Behavior Details

1. Dropped files:
error_log.txt
Under the folder
C:\Users\\AppData\Local

2. Dropped files:
SQMHelper
Under the folder
\Device\Afd

3. Creates Registry:

Adds registry data
C:\Users\\AppData\Local\Temp\b1c0d640f28c579d65ba.dat.exe

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MyProgram

Adds registry data
0

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\EnableConsoleTracing

Adds registry data
18446744073709486080

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\ConsoleTracingMask

Adds registry data
1048576

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\MaxFileSize

Adds registry data
%windir%\tracing

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\FileDirectory

Removal Instructions

1. Update the copy of K7 security to the latest version.
2. Scan the system completely and remove the detected files.
3. Open Windows registry editor.
4. Delete the registry data
C:\Users\\AppData\Local\Temp\b1c0d640f28c579d65ba.dat.exe

Under the key:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\MyProgram

5. Delete the registry data
0

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\EnableConsoleTracing

6. Delete the registry data
18446744073709486080

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\ConsoleTracingMask

7. Delete the registry data
1048576

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\MaxFileSize

8. Delete the registry data
%windir%\tracing

Under the key:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\b1c0d640f28c579d65ba_RASAPI32\FileDirectory
9. Close the Windows registry.
10. Restart the machine.