Техническая информация
- [<HKLM>\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe] 'Debugger' = 'SppHook.exe'
- '%WINDIR%\KMSEmu.exe' 1688 RandomKMSPID 43200 43200 KillProcessOnPort
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="KMSEmu" dir=in program=%WINDIR%\KMSEmu.exe action=allow profile=any protocol=tcp
- %WINDIR%\SppHook.exe
- %TEMP%\aut3.tmp
- %WINDIR%\SppHook.dll
- %TEMP%\aut1.tmp
- %WINDIR%\KMSEmu.exe
- %TEMP%\aut2.tmp
- %WINDIR%\KMSEmu.exe
- %WINDIR%\SppHook.exe
- %WINDIR%\SppHook.dll
- %TEMP%\aut1.tmp
- %TEMP%\aut2.tmp
- %TEMP%\aut3.tmp