Техническая информация
- [<HKLM>\System\CurrentControlSet\Services\ntrexeservice] 'Start' = '00000002'
- [<HKLM>\System\CurrentControlSet\Services\ntrexeservice] 'ImagePath' = '%LOCALAPPDATA%Low\ntr\ntrexeservice.exe'
- 'ntrexeservice' %LOCALAPPDATA%Low\ntr\ntrexeservice.exe
- %LOCALAPPDATA%low\ntr\ntrexe.log
- %LOCALAPPDATA%low\ntr\scrrc.tmp
- %LOCALAPPDATA%low\ntr\ntrexeservice.exe
- %WINDIR%\syswow64\ntrexe.log
- %LOCALAPPDATA%low\ntr\scrrc.tmp
- http://na.###support.com/inquiero/mod/mod.asp?m=########################
- DNS ASK na.###support.com
- '%LOCALAPPDATA%low\ntr\ntrexeservice.exe'