STUXNET VIRUS (METHODOLOGY) Generic indicator for the stuxnet virus. When loaded, stuxnet spawns lsass.exe in a suspended state. The malware then maps in its own executable section and fixes up the CONTEXT to point to the newly mapped in section. This is a common task performed by malware and allows the malware to execute under the pretense of a known and trusted process. methodology Mandiant 0001-01-01T00:00:00 .stub mdmcpq3.PNF mdmeric3.PNF oem6C.PNF oem7A.PNF fs_rec.sys mrxsmb.sys sr.sys fastfat.sys mrxcls.sys Realtek Semiconductor Corp mrxnet.sys Realtek Semiconductor Corp HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxCls\ImagePath mrxcls.sys HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MRxNet\ImagePath mrxnet.sys