Technical Information
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\XXXXXXX.exe" "XXXXXXX.exe" ENABLE
- %TEMP%\xxxxxxx.exe
- %LOCALAPPDATA%\temp:{59006100-6400-3200-3600-440053004800}
- %LOCALAPPDATA%\temp:{52007800-4c00-6d00-3400-64006e007400}
- %PROGRAMDATA%\isolated storage\{52007800-4c00-6d00-3400-64006e007400}
- 'si#####k007.ddns.net':1177
- DNS ASK si#####k007.ddns.net
- '%TEMP%\xxxxxxx.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\XXXXXXX.exe" "XXXXXXX.exe" ENABLE' (with hidden window)