SHA256: 6b270d5b1cc7df047f9a1ca4bfaca0083653791f803b9a39e363ecb8d225b25e
File name: 62B5.tmp.exe
Detection ratio: 2 / 54
Analysis date: 2015-12-04 12:49:39 UTC ( 1 minute ago )
https://www.virustotal.com/en/fi ... nalysis/1449233379/
2015/12/4 20:47:57,C:\Program Files (x86)\Internet Explorer\iexplore.exe,53,Allowed ;执行应用程序 (C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe)
2015/12/4 20:47:57,C:\Windows\System32\conhost.exe,40,Allowed ;以修改权限打开进程或线程 (62B5.tmp.exe(pid=5256))
2015/12/4 20:48:15,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,53,Allowed ;执行应用程序 (C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe)
2015/12/4 20:48:18,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,47,Allowed ;创建交换数据流 (C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe:Zone.Identifier)
2015/12/4 20:48:22,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,53,Allowed ;执行应用程序 ("C:\windows\SysWOW64\cmd.exe" /c start "" "C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe")
2015/12/4 20:48:24,C:\Windows\SysWOW64\cmd.exe,53,Allowed ;执行应用程序 ("C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe" )
2015/12/4 20:48:24,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,53,Allowed ;执行应用程序 (\??\C:\windows\system32\conhost.exe 0xffffffff)
2015/12/4 20:48:24,C:\Windows\System32\conhost.exe,40,Allowed ;以修改权限打开进程或线程 (62B5.tmp.exe(pid=7088))
2015/12/4 20:48:28,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,53,Allowed ;执行应用程序 ("C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe" )
2015/12/4 20:48:29,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,47,Allowed ;创建交换数据流 (C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe:Zone.Identifier)
2015/12/4 20:48:31,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,53,Allowed ;执行应用程序 (C:\Users\AAAA\AppData\Roaming\fploo-a.exe)
2015/12/4 20:48:31,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Allowed ;执行应用程序 (\??\C:\windows\system32\conhost.exe 0xffffffff)
2015/12/4 20:48:31,C:\Windows\System32\conhost.exe,40,Allowed ;以修改权限打开进程或线程 (fploo-a.exe(pid=2788))
2015/12/4 20:48:33,C:\Users\AAAA\AppData\Local\Temp\Low\62B5.tmp.exe,53,Allowed ;执行应用程序 ("C:\windows\system32\cmd.exe" /c DEL C:\Users\AAAA\AppData\Local\Temp\Low\62B5TM~1.EXE)
2015/12/4 20:48:33,C:\Windows\SysWOW64\cmd.exe,53,Allowed ;执行应用程序 (\??\C:\windows\system32\conhost.exe 0xffffffff)
2015/12/4 20:48:35,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Allowed ;执行应用程序 (C:\Users\AAAA\AppData\Roaming\fploo-a.exe)
2015/12/4 20:48:36,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,47,Allowed ;创建交换数据流 (C:\Users\AAAA\AppData\Roaming\fploo-a.exe:Zone.Identifier)
2015/12/4 20:48:38,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 (bcdedit.exe /set {current} bootems off)
2015/12/4 20:48:40,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 (bcdedit.exe /set {current} advancedoptions off)
2015/12/4 20:48:42,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 (bcdedit.exe /set {current} optionsedit off)
2015/12/4 20:48:45,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 (bcdedit.exe /set {current} bootstatuspolicy IgnoreAllFailures)
2015/12/4 20:48:47,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 (bcdedit.exe /set {current} recoveryenabled off)
2015/12/4 20:48:50,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,26,Blocked ;修改受保护的注册表键 (HKLM\SOFTWARE\MICROSOFT\Windows\CurrentVersion\Policies\System,EnableLinkedConnections)
2015/12/4 20:48:51,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,26,Blocked ;修改受保护的注册表键 (HKCU\Software\Microsoft\Windows\CurrentVersion\Run,Acronis)
2015/12/4 20:48:52,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/4 20:48:56,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,40,Blocked ;以修改权限打开进程或线程 (wininit.exe(pid=588))
2015/12/4 20:49:09,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Blocked ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
2015/12/4 20:49:24,C:\Users\AAAA\AppData\Roaming\fploo-a.exe,53,Terminated ;执行应用程序 ("C:\Windows\System32\vssadmin.exe" delete shadows /all /Quiet )
|
发表于 2015-12-4 20:56:31
发表于 2015-12-4 20:58:17
