Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Black Hole2005 Professional] 'Start' = '00000002'
- '%WINDIR%\svchosa.exe'
- '<SYSTEM32>\cmd.exe' /c <Текущая директория>\$$a$$.bat
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: '(null)'
- ClassName: 'RegMonClass' WindowName: '(null)'
- ClassName: 'FileMonClass' WindowName: '(null)'
- <Текущая директория>\$$a$$.bat
- <SYSTEM32>\KeySpy.dll
- %WINDIR%\svchosa.cfg
- %WINDIR%\svchosa.exe
- %ALLUSERSPROFILE%\Application Data\TEMP:182F0EEA
- <SYSTEM32>\KeySpy.dll
- %WINDIR%\svchosa.cfg
- %WINDIR%\svchosa.exe
- 'sk#.##ocities.jp':80
- sk#.##ocities.jp/w123w111/ip.txt
- DNS ASK sk#.##ocities.jp
- ClassName: 'ThunderRT6FormDC' WindowName: '(null)'
- ClassName: 'ThunderRT6FormDC' WindowName: 'Shareware Cheater v 3.0'