Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MsconfWin' = '%HOMEPATH%\My Documents\Msconf\Mis Documentos\User\Mis Documentos\MSCONFWIN.exe'
- '<SYSTEM32>\attrib.exe' add hkcu\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsconfWin /t REG_SZ /d "%HOMEPATH%\My Documents\Msconf\Mis Documentos\User\Mis Documentos\MSCONFWIN.exe" /f
- '<SYSTEM32>\reg.exe' /pid=2924
- '<SYSTEM32>\attrib.exe' +h "%HOMEPATH%\My Documents\Msconf" /D /S
- '<SYSTEM32>\reg.exe' add hkcu\SOFTWARE\Microsoft\Windows\CurrentVersion\Run /v MsconfWin /t REG_SZ /d "%HOMEPATH%\My Documents\Msconf\Mis Documentos\User\Mis Documentos\MSCONFWIN.exe" /f
- '<SYSTEM32>\cmd.exe' /c Batfile.bat
- <SYSTEM32>\attrib.exe
- <SYSTEM32>\reg.exe
- %HOMEPATH%\My Documents\Msconf\Mis Documentos\User\Mis Documentos\0FABFBFF000006D7.htm
- %HOMEPATH%\My Documents\Msconf\Mis Documentos\User\Mis Documentos\ParentalLog.txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\0FABFBFF000006D7[1].htm
- <Текущая директория>\Batfile.bat
- %HOMEPATH%\My Documents\Msconf\Mis Documentos\User\Mis Documentos\0FABFBFF000006D7.htm
- 'ft#.##buenpunto.com':21
- 'www.in#####tionalforces.org':80
- 'localhost':1035
- www.in#####tionalforces.org/ctransacciones/0FABFBFF000006D7.htm
- DNS ASK ft#.##buenpunto.com
- DNS ASK www.in#####tionalforces.org
- ClassName: 'Indicator' WindowName: '(null)'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'