Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'CLCKR' = '"%ALLUSERSPROFILE%\Application Data\nvvsvc.exe"'
- %ALLUSERSPROFILE%\Application Data\nvvsvc.exe
- <SYSTEM32>\dumprep.exe 2796 -dm 7 7 "%TEMP%\WERc790.dir00\nvvsvc.exe.hdmp" 16325836412027524
- <SYSTEM32>\dumprep.exe 2796 -dm 7 7 "%TEMP%\WERc790.dir00\nvvsvc.exe.mdmp" 16325836412027504
- %TEMP%\WERc790.dir00\appcompat.txt
- %TEMP%\WERc790.dir00\manifest.txt
- %TEMP%\WERc790.dir00\nvvsvc.exe.hdmp
- %ALLUSERSPROFILE%\Application Data\nvvsvc.exe
- %TEMP%\WERc790.dir00\nvvsvc.exe.mdmp
- 'fe###53777.com':80
- fe###53777.com/index.html?nh##########################################################################
- DNS ASK fe###53777.com
- ClassName: '50003f565fffb' WindowName: ''
- ClassName: '93338f89436b' WindowName: ''
- ClassName: '50003f565fff' WindowName: ''