Technical Information
- <Full path to file>
- from <Full path to file> to %TEMP%\[a3cb31f9177f877ed56ef9243163fc06]
- http://ft#######7.host524.zhujiwu.me/Daletu.dll
- http://ww##.#####77527.host524.zhujiwu.me/Daletu.dll
- DNS ASK ft#######7.host524.zhujiwu.me
- DNS ASK ww##.#####77527.host524.zhujiwu.me
- '%WINDIR%\syswow64\cmd.exe' /C Del %WINDIR%\Daletu.vxd' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C Del <Full path to file>' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /C Del %WINDIR%\Daletu.vxd
- '%WINDIR%\syswow64\cmd.exe' /C Del <Full path to file>