Technical Information
- [<HKLM>\System\CurrentControlSet\Services\winmgmtr] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\winmgmtr] 'ImagePath' = '%PROGRAMDATA%\Microsoft\DRM\pstool.exe'
- %PROGRAMDATA%\microsoft\drm\pstool.exe
- DNS ASK wa#####dewallcoltd.com
- 'wa#####dewallcoltd.com':80
- 'localhost':80
- '%PROGRAMDATA%\microsoft\drm\pstool.exe'