Search
Keyword: JS_LOCKY.FS
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This registry entry is deleted after encryption of all files) Other System Modifications
renames the encrypted files to {unique ID per victim}{identifier}.locky It adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries as part of its
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This is deleted after encryption of all files) Other System Modifications This Trojan
{7209F5A7-047B-4D4C-9F8A-3A6AE938F17C}\RP1\snapshot\Repository\$WinMgmt.CFG %System Root%\System Volume Information\_restore{7209F5A7-047B-4D4C-9F8A-3A6AE938F17C}\RP1\snapshot\Repository\FS\INDEX.BTR %System Root%\System Volume
\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This registry entry is deleted after encryption of all files) Other System Modifications This Trojan modifies the following file(s): It
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This is deleted after encryption of all files) Other System Modifications This Trojan
visiting malicious sites. Other System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This is deleted after encryption of all files) Other System Modifications This Trojan
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
to {unique ID per victim}{identifier}.locky It adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries as part of its installation routine:
\snapshot\Repository\FS\INDEX.BTR %System Root%\System Volume Information\_restore{7209F5A7-047B-4D4C-9F8A-3A6AE938F17C}\RP1\snapshot\Repository\FS\INDEX.MAP %System Root%\System Volume Information\_restore
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" Other System Modifications This Trojan adds the following registry entries
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey