Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = ' "<LS_APPDATA>\Microsoft\WININI~1.EXE"'
- <LS_APPDATA>\Microsoft\wininit32.exe
- %ALLUSERSPROFILE%\Application Data\Ntuser32.BIN
- <LS_APPDATA>\Microsoft\wininit.dll
- 'ou#####.antivirtusbar.com':8080
- DNS ASK ou#####.antivirtusbar.com