Search
Keyword: os2first
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run {String 1} {String 3} = %Program Files%\{String 1} {String 3}\{String 1}{String 2}.exe -> Admin privilege 32-bit OS HKEY_LOCAL_MACHINE\SOFTWARE
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
--Target {Target OS Machine} --ShellcodeFile Shellcode.ini --PipeName browser --CredChoice 0 --InConfig svchostromance.xml&&serverlong.exe --OutConfig {Target IP}-dll.txt --TargetIp {Target IP} --TargetPort
composed of the following: Available Physical Memory BIOS Version Boot Device Domain Host Name Hotfix(s) Input Locale Logon Server NetWork Card(s) Original Install Date OS Build Type OS Configuration OS
\CurrentControlSet\ Services\googleupdate (for Windows XP and lower) Information Theft This spyware gathers the following data: Host Name Public IP Address OS Version User Name Other Details This spyware connects to
Settings\Application Data on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Local on Windows Vista and 7.) Information Theft This backdoor gathers the following data: OS version Build
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Services\netmanlr Start = "2" It adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
malware/grayware or malicious users. NOTES: Once the malicous document is opened, the macro which contains the malware code executes and drops the following files: For OS Verion XP and below: %Temp%
NOTES: Once the malicous document is opened, the macro which contains the malware code executes and drops the following files: For OS versions XP and below: %Temp%\adobeacd-update.bat %Temp%
Windows operating system versions.) It gathers the following information and reports it to its servers: MAC Address IP Address Computer name OS version CPU and GPU name NOTES: The value of the {Domain name}
Windows operating system versions.) It gathers the following information and reports it to its servers: MAC Address IP Address Computer name OS version CPU and GPU name NOTES: The value of the {Domain name}
ensure that only one of its copies runs at any one time: Global\powerv5 Information Theft This Trojan gathers the following data: OS Version MAC Address List of AV products from the victim's machine OS
ensure that only one of its copies runs at any one time: Global\powerv5 Information Theft This Trojan gathers the following data: OS Version MAC Address List of AV products from the victim's machine OS
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
{42BED48C-0BC1-46E5-BA9E-36D27915DDCF}_is1 InstallDate = "20180924" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ {42BED48C-0BC1-46E5-BA9E-36D27915DDCF}_is1 MajorVersion = "2" HKEY_LOCAL_MACHINE\SOFTWARE
AUOptions = 2 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Policies\Microsoft\Windows\ WindowsUpdate\AU ScheduledInstallDay = 0 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\ Policies\Microsoft\Windows\ WindowsUpdate
This adware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This adware arrives on a system as a
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This