ユーザー向け情報

閉じる

マイライブラリ
マイライブラリ

+ マイライブラリに追加

検索
検索

電話
テクニカルサポート利用方法

問い合わせ

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

フォーラム(英語)

お問い合わせ履歴

新規お問い合わせ

電話(英語)

+7 (495) 789-45-86

Profile

JP

RU CN DE EN ES FR IT JP KZ UZ PL BY
閉じる
サービス
スキャナー
Dr.Web vxCube
トライアル
ウイルスライブラリ
ナレッジベース

テクノロジー

用語

トレーニングコースおよび啓蒙プロジェクト

アンチウイルスに関する誤解と噂

ニュース

Trojan.MulDrop8.26747

Added to the Dr.Web virus database: 2018-06-18

Virus description added:

Technical Information

Malicious functions:
To bypass firewall, removes or modifies the following registry keys:
  • [<HKLM>\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] '%TEMP%\RarSFX0\AutoPico.exe' = '%TEMP%\RarSFX0\AutoPico.exe:*:Enabled:...
Modifies file system:
Creates the following files:
  • %TEMP%\RarSFX0\cert\installAll.cmd
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._8C762649_97D1_4953_AD27_B7E2C25B972E.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._771C3AFA_50C5_443F_B151_FF2546D863A0.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\LicenseSetData._8D577C50_AE5E_47FD_A240_24986F73D503.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._2B9E4A37_6230_4B42_BEE2_E25CE86C8C7A.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Outlook\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._ED34DC89_1C27_4ECD_8B2F_63D0F4CEDC32.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\LicenseSetData._4A5D124A_E620_44BA_B6FF_658961B33B9A.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectPro\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\PowerPoint\LicenseSetData._E40DCB44_1D5C_4085_8E8F_943F33C4F004.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._9E016989_4007_42A6_8051_64EB97110CF2.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._AC1AE7FD_B949_4E04_A330_849BC40638CF.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\LicenseSetData._F7461D52_7C2B_43B2_8744_EA958E0BD09A.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._B067E965_7521_455B_B9F7_C740204578A2.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\OneNote\LicenseSetData._EFE1F3E6_AEA2_4144_A208_32AA872B6545.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._E1264E10_AFAF_4439_A98B_256DF8BB156F.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\LicenseSetData._1B9F11E3_C85C_4E1B_BB29_879AD2C909E3.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Lync\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\InfoPath\LicenseSetData._A30B8040_D68A_423F_B0B5_9CE292EA5A8F.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProjectStd\LicenseSetData._427A28D1_D17C_4ABF_B717_32C780BA6F07.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._9CEDEF15_BE37_4FF0_A08A_13A045540641.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\visio.reg
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._44A1F6FF_0876_4EDB_9169_DBB43101EE89.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\LicenseSetData._AC4EFAF0_F81F_4F61_BDF7_EA32B02AB117.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioStd\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.OOB.xrm-ms
  • %TEMP%\RarSFX0\sounds\inputok.mp3
  • %TEMP%\RarSFX0\WinDivert.dll
  • %TEMP%\RarSFX0\WdfCoInstaller01009.dll
  • %TEMP%\RarSFX0\ReadMe KMSpico Portable.txt
  • %TEMP%\RarSFX0\EnableSmartScreen.reg
  • %TEMP%\RarSFX0\EnableSmartScreen.cmd
  • %TEMP%\RarSFX0\DisableSmartScreen.reg
  • %TEMP%\RarSFX0\AutoPico.exe
  • %TEMP%\RarSFX0\Auto (Run as Admin).cmd
  • %TEMP%\RarSFX0\sounds\warning.mp3
  • %TEMP%\RarSFX0\sounds\verified.mp3
  • %TEMP%\RarSFX0\sounds\transfer.mp3
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Word\LicenseSetData._D9F5B1C6_5386_495A_88F9_9AD6B41AC9B3.PL.xrm-ms
  • %TEMP%\RarSFX0\sounds\inputfailed.mp3
  • %TEMP%\RarSFX0\sounds\incomingtransmission.mp3
  • %TEMP%\RarSFX0\sounds\enterauthorizationcode.mp3
  • %TEMP%\RarSFX0\sounds\diagnostic.mp3
  • %TEMP%\RarSFX0\sounds\complete.mp3
  • %TEMP%\RarSFX0\sounds\begin.mp3
  • %TEMP%\RarSFX0\sounds\affirmative.mp3
  • %TEMP%\RarSFX0\logs\AutoPico.log
  • %TEMP%\RarSFX0\driver\UnInstallDriver.cmd
  • %TEMP%\RarSFX0\driver\tap-windows-9.9.2_3.exe
  • %TEMP%\RarSFX0\driver\OpenVPN.cer
  • %TEMP%\RarSFX0\sounds\processing.mp3
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._E13AC10E_75D0_4AFF_A0CD_764982CF541C.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\proplus.reg
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._2B88C4F2_EA8F_43CD_805E_4D41346E18A7.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\ProPlus\LicenseSetData._B322DA9C_A2E2_4058_9E4E_F59A6970BD69.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._00C79FF1_6850_443D_BF61_71CDE0DE305F.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\LicenseSetData._3E4294DD_A765_49BC_8DBD_CF8B62A4BD3D.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\VisioPro\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._B13AFB38_CD79_4AE5_9F7F_EED058D750CA.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Publisher\LicenseSetData._38EA49F6_AD1D_43F1_9888_99A35D7C9409.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\LicenseSetData._A24CCA51_3D54_4C41_8A76_4031F5338CB2.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Standard\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Excel\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\WinDivert.inf
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPointVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPointVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPointVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\OutlookVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\OutlookVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\OutlookVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Outlook\Outlook_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStdVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStdVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStdVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectPro_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectProVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectProVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectPro\ProjectProVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\PowerPoint\PowerPoint_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\GrooveVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\Excel_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\ExcelVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\ExcelVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\GrooveVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Excel\ExcelVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\AccessVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\AccessVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\AccessVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Access\Access_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNoteVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNoteVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNoteVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\OneNote\OneNote_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPath_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPathVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPathVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\InfoPath\InfoPathVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\Groove_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Groove\GrooveVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProjectStd\ProjectStd_MAK2.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPro_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioPrem_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioStd_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._4374022D_56B8_48C1_9BB7_D8F2FC726343.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.PKEYCONFIG.SIGNED.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_UL_OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_UL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_STIL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_ROOT_BRIDGE_TEST.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_ROOT.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\Licenses.sl.ISSUANCE.CLIENT_BRIDGE_OFFICE.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\WordVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\WordVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\WordVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Visio\VisioVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Word\Word_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\PublisherVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\PublisherVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\PublisherVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlusAcad_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\ProPlus\ProPlus_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardAcad_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\Standard_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardAcad_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardAcad_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Standard\StandardAcad_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\Publisher\Publisher_MAK.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.PHN.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_MAK.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Pub.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.RAC_Priv.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PPDLIC.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.PL.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasics_KMS_Client.OOB.xrm-ms
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLRegWOW.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg64.reg
  • %TEMP%\RarSFX0\cert\kmscert2010\SmallBusBasics\SmallBusBasicsVLReg32.reg
  • %TEMP%\RarSFX0\cert\kmscert2013\Access\LicenseSetData._6EE7622C_18D8_4005_9FB7_92DB644A279B.PL.xrm-ms
  • %TEMP%\RarSFX0\WinDivert.sys
Deletes the following files:
  • %TEMP%\RarSFX0\logs\AutoPico.log
Substitutes the following files:
  • %TEMP%\RarSFX0\logs\AutoPico.log
Network activity:
Connects to:
  • '2.###l.ntp.org':123
UDP:
  • DNS ASK 2.###l.ntp.org
Miscellaneous:
Searches for the following windows:
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: 'RegEdit_RegEdit' WindowName: ''
Creates and executes the following:
  • '%TEMP%\RarSFX0\AutoPico.exe'
Executes the following:
  • '<SYSTEM32>\cmd.exe' /c ""%TEMP%\RarSFX0\Auto (Run as Admin).cmd" "
  • '%WINDIR%\regedit.exe' /S DisableSmartScreen.reg
  • '<SYSTEM32>\schtasks.exe' /Create /TN "AutoPico Daily Restart" /TR "%TEMP%\RarSFX0\AutoPico.exe \silent" /SC DAILY /ST 11:59:59 /RU SYSTEM /RL Highest /F

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play