Technical Information
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Winlogon] 'Shell' = 'explorer.exe,"%APPDATA%\ijtwiebt.exe",'
- %APPDATA%\ijtwiebt.exe
- '85.##2.169.226':80
- http://85.##2.169.226/AaPTRinE/Epbxzz_Uhutjohj.jpg
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 20
- '%WINDIR%\syswow64\timeout.exe' 20