Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'WWPH Agent' = '<SYSTEM32>\28463\WWPH.exe'
- '<LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\local\stubexe\0x35A7621449AD9976\WWPH.exe'
- '<LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\local\stubexe\0xA5F7821602B6D5FD\Install.exe'
- Библиотека-обработчик для всех процессов: <SYSTEM32>\28463\WWPH.006
- <SYSTEM32>\28463\WWPH.007
- <SYSTEM32>\28463\WWPH.006
- <SYSTEM32>\28463\AKV.exe
- <SYSTEM32>\28463\WWPH.exe
- <SYSTEM32>\28463\WWPH.001
- <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\xsandbox.bin.__tmp__
- %TEMP%\@2.tmp
- %TEMP%\@1.tmp
- %TEMP%\@1.tmp
- <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\local\stubexe\0x35A7621449AD9976\WWPH.exe.__tmp__ в <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\local\stubexe\0x35A7621449AD9976\WWPH.exe
- <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\local\stubexe\0xA5F7821602B6D5FD\Install.exe.__tmp__ в <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\local\stubexe\0xA5F7821602B6D5FD\Install.exe
- <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\xsandbox.bin.__tmp__ в <LS_APPDATA>\Spoon\Sandbox\virus scanning application\22.4.4.61\xsandbox.bin
- 'st###.spoon.net':443
- DNS ASK st###.spoon.net
- ClassName: '(null)' WindowName: 'AKLMW'