Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Black Hole2005 Professional] 'Start' = '00000002'
- %WINDIR%\SVCHOSS.exe
- <SYSTEM32>\cmd.exe /c <Текущая директория>\$$a$$.bat
- ClassName: 'PROCMON_WINDOW_CLASS' WindowName: ''
- ClassName: 'RegMonClass' WindowName: ''
- ClassName: 'FileMonClass' WindowName: ''
- <Текущая директория>\$$a$$.bat
- <SYSTEM32>\KeySpy.dll
- %WINDIR%\SVCHOSS.cfg
- %WINDIR%\SVCHOSS.exe
- %ALLUSERSPROFILE%\Application Data\TEMP:182F0EEA
- <SYSTEM32>\KeySpy.dll
- %WINDIR%\SVCHOSS.cfg
- %WINDIR%\SVCHOSS.exe
- 'sk#.##ocities.jp':80
- sk#.##ocities.jp/w123w5050/ip.txt
- DNS ASK sk#.##ocities.jp