Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'SimpleSh3llClient' = '%ProgramFiles(x86)%\Windows Media Player\audiodg.exe'
- %ProgramFiles(x86)%\windows media player\audiodg.exe
- %ProgramFiles(x86)%\windows media player\audiodg.exe
- 'ih##m.com':80
- http://www.ih##m.com/lab/sh3llst4ti0n/connect.php
- DNS ASK ih##m.com