Search
Keyword: microsoft internet explorer
sites. Other Details This Trojan redirects browsers to the following sites: https://www.{BLOCKED}ire.com/file_premium/adgxdstab2g00k9/Pagamento.jar/file It does the following: It acts as Microsoft Cloud
Autostart Technique This Trojan modifies the following registry entries to ensure it automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows NT\CurrentVersion\Winlogon
Windows operating system versions.) Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft
(MICROSOFT) Dropped by other malware, Downloaded from the Internet Connects to URLs/IPs, Downloads files, Executes files
registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Menulist = "%System%:mscrosslis.exe" Dropping Routine
registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Microsoft Menulist = "%System%:mscrosslis.exe" Dropping Routine
normal process(es): svchost.exe Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
normal process(es): svchost.exe Autostart Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows
Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {malware file name} = %User Profile%\
\Microsoft\ Active Setup\Installed Components\{07869431-8ED0-027F-0006-050402010508} StubPath = "%System%\als.exe" Other System Modifications This backdoor adds the following registry keys: HKEY_LOCAL_MACHINE
every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Active Setup\Installed Components\{9E41174A-B99F-F49D-5CD0-0EF87DF3A162} StubPath = "%System%:msjbvpncon.exe" Other System Modifications This
Technique This Trojan adds the following registry entries to enable its automatic execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Driver Control Manager
\Software\Microsoft\ Direct3D\MostRecentApplication It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Direct3D\MostRecentApplication Name = "{malware file name}" Dropping Routine
\Software\Microsoft\ Direct3D\MostRecentApplication It adds the following registry entries: HKEY_CURRENT_USER\Software\Microsoft\ Direct3D\MostRecentApplication Name = "{malware file name}" Dropping Routine
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run NMAIN = "%Windows%\COLVNUTuxRn.exe" Other System Modifications This worm modifies the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run CSRLT.EXE = "%System%\CSRLT.EXE" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\RunOnce
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run Windows Updates = "%System%\Update.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run
system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run RegistryMonitor1 = %System%\qtplugin.exe Other System Modifications This backdoor adds the following registry entries:
\Software\Microsoft\ Windows\CurrentVersion\Run Microsoft DLL Registration = "%User Profile%\Application Data\regsrv64.exe" Backdoor Routine This Trojan connects to the following URL(s) to send and receive
execution at every system startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Run mtmwkova = "%System%\mtmwkova.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run