Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%PROGRAM_FILES%\Me application\QvodSetup3.5.exe_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.exe' = '%PROGRAM_FILES%\Me application\QvodSetup3.5.exe_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.exe:*:Enabled:QVOD'
- '%PROGRAM_FILES%\Me application\QvodSetup3.5.exe_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.exe'
- '%TEMP%\ebOxPecKIpNQ.exe'
- '%TEMP%\gIhAgKrfBp.exe' Second 00000B48 155A34D9 <Полный путь к вирусу>
- %TEMP%\nsq3.tmp\inetc.dll
- %PROGRAM_FILES%\Me application\QvodSetup3.5.exe_C7E5F6E074C6A2656468B9F0A14E6CF2AF527E4F.exe
- %TEMP%\nsq3.tmp\System.dll
- %TEMP%\5B4C3B16.tmp
- %TEMP%\nsq3.tmp\FindProcDLL.dll
- %TEMP%\0E695903.tmp
- %TEMP%\34d9.tmp
- %TEMP%\ebOxPecKIpNQ.exe
- %TEMP%\gIhAgKrfBp.exe
- %TEMP%\nsw2.tmp
- %TEMP%\rQQLGc0588.dat
- %TEMP%\00-00-00-00-00-1.tmp
- %TEMP%\34d9.tmp
- %TEMP%\0E695903.tmp
- %TEMP%\5B4C3B16.tmp
- %TEMP%\00-00-00-00-00-1.tmp
- %TEMP%\rQQLGc0588.dat
- %TEMP%\gIhAgKrfBp.exe
- '22#.#94.134.216':80
- '69.##7.17.200':999
- DNS ASK www.ba##u.com
- DNS ASK ag###.qvod.com
- DNS ASK st####.sipphone.com
- DNS ASK tr###.qvod.com
- DNS ASK st##.qvod.com
- DNS ASK dl.#ftz.net
- 'tr###.qvod.com':80
- '23#.#55.255.250':1900
- '<IP-адрес в локальной сети>':0
- '1.#.0.127':65535
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'