Search
Keyword: microsoft internet explorer
Trojan.Win32.CVE20151701.E Autostart Technique This Backdoor creates the following registry entries to enable automatic execution of dropped component at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
not send files smaller than 4096 bytes It does not send files larger than 67108864 bytes It does not send files from the following directories: C:\Users\All Users\Microsoft C:\ProgramData C:\Windows C:
%\reg.exe" add HKLM\SOFTWARE\Policies\Microsoft\Windows NT\Terminal Services / v MaxDisconnectionTime / t REG_DWORD / d 1209600000 / f cmd /c temp.cmd {Malware File Path}\{Malware File Name} → clear
%System%\reg.exe" add HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v svchost /t reg_sz /d %ProgramData%\svchost.exe /f %ProgramData%\svchost.exe (Note: %ProgramData% is a version of the
winlogbeat.exe ESET Inspect EIConnector.exe ekrn.exe FortiEDR fortiedr.exe Harfanglab EDR hurukai.exe Microsoft Defender for Endpoint and Microsoft Defender Antivirus MsMpEng.exe MsSense.exe SenseCncProxy.exe
at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Winlogon Taskman = "%User Profile%\Application Data\vfbu.exe" Other System Modifications This worm adds the
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %User Profile%\Application Data\Microsoft
HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {random CLSID} = %Application Data%\{random1}\{random}.exe It drops the following files: %Application Data%\{random1}\{random}.exe %Application Data%\
systems.) Autostart Technique This Spyware adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce
systems.) Autostart Technique This Backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\RunOnce
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows
csrss.exe wininit.exe Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {random characters} = “%Application Data%\{random characters}\{random characters}.exe” Other System
the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run SysHelper = "%AppLocalData%\{GUID}\{Malware
\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Image File Execution Options\ woool.dat.update HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Image File Execution Options\ woool.dat This
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S8213344 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ DirectDraw\MostRecentApplication Name = "{malware file name}" (Note: The default value data of the said registry entry is iexplore.exe .)
\Software\Microsoft\ Windows Script\Settings It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Windows Script\Settings JITDebug = "0" Other Details This Trojan connects to the
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run S224998 = "{malware path and file name}" Other System Modifications This Trojan adds the following registry
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Agent = "%System%\SVCH0ST.exe" Dropping Routine This worm drops the following files: %System%\SVCH0ST.EXE