Defend what you create

Other Resources

Close

Library
My library

+ Add to library

Contact us
24/7 Tech support | Rules regarding submitting

Send a message

Your tickets

Profile

Python.Exploit.15

Added to the Dr.Web virus database: 2019-03-22

Virus description added:

Technical Information

Modifies file system
Creates the following files
  • %TEMP%\_mei18522\crypto.cipher._aes.pyd
  • %TEMP%\_mei18522\include\pyconfig.h
  • %TEMP%\_mei18522\win32wnet.pyd
  • %TEMP%\_mei18522\win32pipe.pyd
  • %TEMP%\_mei18522\win32event.pyd
  • %TEMP%\_mei18522\win32api.pyd
  • %TEMP%\_mei18522\unicodedata.pyd
  • %TEMP%\_mei18522\select.pyd
  • %TEMP%\_mei18522\pywintypes27.dll
  • %TEMP%\_mei18522\python27.dll
  • %TEMP%\_mei18522\pyexpat.pyd
  • %TEMP%\_mei18522\msvcr90.dll
  • %TEMP%\_mei18522\msvcp90.dll
  • %TEMP%\_mei18522\msvcm90.dll
  • %TEMP%\_mei18522\ii.exe.manifest
  • <Current directory>\m2.ps1
  • %TEMP%\_mei18522\bz2.pyd
  • %TEMP%\_mei18522\_socket.pyd
  • %TEMP%\_mei18522\_multiprocessing.pyd
  • %TEMP%\_mei18522\_mssql.pyd
  • %TEMP%\_mei18522\_hashlib.pyd
  • %TEMP%\_mei18522\_ctypes.pyd
  • %TEMP%\_mei18522\microsoft.vc90.crt.manifest
  • %TEMP%\_mei18522\crypto.util.strxor.pyd
  • %TEMP%\_mei18522\crypto.util._counter.pyd
  • %TEMP%\_mei18522\crypto.random.osrng.winrandom.pyd
  • %TEMP%\_mei18522\crypto.hash._sha256.pyd
  • %TEMP%\_mei18522\crypto.hash._md4.pyd
  • %TEMP%\_mei18522\crypto.cipher._des3.pyd
  • %TEMP%\_mei18522\crypto.cipher._des.pyd
  • %TEMP%\_mei18522\crypto.cipher._arc4.pyd
  • %TEMP%\_mei18522\_ssl.pyd
  • <Current directory>\mkatz.ini
Network activity
Connects to
  • '<LOCALNET_GATEWAY>':445
  • '<LOCALNET>.1.180':445
  • '<LOCALNET>.1.181':445
  • '<LOCALNET>.1.182':445
  • '<LOCALNET>.1.183':445
  • '<LOCALNET>.1.184':445
  • '<LOCALNET>.1.185':445
  • '<LOCALNET>.1.186':445
  • '<LOCALNET>.1.187':445
  • '<LOCALNET>.1.188':445
  • '<LOCALNET>.1.189':445
  • '<LOCALNET>.1.190':445
  • '<LOCALNET>.1.177':445
  • '<LOCALNET>.1.191':445
  • '<LOCALNET>.1.179':445
  • '<LOCALNET>.1.193':445
  • '<LOCALNET>.1.195':445
  • '<LOCALNET>.1.196':445
  • '<LOCALNET>.1.197':445
  • '<LOCALNET>.1.198':445
  • '<LOCALNET>.1.3':1433
  • '<LOCALNET>.1.2':1433
  • '<LOCALNET>.1.199':445
  • '<LOCALNET>.1.200':445
  • '<LOCALNET>.1.7':1433
  • '<LOCALNET>.1.6':1433
  • '<LOCALNET>.1.5':1433
  • '<LOCALNET>.1.192':445
  • '<LOCALNET>.1.4':1433
  • '<LOCALNET>.1.194':445
  • '<LOCALNET>.1.178':445
  • '<LOCALNET>.1.176':445
  • '<LOCALNET>.1.175':445
  • '<LOCALNET>.1.147':445
  • '<LOCALNET>.1.148':445
  • '<LOCALNET>.1.149':445
  • '<LOCALNET>.1.150':445
  • '<LOCALNET>.1.151':445
  • '<LOCALNET>.1.152':445
  • '<LOCALNET>.1.153':445
  • '<LOCALNET>.1.154':445
  • '<LOCALNET>.1.155':445
  • '<LOCALNET>.1.156':445
  • '<LOCALNET>.1.157':445
  • '<LOCALNET>.1.158':445
  • '<LOCALNET>.1.145':445
  • '<LOCALNET>.1.159':445
  • '<LOCALNET>.1.161':445
  • '<LOCALNET>.1.162':445
  • '<LOCALNET>.1.163':445
  • '<LOCALNET>.1.164':445
  • '<LOCALNET>.1.165':445
  • '<LOCALNET>.1.166':445
  • '<LOCALNET>.1.167':445
  • '<LOCALNET>.1.168':445
  • '<LOCALNET>.1.169':445
  • '<LOCALNET>.1.170':445
  • '<LOCALNET>.1.171':445
  • '<LOCALNET>.1.172':445
  • '<LOCALNET>.1.173':445
  • '<LOCALNET>.1.160':445
  • '<LOCALNET>.1.174':445
  • '<LOCALNET>.1.144':445
  • '<LOCALNET>.1.146':445
  • '<LOCALNET>.1.201':445
  • '<LOCALNET>.1.10':1433
  • '<LOCALNET>.1.30':1433
  • '<LOCALNET>.1.215':445
  • '<LOCALNET>.1.216':445
  • '<LOCALNET>.1.33':1433
  • '<LOCALNET>.1.32':1433
  • '<LOCALNET>.1.217':445
  • '<LOCALNET>.1.218':445
  • '<LOCALNET>.1.219':445
  • '<LOCALNET>.1.35':1433
  • '<LOCALNET>.1.34':1433
  • '<LOCALNET>.1.36':1433
  • '<LOCALNET>.1.220':445
  • '<LOCALNET>.1.214':445
  • '<LOCALNET>.1.31':1433
  • '<LOCALNET>.1.221':445
  • '<LOCALNET>.1.222':445
  • '<LOCALNET>.1.223':445
  • '<LOCALNET>.1.224':445
  • '<LOCALNET>.1.40':1433
  • '<LOCALNET>.1.39':1433
  • '<LOCALNET>.1.225':445
  • '<LOCALNET>.1.226':445
  • '<LOCALNET>.1.41':1433
  • '<LOCALNET>.1.227':445
  • '<LOCALNET>.1.228':445
  • '<LOCALNET>.1.229':445
  • '<LOCALNET>.1.230':445
  • '<LOCALNET>.1.38':1433
  • '<LOCALNET>.1.37':1433
  • '<LOCALNET>.1.213':445
  • '<LOCALNET>.1.27':1433
  • '<LOCALNET>.1.232':445
  • '<LOCALNET>.1.9':1433
  • '<LOCALNET>.1.8':1433
  • '<LOCALNET>.1.203':445
  • '<LOCALNET>.1.204':445
  • '<LOCALNET>.1.16':1433
  • '<LOCALNET>.1.15':1433
  • '<LOCALNET>.1.14':1433
  • '<LOCALNET>.1.13':1433
  • '<LOCALNET>.1.205':445
  • '<LOCALNET>.1.206':445
  • '<LOCALNET>.1.20':1433
  • '<LOCALNET>.1.19':1433
  • '<LOCALNET>.1.18':1433
  • '<LOCALNET>.1.17':1433
  • '<LOCALNET>.1.207':445
  • '<LOCALNET>.1.21':1433
  • '<LOCALNET>.1.23':1433
  • '<LOCALNET>.1.22':1433
  • '<LOCALNET>.1.208':445
  • '<LOCALNET>.1.209':445
  • '<LOCALNET>.1.26':1433
  • '<LOCALNET>.1.24':1433
  • '<LOCALNET>.1.25':1433
  • '<LOCALNET>.1.210':445
  • '<LOCALNET>.1.211':445
  • '<LOCALNET>.1.29':1433
  • '<LOCALNET>.1.28':1433
  • '<LOCALNET>.1.202':445
  • '<LOCALNET>.1.11':1433
  • '<LOCALNET>.1.12':1433
  • '<LOCALNET>.1.212':445
  • '<LOCALNET>.1.231':445
  • '<LOCALNET>.1.141':445
  • '<LOCALNET>.1.52':445
  • '<LOCALNET>.1.53':445
  • '<LOCALNET>.1.54':445
  • '<LOCALNET>.1.55':445
  • '<LOCALNET>.1.56':445
  • '<LOCALNET>.1.57':445
  • '<LOCALNET>.1.58':445
  • '<LOCALNET>.1.59':445
  • '<LOCALNET>.1.60':445
  • '<LOCALNET>.1.61':445
  • '<LOCALNET>.1.48':445
  • '<LOCALNET>.1.62':445
  • '<LOCALNET>.1.64':445
  • '<LOCALNET>.1.51':445
  • '<LOCALNET>.1.65':445
  • '<LOCALNET>.1.67':445
  • '<LOCALNET>.1.68':445
  • '<LOCALNET>.1.69':445
  • '<LOCALNET>.1.70':445
  • '<LOCALNET>.1.71':445
  • '<LOCALNET>.1.72':445
  • '<LOCALNET>.1.73':445
  • '<LOCALNET>.1.74':445
  • '<LOCALNET>.1.75':445
  • '<LOCALNET>.1.76':445
  • '<LOCALNET>.1.63':445
  • '<LOCALNET>.1.47':445
  • '<LOCALNET>.1.142':445
  • '<LOCALNET>.1.66':445
  • '<LOCALNET>.1.50':445
  • '<LOCALNET>.1.46':445
  • '<LOCALNET>.1.45':445
  • '<LOCALNET>.1.19':445
  • '<LOCALNET>.1.20':445
  • '<LOCALNET>.1.21':445
  • '<LOCALNET>.1.22':445
  • '<LOCALNET>.1.23':445
  • '<LOCALNET>.1.24':445
  • '<LOCALNET>.1.25':445
  • '<LOCALNET>.1.26':445
  • '<LOCALNET>.1.27':445
  • '<LOCALNET>.1.28':445
  • '<LOCALNET>.1.29':445
  • '<LOCALNET>.1.30':445
  • '<LOCALNET>.1.17':445
  • '<LOCALNET>.1.31':445
  • '<LOCALNET>.1.33':445
  • '<LOCALNET>.1.34':445
  • '<LOCALNET>.1.35':445
  • '<LOCALNET>.1.36':445
  • '<LOCALNET>.1.37':445
  • '<LOCALNET>.1.38':445
  • '<LOCALNET>.1.39':445
  • '<LOCALNET>.1.40':445
  • '<LOCALNET>.1.41':445
  • '<LOCALNET>.1.42':445
  • '<LOCALNET>.1.43':445
  • '<LOCALNET>.1.44':445
  • '<LOCALNET>.1.77':445
  • '<LOCALNET>.1.32':445
  • '<LOCALNET>.1.16':445
  • '<LOCALNET>.1.49':445
  • '<LOCALNET>.1.143':445
  • '<LOCALNET>.1.78':445
  • '<LOCALNET>.1.83':445
  • '<LOCALNET>.1.117':445
  • '<LOCALNET>.1.118':445
  • '<LOCALNET>.1.119':445
  • '<LOCALNET>.1.120':445
  • '<LOCALNET>.1.121':445
  • '<LOCALNET>.1.122':445
  • '<LOCALNET>.1.123':445
  • '<LOCALNET>.1.124':445
  • '<LOCALNET>.1.125':445
  • '<LOCALNET>.1.126':445
  • '<LOCALNET>.1.113':445
  • '<LOCALNET>.1.127':445
  • '<LOCALNET>.1.129':445
  • '<LOCALNET>.1.116':445
  • '<LOCALNET>.1.130':445
  • '<LOCALNET>.1.132':445
  • '<LOCALNET>.1.133':445
  • '<LOCALNET>.1.134':445
  • '<LOCALNET>.1.135':445
  • '<LOCALNET>.1.136':445
  • '<LOCALNET>.1.137':445
  • '<LOCALNET>.1.138':445
  • '<LOCALNET>.1.139':445
  • '<LOCALNET>.1.140':445
  • '<LOCALNET>.1.1':1433
  • '<LOCALNET>.1.128':445
  • '<LOCALNET>.1.112':445
  • '<LOCALNET>.1.80':445
  • '<LOCALNET>.1.131':445
  • '<LOCALNET>.1.115':445
  • '<LOCALNET>.1.111':445
  • '<LOCALNET>.1.110':445
  • '<LOCALNET>.1.84':445
  • '<LOCALNET>.1.85':445
  • '<LOCALNET>.1.86':445
  • '<LOCALNET>.1.87':445
  • '<LOCALNET>.1.88':445
  • '<LOCALNET>.1.89':445
  • '<LOCALNET>.1.90':445
  • '<LOCALNET>.1.91':445
  • '<LOCALNET>.1.92':445
  • '<LOCALNET>.1.93':445
  • '<LOCALNET>.1.94':445
  • '<LOCALNET>.1.95':445
  • '<LOCALNET>.1.82':445
  • '<LOCALNET>.1.96':445
  • '<LOCALNET>.1.98':445
  • '<LOCALNET>.1.99':445
  • '<LOCALNET>.1.100':445
  • '<LOCALNET>.1.101':445
  • '<LOCALNET>.1.102':445
  • '<LOCALNET>.1.103':445
  • '<LOCALNET>.1.104':445
  • '<LOCALNET>.1.105':445
  • '<LOCALNET>.1.106':445
  • '<LOCALNET>.1.107':445
  • '<LOCALNET>.1.108':445
  • '<LOCALNET>.1.109':445
  • '<LOCALNET>.1.79':445
  • '<LOCALNET>.1.97':445
  • '<LOCALNET>.1.81':445
  • '<LOCALNET>.1.114':445
  • '<LOCALNET>.0.104':1433
  • '<LOCALNET>.1.233':445
  • '<LOCALNET>.1.189':1433
  • '<LOCALNET>.1.186':1433
  • '<LOCALNET>.1.193':1433
  • '<LOCALNET>.1.192':1433
  • '<LOCALNET>.1.191':1433
  • '<LOCALNET>.1.190':1433
  • '<LOCALNET>.1.197':1433
  • '<LOCALNET>.1.196':1433
  • '<LOCALNET>.1.195':1433
  • '<LOCALNET>.1.194':1433
  • '<LOCALNET>.1.200':1433
  • '<LOCALNET>.1.182':1433
  • '<LOCALNET>.1.199':1433
  • '<LOCALNET>.1.202':1433
  • '<LOCALNET>.1.187':1433
  • '<LOCALNET>.1.201':1433
  • '<LOCALNET>.1.206':1433
  • '<LOCALNET>.1.205':1433
  • '<LOCALNET>.1.204':1433
  • '<LOCALNET>.1.207':1433
  • '<LOCALNET>.1.209':1433
  • '<LOCALNET>.1.208':1433
  • '<LOCALNET>.1.211':1433
  • '<LOCALNET>.1.210':1433
  • '<LOCALNET>.1.213':1433
  • '<LOCALNET>.1.212':1433
  • '<LOCALNET>.1.198':1433
  • '<LOCALNET>.1.183':1433
  • '<LOCALNET>.1.154':1433
  • '<LOCALNET>.1.203':1433
  • '<LOCALNET>.1.188':1433
  • '<LOCALNET>.1.184':1433
  • '<LOCALNET>.1.185':1433
  • '<LOCALNET>.1.150':1433
  • '<LOCALNET>.1.162':1433
  • '<LOCALNET>.1.161':1433
  • '<LOCALNET>.1.160':1433
  • '<LOCALNET>.1.159':1433
  • '<LOCALNET>.1.158':1433
  • '<LOCALNET>.1.157':1433
  • '<LOCALNET>.1.167':1433
  • '<LOCALNET>.1.166':1433
  • '<LOCALNET>.1.165':1433
  • '<LOCALNET>.1.164':1433
  • '<LOCALNET>.1.163':1433
  • '<LOCALNET>.1.152':1433
  • '<LOCALNET>.1.170':1433
  • '<LOCALNET>.1.168':1433
  • '<LOCALNET>.1.173':1433
  • '<LOCALNET>.1.172':1433
  • '<LOCALNET>.1.171':1433
  • '<LOCALNET>.1.174':1433
  • '<LOCALNET>.1.178':1433
  • '<LOCALNET>.1.177':1433
  • '<LOCALNET>.1.176':1433
  • '<LOCALNET>.1.175':1433
  • '<LOCALNET>.1.181':1433
  • '<LOCALNET>.1.180':1433
  • '<LOCALNET>.1.179':1433
  • '<LOCALNET>.1.216':1433
  • '<LOCALNET>.1.169':1433
  • '<LOCALNET>.1.153':1433
  • '<LOCALNET>.1.215':1433
  • '<LOCALNET>.1.151':1433
  • '<LOCALNET>.1.219':1433
  • '<LOCALNET>.1.221':1433
  • '<LOCALNET>.1.254':1433
  • '<LOCALNET>.1.253':1433
  • '<LOCALNET>.2.1':445
  • '<LOCALNET>.2.2':445
  • '<LOCALNET>.2.3':445
  • '<LOCALNET>.2.4':445
  • '<LOCALNET>.2.5':445
  • '<LOCALNET>.2.6':445
  • '<LOCALNET>.2.7':445
  • '<LOCALNET>.2.8':445
  • '<LOCALNET>.2.9':445
  • '<LOCALNET>.1.250':1433
  • '<LOCALNET>.2.10':445
  • '<LOCALNET>.1.248':1433
  • '<LOCALNET>.2.12':445
  • '<LOCALNET>.2.14':445
  • '<LOCALNET>.2.15':445
  • '<LOCALNET>.2.16':445
  • '<LOCALNET>.2.17':445
  • '<LOCALNET>.2.18':445
  • '<LOCALNET>.2.19':445
  • '<LOCALNET>.2.20':445
  • '<LOCALNET>.2.21':445
  • '<LOCALNET>.2.22':445
  • '<LOCALNET>.2.23':445
  • '<LOCALNET>.2.24':445
  • '<LOCALNET>.2.11':445
  • '<LOCALNET>.1.251':1433
  • '<LOCALNET>.2.13':445
  • '<LOCALNET>.1.252':1433
  • '<LOCALNET>.1.218':1433
  • '<LOCALNET>.1.234':445
  • '<LOCALNET>.1.220':1433
  • '<LOCALNET>.1.224':1433
  • '<LOCALNET>.1.223':1433
  • '<LOCALNET>.1.222':1433
  • '<LOCALNET>.1.226':1433
  • '<LOCALNET>.1.225':1433
  • '<LOCALNET>.1.229':1433
  • '<LOCALNET>.1.228':1433
  • '<LOCALNET>.1.227':1433
  • '<LOCALNET>.1.234':1433
  • '<LOCALNET>.1.233':1433
  • '<LOCALNET>.1.232':1433
  • '<LOCALNET>.1.231':1433
  • '<LOCALNET>.1.230':1433
  • '<LOCALNET>.1.238':1433
  • '<LOCALNET>.1.237':1433
  • '<LOCALNET>.1.236':1433
  • '<LOCALNET>.1.235':1433
  • '<LOCALNET>.1.240':1433
  • '<LOCALNET>.1.239':1433
  • '<LOCALNET>.1.243':1433
  • '<LOCALNET>.1.242':1433
  • '<LOCALNET>.1.241':1433
  • '<LOCALNET>.1.247':1433
  • '<LOCALNET>.1.246':1433
  • '<LOCALNET>.1.245':1433
  • '<LOCALNET>.1.214':1433
  • '<LOCALNET>.1.155':1433
  • '<LOCALNET>.1.217':1433
  • '<LOCALNET>.1.249':1433
  • '<LOCALNET>.1.156':1433
  • '<LOCALNET>.1.144':1433
  • '<LOCALNET>.1.55':1433
  • '<LOCALNET>.1.57':1433
  • '<LOCALNET>.1.59':1433
  • '<LOCALNET>.1.60':1433
  • '<LOCALNET>.1.62':1433
  • '<LOCALNET>.1.61':1433
  • '<LOCALNET>.1.66':1433
  • '<LOCALNET>.1.65':1433
  • '<LOCALNET>.1.64':1433
  • '<LOCALNET>.1.63':1433
  • '<LOCALNET>.1.70':1433
  • '<LOCALNET>.1.56':1433
  • '<LOCALNET>.1.69':1433
  • '<LOCALNET>.1.67':1433
  • '<LOCALNET>.1.58':1433
  • '<LOCALNET>.1.74':1433
  • '<LOCALNET>.1.72':1433
  • '<LOCALNET>.1.71':1433
  • '<LOCALNET>.1.78':1433
  • '<LOCALNET>.1.77':1433
  • '<LOCALNET>.1.76':1433
  • '<LOCALNET>.1.75':1433
  • '<LOCALNET>.1.81':1433
  • '<LOCALNET>.1.80':1433
  • '<LOCALNET>.1.79':1433
  • '<LOCALNET>.1.86':1433
  • '<LOCALNET>.1.68':1433
  • '<LOCALNET>.1.254':445
  • '<LOCALNET>.1.52':1433
  • '<LOCALNET>.1.73':1433
  • '<LOCALNET>.1.53':1433
  • '<LOCALNET>.1.43':1433
  • '<LOCALNET>.1.42':1433
  • '<LOCALNET>.1.236':445
  • '<LOCALNET>.1.237':445
  • '<LOCALNET>.1.238':445
  • '<LOCALNET>.1.46':1433
  • '<LOCALNET>.1.45':1433
  • '<LOCALNET>.1.44':1433
  • '<LOCALNET>.1.239':445
  • '<LOCALNET>.1.240':445
  • '<LOCALNET>.1.241':445
  • '<LOCALNET>.1.48':1433
  • '<LOCALNET>.1.47':1433
  • '<LOCALNET>.1.242':445
  • '<LOCALNET>.1.243':445
  • '<LOCALNET>.1.235':445
  • '<LOCALNET>.1.244':445
  • '<LOCALNET>.1.49':1433
  • '<LOCALNET>.1.245':445
  • '<LOCALNET>.1.246':445
  • '<LOCALNET>.1.247':445
  • '<LOCALNET>.1.51':1433
  • '<LOCALNET>.1.248':445
  • '<LOCALNET>.1.249':445
  • '<LOCALNET>.1.250':445
  • '<LOCALNET>.1.251':445
  • '<LOCALNET>.1.252':445
  • '<LOCALNET>.1.253':445
  • '<LOCALNET>.1.85':1433
  • '<LOCALNET>.1.84':1433
  • '<LOCALNET>.1.50':1433
  • '<LOCALNET>.1.83':1433
  • '<LOCALNET>.1.54':1433
  • '<LOCALNET>.1.82':1433
  • '<LOCALNET>.1.122':1433
  • '<LOCALNET>.1.125':1433
  • '<LOCALNET>.1.124':1433
  • '<LOCALNET>.1.123':1433
  • '<LOCALNET>.1.129':1433
  • '<LOCALNET>.1.128':1433
  • '<LOCALNET>.1.127':1433
  • '<LOCALNET>.1.126':1433
  • '<LOCALNET>.1.132':1433
  • '<LOCALNET>.1.131':1433
  • '<LOCALNET>.1.130':1433
  • '<LOCALNET>.1.135':1433
  • '<LOCALNET>.1.134':1433
  • '<LOCALNET>.1.133':1433
  • '<LOCALNET>.1.140':1433
  • '<LOCALNET>.1.139':1433
  • '<LOCALNET>.1.138':1433
  • '<LOCALNET>.1.137':1433
  • '<LOCALNET>.1.136':1433
  • '<LOCALNET>.1.143':1433
  • '<LOCALNET>.1.142':1433
  • '<LOCALNET>.1.141':1433
  • '<LOCALNET>.1.149':1433
  • '<LOCALNET>.1.148':1433
  • '<LOCALNET>.1.147':1433
  • '<LOCALNET>.1.146':1433
  • '<LOCALNET>.1.145':1433
  • '<LOCALNET>.1.120':1433
  • '<LOCALNET>.1.15':445
  • '<LOCALNET>.1.119':1433
  • '<LOCALNET>.1.121':1433
  • '<LOCALNET>.1.18':445
  • '<LOCALNET>.1.115':1433
  • '<LOCALNET>.1.90':1433
  • '<LOCALNET>.1.88':1433
  • '<LOCALNET>.1.87':1433
  • '<LOCALNET>.1.95':1433
  • '<LOCALNET>.1.94':1433
  • '<LOCALNET>.1.93':1433
  • '<LOCALNET>.1.92':1433
  • '<LOCALNET>.1.91':1433
  • '<LOCALNET>.1.99':1433
  • '<LOCALNET>.1.98':1433
  • '<LOCALNET>.1.97':1433
  • '<LOCALNET>.1.96':1433
  • '<LOCALNET>.1.103':1433
  • '<LOCALNET>.1.102':1433
  • '<LOCALNET>.1.89':1433
  • '<LOCALNET>.1.101':1433
  • '<LOCALNET>.1.106':1433
  • '<LOCALNET>.1.105':1433
  • '<LOCALNET>.1.104':1433
  • '<LOCALNET>.1.110':1433
  • '<LOCALNET>.1.109':1433
  • '<LOCALNET>.1.108':1433
  • '<LOCALNET>.1.107':1433
  • '<LOCALNET>.1.114':1433
  • '<LOCALNET>.1.113':1433
  • '<LOCALNET>.1.112':1433
  • '<LOCALNET>.1.111':1433
  • '<LOCALNET>.1.118':1433
  • '<LOCALNET>.1.116':1433
  • '<LOCALNET>.1.100':1433
  • '<LOCALNET>.1.117':1433
  • '<LOCALNET>.1.14':445
  • '<LOCALNET>.1.13':445
  • '<LOCALNET>.1.12':445
  • '<LOCALNET>.0.169':445
  • '<LOCALNET>.0.170':445
  • '<LOCALNET>.0.171':445
  • '<LOCALNET>.0.172':445
  • '<LOCALNET>.0.173':445
  • '<LOCALNET>.0.174':445
  • '<LOCALNET>.0.175':445
  • '<LOCALNET>.0.176':445
  • '<LOCALNET>.0.177':445
  • '<LOCALNET>.0.178':445
  • '<LOCALNET>.0.165':445
  • '<LOCALNET>.0.179':445
  • '<LOCALNET>.0.181':445
  • '<LOCALNET>.0.168':445
  • '<LOCALNET>.0.182':445
  • '<LOCALNET>.0.184':445
  • '<LOCALNET>.0.185':445
  • '<LOCALNET>.0.186':445
  • '<LOCALNET>.0.187':445
  • '<LOCALNET>.0.188':445
  • '<LOCALNET>.0.189':445
  • '<LOCALNET>.0.190':445
  • '<LOCALNET>.0.191':445
  • '<LOCALNET>.0.192':445
  • '<LOCALNET>.0.193':445
  • '<LOCALNET>.0.180':445
  • '<LOCALNET>.0.164':445
  • '<LOCALNET>.0.132':445
  • '<LOCALNET>.0.183':445
  • '<LOCALNET>.0.167':445
  • '<LOCALNET>.0.163':445
  • '<LOCALNET>.0.162':445
  • '<LOCALNET>.0.136':445
  • '<LOCALNET>.0.137':445
  • '<LOCALNET>.0.138':445
  • '<LOCALNET>.0.139':445
  • '<LOCALNET>.0.140':445
  • '<LOCALNET>.0.141':445
  • '<LOCALNET>.0.142':445
  • '<LOCALNET>.0.143':445
  • '<LOCALNET>.0.144':445
  • '<LOCALNET>.0.145':445
  • '<LOCALNET>.0.146':445
  • '<LOCALNET>.0.147':445
  • '<LOCALNET>.0.134':445
  • '<LOCALNET>.0.148':445
  • '<LOCALNET>.0.150':445
  • '<LOCALNET>.0.151':445
  • '<LOCALNET>.0.152':445
  • '<LOCALNET>.0.153':445
  • '<LOCALNET>.0.154':445
  • '<LOCALNET>.0.155':445
  • '<LOCALNET>.0.156':445
  • '<LOCALNET>.0.157':445
  • '<LOCALNET>.0.158':445
  • '<LOCALNET>.0.159':445
  • '<LOCALNET>.0.160':445
  • '<LOCALNET>.0.161':445
  • '<LOCALNET>.0.194':445
  • '<LOCALNET>.0.149':445
  • '<LOCALNET>.0.133':445
  • '<LOCALNET>.0.130':445
  • '<LOCALNET>.0.135':445
  • '<LOCALNET>.0.195':445
  • '<LOCALNET>.0.200':445
  • '<LOCALNET>.0.234':445
  • '<LOCALNET>.0.235':445
  • '<LOCALNET>.0.236':445
  • '<LOCALNET>.0.237':445
  • '<LOCALNET>.0.238':445
  • '<LOCALNET>.0.239':445
  • '<LOCALNET>.0.240':445
  • '<LOCALNET>.0.241':445
  • '<LOCALNET>.0.242':445
  • '<LOCALNET>.0.243':445
  • '<LOCALNET>.0.230':445
  • '<LOCALNET>.0.244':445
  • '<LOCALNET>.0.246':445
  • '<LOCALNET>.0.233':445
  • '<LOCALNET>.0.247':445
  • '<LOCALNET>.0.249':445
  • '<LOCALNET>.0.250':445
  • '<LOCALNET>.0.251':445
  • '<LOCALNET>.0.252':445
  • '<LOCALNET>.0.253':445
  • '<LOCALNET>.0.254':445
  • '<LOCALNET>.0.2':1433
  • '<LOCALNET_GATEWAY>':1433
  • '<LOCALNET>.0.7':1433
  • '<LOCALNET>.0.6':1433
  • '<LOCALNET>.0.245':445
  • '<LOCALNET>.0.229':445
  • '<LOCALNET>.0.197':445
  • '<LOCALNET>.0.248':445
  • '<LOCALNET>.0.232':445
  • '<LOCALNET>.0.228':445
  • '<LOCALNET>.0.227':445
  • '<LOCALNET>.0.201':445
  • '<LOCALNET>.0.202':445
  • '<LOCALNET>.0.203':445
  • '<LOCALNET>.0.204':445
  • '<LOCALNET>.0.205':445
  • '<LOCALNET>.0.206':445
  • '<LOCALNET>.0.207':445
  • '<LOCALNET>.0.208':445
  • '<LOCALNET>.0.209':445
  • '<LOCALNET>.0.210':445
  • '<LOCALNET>.0.211':445
  • '<LOCALNET>.0.212':445
  • '<LOCALNET>.0.199':445
  • '<LOCALNET>.0.213':445
  • '<LOCALNET>.0.215':445
  • '<LOCALNET>.0.216':445
  • '<LOCALNET>.0.217':445
  • '<LOCALNET>.0.218':445
  • '<LOCALNET>.0.219':445
  • '<LOCALNET>.0.220':445
  • '<LOCALNET>.0.221':445
  • '<LOCALNET>.0.222':445
  • '<LOCALNET>.0.223':445
  • '<LOCALNET>.0.224':445
  • '<LOCALNET>.0.225':445
  • '<LOCALNET>.0.226':445
  • '<LOCALNET>.0.196':445
  • '<LOCALNET>.0.214':445
  • '<LOCALNET>.0.198':445
  • '<LOCALNET>.0.231':445
  • '<LOCALNET>.0.131':445
  • '<LOCALNET>.0.129':445
  • '<LOCALNET>.0.97':445
  • '<LOCALNET>.0.37':445
  • '<LOCALNET>.0.38':445
  • '<LOCALNET>.0.39':445
  • '<LOCALNET>.0.40':445
  • '<LOCALNET>.0.41':445
  • '<LOCALNET>.0.42':445
  • '<LOCALNET>.0.43':445
  • '<LOCALNET>.0.44':445
  • '<LOCALNET>.0.45':445
  • '<LOCALNET>.0.46':445
  • '<LOCALNET>.0.47':445
  • '<LOCALNET>.0.34':445
  • '<LOCALNET>.0.48':445
  • '<LOCALNET>.0.36':445
  • '<LOCALNET>.0.50':445
  • '<LOCALNET>.0.52':445
  • '<LOCALNET>.0.53':445
  • '<LOCALNET>.0.54':445
  • '<LOCALNET>.0.55':445
  • '<LOCALNET>.0.56':445
  • '<LOCALNET>.0.57':445
  • '<LOCALNET>.0.58':445
  • '<LOCALNET>.0.59':445
  • '<LOCALNET>.0.60':445
  • '<LOCALNET>.0.61':445
  • '<LOCALNET>.0.62':445
  • '<LOCALNET>.0.49':445
  • '<LOCALNET>.0.33':445
  • '<LOCALNET>.0.51':445
  • '<LOCALNET>.0.32':445
  • '<LOCALNET>.0.31':445
  • '<LOCALNET>.0.2':445
  • '<LOCALNET>.0.4':445
  • '<LOCALNET>.0.5':445
  • '<LOCALNET>.0.6':445
  • '<LOCALNET>.0.7':445
  • '<LOCALNET>.0.8':445
  • '<LOCALNET>.0.9':445
  • '<LOCALNET>.0.10':445
  • '<LOCALNET>.0.11':445
  • '<LOCALNET>.0.12':445
  • '<LOCALNET>.0.13':445
  • '<LOCALNET>.0.14':445
  • '<LOCALNET>.0.15':445
  • '<LOCALNET>.0.16':445
  • '<LOCALNET>.0.3':445
  • '<LOCALNET>.0.17':445
  • '<LOCALNET>.0.19':445
  • '<LOCALNET>.0.20':445
  • '<LOCALNET>.0.21':445
  • '<LOCALNET>.0.22':445
  • '<LOCALNET>.0.23':445
  • '<LOCALNET>.0.24':445
  • '<LOCALNET>.0.25':445
  • '<LOCALNET>.0.26':445
  • '<LOCALNET>.0.27':445
  • '<LOCALNET>.0.28':445
  • '<LOCALNET>.0.29':445
  • '<LOCALNET>.0.30':445
  • '<LOCALNET>.0.63':445
  • '<LOCALNET>.0.18':445
  • '<LOCALNET>.0.64':445
  • '<LOCALNET>.0.35':445
  • '<LOCALNET>.0.65':445
  • '<LOCALNET>.0.100':445
  • '<LOCALNET>.0.102':445
  • '<LOCALNET>.0.103':445
  • '<LOCALNET>.0.104':445
  • '<LOCALNET>.0.105':445
  • '<LOCALNET>.0.106':445
  • '<LOCALNET>.0.107':445
  • '<LOCALNET>.0.108':445
  • '<LOCALNET>.0.109':445
  • '<LOCALNET>.0.110':445
  • '<LOCALNET>.0.111':445
  • '<LOCALNET>.0.112':445
  • '<LOCALNET>.0.113':445
  • '<LOCALNET>.0.114':445
  • '<LOCALNET>.0.115':445
  • '<LOCALNET>.0.116':445
  • '<LOCALNET>.0.117':445
  • '<LOCALNET>.0.118':445
  • '<LOCALNET>.0.119':445
  • '<LOCALNET>.0.120':445
  • '<LOCALNET>.0.121':445
  • '<LOCALNET>.0.122':445
  • '<LOCALNET>.0.123':445
  • '<LOCALNET>.0.124':445
  • '<LOCALNET>.0.125':445
  • '<LOCALNET>.0.126':445
  • '<LOCALNET>.0.127':445
  • '<LOCALNET>.0.128':445
  • '<LOCALNET>.0.99':445
  • '<LOCALNET>.0.66':445
  • '<LOCALNET>.0.101':445
  • '<LOCALNET>.2.25':445
  • '<LOCALNET>.0.5':1433
  • '<LOCALNET>.0.96':445
  • '<LOCALNET>.0.68':445
  • '<LOCALNET>.0.69':445
  • '<LOCALNET>.0.70':445
  • '<LOCALNET>.0.71':445
  • '<LOCALNET>.0.72':445
  • '<LOCALNET>.0.73':445
  • '<LOCALNET>.0.74':445
  • '<LOCALNET>.0.75':445
  • '<LOCALNET>.0.76':445
  • '<LOCALNET>.0.77':445
  • '<LOCALNET>.0.78':445
  • '<LOCALNET>.0.79':445
  • '<LOCALNET>.0.80':445
  • '<LOCALNET>.0.67':445
  • '<LOCALNET>.0.81':445
  • '<LOCALNET>.0.83':445
  • '<LOCALNET>.0.84':445
  • '<LOCALNET>.0.85':445
  • '<LOCALNET>.0.86':445
  • '<LOCALNET>.0.87':445
  • '<LOCALNET>.0.88':445
  • '<LOCALNET>.0.89':445
  • '<LOCALNET>.0.90':445
  • '<LOCALNET>.0.91':445
  • '<LOCALNET>.0.92':445
  • '<LOCALNET>.0.93':445
  • '<LOCALNET>.0.94':445
  • '<LOCALNET>.0.95':445
  • '<LOCALNET>.0.82':445
  • '<LOCALNET>.0.98':445
  • '<LOCALNET>.1.244':1433
  • '<LOCALNET>.0.4':1433
  • '<LOCALNET>.0.8':1433
  • '<LOCALNET>.0.176':1433
  • '<LOCALNET>.0.175':1433
  • '<LOCALNET>.0.174':1433
  • '<LOCALNET>.0.181':1433
  • '<LOCALNET>.0.180':1433
  • '<LOCALNET>.0.179':1433
  • '<LOCALNET>.0.186':1433
  • '<LOCALNET>.0.185':1433
  • '<LOCALNET>.0.184':1433
  • '<LOCALNET>.0.183':1433
  • '<LOCALNET>.0.170':1433
  • '<LOCALNET>.0.182':1433
  • '<LOCALNET>.0.190':1433
  • '<LOCALNET>.0.177':1433
  • '<LOCALNET>.0.189':1433
  • '<LOCALNET>.0.187':1433
  • '<LOCALNET>.0.197':1433
  • '<LOCALNET>.0.196':1433
  • '<LOCALNET>.0.195':1433
  • '<LOCALNET>.0.194':1433
  • '<LOCALNET>.0.193':1433
  • '<LOCALNET>.0.192':1433
  • '<LOCALNET>.0.201':1433
  • '<LOCALNET>.0.200':1433
  • '<LOCALNET>.0.199':1433
  • '<LOCALNET>.0.191':1433
  • '<LOCALNET>.0.198':1433
  • '<LOCALNET>.0.136':1433
  • '<LOCALNET>.0.188':1433
  • '<LOCALNET>.0.178':1433
  • '<LOCALNET>.0.169':1433
  • '<LOCALNET>.0.171':1433
  • '<LOCALNET>.0.143':1433
  • '<LOCALNET>.0.142':1433
  • '<LOCALNET>.0.141':1433
  • '<LOCALNET>.0.150':1433
  • '<LOCALNET>.0.149':1433
  • '<LOCALNET>.0.148':1433
  • '<LOCALNET>.0.147':1433
  • '<LOCALNET>.0.146':1433
  • '<LOCALNET>.0.156':1433
  • '<LOCALNET>.0.155':1433
  • '<LOCALNET>.0.154':1433
  • '<LOCALNET>.0.135':1433
  • '<LOCALNET>.0.153':1433
  • '<LOCALNET>.0.151':1433
  • '<LOCALNET>.0.162':1433
  • '<LOCALNET>.0.161':1433
  • '<LOCALNET>.0.160':1433
  • '<LOCALNET>.0.159':1433
  • '<LOCALNET>.0.158':1433
  • '<LOCALNET>.0.157':1433
  • '<LOCALNET>.0.168':1433
  • '<LOCALNET>.0.167':1433
  • '<LOCALNET>.0.166':1433
  • '<LOCALNET>.0.165':1433
  • '<LOCALNET>.0.164':1433
  • '<LOCALNET>.0.163':1433
  • '<LOCALNET>.0.152':1433
  • '<LOCALNET>.0.173':1433
  • '<LOCALNET>.0.172':1433
  • '<LOCALNET>.0.206':1433
  • '<LOCALNET>.0.144':1433
  • '<LOCALNET>.0.204':1433
  • '<LOCALNET>.0.211':1433
  • '<LOCALNET>.0.241':1433
  • '<LOCALNET>.0.240':1433
  • '<LOCALNET>.0.239':1433
  • '<LOCALNET>.0.238':1433
  • '<LOCALNET>.0.248':1433
  • '<LOCALNET>.0.247':1433
  • '<LOCALNET>.0.246':1433
  • '<LOCALNET>.0.245':1433
  • '<LOCALNET>.0.244':1433
  • '<LOCALNET>.0.253':1433
  • '<LOCALNET>.0.252':1433
  • '<LOCALNET>.0.232':1433
  • '<LOCALNET>.0.251':1433
  • '<LOCALNET>.0.242':1433
  • '<LOCALNET>.0.249':1433
  • '<LOCALNET>.0.254':1433
  • '<LOCALNET>.1.2':445
  • '<LOCALNET>.1.3':445
  • '<LOCALNET>.1.4':445
  • '<LOCALNET>.1.5':445
  • '<LOCALNET>.1.6':445
  • '<LOCALNET>.1.7':445
  • '<LOCALNET>.1.8':445
  • '<LOCALNET>.1.9':445
  • '<LOCALNET>.1.10':445
  • '<LOCALNET>.1.11':445
  • '<LOCALNET>.0.250':1433
  • '<LOCALNET>.0.234':1433
  • '<LOCALNET>.1.1':445
  • '<LOCALNET>.0.243':1433
  • '<LOCALNET>.0.233':1433
  • '<LOCALNET>.0.235':1433
  • '<LOCALNET>.0.210':1433
  • '<LOCALNET>.0.209':1433
  • '<LOCALNET>.0.208':1433
  • '<LOCALNET>.0.207':1433
  • '<LOCALNET>.0.217':1433
  • '<LOCALNET>.0.216':1433
  • '<LOCALNET>.0.215':1433
  • '<LOCALNET>.0.214':1433
  • '<LOCALNET>.0.213':1433
  • '<LOCALNET>.0.212':1433
  • '<LOCALNET>.0.221':1433
  • '<LOCALNET>.0.220':1433
  • '<LOCALNET>.0.219':1433
  • '<LOCALNET>.0.218':1433
  • '<LOCALNET>.0.226':1433
  • '<LOCALNET>.0.225':1433
  • '<LOCALNET>.0.224':1433
  • '<LOCALNET>.0.223':1433
  • '<LOCALNET>.0.222':1433
  • '<LOCALNET>.0.231':1433
  • '<LOCALNET>.0.230':1433
  • '<LOCALNET>.0.229':1433
  • '<LOCALNET>.0.228':1433
  • '<LOCALNET>.0.227':1433
  • '<LOCALNET>.0.237':1433
  • '<LOCALNET>.0.236':1433
  • '<LOCALNET>.0.205':1433
  • '<LOCALNET>.0.203':1433
  • '<LOCALNET>.0.166':445
  • '<LOCALNET>.0.202':1433
  • '<LOCALNET>.0.145':1433
  • '<LOCALNET>.0.137':1433
  • '<LOCALNET>.0.138':1433
  • '<LOCALNET>.0.45':1433
  • '<LOCALNET>.0.44':1433
  • '<LOCALNET>.0.43':1433
  • '<LOCALNET>.0.53':1433
  • '<LOCALNET>.0.52':1433
  • '<LOCALNET>.0.51':1433
  • '<LOCALNET>.0.50':1433
  • '<LOCALNET>.0.49':1433
  • '<LOCALNET>.0.48':1433
  • '<LOCALNET>.0.58':1433
  • '<LOCALNET>.0.39':1433
  • '<LOCALNET>.0.57':1433
  • '<LOCALNET>.0.55':1433
  • '<LOCALNET>.0.46':1433
  • '<LOCALNET>.0.54':1433
  • '<LOCALNET>.0.62':1433
  • '<LOCALNET>.0.61':1433
  • '<LOCALNET>.0.60':1433
  • '<LOCALNET>.0.59':1433
  • '<LOCALNET>.0.69':1433
  • '<LOCALNET>.0.68':1433
  • '<LOCALNET>.0.67':1433
  • '<LOCALNET>.0.66':1433
  • '<LOCALNET>.0.65':1433
  • '<LOCALNET>.0.64':1433
  • '<LOCALNET>.0.56':1433
  • '<LOCALNET>.0.40':1433
  • '<LOCALNET>.0.74':1433
  • '<LOCALNET>.0.63':1433
  • '<LOCALNET>.0.47':1433
  • '<LOCALNET>.0.41':1433
  • '<LOCALNET>.0.42':1433
  • '<LOCALNET>.0.17':1433
  • '<LOCALNET>.0.16':1433
  • '<LOCALNET>.0.15':1433
  • '<LOCALNET>.0.14':1433
  • '<LOCALNET>.0.13':1433
  • '<LOCALNET>.0.12':1433
  • '<LOCALNET>.0.22':1433
  • '<LOCALNET>.0.21':1433
  • '<LOCALNET>.0.20':1433
  • '<LOCALNET>.0.19':1433
  • '<LOCALNET>.0.18':1433
  • '<LOCALNET>.0.26':1433
  • '<LOCALNET>.0.9':1433
  • '<LOCALNET>.0.25':1433
  • '<LOCALNET>.0.23':1433
  • '<LOCALNET>.0.32':1433
  • '<LOCALNET>.0.31':1433
  • '<LOCALNET>.0.30':1433
  • '<LOCALNET>.0.29':1433
  • '<LOCALNET>.0.28':1433
  • '<LOCALNET>.0.27':1433
  • '<LOCALNET>.0.37':1433
  • '<LOCALNET>.0.36':1433
  • '<LOCALNET>.0.35':1433
  • '<LOCALNET>.0.34':1433
  • '<LOCALNET>.0.33':1433
  • '<LOCALNET>.0.75':1433
  • '<LOCALNET>.0.24':1433
  • '<LOCALNET>.0.10':1433
  • '<LOCALNET>.0.38':1433
  • '<LOCALNET>.0.73':1433
  • '<LOCALNET>.0.112':1433
  • '<LOCALNET>.0.70':1433
  • '<LOCALNET>.0.109':1433
  • '<LOCALNET>.0.108':1433
  • '<LOCALNET>.0.107':1433
  • '<LOCALNET>.0.116':1433
  • '<LOCALNET>.0.115':1433
  • '<LOCALNET>.0.114':1433
  • '<LOCALNET>.0.113':1433
  • '<LOCALNET>.0.121':1433
  • '<LOCALNET>.0.120':1433
  • '<LOCALNET>.0.119':1433
  • '<LOCALNET>.0.118':1433
  • '<LOCALNET>.0.117':1433
  • '<LOCALNET>.0.127':1433
  • '<LOCALNET>.0.126':1433
  • '<LOCALNET>.0.125':1433
  • '<LOCALNET>.0.124':1433
  • '<LOCALNET>.0.123':1433
  • '<LOCALNET>.0.122':1433
  • '<LOCALNET>.0.134':1433
  • '<LOCALNET>.0.133':1433
  • '<LOCALNET>.0.132':1433
  • '<LOCALNET>.0.131':1433
  • '<LOCALNET>.0.130':1433
  • '<LOCALNET>.0.129':1433
  • '<LOCALNET>.0.128':1433
  • '<LOCALNET>.0.140':1433
  • '<LOCALNET>.0.102':1433
  • '<LOCALNET>.0.72':1433
  • '<LOCALNET>.0.139':1433
  • '<LOCALNET>.0.110':1433
  • '<LOCALNET>.0.11':1433
  • '<LOCALNET>.0.111':1433
  • '<LOCALNET>.0.103':1433
  • '<LOCALNET>.0.80':1433
  • '<LOCALNET>.0.79':1433
  • '<LOCALNET>.0.78':1433
  • '<LOCALNET>.0.77':1433
  • '<LOCALNET>.0.76':1433
  • '<LOCALNET>.0.85':1433
  • '<LOCALNET>.0.84':1433
  • '<LOCALNET>.0.83':1433
  • '<LOCALNET>.0.82':1433
  • '<LOCALNET>.0.81':1433
  • '<LOCALNET>.0.91':1433
  • '<LOCALNET>.0.90':1433
  • '<LOCALNET>.0.71':1433
  • '<LOCALNET>.0.89':1433
  • '<LOCALNET>.0.87':1433
  • '<LOCALNET>.0.86':1433
  • '<LOCALNET>.0.96':1433
  • '<LOCALNET>.0.95':1433
  • '<LOCALNET>.0.94':1433
  • '<LOCALNET>.0.93':1433
  • '<LOCALNET>.0.92':1433
  • '<LOCALNET>.0.101':1433
  • '<LOCALNET>.0.100':1433
  • '<LOCALNET>.0.99':1433
  • '<LOCALNET>.0.98':1433
  • '<LOCALNET>.0.97':1433
  • '<LOCALNET>.0.106':1433
  • '<LOCALNET>.0.88':1433
  • '<LOCALNET>.0.105':1433
  • '<LOCALNET>.0.3':1433
  • '<LOCALNET>.2.26':445
TCP
HTTP GET requests
  • http://ip.#2.pl/raw
  • http://js##ip.com/
  • http://in##.abbny.com/e.png?id###################################################################################################################################################################...
  • 'js##ip.com':443
  • UDP
    • DNS ASK in##.ackng.com
    • DNS ASK ip.#2.pl
    • DNS ASK in##.beahh.com
    • DNS ASK js##ip.com
    • DNS ASK in##.abbny.com
    Miscellaneous
    Creates and executes the following
    • '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' -exec bypass "import-module <Current directory>\m2.ps1"
    • '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all' (with hidden window)
    Executes the following
    • '%WINDIR%\syswow64\cmd.exe' /c wmic ntdomain get domainname
    • '%WINDIR%\syswow64\wbem\wmic.exe' ntdomain get domainname
    • '%WINDIR%\syswow64\cmd.exe' /c net localgroup administrators
    • '%WINDIR%\syswow64\net.exe' localgroup administrators
    • '%WINDIR%\syswow64\net1.exe' localgroup administrators
    • '%WINDIR%\syswow64\cmd.exe' /c net group "domain admins" /domain
    • '%WINDIR%\syswow64\net.exe' group "domain admins" /domain
    • '%WINDIR%\syswow64\net1.exe' group "domain admins" /domain
    • '%WINDIR%\syswow64\cmd.exe' /c ipconfig /all
    • '%WINDIR%\syswow64\ipconfig.exe' /all
    • '%WINDIR%\syswow64\netstat.exe' -na

    Curing recommendations

    1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
    2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
    Free trial

    One month (no registration) or three months (registration and renewal discount)

    Download Dr.Web

    Download by serial number

    Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

    Free trial

    One month (no registration) or three months (registration and renewal discount)

    Download Dr.Web

    Download by serial number

    After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

    Free trial

    One month (no registration) or three months (registration and renewal discount)

    Download Dr.Web

    Download by serial number

    1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
    2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
      • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
      • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
      • Switch off your device and turn it on as normal.

    Find out more about Dr.Web for Android

    The Russian developer of Dr.Web anti-viruses
    Doctor Web has been developing anti-virus software since 1992
    Dr.Web is trusted by users around the world in 200+ countries
    The company has delivered an anti-virus as a service since 2007
    24/7 tech support

    Dr.Web © Doctor Web
    2003 — 2020

    Doctor Web is the Russian developer of Dr.Web anti-virus software. Dr.Web anti-virus software has been developed since 1992.

    2-12А, 3rd street Yamskogo polya, Moscow, Russia, 125040