Техническая информация
- 'C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSp v2.7.exe'
- '<SYSTEM32>\findstr.exe' /i Windows
- '<SYSTEM32>\wbem\wmic.exe' path OfficeSoftwareProtectionService get version /format:list
- '<SYSTEM32>\taskkill.exe' /f /IM "Server.exe"
- '<SYSTEM32>\wscript.exe' "%TEMP%\RarSFX0\Start KMSp.vbs"
- '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\KMSp.cmd" "
- '<SYSTEM32>\wbem\wmic.exe' path SoftwareLicensingProduct where (Description LIKE '%KMSCLIENT%') get Name /format:list
- <SYSTEM32>\wbem\AutoRecover\C8463ECBE33BC240263A0B094E46D510.mof
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- <SYSTEM32>\wbem\Logs\WMIC.LOG
- <SYSTEM32>\wbem\AutoRecover\23BDE61F1F4FACE17E9B0C01F2A1FD9B.mof
- %TEMP%\RarSFX0\KMSp.cmd
- C:\Users\%USERNAME%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\KMSp v2.7.exe
- %TEMP%\RarSFX0\Server.exe
- %TEMP%\tmp1.tmp
- %TEMP%\RarSFX0\Start KMSp.vbs
- %TEMP%\RarSFX0\KMSp.cmd
- %TEMP%\RarSFX0\Server.exe
- %TEMP%\RarSFX0\Start KMSp.vbs
- %TEMP%\tmp1.tmp
- %TEMP%\tmp2.tmp
- %TEMP%\tmp3.tmp
- ClassName: '' WindowName: ''
- ClassName: 'Shell_TrayWnd' WindowName: ''
- ClassName: 'EDIT' WindowName: ''