Technical Information
- [HKLM\System\CurrentControlSet\Services\avAw6] 'ImagePath' = '<SYSTEM32>\avAw6.sys'
- 'avAw6' <SYSTEM32>\avAw6.sys
- %WINDIR%\syswow64\avaw6.sys
- <Current directory>\a.bat
- DNS ASK ho####active.net
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\a.bat" "' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""<Current directory>\a.bat" "