Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Juelen' = '"%APPDATA%\Edafri\juelen.exe"'
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] 'DisableNotifications' = '00000001'
- '%APPDATA%\Edafri\juelen.exe'
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\JKJB168.bat"
- <SYSTEM32>\cscript.exe
- [<HKCU>\Software\Microsoft\Windows Live Mail]
- [<HKCU>\Software\Microsoft\Internet Account Manager\Accounts]
- [<HKCU>\Software\Microsoft\Internet Account Manager]
- %TEMP%\JKJB168.bat
- <LS_APPDATA>\byyqe.nio
- %APPDATA%\Edafri\juelen.exe
- '89.##6.177.236':8029
- '70.##.122.239':3900
- '79.##9.27.234':3896
- '12.##6.193.10':1414
- '10#.#00.200.61':1047
- '24.##.240.254':4186
- '11#.#97.126.215':7772
- '76.#4.157.9':7601
- '99.#7.80.46':3736
- '61.#8.200.5':3397
- '12#.#51.223.234':1687
- '11#.#9.170.157':9495
- '69.##.185.100':6123
- '24.##4.110.76':1871
- '27.##.110.77':5235
- ClassName: 'Indicator' WindowName: ''