<< Back to Top Threats
K7 Detection Name Affected OS Prevalence AV Definition Version
Suspicious Program ( ID700013 ) Windows High 12.38.44464
MD5

7a2a3925242fcc022359b2e175453d02
SHA256

2a54bc09bc36b6a177a866cb500baeb1e5b3f03d9546f892e58654f8c9cad08a
File Size

717,312 bytes
Packer Information

N/A
First Seen

21-09-2022
Last Seen

09-10-2025
Aliases

MSIL/TrojanDownloader.Agent.NJS.gen

Behavior Details

1. Dropped files:
Windows PowerShell.lnk
Under the folder
C:\Users\\AppData\Local\Temp\%ProgramData%\Microsoft\Windows\Start Menu\Programs\Accessories\Windows PowerShell

2. Dropped files:
93CPN2YT3WY00CWXCDHZ.temp
d93f411851d7c929.customDestinations-ms
1A7AME8WB69VGMHONF7Y.temp
d93f411851d7c929.customDestinations-ms~RFe6cdc2.TMP
Under the folder
C:\Users\\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations

3. Creates Registry:

Adds registry data
0

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

Adds registry data
1

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect

Removal Instructions

1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
0

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet

5. Delete the registry data
1

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
6. Close the Windows registry.
7. Restart the machine.