Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '%TEMP%\<File name>.exe'
- %TEMP%\<File name>.exe
- %TEMP%\utility.zip
- %TEMP%\browserpass.exe
- %TEMP%\newtonsoft.json.dll
- %TEMP%\sqlite.interop.dll
- %TEMP%\system.data.sqlite.dll
- %TEMP%\login data
- %LOCALAPPDATA%\growtopia\data.txt
- %LOCALAPPDATA%\desktop.png
- %TEMP%\tmp8782.tmp.exe
- <Full path to file>
- %TEMP%\login data
- 'ap#.#pify.org':443
- 'ex#a.eu':443
- 'ap#.#mgbb.com':443
- DNS ASK ap#.#pify.org
- DNS ASK ex#a.eu
- DNS ASK ap#.#mgbb.com
- '%TEMP%\browserpass.exe'
- '%TEMP%\tmp8782.tmp.exe'