Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'taskmgr ' = '%TEMP%\taskmgr \taskmgr .exe'
- %TEMP%\taskmgr\taskmgr .exe
- '19#.#39.147.103':80
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c timeout 1
- '%WINDIR%\syswow64\timeout.exe' 1