Technical Information
- '%WINDIR%\syswow64\taskkill.exe' /im avscan.exe /t /f
- '%WINDIR%\syswow64\taskkill.exe' /im update.exe /t /f
- %TEMP%\reg.exe
- %TEMP%\avirainst.cmd
- %TEMP%\exe225e.tmp
- %TEMP%\exe225e.tmp
- %TEMP%\avirainst.cmd
- %TEMP%\reg.exe
- ClassName: '' WindowName: ''
- '%TEMP%\reg.exe' query HKEY_LOCAL_MACHINE\SOFTWARE\Avira /s
- '%TEMP%\reg.exe' query "HKEY_LOCAL_MACHINE\SOFTWARE\H+BEDV" /s
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\avirainst.cmd""' (with hidden window)
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\avirainst.cmd""
- '%WINDIR%\syswow64\cmd.exe' /S /D /c" type regexc.txt "
- '%WINDIR%\syswow64\find.exe' "Path"