Search
Keyword: usojan.ps1.powload.jkp
\CurrentVersion\Explorer\ SessionInfo\1\WHCIconStartup HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Explorer\ FileExts\.3g2\OpenWithProgids\ WMP11.AssocFile.3G2 HKEY_CURRENT_USER\Software\Microsoft
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions. It
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This spyware arrives as an attachment to email messages spammed by other malware/grayware or malicious users. It arrives on a system as a file dropped by other malware or as a file downloaded
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
Executes the following command to execute the copied malware: "pcalua.exe -a {Copied Malware}" {Random 20 Characters} Executes every 1 hour to connect to the Ransomware URL Executes the following
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
\CurrentControlSet\ Services\StarOpen Group = Extended Base HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\StarOpen ErrorControl = 1 HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\StarOpen Start = 2
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It steals certain information from the system and/or
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions.
" Other System Modifications This Trojan modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" (Note: The default value data
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System DisableTaskMgr = 1 Ransomware Routine This Ransomware encrypts files with the following extensions: .txt .doc .docx .intex .pdf .zip .rar
This ransomware comes from a high volume spam campaign that aims to deliver this to as many users possible. This Ransomware arrives on a system as a file dropped by other malware or as a file
\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Shell Extensions\ Cached {random string} = "\x01\x00\x00\x00\x00\x00\x00\x00J\xbe6\xa8x\x93\xd5\x01" Dropping