Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '' = '<LS_APPDATA>\java.exe'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce] 'wextract_cleanup0' = 'rundll32.exe <SYSTEM32>\advpack.dll,DelNodeRunDLL32 "%TEMP%\IXP000.TMP\"'
- %TEMP%\SPOON\CACHE\0x80D7DB433C2BBDFE\STUBEXE\0x8BE9996AA05B3412\shStudio.exe
- %TEMP%\SPOON\CACHE\0xC282061719D40E71\STUBEXE\0x7F114CA8081FFEC7\java.exe ONCE
- %TEMP%\IXP000.TMP\java.exe
- Библиотека-обработчик для процесса 'java.exe': <LS_APPDATA>\java.exe
- %TEMP%\5a383ef8-d82f-4932-aaba-c38990c494e6\AgileDotNetRT.dll
- <LS_APPDATA>\java.exe
- <LS_APPDATA>\Spoon\Sandbox\3.1.3.7\XSandbox.bin.__tmp__
- <LS_APPDATA>\Spoon\Sandbox\Microsoft® Windows® Operating System\6.00.2900.2180\XSandbox.bin.__tmp__
- %TEMP%\IXP000.TMP\shStudio.exe
- %TEMP%\IXP000.TMP\java.exe
- 'st###.spoon.net':443
- DNS ASK st###.spoon.net
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Indicator' WindowName: ''