One malware family studied by SophosLabs in recent months has take anti-anti-virus telemetry to a new level: Gatak.
When it runs, Gatak includes this information, and more besides, in its call-home data, packaged into an HTTP (web page) request:
-Creation time of C:\WINDOWS. -Creation time of the Windows installer folder. -Creation time of the Windows prefetch folder. -Creation time of the Windows pagefile -The computer’s and the current user’s name. -Creation time of the user’s profile folder.
You may wonder what value this data has to the crooks behind the malware.
The answer is that this information acts something like a fingerprint for the computer that’s just been infected.
https://nakedsecurity.sophos.com/2016/05/09/notes-from-sophoslabs-the-anti-anti-virus-arms-race/
origin - http://www.pipiscrew.com/?p=5326 anti-anti-virus