ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop7.64973

Added to the Dr.Web virus database: 2018-02-27

Virus description added:

Technical Information

Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\RarSFX0\KMSELDI.EXE' = '%TEMP%\RarSFX0\KMSELDI.EXE:*:Enabled:KM...
Modifies file system:
Creates the following files:
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROPLUS\ProPlusVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROPLUS\ProPlusVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROPLUS\ProPlusVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlus_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlus_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\Publisher_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\Publisher_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PUBLISHER\PublisherVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\Publisher_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\Publisher_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\Publisher_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStd_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStd_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStd_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStd_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStd_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROJECTSTD\ProjectStdVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlus_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlus_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlus_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROJECTSTD\ProjectStdVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROJECTSTD\ProjectStdVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PUBLISHER\PublisherVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-private.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-RAC-public.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-BYPASS-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-private.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-RAC-public.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PUBLISHER\PublisherVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-KMS1-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-BYPASS-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESS\Security-Licensing-SLC-Component-SKU-Business-VL-KMS-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROJECTPRO\ProjectProVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\Pkeyconfig.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\Pkeyconfig.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\Pkeyconfig.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Pkeyconfig-office.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Pkeyconfig-Office.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\Pkeyconfig.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPoint_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPoint_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPoint_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Pkeyconfig.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPoint_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\Outlook_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\Outlook_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\Outlook_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\ONENOTE\OneNoteVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\ONENOTE\OneNoteVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\Outlook_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\OUTLOOK\OutlookVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\EMBEDDED\Pkeyconfig-embedded.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\OUTLOOK\OutlookVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\Outlook_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\OUTLOOK\OutlookVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPoint_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\PROFESSIONALWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectPro_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\PROFESSIONALWMC\ProfessionalWMC-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\PROFESSIONALWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\PROFESSIONALWMC\ProfessionalWMC-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectPro_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROJECTPRO\ProjectProVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\PROJECTPRO\ProjectProVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectPro_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectPro_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectPro_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\PROFESSIONAL\Professional-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\PROFESSIONAL\Professional-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\POWERPOINT\PowerPointVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\POWERPOINT\PowerPointVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\POWERPOINT\PowerPointVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\PROFESSIONAL\Professional-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\PROFESSIONALN\ProfessionalN-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\PROFESSIONALN\ProfessionalN-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\PROFESSIONAL\Professional-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\PROFESSIONAL\Professional-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\PROFESSIONAL\Professional-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\VISIOPRO\VisioProVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\VISIOPRO\VisioProVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\VISIOPRO\VisioProVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPro_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPro_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioStd_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioStd_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\VISIOSTD\VisioStdVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioStd_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioStd_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioStd_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPrem_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPrem_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\STANDARD\StandardVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\STANDARD\StandardVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\STANDARD\StandardVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPrem_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPro_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPro_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPro_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPrem_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioPrem_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\VISIOSTD\VisioStdVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\SOUNDS\incomingtransmission.MP3
  • %TEMP%\RarSFX0\SOUNDS\inputfailed.MP3
  • %TEMP%\RarSFX0\SOUNDS\enterauthorizationcode.MP3
  • %TEMP%\RarSFX0\SOUNDS\complete.MP3
  • %TEMP%\RarSFX0\SOUNDS\diagnostic.MP3
  • %TEMP%\RarSFX0\SOUNDS\inputok.MP3
  • %TEMP%\RarSFX0\SOUNDS\warning.MP3
  • %TEMP%\RarSFX0\LOGS\KMSELDI.log
  • %TEMP%\RarSFX0\SOUNDS\verified.MP3
  • %TEMP%\RarSFX0\SOUNDS\processing.MP3
  • %TEMP%\RarSFX0\SOUNDS\transfer.MP3
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\Word_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\Word_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\Word_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\VISIOSTD\VisioStdVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\Word_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\Word_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\SOUNDS\affirmative.MP3
  • %TEMP%\RarSFX0\SOUNDS\begin.MP3
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\WORD\WordVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\WORD\WordVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\WORD\WordVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\Standard_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\EMBEDDED\Security-SPP-Component-SKU-Embedded-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS1-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\EMBEDDED\Security-SPP-Component-SKU-Embedded-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\EMBEDDED\Security-SPP-Component-SKU-Embedded-VLBA-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\EMBEDDED\Security-SPP-Component-SKU-Embedded-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\EMBEDDED\Security-SPP-Component-SKU-Embedded-VLBA-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\BUSINESSN\Security-Licensing-SLC-Component-SKU-BusinessN-VL-KMS1-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-private.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-KMS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-RAC-public.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW6\ENTERPRISE\Security-Licensing-SLC-Component-SKU-Enterprise-VL-BYPASS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasics_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasics_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasics_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\SKYPEFORBUSINESS\SkypeforBusinessVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\SKYPEFORBUSINESS\SkypeforBusinessVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasics_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\Standard_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\Standard_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\Standard_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasics_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\Standard_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VLKMS1-pl.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW7\PROFESSIONAL\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\SERVERSTANDARD\ServerStandard-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\SKYPEFORBUSINESS\SkypeforBusinessVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\SERVERSTANDARD\ServerStandard-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\SERVERDATACENTER\ServerDatacenter-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\SERVERDATACENTER\ServerDatacenter-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\WordVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\WordVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\WORD\WordVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\Access_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\Access_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\ACCESS\AccessVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\Access_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\Access_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\Access_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasicsVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasicsVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\PublisherVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\PublisherVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PUBLISHER\PublisherVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\SMALLBUSBASICS\SmallBusBasicsVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOPRO\visio.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\VISIO\VisioVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\StandardVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\StandardVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\STANDARD\StandardVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\ACCESS\AccessVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\CORE\Core-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\CORE\Core-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\CORE\Core-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\CORE\Core-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\CORE\Core-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\CORECONNECTEDSINGLELANGUAGE\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\CORESINGLELANGUAGE\CoreSingleLanguage-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\CORESINGLELANGUAGE\CoreSingleLanguage-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\COREN\CoreN-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\CORECONNECTEDSINGLELANGUAGE\CoreConnectedSingleLanguage-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\COREN\CoreN-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\ACCESS\AccessVL_KMS_Client_PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Client-Issuance-Bridge-Office.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\ACCESS\AccessVL_KMS_Client_PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\ACCESS\AccessVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\ACCESS\AccessVL_KMS_Client_OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Client-Issuance-Root-Bridge-Test.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Client-Issuance-Ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\CORE\Core-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Client-Issuance-Ul-Oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Client-Issuance-Root.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\Client-Issuance-Stil.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlusVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\AccessVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\AccessVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ACCESS\AccessVLReg32.REG
  • %TEMP%\RarSFX0\DRIVER\OpenVPN.CER
  • %TEMP%\RarSFX0\KMSpico.ICO
  • %TEMP%\RarSFX0\DisableSmartScreen.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\ExcelVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\GrooveVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\ExcelVLReg64.REG
  • %TEMP%\RarSFX0\UNINSTALL\EnableSmartScreen.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\ExcelVLReg32.REG
  • %TEMP%\RarSFX0\RemoveWaterMark.CMD
  • %TEMP%\RarSFX0\UNINSTALL\Restore_Watermark.CMD
  • %TEMP%\RarSFX0\UNINSTALL\Remove_ScheduleTask.CMD
  • %TEMP%\RarSFX0\README KMSpico Portable.TXT
  • %TEMP%\RarSFX0\UNINSTALL\EnableSmartScreen.CMD
  • %TEMP%\RarSFX0\DRIVER\UnInstallDriver.CMD
  • %TEMP%\RarSFX0\DevComponents.DotNetBar2.DLL
  • %TEMP%\RarSFX0\Vestris.ResourceLib.DLL
  • %TEMP%\RarSFX0\DRIVER\tap-windows-9.21.0.EXE
  • %TEMP%\RarSFX0\AutoPico.EXE
  • %TEMP%\RarSFX0\KMSELDI.EXE
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\GrooveVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectProVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectProVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTPRO\ProjectProVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPointVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPointVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStdVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlusVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROPLUS\ProPlusVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROPLUS\proplus.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStdVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\PROJECTSTD\ProjectStdVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPathVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNoteVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPathVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\GrooveVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPathVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNoteVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\OutlookVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\POWERPOINT\PowerPointVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\OutlookVLReg64.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNoteVLRegWOW.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\OUTLOOK\OutlookVLReg32.REG
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\INFOPATH\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOSTD\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\INFOPATH\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\POWERPOINT\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\INFOPATH\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOSTD\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\STANDARD\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROPLUS\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\STANDARD\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOSTD\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\STANDARD\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROJECTPRO\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROJECTPRO\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROJECTSTD\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROJECTSTD\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROJECTSTD\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROJECTPRO\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\POWERPOINT\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\POWERPOINT\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\OUTLOOK\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\OUTLOOK\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\OUTLOOK\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROPLUS\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\MONDO\MondoVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\MONDO\MondoVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\MONDO\MondoVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\EXCEL\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\EXCEL\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNote_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNote_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\ONENOTE\OneNoteVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNote_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNote_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\ONENOTE\OneNote_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\WORD\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOPRO\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\WORD\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PROPLUS\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\WORD\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOPRO\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\ONENOTE\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\EXCEL\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\ONENOTE\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\VISIOPRO\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\ONENOTE\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\LYNC\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\ENTERPRISES\EnterpriseS-Volume-GVLK-2-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\ENTERPRISES\EnterpriseS-Volume-GVLK-2-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\ENTERPRISES\EnterpriseS-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\ENTERPRISEN\EnterpriseN-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\ENTERPRISES\EnterpriseS-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\Excel_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\Excel_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\EXCEL\ExcelVL_KMS_Client-ppd.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\Excel_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\Excel_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\EXCEL\Excel_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\EMBEDDEDINDUSTRY\EmbeddedIndustry-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\ENTERPRISE\Enterprise-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\EMBEDDEDINDUSTRY\EmbeddedIndustry-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\EDUCATION\Education-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\EDUCATION\Education-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\ENTERPRISE\Enterprise-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\ENTERPRISE\Enterprise-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\ENTERPRISEN\EnterpriseN-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW81\ENTERPRISE\Enterprise-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW10\ENTERPRISE\Enterprise-Volume-GVLK-1-ul-oob-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERTW8\ENTERPRISE\Enterprise-Volume-GVLK-1-ul-rtm.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\EXCEL\ExcelVL_KMS_Client-ul-oob.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Licenses.sl.ISSUANCE.CLIENT_STIL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Licenses.sl.ISSUANCE.CLIENT_UL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Licenses.sl.ISSUANCE.CLIENT_ROOT.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\LYNC\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\LYNC\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PUBLISHER\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PUBLISHER\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2013\PUBLISHER\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\Groove_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\Groove_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\Groove_KMS_Client.PL.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2016\EXCEL\ExcelVL_KMS_Client-ul.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\Groove_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\GROOVE\Groove_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPath_KMS_Client.RAC_Priv.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPath_KMS_Client.RAC_Pub.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPath_KMS_Client.PPDLIC.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPath_KMS_Client.OOB.XRM-MS
  • %TEMP%\RarSFX0\CERT\KMSCERT2010\INFOPATH\InfoPath_KMS_Client.PL.XRM-MS
Network activity:
Connects to:
  • '1.###l.ntp.org':123
UDP:
  • DNS ASK 1.###l.ntp.org
Miscellaneous:
Searches for the following windows:
  • ClassName: 'EDIT' WindowName: ''
Creates and executes the following:
  • '%TEMP%\RarSFX0\KMSELDI.EXE'

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play