Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '%TEMP%\winupdate.exe ' = '%TEMP%\winupdate.exe '
- %TEMP%\SPOON\CACHE\0xB3CDA1B0F76035E0\STUBEXE\0xC22610D883785AB2\cmd.exe /c ""%TEMP%\ope3.bat" "" "%HOMEPATH%\Desktop" "winupgrade.exe""
- %TEMP%\SPOON\CACHE\0x4EBDE0C02BBB2496\STUBEXE\0xA40BDDB9F0B09BF7\winupdate.exe
- %TEMP%\winupdate.exe
- %TEMP%\SPOON\CACHE\0xB3CDA1B0F76035E0\STUBEXE\0x58BA596457ECFDD9\winupgrade.exe
- %TEMP%\SPOON\CACHE\0xB3CDA1B0F76035E0\STUBEXE\0x05917096C5FBDCEA\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\anitha.jpg
- %TEMP%\ope3.bat
- <LS_APPDATA>\Spoon\Sandbox\winupdate\1.0.0.0\XSandbox.bin.__tmp__
- <LS_APPDATA>\Spoon\Sandbox\Winupgrade\1.0.1.0\META\@DESKTOP@\winupgrade.exe.__meta__.__tmp__
- %TEMP%\winupdate.exe
- <LS_APPDATA>\Spoon\Sandbox\Winupgrade\1.0.1.0\XSandbox.bin.__tmp__
- %TEMP%\anitha.jpg
- <LS_APPDATA>\Spoon\Sandbox\Winupgrade\1.0.1.0\MODIFIED\@DESKTOP@\winupgrade.exe
- <LS_APPDATA>\Spoon\Sandbox\Winupgrade\1.0.1.0\META\@DESKTOP@\winupgrade.exe.__meta__
- 'au######on.whatismyip.com':80
- 'st###.spoon.net':443
- au######on.whatismyip.com/n09230945.asp
- DNS ASK au######on.whatismyip.com
- DNS ASK st###.spoon.net
- '<IP-адрес в локальной сети>':1036
- '<IP-адрес в локальной сети>':1038
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''