Technical Information
- %APPDATA%\okle\gratspho
- %ALLUSERSPROFILE%\okle\gratspho
- %ProgramFiles(x86)%\ginkgonativerovinstall\ginkgotnative.exe
- %TEMP%\nsg847b.tmp
- %TEMP%\nsb84ab.tmp\langdll.dll
- %APPDATA%\okle\gratspho
- %ALLUSERSPROFILE%\okle\gratspho
- 'th####llsoft.com':443
- DNS ASK th####llsoft.com
- '%ProgramFiles(x86)%\ginkgonativerovinstall\ginkgotnative.exe' 80877516870114 EJ01nnG57HTH5JMMRl6XrvnYFhNKWYREz4ZIJbzoiY9Wd8f86eFmZBMXDO1uxfsb3luOJUhfdsnp89ekxYdlqseA7OdzwSAukzHsQn4on3E= juReD6u/T38QM6QIn6aPyaX5vLF+CASzr+lPT0oixA6c0pIiWeUiSelqYIMewshuUv9e/...
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"