Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\PolicyAgent] 'Start' = '00000002'
- '<LS_APPDATA>\ipseccmd.exe' -w REG -p "360betche" -r "360bitch1" -f 0/255.255.255.255=61.164.110.113/255.255.255.255:: -n BLOCK -x
- '<LS_APPDATA>\ipseccmd.exe' -w REG -p "360betche" -r "360bitch2" -f 0/255.255.255.255=61.191.223.97/255.255.255.255:: -n BLOCK -x
- '<LS_APPDATA>\ipseccmd.exe' -w REG -p "360betche" -r "360bitch3" -f 0/255.255.255.255=222.215.136.5/255.255.255.255:: -n BLOCK -x
- '<SYSTEM32>\net1.exe' start "ipsec services"
- '<SYSTEM32>\cmd.exe' /c %TEMP%\~1.bat <Полный путь к вирусу>
- '<SYSTEM32>\sc.exe' config policyagent start= auto
- '<SYSTEM32>\net.exe' start "ipsec services"
- <LS_APPDATA>\ipseccmd.exe
- %TEMP%\~1.bat
- %TEMP%\~1.bat