"22/6/2016 3:38:41.577","process","created","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\invoice\office11.exe"
"22/6/2016 3:38:45.109","file","Write","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.109","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\api--2-0"
"22/6/2016 3:38:45.203","process","created","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.203","process","created","C:\Windows\System32\cmd.exe","C:\Windows\System32\conhost.exe"
"22/6/2016 3:38:45.218","process","terminated","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\invoice\office11.exe"
"22/6/2016 3:38:45.233","process","created","C:\Windows\System32\cmd.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.233","process","created","C:\Windows\System32\cmd.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.203","file","Write","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Users\vishal\AppData\Local\Temp\516A\28B5.bat"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Windows\System32\conhost.exe"
Wednesday, June 22, 2016
5
RakshaTec: 2016
"22/6/2016 3:38:41.577","process","created","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\...
Tuesday, May 24, 2016
5
RakshaTec: 2016
https://msdn.microsoft.com/en-au/library/ms809762.aspx
Wednesday, March 16, 2016
Here's a good article on registry analysis:
http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1071&context=adf
http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1071&context=adf
Label :
5
RakshaTec: 2016
Here's a good article on registry analysis: http://ro.ecu.edu.au/cgi/viewcontent.cgi?article=1071&context=adf
Subscribe to:
Posts (Atom)