Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to virus>'
- %WINDIR%\svchest208987292020898904480.exe
- %WINDIR%\svchest208987292020898904480.exe
- %WINDIR%\BJ.exe
- %WINDIR%\svchest208987292020898904480.exe
- '51###.3322.org':2012
- DNS ASK 51###.3322.org