Ransom.ACE_19 is a Trojan. A Trojan is a program that pretends to have a valid use, but in fact modifies the user's computer in malicious way. Trojans do not replicate or spread to other computers.
Process Related Changes
It creates the following mutex(es):
It creates the following process(es): - C:\Windows\System32\cmd.exe
Registry Related Changes
It makes the following registry modifications to ensure infection after system reboot: - HKCU\Software\Microsoft\Windows\CurrentVersion\Run\26063183812 = C:\Users\Admin\2606318381\2606318381.EXE
- HKCU\Software\Microsoft\Windows\CurrentVersion\Runonce\2606318381ww2606318381_del = cmd.exe/cdElC:\windows\temp\17580ee332b18051312563321e13f2bc.exe
|
