Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GMorphCl' = '"<SYSTEM32>\taskcgr.exe"'
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'GMorph' = '"%TEMP%\lscass.exe" dispatch'
- '<SYSTEM32>\cmd.exe' /C "%TEMP%\lsp1.cmd"
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\KHMHGZ4F\01[1].txt
- <SYSTEM32>\taskcgr.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\2VAZY7AN\queries_bot[1].txt
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\U98D4X8H\844[1]
- %TEMP%\lsp1.cmd
- %TEMP%\lscass.exe
- %TEMP%\lsp2.cmd
- %TEMP%\lcass_status
- %TEMP%\lsp1.cmd
- %TEMP%\lsp2.cmd
- '94.##.243.40':80
- http://94.##.243.40/queries_bot/queries_bot.txt
- http://94.##.243.40/geo/844/
- http://94.##.243.40/routes/01.txt