Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>11165334.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>11165349.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>1116534.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>11165319.exe'
- from <Full path to virus>11165319.exe to <Full path to virus>11165334.exe
- from <Full path to virus>11165334.exe to <Full path to virus>11165349.exe
- from <Full path to virus> to <Full path to virus>1116534.exe
- from <Full path to virus>1116534.exe to <Full path to virus>11165319.exe
- 'go####c.3322.org':80
- DNS ASK go####c.3322.org