Technical Information
- %ALLUSERSPROFILE%\Application Data\lclormzs\hkvydoxo.exe
- %ALLUSERSPROFILE%\Application Data\lclormzs\hkvydoxo.exe
- from <Full path to virus> to <Full path to virus>.bak
- 'localhost':1037
- '63.##9.178.162':80
- 'localhost':1035
- 63.##9.178.162/CFL/R3n1c2Bg8A0006Ajqj95DIK1
- 63.##9.178.162/NL2/?w=###########################################