Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'CLCKR' = '"<LS_APPDATA>\Microsoft\nvvsvc.exe"'
- <LS_APPDATA>\Microsoft\nvvsvc.exe
- <SYSTEM32>\dumprep.exe 2848 -dm 7 7 "%TEMP%\WERc4cd.dir00\nvvsvc.exe.hdmp" 16325836412027524
- <SYSTEM32>\dumprep.exe 2848 -dm 7 7 "%TEMP%\WERc4cd.dir00\nvvsvc.exe.mdmp" 16325836412027504
- %TEMP%\WERc4cd.dir00\appcompat.txt
- %TEMP%\WERc4cd.dir00\manifest.txt
- %TEMP%\WERc4cd.dir00\nvvsvc.exe.hdmp
- <LS_APPDATA>\Microsoft\nvvsvc.exe
- %TEMP%\WERc4cd.dir00\nvvsvc.exe.mdmp
- 'fe###53777.com':80
- fe###53777.com/index.html?nh##########################################################################
- DNS ASK fe###53777.com
- ClassName: 'Indicator' WindowName: ''
- ClassName: '93338f89436b' WindowName: ''