Technical Information
- %TEMP%\un_upremove.bat
- '09###345.com':80
- http://09###345.com/11111/x5.exe
- '34.##9.100.209':443
- DNS ASK 09###345.com
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\un_upRemove.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\un_upRemove.bat" "