| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005a6a451 ) | Windows | Low | 12.91.48549 |
| MD5 | af6e384dfabdad52d43cf8429ad8779c |
| SHA256 | f327c2b5ab1d98f0382a35cd78f694d487c74a7290f1ff7be53f42e23021e599 |
| File Size | 4,563,640 bytes |
| Packer Information | tect |
| First Seen | 05-06-2023 |
| Last Seen | 21-04-2024 |
| Aliases | Win64/GenKryptik.GKGU |
Behavior Details
1. Dropped files:
oobeldr.exe
Under the folder
C:\Users\<user_name>\AppData\Roaming\Microsoft\Protect
2. Dropped files:
Report.wer.tmp
Report.wer
Under the folder
C:\ProgramData\Microsoft\Windows\WER\ReportQueue\NonCritical_x64_e317d1ce19fa961dfda531fc4a2c595260922c_cab_052972aa
3. Dropped files:
Endpoint
Under the folder
\Device\Afd
4. Dropped files:
RasAcd
Under the folder
\Device
5. Dropped files:
Telemetry Logging
Under the folder
C:\Windows\sysnative\Tasks
6. Dropped files:
ValidationTask
ValidationTaskDeadline
Under the folder
C:\Windows\sysnative\Tasks\Microsoft\Windows\Windows Activation Technologies
Removal Instructions
1. Update the copy of K7 security to the latest version. 2. Scan the system completely and remove the detected files. 3. Restart the machine.