Exploit.Siggen.14120

Technical Information

To ensure autorun and distribution

Sets the following service settings

[HKLM\SYSTEM\CurrentControlSet\Services\osppsvc] 'Start' = '00000002'

Modifies file system

Creates the following files

%TEMP%\at.exe
%TEMP%\cert\kmscertw10\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw10\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw10\education\education-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw10\education\education-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw10\core\core-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw10\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscert2016\word\wordvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\word\wordvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\word\wordvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\visiostd\visiostdvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\visiostd\visiostdvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\visiostd\visiostdvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\visiopro\visioprovl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\visiopro\visioprovl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\visiopro\visioprovl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\standard\standardvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\standard\standardvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\standard\standardvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-rac-public.xrm-ms
%TEMP%\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\skypeforbusiness\skypeforbusinessvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscertw10\enterprises\enterprises-volume-gvlk-2-ul.xrm-ms
%TEMP%\cert\kmscertw10\enterprises\enterprises-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-rac-private.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms1-pl.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-kms-pl.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-ul.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-rac-public.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-vl-bypass-rac-private.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\business\security-licensing-slc-component-sku-business-ul-oob.xrm-ms
%TEMP%\cert\kmscertw10\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw10\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw10\pkeyconfig.xrm-ms
%TEMP%\cert\kmscertw10\enterprises\enterprises-volume-gvlk-2-ul-oob.xrm-ms
%TEMP%\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
%TEMP%\cert\kmscertw10\enterprises\enterprises-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscert2016\mondo\mondovl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\excel\excelvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\excel\excelvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\excel\excelvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\client-issuance-ul.xrm-ms
%TEMP%\cert\kmscert2016\client-issuance-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\client-issuance-stil.xrm-ms
%TEMP%\cert\kmscert2016\client-issuance-root.xrm-ms
%TEMP%\cert\kmscert2016\client-issuance-root-bridge-test.xrm-ms
%TEMP%\cert\kmscert2016\client-issuance-bridge-office.xrm-ms
%TEMP%\cert\kmscert2016\access\accessvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\access\accessvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\access\accessvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
%TEMP%\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
%TEMP%\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
%TEMP%\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
%TEMP%\cert\kmscert2013\visiopro\visio.reg
%TEMP%\cert\kmscert2016\publisher\publishervl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\publisher\publishervl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\publisher\publishervl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\onenote\onenotevl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\mondo\mondovl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\proplus\proplusvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\proplus\proplusvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\proplus\proplusvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\projectstd\projectstdvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\projectstd\projectstdvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\projectstd\projectstdvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\projectpro\projectprovl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\projectpro\projectprovl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\projectpro\projectprovl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\powerpoint\powerpointvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\pkeyconfig-office.xrm-ms
%TEMP%\cert\kmscert2016\outlook\outlookvl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\outlook\outlookvl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\outlook\outlookvl_kms_client-ppd.xrm-ms
%TEMP%\cert\kmscert2016\onenote\onenotevl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2016\onenote\onenotevl_kms_client-ul-oob.xrm-ms
%TEMP%\cert\kmscert2016\mondo\mondovl_kms_client-ul.xrm-ms
%TEMP%\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-ul-oob.xrm-ms
%TEMP%\cert\kmscertw7\embedded\security-spp-component-sku-embedded-pl.xrm-ms
%TEMP%\cert\kmscertw81\serverdatacenter\serverdatacenter-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\serverdatacenter\serverdatacenter-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\professionalwmc\professionalwmc-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\professionalwmc\professionalwmc-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\pkeyconfig.xrm-ms
%TEMP%\cert\kmscertw81\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\embeddedindustry\embeddedindustry-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\embeddedindustry\embeddedindustry-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\coreconnectedsinglelanguage\coreconnectedsinglelanguage-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\coreconnectedsinglelanguage\coreconnectedsinglelanguage-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\core\core-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\professionalwmc\professionalwmc-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw8\professionalwmc\professionalwmc-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\professionaln\professionaln-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw8\professionaln\professionaln-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\professional\professional-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\professional\professional-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw81\serverstandard\serverstandard-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw81\serverstandard\serverstandard-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\uninstall\remove_scheduletask.cmd
%TEMP%\uninstall\enablesmartscreen.reg
%TEMP%\uninstall\enablesmartscreen.cmd
%TEMP%\sounds\warning.mp3
%TEMP%\sounds\verified.mp3
%TEMP%\sounds\transfer.mp3
%TEMP%\sounds\processing.mp3
%TEMP%\sounds\inputok.mp3
%TEMP%\sounds\inputfailed.mp3
%TEMP%\sounds\enterauthorizationcode.mp3
%TEMP%\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
%TEMP%\sounds\diagnostic.mp3
%TEMP%\sounds\complete.mp3
%TEMP%\sounds\begin.mp3
%TEMP%\sounds\affirmative.mp3
%TEMP%\logs\kmseldi.log
%TEMP%\logs\autopico.log
%TEMP%\driver\uninstalldriver.cmd
%TEMP%\driver\tap-windows-9.21.0.exe
%TEMP%\driver\openvpn.cer
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-pl.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-bypass-ul.xrm-ms
%TEMP%\cert\kmscertw8\enterprisen\enterprisen-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\enterprisen\enterprisen-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw6\pkeyconfig.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms1-pl.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-kms-pl.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-ul.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-rac-public.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-vl-bypass-rac-private.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\enterprise\security-licensing-slc-component-sku-enterprise-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-ul-oob.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms1-pl.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-ul-phn.xrm-ms
%TEMP%\cert\kmscertw6\businessn\security-licensing-slc-component-sku-businessn-vl-kms-ul-oob.xrm-ms
%TEMP%\cert\kmscertw7\embedded\pkeyconfig-embedded.xrm-ms
%TEMP%\cert\kmscertw8\pkeyconfig.xrm-ms
%TEMP%\cert\kmscertw7\embedded\security-spp-component-sku-embedded-ul-oob.xrm-ms
%TEMP%\cert\kmscertw7\embedded\security-spp-component-sku-embedded-ul-phn.xrm-ms
%TEMP%\cert\kmscertw7\embedded\security-spp-component-sku-embedded-vlba-ul-oob.xrm-ms
%TEMP%\cert\kmscertw8\enterprise\enterprise-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\coresinglelanguage\coresinglelanguage-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw8\coresinglelanguage\coresinglelanguage-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\coren\coren-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw8\coren\coren-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw8\core\core-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscertw8\core\core-volume-gvlk-1-ul-oob-rtm.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-ul-phn.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-ul-oob.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vlkms1-pl.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-ul.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-ul-oob.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-rac-public.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-vl-bypass-rac-private.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-ul-phn.xrm-ms
%TEMP%\cert\kmscertw7\professional\security-spp-component-sku-professional-ul-oob.xrm-ms
%TEMP%\cert\kmscertw7\professional\pkeyconfig.xrm-ms
%TEMP%\cert\kmscertw7\embedded\security-spp-component-sku-embedded-vlba-ul.xrm-ms
%TEMP%\cert\kmscertw8\enterprise\enterprise-volume-gvlk-1-ul-rtm.xrm-ms
%TEMP%\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
%TEMP%\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
%TEMP%\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
%TEMP%\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
%TEMP%\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
%TEMP%\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\outlook\outlookvlregwow.reg
%TEMP%\cert\kmscert2010\outlook\outlookvlreg64.reg
%TEMP%\cert\kmscert2010\outlook\outlookvlreg32.reg
%TEMP%\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\projectpro\projectprovlreg32.reg
%TEMP%\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\proplus\proplusvlregwow.reg
%TEMP%\cert\kmscert2010\proplus\proplusvlreg64.reg
%TEMP%\cert\kmscert2010\proplus\proplusvlreg32.reg
%TEMP%\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\projectstd\projectstdvlregwow.reg
%TEMP%\cert\kmscert2010\projectstd\projectstdvlreg64.reg
%TEMP%\cert\kmscert2010\projectstd\projectstdvlreg32.reg
%TEMP%\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\projectpro\projectprovlregwow.reg
%TEMP%\cert\kmscert2010\projectpro\projectprovlreg64.reg
%TEMP%\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\onenote\onenotevlreg64.reg
%TEMP%\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\excel\excelvlreg32.reg
%TEMP%\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\access\accessvlregwow.reg
%TEMP%\cert\kmscert2010\access\accessvlreg64.reg
%TEMP%\cert\kmscert2010\access\accessvlreg32.reg
%TEMP%\cert\installall.cmd
%TEMP%\vestris.resourcelib.dll
%TEMP%\removewatermark.cmd
%TEMP%\readme kmspico portable.txt
%TEMP%\kmseldi.exe
%TEMP%\disablesmartscreen.reg
%TEMP%\devcomponents.dotnetbar2.dll
%TEMP%\autopico.exe
%TEMP%\auto (run as admin).cmd
%TEMP%\cert\kmscert2010\excel\excelvlregwow.reg
%TEMP%\cert\kmscert2010\onenote\onenotevlregwow.reg
%TEMP%\cert\kmscert2010\publisher\publishervlreg32.reg
%TEMP%\cert\kmscert2010\excel\excelvlreg64.reg
%TEMP%\cert\kmscert2010\onenote\onenotevlreg32.reg
%TEMP%\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\infopath\infopathvlregwow.reg
%TEMP%\cert\kmscert2010\infopath\infopathvlreg64.reg
%TEMP%\cert\kmscert2010\infopath\infopathvlreg32.reg
%TEMP%\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\groove\groovevlregwow.reg
%TEMP%\cert\kmscert2010\groove\groovevlreg64.reg
%TEMP%\cert\kmscert2010\groove\groovevlreg32.reg
%TEMP%\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\publisher\publishervlreg64.reg
%TEMP%\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
%TEMP%\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
%TEMP%\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
%TEMP%\cert\kmscert2013\licenses.sl.issuance.client_ul_oob.xrm-ms
%TEMP%\cert\kmscert2013\licenses.sl.issuance.client_ul.xrm-ms
%TEMP%\cert\kmscert2013\licenses.sl.issuance.client_stil.xrm-ms
%TEMP%\cert\kmscert2013\licenses.sl.issuance.client_root_bridge_test.xrm-ms
%TEMP%\cert\kmscert2013\licenses.sl.issuance.client_root.xrm-ms
%TEMP%\cert\kmscert2013\licenses.sl.issuance.client_bridge_office.xrm-ms
%TEMP%\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
%TEMP%\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
%TEMP%\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
%TEMP%\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
%TEMP%\cert\kmscert2013\access\accessvl_kms_client_ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\access\accessvl_kms_client_pl.xrm-ms
%TEMP%\cert\kmscert2013\access\accessvl_kms_client_oob.xrm-ms
%TEMP%\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
%TEMP%\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
%TEMP%\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
%TEMP%\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
%TEMP%\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
%TEMP%\cert\kmscert2013\proplus\proplus.reg
%TEMP%\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
%TEMP%\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
%TEMP%\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
%TEMP%\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
%TEMP%\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
%TEMP%\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
%TEMP%\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
%TEMP%\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
%TEMP%\cert\kmscert2013\pkeyconfig-office.xrm-ms
%TEMP%\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
%TEMP%\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
%TEMP%\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\publisher\publishervlregwow.reg
%TEMP%\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\standard\standardvlregwow.reg
%TEMP%\cert\kmscert2010\standard\standardvlreg64.reg
%TEMP%\cert\kmscert2010\standard\standardvlreg32.reg
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
%TEMP%\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
%TEMP%\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\word\wordvlregwow.reg
%TEMP%\cert\kmscert2010\word\wordvlreg64.reg
%TEMP%\cert\kmscert2010\word\wordvlreg32.reg
%TEMP%\cert\kmscert2010\visio\visiovlregwow.reg
%TEMP%\cert\kmscert2010\visio\visiovlreg64.reg
%TEMP%\cert\kmscert2010\visio\visiovlreg32.reg
%TEMP%\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
%TEMP%\sounds\incomingtransmission.mp3
%TEMP%\uninstall\restore_watermark.cmd
%TEMP%\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
%TEMP%\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
%TEMP%\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
%TEMP%\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
%TEMP%\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
%TEMP%\39c5.tmp\at.bat

Deletes the following files

%TEMP%\logs\autopico.log
%TEMP%\39c5.tmp\at.bat

Substitutes the following files

%TEMP%\logs\autopico.log

Network activity

TCP

Other

'34.##9.100.209':443
'localhost':49185
'localhost':49187

UDP

DNS ASK 3.###l.ntp.org
'3.###l.ntp.org':123

Miscellaneous

Searches for the following windows

ClassName: 'EDIT' WindowName: ''

Creates and executes the following

'%TEMP%\at.exe'
'%TEMP%\autopico.exe'

Executes the following

'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\39C5.tmp\at.bat" "
'%WINDIR%\syswow64\cscript.exe' msgbox.vbs
'%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\39C5.tmp\at.bat" "' (with hidden window)

TECHNOLOGIES

TERMINOLOGIE

COURS ET EDU

MYTHES

Technical Information

Recommandations pour le traitement

Free trial