Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '<File name>' = '%TEMP%\<File name>.exe'
- %TEMP%\<File name>.exe
- %TEMP%\utility.zip
- %TEMP%\browserpass.exe
- %TEMP%\newtonsoft.json.dll
- %TEMP%\sqlite.interop.dll
- %TEMP%\system.data.sqlite.dll
- <LS_APPDATA>\growtopia\user\data.txt
- <LS_APPDATA>\growtopia\user\final.txt
- <LS_APPDATA>\growtopia\user-10-27=18-22=2019.zip
- %TEMP%\<File name>.exe
- %TEMP%\utility.zip
- %TEMP%\browserpass.exe
- %TEMP%\newtonsoft.json.dll
- %TEMP%\sqlite.interop.dll
- %TEMP%\system.data.sqlite.dll
- <LS_APPDATA>\growtopia\user-10-27=18-22=2019.zip
- <LS_APPDATA>\growtopia\user\data.txt
- <LS_APPDATA>\growtopia\user\final.txt
- http://91.##1.247.106/files/Browser.zip
- DNS ASK ap#.#pify.org
- '%TEMP%\browserpass.exe'