Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Windows applicaton' = '%APPDATA%\svchost.exe'
- %TEMP%\SPOON\CACHE\0x194DF95FE3DC5CCD\STUBEXE\0x319BDEA9B10CD9E1\svchost.exe
- %APPDATA%\12836.png
- %APPDATA%\svchost.exe
- <LS_APPDATA>\Spoon\Sandbox\9.19.98.49\XSandbox.bin.__tmp__
- %TEMP%\9f68ca63-c49f-428a-a9d8-7d1ff29c2c7e\CliSecureRT.dll
- %APPDATA%\svchost.exe
- 'au######on.whatismyip.com':80
- 'wp#d':80
- 'st###.spoon.net':443
- au######on.whatismyip.com/n09230945.asp
- wp#d/wpad.dat
- DNS ASK au######on.whatismyip.com
- DNS ASK wp#d
- DNS ASK st###.spoon.net
- ClassName: 'Indicator' WindowName: ''