Analysis Overview
SHA256
35146a3795c50e229be65d164d793ffb2af695f75902e0d28ee992fdc51b12a7
Threat Level: Known bad
The file 2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil was found to be: Known bad.
Malicious Activity Summary
Brute Ratel C4
PrivateLoader
Blocklisted process makes network request
Reads user/profile data of web browsers
Checks whether UAC is enabled
Writes to the Master Boot Record (MBR)
Checks computer location settings
Loads dropped DLL
Registers COM server for autorun
Checks installed software on the system
Drops file in Program Files directory
Modifies system executable filetype association
Executes dropped EXE
Enumerates physical storage devices
Suspicious use of SendNotifyMessage
Modifies Internet Explorer settings
Suspicious use of WriteProcessMemory
Modifies registry class
Suspicious behavior: GetForegroundWindowSpam
Modifies data under HKEY_USERS
Suspicious behavior: AddClipboardFormatListener
Suspicious use of SetWindowsHookEx
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious behavior: EnumeratesProcesses
Modifies system certificate store
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-05-09 18:05
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-05-09 18:05
Reported
2024-05-09 18:08
Platform
win7-20240221-en
Max time kernel
148s
Max time network
134s
Command Line
Signatures
PrivateLoader
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\lnkfile\ShellEx\ContextMenuHandlers\ kwpsshellext | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\lnkfile\ShellEx | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\lnkfile\ShellEx\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\lnkfile\ShellEx\ContextMenuHandlers\ kwpsshellext\ = "{28A80003-18FD-411D-B0A3-3C81F618E22B}" | C:\Windows\system32\regsvr32.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{A1BBCFD9-B54C-443D-BC56-0BC3840120DB}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wpp /Preview" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /et" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /et" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\et.exe /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32\ | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{45540003-5750-5300-4B49-4E47534F4655}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /et" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{0002CE21-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\mui\\default\\resource\\ksee\\EqnEdit.exe" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wps" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209F0-0000-4b30-A977-D214852036FF}\InprocServer32\Class | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32\Class\ = "WPS.Office.Interop.Wpp.GlobalClass" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700070002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020812-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32\ | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wps" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{3C18EAE4-BC25-4134-B7DF-1ECA1337DDDC}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /et /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00024512-0000-0000-C000-000000000046}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\refedit.dll" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\kwpsmenushellext64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f006500740000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wps /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020906-0000-4b30-A977-D214852036FF}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{0002CE21-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{D5A42435-00FB-427E-ADE7-B753DEF2E9D7}\LocalServer32\ServerExecutable = "C:\\Users\\Admin\\AppData\\Roaming\\Kingsoft\\wps\\addons\\pool\\win-i386\\pdfwspv_1.0.2024.3\\pdfwspv.dll" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{75D01070-1234-44E9-82F6-DB5B39A47C13}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}\AlternateCLSID = "{AB5357A7-3179-47F9-A705-966B8B936D5E}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}\AlternateCLSID = "{E436987E-F427-4AD7-8738-6D0895A3E93F}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19 | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-20 | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| Set value (data) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\Local Settings\MuiCache\2D\52C64B7E\LanguageList = 65006e002d0055005300000065006e0000000000 | C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{00024437-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{000208A1-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{000C1715-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{D4022C32-9535-4C40-B21F-99388F587143}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{00024423-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{92D41A7A-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "Trendlines" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000C03BA-0000-0000-C000-000000000046}\ = "TabStops2" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{0002091F-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{91493471-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{000208A2-0000-0000-C000-000000000046}\TypeLib\ = "{45541000-5750-5300-4B49-4E47534F4655}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\WPP.PPTX.6\Insertable | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{00020936-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\.dpsx\ShellEx\{8895b1c6-b41f-4c1c-a562-0d564250836f} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{914934C0-5A91-11CF-8700-00AA0060263B}\ = "OCXExtender" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\KMSO2PdfPlugins.Component\CLSID\ = "{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\PowerPoint.Application.12\CLSID\ = "{91493441-5A91-11CF-8700-00AA0060263B}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000C1730-0000-0000-C000-000000000046}\TypeLib\ = "{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000244D1-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\TypeLib\{55764DA4-BB0F-4781-8342-D85F1D800ACB}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{0002443C-0000-0000-C000-000000000046}\ = "GroupShapes" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{000244B0-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{C1AD33E4-F088-40A9-9D2F-D94017D115C4} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{B3A1E8C6-E1CE-4A46-8D12-E017157B03D7}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{C8C9D844-72C0-41F5-B6FF-9DA99BE2A812}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{DA936B62-AC8B-11D1-B6E5-00A0C90F2744}\TypeLib\ = "{0002E157-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000209FE-0001-0000-C000-000000000046}\ = "IApplicationEvents2" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{0002087B-0000-0000-C000-000000000046}\ = "SoundNote" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{00024445-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Components\02139C37CE085D11E9C8000CF4970D96\2052 = 260069006700410056006e002d007d00660028005a005800660065004100520036002e006a006900500072006f006400750063007400460069006c00650073003e005200750040002d003700470055004900240040003f00570072004c00440028004f005000300072000000320030003500320000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\MSAddnDr.AddInInstance\CurVer\ = "MSAddnDr.AddInInstance.1" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000CD102-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{92D41A77-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "SeriesLines" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{00024491-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{00024443-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\ET.Xlsm.6\shell\ = "open" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Word.Document.12\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wpsofficeicon.dll,37" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000209E5-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{584FDEA7-9D1F-44C7-97DC-784136862930}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{91493492-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{00024434-0000-0000-C000-000000000046}\TypeLib\ = "{45541000-5750-5300-4B49-4E47534F4655}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{000208B9-0000-0000-C000-000000000046}\TypeLib\ = "{45541000-5750-5300-4B49-4E47534F4655}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{00020863-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{0002E164-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{B3A1E8C6-E1CE-4A46-8D12-E017157B03D7}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\KET.Template.9\ = "WPS Spreadsheets Template" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{00024477-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{8BF3A922-7E10-4241-9FD3-654FEDECC52A}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{9149348F-5A91-11CF-8700-00AA0060263B}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{92D41A62-F07E-4CA4-AF6F-BEF486AA4E6F}\ = "DataLabels" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000244B4-0000-0000-C000-000000000046}\TypeLib\ = "{45541000-5750-5300-4B49-4E47534F4655}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\KMSO2PdfPlugins.Component\ = "Kingsoft MSO2PdfPlugins Addin" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000C0410-0000-0000-C000-000000000046}\ = "SignatureSet" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{000C03A6-0000-0000-C000-000000000046}\TypeLib\Version = "63.1" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Wow6432Node\Interface\{C2B83A65-B061-4469-83B6-8877437CB8A0}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\KET.SecWorkbook.9\shell\open | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{00024433-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000208D6-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{00024487-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\WPP.SLDX.6\Insertable | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\TypeLib\{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000C1709-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{000CDB09-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000_CLASSES\Interface\{00020853-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 19000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca61d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e4090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f006700690065007300000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a92000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 0f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1298544033-3225604241-2703760938-1000\Software\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe"
C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe
"C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe" -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -createIcons -curlangofinstalledproduct=en_US -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office"
C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe
"C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe" -downpower -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -createIcons -curlangofinstalledproduct="en_US" -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -msgwndname=wpssetup_message_F76B5D7 -curinstalltemppath=C:\Users\Admin\AppData\Local\Temp\wps\~f76b339\
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -installregister sharedMemory_message_F7702EE -forceperusermode
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" InstallService
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -installregister sharedMemory_message_F770F7B
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -sendinstalldyn 5
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -updatetaskbarpin 2097152 -forceperusermode
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" Run "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\ktaskschdtool\ktaskschdtool.dll" /task=wpsexternal /createtask
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" CheckService
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" Run -User=Admin -Entry=EntryPoint "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6/addons/ktaskschdtool/ktaskschdtool.dll" /user=Admin /task=wpsexternal /cleantask /pid=2020 /prv
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s /n /i:user "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll"
C:\Windows\system32\regsvr32.exe
/s /n /i:user "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll"
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe" /from:setup
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" CheckService
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe" -createtask
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" CheckService
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\html2pdf\html2pdf.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\\office6\ksomisc.exe" -defragment
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" /prometheus /download_lang_on_start /lang=en_US /from=autostart_after_install_onlinesetup
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe" /qingbangong /start_from=qingipc /qingbangong /start_from=kstartpage silentautologin
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -getabtest -forceperusermode
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -getonlineparam -forceperusermode
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /messagepush /PushType=mipush /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /krecentfile /init /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe" /krecentfile /init /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe" /messagepush /PushType=mipush /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=2160 --field-trial-handle=2380,i,11055575241299280470,7004628966924918449,131072 --disable-features=TSFImeSupport /prefetch:2
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=752 --field-trial-handle=2380,i,11055575241299280470,7004628966924918449,131072 --disable-features=TSFImeSupport /prefetch:8
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=2460 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=2808 --field-trial-handle=2380,i,11055575241299280470,7004628966924918449,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=2460 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2844 --field-trial-handle=2380,i,11055575241299280470,7004628966924918449,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=2460 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2856 --field-trial-handle=2380,i,11055575241299280470,7004628966924918449,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=2396 --field-trial-handle=2380,i,11055575241299280470,7004628966924918449,131072 --disable-features=TSFImeSupport /prefetch:2
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe" Run /InstanceId=wpsdesktop -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kwpsbubble_1.0.2024.3/kwpsbubble_xa.dll
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=1072 --field-trial-handle=1284,i,7996069957741130977,1437958832885674958,131072 --disable-features=TSFImeSupport /prefetch:2
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=1648 --field-trial-handle=1284,i,7996069957741130977,1437958832885674958,131072 --disable-features=TSFImeSupport /prefetch:8
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=2008 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1792 --field-trial-handle=1284,i,7996069957741130977,1437958832885674958,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=1072 --field-trial-handle=1284,i,7996069957741130977,1437958832885674958,131072 --disable-features=TSFImeSupport /prefetch:2
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe" Run -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kdocreminder_1.1.2021.136/kdocreminder.dll
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe" Run -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kdocreminder_1.1.2021.136/kdocreminder.dll
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" Run -User=Admin "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -regpdfwspv
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" LocalService
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -regpdfwspv
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\pdfwspv_1.0.2024.3\pdfwspv.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | api.wps.com | udp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| US | 8.8.8.8:53 | udp | |
| FR | 90.84.175.86:443 | tcp | |
| US | 104.16.83.69:443 | tcp | |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| US | 8.8.8.8:53 | abtest-api.wps.com | udp |
| FR | 90.84.175.86:443 | abtest-api.wps.com | tcp |
| FR | 90.84.175.86:443 | abtest-api.wps.com | tcp |
| FR | 90.84.175.86:443 | abtest-api.wps.com | tcp |
| US | 34.209.139.59:443 | tcp | |
| US | 8.8.8.8:53 | cloud.wpscdn.com | udp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | abtest-api.wps.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | abtest-api.wps.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | ai.wps.com | udp |
| FR | 90.84.175.86:443 | ai.wps.com | tcp |
| FR | 90.84.175.86:443 | ai.wps.com | tcp |
| FR | 90.84.175.86:443 | ai.wps.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | api-ad-adapter.wps.com | udp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| FR | 90.84.189.232:443 | api-ad-adapter.wps.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | abroadad.cache.wpscdn.com | udp |
| US | 8.8.8.8:53 | ovs-activity-server.wps.com | udp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| GB | 18.245.162.126:443 | abroadad.cache.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity-server.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity-server.wps.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity-server.wps.com | tcp |
| US | 8.8.8.8:53 | ovs-activity.wps.com | udp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| US | 8.8.8.8:53 | d19a1mtic3m6gl.cloudfront.net | udp |
| GB | 18.245.187.68:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.245.187.68:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.245.187.68:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.245.187.68:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | firebase.googleapis.com | udp |
| GB | 172.217.16.234:443 | firebase.googleapis.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.8.8:53 | d19a1mtic3m6gl.cloudfront.net | udp |
| GB | 18.245.187.92:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| BE | 64.233.167.155:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 104.16.83.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| US | 8.8.4.4:443 | dns.google | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| GB | 18.154.84.94:443 | cloud.wpscdn.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| US | 8.8.4.4:443 | dns.google | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| US | 8.8.8.8:53 | udp | |
| US | 34.209.139.59:443 | tcp | |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.4.4:443 | dns.google | udp |
| GB | 216.58.204.67:443 | www.google.co.uk | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\pl_PL\style.xml
| MD5 | 034f37e6536c1430d55f64168b7e9f05 |
| SHA1 | dd08c0ef0d086dfbe59797990a74dab14fc850e2 |
| SHA256 | 183a140011774d955e9de189e7a1d53cb4128d6abed61c7bfd5994268ee5f384 |
| SHA512 | 0e1911c882152a4e1059a3ce1880d7fb2aed1e1e36cbd37055de2e2a1333acb2a0233ba2a4d969ccebbef1e77809aa5e78807aa9239545beae8c548c0f8f35c0 |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | a639eeb67e6f191622d9fc2364ef6276 |
| SHA1 | b81595f493cedaf5cad3ed886f187a7520abce0f |
| SHA256 | cbf471f962fe2541102e9cab521fd8cfc8674bb0ac68a3326f5181115cdc22bc |
| SHA512 | 093c12ec206120252b403cd057b23cd6d8e440740d499f72ce8b08044bf9b8c99e3efaa69ce7947632bb8b78104d599b4c7da7af128af5ce9fa3167509844e79 |
memory/2412-187-0x0000000000210000-0x0000000000212000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | 2ab8f9332594927cd96788efe14ac168 |
| SHA1 | 7591d76a5ee9847d801134f260a12feee233138f |
| SHA256 | c43b04cc376d9a156acc5b94afa1d18e34afb77d7e40acfb0c0a52d340d622f4 |
| SHA512 | fff739707a89e56de2e070a50e1df6b95ae4dc4bff1330f876f92924123431a68ca65523961a07a771205e88ce9086131af23f9749d27ccba666dd7af831da15 |
C:\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\product.dat
| MD5 | e568b6577db690b099db51338853f0be |
| SHA1 | 2d24319c334b6319bb19c580f537e6339de48bc5 |
| SHA256 | 257f1947e656eced86713f72deea7261afe30bb07e9c4f109ea29a6c2df63f16 |
| SHA512 | 16cf5f031bd8a3e1998b350913d7963140c95ef75e8cac2a5f878a9d3c80691fae24463ad9af64a426fe97dc78a0f51edf75b4a92429191c0809bfcd0f0aefac |
C:\Users\Admin\AppData\Local\tempinstall.ini
| MD5 | c38481658f9149eba0b9b8fcbcb16708 |
| SHA1 | f16a40af74c0a04a331f7833251e3958d033d4da |
| SHA256 | d0d73f49bc21b62fe05c47024d69406a3227da0f6b4ffe237726e6a031f188d2 |
| SHA512 | 8f98d62f88442b8ef94aa10074e35aa8d9494f3c76ce8b143ca0bf7fa0d917f3175212fbcd6e7b0597fd0ec0e1b2827f157135512fb01c88218d36e2f7dd73ce |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | 9af5527659cfadecc3266a931dab03ae |
| SHA1 | cbc48504b796c9b084b47c6d033baefc39445a77 |
| SHA256 | 414102a3f2ac86159669a0836b3dbab3aac69a7d6e5a6fea783854ec699ae23e |
| SHA512 | 0593b4377c9416c48dc4fc9a9dbc69caca010a67e644e37b40bfd7f2695bb6065823389b35f2e958ee85bf1d1b2fb30bc62fc4206dce14091303245c265d483c |
C:\Users\Admin\AppData\Local\tempinstall.ini
| MD5 | a9519168ca6299588edf9bd39c10828a |
| SHA1 | 9f0635e39d50d15af39f5e2c52ad240a428b5636 |
| SHA256 | 9e87b2ff306efedf7bf1074749b4602c332bc825aed80721eba19d5f544d2ec3 |
| SHA512 | 0607eb1f5598320961fbd8ef75beeb1b6dc1af3cae7eeb5ba352f3e2a2edb25e1d9e68fb46c24e4299957352c0c906314c889c2d1092437eccc1d1a0485f3557 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5WinExtrasKso.dll
| MD5 | b3843e058782a993918045cb73d84e25 |
| SHA1 | dbbc24f2da2e5b9b94a00aa41c08935be184c12d |
| SHA256 | aa696dc9058ed7987675837be2601edd28306a42153d5112dacc9b156a1fceb1 |
| SHA512 | 3c237aa06409d774f6bbd3aa1116677a39f5f8f166dfcfa2fecab9d266f5b247bb9d2d623ce780631f857366059ce204912c039c7b5352cd2d5a7cbfb748a10e |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\kpacketui.dll
| MD5 | 922e87292d25e0e5114e844457305309 |
| SHA1 | f71ba802373150ce5f70b7dc65400fb5c4f11422 |
| SHA256 | 8c04e43b9e4470198db0b539dbb41812cc1140a0932e69de6b9541e363d6cd31 |
| SHA512 | a70410d76b2655e31c48e6604a56bfe48ae236494ebbb53c2d94064046a371ecca93671ccb4d80f0084dfa601b68f530eef676ccd2ef804995b4271c3dfe612c |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-core-file-l2-1-0.dll
| MD5 | b181124928d8eb7b6caa0c2c759155cb |
| SHA1 | 1aadbbd43eff2df7bab51c6f3bda2eb2623b281a |
| SHA256 | 24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77 |
| SHA512 | 2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-core-timezone-l1-1-0.dll
| MD5 | 86421619dad87870e5f3cc0beb1f7963 |
| SHA1 | 2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2 |
| SHA256 | 64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab |
| SHA512 | dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-core-file-l1-2-0.dll
| MD5 | cd3cec3d65ae62fdf044f720245f29c0 |
| SHA1 | c4643779a0f0f377323503f2db8d2e4d74c738ca |
| SHA256 | 676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141 |
| SHA512 | aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-core-processthreads-l1-1-1.dll
| MD5 | b5c8334a10b191031769d5de01df9459 |
| SHA1 | 83a8fcc777c7e8c42fa4c59ee627baf6cbed1969 |
| SHA256 | 6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d |
| SHA512 | 59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-core-localization-l1-2-0.dll
| MD5 | 21519f4d5f1fea53532a0b152910ef8b |
| SHA1 | 7833ac2c20263c8be42f67151f9234eb8e4a5515 |
| SHA256 | 5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1 |
| SHA512 | 97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\ucrtbase.dll
| MD5 | 2040cdcd779bbebad36d36035c675d99 |
| SHA1 | 918bc19f55e656f6d6b1e4713604483eb997ea15 |
| SHA256 | 2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359 |
| SHA512 | 83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5GuiKso.dll
| MD5 | eeeca78826c60d6c8a0c1068f852246a |
| SHA1 | 7daf41eb25258972581e0b05b0c18a9afdfa4efb |
| SHA256 | b65f069e69952658f8e1b0452d9846682df2be483b640f446f050897db865acd |
| SHA512 | 516e53a7c67cd7ef5d67342381f8f0fec84ff582c322e6952529d04df5e30ed96f4584fcb3d188314850425110818952c756bc2fa6f3bd28ae59e9fcfa2dd5a5 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-utility-l1-1-0.dll
| MD5 | 3dfb82541979a23a9deb5fd4dcfb6b22 |
| SHA1 | 5da1d02b764917b38fdc34f4b41fb9a599105dd9 |
| SHA256 | 0cd6d0ff0ff5ecf973f545e98b68ac6038db5494a8990c3b77b8a95b664b6feb |
| SHA512 | f9a20b3d44d39d941fa131c3a1db37614a2f9b2af7260981a0f72c69f82a5326901f70a56b5f7ad65862630fce59b02f650a132ee7ecfe2e4fc80f694483ca82 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-math-l1-1-0.dll
| MD5 | 461d5af3277efb5f000b9df826581b80 |
| SHA1 | 935b00c88c2065f98746e2b4353d4369216f1812 |
| SHA256 | f9ce464b89dd8ea1d5e0b852369fe3a8322b4b9860e5ae401c9a3b797aed17bf |
| SHA512 | 229bf31a1de1e84cf238a0dfe0c3a13fee86da94d611fbc8fdb65086dee6a8b1a6ba37c44c5826c3d8cfa120d0fba9e690d31c5b4e73f98c8362b98be1ee9600 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-environment-l1-1-0.dll
| MD5 | 0979785e3ef8137cdd47c797adcb96e3 |
| SHA1 | 4051c6eb37a4c0dba47b58301e63df76bff347dd |
| SHA256 | d5164aecde4523ffa2dcfd0315b49428ac220013132ad48422a8ea4ca2361257 |
| SHA512 | e369bc53babd327f5d1b9833c0b8d6c7e121072ad81d4ba1fb3e2679f161fb6a9fa2fca0df0bac532fd439beb0d754583582d1dbfeccf2d38cc4f3bdca39b52d |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-time-l1-1-0.dll
| MD5 | d0b6a2caec62f5477e4e36b991563041 |
| SHA1 | 8396e1e02dace6ae4dde33b3e432a3581bc38f5d |
| SHA256 | fd44d833ea40d50981b3151535618eb57b5513ed824a9963251d07abff2baedf |
| SHA512 | 69bd6df96de99e6ab9c12d8a1024d20a034a7db3e2b62e8be7fdbc838c4e9001d2497b04209e07a5365d00366c794c31ee89b133304e475dde5f92fdb7fcb0bc |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-filesystem-l1-1-0.dll
| MD5 | a1b6cebd3d7a8b25b9a9cbc18d03a00c |
| SHA1 | 5516de099c49e0e6d1224286c3dc9b4d7985e913 |
| SHA256 | 162ccf78fa5a4a2ee380f72fbd54d17a73c929a76f6e3659f537fa8f42602362 |
| SHA512 | a322fb09e6faaff0daabb4f0284e4e90ccacff27161dbfd77d39a9a93dbf30069b9d86bf15a07fc2006a55af2c35cd8ea544895c93e2e1697c51f2dafad5a9d7 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-locale-l1-1-0.dll
| MD5 | 50b721a0c945abe3edca6bcee2a70c6c |
| SHA1 | f35b3157818d4a5af3486b5e2e70bb510ac05eff |
| SHA256 | db495c7c4ad2072d09b2d4506b3a50f04487ad8b27d656685ea3fa5d9653a21d |
| SHA512 | ef2f6d28d01a5bad7c494851077d52f22a11514548c287e513f4820c23f90020a0032e2da16cc170ae80897ae45fc82bffc9d18afb2ae1a7b1da6eef56240840 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-convert-l1-1-0.dll
| MD5 | 88f89d0f2bd5748ed1af75889e715e6a |
| SHA1 | 8ada489b9ff33530a3fb7161cc07b5b11dfb8909 |
| SHA256 | 02c78781bf6cc5f22a0ecedc3847bfd20bed4065ac028c386d063dc2318c33cc |
| SHA512 | 1f5a00284ca1d6dc6ae2dfce306febfa6d7d71d421583e4ce6890389334c2d98291e98e992b58136f5d1a41590553e3ad42fb362247ae8adf60e33397afbb5df |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-stdio-l1-1-0.dll
| MD5 | 5765103e1f5412c43295bd752ccaea03 |
| SHA1 | 6913bf1624599e55680a0292e22c89cab559db81 |
| SHA256 | 8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4 |
| SHA512 | 5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-string-l1-1-0.dll
| MD5 | f364190706414020c02cf4d531e0229d |
| SHA1 | 5899230b0d7ad96121c3be0df99235ddd8a47dc6 |
| SHA256 | a797c0d43a52e7c8205397225ac931638d73b567683f38dd803195da9d34eac2 |
| SHA512 | a9c8abbd846ab55942f440e905d1f3864b82257b8daa44c784b1997a060de0c0439ecc25a2193032d4d85191535e9253e435deed23bdf3d3cb48c4209005a02e |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-heap-l1-1-0.dll
| MD5 | a6a9dfb31be2510f6dbfedd476c6d15a |
| SHA1 | cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7 |
| SHA256 | 150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c |
| SHA512 | b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\api-ms-win-crt-runtime-l1-1-0.dll
| MD5 | 4f06da894ea013a5e18b8b84a9836d5a |
| SHA1 | 40cf36e07b738aa8bba58bc5587643326ff412a9 |
| SHA256 | 876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732 |
| SHA512 | 1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\vcruntime140.dll
| MD5 | e51018e4985943c51ff91471f8906504 |
| SHA1 | 5899aaccdb692dbdffdaa35436c47d17c130cfd0 |
| SHA256 | ff9c1123cff493a8f5eacb91115611b6c1c808b30c82af9b6f388c0ef1f6b46d |
| SHA512 | 2fe5ddad2100aeaea35398384a440ba0be169ef429f7e0b69687bc0f8865df41bc93fc80d3a8f0ddd9df54fc2f2d76b1056a1d1962d37432704c818128ffbd74 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\msvcp140.dll
| MD5 | 5fd0772c30a923159055e87395f96d86 |
| SHA1 | 4a20f687c84eb327e3cb7a4a60fe597666607cf3 |
| SHA256 | 02c7259456eac8cbadfb460377ba68e98282400c7a4a9d0bf49b3313ef6d554d |
| SHA512 | 132a9b969104c0a214bde3f8c6e8f754d116cecdad55224bbea7a40cffd98f4e4de503d83d92cca0aaab9ed51c9efa00ad5caed69a9eda71013598a43b161c3a |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5CoreKso.dll
| MD5 | d461f7fca9f7cc55734b0668e5ccb646 |
| SHA1 | 4a83f0ccf3df09f5421f016fee2bf8de96db7660 |
| SHA256 | f4251af34a7cfc5fb74e5bfdac5ac9651b7066fa066e5a5c7c5d150c19318ca0 |
| SHA512 | 94357000adfa2e45e222ac186b19553b415c14e81013bda0e93a600cbadc197f561eaee65a7aed03c265f286f3473625fac2bfb1afb96c80f4972c67eefdb676 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5SvgKso.dll
| MD5 | 74f1aae0ad9c77088879f0f068603b14 |
| SHA1 | 4dc66aca99fca616801e7e1e08eb61e87ad65ef0 |
| SHA256 | 6bf93e0575acec1c1bccf7e4d33a4c9a4f12c51811c41ed695115bcc60081d4f |
| SHA512 | dcabee00b11db242552827663bd8eaba89bb94e4ed2f02793467c21630124074acdd1d55682a56d9b5875b3626ccff99cbab666ebdc8820d1bd4d058ce1ca029 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\qt\plugins\platforms\qwindows.dll
| MD5 | 9f471c987bb028f30b5a51ca83fc5586 |
| SHA1 | d91252f67c70e1b17138133c0d31463da1184176 |
| SHA256 | 555c000fdbddab11c017da8055f58169a55f8772dbac78ca8e4572a6553db071 |
| SHA512 | cc42fdb7ff0d20f485e9d5bcf7df5bf3b79e626ef44c3cae23e9179cf97b197564cb73fa4f2521495f95a3e337c1f0d533f6d3f2c36900a84dc2f546ef5e9474 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5WidgetsKso.dll
| MD5 | 6e3b3eaff5e4feee5496de76532bd54e |
| SHA1 | d3fb5b3edd0039752fa979553da639b9457463b9 |
| SHA256 | e37630a7ea0ba754a51495e7d1595dd8e98bb20f09009f3c62ca48778f1bbbd6 |
| SHA512 | b2458e55d6d3787dc938017a3df99e54ac1d16fb427b33b9309b8b4b7bc905f45fd7431c8d18f5e97f42599aa5a4ca04a01583f2d124d7fe57e9880f97c154c0 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\qt\plugins\iconengines\qsvgicon.dll
| MD5 | d2a04dc52ea4ffcadb4881c9c120b9b3 |
| SHA1 | 5ff9b4de60e3868697d81fb910b373c7c0a7c4a5 |
| SHA256 | 271815def5e81d60dce20a982ad9cec1dc08fb43bf37a29c1266a5a367e5f3fc |
| SHA512 | 3ef40bf306275ff0202d24209274f7a00acf268763ff3e7d5abd81c84b2a398701a2b317aa00e67316b74aef734e11edaeb3e08fa2adeada77e6663cf143bf2c |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\qt\plugins\imageformats\qsvg.dll
| MD5 | 6dd89155cc60c5daf2bec34971d45f56 |
| SHA1 | 5c550dcaa072296d7697947e15daa629b78fae6f |
| SHA256 | e32f73979f372cb76088df4ca8ee621ff9f853352d5236ee14854868212b601b |
| SHA512 | 9896a47418e15b13902cf5300f9331d818d94708f76949f56c28bbecc241e1c0aa153473bde30aa723381045decd01bc375ccdee9b07e00a31dbafa1f51cc961 |
\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\qt\plugins\styles\qwindowsvistastyle.dll
| MD5 | e128074d836e990fa6e8c20c16598f6a |
| SHA1 | 16c786082777f3f80a486d2303360e06f63ed599 |
| SHA256 | 88910fcdc54e2a80a7ec124920cf0af8ee1221480c2ebfd181555ec6e6a9088d |
| SHA512 | 82e95748595102467b0248a7981137e269b8c6123f5383eef40017a0fe41141d59156a6b48bf6d574ed60d8d7929a9a9f34ccb8e07e5089af4ca100a9b765526 |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | 4f56abb6caafc61843f2006052c5d019 |
| SHA1 | 806e3d695bfbe1ac69caca689fbc834ba58c0095 |
| SHA256 | 5a315689277911418f50306f00a6a185220ccd4ee79d0b195cf4dcf38bfc2e74 |
| SHA512 | fa43e991bbd539265dc31e23c2fdf6b2bb737c6a8ab571df36f412b0b9d6c00bdfc372f3a53f4bd4822ef7a79af8c140a84e6f3c820655e38a715a9f64857780 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\mui\ja_JP\resource\splash\hdpi\2x\ent_background_2019_wpsoffice.png
| MD5 | c5ad1903526a9ca4c2f55cfea1e22778 |
| SHA1 | 9c7b9ba9100a919cad272fb85ff95c4cde45de9f |
| SHA256 | 5e7ba996d2331f37b9799767c0fa806cab9a39fea434796ab08dcaf39096e334 |
| SHA512 | e482142e81fbe71666b40f7a2c53702b4278436a0240e0f56200443cf4235d9942cccc3545cc01486d53a0972be553cbf93442e8b05de7b4fcd1fe8a4ec16bb4 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\qing\mui\default_xa\res\clouddiskhomepage\static\js\pt_PT\history.js
| MD5 | b4b4c703bf5c6c0b5e9c57f05012d234 |
| SHA1 | 929aee49e800e88b4b01f4a449fa86715d882e42 |
| SHA256 | 910eada285d4900ea8e36faf305f731cfb200b317ea866839f5f4864a9dfc09b |
| SHA512 | 2afa881ee2f47e97249904b506cf88d68a34c166d9dc0a603f68369e640336f2c0b424ecb7b23d4631a96e175b965478bfa4ebc0224b0410551e55ac4c8ad0ec |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\kwpsaigc\mui\pt_BR\kwpsaigc.qm
| MD5 | 2b42be10ddde43a0b6c2e461beae293a |
| SHA1 | 53888c4798bc04fdfc5a266587b8dc1c4e0103f3 |
| SHA256 | 984ebeef80f6f50907afb92e5b5ae72df49fce045552c118a77a8887cc98e19b |
| SHA512 | be3ebd02d37de367200696351fb5f9cd0ec4c206c3a33f281cb8b62386457a30a899322798c63a0d495577393e47258994feb7f8e2445645f552c2b7a2de6778 |
C:\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5CoreKso.dll
| MD5 | 8104fdcc2caa3b42b140d8498eae6cfe |
| SHA1 | 1413352da713c786d1ff9be2eddda36a8245a8e5 |
| SHA256 | 5a3ea2eee0535589b0de2c1468891c2285570136257261eb50c2744bf5d8fc9e |
| SHA512 | 20f83309437afc57bd4ef58d48c54c229482fd10e3b0e7e93bc8ec637dabb6ce7b6ab67942d97a35b0ff7c8694d054fa3f87a0050c04678509be99cddfaaf675 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\qt\plugins\platforms\qdirect2d.dll
| MD5 | b120a3c32571f1ea2da38aa7bc3fb65f |
| SHA1 | 652d1cc2759e96df7c668b78501a609af5a6a045 |
| SHA256 | 23168a629ec4bd8ab76ef93d32318d70643b0b7714f5be9534190075232fce49 |
| SHA512 | 29283cc3be5f7609f921ef721366f55238456c8c0f574af30c65f6fb266ef699e09316aff5ec6d14b31090ad7f0e6d516d18f9a144df8317b0df0d71e81e7dbf |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\Qt5GuiKso.dll
| MD5 | cd71405fd88a13daeaadc9122878f294 |
| SHA1 | 2eb6ca95ede0507b7fd0fae164b34cebb61dd639 |
| SHA256 | 39963edad28df386ae535070b20371a5ba4de445912df1b1cabff915c82364cf |
| SHA512 | d573962fd3f15f6701477b328d3395a5e4c78fd847e5e7123ab7d58d5e3d51d959765f16e6848fd879e0c527ccdb115aa312074905380a3ac4881dbaca316fe6 |
C:\Users\Admin\AppData\Local\Temp\wps\~f76b339\CONTROL\office6\Qt5WidgetsKso.dll
| MD5 | 4cf25152e7fdc3863d35ab01ed7e5f95 |
| SHA1 | bcf5d327cbd6d6b3903d47c63516d81f56361229 |
| SHA256 | c70e1ad07aa161eb6dd42fe5109c910ea358935c653c0082654f6810df844b5f |
| SHA512 | 706d2edb3c9f4a32554cf07d5faeaa2b7aa8d22f0f0c0076541efd73e093387dd264026dcbae7b790cafd260257288449048df7b277f8407278bf127da669a14 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\utility\install.ini
| MD5 | 183330feb3b9701fec096dcbfd8e67e4 |
| SHA1 | 2f43379fefa868319a2baae7998cc62dc2fc201d |
| SHA256 | ac4f26a184114522200169c5f57a0af4498a20d19b7ec6def14dd2c6413eb475 |
| SHA512 | 643cc197456f15da6ddd6eb904f2b25ad4236a24310d575958c0c8e457a33167e748d21184162502a295fa466c031a837511d4d5348fd67499ede1b60065c471 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\utility\install.ini
| MD5 | c7a10599297c9d06acf8bf4b83ff3d7b |
| SHA1 | 08c314c300a66c56c3ea9e5a6db42c448a236bf0 |
| SHA256 | 160c900a8ecdd59c47d06b2d250aad79ff93ae1c233dafc09e4e854e8015ac93 |
| SHA512 | 73d5a9dc067231009a852a64b97196a8b8832f1a376786db3616ed12b4391656b88804a990c0579b198e9e780ad8e5c12f8cfe71a41d3b5ded83d9929cbbb79a |
\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\Qt5NetworkKso.dll
| MD5 | 890a5bf085167cf3aee0f4d57b7e05b6 |
| SHA1 | 1bbfe7ca2cf0678b433790289cdc7db57d68e36f |
| SHA256 | 7d16714b843343e370ec36bda4a058280ba3528636c57a085b168c979f1f48c5 |
| SHA512 | e44385e82c2a85a63d3860f590003d9d42d2343a78e9501541208363e3ff9c76f46bc25f36fb7f326b13143fd259dfaac71e49caa7f0edf02c35d1f479627c4f |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
| MD5 | 75742bbf10df9fa3be5b48a5aa0b7a0f |
| SHA1 | 431d42986fd9d198c0edd3555991ad8b7be68822 |
| SHA256 | de198d6174ec79954964fbc1cf758e4e42f323615492540cce90d1f4432da226 |
| SHA512 | e5219a3ca7b4c9eb791128ca905b653cebfad4df751282ca1f0f28b5d026d5b24c420b4ee00c09e53106c6059e20ac9c2581e4997674accd892f5a76d05bc3ac |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\cfgs\setup.cfg
| MD5 | 7d78a2449b45fc839f125b47b637bed0 |
| SHA1 | 29528d84082fe773bbd0570629437ce66d9125d7 |
| SHA256 | 45cff35c455d94d3832155bd0f7725d7f2734818e688258f033576d0e54cd5b5 |
| SHA512 | 06b74bf4c906c029b3005ba600d02bd7815b4b14e4795548a89ead1669cd87a83ad00a4f4adbdb5414f73db1ebd0697b0f91029fb07ed6894e9bcbf833263a03 |
\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\api-ms-win-core-synch-l1-2-0.dll
| MD5 | eb6f7af7eed6aa9ab03495b62fd3563f |
| SHA1 | 5a60eebe67ed90f3171970f8339e1404ca1bb311 |
| SHA256 | 148adef6a34269e403bb509f9d5260abe52f413a6c268e8bd9869841d5f2bd02 |
| SHA512 | a9961212b40efc12fd1ab3cc6551c97c987e73b6e409c9ab8a5e1b24542f9e5884811f06883bd31d2585219c4f60c30de2d188788513c01b6cbfe22d539d7875 |
memory/2584-4018-0x00000000373D0000-0x00000000373E0000-memory.dmp
memory/2584-4019-0x0000000070530000-0x0000000070E86000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\ksomisc\ksomisc_2024_05_09.log
| MD5 | f1b0b2ded080411146a0ed810d39da6a |
| SHA1 | bef2475931ec2d0ca7506b2ec2755245c1251a3e |
| SHA256 | 1f213631ece79a64628871438e860cdc4e1f9d8ba45038c55345c986e01eb336 |
| SHA512 | 2e42ffc373d1808a70aa23e1b2d87e1cbde90c4e363132eefa9552fb26d408b8b31d8c1ecdd3db1e1f55c9562344a65129b8da1912070095a89540ae60c3937a |
memory/2584-4022-0x000000006D040000-0x0000000070068000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\office6\cfg\localconfig.data
| MD5 | 399414494af9d9062c1f5d8a2cdfd373 |
| SHA1 | 6d5e24562fb818c83ffd6940d1f2c0797b67876f |
| SHA256 | d6722ffe62a6c0c635975a38b5a2cf593390e9ee52c72b1f778c2f5b49a1eb60 |
| SHA512 | 3285e12bfcb320fe0d3221812d10141f50d9e9d29b198008b43d8926f8b92262f854943246eac5bf046c878c1ff1166d1ef3c2f917844ba4cd34ec4625e1ee5a |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
| MD5 | 144c48713c3dcf8961602bc008bc0fa3 |
| SHA1 | 47fe6c8e5d35cda6092d2aa1ca119b3b097858e2 |
| SHA256 | 9ab28c6f66d8900a2f3b3d78c0f1ea6cc1abd55e86c17422c0632997800ac846 |
| SHA512 | 0209e683ca66750e9ba44e47da08a67017bf460e669e7d36998e5504ab8114c8004760457a503c447eb890a0e05fc82cc69b713cab4062a815176be3fb3721a8 |
memory/2588-4104-0x0000000036FC0000-0x0000000036FD0000-memory.dmp
memory/2588-4105-0x0000000037040000-0x0000000037050000-memory.dmp
memory/1240-4103-0x000000006DB20000-0x000000006DB30000-memory.dmp
memory/1240-4102-0x000000006DB00000-0x000000006DB10000-memory.dmp
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\cfgs\oem.ini
| MD5 | 223673e5e8d77083765b70ddf7a0f7f6 |
| SHA1 | 3b5c4d6304ed6ada0ec607f44a2aace24ec16126 |
| SHA256 | 9089b4fee2d7596812c52f11dbc9855ca5b2b1ff0a9dc237fe630722b10ddc82 |
| SHA512 | 62f5a40fc698de593bf29c3ab4d278d798bdc6e65693ca30f85506c95f408f17a00da048e42a23dd5702fe322066a87374cfeb0942d15f3fc791639aab924f52 |
C:\Users\Admin\AppData\Local\Temp\Kingsoft\WPS Office.lnk
| MD5 | d85bea0be54d2d7fb5e617933c98e05d |
| SHA1 | 58c22cd9e5667faf13187912d3084ee57751b896 |
| SHA256 | e87522fb06ed709ba8b93cd35aab296ca9d91ca6208b97bac6bce26c1c6481b8 |
| SHA512 | 7ecc093c76d3e5ec57e638d053d482338c2df1bce77231bc272bd5e9c2199180dffca71dce376b079b16392dfa24b37381ca4e77c3f07478328ac5002516d388 |
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\LB787TB85PX9OY73744L.temp
| MD5 | d6d46e6255ae090688677cb7354fdf05 |
| SHA1 | d7ebf2b57dae41a3e687f9c33d0cd8c3747664d1 |
| SHA256 | e0b22289d154900ecb9450e3ca3a226d31e5897aea0b49547c3b2917878fb5db |
| SHA512 | 391a5f203cdb7f8c9c5881118d43921722fca90d607030b244e9d35cf9d66bf4db4b37634a749433ed82f94172a27bf7dab93ee56dffa99c74b8a41f3990ab7e |
C:\Users\Admin\AppData\Local\Temp\Cab1A85.tmp
| MD5 | ac05d27423a85adc1622c714f2cb6184 |
| SHA1 | b0fe2b1abddb97837ea0195be70ab2ff14d43198 |
| SHA256 | c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d |
| SHA512 | 6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d |
C:\Users\Admin\AppData\Local\Temp\Tar1A97.tmp
| MD5 | 9c0c641c06238516f27941aa1166d427 |
| SHA1 | 64cd549fb8cf014fcd9312aa7a5b023847b6c977 |
| SHA256 | 4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f |
| SHA512 | 936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06 |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\update\wpsupdate_2024_05_09.log
| MD5 | 0697f543b40a0db5e1c5a04af64ae693 |
| SHA1 | 3bc891eef4d66ec28f1244a7a84bab49a8c2f6eb |
| SHA256 | 4211540acebe3a4f81dd83785d56f1e4728f4cdf568f171d536699483bc1f059 |
| SHA512 | 96f477def67f0edb347ca0ebd36361c08e496ab349a4fa43fe57dced45d891ec50310f4ef2d6258e43cf0d0a43180280fad38034f388eec63150d4d06e4d8bae |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\utility\install.ini
| MD5 | 4575dafa42048d7d0cbf2607be66036a |
| SHA1 | 31614b05ee0a24626fca02d95c0f39716d3f267e |
| SHA256 | 0801c8b80a4f94fb3659e57fa10c601ce6b98ebbaf33e9928c27dcba4b321803 |
| SHA512 | f48dd6ce186136577ed42bf16ad1265c04ba39de1d03b4c8b8166e7b644bc467aece4a351f4a440ba8b920ac9b384e533b9f696b2ad26ecb8b06f75a5ef29631 |
memory/2460-4744-0x000000006F160000-0x000000006FD0F000-memory.dmp
memory/848-4752-0x0000000068CD0000-0x000000006BCF8000-memory.dmp
memory/2412-4763-0x0000000073E40000-0x0000000073E43000-memory.dmp
memory/2412-4765-0x0000000073AC0000-0x0000000073B41000-memory.dmp
memory/2412-4764-0x0000000073B50000-0x0000000073E3A000-memory.dmp
memory/2072-4768-0x00000000373D0000-0x00000000373E0000-memory.dmp
memory/2412-4762-0x0000000073E50000-0x0000000073E53000-memory.dmp
memory/2412-4761-0x0000000073E60000-0x0000000073E63000-memory.dmp
memory/2412-4789-0x0000000072640000-0x000000007264F000-memory.dmp
memory/2412-4788-0x0000000072650000-0x000000007265A000-memory.dmp
memory/2412-4787-0x0000000072660000-0x0000000072683000-memory.dmp
memory/2412-4786-0x00000000726E0000-0x0000000072829000-memory.dmp
memory/2412-4785-0x0000000072830000-0x0000000072CA1000-memory.dmp
memory/2412-4783-0x0000000072D10000-0x0000000072D13000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\wpsoffice\Local Storage\leveldb\CURRENT~RFf772913.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
memory/2412-4782-0x0000000072D20000-0x0000000072D25000-memory.dmp
memory/2412-4781-0x0000000072D30000-0x0000000072D33000-memory.dmp
memory/2412-4780-0x0000000072D40000-0x0000000072D43000-memory.dmp
memory/2412-4779-0x0000000072D50000-0x0000000072D53000-memory.dmp
memory/2412-4778-0x00000000737E0000-0x00000000737E3000-memory.dmp
memory/2412-4777-0x00000000737F0000-0x00000000737F4000-memory.dmp
memory/2412-4776-0x0000000073800000-0x0000000073804000-memory.dmp
memory/2412-4775-0x0000000073890000-0x0000000073894000-memory.dmp
memory/2412-4774-0x0000000073A60000-0x0000000073A63000-memory.dmp
memory/2412-4773-0x0000000073A70000-0x0000000073A74000-memory.dmp
memory/2412-4772-0x0000000073A80000-0x0000000073A94000-memory.dmp
memory/2412-4771-0x0000000073810000-0x000000007387F000-memory.dmp
memory/2412-4769-0x0000000072D60000-0x0000000073263000-memory.dmp
memory/2412-4766-0x0000000073270000-0x00000000737C7000-memory.dmp
memory/2412-4784-0x0000000072CB0000-0x0000000072D0E000-memory.dmp
memory/2412-4760-0x0000000073E70000-0x0000000073E73000-memory.dmp
memory/2412-4759-0x0000000073E80000-0x0000000073E83000-memory.dmp
memory/2412-4758-0x0000000073E90000-0x0000000073FAF000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\plgpack.plgx
| MD5 | ac0da90737a20a2a73b5df5ac2619c6e |
| SHA1 | 19c4382092fda4bc03398a36f9f498f09a67033a |
| SHA256 | 365a590c88cbf825e84b51f398007f05c5e8397e3903950f9860d04067b2ce9c |
| SHA512 | ef8a4b387912b879adf5ad4aef9259ae2b67c2dd62a1c8268cff0b1577e330113e16f55de0a23f3b61add3283c41d131703c0472d3828b0e0a0619d268f524d2 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\krpt_1.0.0.107\download.7z
| MD5 | 0edafbd62638a75ae8b4debc9fd0b3db |
| SHA1 | 814e953384ee2771bfcde0584b0f6f5691217ede |
| SHA256 | 3332953a07daf624094590bc8d2bf9d4ff1ec12c53a43a7310efa11c7cfb71e8 |
| SHA512 | ab42c6b7922f7137779417bdb5246ff660133f8d566a54fd067ecf787d27ffaee1d65704a4b9574a6fffede9b497b93638f558ff2689d375017d5b074ec88120 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kvipupgradepage_xa_1.1.2024.1\download.7z
| MD5 | d791a4c5021c3934aa216b9bf5b447d0 |
| SHA1 | f954fe837a9fda1f8172280beb2fe9b578a71a51 |
| SHA256 | 1af1948f4c1f6f753b3a920a787552a072d88c060b7fd3a834343f0dc9f2fbfe |
| SHA512 | 32b91c12d8922ab3dbb9735770e8533c3de84c9562c3725606d42d50b3acb97891eb65660c7bdd36684c7fabca07e054aa8b4b667b6f701213e33f08a187bdf2 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.4\res\index.html
| MD5 | 66bbeb8733bee0c788685880cc46acc5 |
| SHA1 | 07d104aa23fd4ad765095ea771667e1440ac6bca |
| SHA256 | faf96f1472b09c6eed78da690151b5b57133733e2f562dc6678602746a79342b |
| SHA512 | 2d919a92b2c425d0f08d609fd825de151c5ce54cd31d83405054fa84194c85568ba512af4f1b38136c12152764ae0ae34441f36b4f23ed5ae74438502b0d1558 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.4\res\static\js\manifest.js
| MD5 | af5a4ff62384fe67791d8cde9176ac0d |
| SHA1 | cf5aa9528fe795b75a569352466ad944652185c8 |
| SHA256 | 5d1122539ce1ae98804e216cbfcada9f2603fe4f86454b2b29e7d7448da97891 |
| SHA512 | f78a72b7ba06b257fec3a97bb62d20f7562212e995d62438bfe3d8181fe7f56c3e14194e9203e64b0e259a7cbdd900125f5f185bc8d736c881f8ca0e2920273d |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.4\download.7z
| MD5 | ded028d22792f4a299acbd2d410e5f0d |
| SHA1 | 940944738e557237c0099117c635da874cf78263 |
| SHA256 | 20d84711493557b73f42b31171cc6840a8079248209768ddc75d10da46ab6bc4 |
| SHA512 | 28ff645f3e78ca9a88cbdaeebb47504178385627d1fbdf68b099901e8db3afc470251413a453c82e7633c232a7c4400789819213fe79e7e3518791775f8d54a9 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kscreengrabapp_1.0.2020.193\download.7z
| MD5 | 3b91ab7795510566a0cb254022445a1b |
| SHA1 | 2894a929aaa08aafc6bc74278a1511cec2204223 |
| SHA256 | 223f4d92777f385e8ac9f8055ce1362bbbcfa525e36933605481abfdf8f48c79 |
| SHA512 | 53ac22c66f8883781d2904ddbc40d72fcbe9bfa586b5f4e1c083dc7ea45076ad1d2bfa9de2ce5e04b3c8bc9770f633249103761d7874e56662644d07cd502db2 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsbubble_1.0.2024.3\download.7z
| MD5 | 54079bd7a79b895706cb6ad73cc4c627 |
| SHA1 | 45068e27f84dcd16044f4628a020629d0360d8b7 |
| SHA256 | 355d005cf859c66b298bf475fd646c67ba5fc952c9f670f1b964714b24f197df |
| SHA512 | 94d65c7336e0e8597a83c633dd734157ed17d03f9317b9857141724af6b5948c20f82180b4127dfac6da3dadbb4d8aea7ecf5d23d92e87ed719a480a5b1a6c68 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsbubble_1.0.2024.3\run.ini
| MD5 | ad3a68e7d8c8bf2470282567d8ca7ded |
| SHA1 | addb5ab04165b4743ffb985918c08ba0a76a6eae |
| SHA256 | 27e743bc78f9a2862d822fc171789160905ee26545466f93052f8565aebd523f |
| SHA512 | c8e4b63fb79c365cb48a0ee0c4351f6f94da9ba8ce62f0b14d8ed45726ebaa478f581efb37e254e75e1c561f5ffa1d8985e867957c68c04b8eaaa2945e838505 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Local Storage\leveldb\000002.dbtmp
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.3\download.7z
| MD5 | 87eddda6cfc1c6e1c86e1b3b371f369d |
| SHA1 | 7910a432cc964bc1e1be51e0cef2e986cf54eec2 |
| SHA256 | 4cdfc143513060130052f306c0a7cb93731967dabbbfa22cf892518bfb0a6d5f |
| SHA512 | c7bd1162cd851672e9f5ed21e8fb88d734232360be0433e98a82a9f04a4f35e2f59ced11716244f3f30ca021eebe111ef9b6e7df5eaa1c356ddc75f99445cdc8 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.3\pdfwspvreg.dll
| MD5 | ccd17aaa7644b6979f661e7c72fa077d |
| SHA1 | 9cfb25754ac4a4ed487ce6c4655ccc78b5aef975 |
| SHA256 | b5245881da869ea02155d4052eda1390339c87496da055f85c3985a912e0401e |
| SHA512 | 2199d618af0d3fc948f4c39700cc8cefa07ed75db29ec348c71c013678a9ec3befcdcc5c3cb1d804abca5df4c3e6aec10caddb29188f28fc27313d6609dc2a49 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.3\run.ini
| MD5 | 0d914e316c8fc542e5685b1598899979 |
| SHA1 | 52e575fc0c66b60cd79d29ae4486944cf06995b0 |
| SHA256 | 484e6146403c96eaeead06a97a8ed86d67334a9185bf009a44f7b1cbe5402e2a |
| SHA512 | 77ca461895bc65f31dd8fc5182dbed383804b4d3315e210bf65195776510bf9c09c11d87589796ec1bd272f67762e5ba28be4d64b8a58f2577cb6da79dbd7319 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\qing\plugin.plg
| MD5 | 1ff60a068f44142fa3224b08b945678c |
| SHA1 | 42e2a481ab3443a2b69bc95dd36777f45f2ebbf2 |
| SHA256 | f3a2fff28be165f85dccdb23ff7d5b252d4498dcfa2db604cec8481dffe799e0 |
| SHA512 | 6082e3b8b9fdcb3ec83cc9aa16b7fcbd320dd18116f3bdce948de50d8504a824a33490472e418ab165dcb2b61bcd030dd5a8cc92ac79decd199ca78288914315 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.118\mui\es_MX\kdiagnostictool.qm
| MD5 | 5afc7d8ba894df59c2b3f44726cfc2db |
| SHA1 | a21a7a8fd943455fa47cc5d950603bf1bc5a145a |
| SHA256 | 4824e414e29358d0011ad1195059bda195a90cedfbd4c0f07f8cdeb0e84dc2be |
| SHA512 | a9a040e0f3555f61094b42202581a262d29377d414dc6a87596a2bbe4daea8fa3bf2eb10ac52fa6d94a522d54f404e247ee7b272cb41acda898ed6734c8ed639 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.118\mui\fr_FR\kdiagnostictool.qm
| MD5 | 62f3720e184f094c874fe0eab7f0f598 |
| SHA1 | cdd858a80bbd1268e7c5278ebe19c35659871d2b |
| SHA256 | bdf3b27cc070b3cd9deb9a5e2bea450382d6851723c266eb0d5f3db4798f5a14 |
| SHA512 | 14f532053b0272fe0c614de9b56bfd9ac85aee11e878e099531250b00f667d2428789e81b5ded64cbe51dc8e3e8e19d7cea8dc08314b1c0274de15fca17b92b6 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.118\download.7z
| MD5 | 422a47b49c81c94a1f10078e376096da |
| SHA1 | b2454a1d09f83138c903d9502c32124d6360904d |
| SHA256 | 9b9eb4c2cec67ed2aa307ed978701ddc86f0b63ab63fdf9b3430a91237a5f59c |
| SHA512 | 2803ae66ca2a6b2e4a4881a1266c02048d8d4a86a9ffcd01696b4463d3a18846261877933fa4cff503ca984d59976effde7de0db830b96fa4267c4d41ebcfdab |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\wpsbox_1.1.2020.213\download.7z
| MD5 | f3ff3c47ae68b0e6234b72d354ac191b |
| SHA1 | 26c380b44ad61b258a6de56c75c7f568d8c0f876 |
| SHA256 | cbac9ef94e6c6dd11019653c64bec6a3e6970779604555f5f77974258c214333 |
| SHA512 | 43f892f5172b03e4e7d8f3f3632012ca62a7cb104f26d7d746005abf94472eeff881087c1ca73483f1079f21befe321af7372c6e17b26bd77f8fd9a03935ed95 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | 29f65ba8e88c063813cc50a4ea544e93 |
| SHA1 | 05a7040d5c127e68c25d81cc51271ffb8bef3568 |
| SHA256 | 1ed81fa8dfb6999a9fedc6e779138ffd99568992e22d300acd181a6d2c8de184 |
| SHA512 | e29b2e92c496245bed3372578074407e8ef8882906ce10c35b3c8deebfefe01b5fd7f3030acaa693e175f4b7aca6cd7d8d10ae1c731b09c5fa19035e005de3aa |
C:\Users\Admin\AppData\Local\Temp\Tar3AF5.tmp
| MD5 | 435a9ac180383f9fa094131b173a2f7b |
| SHA1 | 76944ea657a9db94f9a4bef38f88c46ed4166983 |
| SHA256 | 67dc37ed50b8e63272b49a254a6039ee225974f1d767bb83eb1fd80e759a7c34 |
| SHA512 | 1a6b277611959720a9c71114957620517ad94541302f164eb872bd322292a952409bafb8bc2ac793b16ad5f25d83f8594ccff2b7834e3c2b2b941e6fc84c009a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 6c1753d9e1d105ef6c0ae981f758d153 |
| SHA1 | 8b934fb3e009d0eb3ef5dc598d473afe1c66052c |
| SHA256 | 92b626b176928c3eb72385c16297e2f154e04467af1d57faa373c21ace1b8ac0 |
| SHA512 | 3efa57a0793195a2db46e233122382db32fbe1c588cd9c0a87bc9cb275e0a1ab957c6ece17b5689716927ced15241120ce8dfd74aab7b1275aee66badf10bb75 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.9\mui\default\icons_svg.data
| MD5 | cfab0f157385566514db45630505743e |
| SHA1 | 22fd33d784d7e92ecde36c0bac58c7b0efa6bf01 |
| SHA256 | 80a03cc09cb0de9a155f9cff1f85b8f10dfdb89759944380da08ade1de6b9e7a |
| SHA512 | 0b5ce5bf919f8ad1f86d80412453ba578d240aaf817bab95e7cca50e9c094b40d6ade25ca33c5fe8b86fe74617a1944730bcf1e969e007966acf11d431d03a7f |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdocreminder_1.1.2021.136\download.7z
| MD5 | 31bdb9137432706b904e8dfcdccde030 |
| SHA1 | d26fd902b9bc1048731983854ac605e894075130 |
| SHA256 | af28e7d61a9b2467a78098341ca188626a90acfa0df4b8f81587d1c35f89a55a |
| SHA512 | 119341029755a087f45a32d3d94dc320fbbc7f599ba9ab20dad4479e1a08d24eb7799cdefcb47051ba835e7fe2c220e4e153a3d660b9a22e2a56cf82910e0280 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdocreminder_1.1.2021.136\run.ini
| MD5 | da4b75c3d70c08be415e7b25abdc11cf |
| SHA1 | c84dfbb528a3c8ce94d068dfc5fbdf7d621d0225 |
| SHA256 | e93c62beee030970bf56bf0a3aa372ab0b155c1c3436173617c8c735024e8f36 |
| SHA512 | 0fa811055deed42a6cbc0f16f93da173718f4169ebf8d4ea125276c6225ba033c7644a68ee010250379b67a057e17e5cba6351deca067850ab318c505f49e491 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.9\download.7z
| MD5 | 820d0d38598cc67166dc5916e50843ae |
| SHA1 | bb5b07d1b80bcd21b48da146e9c910ef778293d8 |
| SHA256 | 7262c3145aa2940abe1b2f5bb2a3f20147dcfa8e6ee9fed3b001ef51a784ba82 |
| SHA512 | 599502b8285068af17647a843d38698a0f5469231da1d303996afda18200bc90538a7d91b0e7261917acaa00b2367f1471895dd851ac9052bebbf71e131d625b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wpsbox\plugin.plg
| MD5 | 2590ea571c92102a87bfdd67ea4c2198 |
| SHA1 | 05cac266ea786c20b033d2d4e47bd52b44743868 |
| SHA256 | 497d08eb919b25ec696d8cedeb37dd70438e963a3876eddbce65a5c3d6b38d16 |
| SHA512 | ab877c22d0f48f4a06f05fc7cec9717cc992d5619c97809e0462640b0e60c1c49e19f2a897fbd0964cff175008ee9d11ae02c820b2a9bde68e03a8250d8fe540 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wpp\plugin.plg
| MD5 | 02608cde8b78360e28afaeea1d19fc68 |
| SHA1 | bf726db0557421384fc8471e736b1ae77606f58b |
| SHA256 | c76636ad3595186c5ed8b2720ba266b5d4ce7d4914de5f47ce7e8e55a0d00502 |
| SHA512 | 3712c4f450ecf188f0460cae48ed191897d61390d3c46c1b834cafba8ae5102aeba6252f473af6cee2eff3c28f790c9030a4bfa3832379e56edee29a943e117e |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\photo\plugin.plg
| MD5 | 4f1d6ac2c1e920761c52a2d9c0a872e6 |
| SHA1 | 86c6daaa12c5b36dcbc333fd7f5cb0be7c7c936b |
| SHA256 | 6326a5629d8be738d11ec54e5127a32a06d989d62a72afe9546a665a81c04379 |
| SHA512 | 94da0cd58e660fb1caa1854ff70035b447eb6a24c2887eaf729b19c7d207abf1005adbefb4d0503aa0d4217f2b709e183e7d425e115da681d2fdc9cc0cc52a6c |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\pdf\plugin.plg
| MD5 | 0610281e36fec15f6d9c5b757a6fd2c5 |
| SHA1 | 09eda1eb8d6f95f8ba607f02f1af227bfed887bc |
| SHA256 | 365d5ec6366728883fa4509e7b937ae0a575174f0924aa041c80562dc9bbe65e |
| SHA512 | bec747070281958f0e261dd9add3e2bc90df23bc7792249bde1f7d7d52dfb1c481719ffd3fc5a0acc75b4d20edc1059064afda71aa135aab7ebe1ec4c4f17dfc |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wpsoffice\plugin.plg
| MD5 | 90abe12bca7b280b363c545b461831bb |
| SHA1 | 422660560fdc23c93b3206bd863996d4d552c9a0 |
| SHA256 | 1dfe4c8aa454ad5ca6d96b32db5a886458acc95b1c693c8faede4ab229e17965 |
| SHA512 | 469de76962db937062edad100c225d5352d730f3df34549eb4835bbaff1a1e14019658a4d93fc9a1d2a85157e6b83b3007b956d71f5f8c930525b4165de92509 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wps\plugin.plg
| MD5 | aa556ae2a76725f3ef5655f16ab478f8 |
| SHA1 | 0dde21b78e390181d3233d74946913703f336dcf |
| SHA256 | 854794ca8530d34479cb8205f16749006ae285c7d2dfcb2cdf98b41a880122eb |
| SHA512 | 8a6127af209b1590761928bb9043eb7975588ffbf2ab4c5b1ed5a3c4e6fd71c266460f661636af8f0e4de3bf5094985d3b8dca061f940d296a61403cff716afe |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\kappframework\plugin.plg
| MD5 | 773c95535f7eb6a316b5ad63a15a2449 |
| SHA1 | 7fb34309f5f5bf1fb769370f5bde00091e6520ac |
| SHA256 | ef7a43d0cf98859a7418b8b2f65ee1a140dfbd608fa39d714786c64968d214af |
| SHA512 | 7137edccff0eebeb8196a3e5cf94c69d821a1bd566fa8b0649bcff17a12fa013212e609dca9b05346142e91b427825d3657489928a1affd46e046c4d77a5454b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\pdf2word\plugin.plg
| MD5 | 1d0fd57efa2cd6d7db0078b3cb6fa54d |
| SHA1 | 3da7bfb85e030fb1e137a3fc006b5e630e3cf594 |
| SHA256 | 3cb7b3a5d576b96f4cec9a0168570f494b77336a55c9123ea1deb7986ca8aa2f |
| SHA512 | 5633d8e1a1e60c213ebd804c5292d635119dc044b2adff91805011d4bfcf1da5ae962544684ad96eeed3a8a31a82d3ee00c026a5f0abb65e8711a7d1e2aac767 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\et\plugin.plg
| MD5 | 1c97e9eb8c02d24e794c4826339cde61 |
| SHA1 | 419d0e62b0828b9f45d4589abf6c7938d8c4618f |
| SHA256 | 71f5db321dbf23853ceff4aaf2139987da07617774353e405b0b3532b6623c9a |
| SHA512 | ed95918d92c95b1c41368f0c77d4662ab4c1f3139d9ed6ea689660530fdaa506bb81920cd02ea16768c902b8965f70255bad0a5006cf08e2761a35d6fa7c3af6 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\premiumcode\element-icons.ttf
| MD5 | 732389ded34cb9c52dd88271f1345af9 |
| SHA1 | 8058fc55ef8432832d0b3033680c73702562de0f |
| SHA256 | a30f5b3ba6a48822eae041e0ca5412a289125e4ba661d047dae565ac43b4a6b2 |
| SHA512 | e8971ae48f5287d252f5b0a2d0516091bef0d2febf7d01fd7b435e426d106fea251037439ec42c2937e934b66f38e5eb43d00a213cdf334f482f4a06b1817f9c |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\premiumcode\element-icons.woff
| MD5 | 535877f50039c0cb49a6196a5b7517cd |
| SHA1 | 0000c4e27d38f9f8bbe4e58b5ce2477e589507a7 |
| SHA256 | ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17 |
| SHA512 | da269b20f13fb5b0bb4628b75ec29e69bb2d36999e94b61a846cb58db679287a13d0aa38cdf64b2893558d183c4cc5df8da770e5a5b2a3288622cd4bd0e1c87b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\vippayment\assist\base64.js
| MD5 | 12477cb6bc99f90086f05e54ea7dcbe8 |
| SHA1 | 4009eefda873514a6579830888d5f12c50d7b3de |
| SHA256 | 6520eca957e8a4d7e68e0dfe17f1cea9d42c6378962f454e7a911ff32e5e6248 |
| SHA512 | a7a16f935d71f60bb382622ff781a3cef234865efbaef62ee268163a416bdd9ea285f33c843fb729cf8b8eb6d18a81de5311b01d19b48c998b08d79f29e59d13 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspv_1.0.2024.3\download.7z
| MD5 | 3303884fbf771d8e3dd645bbc8bd76cc |
| SHA1 | cef8fe59d3161645cec87eae5d8d426604e4f2a2 |
| SHA256 | 77756cc9c3fa51ec2bd20a39f9c3ffabfb152ac4dd285bf8befae228971f7cf1 |
| SHA512 | 053abe0567cf8e99c49b9bf3395dd5e8db1c360dd4805c516c9c97ebe0532b0a9090e6fc2f41fbaa910fae21e594d2850729dd527b72dfbbceb53e479f874b62 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspv_1.0.2024.3\pdfwspv.dll
| MD5 | 4c6221b526433ba802635e2fa0d53ff2 |
| SHA1 | 059bf2b126ee3b901b7a9dee8b53c7e648cc5ebf |
| SHA256 | 300994947e4af25ddcea546e285f9d35131e7efa0070d9855d873646d4a73177 |
| SHA512 | b1bdfd321ca6b788948383902b9f317bb46a8abfffc4fda29bfd51381f96be9af35274ff7d62c761fb83b09a05e2bb179df6817fc631e67a315787b86f4b31f0 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\vippayment\main\img\loading.svg
| MD5 | 544223e85768fd134633a1af9d5bf536 |
| SHA1 | 5536a0023ddbfb2ab67e9ad8ca4d38c60f413b9a |
| SHA256 | a3df9710c7e09fd8cffc14bfe45f5a1576deb1846ced44e5050b34caf5527049 |
| SHA512 | a5cacba054d41af8efd607074c02f36ab731b5d6bc9ffd3bd7ce6b09a4af09b31e29359eb965728d2a00849467b1af66e16186a0c07b4415b3b423a5ea4f68ca |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\download.7z
| MD5 | b940bcdf5973099a51bfe448a9ead54a |
| SHA1 | 4c1b47814c8620283b372d476d264209051c9e44 |
| SHA256 | 76b12ee03d41b2957ba52a0c7a64de8022c048ad9eadb13b4c99ff08955ce085 |
| SHA512 | dc900f0a694d09e2d0cecb0082105df9e9dcd7f7cb0564db5983d8c4977f7f9323ea6dd565665ccaafb60b5b448c38f2c45ef64af4dfa55a051a263623ccd295 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Code Cache\js\index-dir\the-real-index
| MD5 | 851a14f5b643c518a4a21bcd2533e187 |
| SHA1 | 774677a7257b42356001ba3ca959a888b6750699 |
| SHA256 | 72c39e61cb472d742965b77c08bc710f49c929d87e1c9cbebe7ccf15936284ae |
| SHA512 | 52610690910d7f65954195b24bc8fe11159afefd981234b2dd779602edf95f0fa0bca43efb27715ebd70256df41deb5903055c7fc9f5e3c808ed4443986bcd3a |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\wpsoffice\Network\Network Persistent State
| MD5 | 2800881c775077e1c4b6e06bf4676de4 |
| SHA1 | 2873631068c8b3b9495638c865915be822442c8b |
| SHA256 | 226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974 |
| SHA512 | e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Network\TransportSecurity
| MD5 | 15b627c2b2bec475096438725e10300f |
| SHA1 | 52f707aa0058c15cc1233546d358f9c0ef5815e7 |
| SHA256 | 9948fd78fe53145670292e2dc291f67f22d47863e0f2b4c8e07987ef6a2f8976 |
| SHA512 | bab6b9aaf95e1061f7ddce392849e5dc1e635c1fa6403e765c2a504a3bda9e8534fd3de941f166b86bb20ce48f672942be04b5aff9f795b9bfa1990a08cd77a3 |
Analysis: behavioral2
Detonation Overview
Submitted
2024-05-09 18:05
Reported
2024-05-09 18:08
Platform
win10v2004-20240508-en
Max time kernel
101s
Max time network
148s
Command Line
Signatures
Brute Ratel C4
PrivateLoader
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\cmd.exe | N/A |
Reads user/profile data of web browsers
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe | N/A |
Writes to the Master Boot Record (MBR)
| Description | Indicator | Process | Target |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| File opened for modification | \??\PhysicalDrive0 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key value queried | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
Executes dropped EXE
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\lnkfile\ShellEx\ContextMenuHandlers\ kwpsshellext | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\lnkfile\shellex\ContextMenuHandlers\ kwpsshellext\ = "{28A80003-18FD-411D-B0A3-3C81F618E22B}" | C:\Windows\system32\regsvr32.exe | N/A |
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f006500740000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700070002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{912ABC52-36E2-4714-8E62-A8B73CA5E390}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020832-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /et" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020812-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c00650074002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{AA14F9C9-62B5-4637-8AC4-8F25BF29D5A7}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020900-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{8A624388-AA27-43E0-89F8-2A12BFF7BCCD}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wps" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020830-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wpp /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020820-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /et" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00024512-0000-0000-C000-000000000046}\InprocServer32\InprocServer32 = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\refedit.dll" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{DC020317-E6E2-4A62-B9FA-B3EFE16626F4}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{E260F96C-8EF4-4C24-A2B9-455F1D116531}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{44720444-94BF-4940-926D-4F38FECF2A48}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020812-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{91493441-5A91-11CF-8700-00AA0060263B}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wpp.exe /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{91493443-94BF-4940-926D-4F38FECF2A48}\InprocServer32\Class\ = "WPS.Office.Interop.Wpp.GlobalClass" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f004100750074006f006d006100740069006f006e0000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{A1BBCFD9-B54C-443D-BC56-0BC3840120DB}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wps" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{64818D10-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{E260F96C-8EF4-4C24-A2B9-455F1D116531}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /et /Preview" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FE-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wpp" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{7C360CF9-D475-44FC-8163-AD6C95CF5F5D}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /et /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{000209FF-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{64818D11-4F9B-11CF-86EA-00AA00B929E8}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\LocalServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPSOFF~1\\1220~1.169\\office6\\wps.exe /prometheus /wps" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{F4754C9B-64F5-4B40-8AF4-679732AC0607}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000730000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020907-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00024500-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{45540086-5750-5300-4B49-4E47534F4655}\InprocServer32\Class\ = "WPS.Office.Interop.Et.GlobalClass" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{45540001-5750-5300-4B49-4E47534F4655}\LocalServer32\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /et /Automation" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020900-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\kwpsmenushellext64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\kwpsmenushellext64.dll" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{0C7FEF07-DCD9-4120-9647-D1CE32F289CD}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020821-0000-0000-C000-000000000046}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f006500740000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020812-0000-0000-C000-000000000046}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{048EB43E-2059-422F-95E0-557DA96038AF}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\CLSID\{28A80003-18FD-411D-B0A3-3C81F618E22B}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020900-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{00020906-0000-0000-C000-000000000046}\LocalServer32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{18A06B6B-2F3F-4E2B-A611-52BE631B2D22}\LocalServer32\.ksobak | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (data) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{CF4F55F4-8F87-4D47-80BB-5808164BB3F8}\LocalServer32\LocalServer32 = 43003a005c00550073006500720073005c00410064006d0069006e005c0041007000700044006100740061005c004c006f00630061006c005c004b0069006e00670073006f00660074005c005700500053004f00460046007e0031005c0031003200320030007e0031002e003100360039005c006f006600660069006300650036005c007700700073002e0065007800650020002f00700072006f006d0065007400680065007500730020002f0077007000700000000000 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}\AlternateCLSID = "{E436987E-F427-4AD7-8738-6D0895A3E93F}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}\Compatibility Flags = "1024" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}\AlternateCLSID = "{AB5357A7-3179-47F9-A705-966B8B936D5E}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\KWPS.Template.12\shell\new\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wps /t \"%1\"" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\CLSID\{44720441-94BF-4940-926D-4F38FECF2A48} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{0002085B-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WPP.POTX.6\shell\print\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wpp /n /p \"%1\"" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C172C-0000-0000-C000-000000000046}\ = "IMsoDropLines" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{74D13AA5-8894-4B69-BB24-61F21CFC8FDC}\ = "IKdeExtender" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{00020940-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{0002093A-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WPS.PIC.pcx\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\addons\\photo\\photo.dll,23" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{00194002-D9C3-11D3-8D59-0050048384E3}\ = "ILicAgent" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\KWPS.Document.12\shell\print\ = "&Print" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{B5828B50-0E3D-448A-962D-A40702A5868D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{50BAE224-485B-41C0-9619-FCCBF83CC76F}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{92D41A5E-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000244B1-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C030E-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{07B7CC7E-E66C-11D3-9454-00105AA31A08}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\KWPP.Template.9\shell\open\command | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\KWPP.UOFPresentation\CurVer\ = "KWPP.UOFPresentation.9" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{00024445-0000-0000-C000-000000000046}\ = "OLEDBError" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{000208D9-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WPS.PIC.pbm\shell | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000209A1-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{52CA3750-AAF7-4525-B401-F8BACC417C33} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{00024421-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.pot\WPP.POT.6 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{91493440-5A91-11CF-8700-00AA0060263B}\2.9\0 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000CD6A2-0000-0000-C000-000000000046}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{000C0372-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{00020991-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{8FEB78F7-35C6-4871-918C-193C3CDD886D} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{AF028401-4619-4271-AFDD-F480FA925186}\ = "ChartCategory" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{000244C0-0000-0000-C000-000000000046}\TypeLib\ = "{45541000-5750-5300-4B49-4E47534F4655}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WPS.PIC.ai\ = "WPS AI Picture file" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C0363-0000-0000-C000-000000000046}\ = "FileDialogSelectedItems" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{DD8F80B8-9B80-4E89-9BEC-F12DF35E43B3}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{CDE12CD8-767B-4757-8A31-13029A086305} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{91493477-5A91-11CF-8700-00AA0060263B}\TypeLib\ = "{44720440-94BF-4940-926D-4F38FECF2A48}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{0002443B-0000-0000-C000-000000000046}\ = "ShapeRange" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C031B-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{00020924-0000-0000-C000-000000000046}\TypeLib\ = "{00020905-0000-4B30-A977-D214852036FF}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{0002443E-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{00024457-0000-0000-C000-000000000046}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\PowerPoint.Show.12\BrowserFlags = "2147483808" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\.dps\KWPP.Presentation.9\ShellNew | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{914934F5-5A91-11CF-8700-00AA0060263B}\ = "TableStyle" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{256B6ABA-6A38-4D39-971C-91FDA9922814}\TypeLib\Version = "3.0" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{656BBED7-E82D-4B0A-8F97-EC742BA11FFA}\ = "XMLNamespaces" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{914934E9-5A91-11CF-8700-00AA0060263B} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000CD706-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{873E774B-926A-4CB1-878D-635A45187595}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C033D-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\KWPS.Document.9\shell\print\command | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{0002092C-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\KWPP.SecPresentation.9\shell\new\command\ = "\"C:\\Users\\Admin\\AppData\\Local\\Kingsoft\\WPS Office\\12.2.0.16909\\office6\\wps.exe\" /prometheus /wpp /t \"%1\"" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{00024452-0000-0000-C000-000000000046}\TypeLib | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C0353-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000C0365-0000-0000-C000-000000000046}\TypeLib\ = "{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{00020950-0000-0000-C000-000000000046}\ = "Row" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{F152D349-7D20-4C01-A42B-2D6DE4F3891C}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{000C031E-0000-0000-C000-000000000046}\ = "Shapes" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{A98639A1-CB0C-4A5C-A511-96547F752ACD}\TypeLib\ = "{2DF8D04C-5BFA-101B-BDE5-00AA0044DE52}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\WOW6432Node\Interface\{000208A0-0000-0000-C000-000000000046} | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Set value (str) | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000_Classes\Interface\{5A90588C-C066-4BD4-8FE5-722454A15553}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TestSignRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\Windows Live ID Token Issuer | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\FlightRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TrustedDevices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\WindowsServerUpdateServices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\WindowsServerUpdateServices | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\Windows Live ID Token Issuer | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\eSIM Certification Authorities | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\FlightRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TestSignRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TrustedAppRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\FlightRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TrustedAppRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\eSIM Certification Authorities | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\Software\Microsoft\SystemCertificates\TrustedAppRoot | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CRLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CTLs | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-1181767204-2009306918-3718769404-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe
"C:\Users\Admin\AppData\Local\Temp\2024-05-09_4043a9ea54c94b3bbf92ef312f004fef_avoslocker_magniber_revil.exe"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=asset_store.mojom.AssetStoreService --lang=en-US --service-sandbox-type=asset_store_service --no-appcompat-clear --field-trial-handle=4200,i,10373433614523925616,13586256558317053467,262144 --variations-seed-version --mojo-platform-channel-handle=4268 /prefetch:8
C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe
"C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe" -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -createIcons -curlangofinstalledproduct=en_US -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office"
C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe
"C:\Users\Admin\AppData\Local\Temp\wps_download\ca53b1e390dcdc2ae376a28532674862-14_setup_XA_mui_Free.exe.601.1114.exe" -downpower -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -createIcons -curlangofinstalledproduct="en_US" -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -msgwndname=wpssetup_message_E5857A1 -curinstalltemppath=C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -installregister sharedMemory_message_E58B8EB -forceperusermode
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" InstallService
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -installregister sharedMemory_message_E58DA9C
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -sendinstalldyn 5
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -updatetaskbarpin 2097152 -forceperusermode
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" Run "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\ktaskschdtool\ktaskschdtool.dll" /task=wpsexternal /createtask
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" CheckService
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" Run -User=Admin -Entry=EntryPoint "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6/addons/ktaskschdtool/ktaskschdtool.dll" /user=Admin /task=wpsexternal /cleantask /pid=3616 /prv
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s /n /i:user "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll"
C:\Windows\system32\regsvr32.exe
/s /n /i:user "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kwpsmenushellext64.dll"
C:\Windows\SysWOW64\cmd.exe
"C:\Windows\SysWOW64\cmd.exe"
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe" /from:setup
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" CheckService
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpsupdate.exe" -createtask
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" CheckService
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\html2pdf\html2pdf.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Windows\system32\regsvr32.exe
/s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kmso2pdfplugins64.dll"
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\\office6\ksomisc.exe" -defragment
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" /prometheus /download_lang_on_start /lang=en_US /from=autostart_after_install_onlinesetup
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe" /qingbangong /start_from=qingipc /qingbangong /start_from=kstartpage silentautologin
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -getabtest -forceperusermode
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /messagepush /PushType=mipush /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -getonlineparam -forceperusermode
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /krecentfile /init /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe" /messagepush /PushType=mipush /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=3432 --field-trial-handle=3528,i,15207497565761774007,9471184186793009607,131072 --disable-features=TSFImeSupport /prefetch:2
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe" /krecentfile /init /From=Qing
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=3828 --field-trial-handle=3528,i,15207497565761774007,9471184186793009607,131072 --disable-features=TSFImeSupport /prefetch:8
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=3116 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4108 --field-trial-handle=3528,i,15207497565761774007,9471184186793009607,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=3116 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4196 --field-trial-handle=3528,i,15207497565761774007,9471184186793009607,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=3116 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3864 --field-trial-handle=3528,i,15207497565761774007,9471184186793009607,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe" Run -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kdocreminder_1.1.2021.136/kdocreminder.dll
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe" Run /InstanceId=wpsdesktop -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kwpsbubble_1.0.2024.3/kwpsbubble_xa.dll
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscenter.exe" Run -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kdocreminder_1.1.2021.136/kdocreminder.dll
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=1984 --field-trial-handle=2372,i,10507066407987126057,7707951872354157368,131072 --disable-features=TSFImeSupport /prefetch:2
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\promecefpluginhost.exe
"C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --mojo-platform-channel-handle=1996 --field-trial-handle=2372,i,10507066407987126057,7707951872354157368,131072 --disable-features=TSFImeSupport /prefetch:8
C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.169\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xNjkwOVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=5408 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.16909/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --enable-speech-input --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3100 --field-trial-handle=2372,i,10507066407987126057,7707951872354157368,131072 --disable-features=TSFImeSupport /prefetch:1
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wps.exe" Run -User=Admin "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -regpdfwspv
C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
"C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" LocalService
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
"C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe" -regpdfwspv
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\pdfwspv_1.0.2024.3\pdfwspv.dll"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | wdl1.pcfg.cache.wpscdn.com | udp |
| US | 8.8.8.8:53 | api.wps.com | udp |
| FR | 90.84.175.86:443 | api.wps.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | 86.175.84.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 2.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.84.16.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| BE | 88.221.83.235:443 | www.bing.com | tcp |
| US | 8.8.8.8:53 | 235.83.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | params.wps.com | udp |
| FR | 90.84.175.86:443 | params.wps.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | 157.123.68.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 21.236.111.52.in-addr.arpa | udp |
| FR | 90.84.175.86:443 | params.wps.com | tcp |
| US | 8.8.8.8:53 | abtest-api.wps.com | udp |
| FR | 90.84.175.86:443 | abtest-api.wps.com | tcp |
| US | 8.8.8.8:53 | movip.wps.com | udp |
| FR | 90.84.175.86:443 | movip.wps.com | tcp |
| FR | 90.84.175.86:443 | movip.wps.com | tcp |
| FR | 90.84.175.86:443 | movip.wps.com | tcp |
| US | 8.8.8.8:53 | 77.190.18.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dyn.kingsoftstore.com | udp |
| US | 44.241.73.87:443 | dyn.kingsoftstore.com | tcp |
| US | 8.8.8.8:53 | 87.73.241.44.in-addr.arpa | udp |
| FR | 90.84.175.86:443 | movip.wps.com | tcp |
| US | 44.241.73.87:443 | dyn.kingsoftstore.com | tcp |
| US | 8.8.8.8:53 | cloud.wpscdn.com | udp |
| GB | 18.154.84.11:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | 11.84.154.18.in-addr.arpa | udp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.154.84.11:443 | cloud.wpscdn.com | tcp |
| US | 8.8.8.8:53 | 29.123.145.51.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ai.wps.com | udp |
| FR | 90.84.175.86:443 | ai.wps.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | dns.google | udp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| FR | 90.84.189.232:443 | tcp | |
| FR | 90.84.189.232:443 | tcp | |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| GB | 18.245.162.69:443 | tcp | |
| GB | 18.245.162.69:443 | tcp | |
| GB | 18.245.162.69:443 | tcp | |
| GB | 18.245.162.69:443 | tcp | |
| GB | 18.245.162.69:443 | tcp | |
| US | 8.8.8.8:53 | 232.189.84.90.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 69.162.245.18.in-addr.arpa | udp |
| FR | 90.84.175.86:443 | ai.wps.com | tcp |
| FR | 90.84.175.86:443 | ai.wps.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 104.16.84.69:443 | wdl1.pcfg.cache.wpscdn.com | tcp |
| US | 8.8.8.8:53 | ovs-activity.wps.com | udp |
| FR | 90.84.175.86:443 | ovs-activity.wps.com | tcp |
| US | 8.8.8.8:53 | 214.143.182.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d19a1mtic3m6gl.cloudfront.net | udp |
| GB | 18.245.187.6:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.245.187.6:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.245.187.6:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| GB | 18.245.187.6:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| US | 8.8.8.8:53 | firebase.googleapis.com | udp |
| GB | 216.58.204.74:443 | firebase.googleapis.com | tcp |
| US | 8.8.8.8:53 | 6.187.245.18.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.39.156.108.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 202.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 200.212.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| US | 216.239.34.36:443 | region1.analytics.google.com | tcp |
| BE | 64.233.167.156:443 | stats.g.doubleclick.net | tcp |
| GB | 216.58.204.67:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 36.34.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.167.233.64.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 67.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | d19a1mtic3m6gl.cloudfront.net | udp |
| GB | 18.245.187.6:443 | d19a1mtic3m6gl.cloudfront.net | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | tcp |
| US | 8.8.8.8:443 | dns.google | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\pl_PL\style.xml
| MD5 | 034f37e6536c1430d55f64168b7e9f05 |
| SHA1 | dd08c0ef0d086dfbe59797990a74dab14fc850e2 |
| SHA256 | 183a140011774d955e9de189e7a1d53cb4128d6abed61c7bfd5994268ee5f384 |
| SHA512 | 0e1911c882152a4e1059a3ce1880d7fb2aed1e1e36cbd37055de2e2a1333acb2a0233ba2a4d969ccebbef1e77809aa5e78807aa9239545beae8c548c0f8f35c0 |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | 958fb5d02529597afcd0d1a6035db030 |
| SHA1 | 4901145dee5a7d28d20ef600db5f520aac848fe5 |
| SHA256 | df29a08f94458e41f14da0d9adf78648da131ff6496d7ab295d446f2b8270da0 |
| SHA512 | c660e99afd19e2db5c81b54cb43d90662eae153973099af6fee7b5440c021d2bfcc6c539898b5f7eb2347b0be70f5d137b9d9edb9e7196b8003c7d6f719c0d2e |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | e701c560e01687ac621b2e96f0d5a95c |
| SHA1 | 0e155eebfdaf7ef21aeee03d5388e75c30523c3c |
| SHA256 | ccc03a551758847edb2037aeb24f708c6747af2bcbbcd93ad62cf8cfc28d0e0a |
| SHA512 | 08ee309e9dcec224aa27afd709ece27c1cd0a3e4561847ccfe73c58a04d8b687e207872ad1616feaeaeb80d30a6c61cd6ab7cb260228a56e2fc214ba4c503d7f |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\product.dat
| MD5 | e568b6577db690b099db51338853f0be |
| SHA1 | 2d24319c334b6319bb19c580f537e6339de48bc5 |
| SHA256 | 257f1947e656eced86713f72deea7261afe30bb07e9c4f109ea29a6c2df63f16 |
| SHA512 | 16cf5f031bd8a3e1998b350913d7963140c95ef75e8cac2a5f878a9d3c80691fae24463ad9af64a426fe97dc78a0f51edf75b4a92429191c0809bfcd0f0aefac |
C:\Users\Admin\AppData\Local\tempinstall.ini
| MD5 | c38481658f9149eba0b9b8fcbcb16708 |
| SHA1 | f16a40af74c0a04a331f7833251e3958d033d4da |
| SHA256 | d0d73f49bc21b62fe05c47024d69406a3227da0f6b4ffe237726e6a031f188d2 |
| SHA512 | 8f98d62f88442b8ef94aa10074e35aa8d9494f3c76ce8b143ca0bf7fa0d917f3175212fbcd6e7b0597fd0ec0e1b2827f157135512fb01c88218d36e2f7dd73ce |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | c6d0b55760f9fc57e8b7db4ce772d98d |
| SHA1 | 25c820327217206fd6b5967d03dd3d8a53eb89f9 |
| SHA256 | 9371c6244b5e0e854db980b33fcab149448a22472f9e206b802d6561f5f856c4 |
| SHA512 | e800315888cc059cbe3c30366d37a4b8c227233f3f185a0414ac0bfe1062f0a4e24f8e48ff648ca623a91c82815d01b5c2ea0cd80a036c5d6234ea7116730b55 |
C:\Users\Admin\AppData\Local\tempinstall.ini
| MD5 | a9519168ca6299588edf9bd39c10828a |
| SHA1 | 9f0635e39d50d15af39f5e2c52ad240a428b5636 |
| SHA256 | 9e87b2ff306efedf7bf1074749b4602c332bc825aed80721eba19d5f544d2ec3 |
| SHA512 | 0607eb1f5598320961fbd8ef75beeb1b6dc1af3cae7eeb5ba352f3e2a2edb25e1d9e68fb46c24e4299957352c0c906314c889c2d1092437eccc1d1a0485f3557 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\ucrtbase.dll
| MD5 | 2040cdcd779bbebad36d36035c675d99 |
| SHA1 | 918bc19f55e656f6d6b1e4713604483eb997ea15 |
| SHA256 | 2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359 |
| SHA512 | 83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\Qt5WinExtrasKso.dll
| MD5 | b3843e058782a993918045cb73d84e25 |
| SHA1 | dbbc24f2da2e5b9b94a00aa41c08935be184c12d |
| SHA256 | aa696dc9058ed7987675837be2601edd28306a42153d5112dacc9b156a1fceb1 |
| SHA512 | 3c237aa06409d774f6bbd3aa1116677a39f5f8f166dfcfa2fecab9d266f5b247bb9d2d623ce780631f857366059ce204912c039c7b5352cd2d5a7cbfb748a10e |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\Qt5SvgKso.dll
| MD5 | 74f1aae0ad9c77088879f0f068603b14 |
| SHA1 | 4dc66aca99fca616801e7e1e08eb61e87ad65ef0 |
| SHA256 | 6bf93e0575acec1c1bccf7e4d33a4c9a4f12c51811c41ed695115bcc60081d4f |
| SHA512 | dcabee00b11db242552827663bd8eaba89bb94e4ed2f02793467c21630124074acdd1d55682a56d9b5875b3626ccff99cbab666ebdc8820d1bd4d058ce1ca029 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\msvcp140.dll
| MD5 | 5fd0772c30a923159055e87395f96d86 |
| SHA1 | 4a20f687c84eb327e3cb7a4a60fe597666607cf3 |
| SHA256 | 02c7259456eac8cbadfb460377ba68e98282400c7a4a9d0bf49b3313ef6d554d |
| SHA512 | 132a9b969104c0a214bde3f8c6e8f754d116cecdad55224bbea7a40cffd98f4e4de503d83d92cca0aaab9ed51c9efa00ad5caed69a9eda71013598a43b161c3a |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\vcruntime140.dll
| MD5 | e51018e4985943c51ff91471f8906504 |
| SHA1 | 5899aaccdb692dbdffdaa35436c47d17c130cfd0 |
| SHA256 | ff9c1123cff493a8f5eacb91115611b6c1c808b30c82af9b6f388c0ef1f6b46d |
| SHA512 | 2fe5ddad2100aeaea35398384a440ba0be169ef429f7e0b69687bc0f8865df41bc93fc80d3a8f0ddd9df54fc2f2d76b1056a1d1962d37432704c818128ffbd74 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\Qt5CoreKso.dll
| MD5 | 8104fdcc2caa3b42b140d8498eae6cfe |
| SHA1 | 1413352da713c786d1ff9be2eddda36a8245a8e5 |
| SHA256 | 5a3ea2eee0535589b0de2c1468891c2285570136257261eb50c2744bf5d8fc9e |
| SHA512 | 20f83309437afc57bd4ef58d48c54c229482fd10e3b0e7e93bc8ec637dabb6ce7b6ab67942d97a35b0ff7c8694d054fa3f87a0050c04678509be99cddfaaf675 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\Qt5GuiKso.dll
| MD5 | cd71405fd88a13daeaadc9122878f294 |
| SHA1 | 2eb6ca95ede0507b7fd0fae164b34cebb61dd639 |
| SHA256 | 39963edad28df386ae535070b20371a5ba4de445912df1b1cabff915c82364cf |
| SHA512 | d573962fd3f15f6701477b328d3395a5e4c78fd847e5e7123ab7d58d5e3d51d959765f16e6848fd879e0c527ccdb115aa312074905380a3ac4881dbaca316fe6 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\Qt5WidgetsKso.dll
| MD5 | 4cf25152e7fdc3863d35ab01ed7e5f95 |
| SHA1 | bcf5d327cbd6d6b3903d47c63516d81f56361229 |
| SHA256 | c70e1ad07aa161eb6dd42fe5109c910ea358935c653c0082654f6810df844b5f |
| SHA512 | 706d2edb3c9f4a32554cf07d5faeaa2b7aa8d22f0f0c0076541efd73e093387dd264026dcbae7b790cafd260257288449048df7b277f8407278bf127da669a14 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\kpacketui.dll
| MD5 | 74db79ac13ed0fff6188bc715c885d1f |
| SHA1 | 550dc1e295285ff5b9f0af44bdf7df6504c08de2 |
| SHA256 | ea52c2e5a544634cb9c3af20eb4ef25cc6d572d606e88c7427bfbfc7f3706aa2 |
| SHA512 | dd7a2d90bfe6103e0aa72eac8e5669fb6a18d0b88fb5da5ec42002ff2f5bdcc7bf733f1d3ed6b64e74f109eeb8463cc6a176cff30520f899729ce0e0bfe9f52b |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\qt\plugins\platforms\qwindows.dll
| MD5 | 9f471c987bb028f30b5a51ca83fc5586 |
| SHA1 | d91252f67c70e1b17138133c0d31463da1184176 |
| SHA256 | 555c000fdbddab11c017da8055f58169a55f8772dbac78ca8e4572a6553db071 |
| SHA512 | cc42fdb7ff0d20f485e9d5bcf7df5bf3b79e626ef44c3cae23e9179cf97b197564cb73fa4f2521495f95a3e337c1f0d533f6d3f2c36900a84dc2f546ef5e9474 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\qt\plugins\styles\qwindowsvistastyle.dll
| MD5 | e128074d836e990fa6e8c20c16598f6a |
| SHA1 | 16c786082777f3f80a486d2303360e06f63ed599 |
| SHA256 | 88910fcdc54e2a80a7ec124920cf0af8ee1221480c2ebfd181555ec6e6a9088d |
| SHA512 | 82e95748595102467b0248a7981137e269b8c6123f5383eef40017a0fe41141d59156a6b48bf6d574ed60d8d7929a9a9f34ccb8e07e5089af4ca100a9b765526 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\qt\plugins\iconengines\qsvgicon.dll
| MD5 | d2a04dc52ea4ffcadb4881c9c120b9b3 |
| SHA1 | 5ff9b4de60e3868697d81fb910b373c7c0a7c4a5 |
| SHA256 | 271815def5e81d60dce20a982ad9cec1dc08fb43bf37a29c1266a5a367e5f3fc |
| SHA512 | 3ef40bf306275ff0202d24209274f7a00acf268763ff3e7d5abd81c84b2a398701a2b317aa00e67316b74aef734e11edaeb3e08fa2adeada77e6663cf143bf2c |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\qt\plugins\imageformats\qsvg.dll
| MD5 | 6dd89155cc60c5daf2bec34971d45f56 |
| SHA1 | 5c550dcaa072296d7697947e15daa629b78fae6f |
| SHA256 | e32f73979f372cb76088df4ca8ee621ff9f853352d5236ee14854868212b601b |
| SHA512 | 9896a47418e15b13902cf5300f9331d818d94708f76949f56c28bbecc241e1c0aa153473bde30aa723381045decd01bc375ccdee9b07e00a31dbafa1f51cc961 |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | e46f1a7908c83e116503f44f698e27b1 |
| SHA1 | ca4e4fcdbb815de66797bda5091111139c93c673 |
| SHA256 | 5c04bfeaf11d8577872c0b8203c67301157a3e60b29269a6498f1fccc46906a7 |
| SHA512 | c2ebfe3944da340e52505a58c3afa93569e056fc14b233e333506dbf8a049123a786abc8823f2161a70ef369c69eb432ef307b8e1721a8afa00e7e1c0c533a3b |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log
| MD5 | fb42ae50428830da2dce989a1298abd6 |
| SHA1 | 995726fe756909c40aa34c8923fecae41725ba13 |
| SHA256 | 1f4d56256b7839719849ee570f6da4d1df9c6c990e2cbfa26d3ff8bb99bb9971 |
| SHA512 | 2c2541cf3a1dc8adb0a5ce863f1fc7cb6d4edf358cc7563603a6c110e8690a588d1c2801b952438d368868323f393d00da5bd8328cc62d732798400d656e92ba |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\mui\ja_JP\resource\splash\hdpi\2x\ent_background_2019_wpsoffice.png
| MD5 | c5ad1903526a9ca4c2f55cfea1e22778 |
| SHA1 | 9c7b9ba9100a919cad272fb85ff95c4cde45de9f |
| SHA256 | 5e7ba996d2331f37b9799767c0fa806cab9a39fea434796ab08dcaf39096e334 |
| SHA512 | e482142e81fbe71666b40f7a2c53702b4278436a0240e0f56200443cf4235d9942cccc3545cc01486d53a0972be553cbf93442e8b05de7b4fcd1fe8a4ec16bb4 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\qing\mui\default_xa\res\clouddiskhomepage\static\js\pt_PT\history.js
| MD5 | b4b4c703bf5c6c0b5e9c57f05012d234 |
| SHA1 | 929aee49e800e88b4b01f4a449fa86715d882e42 |
| SHA256 | 910eada285d4900ea8e36faf305f731cfb200b317ea866839f5f4864a9dfc09b |
| SHA512 | 2afa881ee2f47e97249904b506cf88d68a34c166d9dc0a603f68369e640336f2c0b424ecb7b23d4631a96e175b965478bfa4ebc0224b0410551e55ac4c8ad0ec |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\kwpsaigc\mui\pt_BR\kwpsaigc.qm
| MD5 | 2b42be10ddde43a0b6c2e461beae293a |
| SHA1 | 53888c4798bc04fdfc5a266587b8dc1c4e0103f3 |
| SHA256 | 984ebeef80f6f50907afb92e5b5ae72df49fce045552c118a77a8887cc98e19b |
| SHA512 | be3ebd02d37de367200696351fb5f9cd0ec4c206c3a33f281cb8b62386457a30a899322798c63a0d495577393e47258994feb7f8e2445645f552c2b7a2de6778 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\dbghelp.dll
| MD5 | 3579da0e10644a74953f6158456b7793 |
| SHA1 | 75007a9ac779d65dab95aeb8166b328d7f542af2 |
| SHA256 | 520279e5806416e7f64809eaf0c6570d04e5c4d2e9ba912b53f7288639a5dc19 |
| SHA512 | 8f46bf067495ea812ba515b820537dc39878e1486259365a414ed05fb47e28473b13cc2c2a939c772c1ef34f551d9b003445b6bd0210621a8d1dd8aeaa16df80 |
C:\Users\Admin\AppData\Local\Temp\wps\~e5854a3\CONTROL\office6\qt\plugins\printsupport\windowsprintersupport.dll
| MD5 | ec662568b9acfc2930375dc40935823c |
| SHA1 | d055469955e8c947cdba8063be36524ef29f78d0 |
| SHA256 | 4c51ba181dff507f1b495e0a2c8ccad469b5a4eb51523e18ddb3a0b886f2300c |
| SHA512 | ff9898df75781f91a443460161ac591f04e23f566ca85628ea9ce56a2ba15761ef4e6c23e8952371529efb9e96e4ac4aa16733ea710d1cb65fa2f450171f8f0b |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\qt\plugins\platforms\qdirect2d.dll
| MD5 | b120a3c32571f1ea2da38aa7bc3fb65f |
| SHA1 | 652d1cc2759e96df7c668b78501a609af5a6a045 |
| SHA256 | 23168a629ec4bd8ab76ef93d32318d70643b0b7714f5be9534190075232fce49 |
| SHA512 | 29283cc3be5f7609f921ef721366f55238456c8c0f574af30c65f6fb266ef699e09316aff5ec6d14b31090ad7f0e6d516d18f9a144df8317b0df0d71e81e7dbf |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\utility\install.ini
| MD5 | 1cf5ce2a10c28fb4019916ea9440dc96 |
| SHA1 | e419ca40810f42a9dee168db832ddf0c8ea67028 |
| SHA256 | f8cec5ee25dca1bf99e0195e8ddb4413bb30b609a37922766d3d66f7858f9e00 |
| SHA512 | d55c8934cbc4b5eb853d41c9dc005c976ea856047c956b2af4ee7df5aca38adadbe6547b3b7b7a86548600c17f1f911fd04c7d89cb41a8144e3c916420a8a866 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\utility\install.ini
| MD5 | 183330feb3b9701fec096dcbfd8e67e4 |
| SHA1 | 2f43379fefa868319a2baae7998cc62dc2fc201d |
| SHA256 | ac4f26a184114522200169c5f57a0af4498a20d19b7ec6def14dd2c6413eb475 |
| SHA512 | 643cc197456f15da6ddd6eb904f2b25ad4236a24310d575958c0c8e457a33167e748d21184162502a295fa466c031a837511d4d5348fd67499ede1b60065c471 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\cfgs\setup.cfg
| MD5 | dbc1484d0462d1a98710e28a3b95cffc |
| SHA1 | b4ae98e6deac3f30bfc3890a50965db915420ace |
| SHA256 | 97574de78587e809699ffa12b600d17a31cbe9458d658b8507f6e200d42775ae |
| SHA512 | 998df8c85d5a4b79e77e125d09c96347e41beff5280153dadd105fede9b479144436dada7354636de0192887cee49d51c927ccd3ed1eed1fc9e376af1936b7ff |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\cfgs\setup.cfg
| MD5 | 7d78a2449b45fc839f125b47b637bed0 |
| SHA1 | 29528d84082fe773bbd0570629437ce66d9125d7 |
| SHA256 | 45cff35c455d94d3832155bd0f7725d7f2734818e688258f033576d0e54cd5b5 |
| SHA512 | 06b74bf4c906c029b3005ba600d02bd7815b4b14e4795548a89ead1669cd87a83ad00a4f4adbdb5414f73db1ebd0697b0f91029fb07ed6894e9bcbf833263a03 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksomisc.exe
| MD5 | 75742bbf10df9fa3be5b48a5aa0b7a0f |
| SHA1 | 431d42986fd9d198c0edd3555991ad8b7be68822 |
| SHA256 | de198d6174ec79954964fbc1cf758e4e42f323615492540cce90d1f4432da226 |
| SHA512 | e5219a3ca7b4c9eb791128ca905b653cebfad4df751282ca1f0f28b5d026d5b24c420b4ee00c09e53106c6059e20ac9c2581e4997674accd892f5a76d05bc3ac |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\Qt5NetworkKso.dll
| MD5 | 890a5bf085167cf3aee0f4d57b7e05b6 |
| SHA1 | 1bbfe7ca2cf0678b433790289cdc7db57d68e36f |
| SHA256 | 7d16714b843343e370ec36bda4a058280ba3528636c57a085b168c979f1f48c5 |
| SHA512 | e44385e82c2a85a63d3860f590003d9d42d2343a78e9501541208363e3ff9c76f46bc25f36fb7f326b13143fd259dfaac71e49caa7f0edf02c35d1f479627c4f |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\krpt.dll
| MD5 | f5f21888065a3972afd5758c74ee54e6 |
| SHA1 | e4e96da5b12d2e5576500659e9196439b08f5140 |
| SHA256 | 2ba88cdca118999fa1f2e119de77d6324b16a0bd22997512d079d400cc6ef84a |
| SHA512 | 620120e00807775b1e3169389dd9baf26c48d3646f927594543055bebb00c81b81d4527549351ef7e7cccf8111d350feeeabbfe44ca434dd0ef57a7b2fb861b6 |
memory/384-4071-0x0000000037510000-0x0000000037520000-memory.dmp
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\Qt5XmlKso.dll
| MD5 | 2e98c97ebf1a60c666d5052f33df4e35 |
| SHA1 | f09d55a5658e5b549378af28d698364663091101 |
| SHA256 | 56b9e2981c0bdb628bb9b69c2266724695bdfcbbc0903528fbc6e7f415b1cf9b |
| SHA512 | 7687f06c3450b45d1c278b1630c00fb3a16f064ee1abc5a4026ccb90e19f2f2a61ec338653ae8b4a5629f2572dbe1c18a612628c71a81875cabe565aae2c3421 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\krt.dll
| MD5 | 8074812fd986ca2116c219e35f1c62dc |
| SHA1 | e9f72fad47ce94f3306d685a76483b013530916a |
| SHA256 | bd346ef9c4f0118b841e9d7d0eb49749cb81bd2b549365c9be394046d956be71 |
| SHA512 | 39332fd5084e497cd4998f6e18b3706f324d7b7f16eef7afecee126bdde28edb8d4897ffd204f4e40539001717bea2b08073fa2298dc3ef03f0fba6919cc24e8 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksolite.dll
| MD5 | 469c2a814a3bc35c804764de29d30a84 |
| SHA1 | 743c41835dd57a8ddf31ad0066ee07a541e21c27 |
| SHA256 | a04c4ebecf0dfe46bcd113726edb3ccb46575d655318283a88c02f75da6c1c32 |
| SHA512 | d08a0c990eb34fc58421e8f48c98d3c9a047814c73e46d71165e8beb5243191d56afa2179fac62da7ffd5555bcc22b447a4f6fb7595c6c66a8f80910b64439c2 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\kbase.dll
| MD5 | 313c37e93083938c611b550fd2eb0c84 |
| SHA1 | a6fae473ab22d163feadd942f1e91bbb41c7e4f1 |
| SHA256 | 502e848bed07fb2d9d8588cd0bfd38e349c6043f9bc44d23cf01e566db46066c |
| SHA512 | c5239971b447e2a4fc63c10f542c9927c1a72af2809d48a09ca9dafeb50d9f1a736c208dd187b34b5415640819594f4599b06c5a93f7815ca6e6c2fc668e01ec |
memory/384-4079-0x000000006F0F0000-0x000000006FA46000-memory.dmp
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\kmodule\kmodule.dll
| MD5 | 87536f4c2646d5ba680390c3bc0e8275 |
| SHA1 | c50aed0c57627ee498ae5a10c5b6d7e6ff78d78e |
| SHA256 | d7d4a28ee0fb1953375233d65b4fa1fdb0dc9c55d28bf1dd0829df1fab593142 |
| SHA512 | d2f52e97b22ec9e27ca8c02af177ab7fd8d68b139989ed62b6ebdc7bfd55aa906684dba142aa2f1100276dc83b97ab97d29677a95a15e1326da73022fb543cc4 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\kpluginconfigcenter\version.ini
| MD5 | 4df8397c19b21a4be4baea86a4c463fd |
| SHA1 | 54c376c37f4323253aa1a4b8594743203fd6873c |
| SHA256 | 69d7ea0ffbdbbc5dcb51efe9a4759a57d358440c90b26098bf94c956fa6dd611 |
| SHA512 | bbe417b01273606e27de267ae5d7dea3541767e581742578a35857823acb25b327f55dc77d33975a66d9d66162da70704a93a332429b9a850e4f0a671a28e6aa |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\addons\kpluginconfigcenter\kpluginconfigcenter.dll
| MD5 | e61c28b9cebd28c9475ca197f5ce818a |
| SHA1 | cdff3381444f178a1c42ec289cf72673f62c71d3 |
| SHA256 | 37ba2b6d32180ecd7bda9859e1c0b333e23f013f51d8da9cc89aa42a33335729 |
| SHA512 | e52007a4f5770553760511578ebdb7ad99d76484ec91005d00c03405197570b50c40537fcfcd30a7a0ba709e620fc499177d8b8578b80106df70fb096f8651ab |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\ksolog.dll
| MD5 | 0a684b21acb673e7e7e4f62a12698458 |
| SHA1 | 01d1240b399bf556abf8f8f50f7d94447013d063 |
| SHA256 | 3bdce9ad8bbf953217a8f5968deb12a056e04f351029d3a6288cf4d31e4c5302 |
| SHA512 | d049f53cef514c1ea5513fbd5174a7019d1e9f058ccc9d246ff1d1fd93a2bb577978c38ffa798a0ed3bb395556daf850c7be0784755c0236ddb0d5cc9e1fbc28 |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\qt.conf
| MD5 | 351fdc16f8e5ec3105aeb289397a06bc |
| SHA1 | 115bcf3e66703597ef4fb42acbdf3be37fff221b |
| SHA256 | b54bcf83fa006bf38dc845507e31dd5ae559ed68d45acc12ae1561142661a7d8 |
| SHA512 | 4cb802df20b51b5bac7ac78f983c191c9c81541204b7ee30683ff55f65694926d144b8003cc504e9c8f16da92ef5d17d5d904050e7915a6615f7c62abec38cae |
memory/384-4096-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\office6\cfg\onlineconfig.data
| MD5 | 399414494af9d9062c1f5d8a2cdfd373 |
| SHA1 | 6d5e24562fb818c83ffd6940d1f2c0797b67876f |
| SHA256 | d6722ffe62a6c0c635975a38b5a2cf593390e9ee52c72b1f778c2f5b49a1eb60 |
| SHA512 | 3285e12bfcb320fe0d3221812d10141f50d9e9d29b198008b43d8926f8b92262f854943246eac5bf046c878c1ff1166d1ef3c2f917844ba4cd34ec4625e1ee5a |
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\ksomisc\ksomisc_2024_05_09.log
| MD5 | 62404aed048868eee59f381e0cc79d2b |
| SHA1 | 46dbf3c3702e9b74bc1b08df718c0fe408627954 |
| SHA256 | a39f88af5062eed055e7768751488bd6816445ba52bdc0a91f0c5f1c72222057 |
| SHA512 | b6ade01415ba6d743a582a0d19f22195208eaf5e979b3b948011b6ce21ad124b55be3cf705134c33dd06bb9bfb44e331bd6cf4442be1d3d9e9e808acdcc34a3f |
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\wpscloudsvr.exe
| MD5 | 144c48713c3dcf8961602bc008bc0fa3 |
| SHA1 | 47fe6c8e5d35cda6092d2aa1ca119b3b097858e2 |
| SHA256 | 9ab28c6f66d8900a2f3b3d78c0f1ea6cc1abd55e86c17422c0632997800ac846 |
| SHA512 | 0209e683ca66750e9ba44e47da08a67017bf460e669e7d36998e5504ab8114c8004760457a503c447eb890a0e05fc82cc69b713cab4062a815176be3fb3721a8 |
memory/3160-4176-0x000000006E3C0000-0x000000006E3D0000-memory.dmp
memory/3160-4177-0x000000006E450000-0x000000006E460000-memory.dmp
memory/2156-4179-0x00007FF916040000-0x00007FF916050000-memory.dmp
memory/2156-4178-0x00007FF915FA0000-0x00007FF915FB0000-memory.dmp
memory/4264-4186-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/4264-4190-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\office6\cfgs\oem.ini
| MD5 | 223673e5e8d77083765b70ddf7a0f7f6 |
| SHA1 | 3b5c4d6304ed6ada0ec607f44a2aace24ec16126 |
| SHA256 | 9089b4fee2d7596812c52f11dbc9855ca5b2b1ff0a9dc237fe630722b10ddc82 |
| SHA512 | 62f5a40fc698de593bf29c3ab4d278d798bdc6e65693ca30f85506c95f408f17a00da048e42a23dd5702fe322066a87374cfeb0942d15f3fc791639aab924f52 |
memory/2940-4326-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/4168-4345-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/2940-4344-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Kingsoft\WPS Office.lnk
| MD5 | eb93ca3c82bb7c25f3d1ad74a07c3b8d |
| SHA1 | 7303ff6e6a370e8e0489dc70866d822401b1986e |
| SHA256 | 9325a53f21fcd756f900dec2b64bf44ab08d632d1306c75cdf351f0e701f146e |
| SHA512 | 514de2f01e3a92e98b6241c0551d6f7f4cd771a635b43383c02bcfc6b952f31324b422b909f6994669faf9984e48d7d016c1e997aa76e430c2d7171b29139631 |
memory/4168-4350-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/3616-4434-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/3764-4436-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/3616-4433-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/3764-4435-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\ZMD972MW1DM6Q8DKLU3T.temp
| MD5 | 65580603822fe29abf3029cd09f2196e |
| SHA1 | 2a7bfd261c68b2065a9339fd42a0a4d17f3ace64 |
| SHA256 | 47b607cfaa6fb013424c62baf5a2d12a72265226da5bbd50498ebcdf3ff13b05 |
| SHA512 | 6e634fff02e01542e60768e0cab4668ffae960edb885860162d12195c56bdda896e0d886937cbb749c2ee505f7259f5ccc71ce883b64286f9c7f9b15a430e385 |
memory/4448-4539-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/4448-4540-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/4916-4556-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/4916-4555-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/3396-4573-0x000000006E450000-0x000000006E460000-memory.dmp
memory/1792-4575-0x00007FF916040000-0x00007FF916050000-memory.dmp
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.16909\utility\install.ini
| MD5 | 4575dafa42048d7d0cbf2607be66036a |
| SHA1 | 31614b05ee0a24626fca02d95c0f39716d3f267e |
| SHA256 | 0801c8b80a4f94fb3659e57fa10c601ce6b98ebbaf33e9928c27dcba4b321803 |
| SHA512 | f48dd6ce186136577ed42bf16ad1265c04ba39de1d03b4c8b8166e7b644bc467aece4a351f4a440ba8b920ac9b384e533b9f696b2ad26ecb8b06f75a5ef29631 |
memory/3116-4668-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/4936-4670-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/648-4687-0x0000000072A60000-0x0000000072D4A000-memory.dmp
memory/648-4691-0x0000000072480000-0x00000000724EF000-memory.dmp
memory/648-4690-0x00000000724F0000-0x0000000072961000-memory.dmp
memory/648-4689-0x0000000072970000-0x00000000729CE000-memory.dmp
memory/648-4688-0x00000000729D0000-0x0000000072A51000-memory.dmp
memory/648-4686-0x0000000072D50000-0x0000000072E6F000-memory.dmp
memory/648-4698-0x0000000071790000-0x000000007179F000-memory.dmp
memory/648-4694-0x0000000071F70000-0x0000000072473000-memory.dmp
memory/648-4697-0x00000000717A0000-0x00000000717AA000-memory.dmp
memory/648-4696-0x00000000717B0000-0x00000000717D3000-memory.dmp
memory/4936-4685-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/648-4695-0x0000000071850000-0x0000000071999000-memory.dmp
memory/648-4692-0x0000000071A10000-0x0000000071F67000-memory.dmp
memory/648-4693-0x00000000719F0000-0x0000000071A04000-memory.dmp
memory/3116-4704-0x00000000722D0000-0x0000000072E7F000-memory.dmp
memory/2404-4706-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/2404-4705-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/2404-4716-0x0000000062310000-0x0000000063EC5000-memory.dmp
memory/3280-4719-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/2020-4726-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/3948-4731-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/3948-4730-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/4592-4755-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/3280-4729-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/3948-4732-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/4592-4756-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/4592-4754-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
memory/2020-4746-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\plgpack.plgx
| MD5 | ac0da90737a20a2a73b5df5ac2619c6e |
| SHA1 | 19c4382092fda4bc03398a36f9f498f09a67033a |
| SHA256 | 365a590c88cbf825e84b51f398007f05c5e8397e3903950f9860d04067b2ce9c |
| SHA512 | ef8a4b387912b879adf5ad4aef9259ae2b67c2dd62a1c8268cff0b1577e330113e16f55de0a23f3b61add3283c41d131703c0472d3828b0e0a0619d268f524d2 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kvipupgradepage_xa_1.1.2024.1\download.7z
| MD5 | d791a4c5021c3934aa216b9bf5b447d0 |
| SHA1 | f954fe837a9fda1f8172280beb2fe9b578a71a51 |
| SHA256 | 1af1948f4c1f6f753b3a920a787552a072d88c060b7fd3a834343f0dc9f2fbfe |
| SHA512 | 32b91c12d8922ab3dbb9735770e8533c3de84c9562c3725606d42d50b3acb97891eb65660c7bdd36684c7fabca07e054aa8b4b667b6f701213e33f08a187bdf2 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.4\res\static\js\manifest.js
| MD5 | af5a4ff62384fe67791d8cde9176ac0d |
| SHA1 | cf5aa9528fe795b75a569352466ad944652185c8 |
| SHA256 | 5d1122539ce1ae98804e216cbfcada9f2603fe4f86454b2b29e7d7448da97891 |
| SHA512 | f78a72b7ba06b257fec3a97bb62d20f7562212e995d62438bfe3d8181fe7f56c3e14194e9203e64b0e259a7cbdd900125f5f185bc8d736c881f8ca0e2920273d |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.4\res\index.html
| MD5 | 66bbeb8733bee0c788685880cc46acc5 |
| SHA1 | 07d104aa23fd4ad765095ea771667e1440ac6bca |
| SHA256 | faf96f1472b09c6eed78da690151b5b57133733e2f562dc6678602746a79342b |
| SHA512 | 2d919a92b2c425d0f08d609fd825de151c5ce54cd31d83405054fa84194c85568ba512af4f1b38136c12152764ae0ae34441f36b4f23ed5ae74438502b0d1558 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wpsoffice\plugin.plg
| MD5 | 90abe12bca7b280b363c545b461831bb |
| SHA1 | 422660560fdc23c93b3206bd863996d4d552c9a0 |
| SHA256 | 1dfe4c8aa454ad5ca6d96b32db5a886458acc95b1c693c8faede4ab229e17965 |
| SHA512 | 469de76962db937062edad100c225d5352d730f3df34549eb4835bbaff1a1e14019658a4d93fc9a1d2a85157e6b83b3007b956d71f5f8c930525b4165de92509 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.4\download.7z
| MD5 | ded028d22792f4a299acbd2d410e5f0d |
| SHA1 | 940944738e557237c0099117c635da874cf78263 |
| SHA256 | 20d84711493557b73f42b31171cc6840a8079248209768ddc75d10da46ab6bc4 |
| SHA512 | 28ff645f3e78ca9a88cbdaeebb47504178385627d1fbdf68b099901e8db3afc470251413a453c82e7633c232a7c4400789819213fe79e7e3518791775f8d54a9 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.118\mui\fr_FR\kdiagnostictool.qm
| MD5 | 62f3720e184f094c874fe0eab7f0f598 |
| SHA1 | cdd858a80bbd1268e7c5278ebe19c35659871d2b |
| SHA256 | bdf3b27cc070b3cd9deb9a5e2bea450382d6851723c266eb0d5f3db4798f5a14 |
| SHA512 | 14f532053b0272fe0c614de9b56bfd9ac85aee11e878e099531250b00f667d2428789e81b5ded64cbe51dc8e3e8e19d7cea8dc08314b1c0274de15fca17b92b6 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.118\mui\es_MX\kdiagnostictool.qm
| MD5 | 5afc7d8ba894df59c2b3f44726cfc2db |
| SHA1 | a21a7a8fd943455fa47cc5d950603bf1bc5a145a |
| SHA256 | 4824e414e29358d0011ad1195059bda195a90cedfbd4c0f07f8cdeb0e84dc2be |
| SHA512 | a9a040e0f3555f61094b42202581a262d29377d414dc6a87596a2bbe4daea8fa3bf2eb10ac52fa6d94a522d54f404e247ee7b272cb41acda898ed6734c8ed639 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.118\download.7z
| MD5 | 422a47b49c81c94a1f10078e376096da |
| SHA1 | b2454a1d09f83138c903d9502c32124d6360904d |
| SHA256 | 9b9eb4c2cec67ed2aa307ed978701ddc86f0b63ab63fdf9b3430a91237a5f59c |
| SHA512 | 2803ae66ca2a6b2e4a4881a1266c02048d8d4a86a9ffcd01696b4463d3a18846261877933fa4cff503ca984d59976effde7de0db830b96fa4267c4d41ebcfdab |
memory/3116-4831-0x000000006BBB0000-0x000000006EBD8000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdocreminder_1.1.2021.136\run.ini
| MD5 | da4b75c3d70c08be415e7b25abdc11cf |
| SHA1 | c84dfbb528a3c8ce94d068dfc5fbdf7d621d0225 |
| SHA256 | e93c62beee030970bf56bf0a3aa372ab0b155c1c3436173617c8c735024e8f36 |
| SHA512 | 0fa811055deed42a6cbc0f16f93da173718f4169ebf8d4ea125276c6225ba033c7644a68ee010250379b67a057e17e5cba6351deca067850ab318c505f49e491 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdocreminder_1.1.2021.136\download.7z
| MD5 | 31bdb9137432706b904e8dfcdccde030 |
| SHA1 | d26fd902b9bc1048731983854ac605e894075130 |
| SHA256 | af28e7d61a9b2467a78098341ca188626a90acfa0df4b8f81587d1c35f89a55a |
| SHA512 | 119341029755a087f45a32d3d94dc320fbbc7f599ba9ab20dad4479e1a08d24eb7799cdefcb47051ba835e7fe2c220e4e153a3d660b9a22e2a56cf82910e0280 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.9\mui\default\icons_svg.data
| MD5 | cfab0f157385566514db45630505743e |
| SHA1 | 22fd33d784d7e92ecde36c0bac58c7b0efa6bf01 |
| SHA256 | 80a03cc09cb0de9a155f9cff1f85b8f10dfdb89759944380da08ade1de6b9e7a |
| SHA512 | 0b5ce5bf919f8ad1f86d80412453ba578d240aaf817bab95e7cca50e9c094b40d6ade25ca33c5fe8b86fe74617a1944730bcf1e969e007966acf11d431d03a7f |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.9\download.7z
| MD5 | 820d0d38598cc67166dc5916e50843ae |
| SHA1 | bb5b07d1b80bcd21b48da146e9c910ef778293d8 |
| SHA256 | 7262c3145aa2940abe1b2f5bb2a3f20147dcfa8e6ee9fed3b001ef51a784ba82 |
| SHA512 | 599502b8285068af17647a843d38698a0f5469231da1d303996afda18200bc90538a7d91b0e7261917acaa00b2367f1471895dd851ac9052bebbf71e131d625b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\krpt_1.0.0.107\download.7z
| MD5 | 0edafbd62638a75ae8b4debc9fd0b3db |
| SHA1 | 814e953384ee2771bfcde0584b0f6f5691217ede |
| SHA256 | 3332953a07daf624094590bc8d2bf9d4ff1ec12c53a43a7310efa11c7cfb71e8 |
| SHA512 | ab42c6b7922f7137779417bdb5246ff660133f8d566a54fd067ecf787d27ffaee1d65704a4b9574a6fffede9b497b93638f558ff2689d375017d5b074ec88120 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kscreengrabapp_1.0.2020.193\download.7z
| MD5 | 3b91ab7795510566a0cb254022445a1b |
| SHA1 | 2894a929aaa08aafc6bc74278a1511cec2204223 |
| SHA256 | 223f4d92777f385e8ac9f8055ce1362bbbcfa525e36933605481abfdf8f48c79 |
| SHA512 | 53ac22c66f8883781d2904ddbc40d72fcbe9bfa586b5f4e1c083dc7ea45076ad1d2bfa9de2ce5e04b3c8bc9770f633249103761d7874e56662644d07cd502db2 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsbubble_1.0.2024.3\download.7z
| MD5 | 54079bd7a79b895706cb6ad73cc4c627 |
| SHA1 | 45068e27f84dcd16044f4628a020629d0360d8b7 |
| SHA256 | 355d005cf859c66b298bf475fd646c67ba5fc952c9f670f1b964714b24f197df |
| SHA512 | 94d65c7336e0e8597a83c633dd734157ed17d03f9317b9857141724af6b5948c20f82180b4127dfac6da3dadbb4d8aea7ecf5d23d92e87ed719a480a5b1a6c68 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsbubble_1.0.2024.3\run.ini
| MD5 | ad3a68e7d8c8bf2470282567d8ca7ded |
| SHA1 | addb5ab04165b4743ffb985918c08ba0a76a6eae |
| SHA256 | 27e743bc78f9a2862d822fc171789160905ee26545466f93052f8565aebd523f |
| SHA512 | c8e4b63fb79c365cb48a0ee0c4351f6f94da9ba8ce62f0b14d8ed45726ebaa478f581efb37e254e75e1c561f5ffa1d8985e867957c68c04b8eaaa2945e838505 |
memory/6084-5064-0x000000006F0F0000-0x000000006FA46000-memory.dmp
memory/5408-5103-0x000000006F0F0000-0x000000006FA46000-memory.dmp
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.3\download.7z
| MD5 | 87eddda6cfc1c6e1c86e1b3b371f369d |
| SHA1 | 7910a432cc964bc1e1be51e0cef2e986cf54eec2 |
| SHA256 | 4cdfc143513060130052f306c0a7cb93731967dabbbfa22cf892518bfb0a6d5f |
| SHA512 | c7bd1162cd851672e9f5ed21e8fb88d734232360be0433e98a82a9f04a4f35e2f59ced11716244f3f30ca021eebe111ef9b6e7df5eaa1c356ddc75f99445cdc8 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.3\pdfwspvreg.dll
| MD5 | ccd17aaa7644b6979f661e7c72fa077d |
| SHA1 | 9cfb25754ac4a4ed487ce6c4655ccc78b5aef975 |
| SHA256 | b5245881da869ea02155d4052eda1390339c87496da055f85c3985a912e0401e |
| SHA512 | 2199d618af0d3fc948f4c39700cc8cefa07ed75db29ec348c71c013678a9ec3befcdcc5c3cb1d804abca5df4c3e6aec10caddb29188f28fc27313d6609dc2a49 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.3\run.ini
| MD5 | 0d914e316c8fc542e5685b1598899979 |
| SHA1 | 52e575fc0c66b60cd79d29ae4486944cf06995b0 |
| SHA256 | 484e6146403c96eaeead06a97a8ed86d67334a9185bf009a44f7b1cbe5402e2a |
| SHA512 | 77ca461895bc65f31dd8fc5182dbed383804b4d3315e210bf65195776510bf9c09c11d87589796ec1bd272f67762e5ba28be4d64b8a58f2577cb6da79dbd7319 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\wpsbox_1.1.2020.213\download.7z
| MD5 | f3ff3c47ae68b0e6234b72d354ac191b |
| SHA1 | 26c380b44ad61b258a6de56c75c7f568d8c0f876 |
| SHA256 | cbac9ef94e6c6dd11019653c64bec6a3e6970779604555f5f77974258c214333 |
| SHA512 | 43f892f5172b03e4e7d8f3f3632012ca62a7cb104f26d7d746005abf94472eeff881087c1ca73483f1079f21befe321af7372c6e17b26bd77f8fd9a03935ed95 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Local Storage\leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspv_1.0.2024.3\download.7z
| MD5 | 3303884fbf771d8e3dd645bbc8bd76cc |
| SHA1 | cef8fe59d3161645cec87eae5d8d426604e4f2a2 |
| SHA256 | 77756cc9c3fa51ec2bd20a39f9c3ffabfb152ac4dd285bf8befae228971f7cf1 |
| SHA512 | 053abe0567cf8e99c49b9bf3395dd5e8db1c360dd4805c516c9c97ebe0532b0a9090e6fc2f41fbaa910fae21e594d2850729dd527b72dfbbceb53e479f874b62 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspv_1.0.2024.3\pdfwspv.dll
| MD5 | 4c6221b526433ba802635e2fa0d53ff2 |
| SHA1 | 059bf2b126ee3b901b7a9dee8b53c7e648cc5ebf |
| SHA256 | 300994947e4af25ddcea546e285f9d35131e7efa0070d9855d873646d4a73177 |
| SHA512 | b1bdfd321ca6b788948383902b9f317bb46a8abfffc4fda29bfd51381f96be9af35274ff7d62c761fb83b09a05e2bb179df6817fc631e67a315787b86f4b31f0 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\photo\plugin.plg
| MD5 | 4f1d6ac2c1e920761c52a2d9c0a872e6 |
| SHA1 | 86c6daaa12c5b36dcbc333fd7f5cb0be7c7c936b |
| SHA256 | 6326a5629d8be738d11ec54e5127a32a06d989d62a72afe9546a665a81c04379 |
| SHA512 | 94da0cd58e660fb1caa1854ff70035b447eb6a24c2887eaf729b19c7d207abf1005adbefb4d0503aa0d4217f2b709e183e7d425e115da681d2fdc9cc0cc52a6c |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wpsbox\plugin.plg
| MD5 | 2590ea571c92102a87bfdd67ea4c2198 |
| SHA1 | 05cac266ea786c20b033d2d4e47bd52b44743868 |
| SHA256 | 497d08eb919b25ec696d8cedeb37dd70438e963a3876eddbce65a5c3d6b38d16 |
| SHA512 | ab877c22d0f48f4a06f05fc7cec9717cc992d5619c97809e0462640b0e60c1c49e19f2a897fbd0964cff175008ee9d11ae02c820b2a9bde68e03a8250d8fe540 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wps\plugin.plg
| MD5 | aa556ae2a76725f3ef5655f16ab478f8 |
| SHA1 | 0dde21b78e390181d3233d74946913703f336dcf |
| SHA256 | 854794ca8530d34479cb8205f16749006ae285c7d2dfcb2cdf98b41a880122eb |
| SHA512 | 8a6127af209b1590761928bb9043eb7975588ffbf2ab4c5b1ed5a3c4e6fd71c266460f661636af8f0e4de3bf5094985d3b8dca061f940d296a61403cff716afe |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\wpp\plugin.plg
| MD5 | 02608cde8b78360e28afaeea1d19fc68 |
| SHA1 | bf726db0557421384fc8471e736b1ae77606f58b |
| SHA256 | c76636ad3595186c5ed8b2720ba266b5d4ce7d4914de5f47ce7e8e55a0d00502 |
| SHA512 | 3712c4f450ecf188f0460cae48ed191897d61390d3c46c1b834cafba8ae5102aeba6252f473af6cee2eff3c28f790c9030a4bfa3832379e56edee29a943e117e |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\qing\plugin.plg
| MD5 | 1ff60a068f44142fa3224b08b945678c |
| SHA1 | 42e2a481ab3443a2b69bc95dd36777f45f2ebbf2 |
| SHA256 | f3a2fff28be165f85dccdb23ff7d5b252d4498dcfa2db604cec8481dffe799e0 |
| SHA512 | 6082e3b8b9fdcb3ec83cc9aa16b7fcbd320dd18116f3bdce948de50d8504a824a33490472e418ab165dcb2b61bcd030dd5a8cc92ac79decd199ca78288914315 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\pdf2word\plugin.plg
| MD5 | 1d0fd57efa2cd6d7db0078b3cb6fa54d |
| SHA1 | 3da7bfb85e030fb1e137a3fc006b5e630e3cf594 |
| SHA256 | 3cb7b3a5d576b96f4cec9a0168570f494b77336a55c9123ea1deb7986ca8aa2f |
| SHA512 | 5633d8e1a1e60c213ebd804c5292d635119dc044b2adff91805011d4bfcf1da5ae962544684ad96eeed3a8a31a82d3ee00c026a5f0abb65e8711a7d1e2aac767 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\pdf\plugin.plg
| MD5 | 0610281e36fec15f6d9c5b757a6fd2c5 |
| SHA1 | 09eda1eb8d6f95f8ba607f02f1af227bfed887bc |
| SHA256 | 365d5ec6366728883fa4509e7b937ae0a575174f0924aa041c80562dc9bbe65e |
| SHA512 | bec747070281958f0e261dd9add3e2bc90df23bc7792249bde1f7d7d52dfb1c481719ffd3fc5a0acc75b4d20edc1059064afda71aa135aab7ebe1ec4c4f17dfc |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\kappframework\plugin.plg
| MD5 | 773c95535f7eb6a316b5ad63a15a2449 |
| SHA1 | 7fb34309f5f5bf1fb769370f5bde00091e6520ac |
| SHA256 | ef7a43d0cf98859a7418b8b2f65ee1a140dfbd608fa39d714786c64968d214af |
| SHA512 | 7137edccff0eebeb8196a3e5cf94c69d821a1bd566fa8b0649bcff17a12fa013212e609dca9b05346142e91b427825d3657489928a1affd46e046c4d77a5454b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.16909\et\plugin.plg
| MD5 | 1c97e9eb8c02d24e794c4826339cde61 |
| SHA1 | 419d0e62b0828b9f45d4589abf6c7938d8c4618f |
| SHA256 | 71f5db321dbf23853ceff4aaf2139987da07617774353e405b0b3532b6623c9a |
| SHA512 | ed95918d92c95b1c41368f0c77d4662ab4c1f3139d9ed6ea689660530fdaa506bb81920cd02ea16768c902b8965f70255bad0a5006cf08e2761a35d6fa7c3af6 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Session Storage\MANIFEST-000001
| MD5 | 5af87dfd673ba2115e2fcf5cfdb727ab |
| SHA1 | d5b5bbf396dc291274584ef71f444f420b6056f1 |
| SHA256 | f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4 |
| SHA512 | de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\premiumcode\element-icons.woff
| MD5 | 535877f50039c0cb49a6196a5b7517cd |
| SHA1 | 0000c4e27d38f9f8bbe4e58b5ce2477e589507a7 |
| SHA256 | ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17 |
| SHA512 | da269b20f13fb5b0bb4628b75ec29e69bb2d36999e94b61a846cb58db679287a13d0aa38cdf64b2893558d183c4cc5df8da770e5a5b2a3288622cd4bd0e1c87b |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\vippayment\assist\base64.js
| MD5 | 12477cb6bc99f90086f05e54ea7dcbe8 |
| SHA1 | 4009eefda873514a6579830888d5f12c50d7b3de |
| SHA256 | 6520eca957e8a4d7e68e0dfe17f1cea9d42c6378962f454e7a911ff32e5e6248 |
| SHA512 | a7a16f935d71f60bb382622ff781a3cef234865efbaef62ee268163a416bdd9ea285f33c843fb729cf8b8eb6d18a81de5311b01d19b48c998b08d79f29e59d13 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\vippayment\main\img\loading.svg
| MD5 | 544223e85768fd134633a1af9d5bf536 |
| SHA1 | 5536a0023ddbfb2ab67e9ad8ca4d38c60f413b9a |
| SHA256 | a3df9710c7e09fd8cffc14bfe45f5a1576deb1846ced44e5050b34caf5527049 |
| SHA512 | a5cacba054d41af8efd607074c02f36ab731b5d6bc9ffd3bd7ce6b09a4af09b31e29359eb965728d2a00849467b1af66e16186a0c07b4415b3b423a5ea4f68ca |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\resource\premiumcode\element-icons.ttf
| MD5 | 732389ded34cb9c52dd88271f1345af9 |
| SHA1 | 8058fc55ef8432832d0b3033680c73702562de0f |
| SHA256 | a30f5b3ba6a48822eae041e0ca5412a289125e4ba661d047dae565ac43b4a6b2 |
| SHA512 | e8971ae48f5287d252f5b0a2d0516091bef0d2febf7d01fd7b435e426d106fea251037439ec42c2937e934b66f38e5eb43d00a213cdf334f482f4a06b1817f9c |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.1\download.7z
| MD5 | b940bcdf5973099a51bfe448a9ead54a |
| SHA1 | 4c1b47814c8620283b372d476d264209051c9e44 |
| SHA256 | 76b12ee03d41b2957ba52a0c7a64de8022c048ad9eadb13b4c99ff08955ce085 |
| SHA512 | dc900f0a694d09e2d0cecb0082105df9e9dcd7f7cb0564db5983d8c4977f7f9323ea6dd565665ccaafb60b5b448c38f2c45ef64af4dfa55a051a263623ccd295 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Network\TransportSecurity~RFe59c5c7.TMP
| MD5 | d3a56b7bd2241a2e3a58b74789ebb640 |
| SHA1 | 482035af8f7766377b0bb6411d87156fe1351a0e |
| SHA256 | a0e3ebd45f454b0f8f362981f13e8a77aea93b191fccd178152f58b064420045 |
| SHA512 | 0fb27a0847ea7f8c8907adcb9ad1f1d97a72929305ee25e2949f711b0f734d24e776c7c57d2362bec6b80d21611a206177ad2a831595ebe1143e95386f6f1076 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Network\TransportSecurity
| MD5 | d0ef7ce1511575feb5c6cf37d636a088 |
| SHA1 | 8f3e0acd9f66253936ed5c3e56db1fae9f5b5f7b |
| SHA256 | 6de2e7fca8697200d5f910d5e4f55b82524e4c765a896e1b3d007b1e4aca6e7a |
| SHA512 | 38ed0be5a07d1027626f128573003991888a8fa42a3faac19fbdbcaed3956ceeaff80d0bec01ca8e2655cd2790ae0c7916197540ec19568cbc6ced4dc7a828a1 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Code Cache\js\index-dir\the-real-index~RFe59ec4a.TMP
| MD5 | 53b71d3759dd67870eb79c8a6589a9a0 |
| SHA1 | 142b31d1bfb89c400fa2492ed131a20ac96d25ed |
| SHA256 | 6f3123bc332493450b0ab3fb2ee4eebdb63dac903ccd54cfcea47aeb1fc7bd72 |
| SHA512 | 398806998bd6143ad08345681dcf3150ebbf8a5b2dfa6537b125bfef8879d56e94dac85e44c7243c1432711435be4bb456f2a6b5e1099a339e09c6a070da4550 |
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Code Cache\js\index-dir\the-real-index
| MD5 | c80a4faa724df6dfac1b918455954187 |
| SHA1 | 33173ad4bd5c74605038f6394e1c729905761009 |
| SHA256 | cf855179975b1f79979d9ac66a2c7fbbc5c4ee77e695933c401d8751c76408a4 |
| SHA512 | b2e51dd1e0d9eeb6ca8e30339c43b15b27b5210907b6daa716e3ed46fc73e82343e5afaf71e95800fd8577336beb7f8df24e396124016f0ce67712041f1a0c11 |