Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\temp\service.exe
- hidden files
- 'ce######rial.duckdns.org':1700
- DNS ASK ce######rial.duckdns.org
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' Add-MpPreference -ExclusionPath '"<Full path to file>"'