Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] '36OSafeUpdate' = '%CommonProgramFiles%\seria.exe'
- %CommonProgramFiles%\seria.exe
- <SYSTEM32>\reg.exe add "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run" /v 36OSafeUpdate /t REG_SZ /d "%CommonProgramFiles%\seria.exe" /f
- <SYSTEM32>\net.exe stop sharedaccess
- <SYSTEM32>\net1.exe stop sharedaccess
- <SYSTEM32>\cmd.exe /c ""%TEMP%\Del.bat" "
- <SYSTEM32>\ping.exe -n 3 127.0.0.1
- <SYSTEM32>\cmd.exe /c ""%PROGRAM_FILES%\Regrun.bat" "
- %PROGRAM_FILES%\Regrun.dat
- %PROGRAM_FILES%\Regrun.bat
- %TEMP%\Del.bat
- %CommonProgramFiles%\seria.exe
- %TEMP%\Del.dat
- %PROGRAM_FILES%\Regrun.bat
- %TEMP%\Del.dat
- 'li##.9bic.net':6668
- 'vi#.#bic.net':883
- DNS ASK li##.9bic.net
- DNS ASK vi#.#bic.net