Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Jpvnn' = '"%APPDATA%\Ipybkfwn\Jpvnn.exe"'
- %APPDATA%\ipybkfwn\jpvnn.exe
- '13.##.173.206':80
- http://13.##.173.206/jaj/loader/uploads/MT056232722_Birzsfuo.jpg
- '%WINDIR%\syswow64\cmd.exe' /c timeout 10' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 10
- '%WINDIR%\syswow64\timeout.exe' 10