Technical Information
- %WINDIR%\tasks\clxvtr.job
- <SYSTEM32>\tasks\clxvtr
- %ALLUSERSPROFILE%\bmwjtd\clxvtr.exe
- 'ap#.#pify.org':443
- '15#.#5.175.225':80
- '16#.#72.48.238':90
- '17#.#2.94.243':9001
- '13#.#80.111.194':9010
- '91.##.104.67':51900
- '14#.#17.4.166':443
- '44.##2.33.87':9030
- '13#.#88.40.189':80
- '19#.#01.168.84':9001
- '81.##0.142.157':4430
- '94.##0.114.111':9030
- '17#.#5.193.9':443
- 'ap#.#pify.org':443
- '16#.#72.48.238':90
- '17#.#2.94.243':9001
- '13#.#80.111.194':9010
- '14#.#17.4.166':443
- '19#.#01.168.84':9001
- '81.##0.142.157':4430
- DNS ASK al###o09.com
- DNS ASK al###o09.xyz
- DNS ASK ap#.#pify.org
- '%ALLUSERSPROFILE%\bmwjtd\clxvtr.exe' start
- '%ALLUSERSPROFILE%\bmwjtd\clxvtr.exe' start' (with hidden window)