Search
Keyword: bat
Trojan does not encrypt files with the following extensions: avi bat bmp chm cmd dll exe gif html ico inf ini lnk log manifest mp3 msi png scr sys tmp txt url wav It deletes shadow copies by executing the
names: {original file name and extension}.encrypted However, as of this writing, the said sites are inaccessible. NOTES: This Trojan does not encrypt files with the following extensions: bat chm cmd dll
386 com hlp rom lock 386 wpx ani prf rtp ldf key diagcab cmd spl deskthemepack bat themepack It avoids encrypting files with the following strings in their file path: system volume information
vssadmin.exe Delete Shadows /All /Quiet It avoids encrypting files with the following extensions: bas bat cmd com cpl lnk msi pif reg scr vb It avoids encrypting files within the following folder names:
apk CRA arch00 arm art arw arz asc asf asm asp asset avhdx avi CAB backup BAK bak bar bat bay bc6 bc7 bck BDB big bik bkf BKP bkp BKUP blob bmp BPN brd bsa bsm bxl bz2 c cad cam cas CBK cbu cdr cdr3
\README_TO_DECRYPT.html It avoids encrypting files with the following file extensions: exe dll sys msi mui inf cat bat cmd ps1 vbs ttf fon lnk Trojan.Win64.Agentb.aum (KASPERSKY), Trojan:Win64/MountLocker!MTB (MICROSOFT)
Directory}\RECOVER-cygzsl2-FILES.txt %Desktop%\RECOVER-cygzsl2-FILES.txt.png -- Set as wallpaper It avoids encrypting files with the following file extensions: themepack nls diagpkg msi lnk exe cab scr bat
\qR8tixVvx.README.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hta icl icns ico ics idx key ldf lnk lock
\HOWTORECOVER.html It avoids encrypting files with the following file extensions: exe dll sys msi mui inf cat bat cmd ps1 vbs ttf fon lnk Downloaded from the Internet, Dropped by other malware Drops files, Modifies
sites are inaccessible. NOTES: This Trojan does not encrypt files with the following extensions: bat chm cmd dll exe ini lnk log msi scr sys tmp url It drops the ransom note DECRYPT_INSTRUCTIONS.html and
folder it encrypts. It deletes shadow copies by executing the following command: vssadmin.exe Delete Shadows /All /Quiet It does not encrypt files with the following extensions: bat chm cmd dll exe ini lnk
exhibited on the affected system. NOTES: The {extension name} of the dropped copy is any of the following: bat cmd com exe pif scr Dropper-FLK!A4F10D4ED625 (McAfee); Trojan.Win32.FakeFolder.h (Kaspersky);
1}{string 2}.exe - drops the file here if it has admin privileges where {string 1} and {string 2} is a combination of any of the following strings: Allow Appointment Bat Bthhf Cci Chunk Clu Contact
diagcab diagpkg dll drv lock hlp ldf icl icns ico ics lnk key idx mod mpa msc msp msstyles msu nomedia ocx prf rom rtp scr shs spl sys theme themepack exe bat cmd gandcrab KRAB CRAB
following extensions: ani bat cab cmd cpl CRAB cur diagcab diagpkg dll drv exe gandcrab hlp icl icns ico ics idx key KRAB ldf lnk lock mod mpa msc msp msstyles msu nomedia ocx prf rom rtp scr shs spl sys
drive. It avoids encrypting files with the following extensions: vb scr reg pif msi exe com cmd bat bas It renames encrypted files using the following names: {5 to 10 alphanumeric
the following file(s) as ransom note: {Encrypted directory}\README_TO_DECRYPT.html It avoids encrypting files with the following file extensions: exe dll sys msi mui inf cat bat cmd ps1 vbs ttf fon lnk
.quantum It drops the following file(s) as ransom note: {Encrypted directory}\README_TO_DECRYPT.html It avoids encrypting files with the following file extensions: exe dll sys msi mui inf cat bat cmd ps1 vbs
following file extensions: avos avoslinux avos2 avos2j themepack nls diagpkg msi lnk exe cab scr bat drv rtp msp prf msc ico key ocx diagcab diagcfg pdb wpx hlp icns rom dll msstyles mod ps1 ics hta bin cmd
\GET_YOUR_FILES_BACK.txt It avoids encrypting files with the following file extensions: avos avoslinux avos2 avos2j themepack nls diagpkg msi lnk exe cab scr bat drv rtp msp prf msc ico key ocx diagcab diagcfg pdb wpx hlp