Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '6d69ab164972c5c523e17b257e37b9c3' = '"%WINDIR%\Antimaware.exe" ..'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '6d69ab164972c5c523e17b257e37b9c3' = '"%WINDIR%\Antimaware.exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\6d69ab164972c5c523e17b257e37b9c3.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\Antimaware.exe' = '%WINDIR%\Antimaware.exe:*:Enabled:Antimawa...
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%WINDIR%\Antimaware.exe" "Antimaware.exe" ENABLE
- %WINDIR%:{54003800-5600-3200-7600-6D0070006100}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{54003800-5600-3200-7600-6D0070006100}
- %WINDIR%:{61006600-3800-6D00-7200-390072007600}
- %WINDIR%\Antimaware.exe
- <Current directory>:{54003800-5600-3200-7600-6D0070006100}
- <Current directory>:{61006600-3800-6D00-7200-390072007600}
- %ALLUSERSPROFILE%\Application Data\Isolated Storage\{61006600-3800-6D00-7200-390072007600}
- 'sw#####ivor.duckdns.org':5552
- DNS ASK sw#####ivor.duckdns.org
- '%WINDIR%\Antimaware.exe'