Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Internat' = '<SYSTEM32>\internat.exe'
- <SYSTEM32>\cmd.exe /c a.bat
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\net.exe stop sharedaccess
- ashAvast.exe
- <Current directory>\a.bat
- <SYSTEM32>\internat.exe
- %TEMP%\~DFB8E4.tmp