Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'fa9a530c4404d5d5ac1861c528baf239' = '"%APPDATA%\dwm.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'fa9a530c4404d5d5ac1861c528baf239' = '"%APPDATA%\dwm.exe" ..'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\dwm.exe" "dwm.exe" ENABLE
- %APPDATA%\dwm.exe
- '<LOCALNET>.1.3':5552
- DNS ASK re####s.ddns.net
- '%APPDATA%\dwm.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\dwm.exe" "dwm.exe" ENABLE' (with hidden window)