Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'shell' = 'explorer.exe <SYSTEM32>\1049\svchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Win64' = '<SYSTEM32>\1049\svchost.exe'
- '<SYSTEM32>\1049\svchost.exe'
- <SYSTEM32>\ijl11.dll
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wip[1].php
- <SYSTEM32>\2064\mscomctl.dll
- <SYSTEM32>\1049\svchost.exe
- <SYSTEM32>\MSINET.ocx
- <SYSTEM32>\mswinsck.ocx
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\wip[1].php
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\wip[1].php
- %TEMP%\~DF1035.tmp
- 's-###.zapto.org':80
- 'localhost':1036
- s-###.zapto.org/wip.php
- DNS ASK s-###.zapto.org
- ClassName: '#32770' WindowName: 'Alerta de seguridad de Windows'
- ClassName: '#32770' WindowName: 'Windows Security Alert'
- ClassName: '#32770' WindowName: 'Alerte de securite Windows'