Search
Keyword: URL
value} NOTES: When a successful connection is made, this Trojan downloads a file from the URL with the parameters {Accessible URL}/get/faa91cf5e79a76602f094ed38fad5872.exe . If the malware failed to
a URL using a hidden browser (POST): Send POST floods (QUIT): Terminate itself (SHELL EXEC): Execute shell command (SPEEDTEST): Check connection speed (STOP EXEC): Stop a specific thread (STOP GET):
Firefox)/ Chrome Service Pack (for Google Chrome) to certain web browsers: 1.crx (for Google Chrome) 2.xpi (for Mozilla Firefox) It connect to the following URL to update its stat counter: http://whos.
and Server 2003, or C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) NOTES: It only connects to the following URL every Tuesday between 8:00 AM and 6:59 PM: http://{BLOCKED}s.{BLOCKED
following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}rtal360.com/404.php?id=105 http://{BLOCKED
information-stealing capability. Rogue Antivirus Routine This Trojan displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED
Explorer is used by adding the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = "http://{BLOCKED}nevinovat.com/pteradaptelfan/ " HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit
Explorer is used by adding the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = http://{BLOCKED}upforsafedd.com/pickit/ HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url2 =
Intensity of GPU usage [-10..10], default 0 -l yes|no - set 'no' to disable Long-Polling, default 'yes' -o url - in form http://username:password@server.tld:port/path, stratum+tcp://server.tld:port, by
following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}rtal360.com/404.php?id=105 http://{BLOCKED
Explorer is used by adding the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url = http://{BLOCKED}pickupforu.com/gabbanauk/ HKEY_CURRENT_USER\Software\AppDataLow\ BHOinit url2 =
Firefox)/Chrome Service Pack (for Google Chrome) to certain web browsers: .crx (for Google Chrome) .xpi (for Mozilla Firefox) It connects to the following URL to update its stat counter: http://whos.
information: List of strings it will monitor usually related to banking URL to send stolen information Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: http:
C:\Users\{user name}\AppData\Local\Temp on Windows Vista and 7.) It downloads a possibly malicious file from a certain URL. The URL where this malware downloads the said file depends on the following
events Obtain promo offers and post them Comment on fanpage posts It connects to the following URL to generate click profits: http://{BLOCKED}s.{BLOCKED}g.us http://{BLOCKED}r.info/adlinks.php Here are
[OpenURL] - Opens a URL using a hidden browser [SYN] - Sends a SYN Flood [Stop] - Stops a spcific command [Get] - Sends GET floods [Post] Sends POST floods [Speedtest] - check connection speed
command execXbox - visit a URL This malware automatically adds the following URLs to the phone's bookmarks. More URLs can be received and added by the malware when commanded. http://{BLOCKED}d.paojiao.cn
Files\System\ado\adoc.exe"" (Note: The default value data of the said registry entry is "Explorer.exe" .) Download Routine This Trojan downloads the file from the following URL and renames the file when
\ Services\Windows Adobe Flash Game 3.6 Enum = Backdoor Routine This backdoor opens the following ports: TCP 777 It executes the following commands from a remote malicious user: Open a specific URL with
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{853FB6B1-8FFF-448D-83A4-516B8E59BF25} URL = "http://universo.{BLOCKED}x.com/campos?campo={searchTerms}" HKEY_CURRENT_USER\Software\Microsoft