Защити созданное

Другие наши ресурсы

  • free.drweb.uz — бесплатные утилиты, плагины, информеры
  • av-desk.com — интернет-сервис для поставщиков услуг Dr.Web AV-Desk
  • curenet.drweb.uz — сетевая лечащая утилита Dr.Web CureNet!
  • www.drweb.uz/web-iq — ВебIQметр
Закрыть

Библиотека
Моя библиотека

Чтобы добавить ресурс в библиотеку, войдите в аккаунт.

+ Добавить в библиотеку

Ресурсов: -

Последний: -

Моя библиотека

Поиск

Поиск

Поддержка
Круглосуточная поддержка | Правила обращения

Напишите

Запрос через форму

Позвоните

Бесплатно по России:
8-800-333-79-32

ЧаВо | Форум

Ваши запросы

  • Все: -
  • Незакрытые: -
  • Последний: -
Создать новый запрос Частые вопросы

Позвоните

Бесплатно по России:
8-800-333-79-32

Свяжитесь с нами Незакрытые запросы: 

Профиль

Профиль

UZ

RU CN DE EN ES FR IT JP KZ UZ PL BY
Закрыть
Сервисы
Сканеры
Dr.Web vxCube
Демо
Экспертиза ВКИ
Вирусная библиотека
База знаний

Технологии

Термины

Обучение и просвещение

Мифы

Новости

Trojan.DownLoader25.631

Добавлен в вирусную базу Dr.Web: 2017-06-16

Описание добавлено:

Technical Information

To ensure autorun and distribution:
Modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Control\Session Manager] 'BootExecute' = 'autocheck autochk *'
Creates the following services:
  • [<HKLM>\SYSTEM\ControlSet001\Services\ampa] 'ImagePath' = '<SYSTEM32>\ampa.sys'
Malicious functions:
Executes the following:
  • '<Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe'
  • '<Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe'
  • '<Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe' -u
  • '<Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe'
  • '<Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe' -u
Modifies file system:
Creates the following files:
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\Microsoft.Windows.OSLoader.BcdBoot.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\x86_Microsoft.VC80.MFC@8.0.50727.762.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfcm80u.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\Microsoft.VC80.MFC.manifest.__tmp__
  • <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\language.ini
  • <Current directory>\Data\roaming\modified\@WINDIR@\ampa.exe
  • <Current directory>\Data\local\temp\@SYSWOW64@\ampa.sys
  • <Current directory>\Data\roaming\meta\@WINDIR@\ampa.exe.__meta__.__tmp__
  • <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\language.ini.__meta__.__tmp__
  • <Current directory>\Data\local\temp\@WINDIR@\ampa.exe
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfcm80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_JR.Inno.Setup@1.0.0.0\x86_JR.Inno.Setup@1.0.0.0.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\Microsoft.VC80.CRT.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_JR.Inno.Setup@1.0.0.0\JR.Inno.Setup.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Winchk.exe_0x66a06b0cf98b7f123bdc9a6fa544bfa0.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Winchk.exe_0xc2271eb12d0f31a6de7ab8d9db1c1182.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcm80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfc80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfc80u.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\x86_Microsoft.VC80.CRT@8.0.50727.762.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dll.__tmp__
  • <Current directory>\Data\roaming\modified\@SYSDRIVE@\AMTAG.BIN
  • <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\wnd.ini
  • <Current directory>\Data\roaming\meta\@SYSDRIVE@\AMTAG.BIN.__meta__.__tmp__
  • <SYSTEM32>\ampa.sys
  • <Current directory>\Data\local\temp\@SYSDRIVE@\AMTAG.BIN
  • <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\wnd.ini.__meta__.__tmp__
  • %HOMEPATH%\Local Settings\<INETFILES>\Content.IE5\KHMHGZ4F\upgrade[1].ini
  • <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\upgrade2.ini
  • <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini
  • <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini
  • <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini.__meta__.__tmp__
  • %WINDIR%\ampa.exe
  • <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa0.log.__meta__.__tmp__
  • <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa1.log
  • <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa0.log
  • <Current directory>\Data\roaming\meta\@SYSWOW64@\ampa.sys.__meta__.__tmp__
  • <Current directory>\Data\roaming\modified\@SYSWOW64@\ampa.sys
  • <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa1.log.__meta__.__tmp__
  • <Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe.__tmp__
  • <Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe.manifest.__tmp__
  • <Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe.manifest.__tmp__
  • <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa2.log
  • <Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\Microsoft.Windows.OSLoader.BcdBoot.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\AMBooter.exe_0x2077dc04b4f532cfc930696bfcc46334.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfcm80u.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\Microsoft.VC80.MFC.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\AMBooter.exe_0x5a18f046b54ed6691f219da8b7fc7065.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\EPW.exe_0x008ec2e2b72c06dbe50a0c72a0921f01.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Help.exe_0x3d62b7d3079341e59e1c776035e7b3a9.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\DyndiskConverter.exe_0xd237f210adc926553073cd2c382b870a.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\bcdboot.exe_0x94294c3d1c41e6207c7e5d0cd0f80b2f.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\bcdboot.exe_0xc78d8faa496f82160d221ef2056fbdec.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfcm80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\amd64_Microsoft.VC80.CRT@8.0.50727.762.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\Microsoft.VC80.CRT.manifest.__tmp__
  • <Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe.manifest.__tmp__
  • <Current directory>\Data\xsandbox.bin.__tmp__
  • <Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcm80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfc80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfc80u.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\amd64_Microsoft.VC80.MFC@8.0.50727.762.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dll.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PE.dll_0xde5f5129490bf61f4f89ebb3c95ff7fe.2.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\ScanPartition.dll_0x56643a64937901fefcdfd64cb5b00a30.2.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PE.dll_0x034e8863d97bddaff9db2a178b6695fc.2.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PartAssist.exe_0x2cfc51a8a2d4fc9cd65bbed5bcc82035.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PartAssist.exe_0xc7a3698d5d7f32f3777a4b9515c75590.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\ScanPartition.dll_0xc140a0ac3faad2ce2ff4ed121c326ae6.2.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\WimMgr.dll_0x3be089daa177a822a945800aa0539236.2.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\WimMgr.dll_0xd76e9cf4549de45cd5cf74723277dca1.2.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\unins000.exe_0xfe4edb55bb3228fc8d816dc856be78a9.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\SetupGreen32.exe_0xdff084a7451d4d7b1adae34d578d781b.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\SetupGreen64.exe_0x786aaa59fc273e0a0d2d6a1b21af2025.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Ntfs2Fat32.exe_0xa18186e98eee8bf543d375f18c4c1ed0.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80.dll_0x1b7524806d0270b81360c63a2fa047cb.1000.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80.dll_0x9173f70af60c0a864eecdfb3342dc789.1000.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\LoadDrv_x64.exe_0x2266bb132b8318b7d1ced34c58312d35.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\loaddrv.exe_0x2266bb132b8318b7d1ced34c58312d35.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\LoadDrv_Win32.exe_0x54386df19aa88572e10421917bc8c2f7.1.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80u.dll_0x21ee912784a013dc44071ecc4f932388.1000.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.MFC.manifest_0x7dc52d085a05db8a72fed96bb342412b.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.MFC.manifest_0x97b859f11538bbe20f17dfb9c0979a1c.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.CRT.manifest_0xa72dde00d763aeef1eb04534f8672967.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80u.dll_0xccc2e312486ae6b80970211da472268b.1000.manifest.__tmp__
  • %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.CRT.manifest_0x541423a06efdcd4e4554c719061f82cf.manifest.__tmp__
Sets the 'hidden' attribute to the following files:
  • <Current directory>\Data\roaming\modified\@SYSDRIVE@\AMTAG.BIN
Deletes the following files:
  • <Current directory>\Data\roaming\modified\@SYSWOW64@\ampa.sys
  • <Current directory>\Data\roaming\meta\@SYSWOW64@\ampa.sys.__meta__
  • <Current directory>\Data\roaming\modified\@WINDIR@\ampa.exe
  • <Current directory>\Data\roaming\meta\@WINDIR@\ampa.exe.__meta__
Moves the following files:
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfc80u.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfc80u.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfcm80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfcm80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfc80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfc80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\x86_Microsoft.VC80.CRT@8.0.50727.762.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\x86_Microsoft.VC80.CRT@8.0.50727.762.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\Microsoft.Windows.OSLoader.BcdBoot.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\Microsoft.Windows.OSLoader.BcdBoot.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\x86_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\x86_Microsoft.VC80.MFC@8.0.50727.762.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\x86_Microsoft.VC80.MFC@8.0.50727.762.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfcm80u.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\mfcm80u.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\Microsoft.VC80.MFC.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.MFC@8.0.50727.762\Microsoft.VC80.MFC.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\WimMgr.dll_0xd76e9cf4549de45cd5cf74723277dca1.2.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\WimMgr.dll_0xd76e9cf4549de45cd5cf74723277dca1.2.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Winchk.exe_0x66a06b0cf98b7f123bdc9a6fa544bfa0.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Winchk.exe_0x66a06b0cf98b7f123bdc9a6fa544bfa0.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\WimMgr.dll_0x3be089daa177a822a945800aa0539236.2.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\WimMgr.dll_0x3be089daa177a822a945800aa0539236.2.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\SetupGreen64.exe_0x786aaa59fc273e0a0d2d6a1b21af2025.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\SetupGreen64.exe_0x786aaa59fc273e0a0d2d6a1b21af2025.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\unins000.exe_0xfe4edb55bb3228fc8d816dc856be78a9.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\unins000.exe_0xfe4edb55bb3228fc8d816dc856be78a9.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\Microsoft.VC80.CRT.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\Microsoft.VC80.CRT.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcm80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_Microsoft.VC80.CRT@8.0.50727.762\msvcm80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_JR.Inno.Setup@1.0.0.0\x86_JR.Inno.Setup@1.0.0.0.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_JR.Inno.Setup@1.0.0.0\x86_JR.Inno.Setup@1.0.0.0.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Winchk.exe_0xc2271eb12d0f31a6de7ab8d9db1c1182.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Winchk.exe_0xc2271eb12d0f31a6de7ab8d9db1c1182.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_JR.Inno.Setup@1.0.0.0\JR.Inno.Setup.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\x86_JR.Inno.Setup@1.0.0.0\JR.Inno.Setup.manifest
  • from <Current directory>\Data\local\temp\@SYSDRIVE@\AMTAG.BIN to <Current directory>\Data\roaming\modified\@SYSDRIVE@\AMTAG.BIN
  • from <Current directory>\Data\roaming\meta\@SYSDRIVE@\AMTAG.BIN.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@SYSDRIVE@\AMTAG.BIN.__meta__
  • from <Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe.manifest.__tmp__ to <Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe.manifest
  • from <Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe.manifest.__tmp__ to <Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe.manifest
  • from <Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe.__tmp__ to <Current directory>\Data\local\stubexe\0x289D98675DE593DF\LoadDrv_Win32.exe
  • from <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini.__meta__
  • from <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\upgrade2.ini to <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\upgrade.ini
  • from <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini to <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\cfg.ini
  • from <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\wnd.ini to <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\wnd.ini
  • from <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\wnd.ini.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\wnd.ini.__meta__
  • from <Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe.__tmp__ to <Current directory>\Data\local\stubexe\0xCF6751C6CDCF0F99\SetupGreen32.exe
  • from <Current directory>\Data\roaming\meta\@WINDIR@\ampa.exe.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@WINDIR@\ampa.exe.__meta__
  • from <Current directory>\Data\local\temp\@SYSWOW64@\ampa.sys to <Current directory>\Data\roaming\modified\@SYSWOW64@\ampa.sys
  • from <Current directory>\Data\local\temp\@WINDIR@\ampa.exe to <Current directory>\Data\roaming\modified\@WINDIR@\ampa.exe
  • from <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\language.ini to <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\language.ini
  • from <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\language.ini.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\language.ini.__meta__
  • from <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa1.log to <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa1.log
  • from <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa1.log.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa1.log.__meta__
  • from <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa0.log.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa0.log.__meta__
  • from <Current directory>\Data\roaming\meta\@SYSWOW64@\ampa.sys.__meta__.__tmp__ to <Current directory>\Data\roaming\meta\@SYSWOW64@\ampa.sys.__meta__
  • from <Current directory>\Data\local\temp\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa0.log to <Current directory>\Data\roaming\modified\@PROGRAMFILESX86@\AOMEI Partition Assistant Server Edition 6.3\log\ampa0.log
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\Microsoft.Windows.OSLoader.BcdBoot.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.Windows.OSLoader.BcdBoot@5.1.0.0\Microsoft.Windows.OSLoader.BcdBoot.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\Microsoft.VC80.MFC.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\Microsoft.VC80.MFC.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfcm80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfcm80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfcm80u.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfcm80u.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\bcdboot.exe_0xc78d8faa496f82160d221ef2056fbdec.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\bcdboot.exe_0xc78d8faa496f82160d221ef2056fbdec.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\DyndiskConverter.exe_0xd237f210adc926553073cd2c382b870a.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\DyndiskConverter.exe_0xd237f210adc926553073cd2c382b870a.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\bcdboot.exe_0x94294c3d1c41e6207c7e5d0cd0f80b2f.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\bcdboot.exe_0x94294c3d1c41e6207c7e5d0cd0f80b2f.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\AMBooter.exe_0x2077dc04b4f532cfc930696bfcc46334.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\AMBooter.exe_0x2077dc04b4f532cfc930696bfcc46334.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\AMBooter.exe_0x5a18f046b54ed6691f219da8b7fc7065.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\AMBooter.exe_0x5a18f046b54ed6691f219da8b7fc7065.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfc80u.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfc80u.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\amd64_Microsoft.VC80.CRT@8.0.50727.762.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\amd64_Microsoft.VC80.CRT@8.0.50727.762.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\Microsoft.VC80.CRT.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\Microsoft.VC80.CRT.manifest
  • from <Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe.manifest.__tmp__ to <Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe.manifest
  • from <Current directory>\Data\xsandbox.bin.__tmp__ to <Current directory>\Data\xsandbox.bin
  • from <Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe.__tmp__ to <Current directory>\Data\local\stubexe\0x6BB99E0224A09D0F\PartAssist.exe
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\amd64_Microsoft.VC80.MFC@8.0.50727.762.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\amd64_Microsoft.VC80.MFC@8.0.50727.762.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfc80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.MFC@8.0.50727.762\mfc80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcr80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcm80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcm80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dll.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\amd64_Microsoft.VC80.CRT@8.0.50727.762\msvcp80.dll
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PartAssist.exe_0x2cfc51a8a2d4fc9cd65bbed5bcc82035.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PartAssist.exe_0x2cfc51a8a2d4fc9cd65bbed5bcc82035.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PartAssist.exe_0xc7a3698d5d7f32f3777a4b9515c75590.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PartAssist.exe_0xc7a3698d5d7f32f3777a4b9515c75590.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Ntfs2Fat32.exe_0xa18186e98eee8bf543d375f18c4c1ed0.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Ntfs2Fat32.exe_0xa18186e98eee8bf543d375f18c4c1ed0.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.MFC.manifest_0x7dc52d085a05db8a72fed96bb342412b.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.MFC.manifest_0x7dc52d085a05db8a72fed96bb342412b.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.MFC.manifest_0x97b859f11538bbe20f17dfb9c0979a1c.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.MFC.manifest_0x97b859f11538bbe20f17dfb9c0979a1c.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\ScanPartition.dll_0xc140a0ac3faad2ce2ff4ed121c326ae6.2.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\ScanPartition.dll_0xc140a0ac3faad2ce2ff4ed121c326ae6.2.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\SetupGreen32.exe_0xdff084a7451d4d7b1adae34d578d781b.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\SetupGreen32.exe_0xdff084a7451d4d7b1adae34d578d781b.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\ScanPartition.dll_0x56643a64937901fefcdfd64cb5b00a30.2.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\ScanPartition.dll_0x56643a64937901fefcdfd64cb5b00a30.2.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PE.dll_0x034e8863d97bddaff9db2a178b6695fc.2.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PE.dll_0x034e8863d97bddaff9db2a178b6695fc.2.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PE.dll_0xde5f5129490bf61f4f89ebb3c95ff7fe.2.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\PE.dll_0xde5f5129490bf61f4f89ebb3c95ff7fe.2.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.CRT.manifest_0xa72dde00d763aeef1eb04534f8672967.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.CRT.manifest_0xa72dde00d763aeef1eb04534f8672967.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\LoadDrv_Win32.exe_0x54386df19aa88572e10421917bc8c2f7.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\LoadDrv_Win32.exe_0x54386df19aa88572e10421917bc8c2f7.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\LoadDrv_x64.exe_0x2266bb132b8318b7d1ced34c58312d35.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\LoadDrv_x64.exe_0x2266bb132b8318b7d1ced34c58312d35.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\loaddrv.exe_0x2266bb132b8318b7d1ced34c58312d35.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\loaddrv.exe_0x2266bb132b8318b7d1ced34c58312d35.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\EPW.exe_0x008ec2e2b72c06dbe50a0c72a0921f01.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\EPW.exe_0x008ec2e2b72c06dbe50a0c72a0921f01.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Help.exe_0x3d62b7d3079341e59e1c776035e7b3a9.1.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Help.exe_0x3d62b7d3079341e59e1c776035e7b3a9.1.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80u.dll_0xccc2e312486ae6b80970211da472268b.1000.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80u.dll_0xccc2e312486ae6b80970211da472268b.1000.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.CRT.manifest_0x541423a06efdcd4e4554c719061f82cf.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\Microsoft.VC80.CRT.manifest_0x541423a06efdcd4e4554c719061f82cf.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80u.dll_0x21ee912784a013dc44071ecc4f932388.1000.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80u.dll_0x21ee912784a013dc44071ecc4f932388.1000.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80.dll_0x1b7524806d0270b81360c63a2fa047cb.1000.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80.dll_0x1b7524806d0270b81360c63a2fa047cb.1000.manifest
  • from %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80.dll_0x9173f70af60c0a864eecdfb3342dc789.1000.manifest.__tmp__ to %TEMP%\SPOON\CACHE\0x056B6DD7C6D89185\sxs\Manifests\mfc80.dll_0x9173f70af60c0a864eecdfb3342dc789.1000.manifest
Network activity:
Connects to:
  • 'www.di####artition.com':80
  • 'localhost':1039
  • 'st###.spoon.net':443
TCP:
HTTP GET requests:
  • http://www.di####artition.com/it/upgrade.ini
UDP:
  • DNS ASK www.di####artition.com
  • DNS ASK st###.spoon.net
Miscellaneous:
Searches for the following windows:
  • ClassName: 'Shell_TrayWnd' WindowName: ''

Рекомендации по лечению

  1. В случае если операционная система способна загрузиться (в штатном режиме или режиме защиты от сбоев), скачайте лечащую утилиту Dr.Web CureIt! и выполните с ее помощью полную проверку вашего компьютера, а также используемых вами переносных носителей информации.
  2. Если загрузка операционной системы невозможна, измените настройки BIOS вашего компьютера, чтобы обеспечить возможность загрузки ПК с компакт-диска или USB-накопителя. Скачайте образ аварийного диска восстановления системы Dr.Web® LiveDisk или утилиту записи Dr.Web® LiveDisk на USB-накопитель, подготовьте соответствующий носитель. Загрузив компьютер с использованием данного носителя, выполните его полную проверку и лечение обнаруженных угроз.
Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Выполните полную проверку системы с использованием Антивируса Dr.Web Light для macOS. Данный продукт можно загрузить с официального сайта Apple App Store.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

Скачать Dr.Web с Apple Store

На загруженной ОС выполните полную проверку всех дисковых разделов с использованием продукта Антивирус Dr.Web для Linux.

Демо бесплатно

 

Скачать Dr.Web

По серийному номеру

  1. Если мобильное устройство функционирует в штатном режиме, загрузите и установите на него бесплатный антивирусный продукт Dr.Web для Android Light. Выполните полную проверку системы и используйте рекомендации по нейтрализации обнаруженных угроз.
  2. Если мобильное устройство заблокировано троянцем-вымогателем семейства Android.Locker (на экране отображается обвинение в нарушении закона, требование выплаты определенной денежной суммы или иное сообщение, мешающее нормальной работе с устройством), выполните следующие действия:
    • загрузите свой смартфон или планшет в безопасном режиме (в зависимости от версии операционной системы и особенностей конкретного мобильного устройства эта процедура может быть выполнена различными способами; обратитесь за уточнением к инструкции, поставляемой вместе с приобретенным аппаратом, или напрямую к его производителю);
    • после активации безопасного режима установите на зараженное устройство бесплатный антивирусный продукт Dr.Web для Android Light и произведите полную проверку системы, выполнив рекомендации по нейтрализации обнаруженных угроз;
    • выключите устройство и включите его в обычном режиме.

Подробнее о Dr.Web для Android

Демо бесплатно на 14 дней

Выдаётся при установке

Скачать с сайта
Скачать с Google Play