Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\MyFolderSAA\17a63d243163ad2182e03416588c69c2\saraSe.com' = '...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\MyFolderSAA\17a63d243163ad2182e03416588c69c2\saraSe.com" "saraSe.com" ENABLE
- %APPDATA%\MyFolderSAA\17a63d243163ad2182e03416588c69c2\saraSe.com
- <Current directory>\17a63d243163ad2182e03416588c69c2.bat
- %APPDATA%\MyFolderSAA\17a63d243163ad2182e03416588c69c2\saraSe.com
- '<LOCALNET>.0.2':5552
- '%APPDATA%\MyFolderSAA\17a63d243163ad2182e03416588c69c2\saraSe.com'
- '<SYSTEM32>\cmd.exe' /c 17a63d243163ad2182e03416588c69c2.bat
- '%WINDIR%\sleep.exe' 5