Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'mysys' = '%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\common32.exe'
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\common32.exe
- <SYSTEM32>\Com\1.2.6\WndHook.dll
- <SYSTEM32>\Com\Config.cfg
- <SYSTEM32>\romarshal.dat
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\common32.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\httpapi.dll
- %TEMP%\nsa2.tmp\System.dll
- %TEMP%\nsa2.tmp\System.dll