Техническая информация
- '%WINDIR%\syswow64\taskkill.exe' /im "regsvr32.exe" /f
- '%WINDIR%\syswow64\taskkill.exe' /im "dobi.exe" /f
- %WINDIR%\syswow64\regsvr32.exe
- dobi.exe
- %WINDIR%\syswow64\regsvr32.exe
- %TEMP%\ixp000.tmp\task.exe
- %APPDATA%\d.bmp
- %APPDATA%\dobi.exe
- %HOMEPATH%\kndex\d.ocx
- %TEMP%\ixp000.tmp\task.exe
- %HOMEPATH%\kndex\d.ocx
- %APPDATA%\dobi.exe
- DNS ASK bi###cket.org
- ClassName: 'EDIT' WindowName: ''
- ClassName: '' WindowName: ''
- '%TEMP%\ixp000.tmp\task.exe' -packman
- '%APPDATA%\dobi.exe'
- '%TEMP%\ixp000.tmp\task.exe' -packman' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "regsvr32.exe" /f & erase "%WINDIR%\SysWOW64\regsvr32.exe" & exit' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "dobi.exe" /f & erase "%APPDATA%\dobi.exe" & exit' (со скрытым окном)
- '%WINDIR%\syswow64\regsvr32.exe'
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "regsvr32.exe" /f & erase "%WINDIR%\SysWOW64\regsvr32.exe" & exit
- '%WINDIR%\syswow64\cmd.exe' /c taskkill /im "dobi.exe" /f & erase "%APPDATA%\dobi.exe" & exit