Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] '649aec2fea731e9c5147c8175c00ba42' = '"%PROGRAMDATA%\unsecapp.exe" ..'
- [<HKLM>\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] '649aec2fea731e9c5147c8175c00ba42' = '"%PROGRAMDATA%\unsecapp.exe" ..'
- %APPDATA%\microsoft\windows\start menu\programs\startupx\system.pif
- %APPDATA%\microsoft\windows\start menu\programs\startup\649aec2fea731e9c5147c8175c00ba42.exe
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\unsecapp.exe" "unsecapp.exe" ENABLE
- unsecapp.exe
- %TEMP%\ixp000.tmp\b.exe
- %TEMP%\ixp000.tmp\b.ex_
- <LS_APPDATA>\csidl_
- <LS_APPDATA>\csidl_x
- %PROGRAMDATA%\unsecapp.exe
- %PROGRAMDATA%\unsecapp.ex_
- <LS_APPDATA>\csidl_
- <LS_APPDATA>\csidl_x
- %PROGRAMDATA%\unsecapp.ex_
- %TEMP%\ixp000.tmp\b.ex_
- %TEMP%\ixp000.tmp\b.exe
- <LS_APPDATA>\csidl_x
- DNS ASK gr####ck.no-ip.org
- '%TEMP%\ixp000.tmp\b.exe'
- '%PROGRAMDATA%\unsecapp.exe'
- '%WINDIR%\syswow64\netsh.exe' firewall add allowedprogram "%PROGRAMDATA%\unsecapp.exe" "unsecapp.exe" ENABLE' (со скрытым окном)