Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run] 'mysys' = '%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\common32.exe'
- '%ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\common32.exe'
- <SYSTEM32>\Com\1.2.7\WndHook.dll
- <SYSTEM32>\Com\Config.cfg
- <SYSTEM32>\somarshal.dat
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\common32.exe
- %ALLUSERSPROFILE%\Application Data\Microsoft\Crypto\httpapi.dll
- %TEMP%\nsi2.tmp\System.dll
- %TEMP%\nsi2.tmp\System.dll