Wednesday, June 22, 2016

Gozi - latest variant with Application.RecentFiles.Count

"22/6/2016 3:38:41.577","process","created","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\invoice\office11.exe"

"22/6/2016 3:38:45.109","file","Write","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"

"22/6/2016 3:38:45.109","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Run\api--2-0"

"22/6/2016 3:38:45.203","process","created","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Windows\System32\cmd.exe"

"22/6/2016 3:38:45.203","process","created","C:\Windows\System32\cmd.exe","C:\Windows\System32\conhost.exe"

"22/6/2016 3:38:45.218","process","terminated","C:\Windows\explorer.exe","C:\Users\vishal\Desktop\invoice\office11.exe"

"22/6/2016 3:38:45.233","process","created","C:\Windows\System32\cmd.exe","C:\Windows\System32\cmd.exe"

"22/6/2016 3:38:45.233","process","created","C:\Windows\System32\cmd.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"

"22/6/2016 3:38:45.203","file","Write","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Users\vishal\AppData\Local\Temp\516A\28B5.bat"

"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet"
"22/6/2016 3:38:45.186","registry","SetValueKey","C:\Users\vishal\Desktop\invoice\office11.exe","HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect"


"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Users\vishal\AppData\Roaming\api--2-0\api--1-0.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Users\vishal\Desktop\invoice\office11.exe","C:\Windows\System32\cmd.exe"
"22/6/2016 3:38:45.483","process","terminated","C:\Windows\System32\cmd.exe","C:\Windows\System32\conhost.exe"
Share:

Tuesday, May 24, 2016

Wednesday, March 16, 2016