[New WTFBin]: Teramind dwm.exe

[WizardShotTheFood]

• Contributor Name: Leo T.
• Application/Executable: Teramind
• WTF Behavior Description: Teramind installs its own dwm.exe file inside a subfolder of C:\ProgramData{4cec2908-5ce4-48f0-a717-8fc833d8017a}.
• Link to Documentation of Behavior: https://kb.teramind.co/en/articles/8791033-antivirus-configuration-guide
• Please provide any images for additional evidence. There's images inside the above link. https://kb.teramind.co/en/articles/8791033-antivirus-configuration-guide#BD-step-10-changing-the-advanced-threat-defense-options will take you directly to one of them.

(Note that I have personally observed rundll32.exe in the same location; however, I have not yet been able to find any formal documentation of this behavior.)

[WizardShotTheFood]

This was the response I got when I asked Teramind's support if the rundll32.exe file was theirs. I'm not sure if this will suffice for documentation, but it's the best I've got right now.