Technical Information
- [<HKLM>\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'BruneiRock' = '%TEMP%\<File name>.exe'
- <Drive name for removable media>:\<File name>.exe
- <Drive name for removable media>:\autorun.inf
- hidden files
- %TEMP%\<File name>.exe
- %APPDATA%\csrsss.exe
- C:\<File name>.exe
- C:\autorun.inf
- D:\<File name>.exe
- D:\autorun.inf
- %TEMP%\<File name>.exe
- %APPDATA%\csrsss.exe
- C:\autorun.inf
- C:\<File name>.exe
- D:\autorun.inf
- D:\<File name>.exe
- <Drive name for removable media>:\autorun.inf
- <Drive name for removable media>:\<File name>.exe
- '%TEMP%\<File name>.exe'
- '%APPDATA%\csrsss.exe'