Technical Information
- %APPDATA%\okle\gratspho
- %ALLUSERSPROFILE%\okle\gratspho
- %ProgramFiles(x86)%\gageanativeolzinstall\gageadnative.exe
- %TEMP%\nsm8f93.tmp
- %TEMP%\nsm8fe2.tmp\langdll.dll
- %APPDATA%\okle\gratspho
- %ALLUSERSPROFILE%\okle\gratspho
- 'on###norapp.com':443
- DNS ASK on###norapp.com
- '%ProgramFiles(x86)%\gageanativeolzinstall\gageadnative.exe' 06987808830118 CQxHtSOdtALj9dhSwE/mJaiy3bR/ajkZ/fVFTKtwLAPbo0pOppN6V5Oewu+UNK6IMJDmjjC3DJJbumNLdsXhNqgvDmD3idIO2N/LLcQHr3o= V4rZ344r1zvKOKaNiU/6mWU+kpWMcFn9rPT5rpUFxbjv6pebPAGODDbMAXNm2wN5TZXYR...
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"