Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\My Computer.lnk
- '' (downloaded from the Internet)
- %APPDATA%\CRNJEUFU33.exe
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\textile[1].jpg
- %TEMP%\Twunk002.exe
- %TEMP%\~DFF573.lnk
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\U98D4X8H\logo[1].jpg
- %TEMP%\Twunk003.exe
- %TEMP%\~DFF801.lnk
- %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\2VAZY7AN\banner[1].jpg
- %TEMP%\sync.exe
- %TEMP%\~DFF841.lnk
- 'la####apps.wen.ru':80
- 'oq####oqgh.wen.ru':80
- http://la####apps.wen.ru/black/friday/textile.jpg
- http://www.oq####oqgh.wen.ru/images/logo.jpg via oq####oqgh.wen.ru
- http://www.oq####oqgh.wen.ru/images/banner.jpg via oq####oqgh.wen.ru
- DNS ASK la####apps.wen.ru
- DNS ASK www.oq####oqgh.wen.ru
- '%APPDATA%\CRNJEUFU33.exe'
- '%TEMP%\Twunk002.exe'
- '%TEMP%\Twunk003.exe'
- '%TEMP%\sync.exe'
- '<SYSTEM32>\cmd.exe' /c copy "<Full path to file>" "%appdata%\CRNJEUFU33.exe"