Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\a9d2995e8d6947835b4169116998ea84.exe
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\svchost.exe" "svchost.exe" ENABLE
- %TEMP%\svchost.exe
- <Full path to file>
- %TEMP%\svchost.exe
- '11#.#7.101.171':5000
- '%TEMP%\svchost.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\svchost.exe" "svchost.exe" ENABLE' (with hidden window)