Windows 7 deprecation

Windows 7 will be removed from tria.ge on 2025-03-31

Overview

overview

8

Static

static

1

dc21e0e109...df.exe

windows7-x64

8

dc21e0e109...df.exe

windows10-2004-x64

8

Analysis

  • max time kernel
    186s
  • max time network
    210s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20221111-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20221111-enlocale:en-usos:windows10-2004-x64system
  • submitted
    29/11/2022, 13:21

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    dc21e0e1092e35eb793f8dcd8d7c92166819d7081d9db4c2530d3a8522e143df.exe

  • Size

    1.6MB

  • MD5

    aea89e584baa3cdb4bc42f62f798ac5c

  • SHA1

    126024decb74c300579bb844451e6a17a383d6f0

  • SHA256

    dc21e0e1092e35eb793f8dcd8d7c92166819d7081d9db4c2530d3a8522e143df

  • SHA512

    6faa1eaefa08f0c71fd40ce6e4379a28d8211aa53ed755d0d9106a15dce4252b7c67d80a3d5a0a379262462c2c43b97223fe2484fed0de69b77729bde0eb299e

  • SSDEEP

    49152:nYqRvbfHLZW2Uf9SLukd3W0C1dySncCZ8W4z:/RjlW22ULuiW5xcCZEz

Score
8/10
aspackv2discoveryevasionpersistencetrojanupx

Malware Config

Signatures

  • ASPack v2.12-2.42 2 IoCs

    Detects executables packed with ASPack v2.12-2.42

    aspackv2
  • Downloads MZ/PE file
  • Drops file in Drivers directory 13 IoCs
  • Executes dropped EXE 12 IoCs
  • Registers COM server for autorun 1 TTPs 3 IoCs
    persistence
  • Sets file execution options in registry 2 TTPs 28 IoCs
    persistence
  • UPX packed file 11 IoCs

    Detects executables packed with UPX/modified UPX open source packer.

    upx
  • Checks computer location settings 2 TTPs 1 IoCs

    Looks up country code configured in the registry, likely geofence.

  • Loads dropped DLL 21 IoCs
  • Adds Run key to start application 2 TTPs 3 IoCs
    persistence
  • Checks installed software on the system 1 TTPs

    Looks up Uninstall key entries in the registry to enumerate software on the system.

    discovery
  • Checks whether UAC is enabled 1 TTPs 1 IoCs
    evasiontrojan
  • Drops desktop.ini file(s) 2 IoCs
  • Drops file in System32 directory 1 IoCs
  • Drops file in Program Files directory 64 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

  • Program crash 1 IoCs
  • Modifies Internet Explorer settings 1 TTPs 23 IoCs
    adwarespyware
  • Modifies registry class 33 IoCs
  • Suspicious behavior: EnumeratesProcesses 6 IoCs
  • Suspicious use of AdjustPrivilegeToken 3 IoCs
  • Suspicious use of FindShellTrayWindow 1 IoCs
  • Suspicious use of SetWindowsHookEx 13 IoCs
  • Suspicious use of WriteProcessMemory 45 IoCs

Processes

  • C:\Users\Admin\AppData\Local\Temp\dc21e0e1092e35eb793f8dcd8d7c92166819d7081d9db4c2530d3a8522e143df.exe
    "C:\Users\Admin\AppData\Local\Temp\dc21e0e1092e35eb793f8dcd8d7c92166819d7081d9db4c2530d3a8522e143df.exe"
    1⤵
    • Loads dropped DLL
    • Suspicious use of WriteProcessMemory
    PID:4524
    • C:\Users\Admin\AppData\Local\Temp\CFÔÂÓ°¸¨Öú.exe
      "C:\Users\Admin\AppData\Local\Temp\CFÔÂÓ°¸¨Öú.exe"
      2⤵
      • Executes dropped EXE
      • Checks computer location settings
      • Suspicious use of SetWindowsHookEx
      • Suspicious use of WriteProcessMemory
      PID:4372
      • C:\Users\Admin\AppData\Local\Temp\wiresion.exe
        "C:\Users\Admin\AppData\Local\Temp\wiresion.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of SetWindowsHookEx
        PID:3748
      • C:\Users\Admin\AppData\Local\Temp\KINSTALLERS_41_61290.exe
        "C:\Users\Admin\AppData\Local\Temp\KINSTALLERS_41_61290.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious use of WriteProcessMemory
        PID:3588
        • C:\Users\Admin\AppData\Local\Temp\kingsoftkonline\KINSTALLERS_41_61290.exe
          "C:\Users\Admin\AppData\Local\Temp\kingsoftkonline\KINSTALLERS_41_61290.exe" /s
          4⤵
          • Drops file in Drivers directory
          • Executes dropped EXE
          • Registers COM server for autorun
          • Sets file execution options in registry
          • Loads dropped DLL
          • Adds Run key to start application
          • Drops desktop.ini file(s)
          • Drops file in Program Files directory
          • Modifies registry class
          • Suspicious use of AdjustPrivilegeToken
          • Suspicious use of WriteProcessMemory
          PID:4536
          • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe
            "c:\program files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe" -install
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Drops file in System32 directory
            PID:1192
          • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
            "c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe" /autorun
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2260
          • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
            "c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /start kxescore
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            PID:2256
          • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kislive.exe
            "c:\program files (x86)\kingsoft\kingsoft antivirus\kislive.exe" /autorun /std /skipcs3
            5⤵
            • Executes dropped EXE
            • Loads dropped DLL
            • Suspicious use of AdjustPrivilegeToken
            PID:3288
      • C:\Users\Admin\AppData\Local\Temp\gamebrowser_1.0_lizhiheng_t101001.exe
        "C:\Users\Admin\AppData\Local\Temp\gamebrowser_1.0_lizhiheng_t101001.exe"
        3⤵
        • Executes dropped EXE
        • Checks whether UAC is enabled
        • Modifies Internet Explorer settings
        • Modifies registry class
        • Suspicious use of SetWindowsHookEx
        • Suspicious use of WriteProcessMemory
        PID:3140
        • C:\Program Files (x86)\Internet Explorer\iexplore.exe
          "C:\Program Files (x86)\Internet Explorer\iexplore.exe"
          4⤵
          • Suspicious use of WriteProcessMemory
          PID:824
          • C:\Program Files\Internet Explorer\IEXPLORE.EXE
            "C:\Program Files\Internet Explorer\IEXPLORE.EXE"
            5⤵
            • Modifies Internet Explorer settings
            • Suspicious use of FindShellTrayWindow
            • Suspicious use of SetWindowsHookEx
            • Suspicious use of WriteProcessMemory
            PID:4772
            • C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
              "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4772 CREDAT:17410 /prefetch:2
              6⤵
              • Modifies Internet Explorer settings
              • Suspicious use of SetWindowsHookEx
              PID:2252
      • C:\Users\Admin\AppData\Local\Temp\100004.exe
        "C:\Users\Admin\AppData\Local\Temp\100004.exe"
        3⤵
        • Executes dropped EXE
        • Suspicious behavior: EnumeratesProcesses
        • Suspicious use of AdjustPrivilegeToken
        PID:4696
        • C:\Windows\SysWOW64\WerFault.exe
          C:\Windows\SysWOW64\WerFault.exe -u -p 4696 -s 400
          4⤵
          • Program crash
          PID:3752
      • C:\Users\Admin\AppData\Local\Temp\qh562.exe
        "C:\Users\Admin\AppData\Local\Temp\qh562.exe"
        3⤵
        • Executes dropped EXE
        • Adds Run key to start application
        • Suspicious behavior: EnumeratesProcesses
        PID:2120
    • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
      "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --single-argument http://www.yxdown.com/ads/88.html
      2⤵
      • Suspicious use of WriteProcessMemory
      PID:880
      • C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
        "C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7ff8e14646f8,0x7ff8e1464708,0x7ff8e1464718
        3⤵
          PID:3116
    • C:\Windows\SysWOW64\WerFault.exe
      C:\Windows\SysWOW64\WerFault.exe -pss -s 424 -p 4696 -ip 4696
      1⤵
        PID:2092
      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
        "c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /service kxescore
        1⤵
        • Executes dropped EXE
        • Loads dropped DLL
        PID:376

      Network

      MITRE ATT&CK Enterprise v6

      Replay Monitor

      Loading Replay Monitor...

      Downloads

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kavevent.dll
        Filesize

        90KB

        MD5

        80f899ca024ddcf5218a4fadeacaec54

        SHA1

        2756821bde2d8eb44b04da63afbf5496565ddf71

        SHA256

        2a0d8c0778ef91c5e9f7ffac47a0e49a4055d50556895822d84adcbce9375c17

        SHA512

        ae871718f3eb2bcdd4bc6d41a691e9684a98a022d0db9d9444470820847e648e369a5f0c7887dc31d6ffa51572634345fe2448c1defe8535eb79c30f8202f41f

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kavevent.dll
        Filesize

        90KB

        MD5

        80f899ca024ddcf5218a4fadeacaec54

        SHA1

        2756821bde2d8eb44b04da63afbf5496565ddf71

        SHA256

        2a0d8c0778ef91c5e9f7ffac47a0e49a4055d50556895822d84adcbce9375c17

        SHA512

        ae871718f3eb2bcdd4bc6d41a691e9684a98a022d0db9d9444470820847e648e369a5f0c7887dc31d6ffa51572634345fe2448c1defe8535eb79c30f8202f41f

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe
        Filesize

        490KB

        MD5

        9b773fe403c07b1126c48784e51fe223

        SHA1

        6f0bdd3b5bfd2cab7a859bf395f57728f808b776

        SHA256

        99fe3741defcff0910dc415e382c6a58c8fd84617c7b219c2160aa8f54ffa7d1

        SHA512

        13a898b86bb0990181655e9de35f48fe418b3238bdc00f917cca727fcdbfbc661d3cee95da06b32970d259a6e3e1b70e0df02cf75ed530397154a55627a6dbf1

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kavmenu.dll
        Filesize

        43KB

        MD5

        d32bef39d9e1439a1331e806cdf18f9f

        SHA1

        cc853d2fc89e779b541835d035fd05fa7cc339f2

        SHA256

        25bba853799d7681bcbe8258a7777d8faf7e0a41645cbaa1fc702c4e222fd712

        SHA512

        b0f7182a5e14d946ee69ce6f24271db08acfc457a0e71eb9dd242d812fd3c3210f382d9b3117ed9594ba43d9994324eb2b840214bfbbacbb78a77d6b81a04a17

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kislive.exe
        Filesize

        678KB

        MD5

        49e148faf71deabfc2d974ca63f20f22

        SHA1

        f21c708a84e40e9f00d922ac683be89872d72a0d

        SHA256

        1c04ea4234ec7465c827cc26cecedfe5ec9d33d89ee67f49c3f6d86e0fd8233c

        SHA512

        389b7416e86be98d956019a14f62b34707945c15cc41a6daa6f58d106dd9f0bf4f67d563aff7af5928e72f4d0819680c13afa9b072f980101d11eb416949b7a2

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kpopclt.dll
        Filesize

        206KB

        MD5

        8acd62949443cf36b3db239bb20fd244

        SHA1

        802c4bb757579bd6a679510b0834a9ebd38ed21e

        SHA256

        2e38b4541e78f12061f0b11ff80a24112acb71768d9b3f0df74ee0d72141e81b

        SHA512

        689000576e7a5a98a11de00859a5275b10f3348ba2889be04ee68894d704c591df8a210cb1353f0a2af540dc16eee46fd8da7be31e1082ebc433d1c538e2a846

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\ksapi.dll
        Filesize

        166KB

        MD5

        54cdfb1c20e7c0f268e1e6ccde5caa0a

        SHA1

        3251c898d579f3e8ae043aba2cd6d0b4e0875e30

        SHA256

        a36934943b46c3e1750756b9a1a6d5cf7196b1d7bb3853c00aee2e6878bb99ab

        SHA512

        e96bfaad8fa95ed11d807303421acf03785dedc13444076c5808cc4821b1ff51746d3791d06c9f050d7b5aad8b128522cdc8abb2f582c498675cf12b2282053e

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\ksapi.dll
        Filesize

        166KB

        MD5

        54cdfb1c20e7c0f268e1e6ccde5caa0a

        SHA1

        3251c898d579f3e8ae043aba2cd6d0b4e0875e30

        SHA256

        a36934943b46c3e1750756b9a1a6d5cf7196b1d7bb3853c00aee2e6878bb99ab

        SHA512

        e96bfaad8fa95ed11d807303421acf03785dedc13444076c5808cc4821b1ff51746d3791d06c9f050d7b5aad8b128522cdc8abb2f582c498675cf12b2282053e

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxebase.dll
        Filesize

        63KB

        MD5

        943e99cf9c0e96a31abb7325558371d8

        SHA1

        3188bb90f16c14b03e0d09e244ecaa9d2285be78

        SHA256

        df1dde424ec68bb481f3cdbed66a52c92325134b084c6bd1ad013c3ba0ac3780

        SHA512

        de3047ee0c70adb15a1ffe25e3f21b832ad9b1152d6e3ec3f54ae33e5f8f70d614b9cfff28d9645ddb850a6fb0d71b0a43d96be07857841fd6f37813793f6757

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxebase.dll
        Filesize

        63KB

        MD5

        943e99cf9c0e96a31abb7325558371d8

        SHA1

        3188bb90f16c14b03e0d09e244ecaa9d2285be78

        SHA256

        df1dde424ec68bb481f3cdbed66a52c92325134b084c6bd1ad013c3ba0ac3780

        SHA512

        de3047ee0c70adb15a1ffe25e3f21b832ad9b1152d6e3ec3f54ae33e5f8f70d614b9cfff28d9645ddb850a6fb0d71b0a43d96be07857841fd6f37813793f6757

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
        Filesize

        164KB

        MD5

        5caa87154c5e49499b03341fe0a9203e

        SHA1

        276aa388cac4acf4abe2c309d6526c80883c8d94

        SHA256

        0d7d445b6c864c3c8e3a4e92a10ef5b8d5b40737aa58126fb836aacd993cfdf6

        SHA512

        211eab4d0a645fdf2a5f7eb8971d8f08ce00c9b6b127b79ef6afd40481ff0cc17205785d4befecc03a1d4258fc54bc924e5ad572f7b94ffa3a98d931a48b657e

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
        Filesize

        164KB

        MD5

        5caa87154c5e49499b03341fe0a9203e

        SHA1

        276aa388cac4acf4abe2c309d6526c80883c8d94

        SHA256

        0d7d445b6c864c3c8e3a4e92a10ef5b8d5b40737aa58126fb836aacd993cfdf6

        SHA512

        211eab4d0a645fdf2a5f7eb8971d8f08ce00c9b6b127b79ef6afd40481ff0cc17205785d4befecc03a1d4258fc54bc924e5ad572f7b94ffa3a98d931a48b657e

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
        Filesize

        1.2MB

        MD5

        593a7177f156c406753edfc59fd0fa17

        SHA1

        93d9c1e294779cdfe14be6d9659831b5d396c008

        SHA256

        bfbf5845aa4a3e62ca308fda905e7469bc0b9a21c03b02c5e5bdeaedfe3e508b

        SHA512

        444aedd05fa9034a7801a3df6f41d23d4dcab84e89289f7f2df1cc1dcec74e38703c22ac65e88559159adc70055a6f4e22e1e934d6266667e522952b4499d395

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcp80.dll
        Filesize

        536KB

        MD5

        4c8a880eabc0b4d462cc4b2472116ea1

        SHA1

        d0a27f553c0fe0e507c7df079485b601d5b592e6

        SHA256

        2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

        SHA512

        6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcp80.dll
        Filesize

        536KB

        MD5

        4c8a880eabc0b4d462cc4b2472116ea1

        SHA1

        d0a27f553c0fe0e507c7df079485b601d5b592e6

        SHA256

        2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

        SHA512

        6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcp80.dll
        Filesize

        536KB

        MD5

        4c8a880eabc0b4d462cc4b2472116ea1

        SHA1

        d0a27f553c0fe0e507c7df079485b601d5b592e6

        SHA256

        2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

        SHA512

        6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcp80.dll
        Filesize

        536KB

        MD5

        4c8a880eabc0b4d462cc4b2472116ea1

        SHA1

        d0a27f553c0fe0e507c7df079485b601d5b592e6

        SHA256

        2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

        SHA512

        6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcp80.dll
        Filesize

        536KB

        MD5

        4c8a880eabc0b4d462cc4b2472116ea1

        SHA1

        d0a27f553c0fe0e507c7df079485b601d5b592e6

        SHA256

        2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

        SHA512

        6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcr80.dll
        Filesize

        612KB

        MD5

        e4fece18310e23b1d8fee993e35e7a6f

        SHA1

        9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

        SHA256

        02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

        SHA512

        2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcr80.dll
        Filesize

        612KB

        MD5

        e4fece18310e23b1d8fee993e35e7a6f

        SHA1

        9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

        SHA256

        02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

        SHA512

        2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcr80.dll
        Filesize

        612KB

        MD5

        e4fece18310e23b1d8fee993e35e7a6f

        SHA1

        9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

        SHA256

        02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

        SHA512

        2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcr80.dll
        Filesize

        612KB

        MD5

        e4fece18310e23b1d8fee993e35e7a6f

        SHA1

        9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

        SHA256

        02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

        SHA512

        2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\msvcr80.dll
        Filesize

        612KB

        MD5

        e4fece18310e23b1d8fee993e35e7a6f

        SHA1

        9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

        SHA256

        02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

        SHA512

        2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\operation\cas\kinfoc.dll
        Filesize

        298KB

        MD5

        009aefc592b99c2ab5bd6cfe09fbb927

        SHA1

        9676a6fec5d8f6f1a22ed704e0ba466a7b2e96b4

        SHA256

        9f605fd88ee390e983cf2ce290865a5645d031750d42b4609c23990cac1abddd

        SHA512

        72e4cb35ede62f1f1bb92503ae428847916a24d1694bdbdf0469b9b09ce9e88c26908262f0e30e2b4a2946b3010a816c27c136621dda3d2c3a3eb28911225e44

        Download Submit

      • C:\Program Files (x86)\kingsoft\kingsoft antivirus\scom.dll
        Filesize

        71KB

        MD5

        0d9fd22c4b94746a19478e49c6abe1f5

        SHA1

        8ef001a0c1fd44d2c61ff4b55a8043f4e129aff7

        SHA256

        d7c44eeee6a1cfba85c4569b534911ef8ca836b7d821db77f642ea4bdbaad645

        SHA512

        2ec28ab6982fbfcd4050231aba3efd602ef792a5ec365951f71b9a44487f299fd9558a646d8db0604900e070d5b3ff9da1f620f697c08f498e0ebe893d9dec6a

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\100004.exe
        Filesize

        164KB

        MD5

        5f2b117fc1e25d9106adb8a1c4f91100

        SHA1

        eb7bf762f7e9a26d8776151be141cbf4bdc47431

        SHA256

        2dbdcddf1fb86e54ab972b45ce80f5efb2aad1d47c0253f9c5fba9fee0869344

        SHA512

        6c17b0b36159af00b38d1266430d7b40934e459f317bbf5e79f672f41003102a16aadbc611c6d6009664916112b2ecda5a997683f50e9a1db92bf38ab5439f69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\100004.exe
        Filesize

        164KB

        MD5

        5f2b117fc1e25d9106adb8a1c4f91100

        SHA1

        eb7bf762f7e9a26d8776151be141cbf4bdc47431

        SHA256

        2dbdcddf1fb86e54ab972b45ce80f5efb2aad1d47c0253f9c5fba9fee0869344

        SHA512

        6c17b0b36159af00b38d1266430d7b40934e459f317bbf5e79f672f41003102a16aadbc611c6d6009664916112b2ecda5a997683f50e9a1db92bf38ab5439f69

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CFÔÂÓ°¸¨Öú.exe
        Filesize

        1.6MB

        MD5

        1ffcd2a1e7108325a14843177d9e5fb2

        SHA1

        abe3c3b150f2a6b6e6414adacf7f0262beaac88d

        SHA256

        079af3610fc3461abc16b96aefb71d2ea00650e91413af4732bb5cc992f8c919

        SHA512

        2abb090078904d7dc306cf114a0dcbfcb25d49301ffa3877aab68337505ea78c982fde4df497dccc49f7c7a39b5b975bf15b54eb4a95bef1bb7494522bc989dd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\CFÔÂÓ°¸¨Öú.exe
        Filesize

        1.6MB

        MD5

        1ffcd2a1e7108325a14843177d9e5fb2

        SHA1

        abe3c3b150f2a6b6e6414adacf7f0262beaac88d

        SHA256

        079af3610fc3461abc16b96aefb71d2ea00650e91413af4732bb5cc992f8c919

        SHA512

        2abb090078904d7dc306cf114a0dcbfcb25d49301ffa3877aab68337505ea78c982fde4df497dccc49f7c7a39b5b975bf15b54eb4a95bef1bb7494522bc989dd

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\KINSTALLERS_41_61290.exe
        Filesize

        58KB

        MD5

        9ecaacff7e457daf105b7636990894b7

        SHA1

        bb32605d694d43e612118aacb3aabb1ba075d792

        SHA256

        8ff0f987b41dbff6397f12e09f557f5906addc0c42d88e6438fccc48a67f766d

        SHA512

        9561dafaa3e602d6a2378f1d3b64fe618635466286fc00519ab6ba467beb6a20a2fd07ef81ce2ad0ae6927b02ff64e74c4fce39f37f5a8c16be292efb83f9937

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\KINSTALLERS_41_61290.exe
        Filesize

        58KB

        MD5

        9ecaacff7e457daf105b7636990894b7

        SHA1

        bb32605d694d43e612118aacb3aabb1ba075d792

        SHA256

        8ff0f987b41dbff6397f12e09f557f5906addc0c42d88e6438fccc48a67f766d

        SHA512

        9561dafaa3e602d6a2378f1d3b64fe618635466286fc00519ab6ba467beb6a20a2fd07ef81ce2ad0ae6927b02ff64e74c4fce39f37f5a8c16be292efb83f9937

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\gamebrowser_1.0_lizhiheng_t101001.exe
        Filesize

        696KB

        MD5

        34bfd5c2c0b1a33088041b7b664547fc

        SHA1

        9b66d1125f000c013bf7fbbb7e476ad86b12fe45

        SHA256

        f0a764e79e5c134d5a69116cd7f924a6d9f07004f37352a7d2c1ab2dce07882e

        SHA512

        3b3f19b98127602e3772c70073e3ef924d878789939710078f97715d275690b3d8d8dc34426a693e1f61b91fc645227bc6226e7c922afa84ec1816ba5d9204d0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\gamebrowser_1.0_lizhiheng_t101001.exe
        Filesize

        696KB

        MD5

        34bfd5c2c0b1a33088041b7b664547fc

        SHA1

        9b66d1125f000c013bf7fbbb7e476ad86b12fe45

        SHA256

        f0a764e79e5c134d5a69116cd7f924a6d9f07004f37352a7d2c1ab2dce07882e

        SHA512

        3b3f19b98127602e3772c70073e3ef924d878789939710078f97715d275690b3d8d8dc34426a693e1f61b91fc645227bc6226e7c922afa84ec1816ba5d9204d0

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\kingsoftkonline\KINSTALLERS_41_61290.exe
        Filesize

        18.6MB

        MD5

        17a5fa01284ef8399c1580068558309a

        SHA1

        f744acb56cfc0212fbf8ef650fca9c1c645c0adf

        SHA256

        c832fc639f4ad9ea2430950d6faff924943da80725b4c31f9b8188a94017b288

        SHA512

        0e7d46e265e19faf051277f5ee0c0e8ab8bdc3eb49068872496667623a2147f2c9bf043f121770fdca477b5a6cc634414bcce5076676b6e9b5c30ea445e5ce30

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\kingsoftkonline\KINSTALLERS_41_61290.exe
        Filesize

        18.6MB

        MD5

        17a5fa01284ef8399c1580068558309a

        SHA1

        f744acb56cfc0212fbf8ef650fca9c1c645c0adf

        SHA256

        c832fc639f4ad9ea2430950d6faff924943da80725b4c31f9b8188a94017b288

        SHA512

        0e7d46e265e19faf051277f5ee0c0e8ab8bdc3eb49068872496667623a2147f2c9bf043f121770fdca477b5a6cc634414bcce5076676b6e9b5c30ea445e5ce30

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\nsu856D.tmp\AdvSplash.dll
        Filesize

        6KB

        MD5

        a1bba35c752b36f575350cb7ddf238e4

        SHA1

        9603b691ae71d4fbc7a14dbb837bd97cecac8aab

        SHA256

        0667863d71a3021ab844069b6dd0485f874bf638af478ab11c6fb8b7d6c834b6

        SHA512

        eb5d3498dd994bec42a437cf91343665d3c35bfe3f6277a7393af6a0b8348772c3166d9be48955edddf6ef79fa508ec8d4f96d7d5df37ecdc52c90042e0a2967

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\qh562.exe
        Filesize

        59KB

        MD5

        44c3de360a309aba151ae9d1cc2b6773

        SHA1

        0704ce76d5ab8b747b9319ba928aad5c0e1510d7

        SHA256

        4b0d92abe91c80afe1acf4ea2a7c04af43db0bb4a5e845e936580f4d56679c84

        SHA512

        1ac16f1e71c037ed121691f07ecf1949b9a12decbd18446eda0fd512a2389b6ba9b9c39f365f08b7edc7c65865516d98eafc7f1a9a2b9958ef5ad22a086ffff7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\qh562.exe
        Filesize

        59KB

        MD5

        44c3de360a309aba151ae9d1cc2b6773

        SHA1

        0704ce76d5ab8b747b9319ba928aad5c0e1510d7

        SHA256

        4b0d92abe91c80afe1acf4ea2a7c04af43db0bb4a5e845e936580f4d56679c84

        SHA512

        1ac16f1e71c037ed121691f07ecf1949b9a12decbd18446eda0fd512a2389b6ba9b9c39f365f08b7edc7c65865516d98eafc7f1a9a2b9958ef5ad22a086ffff7

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\wiresion.exe
        Filesize

        466KB

        MD5

        34c896e9d15df09c31badd1be5e0086f

        SHA1

        fe2438b5652ca75a46349fd3dc37ee89818b8336

        SHA256

        7f400f1e9073952352581ddf3b2822998b9a2912495c945b21ca625d52d676dd

        SHA512

        3a72f6e828f05ac9a5032f7063b52b687c4234e768c5b130e826405312e6e2dbcd003f8abf10da46692f4f563219dbfb66e9ed8d8b86cdad0f28141bbaebe00e

        Download Submit

      • C:\Users\Admin\AppData\Local\Temp\wiresion.exe
        Filesize

        466KB

        MD5

        34c896e9d15df09c31badd1be5e0086f

        SHA1

        fe2438b5652ca75a46349fd3dc37ee89818b8336

        SHA256

        7f400f1e9073952352581ddf3b2822998b9a2912495c945b21ca625d52d676dd

        SHA512

        3a72f6e828f05ac9a5032f7063b52b687c4234e768c5b130e826405312e6e2dbcd003f8abf10da46692f4f563219dbfb66e9ed8d8b86cdad0f28141bbaebe00e

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\MSVCP80.dll
        Filesize

        536KB

        MD5

        4c8a880eabc0b4d462cc4b2472116ea1

        SHA1

        d0a27f553c0fe0e507c7df079485b601d5b592e6

        SHA256

        2026f3c4f830dff6883b88e2647272a52a132f25eb42c0d423e36b3f65a94d08

        SHA512

        6a6cce8c232f46dab9b02d29be5e0675cc1e968e9c2d64d0abc008d20c0a7baeb103a5b1d9b348fa1c4b3af9797dbcb6e168b14b545fb15c2ccd926c3098c31c

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\MSVCR80.dll
        Filesize

        612KB

        MD5

        e4fece18310e23b1d8fee993e35e7a6f

        SHA1

        9fd3a7f0522d36c2bf0e64fc510c6eea3603b564

        SHA256

        02bdde38e4c6bd795a092d496b8d6060cdbe71e22ef4d7a204e3050c1be44fa9

        SHA512

        2fb5f8d63a39ba5e93505df3a643d14e286fe34b11984cbed4b88e8a07517c03efb3a7bf9d61cf1ec73b0a20d83f9e6068e61950a61d649b8d36082bb034ddfc

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavevent.dll
        Filesize

        90KB

        MD5

        80f899ca024ddcf5218a4fadeacaec54

        SHA1

        2756821bde2d8eb44b04da63afbf5496565ddf71

        SHA256

        2a0d8c0778ef91c5e9f7ffac47a0e49a4055d50556895822d84adcbce9375c17

        SHA512

        ae871718f3eb2bcdd4bc6d41a691e9684a98a022d0db9d9444470820847e648e369a5f0c7887dc31d6ffa51572634345fe2448c1defe8535eb79c30f8202f41f

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe
        Filesize

        490KB

        MD5

        9b773fe403c07b1126c48784e51fe223

        SHA1

        6f0bdd3b5bfd2cab7a859bf395f57728f808b776

        SHA256

        99fe3741defcff0910dc415e382c6a58c8fd84617c7b219c2160aa8f54ffa7d1

        SHA512

        13a898b86bb0990181655e9de35f48fe418b3238bdc00f917cca727fcdbfbc661d3cee95da06b32970d259a6e3e1b70e0df02cf75ed530397154a55627a6dbf1

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kislive.exe
        Filesize

        678KB

        MD5

        49e148faf71deabfc2d974ca63f20f22

        SHA1

        f21c708a84e40e9f00d922ac683be89872d72a0d

        SHA256

        1c04ea4234ec7465c827cc26cecedfe5ec9d33d89ee67f49c3f6d86e0fd8233c

        SHA512

        389b7416e86be98d956019a14f62b34707945c15cc41a6daa6f58d106dd9f0bf4f67d563aff7af5928e72f4d0819680c13afa9b072f980101d11eb416949b7a2

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kpopclt.dll
        Filesize

        206KB

        MD5

        8acd62949443cf36b3db239bb20fd244

        SHA1

        802c4bb757579bd6a679510b0834a9ebd38ed21e

        SHA256

        2e38b4541e78f12061f0b11ff80a24112acb71768d9b3f0df74ee0d72141e81b

        SHA512

        689000576e7a5a98a11de00859a5275b10f3348ba2889be04ee68894d704c591df8a210cb1353f0a2af540dc16eee46fd8da7be31e1082ebc433d1c538e2a846

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\ksapi.dll
        Filesize

        166KB

        MD5

        54cdfb1c20e7c0f268e1e6ccde5caa0a

        SHA1

        3251c898d579f3e8ae043aba2cd6d0b4e0875e30

        SHA256

        a36934943b46c3e1750756b9a1a6d5cf7196b1d7bb3853c00aee2e6878bb99ab

        SHA512

        e96bfaad8fa95ed11d807303421acf03785dedc13444076c5808cc4821b1ff51746d3791d06c9f050d7b5aad8b128522cdc8abb2f582c498675cf12b2282053e

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxebase.dll
        Filesize

        63KB

        MD5

        943e99cf9c0e96a31abb7325558371d8

        SHA1

        3188bb90f16c14b03e0d09e244ecaa9d2285be78

        SHA256

        df1dde424ec68bb481f3cdbed66a52c92325134b084c6bd1ad013c3ba0ac3780

        SHA512

        de3047ee0c70adb15a1ffe25e3f21b832ad9b1152d6e3ec3f54ae33e5f8f70d614b9cfff28d9645ddb850a6fb0d71b0a43d96be07857841fd6f37813793f6757

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe
        Filesize

        164KB

        MD5

        5caa87154c5e49499b03341fe0a9203e

        SHA1

        276aa388cac4acf4abe2c309d6526c80883c8d94

        SHA256

        0d7d445b6c864c3c8e3a4e92a10ef5b8d5b40737aa58126fb836aacd993cfdf6

        SHA512

        211eab4d0a645fdf2a5f7eb8971d8f08ce00c9b6b127b79ef6afd40481ff0cc17205785d4befecc03a1d4258fc54bc924e5ad572f7b94ffa3a98d931a48b657e

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore_sp.xcf
        Filesize

        87B

        MD5

        47f61d0f7bd830f5bfe72c3b65941fde

        SHA1

        d7f440877e23679fd2c480dff2b8f3219702d681

        SHA256

        eb09cf1094904f0d3038ce1e981fd4366eba4000c8b6f13a3dbbaefea4797e37

        SHA512

        d234f17af1440aba1a4f6c2b24d04fdeb3a685f25f391cdc1ac048dfed1b470689bed5b21d7b3db94f9186445932982f462bbee8af919c1a957ab89bd69e68f5

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\kxetray.exe
        Filesize

        1.2MB

        MD5

        593a7177f156c406753edfc59fd0fa17

        SHA1

        93d9c1e294779cdfe14be6d9659831b5d396c008

        SHA256

        bfbf5845aa4a3e62ca308fda905e7469bc0b9a21c03b02c5e5bdeaedfe3e508b

        SHA512

        444aedd05fa9034a7801a3df6f41d23d4dcab84e89289f7f2df1cc1dcec74e38703c22ac65e88559159adc70055a6f4e22e1e934d6266667e522952b4499d395

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\operation\cas\kctrl.dat
        Filesize

        1KB

        MD5

        f596ddc3f7cf74175a1ed766b412d147

        SHA1

        efe4b46eed0c910a5ff8407506750047cfdfb93a

        SHA256

        3dce4ca31f74798638655017dd2742f93d075910bd97363bb837a87758776898

        SHA512

        55b42bf8d4d5f6454b752e8843e0acc3b56e01b2dea85b7c34996efd24baab470d1171d00d004ec28638ef4277ac67334e0b0dfc6eedf8761adf0420b4ac6818

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\operation\cas\kfmt.datx
        Filesize

        44KB

        MD5

        993e4a86486505e01592663e29696b69

        SHA1

        1c40b31f43d9cba8d98c50a15a07e8acdd401cbe

        SHA256

        8dc71438b6b1ed7f342239e0b8c7f7802ace67eed99a02e0dbeba166f14fa12e

        SHA512

        05171694fe11affa34c41b8213fd2abfa526f1d7b92aeded67fc64e8750139906400cf62307b2c2ba43a153bf4780a020b40d03c4629495876dbbe8c65fb4535

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\operation\cas\kinfoc.dll
        Filesize

        298KB

        MD5

        009aefc592b99c2ab5bd6cfe09fbb927

        SHA1

        9676a6fec5d8f6f1a22ed704e0ba466a7b2e96b4

        SHA256

        9f605fd88ee390e983cf2ce290865a5645d031750d42b4609c23990cac1abddd

        SHA512

        72e4cb35ede62f1f1bb92503ae428847916a24d1694bdbdf0469b9b09ce9e88c26908262f0e30e2b4a2946b3010a816c27c136621dda3d2c3a3eb28911225e44

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\ressrc\chs\uplive.svr
        Filesize

        3KB

        MD5

        e302e1b7d41f2d41cf926242d693dd87

        SHA1

        f0c75c85fa80a13822775d0093ba34b5961fb208

        SHA256

        c83343a6aa3645c1155ea1ee224f5c3fe8867e174ad46da92abaa139d12ea74e

        SHA512

        adec4c968f3510ee81c4a54bfffa39244e0e0fb12a24d06c7921d1902352d827ebb5508d5dac13cbc5469591976607885937951eab876a054710c81f52efe811

        Download Submit

      • \??\c:\program files (x86)\kingsoft\kingsoft antivirus\scom.dll
        Filesize

        71KB

        MD5

        0d9fd22c4b94746a19478e49c6abe1f5

        SHA1

        8ef001a0c1fd44d2c61ff4b55a8043f4e129aff7

        SHA256

        d7c44eeee6a1cfba85c4569b534911ef8ca836b7d821db77f642ea4bdbaad645

        SHA512

        2ec28ab6982fbfcd4050231aba3efd602ef792a5ec365951f71b9a44487f299fd9558a646d8db0604900e070d5b3ff9da1f620f697c08f498e0ebe893d9dec6a

        Download Submit

      • memory/376-206-0x00000000001F0000-0x00000000001FE000-memory.dmp

        Filesize

        56KB

        Download

      • memory/376-210-0x0000000001680000-0x00000000016AA000-memory.dmp

        Filesize

        168KB

        Download

      • memory/2120-160-0x0000000000C80000-0x0000000000CAF000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2120-153-0x0000000000C80000-0x0000000000CAF000-memory.dmp

        Filesize

        188KB

        Download

      • memory/2260-211-0x000000006FFF0000-0x0000000070000000-memory.dmp

        Filesize

        64KB

        Download

      • memory/3140-146-0x0000000000400000-0x00000000005F7000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3140-162-0x0000000000400000-0x00000000005F7000-memory.dmp

        Filesize

        2.0MB

        Download

      • memory/3288-197-0x00000000027B0000-0x00000000027CA000-memory.dmp

        Filesize

        104KB

        Download

      • memory/3748-138-0x0000000000400000-0x0000000000504000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/3748-156-0x0000000000400000-0x0000000000504000-memory.dmp

        Filesize

        1.0MB

        Download

      • memory/4536-161-0x0000000000400000-0x000000000051C000-memory.dmp

        Filesize

        1.1MB

        Download