Technical Information
- [<HKLM>\Software\Microsoft\Windows\CurrentVersion\Run] 'tea11222' = '%ALLUSERSPROFILE%\KMSAutorr\acccrr4daa.exe'
- <SYSTEM32>\tasks\tea11222
- acccrr4daa.exe
- %ALLUSERSPROFILE%\kmsautorr\acccrr4daa.exe
- %TEMP%\tmpfc39.tmp.bat
- nul
- '%ALLUSERSPROFILE%\kmsautorr\acccrr4daa.exe'
- '%WINDIR%\syswow64\schtasks.exe' /create /tn tea11222 /tr "%ALLUSERSPROFILE%\KMSAutorr\acccrr4daa.exe" /st 15:11 /du 23:59 /sc daily /ri 1 /f
- '%WINDIR%\syswow64\cmd.exe' /c ""%TEMP%\tmpFC39.tmp.bat""
- '%WINDIR%\syswow64\timeout.exe' 7