Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'iedeaadaid' = '%HOMEPATH%\Start Menu\Programs\Startup\jarule.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'iedeaadaid' = '%HOMEPATH%\Start Menu\Programs\Startup\jarule.exe'
- %HOMEPATH%\Start Menu\Programs\Startup\jarule.exe
- '%HOMEPATH%\Start Menu\Programs\Startup\jarule.exe'
- <SYSTEM32>\svchost.exe
- %APPDATA%\Monitor\Screenshots\01-19-2017\3.06 PM
- 'localhost':1337
- '91.##6.116.190':1337