Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\Ias] 'Start' = '00000002'
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "125.141.130.0" -f 0/255.255.255.0=125.141.130.0/255.255.255.0:: -n BLOCK -x
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "218.153.8.0" -f 0/255.255.255.0=218.153.8.0/255.255.255.0:: -n BLOCK -x
- %WINDIR%\msn.exe
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "114.108.184.0" -f 0/255.255.255.0=114.108.184.0/255.255.255.0:: -n BLOCK -x
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "211.39.136.0" -f 0/255.255.255.0=211.39.136.0/255.255.255.0:: -n BLOCK -x
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "211.115.106.0" -f 0/255.255.255.0=211.115.106.0/255.255.255.0:: -n BLOCK -x
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "61.111.53.0" -f 0/255.255.255.0=61.111.53.0/255.255.255.0:: -n BLOCK -x
- %WINDIR%\ipseccmd.exe -w reg -p "clxp safe policy" -r "211.39.133.0" -f 0/255.255.255.0=211.39.133.0/255.255.255.0:: -n BLOCK -x
- <Текущая директория>\list.exe
- %TEMP%\174687_res.tmp
- %WINDIR%\msn.exe
- %WINDIR%\ipseccmd.exe
- <SYSTEM32>\Iase.dll
- <Текущая директория>\list.exe
- %WINDIR%\msn.exe
- %TEMP%\~DF50DE.tmp
- 'my####.han777.net':80
- DNS ASK my####.han777.net