Technical Information
- '%TEMP%\System32\mmc.exe' (downloaded from the Internet)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\_uninsep.bat" "
- '%TEMP%\System32\mmc.exe'
- %TEMP%\System32\mmc.exe
- 'sp###8585.com':80
- 'localhost':1037
- http://sp###8585.com/CloneFiles/dxd9x32.dll4
- DNS ASK sp###8585.com