Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'lass' = '<SYSTEM32>\lass.exe'
- %TEMP%\<File name>.txt
- <SYSTEM32>\lass.exe
- 'localhost':1244
- 'vn##.#abusiki.cn':1244
- DNS ASK vn##.#abusiki.cn
- '<SYSTEM32>\lass.exe'
- '<SYSTEM32>\notepad.exe' %TEMP%\<File name>.txt