Technical Information
- [<HKLM>\System\CurrentControlSet\Services\ByteDownloadV2.0] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\ByteDownloadV2.0] 'ImagePath' = '<Full path to file>'
- <Current directory>\config.ini
- %WINDIR%\syswow64\config.ini
- %LOCALAPPDATA%\google\chrome\userda~1\default\login data.bak
- %APPDATA%\mozilla\firefox\profiles\gn7ryp~1.def\cookies.sqlite-shm
- http://fa######nstalla.top:10000//api/anonymous/cookie/post via fa####finstalla.top
- DNS ASK fa####finstalla.top