Videos
Check out our video library AppCheck defending against newest ransomware, automatic recovery and real-time backup.
- Distribution Method: By visitng infected WordPress based website, infected by exploit kit using vulnerability of WordPress
- MD5: a8f71638d511d60c7bf8c3de1f7951d7
- Major Detection Name: Trojan/Win32.Teslacrypt.C1326502 (AhnLab V3), Ransom:Win32/Crowti.A (Microsoft)
- Encrypted File Pattern: .h0, .u1, .a9cw (random extension)
- Malicious File Creation Location: C:\Users\%USERNAME%\AppData\Roaming\05cf3150b\2db732cbb4.exe (self removal after encryption)