Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\microsoft.vbs
- '%ALLUSERSPROFILE%\microsoft\windows\system32\microsoft.sys'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\Microsoft\Windows\System32\Microsoft.sys" "Microsoft.sys" ENABLE
- %ALLUSERSPROFILE%\microsoft\windows\system32\hexcode.bak
- %ALLUSERSPROFILE%\microsoft\windows\system32\microsoft.sys
- 'localhost':58157
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs"' (with hidden window)
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%ALLUSERSPROFILE%\Microsoft\Windows\System32\Microsoft.sys" "Microsoft.sys" ENABLE' (with hidden window)
- '<SYSTEM32>\wscript.exe' "%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\Microsoft.vbs"