Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\kwliivl.lnk
- %APPDATA%\r8hii9f\4496.xml
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- from %APPDATA%\r8hii9f\4496.xml to %APPDATA%\r8hii9f\kwliivl.exe
- 'localhost':1605
- DNS ASK ol#####pdate2.ddns.net