Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '1b4aa1f971bb753db958cb4852204bb8' = '"%TEMP%\RedLine.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '1b4aa1f971bb753db958cb4852204bb8' = '"%TEMP%\RedLine.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startup\1b4aa1f971bb753db958cb4852204bb8.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\RedLine.exe" "RedLine.exe" ENABLE
- %TEMP%\(1) redline_3.5.exe
- %TEMP%\flatui.dll
- %TEMP%\icsharpcode.texteditor.dll
- %TEMP%\lamp.exe
- %TEMP%\wearedevs_api.cpp.dll
- %TEMP%\wearedevs_api.dll
- %TEMP%\redline.exe
- 'localhost':1604
- 'localhost':4255
- '%TEMP%\(1) redline_3.5.exe'
- '%TEMP%\lamp.exe'
- '%TEMP%\redline.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%TEMP%\RedLine.exe" "RedLine.exe" ENABLE' (со скрытым окном)