Technical Information
- %APPDATA%\microsoft\windows\start menu\programs\startup\.jawa.exe
- %WINDIR%\temp\.jawa.exe
- http://bl#####rver.zzz.com.ua/2.exe
- http://ch###ip.dyn.com/
- http://bl#####rver.zzz.com.ua/user.txt
- http://bl#####rver.zzz.com.ua/user.php?us##############################################################
- http://bl#####rver.zzz.com.ua/down_load.txt
- DNS ASK bl#####rver.zzz.com.ua
- DNS ASK ch###ip.dyn.com
- '%WINDIR%\temp\.jawa.exe'
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -Dfile.encoding=UTF-8 -classpath "<Full path to file>" org.develnext.jphp.ext.javafx.FXLauncher
- '<SYSTEM32>\cmd.exe' "/c %WINDIR%\Temp\.jawa.exe"
- '%ProgramFiles%\java\jre1.8.0_45\bin\javaw.exe' -Dfile.encoding=UTF-8 -classpath "%WINDIR%\Temp\.jawa.exe" org.develnext.jphp.ext.javafx.FXLauncher