Техническая информация
- [<HKCU>\Software\Microsoft\Windows NT\CurrentVersion\Windows] 'load' = '%TEMP%\lsoss.exe'
- %TEMP%\A.BAT
- %TEMP%\lsoss.exe
- 'wp#d':80
- 'ft#.###-operation.com':80
- 'vr#####.gsn-operation.com':80
- 'vc###4.4pu.com':80
- http://11#.#11.111.1/wpad.dat via wp#d
- http://ft#.###-operation.com/usr/AF1kVGVsXzI*XWXn0wisAhcuK
- http://vr#####.gsn-operation.com/usr/022kVGVsXzI*XWXn0wisAhcuK
- http://vc###4.4pu.com/usr/BAEkVGVsXzI*XWXn0wisAhcuK
- http://ft#.###-operation.com/usr/FA4kVGVsXzI*XWXn0wisAhcuK
- DNS ASK wp#d
- DNS ASK ft#.###-operation.com
- DNS ASK vr#####.gsn-operation.com
- DNS ASK vc###4.4pu.com
- '%TEMP%\lsoss.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\A.BAT" "