![]() ![]() ![]() "mshta.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYOVERRIDE") ![]() ![]() "mshta.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYSERVER") "mshta.exe" (Access type: "SETVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYENABLE" Value: "00000000") "mshta.exe" (Access type: "DELETEVAL" Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP" Key: "PROXYBYPASS") "mshta.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP" Key: "PROXYBYPASS") "tmpF57E.exe" (Access type: "DELETEVAL" Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP" Key: "PROXYBYPASS") "tmpF57E.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP" Key: "PROXYBYPASS") "svchost.exe" (Access type: "DELETEVAL" Path: "HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP" Key: "PROXYBYPASS") "svchost.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS\ZONEMAP" Key: "PROXYBYPASS") "svchost.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYOVERRIDE") "svchost.exe" (Access type: "DELETEVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYSERVER") "svchost.exe" (Access type: "SETVAL" Path: "HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS" Key: "PROXYENABLE" Value: "00000000") All indicators are available only in the private webservice or standalone version.Spawned process "taskkill.exe" with commandline "taskkill /f /im "tmpF57E.exe"" ( Show Process) Spawned process "cmd.exe" ( Show Process) Spawned process "mshta.exe" with commandline ""%USERPROFILE%\Desktop\_README_67BEBA_.hta"" ( Show Process) Spawned process "tmpF57E.exe" ( Show Process) Spawned process "PING.EXE" with commandline "ping -n 1 127.0.0.1" ( Show Process) Spawned process "taskkill.exe" with commandline "taskkill /t /f /im "cryptolocker.exe"" ( Show Process) Spawned process "cmd.exe" with commandline "/d /c taskkill /t /f /im "cryptolocker.exe" > NUL
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |