Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe] 'Debugger' = 'SppHook.exe'
- '%WINDIR%\KMSEmu.exe' 1688 RandomKMSPID 43200 43200 KillProcessOnPort
- '%WINDIR%\oem.exe'
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="KMSEmu" dir=in program=%WINDIR%\KMSEmu.exe action=allow profile=any protocol=tcp
- '<SYSTEM32>\schtasks.exe' /create /xml "%WINDIR%\oem.xml" /tn "OEM" /ru SYSTEM
- %TEMP%\aut4.tmp
- %WINDIR%\KMSEmu.exe
- %WINDIR%\SppHook.exe
- %WINDIR%\SppHook.dll
- %TEMP%\aut5.tmp
- %WINDIR%\oem.xml
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp
- %WINDIR%\oem.exe
- %WINDIR%\KMSEmu.exe
- %TEMP%\aut5.tmp
- %WINDIR%\SppHook.dll
- %WINDIR%\SppHook.exe
- %TEMP%\aut4.tmp
- %WINDIR%\oem.xml
- %TEMP%\aut1.tmp
- %TEMP%\aut3.tmp
- %TEMP%\aut2.tmp