Search
Keyword: browser hijacker
" HKEY_CURRENT_USER\Software\Microsoft\ Windows Script\Settings JITDebug = "1" It deletes the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
" HKEY_CURRENT_USER\Software\Microsoft\ Windows Script\Settings JITDebug = "1" It deletes the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\
\DOCUME~1\Wilbert %User Profile%\LOCALS~1 %User Temp%\nsd7.tmp %System Root%\Documents and Settings\Wilbert %Application Data%\Browser Warden %Application Data%\Browser Warden\firefox %Application Data%
Apple Applications QQ Browser Opera Browser Yandex Browser 360 Browser Iridium Browser Torch Browser 7Star Amigo Brave CentBrowser Chedot Comodo Dragon Cool Novo Chromium Orbitum Sputnik Uran Vivaldi
registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{E2B9134A-BAFF-487B-BEED-D2D5EC2D55FB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{E2B9134A-BAFF-487B-BEED-D2D5EC2D55FB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{E2B9134A-BAFF-487B-BEED-D2D5EC2D55FB} HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows
Password from the following applications: 360 Browser 7Star Amigo BlackHawk Brave Brave Browser CentBrowser Chedot Chrome ChromePlus Chromium Citrio Claws-mail CocCoc Coccoc Comodo Dragon Cool Novo CoolNovo
the following data: User Name Computer Name OS Name OS Version Platform OS Version Processor Name Amount of Physical Memory Username and Password from the following applications: 360 Browser 7Star Amigo
OS Name OS Version Platform OS Version Processor Name Amount of Physical Memory Video Card Name Video Card Memory Screenshots Username and Password from the following applications: 360 Browser 7Star
Domain Password Credential Windows Extended Credential Microsoft Edge Apple Applications QQ Browser Opera Browser Yandex Browser 360 Browser Iridium Browser Comodo Dragon Cool Novo Chromium Torch Browser
360 Browser 7Star Amigo BlackHawk Brave Browser CentBrowser Chedot Chrome Chromium Citrio Claws-mail CocCoc Comodo Dragon CoolNovo Coowon CoreFTP CyberFox DynDNS Elements Browser Epic Privacy Browser
Video Card Name Video Card Memory Screenshots Username and Password from the following applications: 360 Browser 7Star Amigo BlackHawk Brave Brave Browser CentBrowser Chedot Chrome Chromium Citrio
Version Processor Name Amount of Physical Memory Username and Password from the following applications: 360 Browser 7Star Amigo BlackHawk Brave Browser CentBrowser Chedot Chrome Chromium Citrio Claws-mail
\DOCUME~1\Wilbert %User Profile%\LOCALS~1 %User Temp%\nss3.tmp %System Root%\temp %User Temp%\nsr10.tmp %System Root%\Documents and Settings\Wilbert %Application Data%\Browser Guardian %Program Files%\Bench
the following sites: If browser language starts with "ja11111111": http://www.{BLOCKED}omo-urt.com If it is running on IOS: If browser language starts with "ko": http://security2.{BLOCKED
directory}/tor.zip The malware installs and creates a hidden instance of Tor browser on the system and sets its proxy to 127.0.0.1:9050, the default listening port of Tor to route all connections through the
The malware determines the default Internet browser of the affected system by querying a certain registry entry. It then injects a thread in the browser if an instance of it is running. If the
Screen size Model name Cores GPU Browser autofills, cookies & Login data from the following: Opera GX Stable Opera Stable Google Chrome Microsoft Edge Google(x86) Chrome Chromium Brave Browser Epic Privacy
gathers credentials from the following browsers: 360 Browser 7Star Amigo AVAST Software AVG Browser Brave Browser CCleaner CentBrowser Chedot Chrome Chromium | SRWare Iron Browser Citrio CocCoc Comodo