Техническая информация
- '<SYSTEM32>\cscript.exe' //nologo //e:vbs slp.dat
- '<SYSTEM32>\cscript.exe' /pid=3384
- '<SYSTEM32>\cscript.exe' //nologo //e:vbs //t:10 rcom.dat
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\1.tmp\vbcom.bat" "
- '<SYSTEM32>\cscript.exe' //nologo //e:vbs //t:10 gcom.dat
- <SYSTEM32>\cscript.exe
- %TEMP%\1.tmp\gcom.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\r[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\r[1].dat
- %TEMP%\1.tmp\vbcom.bat
- %TEMP%\1.tmp\rcom.dat
- %TEMP%\1.tmp\slp.dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\r[1].dat
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\r[1].dat
- 'localhost':1051
- 'localhost':1049
- 'localhost':1047
- 'localhost':1057
- 'localhost':1055
- 'localhost':1053
- 'localhost':1039
- 'de#.#omxa.com':80
- 'localhost':1036
- 'localhost':1045
- 'localhost':1043
- 'localhost':1041
- de#.#omxa.com/test/r.dat
- DNS ASK de#.#omxa.com