Search
Keyword: Coinminer_MALXMR.SMGH2-ELF64
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
{random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of
CVE-2009-2526,CVE-2009-2532,CVE-2009-3103 This update resolves three reported vulnerabilities in Server Message Block Version 2 (SMBv2) -- one publicly disclosed and two in private. Successful
{random 2 characters} = "{contents of HELP_DECRYPT.URL}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
HKEY_CURRENT_USER\Software\{UID} HKEY_CURRENT_USER\Software\{UID}\ {random key} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}
registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2
HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "
{random 2 characters} = "{RSA PUBLIC KEY} " HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.TXT}" HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of
System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\{UID} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{RSA
files: %AppDataLocal%\Chromium\User Data\Profile 3\LoginDataCopy %AppDataLocal%\Chromium\User Data\Profile 3\CookiesCopy %Application Data%\brave\WebDataCopy %AppDataLocal%\Chromium\User Data\Profile 2
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed
" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER
\cAdobe_ChainBuilder\cAcceptablePolicyOIDs\ c1 iEnd = "2" HKEY_CURRENT_USER\Software\Adobe\ Acrobat Reader\10.0\Security\ cASPKI\cASPKI\cCustomCertPrefs\ c312E322E3834302E3131343032312E310000\cAdobe_ChainBuilder
\powershell.exe" -Enc {Base 64 code} -ExecutionPolicy Bypass -W Hidden -NonI --> for deleting system logs "%Program Files%\Windows Defender\mpcmdrun.exe" -removedefinitions -all --> for removing Windows Defender
\E4480625FE7B77F89934 7763D5AE5F9A383B3CA = "7763D5AE5F9A383B3CA" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Setup LogLevel = "2" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Setup
\DowloadX.exe %AppDataLocal%\Chromium\User Data\Default\LoginDataCopy %Application Data%\brave\LoginDataCopy %AppDataLocal%\Google\Chrome\User Data\Profile 2\LoginDataCopy %AppDataLocal%\Chromium\User Data
\CurrentVersion\Internet Settings\ Zones\1 1609 = "0" (Note: The default value data of the said registry entry is "1" .) HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Internet Settings\ Zones\2 1406