Техническая информация
- %TEMP%\1573.tmp\1574.bat
- nul
- 'me##line.co':80
- 'ap#.####r.cloudflare.com':443
- http://www.me##line.co/CpHZt
- http://www.me##line.co/cdn-cgi/styles/main.css
- 'ap#.####r.cloudflare.com':443
- DNS ASK me##line.co
- DNS ASK be####k182.co.vu
- DNS ASK ap#.####r.cloudflare.com
- ClassName: 'DDEMLMom' WindowName: ''
- ClassName: 'IEFrame' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- ClassName: 'MS_WebCheckMonitor' WindowName: ''
- ClassName: 'Static' WindowName: ''
- '<SYSTEM32>\cmd.exe' /c "%TEMP%\1573.tmp\1574.bat <Полный путь к файлу>"
- '<SYSTEM32>\cmd.exe' /S /D /c" ver "
- '<SYSTEM32>\findstr.exe' /i "10\.0\."
- '<SYSTEM32>\findstr.exe' /i "6\.3\."
- '<SYSTEM32>\findstr.exe' /i "6\.2\."
- '<SYSTEM32>\findstr.exe' /i "6\.1\."
- '<SYSTEM32>\findstr.exe' /i "6\.0\."
- '<SYSTEM32>\findstr.exe' /i "5\.1\."
- '<SYSTEM32>\findstr.exe' /i "5\.2\."
- '<SYSTEM32>\findstr.exe' /i "5\.0\."
- '<SYSTEM32>\find.exe' /i "Windows NT"
- '<SYSTEM32>\find.exe' /i ">Windows ME"
- '<SYSTEM32>\find.exe' /i "Windows 98"
- '<SYSTEM32>\find.exe' /i "Windows 95"
- '<SYSTEM32>\find.exe' /C /I "# Malwarebytes Blocker" <DRIVERS>\etc\hosts
- '<SYSTEM32>\find.exe' /C /I "keystone.mwbsys.com" <DRIVERS>\etc\hosts