Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 156425a5c079ae44b6be285d361bb00e
 
  • Major Detection Name : Trojan-Ransom.Win32.Crypren.afgj (Kaspersky), Ransom:Win32/Aurora.PI (Microsoft)
 
  • Encrypted File Pattern : .cryptoid
 
  • Malicious File Creation Location :
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@@_BENI_OKU_@@.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@@_DIKKAT_@@.txt
     - C:\Users\%UserName%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\@@_SILINEN_VERILER_@@.txt
     - C:\Users\%UserName%\AppData\Roaming\000000000.key
 
  • Payment Instruction File : @@_BENI_OKU_@@.txt / @@_DIKKAT_@@.txt / @@_SILINEN_VERILER_@@.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Aurora Ransomware series
     - The Turkish users targeted

List

위로