Search
Keyword: URL
memory LN → Downloads a file from a URL and execute it Urlopen → Opens a URL through a browser Urlhide → Creates a HTTP GET request PCShutdown → Executes a shutdown command PCRestart → Executes a restart
" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Internet Explorer\SearchScopes URL = "{random characters}" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes URL = "{random characters}" It modifies the
Applications 1002103* - AOL Instant Messenger (ATT&CK T1102) 1004663* - IP Messenger (ATT&CK T1102) 1002507* - Jabber (ATT&CK T1102) 1003067* - MSN Instant Message URL Blocker (ATT&CK T1102) 1002162* - MSN
Details This Trojan Spy does the following: It connects to the following URL to resolve its configuration: https://{BLOCKED}.me/{BLOCKED}0412/ https://{BLOCKED}c.social/{BLOCKED}6 As of this moment, if it
It connects to the following remote sites to get a URL where other malicious files can be downloaded: http://{BLOCKED}ran.ru/forum/dl/getapps.php?seller={Tick Count}&hash={GUID} http://{BLOCKED
This spyware downloads an updated copy of itself from a certain website(s). It connects to a certain URL to download its configuration file. It sends the gathered information via HTTP POST to a
encrypted data in the URL contains the following information: Adapter Information Computer Name Operating System Processor Name User Name It does not continue its execution when the following process exists:
currently logged in user 20000004 - Download from a URL and execute the downloaded file It connects to the following URL(s) to send and receive commands from a remote malicious user: {BLOCKED}2.{BLOCKED
displays the following fake alerts: When users agree to buy the software, it connects to the following URL to continue the purchase: http://{BLOCKED}echeck24.com/activate/activate.php http://{BLOCKED
TROJ_DIDKR.A NOTES: The dropped malware file SimDiskUp.exe accesses the aforementioned URL to download another malware. Once executed, the downloaded file creates the following folders: %Application Data%\tor
= "°Ù¶È" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{C5C0A7CA-D820-4AEA-B393-A94E771630EA} URL = "http://www.{BLOCKED}u.com/s?wd={searchTerms}&tn=sitebd_pg&cl=3&ie=utf-8
\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} DisplayName = "Search" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\SearchScopes\{DAED9266-8C28-4C1C-8B58-5C66EFF1D302} URL =
institutions: Deutsche Bank Deutsche Postbank AG HypoVereinsbank Volksbank Emmerich-Rees Drop Points The said file is then sent to the following URL via HTTP POST: {BLOCKED}omde.cn Other Details Based on analysis
This Trojan accesses the URL http://{BLOCKED}.{BLOCKED}.222.238/0412uk12/{computername}/-/{OS Version}-{Service Pack}/0/ to send information. The following information are posted: Computer name Operating
writing, the said sites are inaccessible. Other Details This Trojan deletes itself after execution. NOTES: This Trojan accesses the URL {BLOCKED}.{BLOCKED}.35.133:13814/0912us21/{computername}/0/{OS Version
"" Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}n-foundation.ro/images/tere.exe http://{BLOCKED
"" Download Routine This Trojan downloads the file from the following URL and renames the file when stored in the affected system: http://{BLOCKED}araswatiinn.com/images/tere2611.exe http://{BLOCKED
with the following URL path: /install.htm /welcome.htm /index.htm /start.htm Backdoor:Win32/Kelihos.F (Microsoft), Backdoor.Win32.Hlux.bodz (Kaspersky)
does not have any backdoor routine. It downloads a file from a certain URL then renames it before storing it in the affected system. It takes advantage of software vulnerabilities to allow a remote user
{BLOCKED}le.com {BLOCKED}a.{BLOCKED}sk.net {BLOCKED}a.{BLOCKED}nest.com {BLOCKED}t.{BLOCKED}e.kz NOTES: This malware is capable of the following: Visit a URL specified by remote server Download and execute