K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
---|---|---|---|
Trojan ( 004d77361 ) | Windows | Low | 12.155.51776 |
MD5 | 862d9a823ae99b9181b749ae66198bca |
SHA256 | af74be686e4636701f86e56d1129cdacdda93b863bb45ab491237d093b8101bf |
File Size | 219,136 bytes |
Packer Information | N/A |
First Seen | 22-04-2024 |
Last Seen | 28-08-2024 |
Aliases | MSIL/Agent.AFK |
Behavior Details
1. Creates Registry: Adds registry data 0 Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\EnableConsoleTracing Adds registry data 18446744073709486080 Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\ConsoleTracingMask Adds registry data 1048576 Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\MaxFileSize Adds registry data %windir%\tracing Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\FileDirectory
Removal Instructions
1. Update the copy of K7 security to the latest version. 2. Open Windows registry editor. 3. Delete the registry data 0 Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\EnableConsoleTracing 4. Delete the registry data 18446744073709486080 Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\ConsoleTracingMask 5. Delete the registry data 1048576 Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\MaxFileSize 6. Delete the registry data %windir%\tracing Under the key: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\FileDirectory 7. Close the Windows registry. 8. Restart the machine.