Technical Information
- %TEMP%\_mei27762\client.exe.manifest
- %TEMP%\_mei27762\select.pyd
- %TEMP%\_mei27762\unicodedata.pyd
- %TEMP%\_mei27762\win32api.pyd
- %TEMP%\_mei27762\base_library.zip
- %TEMP%\_mei27762\certifi\cacert.pem
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\authors.rst
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\top_level.txt
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license.apache
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license.bsd
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license.psf
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\metadata
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\record
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\wheel
- %TEMP%\_mei27762\pywintypes37.dll
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\installer
- %TEMP%\_mei27762\python37.dll
- %TEMP%\_mei27762\_queue.pyd
- %TEMP%\_mei27762\vcruntime140.dll
- %TEMP%\_mei27762\_bz2.pyd
- %TEMP%\_mei27762\_cffi_backend.cp37-win_amd64.pyd
- %TEMP%\_mei27762\_decimal.pyd
- %TEMP%\_mei27762\_hashlib.pyd
- %TEMP%\_mei27762\_lzma.pyd
- %TEMP%\_mei27762\_socket.pyd
- %TEMP%\_mei27762\pyexpat.pyd
- %TEMP%\_mei27762\_ssl.pyd
- %TEMP%\_mei27762\_win32sysloader.pyd
- %TEMP%\_mei27762\bcrypt\_bcrypt.pyd
- %TEMP%\_mei27762\cryptography\hazmat\bindings\_openssl.cp37-win_amd64.pyd
- %TEMP%\_mei27762\libcrypto-1_1.dll
- %TEMP%\_mei27762\libssl-1_1.dll
- %TEMP%\_mei27762\python3.dll
- <DRIVERS>\etc\temp
- <DRIVERS>\etc\temp
- <DRIVERS>\etc\hosts
- %TEMP%\_mei27762\python3.dll
- %TEMP%\_mei27762\python37.dll
- %TEMP%\_mei27762\pywintypes37.dll
- %TEMP%\_mei27762\select.pyd
- %TEMP%\_mei27762\unicodedata.pyd
- %TEMP%\_mei27762\vcruntime140.dll
- %TEMP%\_mei27762\_bz2.pyd
- %TEMP%\_mei27762\_ssl.pyd
- %TEMP%\_mei27762\_cffi_backend.cp37-win_amd64.pyd
- %TEMP%\_mei27762\_decimal.pyd
- %TEMP%\_mei27762\_hashlib.pyd
- %TEMP%\_mei27762\_lzma.pyd
- %TEMP%\_mei27762\_queue.pyd
- %TEMP%\_mei27762\_socket.pyd
- %TEMP%\_mei27762\pyexpat.pyd
- %TEMP%\_mei27762\win32api.pyd
- %TEMP%\_mei27762\libssl-1_1.dll
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\installer
- %TEMP%\_mei27762\base_library.zip
- %TEMP%\_mei27762\bcrypt\_bcrypt.pyd
- %TEMP%\_mei27762\certifi\cacert.pem
- %TEMP%\_mei27762\client.exe.manifest
- %TEMP%\_mei27762\cryptography\hazmat\bindings\_openssl.cp37-win_amd64.pyd
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\authors.rst
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\wheel
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license.apache
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license.bsd
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\license.psf
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\metadata
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\record
- %TEMP%\_mei27762\cryptography-3.0-py3.7.egg-info\top_level.txt
- %TEMP%\_mei27762\libcrypto-1_1.dll
- %TEMP%\_mei27762\_win32sysloader.pyd
- '33#####839.wg12580.com':80
- DNS ASK 33#####839.wg12580.com
- '<SYSTEM32>\cmd.exe' /c "for /f "delims=," %i in ('tasklist/nh /fo csv')do @echo %~i"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /remove "user""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "attrib +s +h "<DRIVERS>\etc\temp""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "Users:r""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /remove "Users""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /remove "Administrators""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /remove "SYSTEM""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "user:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "Users:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /setowner "System""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "Administrators:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "takeown /F "<DRIVERS>\etc\temp""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "user:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "Users:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "Administrators:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "SYSTEM:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "takeown /F "<DRIVERS>\etc\hosts""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "SYSTEM:F""' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "ipconfig/flushdns"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c "for /f "delims=," %i in ('tasklist/nh /fo csv')do @echo %~i"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "Users:F""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /grant "Users:F"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "user:F""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /grant "user:F"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /remove "SYSTEM""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /remove "SYSTEM"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /remove "Administrators""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /remove "Administrators"
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /remove "Users"
- '<SYSTEM32>\cmd.exe' /c "ipconfig/flushdns"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "Users:r""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /grant "Users:r"
- '<SYSTEM32>\cmd.exe' /c "attrib +s +h "<DRIVERS>\etc\temp""
- '<SYSTEM32>\attrib.exe' +s +h "<DRIVERS>\etc\temp"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /remove "user""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts" /remove "user"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /setowner "System""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts" /setowner "System"
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /grant "Administrators:F"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /remove "Users""
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "Administrators:F""
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "Administrators:F""
- '<SYSTEM32>\cmd.exe' /c tasklist/nh /fo csv
- '<SYSTEM32>\tasklist.exe' /nh /fo csv
- '<SYSTEM32>\cmd.exe' /c "takeown /F "<DRIVERS>\etc\hosts""
- '<SYSTEM32>\takeown.exe' /F "<DRIVERS>\etc\hosts"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "SYSTEM:F""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts" /grant "SYSTEM:F"
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts" /grant "Administrators:F"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp" /grant "SYSTEM:F""
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "Users:F""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts" /grant "Users:F"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\hosts" /grant "user:F""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\hosts" /grant "user:F"
- '<SYSTEM32>\cmd.exe' /c "takeown /F "<DRIVERS>\etc\temp""
- '<SYSTEM32>\takeown.exe' /F "<DRIVERS>\etc\temp"
- '<SYSTEM32>\cmd.exe' /c "icacls "<DRIVERS>\etc\temp""
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp"
- '<SYSTEM32>\icacls.exe' "<DRIVERS>\etc\temp" /grant "SYSTEM:F"
- '<SYSTEM32>\ipconfig.exe' /flushdns