Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Windows Media' = '%WINDIR%\SysWOW64\WmInit.exe'
- [<HKLM>\SYSTEM\ControlSet001\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%WINDIR%\SysWOW64\WmInit.exe' = '%WINDIR%\SysWOW64\WmInit.exe:*:Enable...
- %WINDIR%\syswow64\wminit.dat
- %WINDIR%\syswow64\wminit.exe
- '11#.#42.116.46':55109
- 'microsoft.com':80
- '11#.#42.116.46':55104
- '11#.#42.116.46':55101
- '11#.#42.116.46':55108
- http://www.microsoft.com/pki/certs/MicRooCerAut_2010-06-23.crt
- DNS ASK microsoft.com
- '%WINDIR%\syswow64\wminit.exe' "<Full path to file>"
- '%WINDIR%\syswow64\wminit.exe' "<Full path to file>"' (with hidden window)