Search
Keyword: URL
Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Search Return = "64" HKEY_CURRENT_USER\Software\Microsoft
"ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
"ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED}t.com" HKEY_CURRENT_USER\Software
\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP Server = "ldap.bigfoot.com" HKEY_CURRENT_USER\Software\Microsoft\ Internet Account Manager\Accounts\Bigfoot LDAP URL = "http://www.{BLOCKED
access a hard-coded URL once executed. However, since antivirus products can easily identify the URLs, these are blocked, disabling the malware from performing its intended download routine. PE_LICAT.A
This Trojan downloads updated copies of itself from certain websites. It redirects searches to a specific IP address if the search engine URL contains certain strings. This Trojan may be dropped by
URL Steal CD keys of games Execute a file Download from HTTP and FTP URL Open a command shell Open files Display the driver list Get screen capture Capture pictures and video clips Display netinfo Make
not function properly. It propagates via social networking sites by sending malicious links to all the user's contacts. The said links point to a remote URL where a copy of the worm may be downloaded.
connects to the following URL to obtain coinmining-related commands: http://www.{BLOCKED}ak.com/v3/i.txt http://www.{BLOCKED}ak.com/v3/xk.txt -> contains the config for coinminer http://www.{BLOCKED
\CurrentVersion\Explorer\ WorkgroupCrawler\Shares shared = "\New Folder.exe" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\SearchScopes URL = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft
spyware does not have any proxy server routine. Information Theft This spyware gathers the following information on the affected computer: HTTP Password HTTP Server URL HTTP User IMAP Password IMAP Server
is used for the attack. Clicking the second tab (WEB 模式), displays the following interface: In the second tab, the user is given an option to repeatedly access a URL through a specified port for every
{55AB1BE6-FDF1-703C-25BA-48DD3A2DD6E7} StubPath = "%System%\misys.exe" Other Details This backdoor opens a hidden Internet Explorer window. NOTES: Upon execution, this backdoor downloads and executes a shellcode from the following URL
execute a remote script that connects to the following URL where this malware is downloaded: http://{BLOCKED}6.{BLOCKED}6.240.18/9VBMa76FFnB4VAYu0X5j755pMiSyVrcV?s=mdacot It checks for the following to test
capability. NOTES: Other Details It accesses the following URL to notify the malicious user of its installation: http://{BLOCKED}earch.com/adv.php?i=13&rnd={random numbers} This malware does not have rootkit
Updater It connects to randomly generated IP addresses with the following as URL path: /online.htm /main.htm /start.htm /install.htm /login.htm /setup.htm /welcome.htm /search.htm /home.htm /default.htm