Search
Keyword: cpl
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows\Safer\ CodeIdentifiers ExecutableTypes = ADE ADP BAS BAT CHM CMD COM CPL CRT EXE HLP HTA INF INS ISP LNK MDB MDE MSC MSI MSP MST OCX PCD PIF REG SCR SHS URL VB
following: Avoids encrypting files with the following extensions: ani cab cpl cur diagcab diagpkg dll drv lock hlp ldf icl icns ico ics lnk key idx mod mpa msc msp msstyles msu nomedia ocx prf rom rtp scr shs
following: Avoids encrypting files with the following extensions: ani cab cpl cur diagcab diagpkg dll drv lock hlp ldf icl icns ico ics lnk key idx mod mpa msc msp msstyles msu nomedia ocx prf rom rtp scr shs
com cpl xe ini dll lnk url ttf DECRYPT.txt It avoids encrypting files with the following strings in their file path: rsa windows $RECYCLE.BIN NTDETECT.COM ntldr MSDOS.SYS IO.SYS boot.ini AUTOEXEC.BAT
com cpl dll exe gadget hta msc msi msp pif scf scr sys It avoids encrypting files with the following file name: p0r4dime.1! thumbs.db It avoids encrypting files within the following folder names: ".
extensions: application bat cmd com cpl dll exe gadget hta msc msi msp pif scf scr sys It avoids encrypting files with the following file names: p0r4dime.1! thumbs.db It avoids encrypting files within the
extensions: application bat cmd com cpl dll exe gadget hta msc msi msp pif scf scr sys It avoids encrypting files with the following file name: p0r4dime.1! thumbs.db It avoids encrypting files within the
cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hrmlog hta icl icns ico ics idx ini key lnk lock log mod mpa mp3 msc msi msp msstyles msu nls nomedia ocx prf ps1 rom rtp scr shs spl sys
lnk exe cab scr bat drv rtp msp prf msc ico key ocx diagcab diagcfg pdb wpx hlp icns rom dll msstyles mod ps1 ics hta bin cmd ani 386 lock cur idx sys com deskthemepack shs ldf theme mpa nomedia spl cpl
extensions: 386 adv ani bat bin cab cmd com cpl cur deskthemepack diagcab diagcfg diagpkg dll drv exe hlp hrmlog hta icl icns ico ics idx ini key lnk lock log mod mpa mp3 msc msi msp msstyles msu nls nomedia
code sound dlls click lanes vmbus blb setthe tasks item als cluster prof psec cofire ram phong vector notices cull netsh wan cpl shims convert chx sens ihun priv It creates a startup service if it has
}.exe → if run without admin privileges where {string1} and {string2} can be any of the following strings: term with poller indiana shader sti dlgs metered asptlb conman plain while cpl crash teapot
}.exe → if run without admin privileges where {string1} and {string2} can be any of the following strings: term with poller indiana shader sti dlgs metered asptlb conman plain while cpl crash teapot
nirmala cred was ipsm sms flows code sound dlls click lanes vmbus blb setthe tasks item als cluster prof psec cofire ram phong vector notices cull netsh wan cpl shims convert chx sens ihun priv (Note:
}.exe → if run without admin privileges where {string1} and {string2} can be any of the following strings: term with poller indiana shader sti dlgs metered asptlb conman plain while cpl crash teapot
msi sys wpx cpl adv msc scr key ico dll hta deskthemepack nomedia msu rtp msp idx ani 386 diagcfg bin mod ics com hlp spl nls cab exe diagpkg icl ocx rom prf themepack msstyles icns mpa drv cur diagcab
encrypting files with the following extensions: application bat cmd com cpl dll exe gadget hta msc msi msp pif scf scr sys It avoids encrypting files with the following file names: p0r4dime.1! thumbs.db It
It drops the following file(s) as ransom note: rPAJXSFqhw-RECOVER-README.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cmd com cpl cur deskthemepack diagcab
FeOtgcjByd It drops the following file(s) as ransom note: FeOtgcjByd-RECOVER-README.txt It avoids encrypting files with the following file extensions: 386 adv ani bat bin cmd com cpl cur deskthemepack diagcab
ntuser.ini ntldr boot.ini File extensions: msi mpa ps1 lnk icl hlp diagcfg cab icns nls drv key cur ldf ics com 386 ico mod scr cmd deskthemepack exe themepack cpl spl msu hta ani dll msc diagcab rom bat