Search
Keyword: unixliona1
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
%Application Data%\Microsoft\Windows\smss.exe -start notepad.exe "%Application Data%\Microsoft\Windows\smss.exe" -agent 0 "%Application Data%\Microsoft\Windows\smss.exe" -agent 1 "%Application Data%\Microsoft
DisableCMD = 1 HKCU\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer DisallowRun = 1 HKLM\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ Explorer DisallowRun = 1 HKCU\Software\Microsoft
credentials: Username Administrator Password !@#$%^&* 000000 1 1111 111111 111111111 112233 11223344 12 121212 123 123 123 123!@#qwe 123.com 123123123 123321 1234 12345 123456 123456 1234567 12345678
ProxyStubClsid32 = "{00020424-0000-0000-C000-000000000046}" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\International\CpMRU Enable = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer
registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center UacDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center\Svc AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE
\Microsoft\ Windows\CurrentVersion\Explorer\ Advanced HideFileExt = 1 (Note: The default value data of the said registry entry is 1 .) HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\Main Start Page =
This worm arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This worm arrives on a system as a file
\Microsoft\ Windows\CurrentVersion\Uninstall\ thriXXX WebLaunch NoModify = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Uninstall\ thriXXX WebLaunch NoRepair = 1 Dropping Routine This
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center UacDisableNotify = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center\Svc AntiVirusOverride = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Security Center
\Policies\ Google\Chrome MetricsReportingEnabled = "0" HKEY_CURRENT_USER\Software\RegisteredApplicationsEx 6e14f29f9d6bde90f2f87fb216ad1670 = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion
adds the following registry keys: HKEY_LOCAL_MACHINE\Software\InstallIQ It adds the following registry entries: HKEY_LOCAL_MACHINE\SOFTWARE\InstallIQ test = "1" It modifies the following registry
Folder Options: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ Explorer NofolderOptions = "1" HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System
\ NetworkAgentDriver t0_s = "109139122142134090" HKEY_LOCAL_MACHINE\SOFTWARE\Clients\ NetworkAgentDriver t0_deb = "1" HKEY_LOCAL_MACHINE\SOFTWARE\Clients\ NetworkAgentDriver t0_sp =
This Potentially Unwanted Application arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be manually installed
Mimikatz Pass-The-Hash Capable of performing Brute Force Attack. It uses the following credentials: Username: Administrator admin Password: !@#$%^&* 000000 1 1111 111111 111111111 112233 11223344 12
HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\International\CpMRU Enable = "1" HKEY_CURRENT_USER\Software\Microsoft\ Internet Explorer\International\CpMRU Size = "a" HKEY_CURRENT_USER\Software\Microsoft
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder