Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>5154956.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>5155012.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>5154941.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>5154910.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>5154926.exe'
- from <Full path to virus>5154941.exe to <Full path to virus>5154956.exe
- from <Full path to virus>5154956.exe to <Full path to virus>5155012.exe
- from <Full path to virus>5154926.exe to <Full path to virus>5154941.exe
- from <Full path to virus> to <Full path to virus>5154910.exe
- from <Full path to virus>5154910.exe to <Full path to virus>5154926.exe
- 'xi####o11.3322.org':80
- DNS ASK xi####o11.3322.org