Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\RunOnce] 'Microsoft Corporation KFLNGTVHPWUiYPcV' = '%APPDATA%\KFLNGTVHPWUiYPcV.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe
- %TEMP%\aut4a87.tmp
- %TEMP%\kflngtvhpwui
- %APPDATA%\winx861.exe
- %APPDATA%\winx86.exe:zone.identifier:$data
- %TEMP%\aut50dd.tmp
- %APPDATA%\kflngtvhpwuiypcv.exe
- %APPDATA%\kflngtvhpwuiypcv.exe\:zone.identifier:$data
- %APPDATA%\kflngtvhpwuiypcv.exe:zone.identifier:$data
- %APPDATA%\36d1130a-ac2e-44f7-9dc1-e424fbcbe0ee\run.dat
- %APPDATA%\kflngtvhpwuiypcv.exe
- %APPDATA%\winx86.exe
- %TEMP%\aut4a87.tmp
- %TEMP%\aut50dd.tmp
- from %APPDATA%\winx861.exe to %APPDATA%\winx86.exe
- '78.##.65.197':49284
- 'localhost':49284
- '%APPDATA%\winx86.exe'
- '%WINDIR%\microsoft.net\framework\v2.0.50727\regasm.exe'