Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\wamer] 'Start' = '00000002'
- %PROGRAM_FILES%\Microsoft Office\SYSTEM\dodolook_7493.exe
- <SYSTEM32>\mprmsgse.axz
- %HOMEPATH%\Local Settings\Temporary Internet Files\_inimac
- %PROGRAM_FILES%\Microsoft Office\SYSTEM\05.exe
- %PROGRAM_FILES%\Microsoft Office\SYSTEM\dodolook_7493.exe
- %PROGRAM_FILES%\Microsoft Office\SYSTEM\05.exe в %PROGRAM_FILES%\Microsoft Office\SYSTEM\dodolook_7493.exe
- 'gs.###system.com':80
- 'lo####.51edm.net':1207
- gs.###system.com/gs.php?12##########################################################################################################################################
- DNS ASK gs.###system.com
- DNS ASK lo####.51edm.net