Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
This spyware may be downloaded by other malware/grayware from remote sites. It connects to certain websites to send and receive information. It deletes itself after execution. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
\Software\{UID} HKEY_CURRENT_USER\Software\{UID}\ {random key} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}
{string1}{string2} Start = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{string1}{string2} ErrorControl = 0 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\{string1}{string2} DisplayName =
wbengine WdNisSvc WebClient WinDefend WinVNC4 WRSVC Zoolz 2 Service It terminates the following processes if found running in the affected system's memory: a2guard.exe a2start.exe a2service.exe
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
%Application Data%\SkypeBrowserHost\SkypeBrowserHost.exe" "%Application Data%\SkypeBrowserHost\SkypeBrowserHost.exe" 2 1768 26443321 (Note: %Application Data% is the current user's Application Data folder, which
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
\User Data\Profile 3\WebDataCopy %AppDataLocal%\Google\Chrome\User Data\Profile 2\CookiesCopy %AppDataLocal%\Chromium\User Data\Profile 3\CookiesCopy %All Users Profile%\kuwQFEhPJ\Files\Browsers\Cookies
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes the initially executed copy of itself.
"20191030" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\ Uninstall\MociPbur_is1 MajorVersion = "2" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion
(MS11-006) Vulnerability in Windows Shell Graphics Processing Could Allow Remote Code Execution (2483185)
2008 for 32-bit Systems Service Pack 2**,Windows Server 2008 for x64-based Systems and Windows Server 2008 for x64-based Systems Service Pack 2**,Windows Server 2008 for Itanium-based Systems and Windows
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
"Zoolz 2 Service" start= disabled sc config ccSetMgr start= disabled sc config ReportServer start= disabled sc config Smcinst start= disabled sc config SQLAgent$VEEAMSQL2008R2 start= disabled sc config
mcregwiz.exe /f net stop "Zoolz 2 Service" /y net stop LogProcessorService /y taskkill /im kvxp.kxp /f net stop SQLAgent$SQLEXPRESS /y taskkill /im winlog.exe /f taskkill /im zlclient.exe /f taskkill /im
\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2
vmware-converter-workerd vmwared w3svc w3svcd wbengine wbengined wdnissvc wdnissvcd windefend windefendd winvnc4 winvnc4d wrsvc wrsvcd zoolz 2 service It terminates the following processes if found running in the affected
\SYSTEM\CurrentControlSet\ services\QQMicroGameBoxService Type = 272 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\QQMicroGameBoxService Start = 2 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet