Trojan.Fakealert.43870

Technical Information

Malicious functions:

Creates and executes the following:

'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_8967ec2fa1a2e548 -pw 0B1F36F6C05D1CB0AC41456C27754FAE34af5d53f05dc5008e8ccc9908add871fa4e8bf0829e332f7bb771f950fbff5d -D 1080 -v -z -Z e9d861adc826f7f3402aa2dd9b9f11da045571e13b2b2522d31fa998764eafb9 213.171.207.39
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 959 -l psiphon_ssh_f28dc40012ba5b6c -pw 6B53BFC12C2B33829744E2EBF7314DC83b07199be2c5a0debbc9e5f9d82eaccc4048ac94cc163b22a5c8516b6e17e08c -D 1080 -v -z -Z 892395eb6590e53f0e31a8e8728ce4a01a74ef90b3caaf07927fec3354ed4f51 88.208.222.1
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_2f2a71776b15297f -pw 9074E62FD7FC2FA16AA5157657CA8B584de3aebd31feb20118618dd3f5972d2c37635c9740eeba40f5140350d180d477 -D 1080 -v -z -Z 8559cb9e6c3c25f6925232e56b5a7c5c1609bdaefdb71554d3a179b31295a5c5 213.171.197.188
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_f46fe5f1eb269f18 -pw DCBDBFBCDE4F212C035C9D5B42B94F2B8c6e05918d6a71082a1cab8df973f39363f6521137637ef42b445b4627a6f624 -D 1080 -v -z -Z 871c10e4b5c7e6bf5e510f51b875c77d7851c84baacafef2c17f42172be06eee 213.171.205.59
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_c0a98ff3a087f0f9 -pw 820D3E13FBD6ABA75B5D2607938DC4BDec14f3da135b71d8238764c3ead70db99019efe206961f1aa8dc5b70aa4ee1e4 -D 1080 -v -z -Z 3413cdca3affae931022a37bc91bb9f7c9428e859675b0f273fa6c2cc444def3 109.228.19.162
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 407 -l psiphon_ssh_37e1218d1542a764 -pw EB888128566AFFF4AE60C5BAB035AA6357abffb5cd3161cfa308305f0c308a90805f319155b984037bdb8f23f00b0c1a -D 1080 -v -z -Z 5fc752ca334109948785f055b745fe5c72cd9705f5d20b57fef46c5e10ac7500 109.228.3.119
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_56b880c5ce840a4a -pw F6962112ED699527280B7CEBFB7299DB5cee61dfcf6354f320d1df78887be5ec46532c7a1d723e43d6f3679947fefe3e -D 1080 -v -z -Z 4d11820bc0a522034fc21a9a64a03fea3d769f3fbd7f974e5007f967d94768b7 88.208.221.47
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 901 -l psiphon_ssh_9ac59b0a1cd2183e -pw 18AA90C51FE5A929BE735FF1CA2A017Ab78704fe9d617abd0c2547e7193182469aaaf2d57daf880d0f7d7b7ef42a2287 -D 1080 -v -z -Z bf9a03bda321bad512960a7c760949644bf03dd09225ab0ee8e304b1132202d3 198.58.118.104
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_6bd293c9a110b356 -pw A70E9A7B61B6B5E0E8B91EF73AC09B710ade00b5bffab352f1e82376d3a502ec3e5428717bcb30f1e5465d5f1dce19bb -D 1080 -v -z -Z 38af2287af84ed804d5d7328b7b5104397763f02aa85c5f4abfdd91e9032f46c 88.208.206.237
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 251 -l psiphon_ssh_febac25bfa380b5b -pw 46B0C47245E980EFBD151EDDCD6D9C4987a10ee95bc36979ddada50b7134e0f081af968e61ff8cf36cdce6e288d75621 -D 1080 -v -z -Z ed4298f555bc05def4d370096bed5fc1c8931dec142fd4810b500f8084756f23 88.208.205.231
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_5edde5047669f913 -pw 778FC3701C782C3097C337BB77BF2E0Db0f530a9415662fa97c31880c0ab7bee80e5b9df2bd835e10e43d2f9843a544a -D 1080 -v -z -Z 6f0519c4b901292903897cdb9832907e5bb2b6624d522ded1b69dc228bc48d5a 109.228.16.79
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_8986f7ee28a5eb0a -pw ACB7A1172496E8B4E6A5B8DF6E5D86124606261cdc9fc8a50f721b49df47eede8d584f5ca5609bafe8f1805d49d32cbe -D 1080 -v -z -Z ce6cf384ed1f43a93eeb388f09373103f05717d2a228c693d05e9de770c7a3f1 88.208.205.62
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 1021 -l psiphon_ssh_40491df96d157f35 -pw 8FE67BB4BEA9B631565F065F9E7263B017eb80e52c83387a6343760e41df402b40030c019799e1861c02f57b1305a12a -D 1080 -v -z -Z 7e5a28d76266cef16de6a4321eb0b143fabb5d921d232bd3c78abeab42f85ade 109.228.19.172
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_56a7e8d72f4c5e22 -pw EC7856D03E52E0DE05DF7984ADE184B8888e11fb85fa7094bc2e21ab660c27b04d4000ab18a8e13777b15e544f015045 -D 1080 -v -z -Z a60f55a4aad8be6310ee3ad9007c5a303996ed648f0f618c30d87f18b64b5ec9 213.171.199.168
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 461 -l psiphon_ssh_737e41ed5251c089 -pw 279B9FDBBFA07F3CBDBE7F5F81DE5CF43a7cfd45d0e346e37f5c71cdc2af09de30d16bade8626b074eaeeabbe7bf0a12 -D 1080 -v -z -Z 0079e020d7f89a51aedb5722348f38187ee48ab0e37b7e965fcdefe01022f95c 23.92.18.119
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_cb582a295487cbdd -pw ECFF1E64EEE6C865DDBC604DCA04BCFA5125b6fcb50ae638c17f177c0484a98735dec119de850bdfc11fc081a64721c7 -D 1080 -v -z -Z e8fc60412d9c442e97b12055b06f79b466f0009c6efd0a6522a19426a4639625 109.228.3.122
'%TEMP%\psiphon3-plonk.exe' /pid=2624
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 461 -l psiphon_ssh_737e41ed5251c089 -pw A219C887343898F85EE838FD209C58753a7cfd45d0e346e37f5c71cdc2af09de30d16bade8626b074eaeeabbe7bf0a12 -D 1080 -v -z -Z 0079e020d7f89a51aedb5722348f38187ee48ab0e37b7e965fcdefe01022f95c 23.92.18.119
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_6bd293c9a110b356 -pw FE3D07B706C6AE07ED3F51D21E4DC63F0ade00b5bffab352f1e82376d3a502ec3e5428717bcb30f1e5465d5f1dce19bb -D 1080 -v -z -Z 38af2287af84ed804d5d7328b7b5104397763f02aa85c5f4abfdd91e9032f46c 88.208.206.237
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 251 -l psiphon_ssh_febac25bfa380b5b -pw 5142701DEE5B40883258FC10080C9F2487a10ee95bc36979ddada50b7134e0f081af968e61ff8cf36cdce6e288d75621 -D 1080 -v -z -Z ed4298f555bc05def4d370096bed5fc1c8931dec142fd4810b500f8084756f23 88.208.205.231
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_56a7e8d72f4c5e22 -pw FDBCC1CCBDAE9704F20B776E612401C2888e11fb85fa7094bc2e21ab660c27b04d4000ab18a8e13777b15e544f015045 -D 1080 -v -z -Z a60f55a4aad8be6310ee3ad9007c5a303996ed648f0f618c30d87f18b64b5ec9 213.171.199.168
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_2f2a71776b15297f -pw 76E1486BBABFD69C7F522F33AE632D6B4de3aebd31feb20118618dd3f5972d2c37635c9740eeba40f5140350d180d477 -D 1080 -v -z -Z 8559cb9e6c3c25f6925232e56b5a7c5c1609bdaefdb71554d3a179b31295a5c5 213.171.197.188
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_cb582a295487cbdd -pw A0083908C1A959F1F87BC89C227FABF05125b6fcb50ae638c17f177c0484a98735dec119de850bdfc11fc081a64721c7 -D 1080 -v -z -Z e8fc60412d9c442e97b12055b06f79b466f0009c6efd0a6522a19426a4639625 109.228.3.122
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 1021 -l psiphon_ssh_40491df96d157f35 -pw 8FD38C6DD7412D1B55EC2B57FD56504217eb80e52c83387a6343760e41df402b40030c019799e1861c02f57b1305a12a -D 1080 -v -z -Z 7e5a28d76266cef16de6a4321eb0b143fabb5d921d232bd3c78abeab42f85ade 109.228.19.172
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_5592fa098347c386 -pw 02E4164CED1D9F2B1F98171154AA70EA95f1f0c73084dc3ac12b4e7c254e1508b2b94826b1b76237c4386168ce4dacbf -D 1080 -v -z -Z 9279484b4277749d24accd0089fcd07659effaffb2a6fc5af0587f0010caf8d7 88.208.223.93
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 364 -l psiphon_ssh_188fc2dbadb27210 -pw A508ECE0A902202271E51F450977C33Ecf51ba64817ef99d26261d3379d968fceb5d9c63e867bb1ba2eb3aa9b8d350aa -D 1080 -v -z -Z 4ce811d258644b4519a5d46573ccc9d80e823173ae02422492214ee9b3a400f4 109.228.3.123
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 813 -l psiphon_ssh_cc8d0d6e5f87ab0e -pw 4090CAEEA1A308CAD6FE75794E9B21F545a97c2a37176ab910e1b54a934f7ee8bb029e40051dc575444a5f06c0a15e5e -D 1080 -v -z -Z 894c03a08acb21c6550478cc0ea497e05ff9a5ce729087333b4dddf26e23a7e7 213.171.207.95
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_56a0667824b9d21c -pw 82535B9EE1CA5CA50CD6335760C7D991e2e95643839c1128b4b74f42aae2a80386485d49a3d4d7cefb80c6ef609a7421 -D 1080 -v -z -Z edf8104d96d133ba775d91ef691ce341a5bd56598b7642715cd1f88cc4b586cc 109.228.2.32
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_8986f7ee28a5eb0a -pw A9E79D02C2182DB185B6E4787CACF5614606261cdc9fc8a50f721b49df47eede8d584f5ca5609bafe8f1805d49d32cbe -D 1080 -v -z -Z ce6cf384ed1f43a93eeb388f09373103f05717d2a228c693d05e9de770c7a3f1 88.208.205.62
'%TEMP%\psiphon3-plonk.exe' /pid=2588
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 218 -l psiphon_ssh_3786a89554f23c59 -pw 809A439D8ABD725DB852A34592C8A99991c24d8ed1237e5295886468d6163053921ab54ca9e5cc319abd9a23bc072440 -D 1080 -v -z -Z 58c5def8668812d9260c6f661212ef51358bc4ef1635ad9393f4462ef3200cde 213.171.197.204
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_5edde5047669f913 -pw EAA1C0E263AF1D038B3D8B3F8C2F1FC7b0f530a9415662fa97c31880c0ab7bee80e5b9df2bd835e10e43d2f9843a544a -D 1080 -v -z -Z 6f0519c4b901292903897cdb9832907e5bb2b6624d522ded1b69dc228bc48d5a 109.228.16.79
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 218 -l psiphon_ssh_3786a89554f23c59 -pw 7E2FF4F67A4BA3A8957A1E3E9D32161091c24d8ed1237e5295886468d6163053921ab54ca9e5cc319abd9a23bc072440 -D 1080 -v -z -Z 58c5def8668812d9260c6f661212ef51358bc4ef1635ad9393f4462ef3200cde 213.171.197.204
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 218 -l psiphon_ssh_3786a89554f23c59 -pw 5B872C208EAC4BC220AEAF24EAD16EF191c24d8ed1237e5295886468d6163053921ab54ca9e5cc319abd9a23bc072440 -D 1080 -v -z -Z 58c5def8668812d9260c6f661212ef51358bc4ef1635ad9393f4462ef3200cde 213.171.197.204
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_2f2a71776b15297f -pw 71C287C0C2EAC2B5F50CC54AD31519184de3aebd31feb20118618dd3f5972d2c37635c9740eeba40f5140350d180d477 -D 1080 -v -z -Z 8559cb9e6c3c25f6925232e56b5a7c5c1609bdaefdb71554d3a179b31295a5c5 213.171.197.188
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 813 -l psiphon_ssh_cc8d0d6e5f87ab0e -pw DAC013EA8C9CCD3104CC7C193C65543745a97c2a37176ab910e1b54a934f7ee8bb029e40051dc575444a5f06c0a15e5e -D 1080 -v -z -Z 894c03a08acb21c6550478cc0ea497e05ff9a5ce729087333b4dddf26e23a7e7 213.171.207.95
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_56a0667824b9d21c -pw A4CF1667099BEA16BF243C309FE188D5e2e95643839c1128b4b74f42aae2a80386485d49a3d4d7cefb80c6ef609a7421 -D 1080 -v -z -Z edf8104d96d133ba775d91ef691ce341a5bd56598b7642715cd1f88cc4b586cc 109.228.2.32
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_8986f7ee28a5eb0a -pw F351F8C8C1A7F79BE7640150E18713924606261cdc9fc8a50f721b49df47eede8d584f5ca5609bafe8f1805d49d32cbe -D 1080 -v -z -Z ce6cf384ed1f43a93eeb388f09373103f05717d2a228c693d05e9de770c7a3f1 88.208.205.62
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_56a7e8d72f4c5e22 -pw 1CDE8B8EFCF62DFF4DF762D6613ED2F5888e11fb85fa7094bc2e21ab660c27b04d4000ab18a8e13777b15e544f015045 -D 1080 -v -z -Z a60f55a4aad8be6310ee3ad9007c5a303996ed648f0f618c30d87f18b64b5ec9 213.171.199.168
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 364 -l psiphon_ssh_188fc2dbadb27210 -pw 1F29A39F453FA54F5174C4CDA42A1168cf51ba64817ef99d26261d3379d968fceb5d9c63e867bb1ba2eb3aa9b8d350aa -D 1080 -v -z -Z 4ce811d258644b4519a5d46573ccc9d80e823173ae02422492214ee9b3a400f4 109.228.3.123
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_5edde5047669f913 -pw 308E95B77DDB271A7CEDF82BADE4A862b0f530a9415662fa97c31880c0ab7bee80e5b9df2bd835e10e43d2f9843a544a -D 1080 -v -z -Z 6f0519c4b901292903897cdb9832907e5bb2b6624d522ded1b69dc228bc48d5a 109.228.16.79
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 959 -l psiphon_ssh_f28dc40012ba5b6c -pw D1F856443211B72173DED38E548FD2743b07199be2c5a0debbc9e5f9d82eaccc4048ac94cc163b22a5c8516b6e17e08c -D 1080 -v -z -Z 892395eb6590e53f0e31a8e8728ce4a01a74ef90b3caaf07927fec3354ed4f51 88.208.222.1
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_56b880c5ce840a4a -pw 141C02739B1B616B6533E1D070B9DEBF5cee61dfcf6354f320d1df78887be5ec46532c7a1d723e43d6f3679947fefe3e -D 1080 -v -z -Z 4d11820bc0a522034fc21a9a64a03fea3d769f3fbd7f974e5007f967d94768b7 88.208.221.47
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_f46fe5f1eb269f18 -pw 46E6BCB1E323A516D5923C379D6DB55A8c6e05918d6a71082a1cab8df973f39363f6521137637ef42b445b4627a6f624 -D 1080 -v -z -Z 871c10e4b5c7e6bf5e510f51b875c77d7851c84baacafef2c17f42172be06eee 213.171.205.59
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_8967ec2fa1a2e548 -pw 8FECC8D28DBC403B5C8FA887247EA69C34af5d53f05dc5008e8ccc9908add871fa4e8bf0829e332f7bb771f950fbff5d -D 1080 -v -z -Z e9d861adc826f7f3402aa2dd9b9f11da045571e13b2b2522d31fa998764eafb9 213.171.207.39
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 407 -l psiphon_ssh_37e1218d1542a764 -pw 904511D94434C38633D4C6E0299B3C0757abffb5cd3161cfa308305f0c308a90805f319155b984037bdb8f23f00b0c1a -D 1080 -v -z -Z 5fc752ca334109948785f055b745fe5c72cd9705f5d20b57fef46c5e10ac7500 109.228.3.119
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_cb582a295487cbdd -pw 5490089D8A91DA208C0BA6DB06D4F66F5125b6fcb50ae638c17f177c0484a98735dec119de850bdfc11fc081a64721c7 -D 1080 -v -z -Z e8fc60412d9c442e97b12055b06f79b466f0009c6efd0a6522a19426a4639625 109.228.3.122
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 901 -l psiphon_ssh_9ac59b0a1cd2183e -pw 226D61550B89E73BA43344D2210B29AEb78704fe9d617abd0c2547e7193182469aaaf2d57daf880d0f7d7b7ef42a2287 -D 1080 -v -z -Z bf9a03bda321bad512960a7c760949644bf03dd09225ab0ee8e304b1132202d3 198.58.118.104
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_c0a98ff3a087f0f9 -pw A26E0BAE0C5E36F72A7D2A8EB4DEE67Eec14f3da135b71d8238764c3ead70db99019efe206961f1aa8dc5b70aa4ee1e4 -D 1080 -v -z -Z 3413cdca3affae931022a37bc91bb9f7c9428e859675b0f273fa6c2cc444def3 109.228.19.162
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_c0a98ff3a087f0f9 -pw 8C167091EC3E6EAE141D9FA9D427DABCec14f3da135b71d8238764c3ead70db99019efe206961f1aa8dc5b70aa4ee1e4 -D 1080 -v -z -Z 3413cdca3affae931022a37bc91bb9f7c9428e859675b0f273fa6c2cc444def3 109.228.19.162
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 407 -l psiphon_ssh_37e1218d1542a764 -pw 53E1A58E1F0EBC3607AC72860B53522057abffb5cd3161cfa308305f0c308a90805f319155b984037bdb8f23f00b0c1a -D 1080 -v -z -Z 5fc752ca334109948785f055b745fe5c72cd9705f5d20b57fef46c5e10ac7500 109.228.3.119
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_56b880c5ce840a4a -pw 2512A77C7D71839ABBC75A504BD5F9345cee61dfcf6354f320d1df78887be5ec46532c7a1d723e43d6f3679947fefe3e -D 1080 -v -z -Z 4d11820bc0a522034fc21a9a64a03fea3d769f3fbd7f974e5007f967d94768b7 88.208.221.47
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 901 -l psiphon_ssh_9ac59b0a1cd2183e -pw 2154C7B38DC8A284818631C74DD727C4b78704fe9d617abd0c2547e7193182469aaaf2d57daf880d0f7d7b7ef42a2287 -D 1080 -v -z -Z bf9a03bda321bad512960a7c760949644bf03dd09225ab0ee8e304b1132202d3 198.58.118.104
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_5592fa098347c386 -pw 57D0A5CA7265B6C7E4F4BA477BE1D90695f1f0c73084dc3ac12b4e7c254e1508b2b94826b1b76237c4386168ce4dacbf -D 1080 -v -z -Z 9279484b4277749d24accd0089fcd07659effaffb2a6fc5af0587f0010caf8d7 88.208.223.93
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 364 -l psiphon_ssh_188fc2dbadb27210 -pw B7F0C61F111F6231DC3381D113AF3866cf51ba64817ef99d26261d3379d968fceb5d9c63e867bb1ba2eb3aa9b8d350aa -D 1080 -v -z -Z 4ce811d258644b4519a5d46573ccc9d80e823173ae02422492214ee9b3a400f4 109.228.3.123
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 813 -l psiphon_ssh_cc8d0d6e5f87ab0e -pw 9109CCD3B1287D688C4BD1F49434348A45a97c2a37176ab910e1b54a934f7ee8bb029e40051dc575444a5f06c0a15e5e -D 1080 -v -z -Z 894c03a08acb21c6550478cc0ea497e05ff9a5ce729087333b4dddf26e23a7e7 213.171.207.95
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_56a0667824b9d21c -pw 73ACF924C4D967E697FAA7C34936DA90e2e95643839c1128b4b74f42aae2a80386485d49a3d4d7cefb80c6ef609a7421 -D 1080 -v -z -Z edf8104d96d133ba775d91ef691ce341a5bd56598b7642715cd1f88cc4b586cc 109.228.2.32
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 251 -l psiphon_ssh_febac25bfa380b5b -pw DA0A3337E6608A8CADF46C1EC4E285C487a10ee95bc36979ddada50b7134e0f081af968e61ff8cf36cdce6e288d75621 -D 1080 -v -z -Z ed4298f555bc05def4d370096bed5fc1c8931dec142fd4810b500f8084756f23 88.208.205.231
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 461 -l psiphon_ssh_737e41ed5251c089 -pw 1BB306484A47BD3736EF669E5581A1D23a7cfd45d0e346e37f5c71cdc2af09de30d16bade8626b074eaeeabbe7bf0a12 -D 1080 -v -z -Z 0079e020d7f89a51aedb5722348f38187ee48ab0e37b7e965fcdefe01022f95c 23.92.18.119
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_6bd293c9a110b356 -pw 325893B07364203D0F5F6B76225866850ade00b5bffab352f1e82376d3a502ec3e5428717bcb30f1e5465d5f1dce19bb -D 1080 -v -z -Z 38af2287af84ed804d5d7328b7b5104397763f02aa85c5f4abfdd91e9032f46c 88.208.206.237
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 1021 -l psiphon_ssh_40491df96d157f35 -pw 2603FB31999079FB157B1085444754D217eb80e52c83387a6343760e41df402b40030c019799e1861c02f57b1305a12a -D 1080 -v -z -Z 7e5a28d76266cef16de6a4321eb0b143fabb5d921d232bd3c78abeab42f85ade 109.228.19.172
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 993 -l psiphon_ssh_8967ec2fa1a2e548 -pw 7D83759A5468036D4FD2F20780C80DA034af5d53f05dc5008e8ccc9908add871fa4e8bf0829e332f7bb771f950fbff5d -D 1080 -v -z -Z e9d861adc826f7f3402aa2dd9b9f11da045571e13b2b2522d31fa998764eafb9 213.171.207.39
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 959 -l psiphon_ssh_f28dc40012ba5b6c -pw FE2825DD15E090FFED24CAE19882D76C3b07199be2c5a0debbc9e5f9d82eaccc4048ac94cc163b22a5c8516b6e17e08c -D 1080 -v -z -Z 892395eb6590e53f0e31a8e8728ce4a01a74ef90b3caaf07927fec3354ed4f51 88.208.222.1
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 465 -l psiphon_ssh_5592fa098347c386 -pw 9703A1424D21B2384690FE0BE03F8FB795f1f0c73084dc3ac12b4e7c254e1508b2b94826b1b76237c4386168ce4dacbf -D 1080 -v -z -Z 9279484b4277749d24accd0089fcd07659effaffb2a6fc5af0587f0010caf8d7 88.208.223.93
'%TEMP%\psiphon3-plonk.exe' -ssh -C -N -batch -P 995 -l psiphon_ssh_f46fe5f1eb269f18 -pw 1683D97C2265C354E2A013142EAE58708c6e05918d6a71082a1cab8df973f39363f6521137637ef42b445b4627a6f624 -D 1080 -v -z -Z 871c10e4b5c7e6bf5e510f51b875c77d7851c84baacafef2c17f42172be06eee 213.171.205.59

Modifies file system :

Creates the following files:

%APPDATA%\PUTTY.RND
<LS_APPDATA>\PUTTY.RND
%TEMP%\psiphon3-plonk.exe

Network activity:

Connects to:

'88.##8.205.62':465
'21#.#71.199.168':465
'88.##8.206.237':995
'21#.#71.197.188':993
'10#.#28.3.123':364
'10#.#28.16.79':995
'88.##8.205.231':251
'23.##.18.119':461
'88.##8.223.93':465
'localhost':1054
's3.###zonaws.com':443
'10#.#28.19.172':1021
'88.##8.222.1':959
'88.##8.221.47':993
'19#.#8.118.104':901
'localhost':1080
'21#.#71.205.59':995
'21#.#71.207.39':993
'21#.#71.207.95':813
'10#.#28.2.32':993
'21#.#71.197.204':218
'10#.#28.19.162':993
'10#.#28.3.119':407
'10#.#28.3.122':993

UDP:

DNS ASK s3.###zonaws.com

Miscellaneous:

Searches for the following windows:

ClassName: 'Shell_TrayWnd' WindowName: '(null)'

Tecnologie

Termini

Formazione ed informazione

Falsi miti

Technical Information

Curing recommendations

Free trial