Technical Information
- '%TEMP%\WebBrowserPassView2.exe' /stext %TEMP%\WebBrowserPassView2.txt
- '%TEMP%\WebBrowserPassView1.exe' /stext %TEMP%\WebBrowserPassView1.txt
- '%TEMP%\WebBrowserPassView4.exe' /stext %TEMP%\WebBrowserPassView4.txt
- '%TEMP%\WebBrowserPassView3.exe' /stext %TEMP%\WebBrowserPassView3.txt
- '%TEMP%\sad.exe'
- '%TEMP%\Nor.exe' -p123321 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Nom.bat" "
- '%TEMP%\sad.sfx.exe' -p1234567 -d%HOMEPATH%\Local Settings\Temp
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\Nor.bat" "
- [<HKCU>\SOFTWARE\Valve\Steam]
- %TEMP%\WebBrowserPassView3.exe
- %TEMP%\WebBrowserPassView2.exe
- %TEMP%\WebBrowserPassView1.txt
- %TEMP%\WebBrowserPassView4.txt
- %TEMP%\WebBrowserPassView4.exe
- %TEMP%\WebBrowserPassView3.txt
- %TEMP%\Nor.bat
- %TEMP%\Nor.exe
- %TEMP%\Nom.bat
- %TEMP%\WebBrowserPassView1.exe
- %TEMP%\sad.exe
- %TEMP%\sad.sfx.exe
- 'sm##.gmail.com':587
- DNS ASK sm##.gmail.com
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''