Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'jusched' = '%WINDIR%\jusched.exe'
- %APPDATA%\WUDFdrv.exe
- %WINDIR%\jusched.exe
- 'ma#.#aver.com':443
- DNS ASK ma#.#aver.com
- '<SYSTEM32>\cmd.exe' /C "netsh advfirewall firewall show rule name=\"jusched\""
- '<SYSTEM32>\netsh.exe' advfirewall firewall show rule name=\"jusched\"
- '<SYSTEM32>\cmd.exe' /Q /C reg add "HKCU\Software\Microsoft Software" /f
- '<SYSTEM32>\reg.exe' add "HKCU\Software\Microsoft Software" /f