Dis is designed to encrypt files, modify the filenames of all encrypted files, display a pop-up window, and create the "FILES ENCRYPTED.txt" file. It renames encrypted files by adding the victim's ID, decrypt@disroot.org email address, and appending the ".dis" extension to filenames. For example,
ExtendedMode is an adware-type application, which possesses certain characteristics of browser hijackers. Following successful infiltration, this app delivers intrusive advertisement campaigns and makes modifications to browser settings to promote fake search engines. Additionally, most adware-
Wbxd belongs to the Djvu ransomware family. It encrypts files and modifies their filenames by appending the ".wbxd" extension. For example, after encryption, "1.jpg" would be renamed to "1.jpg.wbxd", "2.jpg" to "2.jpg.wbxd", and so on. This ransomware also creates a ransom message ("_readme.txt"
SkillApplication generates unwanted ads, changes browser settings, and possibly collects browsing-related and/or other data. Therefore, this app is classified not only as adware but also as a browser hijacker. In most cases, users download and install these apps inadvertently and, therefore, Sk
LiveRadioSearch promotes liveradiosearch.com, a fake search engine. Like most apps of this type, LiveRadioSearch achieves this by changing browser settings without users' permission. Furthermore, this app gathers browsing-related data. People often download and install browser hijackers inadvert
Aulmhwpbpzi belongs to the Snatch ransomware family. It encrypts and renames files by appending its extension (".aulmhwpbpzi") to filenames. For example, "1.jpg" is renamed to "1.jpg.aulmhwpbpzi", "2.jpg" to "2.jpg.aulmhwpbpzi", and so on. Aulmhwpbpzi creates a ransom message within the "HOW TO R
Typically, websites such as bestpeacheu[.]com are promoted by other bogus websites, dubious ads, or potentially unwanted applications (PUAs). I.e., users do not often visit them intentionally. The main purpose of bestpeacheu[.]com and similar sites is to trick visitors into downloading PUAs.
Typically, apps that are classified as a browser hijackers change browser settings without users' permission (they assign them to the address of a fake search engine). Private Deep promotes keysearchs.com in this way and also collects browsing history. Users often download and install browser hij
M88P encrypts files and changes the filename of each encrypted file by replacing it with the marco88Polo@criptext.com email address, a string of random characters, and the ".M88P" extension. For example, "1.jpg" is renamed to "[Marco88Polo@criptext.com].2dTJHVkP-KGU2jY25.M88P", "2.jpg" to "[Marco
fast2captcha[.]com is similar to myniceposts[.]com, fastsolvecaptcha[.]com, kersatur[.]online, and many other web pages. Note that users do not often visit these pages intentionally - they are opened by installed potentially unwanted applications (PUAs), through other bogus web pages, or via dubio