Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run] 'COM Service' = '%WINDIR%\msagent\mstejw.com'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{42CE4021-DE03-E3CC-EA32-40BB12E6015D}] 'StubPath' = '<SYSTEM32>\mspihb.com'
- '<LS_APPDATA>\Spoon\Sandbox\1.0.0.0\STUBEXE\@WINDIR@\EXPLORER.EXE'
- '<LS_APPDATA>\Spoon\Sandbox\1.0.0.0\STUBEXE\@APPDIR@\server.exe'
- %WINDIR%\Explorer.EXE
- %WINDIR%\msagent\mstejw.com
- %WINDIR%\dxdgns.dll
- <SYSTEM32>\mslg.blf
- <SYSTEM32>\mspihb.com
- <LS_APPDATA>\Spoon\Sandbox\1.0.0.0\XSandbox.bin
- <LS_APPDATA>\Spoon\Sandbox\1.0.0.0\META\@APPDIR@\server.exe.__meta__
- %WINDIR%\dxdgns.dll
- <SYSTEM32>\mslg.blf
- <SYSTEM32>\mspihb.com
- %WINDIR%\msagent\mstejw.com
- <LS_APPDATA>\Spoon\Sandbox\1.0.0.0\META\@APPDIR@\server.exe.__meta__
- <LS_APPDATA>\Spoon\Sandbox\1.0.0.0\MODIFIED\@APPDIR@\server.exe
- '67.##5.160.76':25
- '15#.#66.255.19':80
- '46.##0.67.48':9999
- 15#.#66.255.19/
- DNS ASK mx#.##il.yahoo.com
- DNS ASK www.cn#.com
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'Beasty' WindowName: ''