Search
Keyword: browser hijacker
\StampG\{random name 2}.exe" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Download Routine This Trojan saves the files it downloads using the
"%User Temp%\Adobe\Reader_sl.exe" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Run {Random Characters} = "%Application Data%\Identities\{Random Characters}.exe" Web Browser Home Page
Profile%\Start Menu\Programs\ Startup\mulk HKEY_CURRENT_USER\Software\VB and VBA Program Settings\ %User Profile%\Start Menu\Programs\ Startup\subb Web Browser Home Page and Search Page Modification This
following: It monitors the user's banking activies by checking the browser for the following strings which are related to banking sites: Banco Bradesco Banco Santander Brasil Banco do Brasil Sicredi
boot PerfLogs ProgramData Google Intel Microsoft Application Data Tor Browser Windows It appends the following extension to the file name of the encrypted files: {6 random characters} It drops the
the following strings in their file path: $ AppData Program Files Program Files (x86) AppData boot PerfLogs ProgramData Google Intel Microsoft Application Data Tor Browser Windows It appends the
terminates the following services: UniFi MSSQLSERVER SQLSERVERAGENT SQLWriter vmms MSSQL SQLAgent MSSQLFDLauncher SQLBrowser Browser It deletes itself after execution. Ransomware Routine This Ransomware avoids
\System.Data.SQLite.dll -> used to gather browser information (Note: %AppDataLocal% is the Local Application Data folder, which is usually C:\Documents and Settings\{user name}\Local Settings\Application Data on Windows
in their file name: README.txt It avoids encrypting files with the following strings in their file path: $recycle.bin $windows.~bt $windows.~ws boot google mozilla perflogs tor browser windows
text on the console after execution Ransomware Routine This Ransomware avoids encrypting files with the following strings in their file path: Windows Windows.old Tor Browser Internet Explorer Google
Program Files (x86) #recycle It avoids encrypting files with the following strings in their file path: AppData Boot Windows Windows.old Tor Browser Internet Explorer Google Opera Opera Software Mozilla
Ransomware Routine This Ransomware avoids encrypting files with the following strings in their file path: AppData Boot Windows Windows.old Tor Browser Internet Explorer Google Opera Opera Software Mozilla
following based on the configuration received from the server: Cryptowallet information Browser data Files grabber Environment variable data related to Tokens and Keys Other Details This Trojan Spy connects
This Trojan Spy gathers the following data: Browser Data(e.g. Cookies, Login Data): Chrome Edge Firefox Brave Opera Chromium CocCoc IP Address Victim's Location Time Stolen Information This Trojan Spy
Explorer is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{897A1BC8-4CF0-48F7-AD60-6BF6D5D5B347} It registers as a
customers can use Trend Micro Browser Guard to prevent JS_EXPLOIT.BRU from executing on their systems. Trend Micro Browser Guard has the ability to remove malicious JavaScripts from Web pages, rendering
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{b448d946-3623-42ab-ba32-c08651e36980} It modifies the following registry entries to ensure it automatic execution at
\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{F171A450-7AF5-43E1-AFED-EDC826A1B0F5} It registers as a system service to ensure its automatic execution at every system startup by adding
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{39fc2065-c9c7-49cd-8942-44cc2dedc844} Other System Modifications This Trojan deletes the following files: %Windows%
RockMelt K-Meleon Epic Browser FastStone Browser Stolen Information This spyware sends the gathered information via HTTP POST to the following URL: http://{BLOCKED}-cache-node.com/gate.php http://{BLOCKED