Technical Information
- %TEMP%\bc1d.tmp
- %TEMP%\bc1e.tmp
- %TEMP%\c575.tmp.js
- '18#.#03.118.58':80
- '<SYSTEM32>\wscript.exe' "%TEMP%\C575.tmp.js" -411838871
- '<SYSTEM32>\cmd.exe' /c del /F /Q "<Full path to file>' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c del /F /Q "<Full path to file>