Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1b4aa1f971bb753db958cb4852204bb8' = '"%TEMP%\RedLine.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1b4aa1f971bb753db958cb4852204bb8' = '"%TEMP%\RedLine.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\1b4aa1f971bb753db958cb4852204bb8.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\RedLine.exe" "RedLine.exe" ENABLE
- %TEMP%\rarsfx0\redline.exe
- %TEMP%\rarsfx0\start.bat
- C:\redline v3.6.exe
- %TEMP%\(1) redline_3.5.exe
- %TEMP%\flatui.dll
- %TEMP%\icsharpcode.texteditor.dll
- %TEMP%\lamp.exe
- %TEMP%\wearedevs_api.cpp.dll
- %TEMP%\wearedevs_api.dll
- %TEMP%\redline.exe
- %TEMP%\rarsfx0\redline.exe
- %TEMP%\rarsfx0\start.bat
- 'localhost':1604
- 'localhost':4255
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\rarsfx0\redline.exe' -p7dafhg5dhgbf8d7hg5dsfgh5 -dc:/
- 'C:\redline v3.6.exe'
- '%TEMP%\(1) redline_3.5.exe'
- '%TEMP%\lamp.exe'
- '%TEMP%\redline.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\RedLine.exe" "RedLine.exe" ENABLE' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\Start.bat" "