Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PolicyAgent] 'Start' = '00000002'
- '%TEMP%\ipseccmd.exe' -w REG -p "CCstop" -r "117.40.91.37" -f 117.40.91.37/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '%TEMP%\ipseccmd.exe' -w REG -p "CCstop" -r "221.203.137.4" -f 221.203.137.4/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '%TEMP%\ipseccmd.exe' -w REG -p "CCstop" -r "221.203.137.5" -f 221.203.137.5/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '%TEMP%\ipseccmd.exe' -w REG -p "CCstop" -r "218.64.114.99" -f 218.64.114.99/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '%TEMP%\ip.EXE'
- '%TEMP%\ipseccmd.exe' -w REG -p "CCstop" -r "59.63.158.214" -f 59.63.158.214/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '%TEMP%\ipseccmd.exe' -w REG -p "CCstop" -r "218.65.49.157" -f 218.65.49.157/255.255.255.255=0/255.255.255.255:: -n BLOCK -x
- '<SYSTEM32>\net1.exe' start PolicyAgent
- '<SYSTEM32>\sc.exe' config PolicyAgent start= AUTO
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\4988.CMD" "
- %TEMP%\ip.EXE
- %TEMP%\4988.CMD
- %TEMP%\ipseccmd.exe
- %TEMP%\ip.txt
- ClassName: 'Shell_TrayWnd' WindowName: '(null)'
- ClassName: 'EDIT' WindowName: '(null)'