Search
Keyword: usojan.ps1.powload.jkp
EnableLinkedConnections = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon DefaultDomainName = {domainname} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon
modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ PolicyManager\default\Start HideShutDown = 1 (Note: The default value data of the said registry entry is 0 .)
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. It avoids encrypting
EnableLinkedConnections = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon DefaultDomainName = {domainname} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon
\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer NoDriveTypeAutoRun
HOSTS File Modification This Trojan overwrites the system's HOSTS files to prevent users from accessing the following websites: {BLOCKED}.253.22 008.wzhe123.cn {BLOCKED}.253.22 010389.com {BLOCKED
Ransomware adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ System EnableLinkedConnections = 1 Process Termination This Ransomware terminates the
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It avoids encrypting files with the following file
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ System EnableLinkedConnections = 1 Process Termination This Ransomware terminates the following services if found on the affected system: acronis
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon AutoAdminLogon = 1 → if -safe commandline parameter is used HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Ransomware arrives on a system
%User Profile%\Cookies\wilbert@www.msn[1].txt = "68adfd" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" Dropping
\SystemRestore DisableSR = "1" (Note: The default value data of the said registry entry is 0 .) Propagation This Trojan does not have any propagation routine. Backdoor Routine This Trojan does not have any
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It gathers certain information on the affected
" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 SessionHash = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This