Search
Keyword: gif
archive file %User Temp%\{random}.{extension} which contains the non-malicious RTF document. The random {extension} may be any of the following: 3gp avi bin bmp cda chm dat dll doc exe fb2 flv gif hlp iso
{extension} , which contains the non-malicious RTF document. The {extension} can be any of the following: 3gp avi bin bmp cda chm dat dll doc exe fb2 flv gif hlp iso jpg mdb mdf mds mdv mp3 mpg nrg ogg pdf png
swf wmv vob bmp gif jpg png iso mdf mds bin dat nrg 3gp ogg vob exe dll Spammed via email Connects to URLs/IPs, Downloads files
dayzprofile dazip db0 dba dbf dbfv dcr der desc dll dmp dng doc docm docx dot dotx drv dwg dxf dxg epk eps erf esm exe exif ff flv fon forge fos fpk fsh gdb gho gif gpd hkdb hkx hlp hplg htm html hvpl ibank ico
erf fb2 gif gz h img indd jpe jpeg jpg kdc mdb mdf mef mht mrw nef nrw odb odc odm odp ods odt orf p12 p7b p7c pdd pdf pef pem pfx pht ppt pptm pptx psd pst ptx r3d raf rar raw rtf rw2 rwl sr2 srf srw
dbf dcr dcu dds default der dfm directory disc dmg dng doc docm docx dtd dvd dwg dxf eip emf eml eps epub erf fff flv frm gfx gif gzip h htm html idl iiq indd inf iso jar java jfif jge jpe jpeg jpg js
dmi vue dpx wire drz dt2 dtw dvl ecw eip erf exr fal fax fil fpos fpx g3 gcdp gfb gfie ggr gif gih gim gmbck gmspr spr scad gpd gro grob hdp hdr hpi i3d icn icon icpr iiq info int ipx itc2 iwi j j2c j2k
bibtex bkf bmp bpn btd bz2 cdi cer cert cfm cgi cpio cpp crt csr cue c++ dds dem dmg doc docm docx dsb dwg dxf eddx edoc eml emlx eps epub fdf ffu flv gam gcode gho gif gpx gz hbk hdd hds hpp h++ ics idml
extensions: 000 1CD AFN ANI AST BAT BIN CAB CFG CHK CHM CMD COM CUR DAT DBF DBS DBX DEV DLL DMP DOC DRV DT DUN EFI EXE GIF HLP HTA HTM ICO INF INI ISP ISW JA JPG JS LNG LNK LOG MBR MDB MDF MP3 MSI MSU MUI NFO
drives with the following extensions with a copy of itself: mp3 avi wma wmv wav mpg mp4 doc txt pdf xls jpg jpe bmp gif tif png It uses the original file name used for the replaced files. It then sets the
pdf xls jpg jpe bmp gif tif png It uses the original file name used for the replaced files. It then sets the attribute of the original folders and files in the removable drives to Hidden and System to
pot pps ppsm ppsx ppam potx potm edb hwp 602 sxi sti sldx sldm gpg aes ARC PAQ bz2 tbk bak tar tgz gz 7z rar zip backup iso vcd bmp png gif raw cgm tif tiff nef psd ai svg djvu m4u m3u mid wma flv 3g2
jar bmp swm vault xtbl ctb 113 73b a3d abf abk prproj torrent bck as4 asvx ate old unity3d gif html htm shtm shtml con bin pass lng ttarch2 mpq cab NetCDF DayZProfile 001 DTAUS DICOM CCD mcgame OFX QBO
extensions: 3gp aac ans ape asc asm asp aspx avi awk bas bat bmp c cs cls clw cmd cpp csproj css ctl cxx def dep dlg dsp dsw eps f f77 f90 f95 fla flac frm gif h hpp hta htm html hxx ico idl inc ini inl java
forge fos fpk fsh gdb gho gif gpd hkdb hkx hlp hplg htm html hvpl ibank ico icxs idl ifo indd inf inf_loc ini itdb itl itm iwd iwi jfif jpe jpeg jpg js kdb kdc kf layout lbf lck lib litemod lnk log log1
following extensions: ico png bmp txt html avi wav mp3 gif It renames encrypted files using the following names: {original file name and extension}.encrypted However, as of this writing, the said sites are
dds deb dem dif doc docm docx dotm dotx eps flv fnt fon fpx gam ged gif gz h htm html ics iff indd ini iso j2c j2k java jfif jif jp2 jpeg jpg jpx js json jsp key keychain log lua m3u m4a m4v max mdb mht
docx dot dotm dotx drf drw dtd dwg dxb dxf dxg eml eps erbsql erf exf fdb ffd fff fh fhd fla flac flv fmb fpx frx fxg gif gray grey gry gz h hbk hpp htm html ibank ibd ibz idx iif iiq incpas indd jar
Shadows /All /Quiet Ransomware Routine This Ransomware encrypts files with the following extensions: dat keychain sdf vcf jpg png tiff tif gif jpeg jif jfif jp2 jpx j2k j2c fpx pcd bmp svg 3dm 3ds max obj
website to send and receive information: https://{BLOCKED}ck.ru/topic.php It encrypts files with the following extensions: avi wav mp3 gif ico png bmp txt html It renames encrypted files using the following