Техническая информация
- [<HKLM>\SYSTEM\ControlSet001\Services\WinDivert1.1] 'Start' = '00000002'
- '%WINDIR%\WinDivert.exe' 10.11.12.13
- '%WINDIR%\KMSEmu.exe' 1688 RandomKMSPID 43200 43200 KillProcessOnPort
- '<SYSTEM32>\sc.exe' stop WinDivert1.1
- '<SYSTEM32>\sc.exe' delete WinDivert1.1
- '<SYSTEM32>\route.exe' delete 10.11.12.13 0.0.0.0
- '<SYSTEM32>\route.exe' add 10.11.12.13 0.0.0.0 IF 1
- '<SYSTEM32>\netsh.exe' advfirewall firewall add rule name="KMSEmu" dir=in program=%WINDIR%\KMSEmu.exe action=allow profile=any protocol=tcp
- '<SYSTEM32>\sc.exe' create WinDivert1.1 binPath= "%WINDIR%\WinDivert.sys" type= kernel start= auto DisplayName= "WinDivert1.1"
- '<SYSTEM32>\sc.exe' start WinDivert1.1
- %WINDIR%\WinDivert.exe
- %TEMP%\aut3.tmp
- %WINDIR%\WinDivert.sys
- %TEMP%\aut4.tmp
- %WINDIR%\KMSEmu.exe
- %TEMP%\aut1.tmp
- %WINDIR%\WinDivert.dll
- %TEMP%\aut2.tmp
- %WINDIR%\WinDivert.exe
- %WINDIR%\KMSEmu.exe
- %WINDIR%\WinDivert.sys
- %WINDIR%\WinDivert.dll
- %TEMP%\aut2.tmp
- %TEMP%\aut1.tmp
- %TEMP%\aut4.tmp
- %TEMP%\aut3.tmp