Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = ' "<LS_APPDATA>\Microsoft\WININI~1.EXE"'
- <LS_APPDATA>\Microsoft\wininit32.exe
- %ALLUSERSPROFILE%\Application Data\ntuser32.dat
- <LS_APPDATA>\Microsoft\wininit.dll
- 'sh.###ivirusbar.org':80
- sh.###ivirusbar.org/ydpqranvhscfauxquqkimdttwsdpkrm.htm
- DNS ASK sh.###ivirusbar.org
- '10.#.1.1':1035