Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\sedgghrecbed\trvbcdwscdrokny.exe
- hidden files
- 'ko#####p.duckdns.org':6699
- DNS ASK ko#####p.duckdns.org
- '%WINDIR%\syswow64\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath '"<Full path to file>"'