Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '<SYSTEM32>\spoolsv.exe' = '<SYSTEM32>\spoolsv.exe:*:Enabled:HPLJET'
- %HOMEPATH%\AppData\Local\Microsoft\Internet Explorer\Recovery\Temp\usbdrv.exe
- <SYSTEM32>\spoolsv.exe
- <SYSTEM32>\subst.exe
- %HOMEPATH%\AppData\Local\Microsoft\Internet Explorer\Recovery\Temp\detect.dll
- %HOMEPATH%\AppData\Local\Microsoft\Internet Explorer\Recovery\Temp\active.dll
- %HOMEPATH%\AppData\Local\Microsoft\Internet Explorer\Recovery\Temp\usbdrv.exe
- '10######ice.serveblog.net':80
- 10######ice.serveblog.net/blog2/dread.php
- 10######ice.serveblog.net/blog2/dwrite.php
- DNS ASK 10######ice.serveblog.net