@sjesse That article does not list the FLX###.tmp files, which just based on their location and actions (appdata\local\temp and extracts to other folders in users appdata) should be flagged by any current security solution.