Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'mspool.exe' = 'spoolsv.exe'
- [<HKLM>\SYSTEM\ControlSet001\Services\mspool] 'Start' = '00000002'
- '<SYSTEM32>\mspool.exe'
- '<SYSTEM32>\mspool.exe' /i
- '<SYSTEM32>\ccEvtMgrr.exe'
- '%WINDIR%\regedit.exe' -s uptime.reg
- '%WINDIR%\regedit.exe' -s unstop.reg
- '<SYSTEM32>\cmd.exe' /c %TEMP%\~systmp.bat
- '<SYSTEM32>\net1.exe' START mspool
- <SYSTEM32>\ServUStartUpLog.txt
- %TEMP%\~systmp.bat
- C:\uptime.reg
- \Device\LanmanRedirector\*\mailslot\RegCheck\mspool
- C:\unstop.reg
- <SYSTEM32>\iexplore.ocx
- <SYSTEM32>\ccEvtMgrr.exe
- <SYSTEM32>\mspool.exe
- <SYSTEM32>\spoolsv.dll
- <SYSTEM32>\svchost.ocx
- C:\unstop.reg
- C:\uptime.reg
- <SYSTEM32>\ccEvtMgrr.exe
- ClassName: 'RegEdit_RegEdit' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''