Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'taskshell.exe' = '<SYSTEM32>\taskshell.exe'
- %TEMP%\fileok.exe
- <SYSTEM32>\taskshell.exe
- %WINDIR%\resim.jpg
- %TEMP%\fileok.exe
- <LS_APPDATA>\Spoon\Sandbox\Taskshell\2.01.0003\XSandbox.bin.__tmp__
- <LS_APPDATA>\Spoon\Sandbox\Taskshell\2.01.0003\XSandbox.bin.__tmp__ в <LS_APPDATA>\Spoon\Sandbox\Taskshell\2.01.0003\XSandbox.bin
- 'st###.spoon.net':443
- DNS ASK st###.spoon.net
- ClassName: 'Shell_TrayWnd' WindowName: ''