Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PolicyAgent] 'Start' = '00000002'
- '<LS_APPDATA>\ipseccmd.exe' -w REG -p "shunwangxiaoge" -r "122.227.164.124" -f 122.227.164.124/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '<LS_APPDATA>\ipseccmd.exe' -w REG -p "shunwangxiaoge" -r "116.255.161.100" -f 116.255.161.100/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '<LS_APPDATA>\ipseccmd.exe' -w REG -p "shunwangxiaoge" -r "210.209.71.61:80" -f 210.209.71.61:80/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '<SYSTEM32>\wbem\wmiadap.exe' /R /T
- '<SYSTEM32>\net1.exe' start PolicyAgent
- '<SYSTEM32>\sc.exe' config PolicyAgent start= AUTO
- <LS_APPDATA>\ip.txt
- <LS_APPDATA>\ipseccmd.exe
- %TEMP%\~1.bat
- %TEMP%\~1.bat
- <SYSTEM32>\PerfStringBackup.TMP
- <SYSTEM32>\wbem\Performance\WmiApRpl.ini