2
2
I've detected that my Windows 10 PC has been infected with qorigjsr.exe
malware. Pretty sure it was after I've injected my less computer savvy friend USB into my PC. I've deleted it immediately but when I checked "App History" in Task Manager it seems like it was running for 7 seconds and had network usage of 8.9MB.
So my question is - how can I see more details of this network usage, e.g. when it was running and how much of that usage was upload and how much download and where exactly (ip)?
BTW: Do you guys had any experience with this malware? Do you maybe know what does it exactly do?
2
You can't retroactively view that data. As it is a random name that does really identify the malware itself you would have to have a closer look, possibly uploading it to a service like virustotal if you own AV didn't report any more information about it.
– Seth – 2017-01-20T10:19:09.667@Seth thanks for reply - but what do you mean by retroactively view that data? – Dominik Serafin – 2017-01-20T10:25:40.243
1There is no default recording of such information and as the program already ran and did its thing you can't retroactively view that data as it doesn't really exist. What you could do is identify the actual malware (if you still have that exe file) in order to get a grasp on what it actually did. It's likely that it tried to download a payload in order to gain further rights or to do some form of damage (e.g. ransomware). – Seth – 2017-01-20T10:31:33.727