Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'HGtf' = '%ProgramFiles(x86)%\flash2016\flash16.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'HGtf' = '%ProgramFiles(x86)%\flash2016\flash16.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'IKJN' = '%ProgramFiles(x86)%\flash2016\flash16.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'xfgt' = '%ProgramFiles(x86)%\flash2016\flash16.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{E72E0FR3-C18A-KIIR-V8YP-538KN1VN127P}] 'StubPath' = '%ProgramFiles(x86)%\flash2016\flash16.exe Restart'
- flash16.exe
- %ProgramFiles(x86)%\flash2016\flash16.exe
- %TEMP%\xx--xx--xx.txt
- %APPDATA%\logs.dat
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %APPDATA%\logs.dat
- %TEMP%\xx--xx--xx.txt
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- %TEMP%\uuu.uuu
- %TEMP%\xxx.xxx
- DNS ASK 09##.no-ip.info
- ClassName: 'MS_WINHELP' WindowName: ''
- '%ProgramFiles(x86)%\flash2016\flash16.exe'