Technical Information
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] 'Prueba de concepto' = '%WINDIR%\system\red_conapi.exe'
- %WINDIR%\system\red_conapi.exe
- %LOCALAPPDATA%\microsoft\windows\history\history.ie5\mshist012020012220200123\index.dat
- %WINDIR%\system\red_conapi.exe
- <DRIVERS>\etc\hosts
- 'google.com':80
- http://ar####legion.com/modules/readme_NT.txt
- http://www.in###neland.com/appelcreation/readme_NT.txt
- DNS ASK google.com
- DNS ASK in####riaboston.com
- DNS ASK ar####legion.com
- DNS ASK in###neland.com
- DNS ASK pa#####ftheworld.com
- DNS ASK be##zy.net
- ClassName: 'EDIT' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- '%WINDIR%\system\red_conapi.exe'