Technical Information
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '%TEMP%\servervirtual.exe ' = '%TEMP%\servervirtual.exe '
- %TEMP%\servervirtual.exe
- %TEMP%\SPOON\CACHE\0x4EBDE0C02BBB2496\STUBEXE\0x7319BB9983F420C7\server.exe
- %TEMP%\SPOON\CACHE\0xA4FE09E5A9314DF8\STUBEXE\0x8E9EE88047C4E320\Joined.exe
- %TEMP%\SPOON\CACHE\0xA4FE09E5A9314DF8\STUBEXE\0x05917096C5FBDCEA\rundll32.exe <SYSTEM32>\shimgvw.dll,ImageView_Fullscreen %TEMP%\anitha.jpg
- %TEMP%\servervirtual.exe
- <LS_APPDATA>\Spoon\Sandbox\winupdate\1.0.0.0\XSandbox.bin.__tmp__
- %TEMP%\anitha.jpg
- <LS_APPDATA>\Spoon\Sandbox\win32\1.0.0.9\XSandbox.bin.__tmp__
- 'st###.spoon.net':443
- DNS ASK st###.spoon.net
- '<Private IP address>':1038
- '<Private IP address>':1035
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'ShImgVw:CPreviewWnd' WindowName: ''