Technical Information
- '<SYSTEM32>\wins\svchost.exe'
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.208
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.182
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.83
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.215
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.184
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.103
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.215
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.50
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.103
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.169
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.191
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.197
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.97
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.46
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.5
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.241
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.16
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.62
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.203
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.2.6
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.166
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.186
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.89
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.174
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.128
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.42
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.228
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.235
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.226
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.21
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.52
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.170
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.16
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.129
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.185
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.28
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.71
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.88
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.168
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.210
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.203
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.193
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.170
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.43
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.218
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.64
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.13
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.81
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.130
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.20
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.204
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.94
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.212
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.119
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.52
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.57
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.34
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.220
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.60
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.216
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.162
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.17
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.56
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.10
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.114
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.247
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.227
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\NL587.bat" "
- '<SYSTEM32>\ping.exe' 0.0.0.0
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.24
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.219
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.232
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.159
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.61
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.27
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.157
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.19
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.150
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.18
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.144
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.197
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.57
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.222
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.55
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.73
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.237
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.13
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.65
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.227
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.107
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.217
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.156
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.161
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.171
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.156
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.36
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.166
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.159
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.225
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.122
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.1.155
- '<SYSTEM32>\cscript.exe' <SYSTEM32>\wins\WMI.vbe 10.0.0.53
- <SYSTEM32>\wins\WMI.vbe
- %TEMP%\NL587.bat
- <SYSTEM32>\wins\svchost.exe
- '<Private IP address>':135
- DNS ASK 24#.#.#.10.in-addr.arpa
- DNS ASK 10.#.#.10.in-addr.arpa
- DNS ASK 15#.#.#.10.in-addr.arpa
- DNS ASK 61.#.#.10.in-addr.arpa
- DNS ASK 94.#.#.10.in-addr.arpa
- DNS ASK 11#.#.#.10.in-addr.arpa
- DNS ASK 22#.#.#.10.in-addr.arpa
- DNS ASK 21#.#.#.10.in-addr.arpa
- DNS ASK 57.#.#.10.in-addr.arpa
- DNS ASK 24.#.#.10.in-addr.arpa