Search
Keyword: bkdrhcktck2kc
\Software\{UID} HKEY_CURRENT_USER\Software\{UID}\ {random key} It adds the following registry entries: HKEY_CURRENT_USER\Software\{UID} {random 2 characters} = "{contents of HELP_DECRYPT.URL}
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. It avoids encrypting
This malware is a variant of the ransomware family EREBUS and was discovered to be involved in an attack against South Korean webhosting company NAYANA. Users affected by this malware may find their
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be dropped by other malware. It uses the Windows
This Trojan may be downloaded by other malware/grayware from remote sites. It connects to certain websites to send and receive information. Arrival Details This Trojan may be downloaded by the
This ransomware speaks, apart from dropping ransom notes. It determines the location (country) of the computer it infects, and avoids infecting computers found in certain countries. This Trojan
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
-w 2 > Nul & Del %Application Data%\Microsoft\svchost.exe It deletes shadow copies using the following commands: WMIC.exe /C shadowcopy delete vssadmin.exe Delete Shadows /All /Quiet It hides
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It drops files as ransom note. Arrival Details This
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be downloaded by other malware/grayware from
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It connects to certain websites to send and receive
This Ransomware may be downloaded by other malware/grayware from remote sites. It connects to certain websites to send and receive information. It encrypts files with specific file extensions. It
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It may be downloaded by other malware/grayware from
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It is capable of encrypting files in the affected
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It does not have any propagation routine. It does not
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files found in specific folders. It
This malware uses exploits on JexBoss open source server application and other Java-based application platforms to install itself in targeted web application servers. It appends the extension