Technical Information
- %TEMP%\17601.bat
- 'dl.###edomax.com':80
- 'cr############allback.s3-us-west-2.amazonaws.com':80
- http://dl.###edomax.com/catchall3plus/allmpl1/setup.exe_b
- http://dl.###edomax.com/catchall3plus/allmpl1/setup.exe_d
- http://dl.###edomax.com/catchall3plus/allmpl1/setup.exe_a
- http://dl.###edomax.com/catchall3plus/allmpl1/setup.exe_c
- http://dl.###edomax.com/catchall3plus/allmpl1/setup.exe_e
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_b
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_d
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_e
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_c
- http://cr############allback.s3-us-west-2.amazonaws.com/catchall3plus/allmpl1/setup.exe_a
- DNS ASK er####.crossrider.com
- DNS ASK dl.###edomax.com
- DNS ASK cr############allback.s3-us-west-2.amazonaws.com
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\17601.bat" "<Full path to file>""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\17601.bat" "<Full path to file>""