Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'Recorset' = '<SYSTEM32>\renameset.exe'
- %WINDIR%\epointer.exe
- %WINDIR%\rumdll32.exe
- <SYSTEM32>\23.1.2012xd.ini
- %WINDIR%\epointer.exe
- %WINDIR%\rumdll32.exe
- <SYSTEM32>\renameset.exe
- %WINDIR%\rumdll32.exe
- %WINDIR%\epointer.exe
- <SYSTEM32>\23.1.2012xd.ini
- <SYSTEM32>\renameset.exe
- %TEMP%\~DF5BE0.tmp
- %TEMP%\~DFA5B5.tmp
- %TEMP%\~DF261A.tmp
- %TEMP%\~DF4675.tmp