Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\ntoskrnl.exe' = '%WINDIR%\ntoskrnl.exe:*:Enabled:ntoskrnl.exe...
- User Account Control (UAC)
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\ntoskrnl.exe" "ntoskrnl.exe" ENABLE
- %WINDIR%\taskhostw.exe
- %WINDIR%\ntoskrnl.exe
- 'xi###a.ddns.net':2019
- DNS ASK xi###a.ddns.net
- '%WINDIR%\taskhostw.exe'
- '%WINDIR%\ntoskrnl.exe'
- '<SYSTEM32>\schtasks.exe' /create /tn "taskhostw" /tr %WINDIR%\taskhostw.exe /sc ONLOGON /F"