Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Kris' = '<Full path to file>'
- %WINDIR%\bj.exe
- %WINDIR%\svchest000.exe
- %WINDIR%\svchest000.exe
- DNS ASK aa###3.3322.org
- '%WINDIR%\svchest000.exe'
- '%WINDIR%\svchest000.exe' ' (with hidden window)