Technical Information
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'chancedeny' = '%temp%\miscynt.exe'
- %TEMP%\RarSFX\resume.doc
- %TEMP%\RarSFX\Sfx.exe
- %TEMP%\miscynt.exe
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\RarSFX\Sfx.exe' /RarSFX/Sfx.exe
- '<SYSTEM32>\cmd.exe' /C assoc .doc
- '<SYSTEM32>\cmd.exe' /C ftype WordPad.Document.1