Technical Information
- [<HKLM>\SYSTEM\CurrentControlSet\Services\556452577] 'ImagePath' = '%ProgramFiles(x86)%\Mozilla Firefox\556452577.sys'
- firefox.exe
- %TEMP%\icon.ico
- %ProgramFiles(x86)%\mozilla firefox\556452577.sys
- <DRIVERS>\etc\hosts
- %ProgramFiles(x86)%\mozilla firefox\556452577.sys
- http://43.###.222.21:8089/hosts.txt
- http://43.###.222.21:8080/yyroom/ZZ.key
- http://to##u.me//ZZ.key
- DNS ASK vi#.#fxbkj.com
- DNS ASK b.###bkj.com
- DNS ASK to###.#e.cdn.dnsv1.com
- DNS ASK to##u.me
- ClassName: 'QWidget' WindowName: '3879'
- ClassName: 'QWidget' WindowName: '3879-¡¾Éñ»°¡¿»ðÏß×Ͻ𹤻ᣬ´óÐÍÍøÓοªºÚ¹¤»á£¬ÎÒÃÇÒ»Ö±ÓÃÐÄÔÚ×ö£¡'
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Administrators:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Remote Desktop Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Remote Desktop Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Replicator:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Replicator:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Event Log Readers:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Debugger Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p HomeUsers:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g HomeUsers:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p IIS_WPG:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g IIS_WPG:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p everyone:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g everyone:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Power Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Power Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Performance Monitor Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Performance Monitor Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Performance Log Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Backup Operators:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Backup Operators:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Cryptographic Operators:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Cryptographic Operators:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Distributed COM Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Distributed COM Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p user:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Debugger Users:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Event Log Readers:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Guests:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p IIS_IUSRS:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g IIS_IUSRS:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Network Configuration Operators:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Network Configuration Operators:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Performance Log Users:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Administrators:r' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Guests:N' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g user:r' (with hidden window)
- '%ProgramFiles(x86)%\mozilla firefox\firefox.exe' 100861008671
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Replicator:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Replicator:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Replicator:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Replicator:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Remote Desktop Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Remote Desktop Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Remote Desktop Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Remote Desktop Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Power Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Power Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Power Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Power Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Performance Monitor Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Debugger Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Debugger Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p user:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p user:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g everyone:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g everyone:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p everyone:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p everyone:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g IIS_WPG:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p IIS_WPG:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g IIS_WPG:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p IIS_WPG:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g HomeUsers:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g HomeUsers:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p HomeUsers:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p HomeUsers:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Debugger Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Debugger Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g user:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Performance Monitor Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Performance Monitor Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Performance Monitor Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Distributed COM Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Distributed COM Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Distributed COM Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Cryptographic Operators:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Cryptographic Operators:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Cryptographic Operators:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Cryptographic Operators:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Backup Operators:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Backup Operators:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Backup Operators:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Backup Operators:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Administrators:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Administrators:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Administrators:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Administrators:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Distributed COM Users:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Event Log Readers:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Event Log Readers:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Event Log Readers:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Performance Log Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Performance Log Users:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Performance Log Users:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Network Configuration Operators:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Network Configuration Operators:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Network Configuration Operators:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Network Configuration Operators:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g IIS_IUSRS:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g IIS_IUSRS:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p IIS_IUSRS:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p IIS_IUSRS:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Guests:r
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /g Guests:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /t /p Guests:N
- '%WINDIR%\syswow64\cmd.exe' /c cacls.exe <DRIVERS>\etc\hosts /e /t /p Guests:N
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Event Log Readers:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g Performance Log Users:r
- '%WINDIR%\syswow64\cacls.exe' <DRIVERS>\etc\hosts /e /g user:r