| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 004d77361 ) | Windows | Low | 12.155.51776 |
| MD5 | 862d9a823ae99b9181b749ae66198bca |
| SHA256 | af74be686e4636701f86e56d1129cdacdda93b863bb45ab491237d093b8101bf |
| File Size | 219,136 bytes |
| Packer Information | N/A |
| First Seen | 22-04-2024 |
| Last Seen | 28-08-2024 |
| Aliases | MSIL/Agent.AFK |
Behavior Details
1. Creates Registry:
Adds registry data
0
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\EnableConsoleTracing
Adds registry data
18446744073709486080
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\ConsoleTracingMask
Adds registry data
1048576
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\MaxFileSize
Adds registry data
%windir%\tracing
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\FileDirectory
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Open Windows registry editor.
3. Delete the registry data
0
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\EnableConsoleTracing
4. Delete the registry data
18446744073709486080
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\ConsoleTracingMask
5. Delete the registry data
1048576
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\MaxFileSize
6. Delete the registry data
%windir%\tracing
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\862d9a823ae99b9181b7_RASAPI32\FileDirectory
7. Close the Windows registry.
8. Restart the machine.