"22/6/2016 3:38:41.577","process","created","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\invoice\office11.exe"
"22/6/2016 3:38:45.109","file","Write","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.109","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\api--2-0"
"22/6/2016 3:38:45.203","process","created","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.203","process","created","C:\Windows\System32\cmd.exe","C:\Windows\System32\conhost.exe"
"22/6/2016 3:38:45.218","process","terminated","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\invoice\office11.exe"
"22/6/2016 3:38:45.233","process","created","C:\Windows\System32\cmd.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.233","process","created","C:\Windows\System32\cmd.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.203","file","Write","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Users\vishal\AppData\Local\Temp\516A\28B5.bat"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Windows\System32\conhost.exe"
Wednesday, June 22, 2016
5
RakshaTec: Gozi - latest variant with Application.RecentFiles.Count
"22/6/2016 3:38:41.577","process","created","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\...
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment