Technical Information
- [<HKCU>\software\microsoft\windows\currentversion\run] 'Shost' = '<Full path to file>'
- %APPDATA%\microsoft\windows\start menu\programs\startup\svchost.exe
- 'ki####ols7.ddns.net':5000
- DNS ASK ki####ols7.ddns.net
- ClassName: 'Shell_traywnd' WindowName: ''