Техническая информация
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'Gestionnaire des taches' = 'C:\System32\Taskmgr.exe'
- [<HKCU>\Software\Microsoft\Windows\CurrentVersion\Run] 'test' = 'test'
- C:\System32\host
- C:\System32\ref
- %TEMP%\tmp2.tmp
- %TEMP%\tmp1.tmp
- %TEMP%\is-T69P9.tmp\_isetup\_shfoldr.dll
- %TEMP%\KMSpico_setup.exe
- C:\System32\Taskmgr.exe
- %TEMP%\Setup Log 2018-03-28 #001.txt
- %TEMP%\is-RG8NI.tmp\KMSpico_setup.tmp
- C:\System32\ref
- C:\System32\host
- C:\System32\Taskmgr.exe
- %TEMP%\KMSpico_setup.exe
- %TEMP%\tmp2.tmp
- C:\System32\host
- C:\System32\host
- 'cd###.#twebpages.com':80
- 'fa####y.olympe.in':80
- 'wp#d':80
- http://cd###.#twebpages.com/hosts
- http://fa####y.olympe.in/hosts
- http://11#.#11.111.1/wpad.dat via wp#d
- DNS ASK cd###.#twebpages.com
- DNS ASK fa####y.olympe.in
- DNS ASK wp#d
- ClassName: 'MS_WebcheckMonitor' WindowName: ''
- ClassName: 'MS_AutodialMonitor' WindowName: ''
- '%TEMP%\is-RG8NI.tmp\KMSpico_setup.tmp' /SL5="$100E6,2646452,69120,%TEMP%\KMSpico_setup.exe"
- 'C:\System32\Taskmgr.exe' piratebay_KMSpico_setup_20052015
- '%TEMP%\KMSpico_setup.exe'