Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Hosting Service Login' = '%TEMP%\lsasss.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\] 'Microsoft Windows Hosting Service Login' = '%TEMP%\lsasss.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %TEMP%\lsasss.exe
- %TEMP%\lsasss.exe
- '<LOCALNET>.15.46':6730
- DNS ASK wt###adio.info
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'