Search
Keyword: JS_LOCKY.FS
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This is deleted after encryption of all files) Other System Modifications This Trojan
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This registry entry is deleted after encryption of all files) Other System Modifications
renames the encrypted files to {unique ID per victim}{identifier}.locky It adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries as part of its
{7209F5A7-047B-4D4C-9F8A-3A6AE938F17C}\RP1\snapshot\Repository\$WinMgmt.CFG %System Root%\System Volume Information\_restore{7209F5A7-047B-4D4C-9F8A-3A6AE938F17C}\RP1\snapshot\Repository\FS\INDEX.BTR %System Root%\System Volume
\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This registry entry is deleted after encryption of all files) Other System Modifications This Trojan modifies the following file(s): It
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This is deleted after encryption of all files) Other System Modifications This Trojan
startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" (Note: This is deleted after encryption of all files) Other System Modifications This Trojan
visiting malicious sites. Other System Modifications This Trojan adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This
to {unique ID per victim}{identifier}.locky It adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries as part of its installation routine:
\snapshot\Repository\FS\INDEX.BTR %System Root%\System Volume Information\_restore{7209F5A7-047B-4D4C-9F8A-3A6AE938F17C}\RP1\snapshot\Repository\FS\INDEX.MAP %System Root%\System Volume Information\_restore
execution at every system startup: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run Locky = "%User Temp%\svchost.exe" Other System Modifications This Trojan adds the following registry entries
This Trojan may be dropped by other malware. It does not have any propagation routine. It does not have any backdoor routine. Arrival Details This Trojan may be dropped by the following malware:
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
adds the following registry keys: HKEY_CURRENT_USER\Software\Locky It adds the following registry entries: HKEY_CURRENT_USER\Software\Locky id = "98505B08B3594B76" HKEY_CURRENT_USER\Software\Locky pubkey
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive