Техническая информация
- %WINDIR%\syswow64\regsvr32.exe
- %TEMP%\ixp000.tmp\task.exe
- %APPDATA%\d.bmp
- %APPDATA%\dobi.exe
- %HOMEPATH%\kndex\d.ocx
- %TEMP%\ixp000.tmp\task.exe
- %HOMEPATH%\kndex\d.ocx
- DNS ASK go###any.info
- ClassName: 'EDIT' WindowName: ''
- '%TEMP%\ixp000.tmp\task.exe' -packman
- '%APPDATA%\dobi.exe'
- '%TEMP%\ixp000.tmp\task.exe' -packman' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe'