Search
Keyword: usojan.ps1.mimikatz.ads
credentials: Username: administrator Password: 123456 password PASSWORD football welcome 1 12 21 123 321 1234 12345 123123 123321 111111 654321 666666 121212 000000 222222 888888 1111 555555 1234567 12345678
the following: It creates the following WMI Class under root\default: systemcore_Updater6 WMI objects: funs = {base64 encoded script} mimi = Mimikatz Trojan.Powershell.Agent.DR(BITDEFENDER) Downloaded
\CurrentControlSet\ services\cscc Type = 1 Information Theft This Ransomware gathers the following data: Username Password Other Details This Ransomware does the following: This Ransomware encrypts files. It does not
\CurrentControlSet\ services\cscc Type = 1 Information Theft This Ransomware gathers the following data: Username Password Other Details This Ransomware does the following: This ransomware encrypts files. It does not
PIP_Left = 708 HKEY_CURRENT_USER\Software\APN PIP\ ARS PIP_UI_Ready = 1 HKEY_CURRENT_USER\Software\APN PIP\ ARS PIP_Top = 248 HKEY_CURRENT_USER\Software\APN PIP\ ARS Left = 708 HKEY_CURRENT_USER\Software\APN
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Arrival Details This Trojan arrives on a system as a
This Trojan arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It disables Task Manager, Registry Editor, and Folder
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It deletes itself after execution. It encrypts files
\Microsoft\ Windows\CurrentVersion\SystemRestore DisableSR = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Policies\ Microsoft\Windows Defender DisableAntiSpyware = 1 It deletes the following registry keys: HKEY_LOCAL_MACHINE
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It encrypts files with specific file extensions.
\ Windows\CurrentVersion\Policies\ System DisableTaskMgr = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ System LocalAccountTokenFilterPolicy = 1 HKEY_LOCAL_MACHINE \SOFTWARE
LocalAccountTokenFilterPolicy = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ System EnableLinkedConnections = 1 HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\ Windows\CurrentVersion\Policies\ System
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It steals certain information from the system and/or
\CurrentVersion\Run encReadmyAutoload = "{Malware path}\How to decrypt files.html" It execute the following command: cmd.exe /C ping 1.1.1.1 -n 1 -w 3000 > Nul & Del “{Malware path}\{malware file}.exe” Ransomware
This Ransomware arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. It lowers the security setting of Internet Explorer.
Options: HKEY_CURRENT_USER\Software\Microsoft\ Windows\CurrentVersion\Policies\ System DisableTaskMgr = "1" Dropping Routine This File infector drops the following files: %AppDataLocal%\Microsoft\Internet
DisableAntiSpyware = "1" HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\ Control\SecurityProviders\WDigest UseLogonCredential = "1" HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\Win_Svc MarkTime = "2020-01-28 04:49
This Ransomware encrypts files with the following extensions: 000 001 1 101 103 108 110 123 128 1cd 1sp 1st 3 3d 3d4 3dd 3df 3df8 3dm 3dr 3ds 3dxml 3fr 3g2 3ga 3gp 3gp2 3mm 3pr 3w 4w7 602 7z 7zip 8 89t