Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>4154517.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>4154533.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>415452.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>4154432.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>4154447.exe'
- from <Full path to virus>415452.exe to <Full path to virus>4154517.exe
- from <Full path to virus>4154517.exe to <Full path to virus>4154533.exe
- from <Full path to virus>4154447.exe to <Full path to virus>415452.exe
- from <Full path to virus> to <Full path to virus>4154432.exe
- from <Full path to virus>4154432.exe to <Full path to virus>4154447.exe
- 'ch####nas.gnway.net':80
- DNS ASK ch####nas.gnway.net