Keyword: URL
43762 Total Search   |   Showing Results : 3281 - 3300
  Previous   Next  
RANSOM_EDA2MERSED.A
7.) Other Details This Ransomware does the following: This Ransomware connects to the following malicious URL to create and send encryption keys: http://{BLOCKED}ost/{BLOCKED}keys.php http://{BLOCKED
Backdoor.Win32.REMCOS.TICOGCC
Rename file/s from affected computer Create new directory Search a file from affected computer Download file from url Download file from local Enumerate process Terminate process Maximize/Minimize
TSPY_OMANEAT.BZR
usually is C:\Windows\Temp on all Windows operating system versions.) Information Theft This spyware logs a user's keystrokes to steal information. NOTES: URL no longer accessible Downloaded from the
JS_LOCKY.DLDSDZD
files are exhibited on the affected system. NOTES: The URL it accesses contains script that downloads and executes a file from the following URLs: http://www.{BLOCKED}ntsa.ro/counter/?i={value}a={value
Coinminer.Linux.KERBERDS.A
user:48tKyhLzJvmfpaZjeEh2rmWSxbFqg7jNzPvQbLgueAc6avfKVrJFnyAMBuTn9ZeG4A3Gfww512YNZB9Tvaf52aVbPHpJFXT pass: x Accepts the following parameters: -a, --algo=ALGO ? cryptonight (default) or cryptonight-lite -o, --url=URL ? URL of mining server -O, --userpass=U:P ? username:password pair for mining
Coinminer.Linux.TOOLXMR.AE
cryptonight-lite, cryptonight-heavy -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for mining server -u, --user=USERNAME username for mining server -p, --pass=PASSWORD password for
Ransom.Win32.HIVE.YXCC4Z
{Encrypted Folder}\HOW_TO_DECRYPT.txt It avoids encrypting files with the following file extensions: exe dll sys msi lnk ini url Ransom:Win32/Hive.P!MTB (MICROSOFT) Downloaded from the Internet, Dropped by
TrojanSpy.MSIL.NEGASTEAL.RJAHSOT
file from the following URL and renames the file when stored in the affected system: https://www.{BLOCKED}onrouter.com/dist.torproject.org/torbrowser/9.5.3/tor-win32-0.4.3.6.zip It connects to the
Trojan.MSIL.WHISPERGATE.YXCAQ
following: It downloads malicious DLL from the following URL and executes it in memory: https://cdn.discordapp.com/attachments/{BLOCKED}81184768/Tbopbh.jpg It executes the following in memory:
WORM_LOVGATE.G
Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account
TROJ_FAKEAV.MPH
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
TSPY_ZBOT.NZK
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
PE_LOVGATE.L
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search
TSPY_ZBOT.QEY
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
TROJ_DLOADR.BGM
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
TROJ_JORIK.DFD
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
TROJ_FAKEAV.HON
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
TROJ_CLEAMAN.HJ
" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.
TSPY_ZBOT.HED
Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER
TSPY_ZBOT.NW
\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft