Technical Information
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] 'C:\ssserver.exe' = 'C:\ssserver.exe:*:Enabled:ssserver'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<Full path to file>' = '<Full path to file>:*:Enabled:svnlj4'
- '<SYSTEM32>\taskkill.exe' /IM ssserver.exe /F
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "C:\ssserver.exe" "ssserver" ENABLE
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "<Full path to file>" "svnlj4" ENABLE
- %TEMP%\ssserver.7z
- C:\ssserver.exe
- %TEMP%\Rasphone.pbk
- %TEMP%\ssserver.7z
- 'yy#.#ulang.com':8090
- DNS ASK yy#.#ulang.com
- ClassName: '' WindowName: ''
- 'C:\ssserver.exe' -s ss://AES-256-CFB:Y48mFKkuUn@:1801 -verbose
- '<SYSTEM32>\netsh.exe' firewall delete allowedprogram "C:Python27python.exe"
- '<SYSTEM32>\netsh.exe' firewall delete allowedprogram "<Current directory>\Cutrix.exe"