Technical Information
- %ProgramFiles(x86)%\ensuingrecordwommanager\ensuingyrecord.dmp
- %TEMP%\nsc2ab9.tmp
- %TEMP%\nsm2af8.tmp\langdll.dll
- from %ProgramFiles(x86)%\ensuingrecordwommanager\ensuingyrecord.dmp to %ProgramFiles(x86)%\ensuingrecordwommanager\ensuingyrecord.exe
- 'my####download.com':443
- 'microsoft.com':80
- 'my####download.com':443
- DNS ASK my####download.com
- DNS ASK microsoft.com
- DNS ASK st####.rapidssl.com
- '%ProgramFiles(x86)%\ensuingrecordwommanager\ensuingyrecord.exe'
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c cmd /d /c timeout 5 & ren "%ProgramFiles(x86)%\EnsuingRecordwomManager\EnsuingyRecord.dmp" "EnsuingyRecord.exe" & start "" "%ProgramFiles(x86)%\EnsuingRecordwomManager\EnsuingyRecord.exe"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /d /c cmd /d /c timeout 5 & ren "%ProgramFiles(x86)%\EnsuingRecordwomManager\EnsuingyRecord.dmp" "EnsuingyRecord.exe" & start "" "%ProgramFiles(x86)%\EnsuingRecordwomManager\EnsuingyRecord.exe"
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5 & cmd /d /c del /f /q "<Full path to file>"
- '%WINDIR%\syswow64\cmd.exe' /d /c timeout 5
- '%WINDIR%\syswow64\timeout.exe' 5
- '%WINDIR%\syswow64\cmd.exe' /d /c del /f /q "<Full path to file>"