| K7 Detection Name | Affected OS | Prevalence | AV Definition Version |
|---|---|---|---|
| Trojan ( 005e9e521 ) | Windows | Low | 11.208.38100 |
| MD5 | cdb67b1c54903f223f7dcca14aea67df |
| SHA256 | 4ff37e0d4b7d74c84bd26ae956a71441d8595f22c4ef1c9db6fbfc1ee2325f5f |
| File Size | 5,902,390 bytes |
| Packer Information | N/A |
| First Seen | 27-08-2021 |
| Last Seen | 29-04-2026 |
| Aliases | N/A |
Behavior Details
1. Creates Registry:
Adds registry data
C:\Users\
Under the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autogen
Adds registry data
\xb3{/\x00\x00\x00\x00\x00
Under the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wmic.exe\VBScriptSetScriptStateStarted
Removal Instructions
1. Update K7 security to the latest version.
2. Open Windows registry editor.
3. Delete the registry data
C:\Users\
Under the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\autogen
4. Delete the registry data
\xb3{/\x00\x00\x00\x00\x00
Under the key:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows Script\Settings\Telemetry\wmic.exe\VBScriptSetScriptStateStarted
5. Close the Windows registry.
6. Restart the machine.