Technical Information
- [<HKCU>\Software\Microsoft\windows\CurrentVersion\Run] 'lsssass' = 'C:\Dir\lsssass.exe'
- <Drive name for removable media>:\mirc.exe
- <Drive name for removable media>:\autorun.inf
- '<SYSTEM32>\net.exe' stop sharedaccess
- %TEMP%\crypted.exe
- C:\dir\lsssass.exe
- C:\dir\dated.dat
- '<LOCALNET>.1.103':2185
- '%TEMP%\crypted.exe'
- 'C:\dir\lsssass.exe'
- '<SYSTEM32>\net.exe' stop sharedaccess' (with hidden window)
- 'C:\dir\lsssass.exe' ' (with hidden window)
- '<SYSTEM32>\net1.exe' stop sharedaccess