Technical Information
- %TEMP%\10634.bat
- 'dl.###kmaprack.com':80
- 'cr############allback.s3-us-west-2.amazonaws.com':80
- http://dl.###kmaprack.com/catchall3plus/allmpl1/setup.exe_a
- http://dl.###kmaprack.com/catchall3plus/allmpl1/setup.exe_c
- http://dl.###kmaprack.com/catchall3plus/allmpl1/setup.exe_d
- http://dl.###kmaprack.com/catchall3plus/allmpl1/setup.exe_e
- http://dl.###kmaprack.com/catchall3plus/allmpl1/setup.exe_b
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_c
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_b
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_d
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_a
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_e
- DNS ASK er####.crossrider.com
- DNS ASK dl.###kmaprack.com
- DNS ASK cr############allback.s3-us-west-2.amazonaws.com
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\10634.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\10634.bat" "<Full path to file>""