Search
Keyword: microsoft internet explorer
* indicates a new version of an existing rule Deep Packet Inspection Rules: DCERPC Services - Client 1004293* - Identified Microsoft Windows Shortcut File Over Network Share DHCP Failover Protocol
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft Tracing = enigma_RASMANCS HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft Tracing = enigma_RASAPI32 Download Routine This Trojan Spy connects to the following URL(s) to download its
\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) Other System Modifications This hacking tool deletes the following files: %Start Menu%\Programs\Havij 1.13 Free\Havij.pif %Start Menu%
HKEY_CLASSES_ROOT\magnet HKEY_CLASSES_ROOT\magnet\DefaultIcon HKEY_CLASSES_ROOT\magnet\shell HKEY_CLASSES_ROOT\magnet\shell\ open HKEY_CLASSES_ROOT\magnet\shell\ open\command HKEY_LOCAL_MACHINE\Software\Microsoft
\CurrentControlSet\ Control\MediaResources\icm\ VIDC.FPS1 HKEY_LOCAL_MACHINE\SOFTWARE\Fraps2 HKEY_LOCAL_MACHINE\SOFTWARE\Fraps HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ Fraps
C:\Windows\Start Menu or C:\Documents and Settings\{User name}\Start Menu on Windows 2000, XP, and Server 2003, or C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista and
at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run winxgz = "%User Profile%\zipfreerun\zipfreerun.exe autostart " Other System Modifications This Trojan deletes
/CONFIGNOTIFICATION taskhost.exe SYSTEM %System%\wsqmcons.exe taskhost.exe $(Arg0) %System%\svchost.exe -k LocalService %System%\schtasks.exe /delete /f /TN "Microsoft\Windows\Customer Experience Improvement Program
F7090F619059A3AAB3E71D0ADA462372 %System%\RUNDLL32.EXE %All Users Profile%\B2D2D612\8BDE570F.dll,f2 1FCAAAC36182D72B5B244331A7421701 "%System%\schtasks.exe" /End /tn \Microsoft\Windows\Wininet\CacheTask schtasks /End /tn \Microsoft
\Software\Microsoft\ Windows NT\CurrentVersion\Winlogon Shell = "explorer.exe,{malware path and file name}" This report is generated via an automated analysis system.
explorer.exe created svchost.exe Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\
at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run [system] = "%System%\drivers\services.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ Ya 1.43 DisplayName = "Ya 1.43" HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\Uninstall\ Ya 1.43 DisplayIcon = "%Program Files%
\Microsoft\ Windows\CurrentVersion\Uninstall\ wgjngbonphwjwni It adds the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ Software\{D02E7CE6-D6B9-33FE-603F-F855EC4CABE5} aff_id =
Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run 5-4-17-14 = "%Program
enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run [system] = "%System%\drivers\services.exe" HKEY_CURRENT_USER\Software\Microsoft
automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run [system] = "%System%\drivers\services.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows
\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) It creates the following folders: %Start Menu%\Programs\Disk Antivirus Professional {All User's Profile}\Application Data\{random folder name}
\Roaming\Microsoft\Windows\Start Menu on Windows Vista and 7.) It creates the following folders: %Start Menu%\Programs\Disk Antivirus Professional {All User's Profile}\Application Data\{random folder name}