神兵利器 – EDRHunt

$ .EDRHunt.exe scan[EDR]Detected EDR: Windows DefenderDetected EDR: Kaspersky Security

$ .EDRHunt.exe allRunning in user mode, escalate to admin for more details.Scanning processes, services, drivers, and registry...[PROCESSES]
Suspicious Process Name: MsMpEng.exeDescription: MsMpEng.exeCaption: MsMpEng.exeBinary:ProcessID: 6764Parent Process: 1148Process CmdLine :File Metadata:Matched Keyword: [msmpeng]

Suspicious Process Name: NisSrv.exeDescription: NisSrv.exeCaption: NisSrv.exeBinary:ProcessID: 9840Parent Process: 1148Process CmdLine :File Metadata:Matched Keyword: [nissrv]...

    __________  ____     __  ____  ___   ________   / ____/ __ / __    / / / / / / / | / /_  __/  / __/ / / / / /_/ /  / /_/ / / / /  |/ / / / / /___/ /_/ / _, _/  / __  / /_/ / /|  / / //_____/_____/_/ |_|  /_/ /_/____/_/ |_/ /_/
FourCore Labs (https://fourcore.vision) | Version: 1.1
Running in user mode, escalate to admin for more details.[DRIVERS]Suspicious Driver Module: WdFilter.sysDriver FilePath: c:windowssystem32driverswdwdfilter.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: WdFilter.sys        InternalFileName: WdFilter        Company Name: Microsoft Corporation        FileDescription: Microsoft antimalware file system filter driver        ProductVersion: 4.18.2109.6        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [antimalware malware]
Suspicious Driver Module: hvsifltr.sysDriver FilePath: c:windowssystem32drivershvsifltr.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: hvsifltr.sys.mui        InternalFileName: hvsifltr.sys        Company Name: Microsoft Corporation        FileDescription: Microsoft Defender Application Guard Filter Driver        ProductVersion: 10.0.19041.1        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [defender]
Suspicious Driver Module: WdNisDrv.sysDriver FilePath: c:windowssystem32driverswdwdnisdrv.sysDriver File Metadata:        ProductName: Microsoft® Windows® Operating System        OriginalFileName: wdnisdrv.sys        InternalFileName: wdnisdrv.sys        Company Name: Microsoft Corporation        FileDescription: Windows Defender Network Stream Filter        ProductVersion: 4.18.2109.6        Comments:        LegalCopyright: © Microsoft Corporation. All rights reserved.        LegalTrademarks:Matched Keyword: [defender]...

$ .EDRHunt.exe -s

$ .EDRHunt.exe -d

$ .EDRHunt.exe -r