Technical Information
- [<HKLM>\System\CurrentControlSet\Services\ByteDownloadV3.2] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\ByteDownloadV3.2] 'ImagePath' = '<Full path to file>'
- 'ByteDownloadV3.2' <Full path to file>
- <Current directory>\config.ini
- %WINDIR%\syswow64\config.ini
- %LOCALAPPDATA%\google\chrome\userda~1\default\login data.bak
- %APPDATA%\mozilla\firefox\profiles\gn7ryp~1.def\cookies.sqlite-shm
- 'pp###stall.xyz':80
- http://pp###stall.xyz/business/receive
- DNS ASK pp###stall.xyz