Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\sp1itter] 'ImagePath' = '<DRIVERS>\sp1itter.sys'
- [<HKLM>\SYSTEM\ControlSet001\Services\sp1itter] 'Start' = '00000001'
- <DRIVERS>\sp1itter.sys
- <Full path to virus>
- <DRIVERS>\sp1itter.sys
- 'kr.##rsoft.com':80
- DNS ASK kr.##rsoft.com
- '<Private IP address>':1033