Technical Information
- 'ff##ttt.com':80
- http://ff##ttt.com/a02fc2187db8cd88/sqlite3.dll
- DNS ASK ff##ttt.com
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 5 & del /f /q "<Full path to file>" & del "%ALLUSERSPROFILE%\*.dll"" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 5 & del /f /q "<Full path to file>" & del "%ALLUSERSPROFILE%\*.dll"" & exit
- '%WINDIR%\syswow64\timeout.exe' /t 5