Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = '"%APPDATA%\F6ZkGp0GPXQxVYBL\fbGB7VeuF8NN.exe",explorer.exe'
- %APPDATA%\f6zkgp0gpxqxvybl\fbgb7veuf8nn.exe
- %APPDATA%\nano\run.dat
- %APPDATA%\f6zkgp0gpxqxvybl\fbgb7veuf8nn.exe
- '82.##0.209.130':1604