Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'nvchost' = '<SYSTEM32>\nvchost.exe'
- [<HKLM>\SOFTWARE\Microsoft\Active Setup\Installed Components\{46251ADE-4F8C-F3D5-5F62-8DC25DFA75CB}] 'StubPath' = '<SYSTEM32>\nvchost.exe'
- %WINDIR%\Explorer.EXE
- <SYSTEM32>\nvchost.exe
- %TEMP%\keygen.exe
- %TEMP%\~tmp1153.tmp
- %TEMP%\~tmp1153.tmp
- 'pi#####137.serveftp.org':60137
- 'pi#####138.pointto.us':60138
- 'localhost':60138
- DNS ASK pi#####137.serveftp.org
- DNS ASK pi#####138.pointto.us
- ClassName: 'Shell_TrayWnd' WindowName: ''