Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] 'REDHAMA' = '<Полный путь к вирусу>'
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP 445 gab2010 enable subnet
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP 139 gab2010 enable subnet
- '<SYSTEM32>\netsh.exe' firewall add portopening TCP 3389 gab2010 enable
- '<SYSTEM32>\net1.exe' LOCALGROUP "Administradores" Remo /add
- '<SYSTEM32>\netsh.exe' firewall add portopening UDP 137 gab2010 enable subnet
- '<SYSTEM32>\net1.exe' USER Remo 123456 /add
- '<SYSTEM32>\netsh.exe' firewall add portopening UDP 138 gab2010 enable subnet
- '<SYSTEM32>\net1.exe' LOCALGROUP "Administradores" "Remo" /add
- <SYSTEM32>\termsrv.dll в <SYSTEM32>\termsrv.dll1
- <SYSTEM32>\dllcache\termsrv.dll в <SYSTEM32>\dllcache\termsrv.dll1
- 'www.go###e.com.br':80
- DNS ASK www.go###e.com.br
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'