Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon] 'UserInit' = '<SYSTEM32>\userinit.exe,<SYSTEM32>\MSDCSC\explorer.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'MicroUpdate' = '<SYSTEM32>\MSDCSC\explorer.exe'
- %TEMP%\SPOON\CACHE\0x0CC69A8D4341A272\STUBEXE\0x4EC163FF0C3EC9A4\explorer.exe
- %TEMP%\SPOON\CACHE\0x0CC69A8D4341A272\STUBEXE\0xA7F9B74D98827232\notepad.exe
- %TEMP%\SPOON\CACHE\0x0CC69A8D4341A272\STUBEXE\0x4EC163FF0C3EC9A4\nikola.exe
- %TEMP%\SPOON\CACHE\0x0CC69A8D4341A272\STUBEXE\0x05917096C5FBDCEA\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\NIKOLA.JPEG
- Библиотека-обработчик для процесса 'explorer.exe': <SYSTEM32>\MSDCSC\explorer.exe
- <SYSTEM32>\MSDCSC\explorer.exe
- %TEMP%\NIKOLA.JPEG
- <LS_APPDATA>\Spoon\Sandbox\Ante\XSandbox.bin.__tmp__
- <SYSTEM32>\MSDCSC\explorer.exe
- 'co###.no-ip.org':4200
- 'st###.spoon.net':443
- DNS ASK co###.no-ip.org
- DNS ASK st###.spoon.net
- ClassName: '#32770' WindowName: 'NIKOLA - Windows Picture and Fax Viewer'
- ClassName: '#32770' WindowName: ''
- ClassName: 'SysListView32' WindowName: ''
- ClassName: 'Indicator' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''