收藏本站 |切换到宽版 | 更换论坛皮肤
 找回密码  忘记邮箱  QQ快速登录  快速登录  快速注册

卡饭»论坛 安全区 病毒样本 分享&分析区 远控1X
12
返回列表 发新帖
楼主: ジ蓅暒划过づ
 收起左侧

[病毒样本] 远控1X

[复制链接]
wowocock
发表于 3 小时前 | 显示全部楼层
wowocock 发表于 2025-1-22 10:48
确保是论坛下载的最新版本安装。动态升级那个可能太老了。

https://weishi.360.cn/jijiuxiang/index.html,即使干掉木马后,安装360不上的,可以下载急救箱捆包,运行里面的
所有360程序无法运行时请双击.com
然后重启,即可运行安装360了。
回复

举报

wowocock
发表于 2 小时前 | 显示全部楼层
wowocock 发表于 2025-1-22 11:43
https://weishi.360.cn/jijiuxiang/index.html,即使干掉木马后,安装360不上的,可以下载急救箱捆包,运 ...

<SiPolicy xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns="urn:schemas-microsoft-com:sipolicy" PolicyType="Base Policy">
<VersionEx>10.3.0.5</VersionEx>
<PlatformID>{2E07F7E4-194C-4D20-B7C9-6F44A6C5A234}</PlatformID>
<PolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</PolicyID>
<BasePolicyID>{A244370E-44C9-4C06-B551-F6016E563076}</BasePolicyID>
<Rules>
<Rule>
<Option>Enabled:UMCI</Option>
</Rule>
<Rule>
<Option>Disabled:Runtime FilePath Rule Protection</Option>
</Rule>
<Rule>
<Option>Enabled:Revoked Expired As Unsigned</Option>
</Rule>
<Rule>
<Option>Enabled:Inherit Default Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Unsigned System Integrity Policy</Option>
</Rule>
<Rule>
<Option>Enabled:Advanced Boot Options Menu</Option>
</Rule>
<Rule>
<Option>Enabled:Update Policy No Reboot</Option>
</Rule>
</Rules>
<EKUs>
<EKU ID="ID_EKU_E_0001" Value="010A2B0601040182370A0306" FriendlyName="Windows 系统组件验证"/>
<EKU ID="ID_EKU_E_0002" Value="010A2B0601040182370A0305" FriendlyName="Windows 硬件驱动程序验证"/>
<EKU ID="ID_EKU_E_0003" Value="010A2B0601040182373D0401" FriendlyName="提前启动反恶意驱动程序"/>
<EKU ID="ID_EKU_E_0004" Value="010A2B0601040182373D0501" FriendlyName="HAL 扩展"/>
<EKU ID="ID_EKU_E_0005" Value="010A2B0601040182370A0315" FriendlyName="Windows RT 验证"/>
<EKU ID="ID_EKU_E_0006" Value="010A2B0601040182374C0301" FriendlyName="Windows 应用商店"/>
<EKU ID="ID_EKU_E_0007" Value="010A2B0601040182374C0501" FriendlyName="动态代码生成器"/>
<EKU ID="ID_EKU_E_0008" Value="010A2B0601040182374C0B01" FriendlyName="1.3.6.1.4.1.311.76.11.1"/>
<EKU ID="ID_EKU_E_0009" Value="010A2B0601040182370A032A" FriendlyName="1.3.6.1.4.1.311.10.3.42"/>
</EKUs>
<FileRules>
<Deny ID="ID_DENY_D_0001" FilePath="%OSDRIVE%\Program Files (x86)\360\*"/>
<Deny ID="ID_DENY_D_0002" FilePath="%OSDRIVE%\Program Files (x86)\Avast Software\Avast\*"/>
<Deny ID="ID_DENY_D_0003" FilePath="%OSDRIVE%\Program Files (x86)\Huorong\*"/>
<Deny ID="ID_DENY_D_0004" FilePath="%OSDRIVE%\Program Files (x86)\kingsoft\kingsoft antivirus\*"/>
<Deny ID="ID_DENY_D_0005" FilePath="%OSDRIVE%\Program Files (x86)\Windows Defender\MpCmdRun.exe"/>
<Deny ID="ID_DENY_D_0006" FilePath="%OSDRIVE%\Program Files\Avast Software\*"/>
<Deny ID="ID_DENY_D_0007" FilePath="%OSDRIVE%\Program Files\kingsoft\kingsoft antivirus\*"/>
<Deny ID="ID_DENY_D_0008" FilePath="%OSDRIVE%\Program Files\Windows Defender Advanced Threat Protection\SenseCncProxy.exe"/>
<Deny ID="ID_DENY_D_0009" FilePath="%OSDRIVE%\Program Files\Windows Defender\MpCmdRun.exe"/>
<Deny ID="ID_DENY_D_000A" FilePath="%OSDRIVE%\Program Files\Windows Defender\MpCmdRun.exe"/>
<Deny ID="ID_DENY_D_000B" FilePath="%OSDRIVE%\Program Files\Windows Defender\MsMpEng.exe"/>
<Deny ID="ID_DENY_D_000C" FilePath="%OSDRIVE%\Program Files\Windows Defender\NisSrv.exe"/>
<Deny ID="ID_DENY_D_000D" FilePath="%OSDRIVE%\ProgramData\Microsoft\Windows Defender\Platform\*\MsMpEng.exe"/>
<Deny ID="ID_DENY_D_000E" FilePath="%OSDRIVE%\ProgramData\Microsoft\Windows Defender\Platform\*\NisSrv.exe"/>
<Deny ID="ID_DENY_D_000F" FilePath="%OSDRIVE%\Users\*\AppData\Roaming\360*\*"/>
<Deny ID="ID_DENY_D_0010" FilePath="%OSDRIVE%\Users\*\AppData\Roaming\360*\*"/>
<Deny ID="ID_DENY_D_0011" FilePath="%SYSTEM32%\SecurityHealthService.exe"/>
<Allow ID="ID_ALLOW_A_0012" FilePath="%OSDRIVE%\*"/>
<Allow ID="ID_ALLOW_A_0013" FilePath="D:\*"/>
<Allow ID="ID_ALLOW_A_0014" FilePath="E:\*"/>
<Allow ID="ID_ALLOW_A_0015" FilePath="F:\*"/>
<Allow ID="ID_ALLOW_A_0016" FilePath="G:\*"/>
<Allow ID="ID_ALLOW_A_0017" FilePath="H:\*"/>
<Allow ID="ID_ALLOW_A_0018" FilePath="I:\*"/>
<Allow ID="ID_ALLOW_A_0019" FilePath="J:\*"/>
<Allow ID="ID_ALLOW_A_001A" FilePath="K:\*"/>
<Allow ID="ID_ALLOW_A_001B" FilePath="L:\*"/>
<Allow ID="ID_ALLOW_A_001C" FilePath="M:\*"/>
<Allow ID="ID_ALLOW_A_001D" FilePath="N:\*"/>
<Allow ID="ID_ALLOW_A_001E" FilePath="O:\*"/>
<Allow ID="ID_ALLOW_A_001F" FilePath="P:\*"/>
<Allow ID="ID_ALLOW_A_0020" FilePath="Q:\*"/>
<Allow ID="ID_ALLOW_A_0021" FilePath="R:\*"/>
<Allow ID="ID_ALLOW_A_0022" FilePath="S:\*"/>
<Allow ID="ID_ALLOW_A_0023" FilePath="T:\*"/>
<Allow ID="ID_ALLOW_A_0024" FilePath="U:\*"/>
<Allow ID="ID_ALLOW_A_0025" FilePath="V:\*"/>
<Allow ID="ID_ALLOW_A_0026" FilePath="W:\*"/>
<Allow ID="ID_ALLOW_A_0027" FilePath="X:\*"/>
<Allow ID="ID_ALLOW_A_0028" FilePath="Y:\*"/>
<Allow ID="ID_ALLOW_A_0029" FilePath="Z:\*"/>
<FileAttrib ID="ID_FILEATTRIB_F_002A" FileName="RefreshPolicy.exe" MinimumFileVersion="10.0.19042.0"/>
</FileRules>
<Signers>
<Signer Name="Signer 1" ID="ID_SIGNER_S_0001">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0001"/>
</Signer>
<Signer Name="Signer 2" ID="ID_SIGNER_S_0002">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0003"/>
</Signer>
<Signer Name="Signer 3" ID="ID_SIGNER_S_0003">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0004"/>
</Signer>
<Signer Name="Signer 4" ID="ID_SIGNER_S_0004">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 5" ID="ID_SIGNER_S_0005">
<CertRoot Type="Wellknown" Value="05"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 6" ID="ID_SIGNER_S_0006">
<CertRoot Type="Wellknown" Value="04"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 7" ID="ID_SIGNER_S_0007">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0001"/>
</Signer>
<Signer Name="Signer 8" ID="ID_SIGNER_S_0008">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0003"/>
</Signer>
<Signer Name="Signer 9" ID="ID_SIGNER_S_0009">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0004"/>
</Signer>
<Signer Name="Signer 10" ID="ID_SIGNER_S_000A">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 11" ID="ID_SIGNER_S_000B">
<CertRoot Type="Wellknown" Value="05"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 12" ID="ID_SIGNER_S_000C">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0001"/>
</Signer>
<Signer Name="Signer 13" ID="ID_SIGNER_S_000D">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0003"/>
</Signer>
<Signer Name="Signer 14" ID="ID_SIGNER_S_000E">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0004"/>
</Signer>
<Signer Name="Signer 15" ID="ID_SIGNER_S_000F">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 16" ID="ID_SIGNER_S_0010">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0001"/>
</Signer>
<Signer Name="Signer 17" ID="ID_SIGNER_S_0011">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0003"/>
</Signer>
<Signer Name="Signer 18" ID="ID_SIGNER_S_0012">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0004"/>
</Signer>
<Signer Name="Signer 19" ID="ID_SIGNER_S_0013">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 20" ID="ID_SIGNER_S_0014">
<CertRoot Type="Wellknown" Value="04"/>
<CertEKU ID="ID_EKU_E_0002"/>
</Signer>
<Signer Name="Signer 21" ID="ID_SIGNER_S_0015">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0006"/>
</Signer>
<Signer Name="Signer 22" ID="ID_SIGNER_S_0016">
<CertRoot Type="TBS" Value="FC9EDE3DCCA09186B2D3BF9B738A2050CB1A554DA2DCADB55F3F72EE17721378"/>
<CertEKU ID="ID_EKU_E_0006"/>
</Signer>
<Signer Name="Signer 23" ID="ID_SIGNER_S_0017">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0005"/>
</Signer>
<Signer Name="Signer 24" ID="ID_SIGNER_S_0018">
<CertRoot Type="Wellknown" Value="0E"/>
<CertEKU ID="ID_EKU_E_0005"/>
</Signer>
<Signer Name="Signer 25" ID="ID_SIGNER_S_0019">
<CertRoot Type="Wellknown" Value="07"/>
<CertEKU ID="ID_EKU_E_0005"/>
</Signer>
<Signer Name="Signer 26" ID="ID_SIGNER_S_001A">
<CertRoot Type="Wellknown" Value="0A"/>
</Signer>
<Signer Name="Signer 27" ID="ID_SIGNER_S_001B">
<CertRoot Type="Wellknown" Value="0A"/>
</Signer>
<Signer Name="Signer 28" ID="ID_SIGNER_S_001C">
<CertRoot Type="Wellknown" Value="0C"/>
</Signer>
<Signer Name="Signer 29" ID="ID_SIGNER_S_001D">
<CertRoot Type="Wellknown" Value="06"/>
<CertEKU ID="ID_EKU_E_0007"/>
</Signer>
<Signer Name="Signer 30" ID="ID_SIGNER_S_001E">
<CertRoot Type="Wellknown" Value="07"/>
<CertEKU ID="ID_EKU_E_0008"/>
</Signer>
<Signer Name="Signer 31" ID="ID_SIGNER_S_001F">
<CertRoot Type="Wellknown" Value="07"/>
<CertEKU ID="ID_EKU_E_0009"/>
</Signer>
<Signer Name="Signer 32" ID="ID_SIGNER_S_0020">
<CertRoot Type="TBS" Value="F6F717A43AD9ABDDC8CEFDDE1C505462535E7D1307E630F9544A2D14FE8BF26E"/>
<CertPublisher Value="Microsoft Corporation"/>
<FileAttribRef RuleID="ID_FILEATTRIB_F_002A"/>
</Signer>
</Signers>
<SigningScenarios>
<SigningScenario ID="ID_SIGNINGSCENARIO_DRIVERS_1" Value="131">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_0001"/>
<AllowedSigner SignerId="ID_SIGNER_S_0002"/>
<AllowedSigner SignerId="ID_SIGNER_S_0003"/>
<AllowedSigner SignerId="ID_SIGNER_S_0004"/>
<AllowedSigner SignerId="ID_SIGNER_S_0005"/>
<AllowedSigner SignerId="ID_SIGNER_S_0006"/>
<AllowedSigner SignerId="ID_SIGNER_S_000C"/>
<AllowedSigner SignerId="ID_SIGNER_S_000D"/>
<AllowedSigner SignerId="ID_SIGNER_S_000E"/>
<AllowedSigner SignerId="ID_SIGNER_S_000F"/>
<AllowedSigner SignerId="ID_SIGNER_S_001A"/>
</AllowedSigners>
</ProductSigners>
<TestSigners/>
<TestSigningSigners/>
</SigningScenario>
<SigningScenario ID="ID_SIGNINGSCENARIO_WINDOWS" Value="12">
<ProductSigners>
<AllowedSigners>
<AllowedSigner SignerId="ID_SIGNER_S_0007"/>
<AllowedSigner SignerId="ID_SIGNER_S_0008"/>
<AllowedSigner SignerId="ID_SIGNER_S_0009"/>
<AllowedSigner SignerId="ID_SIGNER_S_000A"/>
<AllowedSigner SignerId="ID_SIGNER_S_000B"/>
<AllowedSigner SignerId="ID_SIGNER_S_0014"/>
<AllowedSigner SignerId="ID_SIGNER_S_0010"/>
<AllowedSigner SignerId="ID_SIGNER_S_0011"/>
<AllowedSigner SignerId="ID_SIGNER_S_0012"/>
<AllowedSigner SignerId="ID_SIGNER_S_0013"/>
<AllowedSigner SignerId="ID_SIGNER_S_0016"/>
<AllowedSigner SignerId="ID_SIGNER_S_0015"/>
<AllowedSigner SignerId="ID_SIGNER_S_0017"/>
<AllowedSigner SignerId="ID_SIGNER_S_001C"/>
<AllowedSigner SignerId="ID_SIGNER_S_001D"/>
<AllowedSigner SignerId="ID_SIGNER_S_001E"/>
<AllowedSigner SignerId="ID_SIGNER_S_0018"/>
<AllowedSigner SignerId="ID_SIGNER_S_0019"/>
<AllowedSigner SignerId="ID_SIGNER_S_001F"/>
<AllowedSigner SignerId="ID_SIGNER_S_0020"/>
<AllowedSigner SignerId="ID_SIGNER_S_001B"/>
</AllowedSigners>
<FileRulesRef>
<FileRuleRef RuleID="ID_DENY_D_0001"/>
<FileRuleRef RuleID="ID_DENY_D_0002"/>
<FileRuleRef RuleID="ID_DENY_D_0003"/>
<FileRuleRef RuleID="ID_DENY_D_0004"/>
<FileRuleRef RuleID="ID_DENY_D_0005"/>
<FileRuleRef RuleID="ID_DENY_D_0006"/>
<FileRuleRef RuleID="ID_DENY_D_0007"/>
<FileRuleRef RuleID="ID_DENY_D_0008"/>
<FileRuleRef RuleID="ID_DENY_D_0009"/>
<FileRuleRef RuleID="ID_DENY_D_000A"/>
<FileRuleRef RuleID="ID_DENY_D_000B"/>
<FileRuleRef RuleID="ID_DENY_D_000C"/>
<FileRuleRef RuleID="ID_DENY_D_000D"/>
<FileRuleRef RuleID="ID_DENY_D_000E"/>
<FileRuleRef RuleID="ID_DENY_D_000F"/>
<FileRuleRef RuleID="ID_DENY_D_0010"/>
<FileRuleRef RuleID="ID_DENY_D_0011"/>
<FileRuleRef RuleID="ID_ALLOW_A_0012"/>
<FileRuleRef RuleID="ID_ALLOW_A_0013"/>
<FileRuleRef RuleID="ID_ALLOW_A_0014"/>
<FileRuleRef RuleID="ID_ALLOW_A_0015"/>
<FileRuleRef RuleID="ID_ALLOW_A_0016"/>
<FileRuleRef RuleID="ID_ALLOW_A_0017"/>
<FileRuleRef RuleID="ID_ALLOW_A_0018"/>
<FileRuleRef RuleID="ID_ALLOW_A_0019"/>
<FileRuleRef RuleID="ID_ALLOW_A_001A"/>
<FileRuleRef RuleID="ID_ALLOW_A_001B"/>
<FileRuleRef RuleID="ID_ALLOW_A_001C"/>
<FileRuleRef RuleID="ID_ALLOW_A_001D"/>
<FileRuleRef RuleID="ID_ALLOW_A_001E"/>
<FileRuleRef RuleID="ID_ALLOW_A_001F"/>
<FileRuleRef RuleID="ID_ALLOW_A_0020"/>
<FileRuleRef RuleID="ID_ALLOW_A_0021"/>
<FileRuleRef RuleID="ID_ALLOW_A_0022"/>
<FileRuleRef RuleID="ID_ALLOW_A_0023"/>
<FileRuleRef RuleID="ID_ALLOW_A_0024"/>
<FileRuleRef RuleID="ID_ALLOW_A_0025"/>
<FileRuleRef RuleID="ID_ALLOW_A_0026"/>
<FileRuleRef RuleID="ID_ALLOW_A_0027"/>
<FileRuleRef RuleID="ID_ALLOW_A_0028"/>
<FileRuleRef RuleID="ID_ALLOW_A_0029"/>
</FileRulesRef>
</ProductSigners>
<TestSigners/>
<TestSigningSigners/>
</SigningScenario>
</SigningScenarios>
<CiSigners>
<CiSigner SignerId="ID_SIGNER_S_0016"/>
</CiSigners>
<Settings>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Id">
<Value>
<String>20102013</String>
</Value>
</Setting>
<Setting Provider="PolicyInfo" Key="Information" ValueName="Name">
<Value>
<String>WindowsWorks</String>
</Value>
</Setting>
</Settings>
</SiPolicy>
回复

举报

T心里隐着D
发表于 24 分钟前 | 显示全部楼层
腾讯电脑管家秒杀
回复

举报

12
返回列表 发新帖
高级模式
B Color Image Link Quote Code Smilies
您需要登录后才可以回帖 登录 | 快速注册

本版积分规则

手机版|杀毒软件|软件论坛| 卡饭论坛

Copyright © KaFan  KaFan.cn All Rights Reserved.

Powered by Discuz! X3.4( 沪ICP备2020031077号-2 ) GMT+8, 2025-1-22 14:47 , Processed in 0.096648 second(s), 14 queries .

卡饭网所发布的一切软件、样本、工具、文章等仅限用于学习和研究,不得将上述内容用于商业或者其他非法用途,否则产生的一切后果自负,本站信息来自网络,版权争议问题与本站无关,您必须在下载后的24小时之内从您的电脑中彻底删除上述信息,如有问题请通过邮件与我们联系。

快速回复 客服 返回顶部 返回列表