Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\run] 'CRNJEUFU' = '<SYSTEM32>\rundll32.exe "%ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Burn\CRNJEUFU" ServiceMain'
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Prod.t
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Exit.log
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Burn\CRNJEUFU.dll
- <Full path to virus>
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\CrtRunTime.log
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Proe.t
- <Full path to virus>
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\ZLtZxf.dll
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Proe.t
- %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\Prod.t
- from %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\CrtRunTime.log to %ALLUSERSPROFILE%\Application Data\Microsoft\Windows\LiveUpdata_Mem\ZLtZxf.dll
- 'ta#####0918.xicp.net':8288
- DNS ASK ta#####0918.xicp.net