Search
Keyword: browser hijacker
svchost.exe Download file from a specific URL and execute it Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Download Routine This worm accesses the
{4486A2C8-DAE1-4862-9265-2F4948F9F980} AppID = {889F12BD-FA8E-4D33-ACE0-EBB68BC44AA3} HKLM\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{4486A2C8-DAE1-4862-9265-2F4948F9F980} NoExplorer = 1 HKLM\SOFTWARE
malicious user: Browser, Email Pasword Dumper File Browser Keylogger Screen Streaming Download and Execute File Perform Remote Command It connects to the following websites to send and receive information:
{random}.exe" Other System Modifications This spyware adds the following registry entries: HKEY_CURRENT_USER\Software\AppDataLow\ Software\Microsoft\{GUID} Install = "{random values}" Web Browser Home Page
http://www.microsoft.com It connects to the following website to send and receive information: {blocked}.{blocked}.110.69 It does the following: It is capable of installing malicious web browser extensions that can be used
svchost.exe Download file from a specific URL and execute it Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Download Routine This worm accesses the
Propagation This worm drops copies of itself in all removable and physical drives found in the system. Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings.
a specific URL and execute it Web Browser Home Page and Search Page Modification This worm modifies the Internet Explorer Zone Settings. Download Routine This worm accesses the following websites to
nvd: NOTE: Thunderbird shares the browser engine with Firefox and could be vulnerable if JavaScript were to be enabled in mail. This is not the default setting and we strongly discourage users from
CVE-2009-2462 The browser engine in Mozilla Firefox before 3.0.12 and Thunderbird allows remote attackers to cause a denial of service (memory corruption and application crash) or possibly execute
strings in their file path: AppData Program Files Program Files (x86) AppData boot PerfLogs ProgramData Google Intel Microsoft Application Data Tor Browser Windows It appends the following extension to the
Mozilla MySQL NTUSER Package Cache PerfLogs ppsm ppt Program Files ProgramData PUBLIC readme RyukReadMe.txt Sample Music Sample Pictures Tor Browser UNIQUE_ID_DO_NOT_REMOVE Windows windows wtv It stores
local and network drives Ransomware Routine This Ransomware avoids encrypting files found in the following folders: Program Files Program Files(x86) Boot Windows Windows.old Tor Browser Internet Explorer
google mozilla program files program files (x86) programdata system volume information tor browser windows.old intel msocache perflogs x64dbg public all users default It appends the following extension to
file open and preventing encryption. Ransomware Routine This Ransomware avoids encrypting files with the following strings in their file path: AppData Boot Windows SYSVOL Tor Browser Internet Explorer
$RECYCLE.BIN $Windows.~bt $windows.~ws All Users Boot Config.Msi Default google Intel microsoft Microsoft Visual Studio 16.0 MSOCache PerfLogs Public System Volume Information tor browser Windows windows nt
is used by adding the following registry keys: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Explorer\ Browser Helper Objects\{11F09AFE-75AD-4E52-AB43-E09E9351CE17} Other System
\configs\lowdigits %Program Files%\MiPony\tes\tessdata\configs\lowletters %Program Files%\MiPony\Browser\IEContext.htm %ProgramData%\Microsoft\Windows\Start Menu\Programs\MiPony\MiPony.lnk %Application Data%
\Browser\User Data\Default\WebDataCopy %Application Data%\brave\WebDataCopy %Application Data%\brave\LoginDataCopy %AppDataLocal%\Torch\User Data\Default\LoginDataCopy %All Users Profile%\QK83DgBj5\Files
\Mozilla_Firefox_Cookies_6SAGnrR.txt %All Users Profile%\kuwQFEhPJ\Files\_FilePasswords.txt %AppDataLocal%\Vivaldi\User Data\Default\WebDataCopy %AppDataLocal%\CocCoc\Browser\User Data\Default\WebDataCopy %Application Data%\brave