Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Lsass Service' = '%APPDATA%\Microsoft\Windows\lsass.exe'
- %TEMP%\systay.exe
- %TEMP%\ehip16p.exe
- %TEMP%\qrbdytuwmconooi.exe
- %TEMP%\install.exe
- %TEMP%\coffeex.exe
- %APPDATA%\microsoft\windows\lsass.exe
- %APPDATA%\microsoft\windows\lsass.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\systay.exe'
- '%TEMP%\ehip16p.exe'
- '%TEMP%\install.exe'
- '%TEMP%\coffeex.exe'
- '%TEMP%\qrbdytuwmconooi.exe'