Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'a2d24305a1e16aa4775f621b8440d03e' = '"%WINDIR%\Antiban.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'a2d24305a1e16aa4775f621b8440d03e' = '"%WINDIR%\Antiban.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\a2d24305a1e16aa4775f621b8440d03e.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\Antiban.exe" "Antiban.exe" ENABLE
- %WINDIR%\antiban.exe
- 'pa###bin.com':443
- '0.###.ngrok.io':10985
- DNS ASK pa###bin.com
- DNS ASK 0.###.ngrok.io
- '%WINDIR%\antiban.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%WINDIR%\Antiban.exe" "Antiban.exe" ENABLE' (with hidden window)