Search
Keyword: htmlbagleq1
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
the following registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion SysHelper = "1" Dropping Routine This Ransomware drops the following files: %All Users Profile%\4R8WBES1BX2A3VRZJLCKYUNEX\c %All
CVE-2009-2990 Array index error in Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 might allow attackers to execute arbitrary code via unspecified vectors.
CVE-2009-2979 Adobe Reader and Acrobat 9.x before 9.2, 8.x before 8.1.7, and possibly 7.x through 7.1.4 do not properly perform XMP-XML entity expansion, which allows remote attackers to cause a
CVE-2013-3346 Adobe Reader and Acrobat allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors. adobe acrobat 10.0,adobe acrobat
{AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\AVGeneral bLastExitNormal = "0" HKEY_CURRENT_USER
\Lsa LimitBlankPasswordUse = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\Terminal Server fDenyTSConnections = "0" (Note: The
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
Copy\Aurora_DVD_Copy.exe" 4 %Program Files%\MachinerData\Aurora_DVD_Copy.exe 1 %Windows%\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe %System%\svchost.exe -k LocalServiceAndNoImpersonation %Windows%
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
\PING.EXE ping 127.0.0.1 "%Program Files%\Free Create-Burn ISO Image\CreateBurnISO.exe" 4 %Program Files%\MachinerData\CreateBurnISO.exe 1 %System%\sdclt.exe /CONFIGNOTIFICATION taskhost.exe SYSTEM %System%
HKEY_CURRENT_USER\Software\WinRAR\ Formats\uue.fmt HKEY_CURRENT_USER\Software\WinRAR\ Formats\z.fmt HKEY_CURRENT_USER\Software\WinRAR\ Profiles\0 HKEY_CURRENT_USER\Software\WinRAR\ Profiles\1 HKEY_CURRENT_USER
This file infector arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This file infector arrives on a
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals