Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Antimalware Service Executable' = '"%APPDATA%\Antimalware Service Executable.exe"'
- %APPDATA%\antimalware service executable.exe
- nul
- 'ze#####e.duckdns.org':20
- DNS ASK ze#####e.duckdns.org
- '%APPDATA%\antimalware service executable.exe'
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 3 > Nul & Del "<Full path to file>"&"%APPDATA%\Antimalware Service Executable.exe"' (with hidden window)
- '<SYSTEM32>\cmd.exe' /C ping 1.1.1.1 -n 1 -w 3 > Nul & Del "<Full path to file>"&"%APPDATA%\Antimalware Service Executable.exe"
- '<SYSTEM32>\ping.exe' 1.1.1.1 -n 1 -w 3