Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'dllhost' = '%APPDATA%\dllhost.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\Systemdllhost.exe
- %APPDATA%\dllhost.exe
- <Full path to file>
- %APPDATA%\dllhost.exe
- 'bu###n.dynu.net':3333
- 'ka#####112.sytes.net':3333
- 'an#####is1.duckdns.org':3333
- DNS ASK bu###n.dynu.net
- DNS ASK ka#####112.sytes.net
- DNS ASK an#####is1.duckdns.org
- '%APPDATA%\dllhost.exe'
- '<SYSTEM32>\schtasks.exe' /create /sc minute /mo 1 /tn "dllhost" /tr "%APPDATA%\dllhost.exe"