Executes the following:
- '%WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe'
Injects code into
the following system processes:
- %WINDIR%\Microsoft.NET\Framework\v2.0.50727\MSBuild.exe
Terminates or attempts to terminate
the following user processes:
- outpost.exe
- ccapp.exe
- bdagent.exe
- ekrn.exe
Searches for registry branches where third party applications store passwords:
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\FTP Commander]
- [<HKCU>\Software\Paltalk]
- [<HKCU>\Software\Microsoft\Internet Explorer\IntelliForms\Storage2]