Technical Information
- %TEMP%\obpyxpfoo\_files\_firefox\cookies.sqlite
- %TEMP%\obpyxpfoo\_files\_firefox\formhistory.sqlite
- %TEMP%\obpyxpfoo\_files\_firefox\key3.db
- %TEMP%\obpyxpfoo\files_\_firefox\cookies.sqlite
- %TEMP%\obpyxpfoo\files_\_firefox\formhistory.sqlite
- %TEMP%\obpyxpfoo\files_\_firefox\key3.db
- %TEMP%\obpyxpfoo\_files\_screen_desktop.jpeg
- %TEMP%\obpyxpfoo\files_\screenshot.jpg
- %TEMP%\obpyxpfoo\_files\_information.txt
- %TEMP%\obpyxpfoo\files_\system_info.txt
- %TEMP%\obpyxpfoo\hwmvtbnbzr.zip
- %TEMP%\obpyxpfoo\mlnkleakaot.zip
- %TEMP%\obpyxpfoo\files_\_firefox\key3.db
- %TEMP%\obpyxpfoo\_files\_firefox\key3.db
- 'ra###l11.top':80
- 'mo###v01.top':80
- http://ra###l11.top/index.php
- http://mo###v01.top/index.php
- DNS ASK ra###l11.top
- DNS ASK mo###v01.top
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %TEMP%\ObpYxPFOO & timeout 4 & del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c rd /s /q %TEMP%\ObpYxPFOO & timeout 4 & del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 4