Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\82bc58d17bab84544cf6c53bc177cedd.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\dwm.exe" "dwm.exe" ENABLE
- %TEMP%\x332.exe
- %APPDATA%\dwm.exe
- %TEMP%\x332.exe
- %APPDATA%\dwm.exe
- 'localhost':9000
- DNS ASK hk####.codns.com
- '%TEMP%\x332.exe'
- '%APPDATA%\dwm.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%APPDATA%\dwm.exe" "dwm.exe" ENABLE' (with hidden window)