Техническая информация
- '<SYSTEM32>\taskkill.exe' /f /t /im cmw_srv.exe
- '<SYSTEM32>\taskkill.exe' /f /t /im HSSCP.exe
- '<SYSTEM32>\taskkill.exe' /f /t /im hssfixme.exe
- '<SYSTEM32>\taskkill.exe' /f /t /im HSSTrayService.exe
- '<SYSTEM32>\taskkill.exe' /f /t /im hsswd.exe
- %TEMP%\dde0.tmp\ddf0.bat
- %TEMP%\dde0.tmp\ddf0.bat
- ClassName: '' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\DDE0.tmp\DDF0.bat <Полный путь к файлу>"' (со скрытым окном)
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\DDE0.tmp\DDF0.bat <Полный путь к файлу>"
- '<SYSTEM32>\attrib.exe' -r <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "anchorfree.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "rss2search.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "techbrowsing.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "box.anchorfree.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "www.me###dia.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "www.an###rfree.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "www.me###dia.com>" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "anchorfree.us" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "a433.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "rpt.anchorfree.net" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "delivery.anchorfree.us/land.php" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "hsselite.com>" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "www.hs###ite.com" <DRIVERS>\etc\hosts
- '<SYSTEM32>\attrib.exe' +r <DRIVERS>\etc\hosts