Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\L1LXeFHvmbe8qkCM\hpD2o5ATcpum.exe",explorer.exe'
- %APPDATA%\L1LXeFHvmbe8qkCM\hpD2o5ATcpum.exe
- %APPDATA%\L1LXeFHvmbe8qkCM\hpD2o5ATcpum.exe
- 'am####m.zapto.org':1177
- DNS ASK am####m.zapto.org