Windows 10 Activation Batch File

Win10Activation.txt

@echo off
title Windows 10 ALL version activator&cls&echo ************************************&echo Supported products:&echo - Windows 10 Home&echo - Windows 10 Professional&echo - Windows 10 Enterprise, Enterprise LTSB&echo - Windows 10 Education&echo.&echo.&echo ************************************ &echo Windows 10 activation...
cscript //nologo c:\windows\system32\slmgr.vbs /ipk TX9XD-98N7V-6WMQ6-BX7FG-H8Q99 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 3KHY7-WNT83-DGQKR-F7HPR-844BM >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 7HNRX-D7KGG-3K4RQ-4WPJ4-YTDFH >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk PVMJN-6DFY6-9CCP6-7BKTT-D3WVR >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk W269N-WFGWX-YVC9B-4J6C9-T83GX >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk MH37W-N47XK-V7XM9-C7227-GCQG9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NW6C2-QMPVW-D7KKK-3GKT6-VCFB2 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2WH4N-8QGBV-H22JP-CT43Q-MDWWJ >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk NPPR9-FWDCX-D2C8J-H872K-2YT43 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk DPH2V-TTNVB-4X9Q3-TJR4H-KHJW4 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk WNMTR-4C88C-JK8YV-HQ7T2-76DF9 >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ipk 2F77B-TNFGY-69QQF-B8YKP-D69TJ >nul
echo ************************************ &echo.&echo.&set i=1
:server
if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com 
if %i%==6 exit
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul
cscript //nologo c:\windows\system32\slmgr.vbs /ato | find /i "successfully" && (echo.& echo ************************************ & echo. & choice /n /c YN /m "Do you want to restart your PC now [Y,N]?" & if errorlevel 2 exit) || (echo The connection to the server failed! Trying to connect to another one... & echo Please wait... & echo. & echo. & set /a i+=1 & goto server)
shutdown.exe /r /t 00

It worked. Just don't forget to press ENTER , then wait :D

Its stuck on 'windows 10 activation...."

Always trying other server... no luck. Activated with HWID instead.

It working for my system!!!
Microsoft Windows 21H2 [Version 10.0.19044.1466]

Thanks !!!

YO THANKS MAN I SUFFERED FOR ALMOST " YEARS DUDE YOU MADE MY DAY

And thanks for a third time! Stupid microsoft

Bruh Windows 10 Defender be like: Nope
And so I had to make an executable that generates that bat file an quickly runs it.
Still failed to connect to the server like a billion times.....

Tested on Latest Window Version 21H2 (OS Build 19044.1288)

Follow the Step Below:

1. Create New .txt File and Open the new file
2. Copy the code from gist and paste in the file
3. Save As the file as .bat extension with any name
4. Open the File as Administrator
5. When Command Prompt Open Press Enter then wait.
6. Enjoy! 😀

Still windows defender doesn't like that file when you save it as .bat or even .txt ( somehow )
So I looked up in msguide.org and figured out how to properly activate windows.

its work!

windows defender quite literally deletes the file

i dont even have a chance to click on it before windows defender deletes it

Ty

anyone having issues with widows defender, turn off real time protection. Run as admin, wait AT LEAST 5 minutes, if it doesnt work just buy windows

Its a Malware / Trojan (Trojan:Win32/Skeeyah.A!MTB).
Its a HACKER......BEWARE...BEWARE...BEWARE
ITS....HACKER....HACKER....HACKER....TROJAN...TROJAN...TROJAN...

Its a Malware / Trojan (Trojan:Win32/Skeeyah.A!MTB). Its a HACKER......BEWARE...BEWARE...BEWARE ITS....HACKER....HACKER....HACKER....TROJAN...TROJAN...TROJAN...

Edit: Oh sorry for my last text I thought you were talking to the OP.

not even all version

Github seems removed comment with linked trojan with spam of empty li elements (~120 lines).

Does this still work?

yes it worked. thank you !!

Does this still work?

yes for me it worked.

NOT workeng for me

works for me as of today (1-10-23) everyone saying it's a virus blah blah, use common sense, its NOT. Everyone saying it doesn't work, have PATIENCE it DOES work. Jesus.......common sense people, common sense.....

literally JUST used it again. It seems to have a mind if it’s own but it did work after about 3 mins. Sometimes it’s a few seconds, sometimes minutes and sometimes I reboot to flush everything and it works so yeah….works great. Have not EVER has Windows security or otherwise report it as a virus or malware, because it’s NOT….literally never once has anything popped up attempting to block it. Now the MAS .bat file for office will but you simply turn off live detection in windows security first. Also not a malware or virus.

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

faced the same issue

Its a Malware / Trojan (Trojan:Win32/Skeeyah.A!MTB). Its a HACKER......BEWARE...BEWARE...BEWARE ITS....HACKER....HACKER....HACKER....TROJAN...TROJAN...TROJAN...

Edit: Oh sorry for my last text I thought you were talking to the OP.

Cmon, stop believing the MS Defender. Seriously, does the "trojan" name give you anything? If it doesn't, don't beleive it and don't spread disinformation.

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

same problem with me please help me

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

bro same type of problem with me also

It seemed to keep saying "failed to connect to server," it works on other devices but on my laptop it says about 5 of those then closes itself... yes I ran it as a admin...

same problem with me please help me

I literally have copied and pasted the contents into a new file and re-saved it and that’s made it work almost instantly but it shouldn’t matter it’s the same contents. Weird but always works sooner or later. Kinda has a mind of its own sometimes but it’s always lays worked for me. Sometimes I’ll reboot and run it again and that seems to speed it up a bit. You might try that.

Works like a charm !

is it safe

What was the topic of conversation? في السبت، 18 فبراير 2023 5:20 ص wedlinedesginer ***@***.***> كتب:

…

***@***.**** commented on this gist. ------------------------------ is it safe — Reply to this email directly, view it on GitHub <https://gist.github.com/abcc26792f08755827bc2cd64c50ac3c#gistcomment-4475022> or unsubscribe <https://github.com/notifications/unsubscribe-auth/AXDYR3CG6IB6VJUJ7MPANUDWYBEXTBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4DSOJYHEZDENNHORZGSZ3HMVZKMY3SMVQXIZI> . You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub> .

thankyou a lot .

Not working for me. its shuts down everytime after 4 line of server filed written line, it doesn't show the usual "shut down y/n" message. the water mark disappears but after some time probably 2 to3 hours later the water mark appears again.
my system is Windows 10 Enterprise Version 22H2.
don't know if its only me or what.

It seemed to keep saying "failed to connect to the server."
Yes, I ran it as an admin.

Same problem as @Adeelaman.

https://msguides.com/windows-11#:~:text=%40echo%20off%0Atitle,halt%0Apause%20%3Enul works.

While I.m about to excute it all I does I blinks the file then no cmd screen displays help

March 2023, Still works.

1. save txt file as .bat
2. Run as admin
3. press enter when CMD opens
4. wait for batch to finish running
5. restart computer

Same problem as @Adeelaman.

https://msguides.com/windows-11#:~:text=%40echo%20off%0Atitle,halt%0Apause%20%3Enul works.

Thanks man this one worked for me. Even though it was for win 11 my win 10 pc is showing its activated..

Still it does not work for me

…

________________________________ From: nilotpol8448 ***@***.***> Sent: Saturday, 11 March 2023 12:04 To: nilotpol8448 ***@***.***> Cc: Comment ***@***.***> Subject: Re: Dhanvesh/Win10Activation.txt @nilotpol8448 commented on this gist.

________________________________ Same problem<https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c?permalink_comment_id=4494164#gistcomment-4494164> as @Adeelaman<https://github.com/Adeelaman>. https://msguides.com/windows-11#:~:text=%40echo%20off%0Atitle,halt%0Apause%20%3Enul works. Thanks man this one worked for me. thank you... even though it was for win 11 my win 10 shows its activated.. — Reply to this email directly, view it on GitHub<https://gist.github.com/abcc26792f08755827bc2cd64c50ac3c#gistcomment-4499063> or unsubscribe<https://github.com/notifications/unsubscribe-auth/A5YWCL7WIIAC4CGQP5UZCYTW3RE3FBFKMF2HI4TJMJ2XIZLTSKBKK5TBNR2WLJDHNFZXJJDOMFWWLK3UNBZGKYLEL52HS4DFQKSXMYLMOVS2I5DSOVS2I3TBNVS3W5DIOJSWCZC7OBQXE5DJMNUXAYLOORPWCY3UNF3GS5DZVRZXKYTKMVRXIX3UPFYGLK2HNFZXIQ3PNVWWK3TUUZ2G64DJMNZZDAVEOR4XAZNEM5UXG5FFOZQWY5LFVA4DSOJYHEZDENNHORZGSZ3HMVZKMY3SMVQXIZI>. You are receiving this email because you commented on the thread. Triage notifications on the go with GitHub Mobile for iOS<https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android<https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

Don us it it downloads (Trojan:Win32/Skeeyah.A!MTB). This trojan scam malware beware!!!!!!!!!!!!!!!!!!!!

@Abzelite, per what? Do you have an AV report you can share?

Per https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, @Abzelite is potentially correct – https://www.quora.com/Is-KMS-Activator-a-virus-program-malware/answer/Lonnie-King-Jr-1 explains more.

GitHub is investigating as of 20230502T170936+0100.

This is insecure.. It changes the servers to malicious servers (as example: https://www.chinancce.com/, it will show insecure certificate) which is obviously not microsoft servers so dont use it and report it to github. Thanks for taking your time and not falling to this.

does this still work?

@Simon1907, https://www.chinancce.com/ has a valid certificate currently. However, whether it did or not wouldn't be a useful distinction anyway, since unless you're going to operate your own KMS server, external (and thus fundamentally untrusted due to their illegality) servers are choices available. Note that it's https://www.kms.chinancce.com/ that is used in the script.

Although https://adsecurity.org/?p=284 demonstrates that installation of the KMS opens a port, I'd hope that it can only accept very basic data, and thus shouldn't generate vulnerability. Anyone wanna bother asking on Quora etc. for us?

ITS A MALWARE. YOU WILL BE LISTED AS A VICTIM ON DARK NET. DON'T USE THIS. ITS A MALWARE. IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, , IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, IT'S A TRAP, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE, ITS A MALWARE

@Mrityunjoy1412,

YOU WILL BE LISTED AS A VICTIM ON DARK NET.

You're making stuff up. Don't just espouse what seems correct when you've obviously little understanding of this kind of stuff. We can't even be certain that it's malware, since none of us here are knowledgeable enough to identify the patterns that VirusTotal can.

Don't assume that someone has been malicious until you've very good evidence, even regarding code - chances are that the OP posted this because it worked for them.

However, more importantly than all of that, I doubt anyone wants to be notified for comments like yours, which are just copy-pasted CAPITAL LETTERS.

This is insecure.. It changes the servers to malicious servers (as example: https://www.chinancce.com/, it will show insecure certificate) which is obviously not microsoft servers so dont use it and report it to github. Thanks for taking your time and not falling to this.

Interestingly enough, since a small boy obsessed with c.s. I have found microsoft servers to be insecure and malicious (fundamentally as they are closed source) and hide my valuable information from the operating system itself via encryption of data drives. It has since turned into so much profit I think I was on to something. The KMS insecurity you speak of would manifest itself regardless as well as many closed source open bi directional (like KMS) microsoft ports vulnerabilities do.

does this still work?

Still working for me <3

@Abzelite, per what? Do you have an AV report you can share?

Per https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, @Abzelite is potentially correct – https://www.quora.com/Is-KMS-Activator-a-virus-program-malware/answer/Lonnie-King-Jr-1 explains more.

GitHub is investigating as of 20230502T170936+0100.

Its really short code just search what every line does. Remembering microsoft is closed source. It does activate windows using their own protocols.

It's pretty useless to punch 26 lines of code into virustotal. You really should not trust AV's either for example the false positive you posted is expected, sometimes changing variable names will get rid of false positive (roflmao). I get that they are good for the masses in many ways but this is github just ask someone what the code does.

@ileathan, this code doesn't use Microsoft's KMS activation servers. That's literally its sole purpose – to change the KMS server and then verify against that. In truth, it could install a KMS server locally and then prompt localhost, but this is more guaranteed to work.

Also, you think too highly of yourself. Microsoft does not have bidirectional port vulnerabilities exploitable by the general public. That would be insane.

@ileathan, this code doesn't use Microsoft's KMS activation servers. That's literally its sole purpose – to change the KMS server and then verify against that. In truth, it could install a KMS server locally and then prompt localhost, but this is more guaranteed to work.

Also, you think too highly of yourself. Microsoft does not have bidirectional port vulnerabilities exploitable by the general public. That would be insane.

It is indeed using the official msft KMS protocol. The code above uses a remote server set with /skms %KMS_Sev%. And can be verified after with slmgr.vbs /dlv You could change it to any appropriate KMS server so long as it downloads the Microsoft expected licensing binary associated with the keypair you chose it will work. Also of course Microsoft has port vulnerabilities which are exploitable by the general public haha. It is closed source after all. Use a search engine if your curious.

Sorry if what I wrote was rude, it just honestly really is a bad idea to copy paste few lines of code into a AV like that you linked an expected false positive. What I wrote about how to trick AV's is true and is from personal experience I can explain more if you would like, but it is a bad idea unless I guess you have no way to read the code or any way to ask someone what it does.

@ileathan,

it just honestly really is a bad idea to copy paste few lines of code into a AV

There's nothing better except hiring a developer, and even then, the virus definitions may well find patterns that they wouldn't.

The code above uses a remote server set with /skms %KMS_Sev%

I know what a variable is. You obviously haven't read https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c#file-win10activation-txt to see how it's being used, though:

if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul

Those are not Microsoft-owned domains. As previously stated, that's the entire point of this script – to disable the KMS client's ability to call home to Microsoft, at least during activation.

@ileathan,

it just honestly really is a bad idea to copy paste few lines of code into a AV

There's nothing better except hiring a developer, and even then, the virus definitions may well find patterns that they wouldn't.

The code above uses a remote server set with /skms %KMS_Sev%

I know what a variable is. You obviously haven't read https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c#file-win10activation-txt to see how it's being used, though:

if %i%==1 set KMS_Sev=kms.shuax.com
if %i%==2 set KMS_Sev=NextLevel.uk.to
if %i%==3 set KMS_Sev=GuangPeng.uk.to
if %i%==4 set KMS_Sev=AlwaysSmile.uk.to
if %i%==5 set KMS_Sev=kms.chinancce.com
cscript //nologo c:\windows\system32\slmgr.vbs /skms %KMS_Sev% >nul

Those are not Microsoft-owned domains. As previously stated, that's the entire point of this script – to disable the KMS client's ability to call home to Microsoft, at least during activation.

It's being used to store the remote KMS server domain based on your respective keypair choice. A pattern that a AV finds can be something as illogical as a variable name and is obviously not trustworthy. I am going to drop this conversation. Also this does not disable any KMS client ability whatsoever either. It uses the official protocol/client. A official KMS server does also not need to be a official Microsoft server period a normal use case would imply the KMS host be running a msft server.

Lastly if you think Microsoft-owned domains are inherently safe then good luck haha.

@ileathan,

If you think Microsoft-owned domains are inherently safe then good luck.

I've never said that. I don't think any of this script is safe – https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c?permalink_comment_id=4553318#gistcomment-4553318. I dunno what your obsession about Microsoft-owned domains is anyway, since you haven't yet informed me about how it's calling any of Microsoft's servers.

It's being used to pair your chosen key with its respective pair on a remote server.

Yeah – kms.shuax.com's.

A pattern that a AV finds can be something as illogical as a variable name and is obviously not trustworthy.

So look at the report logs: https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7. They're not as detailed as I'd like from a cursory evaluation, but I think we can agree that it correctly identified it as https://www.hybrid-analysis.com/search?query=vxfamily%3A%22Application.KMSTool%22, specifically Application.KMSTool.AH (https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/).

Consequently, chances are that the rest of the diagnostics (which I've reviewed) are probably accurate. They're not mental things anyway – just GETs at places it probably shouldn't be invoking WebRequests from.

https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8

Sorry man I dropped the conversation. Its an expected false positive, go ask another programmer or be wrong and trust your AV.

To anyone else the script is safe and afaik is not even illegal albeit can be against tos.

@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.

@ileathan, I haven't insulted you. I've only had a technical discussion with ya. If you're willing to explain how I've wronged you (if you care) I'll be glad to apologize, but I doubt there's anything.

I removed that bit although I did feel insulted. I just feel I am wasting my time. A Microsoft server AFAIK is the one that is by default suppose to negotiate the cryptographic signature that is happening in the background which is the point of KMS. I do not know anything about KMS because it is all closed source but I know very well the fundamentals of cryptographic signatures. The servers may obviously break tos but I think that is the point.

Pasting small bits of code like that into virus total which scans it with every AV is totally useless. When I was programming web miners for my website changing a variable name would get rid of of those false positives (simply because those AV's were targeting monero's variable names [totally illogical]). They are often times not logical but political and to this date monero is flagged as a virus. In your case it is not a variable name triggering it but merely that KMS was called is my guess. It really is an expected false positive.

And as far as your operating system is concerned everything going on is using the official client, protocol, and server. For example you can hot swap that domain in the code to any other KMS host (associated with your key) so a enterprise key would need an enterprise kms server.

@ileathan,

In your case it is not a variable name triggering it but merely the fact that its a batch file

Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .

That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.

And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.

Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.

@ileathan,

In your case it is not a variable name triggering it but merely the fact that its a batch file

Actually, it's not a .bat file. It's been uploaded as a https://gist.github.com/Dhanvesh/abcc26792f08755827bc2cd64c50ac3c/raw/0825bf9f1c64931542e4afa3b47b64e415fb8149/Win10Activation.txt file. This fooled https://www.hybrid-analysis.com/sample/464c5827868056036ba9aa8d396cec4fd144cf5886d337807950b94f1dc0f1e8, but didn't fool https://www.virustotal.com/gui/file/e1bc25431818fed105062a3e9031f1a4d0a149df4d19a5926b1f0932dfd7a2d7, which reocgnized it as Application.KMSTool.AH .

That's not an inherently dangerous file-type. It merely designates it as a KMS script, so I'm not sure why we're discussing AV false positives here.

And as far as your operating system is concerned everything going on is using the official client and protocol. For example you can hot swap that domain in the code to any other KMS host (associated with your keypair) so a enterprise key would need an enterprise kms server.

Yeah! So it's not calling Microsoft! Reverse-engineering the KMS protocol was completed about a decade ago, so there's no need for *live.com or *microsoft.com to be involved. If there was a need for a cryptographic signature using the same technology as gpg, we wouldn't be able to fool Windows's internal KMS client.

You can ignore that bit about the bat file, I rephrased what I meant. Also I am not even looking at your links I already know it is not a virus lol. But again "Application.KMSTool.AH" would be an expected false positive.

Like I said I do not know anything about KMS but I do know about cryptographic signatures. I reckon KMS even stands for key management server. It probably returns a signature which is invalidated after the 180 days or whatnot. If KMS was reverse engineered like you say that would explain the existence of all these KMS servers. Like I said you can hotswap that endpoint with any other and it will work the same to your OS.

It does use signatures and is probably not using gpg as that is an open source standard and even then it would depend on how the technology is deployed.

But again "Application.KMSTool.AH" would be an expected false positive.

But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.

Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.

[it] is probably not using gpg

Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.

This code made a trojan virus in my case, I recommend all to not use it

@RizzWann,

This code made a trojan virus in my case, I recommend all to not use it

Please elaborate.

But again "Application.KMSTool.AH" would be an expected false positive.

But isn't it a key management tool, @ileathan? As I stated, that designation shouldn't inherently indicate that it's malicious, unless my comprehension of such designations is incorrect.

Per https://forums.malwarebytes.com/topic/298199-what-is-applicationkmstoolah/?do=findComment&comment=1568557, perhaps Application.KMSTool.AH does designate it as malicious.

[it] is probably not using gpg

Yeah, that'd probably be unbeatable without replacing parts of Windows, since GPG (at least usually; correct me if I'm wrong) uses that kind of verification that requires impossible computation of prime number square roots.

Well no. Prime numbers are used in cryptography because they are difficult to factorize (you wont get a remainder of 0) yes but that is not exclusive to GPG or even asymmetric encryption. They are just harder to predict but you don't technically need to use them.

Public Key Infrastructure models like GPG use asymmetric encryption, that is to say the keys used to encrypt and decrypt that most people seem to more intuitively understand are not the same and replaced with two keys (massive primes/semi primes) one which is a secret and one which is derived from the secret. The secret is used to decrypt and sign. The public is used to encrypt and verify.

GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code, well except when shamelessly lifted.

This code made a trojan virus in my case, I recommend all to not use it

False positive.

GPG stands out for one big reason. It is OPEN SOURCE. Fat chance you find that in windows code

https://github.com/gpg/gnupg#readme states that it's licensed under GPLv3. @ileathan, does that have the same requirement as v2 - that all modifications be posted upstream? That'd be a reason not to include it in Windows.

Its open source, windows is closed.

Was that really worth stating...? It's pretty obvious.

That'd be a reason not to include it in Windows.

Are you trolling me?

Are you trolling me?

Although I'm unfamiliar with the term, a cursory search makes me think I should rather ask the same – I've never had someone think that clarification that Windows is proprietary was necessary.

That'd be a reason not to include it in Windows.

I know. I just said that. What it this?!

Is there another language I can speak to you in?

Its open source, windows is closed.

I know. Why do you keep saying that, @ileathan? I never, ever insinuated otherwise.

I am saying that would be a reason not to include it in the closed windows operating system code. If you did it would not be open. No?