Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '5ba574b42710bed6c5d6ed83d18d24f1' = '"%HOMEPATH%\dwm.exe" ..'
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] '5ba574b42710bed6c5d6ed83d18d24f1' = '"%HOMEPATH%\dwm.exe" ..'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\dwm.exe" "dwm.exe" ENABLE
- %HOMEPATH%\dwm.exe
- 'ha####.myq-see.com':5552
- DNS ASK ha####.myq-see.com
- '%HOMEPATH%\dwm.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%HOMEPATH%\dwm.exe" "dwm.exe" ENABLE' (with hidden window)