Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'JavaModule' = '<Full path to file>'
- %TEMP%\CRNJEUFU171122000.bat
- <Current directory>\rRrcZ8ED.mid
- %TEMP%\ProcMen
- <Current directory>\rRrcZ8ED.mid
- '<SYSTEM32>\reg.exe' add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "JavaModule" /t REG_SZ /F /D "<Full path to file>"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\CRNJEUFU171122000.bat
- '<SYSTEM32>\cmd.exe' /c reg add HKLM\Software\Microsoft\Windows\CurrentVersion\Run /V "JavaModule" /t REG_SZ /F /D "<Full path to file>"
- '<SYSTEM32>\rundll32.exe' "<Current directory>\rRrcZ8ED.mid" x14154xxssrrss1451456415610ssfcd