Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'google' = '%TEMP%\lsass.exe'
- lsass.exe
- C:\<File name>.exe.jpg
- %TEMP%\md5.png
- %TEMP%\lsass.exe
- '16#.#97.43.29':8089
- ClassName: 'CTXOPConntion_Class' WindowName: ''
- '%TEMP%\lsass.exe'