Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Interrupts' = '%APPDATA%\audiodg.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Interrupts' = '%APPDATA%\Server.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%APPDATA%\audiodg.exe' = '%APPDATA%\audiodg.exe:*:Enabled:audiodg.exe'
- '%APPDATA%\audiodg.exe'
- '%APPDATA%\Program.exe'
- '%APPDATA%\Server.exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%APPDATA%\audiodg.exe" "audiodg.exe" ENABLE
- %APPDATA%\audiodg.exe
- %APPDATA%\Program.exe
- %APPDATA%\Server.exe
- %APPDATA%\audiodg.exe
- 'he####2020.dynu.net':1188
- 'em###.townbeef.bid':80
- http://em###.townbeef.bid/h_redir.php?of#########################################################################################################################################################...
- DNS ASK he####2020.dynu.net
- DNS ASK em###.townbeef.bid