Техническая информация
- '%TEMP%\filename2.exe' keyscramblerwiresharkollydbgOutpostNormanAnubisSandboxieThreatSeekitZoneNOD32DefenderVMkaspersky
- '%TEMP%\rKHPwNxKhc.exe' qwertywar01@mail.com qwertywar01@mail.com smtp.mail.com qwertywar01@mail.com Atm10971103 587 chrome,firefox,filezilla,imvu,steam,
- zlclient.exe
- AVP.EXE
- outpost.exe
- bdagent.exe
- [<HKCU>\Software\IMVU\password]
- [<HKCU>\Software\IMVU\username]
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new
- %TEMP%\rKHPwNxKhc.exe
- %TEMP%\filename2.exe
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\enterprisesec.config.cch
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch.new в %WINDIR%\Microsoft.NET\Framework\v2.0.50727\CONFIG\security.config.cch
- 'sm##.mail.com':587
- DNS ASK sm##.mail.com
- ClassName: 'VMDragDetectWndClass' WindowName: ''