Technical Information
- %TEMP%\fakeinject (2).exe
- %TEMP%\stealer.exe
- 'xf###sreborn.ru':80
- 'ip##o.is':443
- 'microsoft.com':80
- http://xf###sreborn.ru/wallet
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- 'ip##o.is':443
- DNS ASK ip##o.is
- DNS ASK xf###sreborn.ru
- DNS ASK microsoft.com
- '%TEMP%\fakeinject (2).exe'
- '%TEMP%\stealer.exe'