Technical Information
- [<HKLM>\System\CurrentControlSet\Services\wmdrmnet] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\wmdrmnet] 'ImagePath' = '"%WINDIR%\SysWOW64\msieftp\wmdrmnet.exe"'
- 'wmdrmnet' "%WINDIR%\SysWOW64\msieftp\wmdrmnet.exe"
- 'wmdrmnet' %WINDIR%\SysWOW64\msieftp\wmdrmnet.exe
- from <Full path to file> to %WINDIR%\syswow64\msieftp\wmdrmnet.exe
- '75.#0.124.4':80
- '13#.#09.36.254':8080
- '10#.#56.59.7':8080
- http://13#.##9.36.254:8080/sGf8ipIUi04CYU/PEzG/BlHN/HQBrPEqFePNNvF2/21ndm2gwBcaQGVa/ via 13#.#09.36.254
- http://10#.##6.59.7:8080/8xh2xFd/gD4L8mnRDj4f1IKvGMp/ via 10#.#56.59.7