Technical Information
- %APPDATA%\jehkis\retfaspho
- %ALLUSERSPROFILE%\jehkis\retfaspho
- %ProgramFiles(x86)%\dymondianativevyvinstall\dymondiaonative.exe
- %TEMP%\nsm84c9.tmp
- %TEMP%\nsx8557.tmp\langdll.dll
- %APPDATA%\jehkis\retfaspho
- %ALLUSERSPROFILE%\jehkis\retfaspho
- 'on###norapp.com':443
- DNS ASK on###norapp.com
- '%ProgramFiles(x86)%\dymondianativevyvinstall\dymondiaonative.exe' 87150225172018 DbBPfLqJnY+pK0MtZ/7ywsHqgYyujZ/YP/BJ3DkABuZjG7wDC3HKn+wMcPvBMmpXMkpGzt/Dxyf+P2ao+AatnatX8sGcpJ6ycyOU/0H0y5U=
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"