Technical Information
- 'ad####nclaeys.top':80
- http://ad####nclaeys.top/412a0310f85f16ad/sqlite3.dll
- DNS ASK ad####nclaeys.top
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 5 & del /f /q "<Full path to file>" & del "%ALLUSERSPROFILE%\*.dll"" & exit' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout /t 5 & del /f /q "<Full path to file>" & del "%ALLUSERSPROFILE%\*.dll"" & exit
- '%WINDIR%\syswow64\timeout.exe' /t 5