Technical Information
- %HOMEPATH%\Start Menu\Programs\Startup\e409c863868018f66d23c95cac5dbfb6.exe
- %TEMP%\dwmw.exe
- %TEMP%\IMG02.jpg
- %APPDATA%\dwme.exe
- 'am####s.duckdns.org':6903
- DNS ASK am####s.duckdns.org
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- '%TEMP%\dwmw.exe'
- '%APPDATA%\dwme.exe'
- '<SYSTEM32>\rundll32.exe' <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\IMG02.jpg