Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'QVOD' = '%WINDIR%:qvod.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{A692FB5E-DD73-1C24-3EF5-6238DBBE27AC}] 'StubPath' = '%WINDIR%:qvod.exe'
- %WINDIR%\Explorer.EXE
- %ALLUSERSPROFILE%\Application Data\DYA_KVBPSLDRAUBFDOTFU\1.0.0:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV4MJ904XV3TXPBHLFNH4LBHWXFSPF7VBCVPJGF
- %ALLUSERSPROFILE%\Desktop:$SS_DESCRIPTOR_SBXNV9VVGV1BFPV4MJ904XV3TXPBHLFNH4LBHWXFSPF7VBCVPJGF
- %WINDIR%:qvod.exe
- %ALLUSERSPROFILE%\Application Data\DYA_KVBPSLDRAUBFDOTFU\1.0.0\Data\app.dat
- %ALLUSERSPROFILE%\Application Data\DYA_KVBPSLDRAUBFDOTFU\1.0.0\Data\updates.dat
- %APPDATA%\DYA_KVBPSLDRAUBFDOTFU\1.0.0\Data\dya.dat
- 'ma####.selfip.com':3460
- DNS ASK ma####.selfip.com