WinRing0x64.sys
WinRing0x64.sys is a low-level driver that is used by specific applications. The file is not malicious, though, but malware can abuse this driver. Next, we will find out who uses…
How can an attacker execute malware through a script?
Over the last four years, the share of script-based attacks of malware offenses worldwide has grown so drastically that it raised alerts among security specialists and ordinary users. In this…
Trojan:Win32/Vigorf.A
Trojan:Win32/Vigorf.A is a generic detection of Microsoft Defender. This detection commonly identifies a running loader malware that may deal significant harm to the system. In this article, let's find out…
Program:Win32/Wacapew.C!ml
Program:Win32/Wacapew.C!ml detection refers to programs that have suspicious properties. This can be either a false positive or a detection of a program that has its properties & functions border with…
Lumma Stealer Spreads Via Fake Browser Updates, Uses ClearFake
Recent research uncovered a selection of websites that deploy Lumma Stealer under the guise of a browser update. They pose as tutorial pages that offer seemingly correct guides, but then…
HTTPS vs HTTP
HTTPS and HTTP are constantly around us, but their difference is not really clear. What do they differ with? And why do I see these “Your connection is not secure”…
PUABundler:Win32/CandyOpen (PUA OpenCandy)
PUABundler:Win32/CandyOpen (or OpenCandy) is an unwanted program that acts as a browser hijacker and can download junk apps to your system. Specifically, it points at a thing known as OpenCandy…
Trojan:Win32/Cerber
Trojan:Win32/Cerber is a detection name that Microsoft Defender uses to flag ransomware. Its name was once associated with a specific malware family, but as it ceased its activity, this name…
Antimalware Service Executable
Antimalware Service Executable is a system process that belongs to Windows Defender. Usually, it does not cause any issues, and the user does not notice it. In some cases, it…
RegAsm.exe
The RegAsm.exe process is an important component of the Windows operating system associated with the .NET Framework. This utility is designed to register .NET assemblies in the Windows registry, allowing…
TextInputHost.exe
TextInputHost.exe is a legitimate process by Microsoft required for text input functionality in Windows. It gathers input from sources like your keyboard, touchscreen, or pen, interprets it, and delivers it…
CCXProcess.exe
CCXProcess.exe is a legitimate process belonging to Adobe Creative Cloud. It regularly confuses users who open Task Manager and look at the list of running apps. That process also appears…