Search
Keyword: browser hijacker
     {domain}/files/010-update-qoel9c5ce/hidden7170777.jpg      {domain}/files/010-update-qoel9c5ce/UK-3_xcv.jpg Redirect network traffic Monitor Browser Activity Rootkit Capabilities
characters} femjannacafe{random 2} = "{Hex Values}" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan connects to the
characters} femjannacafe{random 2} = "{Hex Values}" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan connects to the
{random}.exe" Other System Modifications This spyware adds the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ Software\Microsoft\{GUID} Install = "{random values}" Web Browser Home Page
64-bit), Windows 7 (32- and 64-bit), Windows 8 (32- and 64-bit), Windows 8.1 (32- and 64-bit), Windows Server 2008, and Windows Server 2012.) Web Browser Home Page and Search Page Modification This Trojan
encrypted files and total size of encrypted files: The dropped ransom note contains the instruction to download the Tor browser to connect to the attacker's website: Below are screenshots of the attacker's
\AuthorizedApplications\ List %Windows%\explorer.exe = "%Windows%\explorer.exe:*:Enabled" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This
\Run MediaCenter = MediaCenter = %Application Data%\dreamx.exe Information Theft This spyware gathers the following data: Host name OS version Default browser Installed plugin Installed anti-virus Stolen
characters} nuocebipcotn{random 2} = "{Hex Values}" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan connects to the
characters} femjannacafe{random 2} = "{Hex Values}" Web Browser Home Page and Search Page Modification This Trojan modifies the Internet Explorer Zone Settings. Other Details This Trojan connects to the
{random}.exe" Other System Modifications This spyware adds the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ Software\Microsoft\{GUID} Install = "{random values}" Web Browser Home Page
svchost.exe Download file from a specific URL and execute it Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Other Details This worm connects to the
svchost.exe Download file from a specific URL and execute it Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Other Details This worm connects to the
in their file path: :\Windows \Games\ \Tor Browser\ \ProgramData\ \cache2\entries\ \Low\Content.IE5\ \User Data\Default\Cache\ \All Users \IETldCache\ \Local Settings\ \AppData\Local \Program Files It
files with the following strings in their file path: $recycle.bin $windows.~ws $windows.~bt google perflogs mozilla tor browser boot windows windows.~ws windows.old royal README.TXT It appends the
BoltX LiqualityWallet XdefiWallet NamiWallet MaiarDeFiWallet Authenticator TempleWallet It steals browser data from: Chrome Firefox Opera GX It steals account information from these services: Discord
user: Download - downloads a file to specified path DownloadAndEx - downloads a file to specified path then execute OpenLink - opens a specific link in the browser Cmd - execute commands via cmd It
Config.Msi Tor browser Microsoft Google Yandex Microsoft Visual Studio 16.0 It appends the following extension to the file name of the encrypted files: .EMAIL=[{BLOCKED}nicrans@gmail.com ]ID=[{Generated ID}
following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{21608B66-026F-4DCB-9244-0DACA328DCED} Other System Modifications This Trojan deletes
\Explorer\ Browser Helper Objects\{098716A9-0310-4CBE-BD64-B790A9761158} Other System Modifications This Trojan deletes the following files: %User Temp%\nsa1.tmp %User Temp%\nsv2.tmp %System%