Техническая информация
- %WINDIR%\Temp\km$\autorun.exe
- %TEMP%\mini-KMS_Activator_v1.051.exe
- "%TEMP%\FvuyfsN5Vi.exe" (загружен из сети Интернет)
- <SYSTEM32>\cmd.exe /c ""%WINDIR%\Temp\km$\Start.cmd" "
- <SYSTEM32>\wscript.exe "%TEMP%\rat.vbs"
- %WINDIR%\Temp\km$\Rest.cmd
- %WINDIR%\Temp\km$\RearmW.cmd
- %WINDIR%\Temp\km$\slerror.xml
- %WINDIR%\Temp\km$\service.inf
- %WINDIR%\Temp\km$\RearmOf.cmd
- %WINDIR%\Temp\km$\ospprearm.exe
- %WINDIR%\Temp\km$\osppc.dll
- %WINDIR%\Temp\km$\PopupOk.js
- %WINDIR%\Temp\km$\PopupErr.js
- %TEMP%\apm3.tmp
- %TEMP%\apm2.tmp
- %TEMP%\FvuyfsN5Vi.exe
- %HOMEPATH%\Local Settings\Temporary Internet Files\Content.IE5\69I9OPW5\rat[1].exe
- %TEMP%\apm1.tmp
- %WINDIR%\Temp\km$\Start.cmd
- %WINDIR%\Temp\km$\srvany.exe
- %WINDIR%\Temp\km$\Uni000.ini
- %WINDIR%\Temp\km$\Uni000.exe
- %WINDIR%\Temp\km$\ospp.vbs
- %WINDIR%\Temp\km$\autorun.apm
- %WINDIR%\Temp\km$\ActWin.cmd
- %WINDIR%\Temp\km$\ChkOf.cmd
- %WINDIR%\Temp\km$\autorun.exe
- %WINDIR%\Temp\km$\ActOf.cmd
- %TEMP%\rat.vbs
- %TEMP%\mini-KMS_Activator_v1.051.exe
- %TEMP%\$inst\temp_0.tmp
- %TEMP%\$inst\2.tmp
- %WINDIR%\Temp\km$\KeyMngW.cmd
- %WINDIR%\Temp\km$\KeyMngOf.cmd
- %WINDIR%\Temp\km$\KMSIns.cmd
- %WINDIR%\Temp\km$\KMService.exe
- %WINDIR%\Temp\km$\instsrv.exe
- %WINDIR%\Temp\km$\cscript.exe
- %WINDIR%\Temp\km$\ChkWin.cmd
- %WINDIR%\Temp\km$\hidcon.exe
- %WINDIR%\Temp\km$\Help.txt
- %TEMP%\apm3.tmp
- %TEMP%\apm2.tmp
- %TEMP%\$inst\temp_0.tmp
- 'ke##us.com':80
- 'localhost':1035
- ke##us.com/rat.exe
- DNS ASK ke##us.com
- ClassName: 'Shell_TrayWnd' WindowName: ''