Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'svchost' = '%LOCALAPPDATA%\win32\svchost.exe�'
- %LOCALAPPDATA%\win32\svchost.exe
- from <Full path to file> to %LOCALAPPDATA%\win32\svchost.exe
- 'bi#####ud.duckdns.org':4440
- DNS ASK bi#####ud.duckdns.org