| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Riskware ( 0040eff71 ) | Windows | Low | 14.44.59080 |
| MD5 | 077e602604d3c10329627e9d507ee310 |
| SHA256 | 62d7515a59919559d2c475702a3bb0cf84ef4b17dc73ba795ad0b84090a8cf60 |
| File Size | 1,428,880 bytes |
| Packer Information | N/A |
| First Seen | 02-04-2026 |
| Last Seen | 28-05-2026 |
| Aliases | Malgent |
Behavior Details
1. Creates Registry:
Adds data 0 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
Adds data 1 under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
Adds data ecc41a8b6d9a6b3318e40d2b91473c72acaa5f76 under HKEY_CURRENT_USER\SOFTWARE\aiBrowser\userid
Removal Instructions
1. Update K7 security to the latest version.
2. Open Windows registry editor and delete the following keys:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\AutoDetect
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\UNCAsIntranet
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\IntranetName
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass
HKEY_CURRENT_USER\SOFTWARE\aiBrowser\userid
3. Restart the machine.