Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Express 2011 ©' = '""%TEMP%\ntexpress.exe""'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Microsoft Express NT 2010 ©' = '"%APPDATA%\Microsoft\ntexpress.exe"'
- %TEMP%\ntexpress.exe
- %APPDATA%\Microsoft\ntexpress.exe
- 'si.##adox.nl':666
- DNS ASK si.##adox.nl
- ClassName: 'Indicator' WindowName: ''