Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'sogou' = '%TEMP%\Auto.exe'
- %WINDIR%\explorer.exe
- %TEMP%\autt.exe
- %TEMP%\auto.exe
- 'ep#.#tgcp.com':2052
- http://ep#.#tgcp.com/oscp/eofdkdfacnjlepkhcikkiniaklbailenmffninfpobkpgipkjiloidnnjedakcmnbghonhhdgnaenicmdgncohcoeneglkcenhfaindngfciadbpfdbhmdfjmiblbhlmopalkfohldfooniidiikgaijhkadfildgjkiepj...
- http://ep#.#tgcp.com/p1yC
- DNS ASK ep#.#tgcp.com
- ClassName: 'CLIPBRDWNDCLASS' WindowName: ''
- '<SYSTEM32>\cmd.exe' /C set' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /C set