Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Knight' = '<Full path to virus>'
- [<HKLM>\SYSTEM\ControlSet001\Services\Windows Audio Server] 'Start' = '00000002'
- %TEMP%\E_N4\dp1.fne
- %TEMP%\E_N4\sock.fne
- %TEMP%\E_N4\eAPI.fne
- %TEMP%\E_N4\krnln.fnr
- %TEMP%\E_N4\internet.fne
- <Full path to virus>
- 'da####4.3322.org':1996
- DNS ASK da####4.3322.org
- '<Private IP address>':1037