live casino online

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites. Puede haberlo infiltrado otro malware.

Detalles de entrada

It arrives on a system as a file dropped by other malware or as a file downloaded unknowingly by users when visiting malicious sites.

Puede haberlo infiltrado el malware siguiente:

• Ransom.Win32.ZHEN.THIBDBO

Otros detalles

Hace lo siguiente:

• It has the following modules with different capabilities:
  • standard - contains common commands to operate the tool such as exit, cls, cd
  • privilege - used to manipulate privilege/rights
  • crypto - uses CryptoAPI functions which has the capability to list and export certificates
  • sekurlsa - has the capability to extract Windows passwords, keys, pin codes, tickets
  • kerberos - uses Microsoft Kerberos API which has the capability to manipulate Kerberos tickets
  • lsadump - has the capability to dump Windows credentials
  • vault - used to manipulate vault credentials
  • token - used to manipulate Windows authentication tokens
  • event - used to clear/drop event logs
  • ts - contains remote desktop capabilities
  • process - used to manipulate processes
  • service - used to manipulate services
  • net - used to display information about Windows users
  • misc - contains miscellaneous commands such as open cmd, open regedit and open taskmanager
  • sid - used to manipulate SID(Security Identifiers)
  • minesweeper - helps read the location of the mines on the game 'minesweeper' straight from memory
  • dpapi - used to work with DPAPI (Data Protection Application Programming Interface)
  • busylight - provides additional information for and control of connected BusyLights
  • system environment - provides the ability to manage system environment variables
  • rpc - provides remote control of mimikatz
  • sr98 - RF module for SR98 device and T5577 target
  • rdm - RF module for RDM(830 AL) device
  • acr - ACR module