Search
Keyword: microsoft internet explorer
%System Root%\XMR %System Root%\XMR\Coin %System Root%\XMR\Coin\api %AppDataLocal%\dyna %User Temp%\Microsoft (Note: %Application Data% is the Application Data folder, where it usually is C:\Documents and
netsh firewall set opmode disable && exit cmd /c reg add "HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update" /v AUOptions /t REG_DWORD /d 1 /f %System%\DllHost.exe
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S17014297 = "{malware path and file name}" Other System Modifications This Trojan adds the following
file in the Startup folder of the Microsoft Excel application. It utilizes the auto_open macro command consequently infecting other workbooks once opened. This script also intercepts the use of two
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S1096057 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S488121 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S1651823 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S1484101 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Updater = "{malware path and file name}" This report is generated via an automated analysis
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run WindowsUpdate = "{malware path and file name}.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry is iexplore.exe .) HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S785860 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
\Software\Microsoft\ Multimedia\DrawDib HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\MediaResources\msvideo It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Multimedia
\Software\Microsoft\ Windows\CurrentVersion\MyComputer It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\MyComputer Count = "1" This report is generated via
\Software\Microsoft\ Multimedia\DrawDib HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ Control\MediaResources\msvideo It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Multimedia
HKEY_LOCAL_MACHINE\Software\Microsoft\ Windows\CurrentVersion\ErrorHandling It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\ErrorHandling Rede = "True" This report
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S118125 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S19531137 = "{malware path and file name}" Other System Modifications This Trojan adds the following
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S9012475 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Sumanya = "%Windows%\debug\winlng.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Sumanya = "