Videos

Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.

  • Distribution Method : Unknown
 
  • MD5 : 16c535832df86b2d3c2df705c41e94e0
 
  • Major Detection Name : W32/GenKryptik.ERHN!tr (Fortinet), Trojan:Win32/Caynamer.A!ml (Microsoft)
 
  • Encrypted File Pattern : .zqqw
 
  • Malicious File Creation Location :
     - C:\SystemID
     - C:\SystemID\PersonalID.txt
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>
     - C:\Users\%UserName%\AppData\Local\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe
     - C:\Users\%UserName%\AppData\Local\bowsakkdestx.txt
     - C:\Windows\System32\Tasks\Time Trigger Task
 
  • Payment Instruction File : _readme.txt
 
  • Major Characteristics :
     - Offline Encryption
     - Reruns by adding "Time Trigger Task" in Task Scheduler to run "%LocalAppData%\<Random>-<Random>-<Random>-<Random>-<Random>\<Random>.exe --Task" for every 5 minutes.

List

위로