Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'flashdriver' = '%PROGRAMDATA%\Adobe\flashdriver.exe'
- <SYSTEM32>\tasks\intelsyc
- nul
- 'gi##ub.com':443
- DNS ASK ad#######h31_install.ddns.info
- DNS ASK gi##ub.com
- '%WINDIR%\syswow64\schtasks.exe' /create /sc onstart /tn Intelsyc /tr C:/ProgramData/Intel/Intelsyc.exe /ru system /f' (with hidden window)
- '%WINDIR%\syswow64\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v flashdriver /t REG_SZ /d %PROGRAMDATA%\Adobe\flashdriver.exe /f' (with hidden window)
- '%WINDIR%\syswow64\schtasks.exe' /create /sc onstart /tn Intelsyc /tr C:/ProgramData/Intel/Intelsyc.exe /ru system /f
- '%WINDIR%\syswow64\reg.exe' add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v flashdriver /t REG_SZ /d %PROGRAMDATA%\Adobe\flashdriver.exe /f