Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'c69edd69187333383d986f8606291c58' = '"%TEMP%\spoolsv .exe" ..'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'c69edd69187333383d986f8606291c58' = '"%TEMP%\spoolsv .exe" ..'
- %HOMEPATH%\Start Menu\Programs\Startup\c69edd69187333383d986f8606291c58.exe
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\spoolsv .exe' = '%TEMP%\spoolsv .exe:*:Enabled:spoolsv .exe'
- '%TEMP%\spoolsv .exe'
- '<SYSTEM32>\netsh.exe' firewall add allowedprogram "%TEMP%\spoolsv .exe" "spoolsv .exe" ENABLE
- %TEMP%\spoolsv .exe
- 'sp###.dnsd.info':449
- DNS ASK sp###.dnsd.info
- ClassName: 'Indicator' WindowName: '(null)'