Search
Keyword: URL
contains: It shows following window after execution: Sets the Desktop background to: It connects to the following URL after encryption: http://www.{BLOCKED}o.pl http://www.{BLOCKED}g.org.pl http://{BLOCKED
cryptonight-lite, cryptonight-heavy -o, --url=URL URL of mining server -O, --userpass=U:P username:password pair for mining server -u, --user=USERNAME username for mining server -p, --pass=PASSWORD password for
it downloads as: %Temporary Internet Files%\Content.IE5\{random}\20100826[1].jpg Connects to the following URL to download an image for user interface of the Potentially unwanted application: http://
arbitrary file as temp.exe sleep It deletes itself after execution. NOTES: It sends a GET request to the following URL before it updates, or downloads its arbitrary payload: http://{BLOCKED}.{BLOCKED
computer Delete file/s from affected computer Rename file/s from affected computer Create new directory Search a file from affected computer Download file from url Download file from local Enumerate process
→ URL of mining server -O, --userpass=U:P → username:password pair for mining server -u, --user=USERNAME → username for mining server -p, --pass=PASSWORD → password for mining server -t, --threads=N
This Trojan Spy downloads a file from a certain URL then renames it before storing it in the affected system. It retrieves specific information from the affected system. It connects to certain
downloaded plugin Start and Stop plugin Perform Remote Shell Update URL list Update itself Update Plugin Modify Config Manage File Manage MBR Send gathered data Information Theft This backdoor gathers the
commands from a remote malicious user: Download and execute arbitrary files USB Spreader Visit a URL / Display pop-up advertisements MSN spreader P2P Spreader DDOS (TCP/UDP Flooding) Retrieve Stored Browser
application. It needs another plugin/component gforce_dll for its URL spoofing for the following websites: hotmail.com facebook.com live.com Trojan-Dropper.Win32.Injector.jsuq, Trojan.Autoit.F (VBA32) ZeuS, More
Connect to a specific URL Terminate applications Shutdown, Restart, Hibernate, or Log-off Machine Monitor Mouse Activities Other Details This backdoor does the following: It connects to the following
{D66B743D-2207-47FF-946B-D5EEA7AF0443} URL = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes DefaultScope = "{D66B743D-2207-47FF-946B-D5EEA7AF0443}" HKEY_CURRENT_USER\Software\Searcher Version
space using its Game Optimize feature Sends reports from affected machine to the URL http://{BLOCKED}ean.com/report.php?strCate={Value}&strSubject={Subject}&strComm={Message} Changes default homepage of
following cases: Case 1: type=0555 and type=0922 If it finds the following URLs in the URL cache: choiceadvantage.com uhauldealer.com secure-booker.com teletracker.com wupos.westernunion.com pay1.plugnpay.com
URL of mining server -O, --userpass=U:P username:password pair for mining server -u, --user=USERNAME username for mining server -p, --pass=PASSWORD password for mining server --rig-id=ID rig identifier
--url=URL URL of mining server -O, --userpass=U:P username:password pair for mining server -u, --user=USERNAME username for mining server -p, --pass=PASSWORD password for mining server --rig-id=ID rig
does the following: It connects to the following URL to obtain its C&C server address: https://{BLOCKED}in.com/raw/FefmezR0 Trojan.GenericKD.42275515 (BITDEFENDER); Other:Malware-gen [Trj] (AVAST)
Other Details This Hacking Tool does the following: It displays the following interface upon execution: It displays the following data: URL Web Browser User Name Password Password Strength User Name Field
}.cfg → Configuration file Other Details This Hacking Tool does the following: It displays the following interface upon execution: It displays the following data: URL Web Browser User Name Password
where it usually is C:\Windows\System32 on all Windows operating system versions.) Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected