Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'lsass' = 'C:\AppData\lsass.exe'
- ClassName: 'OLLYDBG', WindowName: ''
- C:\appdata\lsass.exe
- C:\appdata\config.json
- C:\appdata\lsass.exe
- C:\appdata\config.json
- 'po##.#upportxmr.com':80
- DNS ASK po##.#upportxmr.com
- 'C:\appdata\lsass.exe'
- '%WINDIR%\syswow64\cmd.exe' /c attrib +h C:\AppData\lsass.exe
- '%WINDIR%\syswow64\attrib.exe' +h C:\AppData\lsass.exe
- '%WINDIR%\syswow64\cmd.exe' /c attrib +h C:\AppData\config.json
- '%WINDIR%\syswow64\attrib.exe' +h C:\AppData\config.json