Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'javaa' = '<SYSTEM32>\javaa.exe\javaa.exe.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'javaa' = '<SYSTEM32>\javaa.exe\javaa.exe.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'javaa' = '<SYSTEM32>\javaa.exe\javaa.exe.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'javaa' = '<SYSTEM32>\javaa.exe\javaa.exe.exe'
- [<HKLM>\Software\Wow6432Node\Microsoft\Active Setup\Installed Components\{68CNOD54-0Y12-PQ8N-JPB5-517ET0D8ECW7}] 'StubPath' = '<SYSTEM32>\javaa.exe\javaa.exe.exe Restart'
- %WINDIR%\syswow64\javaa.exe\javaa.exe.exe
- %WINDIR%\syswow64\javaa.exe\logs.dat
- %WINDIR%\syswow64\javaa.exe\javaa.exe.exe
- %WINDIR%\syswow64\javaa.exe\logs.dat
- DNS ASK o5##.zapto.org