Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
(MS15-035) Vulnerability in Microsoft Graphics Component Could Allow Remote Code Execution (3046306) 
This security update addresses a vulnerability found in Microsoft Windows. When exploited successfully, this vulnerability could allow remote code execution thus compromising the security of the
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
Service" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\TrustedInstaller Start = "2" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\TrustedInstaller Start = "3" HKEY_LOCAL_MACHINE\SYSTEM
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. Arrival Details
This Spyware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Spyware arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed by a user. Arrival Details
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed
\SysEventParameters CloseTime = "500" HKEY_CURRENT_USER\Software\Microsoft\ Wisp\Pen\SysEventParameters SingleTapMode = "2" HKEY_CURRENT_USER\Software\Microsoft\ Wisp\Pen\SysEventParameters DoubleTapMode = "2
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
This Backdoor arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Backdoor arrives on a system as a
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
This Trojan Spy arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan Spy arrives on a system
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
%Favorites%\ÃÀŮֱ²¥Ðã.url %Favorites%\Links\ÃÀŮֱ²¥Ðã.url %Favorites%\90ÃÀÅ®ÊÓƵ.url %Favorites%\Links\90ÃÀÅ®ÊÓƵ.url %Favorites%\ÈÈѪ´«Ææ.url %Favorites%\Links\ÈÈѪ´«Ææ.url %Favorites%\¸ßÊÕÒæÀí²Æ-ÅÄÅÄ´û.url
\Software\{UID} HKEY_CURRENT_USER\Software\{UID}\ {random key} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}