Техническая информация
- '%TEMP%\nst2.tmp\ns4.tmp' WMIC /OUTPUT:C:\a\ProcessList.txt PROCESS get Commandline
- '%TEMP%\nst2.tmp\ns3.tmp' taskkill /im internetport3.exe /t /f
- '<SYSTEM32>\wbem\wmic.exe' /OUTPUT:C:\a\ProcessList.txt PROCESS get Commandline
- '<SYSTEM32>\taskkill.exe' /im internetport3.exe /t /f
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=127.0.0.1:8877;https=127.0.0.1:8877'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = '<-loopback>'
- [<HKLM>\SYSTEM\ControlSet001\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyEnable' = '00000001'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyServer' = 'http=127.0.0.1:8877;https=127.0.0.1:8877'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Internet Settings] 'ProxyOverride' = '<-loopback>'
- %TEMP%\nst2.tmp\ns4.tmp
- %TEMP%\tmp6.tmp
- %TEMP%\tmp5.tmp
- %TEMP%\nst2.tmp\inetc.dll
- %TEMP%\nst2.tmp\System.dll
- %TEMP%\nst2.tmp\ns3.tmp
- %TEMP%\nst2.tmp\nsExec.dll
- %TEMP%\tmp5.tmp
- %TEMP%\nst2.tmp\ns3.tmp
- 'localhost':8877
- ClassName: '' WindowName: ''
- ClassName: 'Indicator' WindowName: ''