Technical Information
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="noculture" protocol=TCP dir=in localport=83 action=allow
- %WINDIR%\syswow64\<File name>.exe
- 'ch##pip.com':80
- '47.##.44.144':83
- http://ch##pip.com/
- DNS ASK ch##pip.com
- '%WINDIR%\syswow64\<File name>.exe'
- '%WINDIR%\syswow64\<File name>.exe' ' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c del <File name>.exe' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall delete rule name=noculture
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="noculture" protocol=TCP dir=in localport=83 action=allow
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall delete rule name=noculture
- '%WINDIR%\syswow64\cmd.exe' /c del <File name>.exe