Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Realtek HD Audio' = '%PROGRAMDATA%\RealtekHD\taskhostw.exe'
- hidden files
- User Account Control (UAC)
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer] 'DisallowRun' = '00000001'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%' = 'System'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '%PROGRAMDATA%' = 'System'
- [<HKLM>\SOFTWARE\Policies\Microsoft\Windows Defender\Exclusions\Paths] '<SYSTEM32>' = 'SystemHD'
- [<HKLM>\SOFTWARE\Wow6432Node\Policies\Microsoft\Windows Defender\Exclusions\Paths] '<SYSTEM32>' = 'SystemHD'
- %PROGRAMDATA%\microsoft\check\check.txt
- %PROGRAMDATA%\rundll\mfc140enu.dll
- %PROGRAMDATA%\rundll\mfc140deu.dll
- %PROGRAMDATA%\rundll\mfc140cht.dll
- %PROGRAMDATA%\rundll\mfc140chs.dll
- %PROGRAMDATA%\rundll\libxml2.dll
- %PROGRAMDATA%\rundll\libiconv-2.dll
- %PROGRAMDATA%\rundll\libeay32.dll
- %PROGRAMDATA%\rundll\libcurl.dll
- %PROGRAMDATA%\rundll\iconv.dll
- %PROGRAMDATA%\rundll\exma-1.dll
- %PROGRAMDATA%\rundll\exma.dll
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.xml
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.skeleton.xml
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.fb
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.exe
- %PROGRAMDATA%\rundll\etebcore-2.x86.dll
- %PROGRAMDATA%\rundll\etebcore-2.x64.dll
- %PROGRAMDATA%\rundll\eteb-2.dll
- %PROGRAMDATA%\rundll\etchcore-0.x86.dll
- %PROGRAMDATA%\rundll\etchcore-0.x64.dll
- %PROGRAMDATA%\rundll\etch-0.dll
- %PROGRAMDATA%\rundll\esco-0.dll
- %PROGRAMDATA%\rundll\doublepulsar-1.3.1.xml
- %PROGRAMDATA%\rundll\doublepulsar-1.3.1.skeleton.xml
- %PROGRAMDATA%\rundll\doublepulsar-1.3.1.exe
- %PROGRAMDATA%\rundll\dmgd-4.dll
- %PROGRAMDATA%\rundll\dmgd-1.dll
- %PROGRAMDATA%\rundll\concrt140.dll
- %PROGRAMDATA%\rundll\crli-0.dll
- %PROGRAMDATA%\rundll\mfc140esn.dll
- %PROGRAMDATA%\rundll\mfc140fra.dll
- %PROGRAMDATA%\rundll\result.txt
- %PROGRAMDATA%\rundll\trch-1.dll
- %PROGRAMDATA%\rundll\trch-0.dll
- %PROGRAMDATA%\rundll\trch.dll
- %PROGRAMDATA%\rundll\tibe-2.dll
- %PROGRAMDATA%\rundll\tibe-1.dll
- %PROGRAMDATA%\rundll\tibe.dll
- %PROGRAMDATA%\rundll\system.exe
- %PROGRAMDATA%\rundll\start.vbs
- %PROGRAMDATA%\rundll\start.exe
- %PROGRAMDATA%\rundll\ssleay32.dll
- %PROGRAMDATA%\rundll\scan.txt
- %PROGRAMDATA%\rundll\rundll.exe
- %PROGRAMDATA%\rundll\riar.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-convert-l1-1-0.dll
- %PROGRAMDATA%\rundll\posh-0.dll
- %PROGRAMDATA%\rundll\posh.dll
- %PROGRAMDATA%\rundll\pcreposix-0.dll
- %PROGRAMDATA%\rundll\pcrecpp-0.dll
- %PROGRAMDATA%\rundll\pcre-0.dll
- %PROGRAMDATA%\rundll\pcla-0.dll
- %PROGRAMDATA%\rundll\msvcp140.dll
- %PROGRAMDATA%\rundll\mfcm140u.dll
- %PROGRAMDATA%\rundll\mfcm140.dll
- %PROGRAMDATA%\rundll\mfc140rus.dll
- %PROGRAMDATA%\rundll\mfc140kor.dll
- %PROGRAMDATA%\rundll\mfc140jpn.dll
- %PROGRAMDATA%\rundll\mfc140ita.dll
- %PROGRAMDATA%\rundll\coli-0.dll
- %PROGRAMDATA%\rundll\cnli-1.dll
- %PROGRAMDATA%\rundll\cnli-0.dll
- %PROGRAMDATA%\rundll\vcomp140.dll
- %PROGRAMDATA%\rundll\vccorlib140.dll
- %PROGRAMDATA%\rundll\vcamp140.dll
- %PROGRAMDATA%\rundll\ucrtbase.dll
- %PROGRAMDATA%\rundll\ucl.dll
- %PROGRAMDATA%\rundll\tucl-1.dll
- %PROGRAMDATA%\rundll\tucl.dll
- %PROGRAMDATA%\rundll\trfo-2.dll
- %PROGRAMDATA%\rundll\trfo-0.dll
- %PROGRAMDATA%\rundll\trfo.dll
- %PROGRAMDATA%\windowstask\scaner.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\index.dat
- %APPDATA%\microsoft\windows\cookies\low\index.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\ajx21hfq\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\xyq5gbjn\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\bwq8a2hv\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\c24xxb0y\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\index.dat
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %PROGRAMDATA%\install\taskhosta.exe
- %TEMP%\autc96d.tmp
- %PROGRAMDATA%\realtekhd\taskhostw.exe
- %TEMP%\autc100.tmp
- %PROGRAMDATA%\rundll\x64.dll
- %PROGRAMDATA%\rundll\x86.dll
- %PROGRAMDATA%\rundll\vcruntime140.dll
- %PROGRAMDATA%\rundll\xdvl-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-eventing-provider-l1-1-0.dll
- %PROGRAMDATA%\rundll\zibe.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-utility-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-time-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-string-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-stdio-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-runtime-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-process-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-private-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-multibyte-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-math-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-locale-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-heap-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-filesystem-l1-1-0.dll
- %PROGRAMDATA%\rundll\riar-2.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\metadata\f0accf77cdcbff39f6191887f6d2d357
- %PROGRAMDATA%\rundll\api-ms-win-crt-conio-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-xstate-l2-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-timezone-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-synch-l1-2-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-processthreads-l1-1-1.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-localization-l1-2-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-file-l2-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-file-l1-2-0.dll
- %PROGRAMDATA%\rundll\adfw-2.dll
- %PROGRAMDATA%\rundll\adfw.dll
- %PROGRAMDATA%\rundll\2x86.dll
- %PROGRAMDATA%\rundll\2x64.dll
- %PROGRAMDATA%\rundll\zlib1.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-environment-l1-1-0.dll
- %WINDIR%\serviceprofiles\networkservice\appdata\locallow\microsoft\cryptneturlcache\content\f0accf77cdcbff39f6191887f6d2d357
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\desktop.ini
- %PROGRAMDATA%\rundll\posh-0.dll
- %PROGRAMDATA%\rundll\pcreposix-0.dll
- %PROGRAMDATA%\rundll\pcrecpp-0.dll
- %PROGRAMDATA%\rundll\pcre-0.dll
- %PROGRAMDATA%\rundll\pcla-0.dll
- %PROGRAMDATA%\rundll\msvcp140.dll
- %PROGRAMDATA%\rundll\mfcm140u.dll
- %PROGRAMDATA%\rundll\mfcm140.dll
- %PROGRAMDATA%\rundll\mfc140rus.dll
- %PROGRAMDATA%\rundll\mfc140kor.dll
- %PROGRAMDATA%\rundll\mfc140jpn.dll
- %PROGRAMDATA%\rundll\riar-2.dll
- %PROGRAMDATA%\rundll\posh.dll
- %PROGRAMDATA%\rundll\mfc140esn.dll
- %PROGRAMDATA%\rundll\mfc140enu.dll
- %PROGRAMDATA%\rundll\mfc140deu.dll
- %PROGRAMDATA%\rundll\mfc140cht.dll
- %PROGRAMDATA%\rundll\mfc140chs.dll
- %PROGRAMDATA%\rundll\libxml2.dll
- %PROGRAMDATA%\rundll\libiconv-2.dll
- %PROGRAMDATA%\rundll\libeay32.dll
- %PROGRAMDATA%\rundll\libcurl.dll
- %PROGRAMDATA%\rundll\iconv.dll
- %PROGRAMDATA%\rundll\exma.dll
- %PROGRAMDATA%\rundll\mfc140ita.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-multibyte-l1-1-0.dll
- %PROGRAMDATA%\rundll\riar.dll
- %PROGRAMDATA%\rundll\xdvl-0.dll
- %PROGRAMDATA%\rundll\x86.dll
- %PROGRAMDATA%\rundll\x64.dll
- %PROGRAMDATA%\rundll\vcruntime140.dll
- %PROGRAMDATA%\rundll\vcomp140.dll
- %PROGRAMDATA%\rundll\vccorlib140.dll
- %PROGRAMDATA%\rundll\vcamp140.dll
- %PROGRAMDATA%\rundll\ucrtbase.dll
- %PROGRAMDATA%\rundll\ucl.dll
- %PROGRAMDATA%\rundll\tucl.dll
- %PROGRAMDATA%\rundll\tucl-1.dll
- %PROGRAMDATA%\rundll\trfo.dll
- %PROGRAMDATA%\rundll\trfo-2.dll
- %PROGRAMDATA%\rundll\trfo-0.dll
- %PROGRAMDATA%\rundll\trch.dll
- %PROGRAMDATA%\rundll\trch-1.dll
- %PROGRAMDATA%\rundll\trch-0.dll
- %PROGRAMDATA%\rundll\tibe.dll
- %PROGRAMDATA%\rundll\tibe-2.dll
- %PROGRAMDATA%\rundll\tibe-1.dll
- %PROGRAMDATA%\rundll\system.exe
- %PROGRAMDATA%\rundll\start.vbs
- %PROGRAMDATA%\rundll\start.exe
- %PROGRAMDATA%\rundll\ssleay32.dll
- %PROGRAMDATA%\rundll\scan.txt
- %PROGRAMDATA%\rundll\exma-1.dll
- %PROGRAMDATA%\rundll\mfc140fra.dll
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.xml
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.skeleton.xml
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.fb
- %PROGRAMDATA%\rundll\adfw.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-filesystem-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-environment-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-convert-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-conio-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-xstate-l2-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-timezone-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-synch-l1-2-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-processthreads-l1-1-1.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-localization-l1-2-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-file-l2-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-core-file-l1-2-0.dll
- %PROGRAMDATA%\rundll\adfw-2.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-locale-l1-1-0.dll
- %PROGRAMDATA%\rundll\2x86.dll
- %PROGRAMDATA%\rundll\2x64.dll
- %PROGRAMDATA%\windowstask\scaner.exe
- %PROGRAMDATA%\windowstask\scaner.dat
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\ajx21hfq\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\xyq5gbjn\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\bwq8a2hv\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\c24xxb0y\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\history.ie5\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\history\low\desktop.ini
- %LOCALAPPDATA%\microsoft\windows\<INETFILES>\low\content.ie5\desktop.ini
- %PROGRAMDATA%\rundll\zibe.dll
- %PROGRAMDATA%\rundll\rundll.exe
- %PROGRAMDATA%\rundll\api-ms-win-crt-math-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-process-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-heap-l1-1-0.dll
- %PROGRAMDATA%\rundll\eternalblue-2.2.0.exe
- %PROGRAMDATA%\rundll\etebcore-2.x86.dll
- %PROGRAMDATA%\rundll\etebcore-2.x64.dll
- %PROGRAMDATA%\rundll\eteb-2.dll
- %PROGRAMDATA%\rundll\etchcore-0.x86.dll
- %PROGRAMDATA%\rundll\etchcore-0.x64.dll
- %PROGRAMDATA%\rundll\etch-0.dll
- %PROGRAMDATA%\rundll\esco-0.dll
- %PROGRAMDATA%\rundll\doublepulsar-1.3.1.xml
- %PROGRAMDATA%\rundll\doublepulsar-1.3.1.skeleton.xml
- %PROGRAMDATA%\rundll\doublepulsar-1.3.1.exe
- %PROGRAMDATA%\rundll\dmgd-4.dll
- %PROGRAMDATA%\rundll\dmgd-1.dll
- %PROGRAMDATA%\rundll\crli-0.dll
- %PROGRAMDATA%\rundll\concrt140.dll
- %PROGRAMDATA%\rundll\coli-0.dll
- %PROGRAMDATA%\rundll\cnli-1.dll
- %PROGRAMDATA%\rundll\cnli-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-eventing-provider-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-utility-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-time-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-string-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-stdio-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-runtime-l1-1-0.dll
- %PROGRAMDATA%\rundll\api-ms-win-crt-private-l1-1-0.dll
- %PROGRAMDATA%\rundll\zlib1.dll
- %TEMP%\autc100.tmp
- %TEMP%\autc96d.tmp
- %PROGRAMDATA%\windowstask\scaner.exe
- %PROGRAMDATA%\rundll\result.txt
- from %PROGRAMDATA%\windowstask\scaner.dat to %PROGRAMDATA%\windowstask\scaner.exe
- %PROGRAMDATA%\rundll\result.txt
- '<LOCALNET>.6.126':445
- '<LOCALNET>.8.15':445
- '<LOCALNET>.8.16':445
- '<LOCALNET>.8.17':445
- '<LOCALNET>.8.18':445
- '<LOCALNET>.8.12':445
- '<LOCALNET>.8.19':445
- '<LOCALNET>.8.14':445
- '<LOCALNET>.8.21':445
- '<LOCALNET>.8.23':445
- '<LOCALNET>.8.24':445
- '<LOCALNET>.8.25':445
- '<LOCALNET>.8.26':445
- '<LOCALNET>.8.20':445
- '<LOCALNET>.8.10':445
- '<LOCALNET>.8.22':445
- '<LOCALNET>.8.13':445
- '<LOCALNET>.8.11':445
- '<LOCALNET>.8.9':445
- '<LOCALNET>.7.253':445
- '<LOCALNET>.7.254':445
- '<LOCALNET>.7.255':445
- '<LOCALNET>.8.0':445
- '<LOCALNET>.8.1':445
- '<LOCALNET>.8.2':445
- '<LOCALNET>.8.3':445
- '<LOCALNET>.8.4':445
- '<LOCALNET>.8.5':445
- '<LOCALNET>.8.6':445
- '<LOCALNET>.8.7':445
- '<LOCALNET>.8.8':445
- '<LOCALNET>.8.27':445
- '<LOCALNET>.7.250':445
- '<LOCALNET>.8.28':445
- '<LOCALNET>.7.228':445
- '<LOCALNET>.8.29':445
- '<LOCALNET>.8.50':445
- '<LOCALNET>.8.32':445
- '<LOCALNET>.8.52':445
- '<LOCALNET>.8.53':445
- '<LOCALNET>.8.54':445
- '<LOCALNET>.8.55':445
- '<LOCALNET>.8.56':445
- '<LOCALNET>.8.57':445
- '<LOCALNET>.8.58':445
- '<LOCALNET>.8.59':445
- '<LOCALNET>.8.60':445
- '<LOCALNET>.8.61':445
- '<LOCALNET>.8.62':445
- '<LOCALNET>.8.63':445
- '<LOCALNET>.8.64':445
- '<LOCALNET>.8.49':445
- '<LOCALNET>.8.48':445
- '<LOCALNET>.8.51':445
- '<LOCALNET>.7.252':445
- '<LOCALNET>.7.249':445
- '<LOCALNET>.8.30':445
- '<LOCALNET>.8.33':445
- '<LOCALNET>.8.34':445
- '<LOCALNET>.8.35':445
- '<LOCALNET>.8.36':445
- '<LOCALNET>.8.37':445
- '<LOCALNET>.8.38':445
- '<LOCALNET>.8.39':445
- '<LOCALNET>.8.40':445
- '<LOCALNET>.8.41':445
- '<LOCALNET>.8.42':445
- '<LOCALNET>.8.43':445
- '<LOCALNET>.8.44':445
- '<LOCALNET>.8.45':445
- '<LOCALNET>.8.47':445
- '<LOCALNET>.8.31':445
- '<LOCALNET>.8.46':445
- '<LOCALNET>.7.251':445
- '<LOCALNET>.7.248':445
- '<LOCALNET>.7.247':445
- '<LOCALNET>.7.196':445
- '<LOCALNET>.7.197':445
- '<LOCALNET>.7.198':445
- '<LOCALNET>.7.199':445
- '<LOCALNET>.7.200':445
- '<LOCALNET>.7.201':445
- '<LOCALNET>.7.202':445
- '<LOCALNET>.7.203':445
- '<LOCALNET>.7.204':445
- '<LOCALNET>.7.205':445
- '<LOCALNET>.7.206':445
- '<LOCALNET>.7.207':445
- '<LOCALNET>.7.192':445
- '<LOCALNET>.7.190':445
- '<LOCALNET>.8.65':445
- '<LOCALNET>.7.195':445
- '<LOCALNET>.7.209':445
- '<LOCALNET>.7.194':445
- '<LOCALNET>.7.191':445
- '<LOCALNET>.7.176':445
- '<LOCALNET>.7.177':445
- '<LOCALNET>.7.178':445
- '<LOCALNET>.7.179':445
- '<LOCALNET>.7.180':445
- '<LOCALNET>.7.174':445
- '<LOCALNET>.7.181':445
- '<LOCALNET>.7.183':445
- '<LOCALNET>.7.184':445
- '<LOCALNET>.7.185':445
- '<LOCALNET>.7.186':445
- '<LOCALNET>.7.187':445
- '<LOCALNET>.7.188':445
- '<LOCALNET>.7.182':445
- '<LOCALNET>.7.189':445
- '<LOCALNET>.7.208':445
- '<LOCALNET>.7.173':445
- '<LOCALNET>.7.211':445
- '<LOCALNET>.7.213':445
- '<LOCALNET>.7.233':445
- '<LOCALNET>.7.234':445
- '<LOCALNET>.7.235':445
- '<LOCALNET>.7.236':445
- '<LOCALNET>.7.237':445
- '<LOCALNET>.7.238':445
- '<LOCALNET>.7.239':445
- '<LOCALNET>.7.240':445
- '<LOCALNET>.7.241':445
- '<LOCALNET>.7.242':445
- '<LOCALNET>.7.243':445
- '<LOCALNET>.7.244':445
- '<LOCALNET>.7.245':445
- '<LOCALNET>.7.210':445
- '<LOCALNET>.7.246':445
- '<LOCALNET>.7.232':445
- '<LOCALNET>.7.212':445
- '<LOCALNET>.7.231':445
- '<LOCALNET>.7.229':445
- '<LOCALNET>.7.214':445
- '<LOCALNET>.7.215':445
- '<LOCALNET>.7.216':445
- '<LOCALNET>.7.217':445
- '<LOCALNET>.7.218':445
- '<LOCALNET>.7.219':445
- '<LOCALNET>.7.220':445
- '<LOCALNET>.7.221':445
- '<LOCALNET>.7.222':445
- '<LOCALNET>.7.223':445
- '<LOCALNET>.7.224':445
- '<LOCALNET>.7.225':445
- '<LOCALNET>.7.226':445
- '<LOCALNET>.7.227':445
- '<LOCALNET>.7.193':445
- '<LOCALNET>.7.230':445
- '<LOCALNET>.7.175':445
- '<LOCALNET>.8.66':445
- '<LOCALNET>.8.70':445
- '<LOCALNET>.8.165':445
- '<LOCALNET>.8.166':445
- '<LOCALNET>.8.167':445
- '<LOCALNET>.8.168':445
- '<LOCALNET>.8.169':445
- '<LOCALNET>.8.163':445
- '<LOCALNET>.8.164':445
- '<LOCALNET>.8.170':445
- '<LOCALNET>.8.173':445
- '<LOCALNET>.8.174':445
- '<LOCALNET>.8.175':445
- '<LOCALNET>.8.176':445
- '<LOCALNET>.8.177':445
- '<LOCALNET>.8.171':445
- '<LOCALNET>.8.172':445
- '<LOCALNET>.8.162':445
- '<LOCALNET>.8.160':445
- '<LOCALNET>.8.179':445
- '<LOCALNET>.8.147':445
- '<LOCALNET>.8.148':445
- '<LOCALNET>.8.149':445
- '<LOCALNET>.8.150':445
- '<LOCALNET>.8.151':445
- '<LOCALNET>.8.152':445
- '<LOCALNET>.8.153':445
- '<LOCALNET>.8.154':445
- '<LOCALNET>.8.155':445
- '<LOCALNET>.8.156':445
- '<LOCALNET>.8.157':445
- '<LOCALNET>.8.158':445
- '<LOCALNET>.8.159':445
- '<LOCALNET>.8.178':445
- '<LOCALNET>.8.145':445
- '<LOCALNET>.8.161':445
- '<LOCALNET>.8.142':445
- '<LOCALNET>.8.180':445
- '<LOCALNET>.8.201':445
- '<LOCALNET>.8.202':445
- '<LOCALNET>.8.203':445
- '<LOCALNET>.8.204':445
- '<LOCALNET>.8.205':445
- '<LOCALNET>.8.206':445
- '<LOCALNET>.8.207':445
- '<LOCALNET>.8.208':445
- '<LOCALNET>.8.209':445
- '<LOCALNET>.8.210':445
- '<LOCALNET>.8.211':445
- '<LOCALNET>.8.212':445
- '<LOCALNET>.8.213':445
- '<LOCALNET>.8.214':445
- '<LOCALNET>.8.215':445
- '<LOCALNET>.8.200':445
- '<LOCALNET>.8.144':445
- '<LOCALNET>.8.146':445
- '<LOCALNET>.8.197':445
- '<LOCALNET>.8.182':445
- '<LOCALNET>.8.183':445
- '<LOCALNET>.8.184':445
- '<LOCALNET>.8.185':445
- '<LOCALNET>.8.186':445
- '<LOCALNET>.8.187':445
- '<LOCALNET>.8.188':445
- '<LOCALNET>.8.189':445
- '<LOCALNET>.8.190':445
- '<LOCALNET>.8.191':445
- '<LOCALNET>.8.192':445
- '<LOCALNET>.8.193':445
- '<LOCALNET>.8.194':445
- '<LOCALNET>.8.195':445
- '<LOCALNET>.8.196':445
- '<LOCALNET>.8.198':445
- '<LOCALNET>.8.181':445
- '<LOCALNET>.8.143':445
- '<LOCALNET>.8.141':445
- '<LOCALNET>.7.76':445
- '<LOCALNET>.8.90':445
- '<LOCALNET>.8.91':445
- '<LOCALNET>.8.92':445
- '<LOCALNET>.8.93':445
- '<LOCALNET>.8.94':445
- '<LOCALNET>.8.95':445
- '<LOCALNET>.8.96':445
- '<LOCALNET>.8.97':445
- '<LOCALNET>.8.98':445
- '<LOCALNET>.8.99':445
- '<LOCALNET>.8.100':445
- '<LOCALNET>.8.101':445
- '<LOCALNET>.8.102':445
- '<LOCALNET>.8.87':445
- '<LOCALNET>.8.86':445
- '<LOCALNET>.8.89':445
- '<LOCALNET>.8.88':445
- '<LOCALNET>.8.103':445
- '<LOCALNET>.8.67':445
- '<LOCALNET>.8.71':445
- '<LOCALNET>.8.72':445
- '<LOCALNET>.8.73':445
- '<LOCALNET>.8.74':445
- '<LOCALNET>.8.75':445
- '<LOCALNET>.8.76':445
- '<LOCALNET>.8.77':445
- '<LOCALNET>.8.78':445
- '<LOCALNET>.8.79':445
- '<LOCALNET>.8.80':445
- '<LOCALNET>.8.81':445
- '<LOCALNET>.8.82':445
- '<LOCALNET>.8.83':445
- '<LOCALNET>.8.85':445
- '<LOCALNET>.8.69':445
- '<LOCALNET>.8.84':445
- '<LOCALNET>.8.68':445
- '<LOCALNET>.8.104':445
- '<LOCALNET>.8.108':445
- '<LOCALNET>.8.128':445
- '<LOCALNET>.8.129':445
- '<LOCALNET>.8.130':445
- '<LOCALNET>.8.131':445
- '<LOCALNET>.8.132':445
- '<LOCALNET>.8.133':445
- '<LOCALNET>.8.134':445
- '<LOCALNET>.8.135':445
- '<LOCALNET>.8.136':445
- '<LOCALNET>.8.137':445
- '<LOCALNET>.8.138':445
- '<LOCALNET>.8.139':445
- '<LOCALNET>.8.140':445
- '<LOCALNET>.8.125':445
- '<LOCALNET>.8.124':445
- '<LOCALNET>.8.127':445
- '<LOCALNET>.8.126':445
- '<LOCALNET>.8.105':445
- '<LOCALNET>.8.106':445
- '<LOCALNET>.8.109':445
- '<LOCALNET>.8.110':445
- '<LOCALNET>.8.111':445
- '<LOCALNET>.8.112':445
- '<LOCALNET>.8.113':445
- '<LOCALNET>.8.114':445
- '<LOCALNET>.8.115':445
- '<LOCALNET>.8.116':445
- '<LOCALNET>.8.117':445
- '<LOCALNET>.8.118':445
- '<LOCALNET>.8.119':445
- '<LOCALNET>.8.120':445
- '<LOCALNET>.8.121':445
- '<LOCALNET>.8.123':445
- '<LOCALNET>.8.107':445
- '<LOCALNET>.8.122':445
- '<LOCALNET>.7.172':445
- '<LOCALNET>.7.171':445
- '<LOCALNET>.7.170':445
- '<LOCALNET>.6.224':445
- '<LOCALNET>.6.225':445
- '<LOCALNET>.6.226':445
- '<LOCALNET>.6.227':445
- '<LOCALNET>.6.221':445
- '<LOCALNET>.6.228':445
- '<LOCALNET>.6.223':445
- '<LOCALNET>.6.230':445
- '<LOCALNET>.6.232':445
- '<LOCALNET>.6.233':445
- '<LOCALNET>.6.234':445
- '<LOCALNET>.6.235':445
- '<LOCALNET>.6.229':445
- '<LOCALNET>.6.220':445
- '<LOCALNET>.6.231':445
- '<LOCALNET>.6.219':445
- '<LOCALNET>.6.203':445
- '<LOCALNET>.6.238':445
- '<LOCALNET>.6.206':445
- '<LOCALNET>.6.207':445
- '<LOCALNET>.6.208':445
- '<LOCALNET>.6.209':445
- '<LOCALNET>.6.210':445
- '<LOCALNET>.6.211':445
- '<LOCALNET>.6.212':445
- '<LOCALNET>.6.213':445
- '<LOCALNET>.6.214':445
- '<LOCALNET>.6.215':445
- '<LOCALNET>.6.216':445
- '<LOCALNET>.6.217':445
- '<LOCALNET>.6.236':445
- '<LOCALNET>.6.237':445
- '<LOCALNET>.6.204':445
- '<LOCALNET>.6.218':445
- '<LOCALNET>.7.19':445
- '<LOCALNET>.6.239':445
- '<LOCALNET>.7.4':445
- '<LOCALNET>.7.5':445
- '<LOCALNET>.7.6':445
- '<LOCALNET>.7.7':445
- '<LOCALNET>.7.8':445
- '<LOCALNET>.7.9':445
- '<LOCALNET>.7.10':445
- '<LOCALNET>.7.11':445
- '<LOCALNET>.7.12':445
- '<LOCALNET>.7.13':445
- '<LOCALNET>.7.14':445
- '<LOCALNET>.7.15':445
- '<LOCALNET>.7.16':445
- '<LOCALNET>.7.17':445
- '<LOCALNET>.7.2':445
- '<LOCALNET>.6.202':445
- '<LOCALNET>.7.1':445
- '<LOCALNET>.6.205':445
- '<LOCALNET>.6.240':445
- '<LOCALNET>.6.241':445
- '<LOCALNET>.6.242':445
- '<LOCALNET>.6.243':445
- '<LOCALNET>.6.244':445
- '<LOCALNET>.6.245':445
- '<LOCALNET>.6.246':445
- '<LOCALNET>.6.247':445
- '<LOCALNET>.6.248':445
- '<LOCALNET>.6.249':445
- '<LOCALNET>.6.250':445
- '<LOCALNET>.6.251':445
- '<LOCALNET>.6.252':445
- '<LOCALNET>.6.253':445
- '<LOCALNET>.6.254':445
- '<LOCALNET>.7.0':445
- '<LOCALNET>.6.201':445
- '<LOCALNET>.7.3':445
- '<LOCALNET>.6.200':445
- '<LOCALNET>.6.199':445
- '<LOCALNET>.6.146':445
- '<LOCALNET>.6.149':445
- '<LOCALNET>.6.150':445
- '<LOCALNET>.6.151':445
- '<LOCALNET>.6.152':445
- '<LOCALNET>.6.153':445
- '<LOCALNET>.6.154':445
- '<LOCALNET>.6.155':445
- '<LOCALNET>.6.156':445
- '<LOCALNET>.6.157':445
- '<LOCALNET>.6.158':445
- '<LOCALNET>.6.159':445
- '<LOCALNET>.6.160':445
- '<LOCALNET>.6.145':445
- '<LOCALNET>.6.161':445
- '<LOCALNET>.7.18':445
- '<LOCALNET>.6.148':445
- '<LOCALNET>.6.162':445
- '<LOCALNET>.6.144':445
- '<LOCALNET>.6.127':445
- '<LOCALNET>.6.129':445
- '<LOCALNET>.6.130':445
- '<LOCALNET>.6.131':445
- '<LOCALNET>.6.132':445
- '<LOCALNET>.6.133':445
- '<LOCALNET>.6.134':445
- '<LOCALNET>.6.128':445
- '<LOCALNET>.6.135':445
- '<LOCALNET>.6.137':445
- '<LOCALNET>.6.138':445
- '<LOCALNET>.6.139':445
- '<LOCALNET>.6.140':445
- '<LOCALNET>.6.141':445
- '<LOCALNET>.6.143':445
- '<LOCALNET>.6.136':445
- '<LOCALNET>.6.142':445
- '<LOCALNET>.6.255':445
- '<LOCALNET>.6.164':445
- '<LOCALNET>.6.166':445
- '<LOCALNET>.6.186':445
- '<LOCALNET>.6.187':445
- '<LOCALNET>.6.188':445
- '<LOCALNET>.6.189':445
- '<LOCALNET>.6.190':445
- '<LOCALNET>.6.191':445
- '<LOCALNET>.6.192':445
- '<LOCALNET>.6.193':445
- '<LOCALNET>.6.194':445
- '<LOCALNET>.6.195':445
- '<LOCALNET>.6.196':445
- '<LOCALNET>.6.197':445
- '<LOCALNET>.6.198':445
- '<LOCALNET>.6.183':445
- '<LOCALNET>.6.182':445
- '<LOCALNET>.6.185':445
- '<LOCALNET>.6.184':445
- '<LOCALNET>.6.163':445
- '<LOCALNET>.6.147':445
- '<LOCALNET>.6.167':445
- '<LOCALNET>.6.168':445
- '<LOCALNET>.6.169':445
- '<LOCALNET>.6.170':445
- '<LOCALNET>.6.171':445
- '<LOCALNET>.6.172':445
- '<LOCALNET>.6.173':445
- '<LOCALNET>.6.174':445
- '<LOCALNET>.6.175':445
- '<LOCALNET>.6.176':445
- '<LOCALNET>.6.177':445
- '<LOCALNET>.6.178':445
- '<LOCALNET>.6.179':445
- '<LOCALNET>.6.181':445
- '<LOCALNET>.6.165':445
- '<LOCALNET>.6.180':445
- '<LOCALNET>.6.222':445
- '<LOCALNET>.7.20':445
- '<LOCALNET>.7.117':445
- '<LOCALNET>.7.119':445
- '<LOCALNET>.7.120':445
- '<LOCALNET>.7.121':445
- '<LOCALNET>.7.122':445
- '<LOCALNET>.7.123':445
- '<LOCALNET>.7.124':445
- '<LOCALNET>.7.125':445
- '<LOCALNET>.7.126':445
- '<LOCALNET>.7.127':445
- '<LOCALNET>.7.128':445
- '<LOCALNET>.7.129':445
- '<LOCALNET>.7.130':445
- '<LOCALNET>.7.131':445
- '<LOCALNET>.7.116':445
- '<LOCALNET>.7.115':445
- '<LOCALNET>.7.118':445
- '<LOCALNET>.7.21':445
- '<LOCALNET>.7.132':445
- '<LOCALNET>.7.97':445
- '<LOCALNET>.7.100':445
- '<LOCALNET>.7.101':445
- '<LOCALNET>.7.102':445
- '<LOCALNET>.7.103':445
- '<LOCALNET>.7.104':445
- '<LOCALNET>.7.105':445
- '<LOCALNET>.7.106':445
- '<LOCALNET>.7.107':445
- '<LOCALNET>.7.108':445
- '<LOCALNET>.7.109':445
- '<LOCALNET>.7.110':445
- '<LOCALNET>.7.111':445
- '<LOCALNET>.7.112':445
- '<LOCALNET>.7.114':445
- '<LOCALNET>.7.98':445
- '<LOCALNET>.7.113':445
- '<LOCALNET>.7.99':445
- '<LOCALNET>.7.133':445
- '<LOCALNET>.7.137':445
- '<LOCALNET>.7.157':445
- '<LOCALNET>.7.158':445
- '<LOCALNET>.7.159':445
- '<LOCALNET>.7.160':445
- '<LOCALNET>.7.161':445
- '<LOCALNET>.7.162':445
- '<LOCALNET>.7.163':445
- '<LOCALNET>.7.164':445
- '<LOCALNET>.7.165':445
- '<LOCALNET>.7.166':445
- '<LOCALNET>.7.167':445
- '<LOCALNET>.7.168':445
- '<LOCALNET>.7.169':445
- '<LOCALNET>.7.154':445
- '<LOCALNET>.7.153':445
- '<LOCALNET>.7.156':445
- '<LOCALNET>.7.155':445
- '<LOCALNET>.7.134':445
- '<LOCALNET>.7.135':445
- '<LOCALNET>.7.138':445
- '<LOCALNET>.7.139':445
- '<LOCALNET>.7.140':445
- '<LOCALNET>.7.141':445
- '<LOCALNET>.7.142':445
- '<LOCALNET>.7.143':445
- '<LOCALNET>.7.144':445
- '<LOCALNET>.7.145':445
- '<LOCALNET>.7.146':445
- '<LOCALNET>.7.147':445
- '<LOCALNET>.7.148':445
- '<LOCALNET>.7.149':445
- '<LOCALNET>.7.150':445
- '<LOCALNET>.7.152':445
- '<LOCALNET>.7.136':445
- '<LOCALNET>.7.151':445
- '<LOCALNET>.8.199':445
- '<LOCALNET>.8.216':445
- '<LOCALNET>.7.94':445
- '<LOCALNET>.7.43':445
- '<LOCALNET>.7.44':445
- '<LOCALNET>.7.45':445
- '<LOCALNET>.7.46':445
- '<LOCALNET>.7.47':445
- '<LOCALNET>.7.48':445
- '<LOCALNET>.7.49':445
- '<LOCALNET>.7.50':445
- '<LOCALNET>.7.51':445
- '<LOCALNET>.7.52':445
- '<LOCALNET>.7.53':445
- '<LOCALNET>.7.54':445
- '<LOCALNET>.7.55':445
- '<LOCALNET>.7.40':445
- '<LOCALNET>.7.38':445
- '<LOCALNET>.7.42':445
- '<LOCALNET>.7.95':445
- '<LOCALNET>.7.56':445
- '<LOCALNET>.7.37':445
- '<LOCALNET>.7.23':445
- '<LOCALNET>.7.24':445
- '<LOCALNET>.7.25':445
- '<LOCALNET>.7.26':445
- '<LOCALNET>.7.27':445
- '<LOCALNET>.7.28':445
- '<LOCALNET>.7.22':445
- '<LOCALNET>.7.29':445
- '<LOCALNET>.7.31':445
- '<LOCALNET>.7.32':445
- '<LOCALNET>.7.33':445
- '<LOCALNET>.7.34':445
- '<LOCALNET>.7.35':445
- '<LOCALNET>.7.36':445
- '<LOCALNET>.7.30':445
- '<LOCALNET>.7.39':445
- '<LOCALNET>.7.96':445
- '<LOCALNET>.7.57':445
- '<LOCALNET>.7.60':445
- '<LOCALNET>.7.80':445
- '<LOCALNET>.7.81':445
- '<LOCALNET>.7.82':445
- '<LOCALNET>.7.83':445
- '<LOCALNET>.7.84':445
- '<LOCALNET>.7.85':445
- '<LOCALNET>.7.86':445
- '<LOCALNET>.7.87':445
- '<LOCALNET>.7.88':445
- '<LOCALNET>.7.89':445
- '<LOCALNET>.7.90':445
- '<LOCALNET>.7.91':445
- '<LOCALNET>.7.92':445
- '<LOCALNET>.7.93':445
- '<LOCALNET>.7.58':445
- '<LOCALNET>.7.79':445
- '<LOCALNET>.7.59':445
- '<LOCALNET>.7.78':445
- '<LOCALNET>.7.41':445
- '<LOCALNET>.7.61':445
- '<LOCALNET>.7.62':445
- '<LOCALNET>.7.63':445
- '<LOCALNET>.7.64':445
- '<LOCALNET>.7.65':445
- '<LOCALNET>.7.66':445
- '<LOCALNET>.7.67':445
- '<LOCALNET>.7.68':445
- '<LOCALNET>.7.69':445
- '<LOCALNET>.7.70':445
- '<LOCALNET>.7.71':445
- '<LOCALNET>.7.72':445
- '<LOCALNET>.7.73':445
- '<LOCALNET>.7.74':445
- '<LOCALNET>.7.75':445
- '<LOCALNET>.7.77':445
- '<LOCALNET>.8.217':445
- http://64.#27.8.3/jdU9
- http://64.#27.8.3/cx
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK ip###ger.org
- ClassName: 'EDIT' WindowName: ''
- '%PROGRAMDATA%\realtekhd\taskhostw.exe'
- '%PROGRAMDATA%\install\taskhosta.exe'
- '%PROGRAMDATA%\windowstask\scaner.exe' -pnaxui
- '%PROGRAMDATA%\rundll\start.exe'
- '%WINDIR%\syswow64\wscript.exe' "%PROGRAMDATA%\RunDLL\start.vbs"
- '%PROGRAMDATA%\rundll\rundll.exe'
- '%PROGRAMDATA%\rundll\system.exe' TCP 192.168.1.1 445 150 /save
- '%PROGRAMDATA%\rundll\eternalblue-2.2.0.exe' --inconfig Eternalblue-2.2.0.xml --NetworkTimeout 60 --TargetIp Scan --TargetPort 445 --Target WIN72K8R2
- '%PROGRAMDATA%\rundll\system.exe' TCP 10.0.38.19/16 445 150 /save
- '%WINDIR%\syswow64\cmd.exe' /c sc delete swprv' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c Rundll.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "system.exe TCP 192.168.1.1 445 150 /save"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "Eternalblue-2.2.0.exe --inconfig Eternalblue-2.2.0.xml --NetworkTimeout 60 --TargetIp Scan --TargetPort 445 --Target WIN72K8R2"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c "system.exe TCP 10.0.38.19/16 445 150 /save"' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c sc delete swprv
- '%WINDIR%\syswow64\sc.exe' delete swprv
- '%WINDIR%\syswow64\rundll32.exe' "%WINDIR%\syswow64\WININET.dll",DispatchAPICall 1
- '%WINDIR%\syswow64\cmd.exe' /c Rundll.exe
- '%WINDIR%\syswow64\cmd.exe' /c "system.exe TCP 192.168.1.1 445 150 /save"
- '%WINDIR%\syswow64\cmd.exe' /c "Eternalblue-2.2.0.exe --inconfig Eternalblue-2.2.0.xml --NetworkTimeout 60 --TargetIp Scan --TargetPort 445 --Target WIN72K8R2"
- '%WINDIR%\syswow64\cmd.exe' /c "system.exe TCP 10.0.38.19/16 445 150 /save"