Technical Information
- %ALLUSERSPROFILE%\Start Menu\Programs\Startup\BlackICE Agent.lnk
- [<HKLM>\SYSTEM\ControlSet001\Services\BlackICE] 'Start' = '00000002'
- '%PROGRAM_FILES%\Network ICE\BlackICE\blackice.exe'
- '%PROGRAM_FILES%\Network ICE\BlackICE\blackd.exe'
- '%TEMP%\RarSFX0\AgentUpdate.exe'
- %PROGRAM_FILES%\Network ICE\BlackICE\firewall.ini
- %PROGRAM_FILES%\Network ICE\BlackICE\issuelist.csv
- %PROGRAM_FILES%\Network ICE\BlackICE\blackd.exe
- %PROGRAM_FILES%\Network ICE\BlackICE\BISup.dll
- %PROGRAM_FILES%\Network ICE\BlackICE\biversion.dll
- <SYSTEM32>\blackdll.dll
- <DRIVERS>\blackdrv.sys
- %PROGRAM_FILES%\Network ICE\BlackICE\sigs.ini
- %PROGRAM_FILES%\Network ICE\BlackICE\PSAPI.DLL
- %PROGRAM_FILES%\Network ICE\BlackICE\RemoveAutoRun.bat
- %PROGRAM_FILES%\Network ICE\BlackICE\bisensor.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Win98\BlackDrv.vxd
- %TEMP%\RarSFX0\versions\3.0.ebd\WinNT\blackdrv.sys
- %TEMP%\RarSFX0\versions\3.0.ebd\Win95\BlackDrv.vxd
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\update.ini
- %PROGRAM_FILES%\Network ICE\BlackICE\AgentRemove.exe
- %PROGRAM_FILES%\Network ICE\BlackICE\bictrl.dll
- %PROGRAM_FILES%\Network ICE\BlackICE\adapters.txt
- %TEMP%\RarSFX0\agentupdate.ini
- %TEMP%\RarSFX0\AgentUpdate-CRNJEUFU.log
- %PROGRAM_FILES%\Network ICE\BlackICE\license.key
- %PROGRAM_FILES%\Network ICE\BlackICE\biupdate.exe
- %PROGRAM_FILES%\Network ICE\BlackICE\icecapset.ini
- %PROGRAM_FILES%\Network ICE\BlackICE\update.ini
- %PROGRAM_FILES%\Network ICE\BlackICE\blackice.ini
- %PROGRAM_FILES%\Network ICE\BlackICE\poster-list.csv
- %PROGRAM_FILES%\Network ICE\BlackICE\attack-list.csv
- %PROGRAM_FILES%\Network ICE\BlackICE\blackice-service.log
- %PROGRAM_FILES%\Network ICE\BlackICE\blackd.log
- %ALLUSERSPROFILE%\Start Menu\Programs\Network ICE\BlackICE Agent.lnk
- %PROGRAM_FILES%\Network ICE\BlackICE\InfoNILogo.bmp
- %PROGRAM_FILES%\Network ICE\BlackICE\Mfc42.dll
- %PROGRAM_FILES%\Network ICE\BlackICE\CustomCFG.dat
- %PROGRAM_FILES%\Network ICE\BlackICE\bialarm.wav
- %PROGRAM_FILES%\Network ICE\BlackICE\blackice.exe
- %PROGRAM_FILES%\Network ICE\BlackICE\blackice.cnt
- %PROGRAM_FILES%\Network ICE\BlackICE\BLACKICE.HLP
- %PROGRAM_FILES%\Network ICE\BlackICE\readme.txt
- %PROGRAM_FILES%\Network ICE\BlackICE\Msvcrt.dll
- %PROGRAM_FILES%\Network ICE\BlackICE\plugins\plugins.web
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\blackd.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\firewall.ini
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\biversion.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\bisensor.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\BISup.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\sigs.ini
- %TEMP%\RarSFX0\versions\3.0.ebd\BlackDLL\blackdll.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\RemoveAutoRun.bat
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\issuelist.csv
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\PSAPI.DLL
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\bictrl.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\biupdate.exe
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\blackice.ini
- %TEMP%\RarSFX0\versions\3.0.eat\biupdate.exe
- %TEMP%\RarSFX0\AgentUpdate.exe
- %TEMP%\RarSFX0\biupdate.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\adapters.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\AgentRemove.exe
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\license.key
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\firewall.ini
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\icecapset.ini
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\bialarm.wav
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\blackice.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\Msvcrt.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\plugins\plugins.web
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\Mfc42.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\InfoNILogo.bmp
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\BLACKICE.HLP
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\BLACKICE.HLP
- %TEMP%\RarSFX0\versions\3.0.ebd\BlackICE Agent UG.pdf
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\blackice.cnt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\blackice.cnt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\blackice.cnt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\BLACKICE.HLP
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\AgentRemove.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\adapters.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\BlackDLL\blackdll.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\BISup.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\bisensor.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\bictrl.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\blackice.cnt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Agent.UI\BLACKICE.HLP
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\blackice.ini
- %TEMP%\RarSFX0\versions\3.0.eat\biupdate.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\sigs.ini
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\license.key
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\icecapset.ini
- %TEMP%\RarSFX0\accounts\houice01a\groups\houicegrp\firewall.ini
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\firewall.ini
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\blackd.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\biversion.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\RemoveAutoRun.bat
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\PSAPI.DLL
- %TEMP%\RarSFX0\versions\3.0.ebd\Blackd\issuelist.csv
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\BLACKICE.HLP
- %TEMP%\RarSFX0\versions\3.0.ebd\WinNT\blackdrv.sys
- %TEMP%\RarSFX0\versions\3.0.ebd\update.ini
- %TEMP%\RarSFX0\versions\3.0.ebd\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\bialarm.wav
- %TEMP%\RarSFX0\versions\3.0.ebd\Win95\BlackDrv.vxd
- %TEMP%\RarSFX0\versions\3.0.ebd\Win98\BlackDrv.vxd
- %TEMP%\RarSFX0\agentupdate.ini
- %TEMP%\RarSFX0\AgentUpdate.exe
- %TEMP%\RarSFX0\AgentUpdate-CRNJEUFU.log
- %TEMP%\RarSFX0\versions\3.0.ebd\BlackICE Agent UG.pdf
- %TEMP%\RarSFX0\versions\3.0.ebd\biupdate.exe
- %TEMP%\RarSFX0\biupdate.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\BLACKICE.HLP
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\blackice.cnt
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\plugins\plugins.web
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Sentry.UI\blackice.cnt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\product.Server.UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\InfoNILogo.bmp
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\CustomCFG.dat
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\blackice.exe
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\readme.txt
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\Msvcrt.dll
- %TEMP%\RarSFX0\versions\3.0.ebd\UI\Mfc42.dll
- 'co######s79a.corp.epec.com':8082
- DNS ASK CO######S79A.corp.epec.com
- ClassName: '(null)' WindowName: 'BlackICE hidden window'
- ClassName: '(null)' WindowName: 'BlackICE Agent for Workstation'
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'