Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'System' = 'svchost.exe '
- '<SYSTEM32>\svchost.exe '
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\~DF6C1F .tmp
- <SYSTEM32>\svchost.exe
- <SYSTEM32>\svchost.exe
- %TEMP%\~DFD391.tmp
- %WINDIR%\Temp\~DFDDF7.tmp
- from <SYSTEM32>\svchost.exe to <SYSTEM32>\~DF6C1F .tmp
- 'bl######se.freeownhost.com':80
- bl######se.freeownhost.comhttp://blackhouse.freeownhost.com/datos/datos.php?v=#
- DNS ASK bl######se.freeownhost.com