| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 0058dcbe1 ) | Windows | Low | 12.181.52867 |
| MD5 | 9eac81efddd4866a28071fb7f2514c81 |
| SHA256 | 39dbbe2d9eb7c16a29b98379f5de3e11d05611cf41968c531e98fdad7abcdbd7 |
| File Size | 10,178,048 bytes |
| Packer Information | N/A |
| First Seen | 08-08-2024 |
| Last Seen | 25-03-2025 |
| Aliases | Win32/Packed.VMProtect.ACR |
Behavior Details
1. Dropped files:
setting_v2.dat
Under the folder
C:\Users\
2. Creates Registry:
Adds registry data
NzAwNWM0ZGQ5MzNmMjdmNjUyNTlmNjRhN2U4Nzc0OTY=
Under the key:
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{FC36FD6A-7586-4ad1-8CBF-EB8AB7A51533}\uuid
Adds registry data
256
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\GdiICMGammaRange
Adds registry data
C:\Users\
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CareUEyes
Removal Instructions
1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
NzAwNWM0ZGQ5MzNmMjdmNjUyNTlmNjRhN2U4Nzc0OTY=
Under the key:
HKEY_CURRENT_USER\Software\Classes\Wow6432Node\CLSID\{FC36FD6A-7586-4ad1-8CBF-EB8AB7A51533}\uuid
5. Delete the registry data
256
Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ICM\GdiICMGammaRange
6. Delete the registry data
C:\Users\
Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\CareUEyes
7. Close the Windows registry.
8. Restart the machine.