映像

様々なランサムウェアに対応するAppCheckの事前防御、自動復旧およびリアルタイムバックアップ機能を映像でご確認いただけます。

  • Distribution Method : Unknown
 
  • MD5 : 872a077fa50f25cde12bc4ac1ca15a6a
 
  • Major Detection Name : Win32.Trojan-Ransom.HkCrypt.A (GData), Ransom-Hacked!872A077FA50F (McAfee)
 
  • Encrypted File Pattern : .hacked
 
  • Malicious File Creation Location :
         - C:\Users\%UserName%\AppData\Roaming\<Random>\<Random>.exe
         - C:\Users\%UserName%\AppData\Roaming\<Random>\<Random>.INI
         - C:\Users\%UserName%\Desktop\<Random>.lnk
 
  • Payment Instruction File : @Leggimi_decrypt_Italian.txt / @readme_English.txt / @Readme_Spanish.txt / @Readme_turkish.txt / How_to_decrypt_files.txt
 
  • Major Characteristics :
         - Offline Encryption
         - Change the default values of the registry entry "HKEY_CLASSES_ROOT\mscfile\shell\open\command" and a ransomware execution using Event Viewer (eventvwr.exe)
         - Automatically executed every 10 minutes through the Task Scheduler entry (Microsoftfix)
         - Create a fake Windows Updates message
         - The English, Italian, Spanish and Turkish users targeted
         - Changes desktop background (hacked.jpg)

リスト

위로