Search
Keyword: microsoft internet explorer
Windows root folder, where it usually is C:\ on all Windows operating system versions.) It creates the following folders: %Application Data%\737FF7 %All Users Profile%\Microsoft\Windows\Caches %Windows%
\Microsoft (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.) Autostart Technique This Trojan Spy registers itself as a system service to ensure
This Trojan Spy deletes the following files: {malware file path and name} It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\NetworkList\ Nla\Cache
\Microsoft (Note: %Windows% is the Windows folder, where it usually is C:\Windows on all Windows operating system versions.) Autostart Technique This Trojan Spy registers itself as a system service to ensure
7, 8, 8.1, 2008(64-bit), 2012(64-bit) and 10(64-bit).) Other System Modifications This Trojan Spy deletes the following files: %Windows%\ServiceProfiles\NetworkService\AppData\Local\Microsoft\Windows
the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run B713A56A-2270-1C17-E8C2-6C323692A1BA} = "
Management Center Dbman 1009959 - HPE Intelligent Management Center 'dbman' Opcode Denial Of Service Vulnerability (CVE-2018-7123) MS-RDPEUDP2 1009940* - Microsoft Windows RDP Server Information Disclosure
-command "Set-ExecutionPolicy Unrestricted" %System%\scrnsave.scr /s net localgroup administrators session /ADD %System%\net1 localgroup administrators session /ADD reg add "HKLM\Software\Microsoft\Windows
hkey_local_machine\software\microsoft\ esent\process\{malware file name} hkey_local_machine\software\microsoft\ esent\process\{malware file name}\ debug HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ ESENT\Process
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\8977933396928341 stubpath = "%Program Files%\Common Files\Apple\Mobile Device Support\apple.exe" Other System Modifications This Trojan adds the
name} on Windows Vista and 7.) It creates the following folders: %User Profile%\Application Data\5BfROHdZ0 %User Profile%\Microsoft\Backups (Note: %User Profile% is the current user's profile folder,
Autostart Technique This backdoor adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run MicroUpdate =
} on Windows Vista and 7.) It creates the following folders: %User Profile%\Microsoft\System %User Profile%\System\Services %System%\JNUGQR (Note: %User Profile% is the current user's profile folder,
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run boredcoders = "%Windows%:Server.bat" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
\Common Files\System\_CHAR(0x12)_°!ö %Program Files%\Common Files\Microsoft Shared\h®_CHAR(0x16)_¨XÇfÌø¬Ù2Ķ_CHAR(0x19)__CHAR(0x1A)_ëiÚwW_CHAR(0x19)__CHAR(0x1B)_Hÿwÿø«_CHAR(0x01)_áµÿ¿yèäØ_CHAR(0x1D)__CHAR
folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Temp on Windows 2000, XP, and Server 2003.) It adds the following registry keys: HKEY_CURRENT_USER\Software\Microsoft\ Windows
\kok_simp.myClassdll\Clsid HKEY_LOCAL_MACHINE\Software\Description\ Microsoft\Rpc\UuidTemporaryData HKEY_LOCAL_MACHINE\SOFTWARE\Classes\ CLSID\{53362C32-A296-4F2D-A2F8-FD984D08340B}\Programmable It adds the following
Installation This Trojan drops the following files: %Application Data%\Microsoft\update.exe - also detected as TROJ_DLOADR.ZTZ (Note: %Application Data% is the current user's Application Data folder, which is
file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Installation This Trojan creates the following folders: %Program Files%\Microsoft JDK %Program
64-bit); C:\Users\{user name}\AppData\Roaming\Microsoft\Windows\Start Menu on Windows Vista (32- and 64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows