FÜR NUTZER

Schließen

Meine Bibliothek
Meine Bibliothek

+ Zur Bibliothek hinzufügen

Suche
Suche

Support
Support 24/7 | Regeln zur Anfragenübermittlung

Schreiben Sie uns

Online-Formular

Telefon

+49 (0) 170 488 40 28

Forum

Ihre Anfragen

Neue Anfrage

Rufen Sie uns an

+7 (495) 789-45-86

Profil

DE

RU CN DE EN ES FR IT JP KZ UZ PL BY ID
Schließen
Services
Scanner
Dr.Web vxCube
Testversion
Virenbibliothek
Wissensdatenbank

Technologies

Begriffe

Schulung und Training

Mythen

News

Exploit.Siggen.17708

Added to the Dr.Web virus database: 2018-12-26

Virus description added:

Technical Information

To ensure autorun and distribution
Modifies the following registry keys
  • [HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\SppExtComObj.exe] 'Debugger' = '%WINDIR%\SECOH-QAD.exe'
Creates or modifies the following files
  • <SYSTEM32>\tasks\autopico daily restart
Malicious functions
Injects code into
the following system processes:
  • <SYSTEM32>\sppextcomobj.exe
Modifies file system
Creates the following files
  • %TEMP%\rarsfx0\cert\installall.cmd
  • %TEMP%\rarsfx0\cert\kmscert2010\access\accessvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\access\accessvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\access\accessvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\access\access_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excelvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excelvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excelvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\excel\excel_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groovevlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groovevlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groovevlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\groove\groove_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopathvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopathvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopathvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\infopath\infopath_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenotevlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenotevlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenotevlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\onenote\onenote_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlookvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlookvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlookvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\outlook\outlook_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpointvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpointvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpointvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\powerpoint\powerpoint_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectprovlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectprovlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectprovlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectpro\projectpro_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstdvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstdvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstdvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak2.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak2.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak2.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\projectstd\projectstd_mak2.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusacad_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusacad_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusacad_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusacad_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplusvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\proplus\proplus_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publishervlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publishervlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publishervlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\publisher\publisher_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasicsvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasicsvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\smallbusbasics\smallbusbasics_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardacad_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardacad_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardacad_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardacad_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standardvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\standard\standard_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visioprem_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiopro_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiostd_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiovlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiovlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\visio\visiovlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\word\wordvlreg32.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\word\wordvlreg64.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\word\wordvlregwow.reg
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_kms_client.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_kms_client.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_kms_client.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_kms_client.rac_priv.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_kms_client.rac_pub.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_mak.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_mak.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_mak.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2010\word\word_mak.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._4374022d_56b8_48c1_9bb7_d8f2fc726343.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\access\licensesetdata._6ee7622c_18d8_4005_9fb7_92db644a279b.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._ac1ae7fd_b949_4e04_a330_849bc40638cf.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\excel\licensesetdata._f7461d52_7c2b_43b2_8744_ea958e0bd09a.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._9e016989_4007_42a6_8051_64eb97110cf2.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\infopath\licensesetdata._a30b8040_d68a_423f_b0b5_9ce292ea5a8f.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._1b9f11e3_c85c_4e1b_bb29_879ad2c909e3.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\lync\licensesetdata._e1264e10_afaf_4439_a98b_256df8bb156f.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._b067e965_7521_455b_b9f7_c740204578a2.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\onenote\licensesetdata._efe1f3e6_aea2_4144_a208_32aa872b6545.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._771c3afa_50c5_443f_b151_ff2546d863a0.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\outlook\licensesetdata._8d577c50_ae5e_47fd_a240_24986f73d503.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._8c762649_97d1_4953_ad27_b7e2c25b972e.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\powerpoint\licensesetdata._e40dcb44_1d5c_4085_8e8f_943f33c4f004.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._4a5d124a_e620_44ba_b6ff_658961b33b9a.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectpro\licensesetdata._ed34dc89_1c27_4ecd_8b2f_63d0f4cedc32.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._2b9e4a37_6230_4b42_bee2_e25ce86c8c7a.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\projectstd\licensesetdata._427a28d1_d17c_4abf_b717_32c780ba6f07.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._2b88c4f2_ea8f_43cd_805e_4d41346e18a7.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\licensesetdata._b322da9c_a2e2_4058_9e4e_f59a6970bd69.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\proplus\proplus.reg
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._00c79ff1_6850_443d_bf61_71cde0de305f.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\publisher\licensesetdata._38ea49f6_ad1d_43f1_9888_99a35d7c9409.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._a24cca51_3d54_4c41_8a76_4031f5338cb2.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\standard\licensesetdata._b13afb38_cd79_4ae5_9f7f_eed058d750ca.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._3e4294dd_a765_49bc_8dbd_cf8b62a4bd3d.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\licensesetdata._e13ac10e_75d0_4aff_a0cd_764982cf541c.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiopro\visio.reg
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._44a1f6ff_0876_4edb_9169_dbb43101ee89.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\visiostd\licensesetdata._ac4efaf0_f81f_4f61_bdf7_ea32b02ab117.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.issuance.client_bridge_office.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.issuance.client_root.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.issuance.client_root_bridge_test.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.issuance.client_stil.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.issuance.client_ul.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.issuance.client_ul_oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licenses.sl.pkeyconfig.signed.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.phn.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._9cedef15_be37_4ff0_a08a_13a045540641.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.oob.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.pl.xrm-ms
  • %TEMP%\rarsfx0\cert\kmscert2013\word\licensesetdata._d9f5b1c6_5386_495a_88f9_9ad6b41ac9b3.ppdlic.xrm-ms
  • %TEMP%\rarsfx0\driver\openvpn.cer
  • %TEMP%\rarsfx0\driver\tap-windows-9.21.0.exe
  • %TEMP%\rarsfx0\driver\uninstalldriver.cmd
  • %TEMP%\rarsfx0\sounds\affirmative.mp3
  • %TEMP%\rarsfx0\sounds\begin.mp3
  • %TEMP%\rarsfx0\sounds\complete.mp3
  • %TEMP%\rarsfx0\sounds\diagnostic.mp3
  • %TEMP%\rarsfx0\sounds\enterauthorizationcode.mp3
  • %TEMP%\rarsfx0\sounds\incomingtransmission.mp3
  • %TEMP%\rarsfx0\sounds\inputfailed.mp3
  • %TEMP%\rarsfx0\sounds\inputok.mp3
  • %TEMP%\rarsfx0\sounds\processing.mp3
  • %TEMP%\rarsfx0\sounds\transfer.mp3
  • %TEMP%\rarsfx0\sounds\verified.mp3
  • %TEMP%\rarsfx0\sounds\warning.mp3
  • %TEMP%\rarsfx0\autopico.exe
  • %TEMP%\rarsfx0\disablesmartscreen.reg
  • %TEMP%\rarsfx0\enablesmartscreen.cmd
  • %TEMP%\rarsfx0\enablesmartscreen.reg
  • %TEMP%\rarsfx0\readme kmspico portable.txt
  • %TEMP%\rarsfx0\removewatermark.cmd
  • %TEMP%\rarsfx0\restore_watermark.cmd
  • %TEMP%\rarsfx0\vestris.resourcelib.dll
  • %TEMP%\rarsfx0\vinny27.cmd
  • %TEMP%\rarsfx0\logs\autopico.log
  • %WINDIR%\secoh-qad.dll
  • %WINDIR%\secoh-qad.exe
  • %LOCALAPPDATA%\microsoft\clr_v4.0\usagelogs\autopico.exe.log
Network activity
Connects to
  • '12#.#27.127.127':1688
  • 'localhost':1688
TCP
Other
  • '12#.#27.127.127':1688
  • 'localhost':49695
  • 'localhost':1688
  • 'localhost':49696
UDP
  • DNS ASK fi#####.###tings.services.mozilla.com
  • DNS ASK validation-v2.sls.microsoft.com
Miscellaneous
Searches for the following windows
  • ClassName: 'EDIT' WindowName: ''
  • ClassName: 'RegEdit_RegEdit' WindowName: ''
Creates and executes the following
  • '%TEMP%\rarsfx0\autopico.exe'
  • '%WINDIR%\secoh-qad.exe' <SYSTEM32>\SppExtComObj.exe -Embedding
Executes the following
  • '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\RarSFX0\Vinny27.cmd" /S"
  • '%WINDIR%\syswow64\regedit.exe' /S DisableSmartScreen.reg
  • '<SYSTEM32>\sppextcomobj.exe' -Embedding
  • '%WINDIR%\syswow64\schtasks.exe' /Create /TN "AutoPico Daily Restart" /TR "%TEMP%\RarSFX0\AutoPico.exe /silent" /SC DAILY /ST 23:59:59 /RU SYSTEM /RL Highest /F

Curing recommendations

  1. If the operating system (OS) can be loaded (either normally or in safe mode), download Dr.Web Security Space and run a full scan of your computer and removable media you use. More about Dr.Web Security Space.
  2. If you cannot boot the OS, change the BIOS settings to boot your system from a CD or USB drive. Download the image of the emergency system repair disk Dr.Web® LiveDisk , mount it on a USB drive or burn it to a CD/DVD. After booting up with this media, run a full scan and cure all the detected threats.
Free trial

 

Download Dr.Web

Download by serial number

Use Dr.Web Anti-virus for macOS to run a full scan of your Mac.

Free trial

 

Download Dr.Web

Download by serial number

Download on App Store

After booting up, run a full scan of all disk partitions with Dr.Web Anti-virus for Linux.

Free trial

 

Download Dr.Web

Download by serial number

  1. If the mobile device is operating normally, download and install Dr.Web for Android. Run a full system scan and follow recommendations to neutralize the detected threats.
  2. If the mobile device has been locked by Android.Locker ransomware (the message on the screen tells you that you have broken some law or demands a set ransom amount; or you will see some other announcement that prevents you from using the handheld normally), do the following:
    • Load your smartphone or tablet in the safe mode (depending on the operating system version and specifications of the particular mobile device involved, this procedure can be performed in various ways; seek clarification from the user guide that was shipped with the device, or contact its manufacturer);
    • Once you have activated safe mode, install the Dr.Web for Android onto the infected handheld and run a full scan of the system; follow the steps recommended for neutralizing the threats that have been detected;
    • Switch off your device and turn it on as normal.

Find out more about Dr.Web for Android

Free trial

14 days

Download now
Get it on Google Play