Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System1' = '"C:\Users\system.exe"'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System2' = '"%WINDIR%\system.exe"'
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'System2' = '"D:\system.exe"'
- iexplore.exe
- firefox.exe
- %WINDIR%\d.doc
- %WINDIR%\~$d.doc
- C:\users\system.exe
- C:\users\system.exe
- 'ck##.com':80
- http://www.ck##.com/includes/d.doc
- DNS ASK ck##.com
- '%ProgramFiles%\microsoft office\office14\winword.exe' /n "%WINDIR%\d.doc"