Technical Information
- %APPDATA%\okle\gratspho
- %ALLUSERSPROFILE%\okle\gratspho
- %ProgramFiles(x86)%\mahoniafreshavfsetup\mahoniavfresh.exe
- %TEMP%\nsw8527.tmp
- %TEMP%\nsw8576.tmp\langdll.dll
- %APPDATA%\okle\gratspho
- %ALLUSERSPROFILE%\okle\gratspho
- 'gl####calcapps.com':443
- DNS ASK gl####calcapps.com
- '%ProgramFiles(x86)%\mahoniafreshavfsetup\mahoniavfresh.exe' 56956316870611 XDmengWXdtYUHLlicmTHs724uhnPhbGxXlwVJ6TMDGFOaiRDRRqa+lpt1jZsN67Bz+tc8+o4scusPflqF2wCzOJhjnmytDD/jsMUKsyzmKo= dxq/r5bcfgzNF90vZe+a0pmAJ+sHwx7osz3loXMLX/O579iF5unP6gBiJmV7btOZ1uneQ...
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"