Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Erewhon' = '%WINDIR%\addinks\Erewhon.exe'
- %WINDIR%\addinks\key.txt
- %WINDIR%\addinks\<File name>.exe
- %WINDIR%\addinks\erewhon.exe
- from %WINDIR%\addinks\<File name>.exe to %WINDIR%\addinks\erewhon.exe
- http://ma#####urlov.narod2.ru/update/Saifuddin/Info.upd
- DNS ASK ma#####urlov.narod2.ru