Technical Information
- [<HKCU>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '18.exe' = '%APPDATA%Microsoft\System\Services\18.exe'
- %WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe
- %APPDATA%microsoft\system\services\18.exe
- %PROGRAMDATA%\dya_pscjuejdvjespibtp\1.0.0\data\app.dat
- %PROGRAMDATA%\dya_pscjuejdvjespibtp\1.0.0\data\updates.dat
- %APPDATA%\dya_pscjuejdvjespibtp\1.0.0\data\dya.dat
- %PROGRAMDATA%:$ss_descriptor_sbxnv9vvgv1bflb3tfb74stjwvlt3lgbftxk9wvfspf7vb4vpjgv
- %PROGRAMDATA%\dya_pscjuejdvjespibtp\1.0.0:$ss_descriptor_sbxnv9vvgv1bflb3tfb74stjwvlt3lgbftxk9wvfspf7vb4vpjgv
- '%WINDIR%\microsoft.net\framework\v2.0.50727\vbc.exe'