, 病毒ID：a8ee7b246d1670f8, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\f28599b06560617bccdfb56acc841f3e642ff51b9956632fcc4204f026711e23.exe, 病毒名：HVM:Ransom/LockFile.b, 病毒ID：5aec49e42e5faab0, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd.exe, 病毒名：HEUR:VirTool/MSIL.Obfuscator.gen!A, 病毒ID：3fda44dcb57a42be, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\de19e0163af15585c305f845b90262aee3c2bdf037f9fc733d3f1b379d00edd0.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\25898c73a877d87ba289bb4ab9585eb36eba9d27d47af678a86befdbf9aa938f.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\7c7cded8d1c0784881859ed03340d81c24ea9bf5d9972963cedf0e40b9856a0c.exe, 病毒名：VirTool/Obfuscator.fq, 病毒ID：87f0b01289503335, 处理结果：已处理，删除文件

双击：
0e4fc438decc9723b89bd0e71b9ee30c1a8390e697d790b2d5ce96e94accd791    kill

2c2e949171d86da9b5c58901de2e4a99c4fe86fe92c47556f53b833ce77c503c      kill

2ef0f582367a7674aef245acb06977bf646419f1f8d05c7fb07881a6102f982e         kill

4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95     miss
6da4696b804777582ae586a4e9f42f6c18ccf540222d70dcf3374ee291e674e5     miss，安装，并且实现持久化
97d29ffc3556069c807b5c0ae2e2b109ae329feafc912d64f8b7f437bea47d84      miss，没有网络行为，没发生什么
39884fc02ed9a51ffcc9b298916be79307f15f1518b6ae2021dd07af0aeecb82      miss
68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4    kill

5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33   miss
a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03    miss
ae1a168ff481173d18034d14a767c0801458e95cc3016dc8d82212d0c083a474   miss，安装
b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d   Hips ps允许之后miss
b13f23643fddce3f41b6908a00051b6688788668c81d698994c140bf6290c2d6   miss

c8e5a24a6d2fa68d7976457a19576b381e6211202500af5280b0f3b256446bf5     Hips ps后miss
c9736cdc4ade9fddb9b293e0366f182f972154d98169b58e532b7905c310bf97  miss，Hips ps后安装，随后kill

e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451     kill


f0f496eccc61594c53ded581b6683a77072f607ab018ec0a770a0aa7c7f45ff4    miss
开高启发：  22X


病毒库时间：2024-07-14 18:20
开始时间：2024-07-15 18:36
总计用时：00:00:06
扫描对象：1832
扫描文件：32
发现风险：22
已处理风险：22
病毒详情：
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\08b7620610fc30c54e5cc095a54ae6d2949f68b0f224c285283e1612c254ef65.exe, 病毒名：Backdoor/Meterpreter.bd, 病毒ID：428362f194d7f51d, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5.exe, 病毒名：TrojanSpy/MSIL.PwStealer.o, 病毒ID：693c4b0d8ed98a02, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe, 病毒名：Backdoor/MSIL.DDos.b, 病毒ID：85619156c23b5fc1, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\7021c9cba6c224272f01d04450c6c31c93857a21feacfa4295a878a4d7b04378.exe, 病毒名：Backdoor/MSIL.DcRat.a, 病毒ID：eb06897b83bd81bd, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd.exe, 病毒名：TrojanDropper/MSIL.Agent.ct, 病毒ID：605c7fedf0471cee, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305.exe, 病毒名：HVM:Ransom/LockFile.b, 病毒ID：5aec49e42e5faab0, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe, 病毒名：ADV:TrojanSpy/MSIL.Stealer!meteor, 病毒ID：4a7ffd6cc7dd1ce4, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\752f5cc5a7b0f986286d09e8288c0958bc1b798477ca0d09dc2658c7ab109060.exe, 病毒名：TrojanSpy/MSIL.Stealer.ey, 病毒ID：a8ee7b246d1670f8, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33.exe, 病毒名：ADV:TrojanSpy/MSIL.Stealer!meteor, 病毒ID：4a7ffd6cc7dd1ce4, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\97d29ffc3556069c807b5c0ae2e2b109ae329feafc912d64f8b7f437bea47d84.exe, 病毒名：ADV:VirTool/MSIL.Obfuscator!meteor, 病毒ID：9b3fa4092c57ea79, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd.exe, 病毒名：ADV:TrojanSpy/MSIL.Stealer!meteor, 病毒ID：4a7ffd6cc7dd1ce4, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0.exe, 病毒名：ADV:TrojanSpy/MSIL.Stealer!meteor, 病毒ID：4a7ffd6cc7dd1ce4, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\f28599b06560617bccdfb56acc841f3e642ff51b9956632fcc4204f026711e23.exe, 病毒名：HVM:Ransom/LockFile.b, 病毒ID：5aec49e42e5faab0, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\de19e0163af15585c305f845b90262aee3c2bdf037f9fc733d3f1b379d00edd0.exe, 病毒名：HVM:VirTool/Obfuscator.gen!A, 病毒ID：b27d4294cde6a1ec, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4.exe, 病毒名：ADV:VirTool/Obfuscator!meteor, 病毒ID：b6b4d4a297409986, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160.exe, 病毒名：ADV:TrojanDownloader/Generic!meteor, 病毒ID：a540286dfdaab915, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\c9736cdc4ade9fddb9b293e0366f182f972154d98169b58e532b7905c310bf97.exe, 病毒名：ADV:Trojan/MalBehav!meteor, 病毒ID：b7d21f15a64913ce, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\25898c73a877d87ba289bb4ab9585eb36eba9d27d47af678a86befdbf9aa938f.exe, 病毒名：ADV:TrojanDownloader/Generic!meteor, 病毒ID：a540286dfdaab915, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\7c7cded8d1c0784881859ed03340d81c24ea9bf5d9972963cedf0e40b9856a0c.exe, 病毒名：VirTool/Obfuscator.fq, 病毒ID：87f0b01289503335, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\39884fc02ed9a51ffcc9b298916be79307f15f1518b6ae2021dd07af0aeecb82.exe, 病毒名：ADV:VirTool/Obfuscator!meteor, 病毒ID：b6b4d4a297409986, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe, 病毒名：ADV:TrojanDownloader/Generic!meteor, 病毒ID：a540286dfdaab915, 处理结果：已处理，删除文件
风险路径：C:\Users\Marisa\Desktop\32x (2024-07-15)\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe, 病毒名：ADV:TrojanDownloader/Generic!meteor, 病毒ID：a540286dfdaab915, 处理结果：已处理，删除文件


（比奇安信强）




用冰盾测试一些：卡巴miss的4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95      发现会模拟鼠标


卡巴拦截网站访问的b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d   Hips ps

Avastmiss的68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4     什么也没发生Avastmiss的ae1a168ff481173d18034d14a767c0801458e95cc3016dc8d82212d0c083a474   



Avastmiss的5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33   没跑起来

火绒miss的a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03    和4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95      一样




完结

syswow64

BD

扫描剩余9个，杀23个


双击：
ATD杀两个
b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d.bat被OTP拦截衍生物下载
其余样本云杀

hsks

Triage（
https://tria.ge/240715-kmwn6axfpr

心醉咖啡

360

1073328164

迈克菲扫描 kill 28x

123456aaaafsdeg

ANY.LNK

微软解压+扫描清空

1. 2024-07-15T08:45:15.330Z DETECTION Trojan:Win32/Remcos.EM!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\0280cde4a65664a05361129dc1cfa10bc17b3fa9567103ce6eb9d07b06f8f160.exe
   
2. 2024-07-15T08:45:16.104Z DETECTION Trojan:Win32/Stealerc.GAB!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\08b7620610fc30c54e5cc095a54ae6d2949f68b0f224c285283e1612c254ef65.exe
   
3. 2024-07-15T08:45:19.413Z DETECTION Ransom:Win32/Lockbit.HA!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\0fb86a8ba8fdf57990c283080a671c1320cbcdfd0e8b5f5a250d9c38a6fce305.exe
   
4. 2024-07-15T08:45:22.701Z DETECTION Trojan:MSIL/AsyncRAT.R!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\3a72ecec34a29f53a1d73677a0e6f4c2e19087a32f1808f8f4ff643f62128d8a.exe
   
5. 2024-07-15T08:45:24.701Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\0178b79bd084c2597b2de4e62e61a88bb8359e4fcac2fe672bb887e0e52e5dbd.exe
   
6. 2024-07-15T08:45:26.207Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\2c2e949171d86da9b5c58901de2e4a99c4fe86fe92c47556f53b833ce77c503c.exe
   
7. 2024-07-15T08:45:29.712Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\0e4fc438decc9723b89bd0e71b9ee30c1a8390e697d790b2d5ce96e94accd791.exe
   
8. 2024-07-15T08:45:31.686Z DETECTION Trojan:Win32/Strab.GPCX file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\25898c73a877d87ba289bb4ab9585eb36eba9d27d47af678a86befdbf9aa938f.exe
   
9. 2024-07-15T08:45:31.750Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\5297372fe85eea3ecc0d271b5567f2c7ee75bd3a04e745debddb04c9b05dae33.exe
   
10. 2024-07-15T08:45:32.938Z DETECTION Trojan:MSIL/RedLineStealer.K!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\4103411f7bb66a033f9f5ce35839ba08b2a27d169e188a911185790f3b78bbf5.exe
    
11. 2024-07-15T08:45:33.576Z DETECTION Trojan:Win32/Wacatac.B!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\2ef0f582367a7674aef245acb06977bf646419f1f8d05c7fb07881a6102f982e.exe
    
12. 2024-07-15T08:45:33.744Z DETECTION Backdoor:MSIL/AsyncRat.AD!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\7021c9cba6c224272f01d04450c6c31c93857a21feacfa4295a878a4d7b04378.exe
    
13. 2024-07-15T08:45:34.296Z DETECTION Trojan:MSIL/RedLineStealer.K!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\68292f388207f8ec69774dbad429e67420881ce46ecfad55f23182ec3a8893e4.exe
    
14. 2024-07-15T08:45:35.635Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\3bfcb4f798ba63a1d18887cb67c90e083d5561a58136a892bd9944528c707671.exe
    
15. 2024-07-15T08:45:36.249Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\752f5cc5a7b0f986286d09e8288c0958bc1b798477ca0d09dc2658c7ab109060.exe
    
16. 2024-07-15T08:45:37.224Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\97d29ffc3556069c807b5c0ae2e2b109ae329feafc912d64f8b7f437bea47d84.exe
    
17. 2024-07-15T08:45:37.414Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\b13f23643fddce3f41b6908a00051b6688788668c81d698994c140bf6290c2d6.exe
    
18. 2024-07-15T08:45:37.447Z DETECTION Trojan:BAT/AgentSetter.SS!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d.bat
    
19. 2024-07-15T08:45:37.462Z DETECTION Trojan:BAT/AgentSetter.SS!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\c8e5a24a6d2fa68d7976457a19576b381e6211202500af5280b0f3b256446bf5.bat
    
20. 2024-07-15T08:45:38.009Z DETECTION Trojan:Win32/GuLoader file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\c9736cdc4ade9fddb9b293e0366f182f972154d98169b58e532b7905c310bf97.exe
    
21. 2024-07-15T08:45:38.683Z DETECTION Backdoor:Win32/Dodiw.A file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\39884fc02ed9a51ffcc9b298916be79307f15f1518b6ae2021dd07af0aeecb82.exe
    
22. 2024-07-15T08:45:39.966Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\bb29aeb6ceecc37829b40e36f91a4620d7e0aae16b1ceea70bb70135e11172bd.exe
    
23. 2024-07-15T08:45:43.769Z DETECTION Trojan:Win32/Phonzy.A!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\4e0fdb84649ad15a0722789512aaef15c7bfbc4cab82b2a7b0ea52ac9594bb95.exe
    
24. 2024-07-15T08:45:43.816Z DETECTION Trojan:BAT/AgentSetter.SS!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\f0f496eccc61594c53ded581b6683a77072f607ab018ec0a770a0aa7c7f45ff4.bat
    
25. 2024-07-15T08:45:44.240Z DETECTION Trojan:Win32/Leonem file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\de19e0163af15585c305f845b90262aee3c2bdf037f9fc733d3f1b379d00edd0.exe
    
26. 2024-07-15T08:45:48.317Z DETECTION Trojan:Win32/Phonzy.A!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\a306cc84c907d6d57af300d1181128b24ca03e90c38ca7df7e84d35e80a63e03.exe
    
27. 2024-07-15T08:45:48.384Z DETECTION Ransom:Win32/Lockbit.HA!MTB file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\f28599b06560617bccdfb56acc841f3e642ff51b9956632fcc4204f026711e23.exe
    
28. 2024-07-15T08:45:49.034Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\e886016e48bf0e3cd100d627678f345743509fd5f57f3c9b182f2833352bd451.exe
    
29. 2024-07-15T08:45:50.792Z DETECTION Trojan:Win32/AgentTesla!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\d58780d1d574bfe77c6f9cfad1cf4b51522231b2699081befd5bbd15f7309aa0.exe
    
30. 2024-07-15T08:46:01.141Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\6da4696b804777582ae586a4e9f42f6c18ccf540222d70dcf3374ee291e674e5.exe
    
31. 2024-07-15T08:46:11.604Z DETECTION Trojan:Win32/Casdet!rfn file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\ae1a168ff481173d18034d14a767c0801458e95cc3016dc8d82212d0c083a474.exe
    
32. 2024-07-15T08:46:37.650Z DETECTION Trojan:Win32/Wacatac.H!ml file:C:\Users\A.LINK\Downloads\32x (2024-07-15)\1\7c7cded8d1c0784881859ed03340d81c24ea9bf5d9972963cedf0e40b9856a0c.exe

复制代码

好耶！今天不用额外开虚拟机了！（不

biue

腾讯电脑管家 31X
剩余b2a1d168dc4234e687d0969b6a1901ac7e69c0d4bb72a1a4c76ba67fa6a14f9d.bat

yyds_x

火绒扫描结果：

火绒处理后：

123456aaaafsdeg

宝刀未老！




共计处理31/32，97%（四舍五入）