Search
Keyword: htmlbagleq1
{89A18812-33DA-47C9-857B-5CD96BF0AF6E}_is1 NoModify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Microsoft\Windows\CurrentVersion\ Uninstall\{89A18812-33DA-47C9-857B-5CD96BF0AF6E}_is1 NoRepair = "1" HKEY_LOCAL_MACHINE\SOFTWARE
\x8d+" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 Sequence = "1" HKEY_CURRENT_USER\Software\Microsoft\ RestartManager\Session0000 RegFiles0000 = "\x00\x00" HKEY_CURRENT_USER\Software
\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{9F531FB1-7C1F-4e1a-8C0C-E8D6177130E2} NoExplorer = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ Interface\
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details This
%User Profile%\Cookies\wilbert@www.msn[1].txt = "68adfd" It modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\SystemRestore DisableSR = "1" Dropping
\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat
\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals bDisplayedSplash = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat
\ Windows\CurrentVersion\Explorer\ Advanced\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Windows
\10.0\AdobeViewer It adds the following registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software
{removable and network drive letter}:\_\DeviceConfigManager.exe It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows Defender DisableAntiSpyware = "1" Propagation
CVE-2011-0602 Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allow remote attackers to execute arbitrary code via crafted JP2K record
CVE-2011-0587 Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.0.1, 9.x before 9.4.2, and 8.x before 8.2.6 on Windows and Mac OS X allows remote attackers to inject
\CurrentVersion\Explorer\ Advanced\Folder\Hidden\ SHOWALL CheckedValue = "0" (Note: The default value data of the said registry entry is 1 .) Dropping Routine This worm drops the following files: %Program Files%
}ware.com/ HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ PCMate Free EXE Lock_is1 NoModify = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ PCMate Free
{Username} InstallDate = 20240126 MajorVersion = 1 MinorVersion = 15 NoModify = 1 NoRepair = 1 Publisher = Winrar QuietUninstallString = "%Windows%\unins000.exe" /SILENT UninstallString = "%Windows%
\Uninstall\ {BEE9DFE1-7CDF-4D1C-A473-3B3DF8FF1431}_is1 NoModify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ {BEE9DFE1-7CDF-4D1C-A473-3B3DF8FF1431}_is1 NoRepair = "1
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
registry entries: HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Installer\ Migrated {AC76BA86-7AD7-1033-7B44-AA0000000001} = "1" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Originals
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This backdoor arrives on a system as a