Technical Information
- %TEMP%\nsr277e.tmp\system.dll
- %TEMP%\nsr277e.tmp\wave.jpg
- %TEMP%\nsr277e.tmp\raven.dll
- %APPDATA%\trun\retfaspho
- %ALLUSERSPROFILE%\trun\retfaspho
- %ProgramFiles(x86)%\crozierwebdifframework\croziernweb.exe
- %TEMP%\nsm55af.tmp
- %TEMP%\nsm55fe.tmp\langdll.dll
- %APPDATA%\trun\retfaspho
- %ALLUSERSPROFILE%\trun\retfaspho
- %TEMP%\nsr277e.tmp\raven.dll
- %TEMP%\nsr277e.tmp\system.dll
- %TEMP%\nsr277e.tmp\wave.jpg
- 'on###norapp.com':443
- DNS ASK on###norapp.com
- '%ProgramFiles(x86)%\crozierwebdifframework\croziernweb.exe' 03408680610111 pOL3bRsqRLvQqHmGqrc0QrM4wy02BN7VT038zWNxSDyDwvRhQPFAzOi92ei04ljRl64lnm3zgelj3YMUNXxVuY6B+59N5ULMz+P7SJbMDVZr5kbOI/Cnc05/+1caF37J tmFCZoZ2xKnIMqpdsrZZQ3jy4Zvhwo/pcOJwlvYtzFrwb1lO0...
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"