dc39b5d48b629a51131dfd3422aecce052d7d661cd943bddd9994ae15ce2db40

Analysis

max time kernel
95s
max time network
158s
platform
windows10-2004_x64
resource
win10v2004-20241007-en
resource tags

arch:x64arch:x86image:win10v2004-20241007-enlocale:en-usos:windows10-2004-x64system
submitted
19/11/2024, 18:48

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

wps_lid.lid-u4Utp3nDzdeh.exe
Size

5.6MB
MD5

c5a5dd5767e25a5b21ccef63fcd9b6fb
SHA1

10fb2dc473f56694adb854cd206664ffb2ff1f28
SHA256

dc39b5d48b629a51131dfd3422aecce052d7d661cd943bddd9994ae15ce2db40
SHA512

89beb8994a9b05077296e6bae00d3f22728fe7773efc53f5dc6204658abdb35d8a743cd77b646046bb36e004a7cd1c25e32e8a34ae16aa5ad8d127df84f4f577
SSDEEP

98304:86pg+4qaSDRumxkEpMH1FkQmOnhTjqsaUODS4IeOsycwuv/guB/j:H5IS1FnpAvHZwiO2AOsRzgyj

Score

6^/10

bootkit discovery evasion persistence privilege_escalation trojan

Malware Config

Signatures

Writes to the Master Boot Record (MBR) 1 TTPs 4 IoCs

Bootkits write to the MBR to gain persistence at a level below the operating system.

bootkit persistence

Bootkit

T1542.003

description	ioc	Process
File opened for modification	\??\PhysicalDrive0	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
File opened for modification	\??\PhysicalDrive0	ksomisc.exe
File opened for modification	\??\PhysicalDrive0	wps_lid.lid-u4Utp3nDzdeh.exe
File opened for modification	\??\PhysicalDrive0	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	wps_lid.lid-u4Utp3nDzdeh.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Control Panel\International\Geo\Nation	ksomisc.exe

Event Triggered Execution: Component Object Model Hijacking 1 TTPs
Adversaries may establish persistence by executing malicious content triggered by hijacked references to Component Object Model (COM) objects.
persistence privilege_escalation

Component Object Model Hijacking
T1546.015
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 1 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe

Drops file in Windows directory 1 IoCs

description	ioc	Process
File opened for modification	C:\Windows\	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe

Executes dropped EXE 11 IoCs

pid	Process
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2180	ksomisc.exe
4052	ksomisc.exe
4824	ksomisc.exe
5036	wpscloudsvr.exe
4316	ksomisc.exe
2800	ksomisc.exe
2104	ksomisc.exe
4128	ksomisc.exe
4836	ksomisc.exe

Loads dropped DLL 64 IoCs

pid	Process
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe

Checks whether UAC is enabled 1 TTPs 1 IoCs

evasion trojan

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA	wpscloudsvr.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

System Location Discovery: System Language Discovery 1 TTPs 14 IoCs

Attempt gather information about the system language of a victim in order to infer the geographical location of that host.

discovery

System Language Discovery

T1614.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wpscloudsvr.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	wps_lid.lid-u4Utp3nDzdeh.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	regsvr32.exe
Key opened	\REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language	ksomisc.exe

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}\Compatibility Flags = "1024"	ksomisc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}\AlternateCLSID = "{AB5357A7-3179-47F9-A705-966B8B936D5E}"	ksomisc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}	ksomisc.exe
Set value (int)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}\Compatibility Flags = "1024"	ksomisc.exe
Set value (str)	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F6-3D04-11D1-AE7D-00A0C90F26F4}\AlternateCLSID = "{E436987E-F427-4AD7-8738-6D0895A3E93F}"	ksomisc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{AC0714F7-3D04-11D1-AE7D-00A0C90F26F4}	ksomisc.exe

Modifies registry class 64 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{91493465-5A91-11CF-8700-00AA0060263B}\TypeLib	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{91493460-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00020860-0000-0000-C000-000000000046}\ = "Areas"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00024450-0000-0000-C000-000000000046}\ = "CellFormat"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000C0312-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000209D0-0000-0000-C000-000000000046}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{30225CFC-5A71-4FE6-B527-90A52C54AE77}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000244B2-0000-0000-C000-000000000046}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00020892-0000-0000-C000-000000000046}\ = "Windows"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000C03A2-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{BC10DFC5-0557-4920-8FAC-1D68FC47718D}\ProxyStubClsid32	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{8260F274-8256-4707-B65E-7408312ECD81}\TypeLib\Version = "1.0"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{91493453-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00020872-0000-0000-C000-000000000046}\TypeLib\Version = "3.0"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000244C3-0000-0000-C000-000000000046}\ = "SlicerCaches"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000244E9-0000-0000-C000-000000000046}\ProxyStubClsid32	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\KWPS.EPUB.9\shell\open\FriendlyAppName = "WPS Office"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000C0370-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{1B426348-607D-433C-9216-C5D2BF0EF31F}\ = "OMathMatRows"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{92D41A72-F07E-4CA4-AF6F-BEF486AA4E6F}\ProxyStubClsid32	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000C036F-0000-0000-C000-000000000046}\TypeLib\Version = "3.0"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{00024471-0000-0000-C000-000000000046}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000244A9-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000CD6A3-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{00020872-0000-0000-C000-000000000046}	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00024468-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{618736E0-3C3D-11CF-810C-00AA00389B71}\TypeLib	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\KWPP.Template\CLSID\ = "{44720444-94BF-4940-926D-4F38FECF2A48}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{9149345A-5A91-11CF-8700-00AA0060263B}\ = "SlideShowSettings"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{914934DF-5A91-11CF-8700-00AA0060263B}\TypeLib\Version = "3.0"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\CLSID\{0002CE21-0000-0000-C000-000000000046}\DataFormats\GetSet\1	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{00020973-0000-0000-C000-000000000046}\ = "TextColumns"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{914934DB-5A91-11CF-8700-00AA0060263B}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{92D41A7A-F07E-4CA4-AF6F-BEF486AA4E6F}\TypeLib\ = "{44720440-94BF-4940-926D-4F38FECF2A48}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000208C9-0000-0000-C000-000000000046}\ = "TickLabels"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000244B8-0000-0000-C000-000000000046}	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{0002084C-0000-0000-C000-000000000046}\ProxyStubClsid32	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000C0318-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{0002096E-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{04124C2D-039D-4442-9C68-8FA38D11DDD6}\ProxyStubClsid32	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{0002449E-0000-0000-C000-000000000046}\TypeLib\Version = "3.0"	ksomisc.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\KMSO2PdfPlugins.Component\CLSID	regsvr32.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000C033C-0000-0000-C000-000000000046}\ProxyStubClsid32	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{00020968-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000209F3-0000-0000-C000-000000000046}\ = "OCXEvents"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{ECFBDB5E-ACD2-4530-AD79-4560B7FF055C}\ProxyStubClsid32	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{0002446E-0000-0000-C000-000000000046}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000C031F-0000-0000-C000-000000000046}\TypeLib\Version = "63.1"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\CLSID\{000209FF-0000-4b30-A977-D214852036FF}\VersionIndependentProgID	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{DFB6AA6C-1068-420F-969D-01280FCC1630}\TypeLib\ = "{00020905-0000-4B30-A977-D214852036FF}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000208CB-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020420-0000-0000-C000-000000000046}"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00024445-0000-0000-C000-000000000046}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{000209AA-0000-0000-C000-000000000046}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{BF043168-F4DE-4E7C-B206-741A8B3EF71A}	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{00020912-0000-0000-C000-000000000046}\ = "TablesOfAuthorities"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000244DD-0000-0000-C000-000000000046}\TypeLib\ = "{45541000-5750-5300-4B49-4E47534F4655}"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{12DCDC9A-5418-48A3-BBE6-EB57BAE275E8}\ = "Reviewers"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{00020983-0000-0000-C000-000000000046}\TypeLib	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{0002445C-0000-0000-C000-000000000046}\ = "Errors"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{000244EA-0000-0000-C000-000000000046}\ProxyStubClsid32	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{BA72E552-4FF5-48F4-8215-5505F990966F}\ = "Player"	ksomisc.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\.eto\ = "KET.OutwardWorkbook.9"	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\WOW6432Node\Interface\{0002447F-0000-0000-C000-000000000046}	ksomisc.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000_Classes\Interface\{91493487-5A91-11CF-8700-00AA0060263B}\ProxyStubClsid32	ksomisc.exe

Modifies system certificate store 2 TTPs 64 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CTLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CTLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CRLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CRLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CRLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\eSIM Certification Authorities	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\Windows Live ID Token Issuer	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CTLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\eSIM Certification Authorities	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\WindowsServerUpdateServices	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\FlightRoot	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\Windows Live ID Token Issuer	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\TrustedAppRoot	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\TrustedDevices	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\FlightRoot\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\TestSignRoot	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\Certificates	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CRLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\FlightRoot	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\TestSignRoot	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedAppRoot\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\Certificates	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\Certificates	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\Certificates	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TrustedDevices\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\Windows Live ID Token Issuer	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\TrustedDevices	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\Windows Live ID Token Issuer\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\WindowsServerUpdateServices\CRLs	wps_lid.lid-u4Utp3nDzdeh.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CRLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\eSIM Certification Authorities\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\SOFTWARE\Microsoft\SystemCertificates\TestSignRoot\CTLs	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Key created	\REGISTRY\USER\S-1-5-21-3350944739-639801879-157714471-1000\Software\Microsoft\SystemCertificates\TrustedDevices	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe

Suspicious behavior: AddClipboardFormatListener 8 IoCs

pid	Process
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2180	ksomisc.exe
4052	ksomisc.exe
4824	ksomisc.exe
4316	ksomisc.exe
2800	ksomisc.exe
2104	ksomisc.exe
4128	ksomisc.exe

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2612	wps_lid.lid-u4Utp3nDzdeh.exe
2612	wps_lid.lid-u4Utp3nDzdeh.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
2180	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
5036	wpscloudsvr.exe
5036	wpscloudsvr.exe
4824	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
4316	ksomisc.exe
4316	ksomisc.exe
4316	ksomisc.exe
4316	ksomisc.exe
4316	ksomisc.exe
4316	ksomisc.exe

Suspicious behavior: GetForegroundWindowSpam 1 IoCs

pid	Process
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe

Suspicious use of AdjustPrivilegeToken 19 IoCs

description	pid	Process
Token: SeDebugPrivilege	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Token: SeRestorePrivilege	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Token: SeRestorePrivilege	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Token: SeRestorePrivilege	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Token: SeRestorePrivilege	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
Token: SeDebugPrivilege	2180	ksomisc.exe
Token: SeLockMemoryPrivilege	2180	ksomisc.exe
Token: SeDebugPrivilege	4052	ksomisc.exe
Token: SeLockMemoryPrivilege	4052	ksomisc.exe
Token: SeDebugPrivilege	4824	ksomisc.exe
Token: SeDebugPrivilege	4316	ksomisc.exe
Token: SeLockMemoryPrivilege	4824	ksomisc.exe
Token: SeLockMemoryPrivilege	4316	ksomisc.exe
Token: SeDebugPrivilege	2800	ksomisc.exe
Token: SeLockMemoryPrivilege	2800	ksomisc.exe
Token: SeDebugPrivilege	2104	ksomisc.exe
Token: SeLockMemoryPrivilege	2104	ksomisc.exe
Token: SeDebugPrivilege	4128	ksomisc.exe
Token: SeLockMemoryPrivilege	4128	ksomisc.exe

Suspicious use of FindShellTrayWindow 1 IoCs

pid	Process
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe

Suspicious use of SetWindowsHookEx 19 IoCs

pid	Process
2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
2180	ksomisc.exe
2180	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4052	ksomisc.exe
4824	ksomisc.exe
4316	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
4824	ksomisc.exe
4316	ksomisc.exe
2800	ksomisc.exe
2800	ksomisc.exe
2104	ksomisc.exe
2104	ksomisc.exe
4128	ksomisc.exe
4128	ksomisc.exe

Suspicious use of WriteProcessMemory 38 IoCs

description	pid	Process	procid_target
PID 2612 wrote to memory of 2280	2612	wps_lid.lid-u4Utp3nDzdeh.exe	98
PID 2612 wrote to memory of 2280	2612	wps_lid.lid-u4Utp3nDzdeh.exe	98
PID 2612 wrote to memory of 2280	2612	wps_lid.lid-u4Utp3nDzdeh.exe	98
PID 2252 wrote to memory of 2180	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	105
PID 2252 wrote to memory of 2180	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	105
PID 2252 wrote to memory of 2180	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	105
PID 2252 wrote to memory of 4052	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	106
PID 2252 wrote to memory of 4052	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	106
PID 2252 wrote to memory of 4052	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	106
PID 2252 wrote to memory of 4824	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	108
PID 2252 wrote to memory of 4824	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	108
PID 2252 wrote to memory of 4824	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	108
PID 2280 wrote to memory of 5036	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	109
PID 2280 wrote to memory of 5036	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	109
PID 2280 wrote to memory of 5036	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	109
PID 2252 wrote to memory of 4316	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	110
PID 2252 wrote to memory of 4316	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	110
PID 2252 wrote to memory of 4316	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	110
PID 2252 wrote to memory of 2800	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	112
PID 2252 wrote to memory of 2800	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	112
PID 2252 wrote to memory of 2800	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	112
PID 2800 wrote to memory of 4028	2800	ksomisc.exe	113
PID 2800 wrote to memory of 4028	2800	ksomisc.exe	113
PID 2800 wrote to memory of 4028	2800	ksomisc.exe	113
PID 2800 wrote to memory of 3528	2800	ksomisc.exe	114
PID 2800 wrote to memory of 3528	2800	ksomisc.exe	114
PID 2800 wrote to memory of 3528	2800	ksomisc.exe	114
PID 3528 wrote to memory of 4716	3528	regsvr32.exe	151
PID 3528 wrote to memory of 4716	3528	regsvr32.exe	151
PID 2280 wrote to memory of 2104	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	132
PID 2280 wrote to memory of 2104	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	132
PID 2280 wrote to memory of 2104	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	132
PID 2280 wrote to memory of 4128	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	119
PID 2280 wrote to memory of 4128	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	119
PID 2280 wrote to memory of 4128	2280	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	119
PID 2252 wrote to memory of 4836	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	121
PID 2252 wrote to memory of 4836	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	121
PID 2252 wrote to memory of 4836	2252	77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe	121

C:\Users\Admin\AppData\Local\Temp\wps_lid.lid-u4Utp3nDzdeh.exe
"C:\Users\Admin\AppData\Local\Temp\wps_lid.lid-u4Utp3nDzdeh.exe"
1⤵
- Writes to the Master Boot Record (MBR)
- Checks computer location settings
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2612
- C:\Users\Admin\AppData\Local\Temp\wps_download\77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
  C:\Users\Admin\AppData\Local\Temp\wps_download\77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -asso_pic_setup -createIcons -pinTaskbar -curlangofinstalledproduct=en_US -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -notautostartwps -enableSetupMuiPkg -appdata="C:\Users\Admin\AppData\Roaming"
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Drops file in Program Files directory
  - Drops file in Windows directory
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Modifies system certificate store
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious behavior: GetForegroundWindowSpam
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2280
- - C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
    "C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" InstallService
    3⤵
    - Executes dropped EXE
    - Checks whether UAC is enabled
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: EnumeratesProcesses
    PID:5036
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -regmtfont
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:2104
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\\office6\ksomisc.exe" -setappcap
    3⤵
    - Executes dropped EXE
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    - Suspicious behavior: AddClipboardFormatListener
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of SetWindowsHookEx
    PID:4128
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\\office6\ksomisc.exe" -assoepub -source=1
    3⤵
    PID:1976
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\\office6\ksomisc.exe" -registerqingshellext 1
    3⤵
    PID:744
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\addons\html2pdf\html2pdf.dll"
    3⤵
    PID:3112
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -regmso2pdfplugins
    3⤵
    PID:4816
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kmso2pdfplugins.dll"
      4⤵
      PID:2720
  - - C:\Windows\SysWOW64\regsvr32.exe
      "C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kmso2pdfplugins64.dll"
      4⤵
      PID:4344
    - - C:\Windows\system32\regsvr32.exe
        
        /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kmso2pdfplugins64.dll"
        5⤵
        
        PID:3540
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -regPreviewHandler
    3⤵
    PID:4464
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\\office6\ksomisc.exe" -assopic_setup
    3⤵
    PID:3224
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\\office6\ksomisc.exe" -defragment
    3⤵
    PID:5064
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /prometheus /download_lang_on_start /lang=en_US /from=get_start_with_wps_after_install_onlinesetup
  2⤵
  PID:3108
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe" /prometheus /download_lang_on_start /lang=en_US /from=get_start_with_wps_after_install_onlinesetup
    3⤵
    PID:392
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe" /qingbangong /start_from=qingipc /qingbangong /start_from=kstartpage silentautologin
      4⤵
      PID:1616
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -getabtest -forceperusermode
        5⤵
        
        PID:1716
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -getonlineparam -forceperusermode
        5⤵
        
        PID:4520
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /messagepush /PushType=mipush /From=Qing
        5⤵
        
        PID:2740
      - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe" /messagepush /PushType=mipush /From=Qing
        6⤵
        
        PID:2812
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\ksolaunch.exe" /krecentfile /init /From=Qing
        5⤵
        
        PID:1776
      - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe" /krecentfile /init /From=Qing
        6⤵
        
        PID:1512
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe" Run /InstanceId=messagepushcenter -Entry=DoWakeup C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kmessagepushcenter_1.0.2024.12/kmessagepushcenter.dll
        5⤵
        
        PID:3432
      - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kwpswnsserver.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kwpswnsserver.exe" checkrt
        6⤵
        
        PID:2620
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe" Run /InstanceId=wpsbubble -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kwpsbubble_1.0.2024.61/kwpsbubble_xa.dll
        5⤵
        
        PID:3264
      - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\promecefpluginhost.exe
        
        "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --mojo-platform-channel-handle=2240 --field-trial-handle=2576,i,3285780728609252585,4316500777070103161,131072 --disable-features=TSFImeSupport /prefetch:2
        6⤵
        
        PID:1620
      - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\promecefpluginhost.exe
        
        "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --mojo-platform-channel-handle=2748 --field-trial-handle=2576,i,3285780728609252585,4316500777070103161,131072 --disable-features=TSFImeSupport /prefetch:8
        6⤵
        
        PID:660
      - C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=3264 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=3020 --field-trial-handle=2576,i,3285780728609252585,4316500777070103161,131072 --disable-features=TSFImeSupport /prefetch:1
        6⤵
        
        PID:4372
    - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe
        
        "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe" Run -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kdocreminder_1.1.2021.190/kdocreminder.dll
        5⤵
        
        PID:5968
    - - C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\chromehost_1.0.2024.67\chromelauncher.exe
        
        C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386\chromehost_1.0.2024.67\chromelauncher.exe install
        5⤵
        
        PID:5484
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\promecefpluginhost.exe
      "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=gpu-process --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --gpu-preferences=UAAAAAAAAADgACAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --mojo-platform-channel-handle=3220 --field-trial-handle=3388,i,8826339340926208694,14029998803935220551,131072 --disable-features=TSFImeSupport /prefetch:2
      4⤵
      PID:3840
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\promecefpluginhost.exe
      "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-sandbox --log-severity=disable --lang=en-US --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --mojo-platform-channel-handle=580 --field-trial-handle=3388,i,8826339340926208694,14029998803935220551,131072 --disable-features=TSFImeSupport /prefetch:8
      4⤵
      PID:4420
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=392 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=4288 --field-trial-handle=3388,i,8826339340926208694,14029998803935220551,131072 --disable-features=TSFImeSupport /prefetch:1
      4⤵
      PID:3912
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=392 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=4324 --field-trial-handle=3388,i,8826339340926208694,14029998803935220551,131072 --disable-features=TSFImeSupport /prefetch:1
      4⤵
      PID:1836
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscenter.exe" Run -Entry=EntryPoint C:\Users\Admin\AppData\Roaming\Kingsoft\wps\addons\pool\win-i386/kdocreminder_1.1.2021.190/kdocreminder.dll
      4⤵
      PID:5732
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPSOFF~1\1220~1.189\office6\wps.exe" Run /AppUserModelID=Kingsoft.Office.cefhomepage -Entry=CefRenderEntryPoint -EncodePathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -EncodePath QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGtzb2pzY29yZS5kbGw= -CefPluginPathU8=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -CefPluginPath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xjZWY= -JSCefServicePath=QzpcVXNlcnNcQWRtaW5cQXBwRGF0YVxMb2NhbFxLaW5nc29mdFxXUFMgT2ZmaWNlXDEyLjIuMC4xODkxMVxvZmZpY2U2XGFkZG9uc1xrY2VmXGpzY2Vmc2VydmljZS5kbGw= -CefParentID=392 "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6\promecefpluginhost.exe" --type=renderer --log-severity=disable --disable-pdf-extension --user-data-dir="C:\Users\Admin\AppData\Local\CEF\User Data" --no-sandbox --log-file="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\debug.log" --js-flags=--expose-gc --lang=en-US --no-zygote --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=4992 --field-trial-handle=3388,i,8826339340926208694,14029998803935220551,131072 --disable-features=TSFImeSupport /prefetch:1
      4⤵
      PID:5664

C:\Users\Admin\AppData\Local\Temp\wps_download\77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe
"C:\Users\Admin\AppData\Local\Temp\wps_download\77fb58816aa60e53d94eff396fedfaa1-16_setup_XA_mui_Free.exe.601.1123.exe" -downpower -installCallByOnlineSetup -defaultOpen -defaultOpenPdf -asso_pic_setup -createIcons -pinTaskbar -curlangofinstalledproduct="en_US" -D="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -notautostartwps="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -enableSetupMuiPkg="C:\Users\Admin\AppData\Local\Kingsoft\WPS Office" -appdata="C:\Users\Admin\AppData\Roaming" -msgwndname=wpssetup_message_E6007C4 -curinstalltemppath=C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\
1⤵
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- System Location Discovery: System Language Discovery
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2252
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -setlng en_US
  2⤵
  - Writes to the Master Boot Record (MBR)
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:2180
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -getonlineparam 00601.00001123 -forceperusermode
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4052
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -getabtest -forceperusermode
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4824
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -setservers
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  PID:4316
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -register
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  - Modifies Internet Explorer settings
  - Modifies registry class
  - Suspicious behavior: AddClipboardFormatListener
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2800
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kmso2pdfplugins.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    - Modifies registry class
    PID:4028
- - C:\Windows\SysWOW64\regsvr32.exe
    "C:\Windows\system32\regsvr32.exe" /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kmso2pdfplugins64.dll"
    3⤵
    - System Location Discovery: System Language Discovery
    - Suspicious use of WriteProcessMemory
    PID:3528
  - - C:\Windows\system32\regsvr32.exe
      /s "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kmso2pdfplugins64.dll"
      4⤵
      PID:4716
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -assoword
  2⤵
  - Executes dropped EXE
  - System Location Discovery: System Language Discovery
  PID:4836
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -assoexcel
  2⤵
  PID:1984
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -assopowerpnt
  2⤵
  PID:4928
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -compatiblemso -source=1
  2⤵
  PID:5000
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -checkcompatiblemso
  2⤵
  PID:4340
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -saveas_mso
  2⤵
  PID:2268
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -distsrc 00601.00001123
  2⤵
  PID:2104
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -sendinstalldyn 5
  2⤵
  PID:4432
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -updatetaskbarpin 2097152 -forceperusermode
  2⤵
  PID:3056
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\pinTaskbar.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\pinTaskbar.exe" "C:\Users\Admin\AppData\Local\Temp\Kingsoft\WPS Office.lnk" 5386
    3⤵
    PID:2856
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -externaltask create -forceperusermode
  2⤵
  PID:3696
- - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe
    "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe" Run "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\addons\ktaskschdtool\ktaskschdtool.dll" /task=wpsexternal /createtask
    3⤵
    PID:2168
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe" CheckService
      4⤵
      PID:1424
  - - C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe
      "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wps.exe" Run -User=Admin -Entry=EntryPoint "C:/Users/Admin/AppData/Local/Kingsoft/WPS Office/12.2.0.18911/office6/addons/ktaskschdtool/ktaskschdtool.dll" /user=Admin /task=wpsexternal /cleantask /pid=2168 /prv
      4⤵
      PID:3980
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -createsubmodulelink startmenu prometheus
  2⤵
  PID:3432
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -createsubmodulelink startmenu pdf
  2⤵
  PID:4516
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -createsubmodulelink desktop pdf
  2⤵
  PID:976
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -createsubmodulelink desktop prometheus
  2⤵
  PID:3132
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -createCustomDestList
  2⤵
  PID:3504
- C:\Windows\SysWOW64\regsvr32.exe
  "C:\Windows\system32\regsvr32.exe" /s /n /i:user "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kwpsmenushellext64.dll"
  2⤵
  PID:5012
- - C:\Windows\system32\regsvr32.exe
    /s /n /i:user "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kwpsmenushellext64.dll"
    3⤵
    PID:4716
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -setup_assopdf -source=1
  2⤵
  PID:4440
- - C:\Windows\SysWOW64\openwith.exe
    "C:\Windows\SysWOW64\openwith.exe"
    3⤵
    PID:924
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpsupdate.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpsupdate.exe" /from:setup
  2⤵
  PID:1472
- - C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
    "C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" CheckService
    3⤵
    PID:4988
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpsupdate.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpsupdate.exe" -createtask
  2⤵
  PID:2764
- - C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe
    "C:\Program Files (x86)\Kingsoft\office6\wpscloudsvr.exe" CheckService
    3⤵
    PID:1228
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -createexternstartmenu "WPS Office"
  2⤵
  PID:1716
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -rebuildicon
  2⤵
  PID:5024
- C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe
  "C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe" -reportAssoInfo -forceperusermode
  2⤵
  PID:3340

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Pre-OS Boot

T1542

Bootkit

T1542.003

Privilege Escalation

Event Triggered Execution

T1546

Component Object Model Hijacking

T1546.015

Defense Evasion

Modify Registry

T1112

Pre-OS Boot

T1542

Bootkit

T1542.003

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

System Location Discovery

T1614

System Language Discovery

T1614.001

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\Qt5NetworkKso.dll

Filesize
1.1MB

MD5
3517cd41fb70e3ba9fd8b5f4d2050853

SHA1
621a79d4d0d48e0c9390039e4e745dfca04624c6

SHA256
0b957236f4938e539f6d02a2cb09fe9976a9ecfe3fb28316d53c80bb4bc3bdea

SHA512
4b921eea49a03208a110daaadf5dd9d28eef39fce4d430e29340061ccfdf1cb58d2b98a7e2fd18a1109210a5ee6314f12db28247f30dab97c73e6f2458ec26fd

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\Qt5XmlKso.dll

Filesize
170KB

MD5
fbcbef7492b94b06957381687e1e67e5

SHA1
0ba53bf281afe9a8dd4e55e525269ebe4c7a5ce0

SHA256
86bbc4e3370e70cd04cbe7ecee7bc2ea620cf92d4c79d027e06e3d1af045edd6

SHA512
b8befeacda65311a505f9397f1ccb30d2ec683fb6254c0a7043bbba1365f5737b5d4af2451cf57e8fb3b5e851670c041844c7e369478c4a0ebe7894c333f2426

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\addons\kodfconverthelper_xa\mui\pt_BR\kodfconverthelper.qm

Filesize
334B

MD5
2b42be10ddde43a0b6c2e461beae293a

SHA1
53888c4798bc04fdfc5a266587b8dc1c4e0103f3

SHA256
984ebeef80f6f50907afb92e5b5ae72df49fce045552c118a77a8887cc98e19b

SHA512
be3ebd02d37de367200696351fb5f9cd0ec4c206c3a33f281cb8b62386457a30a899322798c63a0d495577393e47258994feb7f8e2445645f552c2b7a2de6778

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\addons\kuserinfomenu\mui\default\html\run.ini

Filesize
171B

MD5
b30cb271e143eace0f55ea2e562e1e9f

SHA1
9d97dbf24931cfc114384c3f4dbbae21c9e51be5

SHA256
3ab7bb6175885fc6acbf5eed0062b0d00c059cb4c68bd2ef90149b2c8763e658

SHA512
dc593185fa63b458024c3a913c558e5686806154181dea67eec786ada50595c53bab822833ad1e76c9acdf21be3eba50631391b7e575d7f1f6409ceccf966535

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\addons\qing\mui\default_xa\res\clouddiskhomepage\static\js\history.js

Filesize
198KB

MD5
12435e50a498b3b7a712979da2365113

SHA1
79919439708db7084d41cf7e35970a0a84fa2d5c

SHA256
8a3d43e9e5f01c0c07207fb62e4ccc1a686c77d2c8c4be7f12a91678517cc807

SHA512
6dad7e007f677ef59e4230814278ef496adc74273aa69a29025c60ed2e3f9a6bcb7cbe769bd1e5ce2f1fb2d25072ff91bd8a75312912600fdb7ce14d22340977

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\cfgs\setup.cfg

Filesize
434B

MD5
3dfb44586455e369a34919665c39e882

SHA1
883fbd63d3d545dd19629d44cfe175dda22ff26b

SHA256
0b243f7fcccc9e2e698787756681158bd0bbfe12bd4d7c02d8f6f3d5b6036068

SHA512
dc5e732b5edd4edba2450f9552521cabcebe0d7a45023deac23ea6dee0c1d87bee557c0c89ebbea0a8ac4f1f3e7c73c1595ce56e8b0a916bd18fc8dc810372b2

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kbase.dll

Filesize
177KB

MD5
3c1fe9592b7bc598d5a361ba95e375dc

SHA1
c2e46dab5f3b9dad5f8a61ccb1c2e8042e593dbd

SHA256
8b8e0ee582e5c31fd4636a270f0e04336855fe43cff2f118c2c93f6f12e86d6b

SHA512
54c4a97ed7571965eff31038e18e60afbdd43769b3f33a836a20d881fa0f0f15db67a497b16f9bbde7f47a60ab85828dceb0662a7e663be5eb946057ff6c75d0

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kdownload.dll

Filesize
434KB

MD5
4df39544038a035234b7997408bbd7e4

SHA1
31f1d8e2b5cb210a661b3a2c702d31a67f46d8ff

SHA256
b2b25e2e678b7870eb1ad9ce62f050fa86ce1e5e449a09bc4190b099ca67e476

SHA512
203d4ae1cc7a5210dac522cf2071b7b28ef86e1ca532e0cd228437e0725fc943f83da2cdbe8cfe37257940a82159db35427c42783e9f20eaf01d94e80431df71

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kprometheus.dll

Filesize
7.5MB

MD5
8415535cdb81d0769ef20a93f020c093

SHA1
468ea207b712d6931cb4350d0a3aff8872145dd3

SHA256
1f972c0c019180282e9b955406a9e1c5e091c61c69c3e3870f33db674c9c2e74

SHA512
642a1c87f7f11a29df461033cd62deb42cf2f7e23f70ab5b3143eb6a7ef5a9a134c9b48d9b13459eeb6674d1f22c37d0f51ad06a3824694dae380feeecc718b9

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\krt.dll

Filesize
1.1MB

MD5
e38bf932677af0491aa92e6a6ad56d68

SHA1
dd9fe80b9634abc685bb59838a18b9b301cba560

SHA256
0495a46bc6d1b5edc8dc9f637138988d45de749331790900d709962de4dad847

SHA512
b790924e4d4c4c57421516fae87f32902221f1e770546a8baffe6b65f86dabcd9f375f0ac19b368267c6ec0fbb5b887202f5be3de0eb5670c71ce7aaa694c3a6

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kshell.dll

Filesize
23.1MB

MD5
594b3bbaac68588ccedd29f5664bad63

SHA1
b4e360687576f00fea8512ad4241e55278688539

SHA256
b4f88d7df4bfce29855d90f0eb3828d7feb6943357996c64d2067da6c377e224

SHA512
ac3df34ef8e83977417afeaaee4836b98afe377b76fee26396f94b5600e0733d7d6c2d49596243879069c8de72b4de912798b187cc54dcb00eb25aa341f730fb

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\kso.dll

Filesize
24.8MB

MD5
3b03d30ad39e3fb10a71b1449e140e79

SHA1
1f989eba906f53c1788c3ca2c1a12fc40b79ef23

SHA256
d33dbf2117955a6837f230e648e2601c984e6f2daca9e0eec9f87c8a0d8cdc98

SHA512
d279fb7af1f289a409bfca41d477d3efce04da507c68891272b508a37a0fbf8c77cf2bdf30237312ac73073ab90edbddcca3f914d3ead792e960c94aaf0bc600

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksolite.dll

Filesize
10.0MB

MD5
03ba701d0fcc20e45186561268aef826

SHA1
f74b2e3262589ff3b7e4c915a4ec2c1ba8a0d2ee

SHA256
4c65592e13accd3d06e73b1ee1c53ae5d1ee1194b1be9cac732feb189ba24af1

SHA512
70c5eca2d13e64c9595d9df8507930d59e8c8836c822dc0f3a24c7d40a3952f5e1b93f729a65a2807bf005e62a2806cdcd2992040c47f49a2a5d1bba2c75ff2d

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksomisc.exe

Filesize
3.1MB

MD5
af4a1fd1a513e63308bd9944d849bdde

SHA1
51b39531aee200509bca2fda6984a6743783602e

SHA256
b812b540ef1ccea9831725f88f1cca67224c03449bc2dddca4a30494f8a3f5b7

SHA512
582fb63d0f82bf0b77aa3bcf6eb43fde9568f297bf5e6aa866501ca7890a61d3afa9a3b714392c2c17119f0b71d17b1c0fd2486ee6a3060b9f596a45fd52773a

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\ksouil.dll

Filesize
1.9MB

MD5
87608bcc612d20ccb2be2bb09216c367

SHA1
1dff670eae5a9505a9875ce076bac49ebb97b959

SHA256
55ea5396d393b496c694d3aa51a714531482cec38df482e49c47ced74f1ea229

SHA512
928e5d2f4e39bfbd69f0a054030fb37b4517907879f77646a8fb4bf105cf999406d093906beb6d43077208eb2f7e0d75631a4f7381f3d199c8f243e189d9e28c

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\libcurl.dll

Filesize
519KB

MD5
61d6f2edb76fa2e0711f355538db2872

SHA1
c382043c06600f700eedd470e4a6224beb2bc3c0

SHA256
a5432bca4f4a3095cb6a9aef04876e37df5264144c675b872af87f94478bcc72

SHA512
75af34563a08232f807f0e1821578a41d0726ba044cf6bf567367e52079e7a523e7f8b78b5728f698ced087b9f75d13db9aa42f60efde66c78a30a230f6a5b5e

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\libssl-kso-1_1.dll

Filesize
565KB

MD5
f7938a78b4a46155118e50d9277c249c

SHA1
52b4aa72b31b025b7300986c7e2f60cf00cc005e

SHA256
ea9f17fadba3e85c1bea077f3dfb471bdd88daaf39b2086c05dc08b24b1b59eb

SHA512
1171675e4d3691e3adc733dbd3c755ecd40563167b6288c261bb27aae7f9ecf0307508069b592021800c21b567ef49b5a94acd9704ef2eaf3a706e3be1eba023

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\mui\ja_JP\resource\splash\hdpi\2x\ent_background_2019_wpsoffice.png

Filesize
236KB

MD5
c5ad1903526a9ca4c2f55cfea1e22778

SHA1
9c7b9ba9100a919cad272fb85ff95c4cde45de9f

SHA256
5e7ba996d2331f37b9799767c0fa806cab9a39fea434796ab08dcaf39096e334

SHA512
e482142e81fbe71666b40f7a2c53702b4278436a0240e0f56200443cf4235d9942cccc3545cc01486d53a0972be553cbf93442e8b05de7b4fcd1fe8a4ec16bb4

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\qt\plugins\platforms\qdirect2d.dll

Filesize
1.4MB

MD5
96ea1487232fa561ced71d414e9de6bd

SHA1
9509e848cb104edca1dadcb1ba29c358cdc621cc

SHA256
3bb385ff6cd271d4241edc2ed55e1849611381dd1fc85c2046a8a9a98002e733

SHA512
8ce9067b75df1f13ed5c94e83aa3c747ffc8dcc556c22733432d11df8df17331937e9f78128c5af0e55f7a5a3f27fe496c7d02d0afae1f216f8bb9db3752926e

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\office6\wpscloudsvr.exe

Filesize
904KB

MD5
b8387d21b0e475d76ece6015119e78b6

SHA1
e01c18b12a6ba6b1106da6476e13aa1b127be75a

SHA256
c0daff288081064124dcfe65c75d6a67242f025a0421674cea3cc591115930b2

SHA512
69239776f2cf2d27e68a34a6e8dee339569dafb72a52f2d1015eed045563cf1ae9588ec0b4486bfc9079f8609dbf153d580a3eafbe6b9e9f10099fccad19b948

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\utility\install.ini

Filesize
499B

MD5
183330feb3b9701fec096dcbfd8e67e4

SHA1
2f43379fefa868319a2baae7998cc62dc2fc201d

SHA256
ac4f26a184114522200169c5f57a0af4498a20d19b7ec6def14dd2c6413eb475

SHA512
643cc197456f15da6ddd6eb904f2b25ad4236a24310d575958c0c8e457a33167e748d21184162502a295fa466c031a837511d4d5348fd67499ede1b60065c471

Download Submit
C:\Users\Admin\AppData\Local\Kingsoft\WPS Office\12.2.0.18911\utility\install.ini

Filesize
675B

MD5
b2f8eb7563658e7dc6195e49c4c4b44c

SHA1
8f302b12cb8d8a589c02d2a115e6a3df3d1d3536

SHA256
6ef45ee0a1dabb780e39b0d26226a8a318f2f450f977a6be6e07534d7b1a3d5f

SHA512
ef84f6a4e9a31c1f45926f289877e5f5a69d86f7964cf5d619586eee600074f9cba7900d267bc432d2a48f72aca485126700a9860226f52a7e51dbbc0e5486e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Kingsoft\WPS Office.lnk

Filesize
2KB

MD5
52b0110725015523fac69073e86623a0

SHA1
3aab2ef1cfacec025b5d7ba7f86e0c077d50da90

SHA256
0a1d368264f809bf7f53cd02080b9e2f34bceb7b791df76432081c8a043347e1

SHA512
91fc5ec4a09ea8628c1c6aad3e56b5088e89f87350d970460bdfe1ea26c1f0f1d49d2d1962f61bb5474760ee13633df021f8d3e5bbb211c2935a56e00702faa0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\API-MS-Win-core-xstate-l2-1-0.dll

Filesize
10KB

MD5
b74d06f62cd28683b35052715273f70f

SHA1
28f0ff95c64faa31eafdc4e5e95cd7dbeb54ca22

SHA256
144eb756de343fcb063034e9708cded52fe7f83ac3c94244a8de9baf95fe954a

SHA512
fd20a4342d365396c950b7a1c1b9672b4151fc1097af3abff6af9e0723f8bfb0628ac8cf3cdbae466fcb78ad5520ce5ef7a76d76a86f889dfa98b9a4d2fc032d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\Qt5CoreKso.dll

Filesize
5.0MB

MD5
be2ef211c831fb6057caea927056563a

SHA1
fb0d2a7ed624398809bb0ddd8a8ea022556c9245

SHA256
c0c759f9e1a025b9357142f636a6762b81dc56ef11ea7a8642c431a9ae67eb0e

SHA512
2eebb10862065a25cb9210736be5b7de418eaa07e55ea7b2fb6150856cb72c55ab19bbefc7c49ec506f15358b19b18566f97ea17a554db0ecd70d4f998ebe64a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\Qt5GuiKso.dll

Filesize
5.3MB

MD5
303f5d0170ada52c5b90d889ab81595f

SHA1
e7a80ed76e6a0c7c779b87ca5f34fdf67652992e

SHA256
41c9c40a5e362993e90168af9a919386189024f54aa33baf506f2fd8ece056a0

SHA512
123621ffe29a8297d6488d69ccc1b25e85b44b3f2bf24dd56e06008061fc2c7591870c4c5d8223d3131be73bc577ca9c54c41adeb7a0284c5d7d663f7edb9648

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\Qt5SvgKso.dll

Filesize
392KB

MD5
5eea7061167c573184a66957e3f0ae1c

SHA1
55c560ea8991340838271e06b43a0cf6238cb72a

SHA256
9d946bea1e14917886477b5b052751a6b2395cd5912f6028ff042b8375b004fd

SHA512
bd789597f6c5e58d258c81e2244e1ec7aa032ba7f6beb414a6b26064deb73008e3abe63a46d542a8775c3909ab305b481e240cb6a4f234da2d27e8f514cf5bce

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\Qt5WidgetsKso.dll

Filesize
4.5MB

MD5
820ecc5e5d19efa87c517649e39ff9d8

SHA1
85a4adb69bfdadb2102e1a8d2e46cb012dfa2cc6

SHA256
74abf4186c624953639686cf18f43b3c2384e3a88566e50a7e10deab97e20684

SHA512
b350e00c64b44ae85f824294c29876ebd9a9609cb07856a425fc4bbeb233cf24c151b12d19c1842929f6590837d1bffbc41f2b32d049aecc948b708e157c9438

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\Qt5WinExtrasKso.dll

Filesize
217KB

MD5
9d9a978a5afb92e59ab1fdbeffae0365

SHA1
035a45474fdfa885b323a7149d606a646e1f6726

SHA256
d4a4a3fcd8b4d23cc1ced0d818f01d869a28d4e2cb1d11a4ea64cc63cb38333f

SHA512
c4c090ffe2fd9dc3ef02389814a23fd27ff76ad0bb3ebc6c9c7422fbbc51bd7cfc049fcbdbad89737f96887be90e09a4aeeb7bac48098cf398f588d53a25e7b4

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-console-l1-1-0.dll

Filesize
11KB

MD5
b951011ba021c374455e8d1e18af84d2

SHA1
2d2e5e097ba5d92e6977cbb23afcc60b2e1d1c8c

SHA256
1c057286bdf0cb90f7dd1fecf5e8afbcff1e27f2a94612967c0634ae639ca43d

SHA512
bc7007ea97647b53a62561c7eafdc292478e2d1dd9cad9f84a3641eba5a57184274fd992f08a18c7f9afa82d5c37a15b6058f147e88623d5d0f5b962931b3850

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-console-l1-2-0.dll

Filesize
11KB

MD5
c26d7d913fd245afc0f0d658595447dc

SHA1
b5e00a0516b6c8c6f6a51ea40fae1beba3dd49ba

SHA256
73e4264dd66696163fbbf868729841f2e9b86f5a59912e64fb9718a8c889a7aa

SHA512
f7e22751671ef8f5d9768cb96733377cd5f38cdf241503234f69c4c6ac9348416c1a7622d7008fc1323a8673359db9e0bef29a4fec7853c5b5fe0b94e294471a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-datetime-l1-1-0.dll

Filesize
10KB

MD5
7435c7831c7b3b47e55701e5c6cca67a

SHA1
8e0fcc170f5d66beea796b38cd544a045375204b

SHA256
7ea1c2902a47fcd4a30180a4fe5ba5800fcad76b63da5ca4494e24954cea9bd3

SHA512
453fde0df6bf8867dac38e1dd155300a4fb3ab88a20de3420f14ce2c05d890459b767671b23d21422c49ff1aebb9ea84b47bee0e2b2305a7af1314393de28267

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-debug-l1-1-0.dll

Filesize
10KB

MD5
d05f970cf2bdb0da0a1bf33cbc36b53d

SHA1
505b7e21e237d7f8c454bdfb37b19932ae6980d3

SHA256
273516d86d92975ba14f0f85bdce5b81f75f8ba76e08e33575c67f34d7236775

SHA512
62b843ea200fee7868482de417048458c304a218ccacf44b70e0026bafc5e37aec4e7ad2c93513cfdbaa06e5ced7a826fa4701d27d6fb9eb81f183335fa182d0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-errorhandling-l1-1-0.dll

Filesize
10KB

MD5
801750157960c928af876c3ec8dd4651

SHA1
1cb405eb7339ef121df51f5eba44e0b0177a76d3

SHA256
be330de7aa8f2f33bcdabf0cec2551399b4ea0f22335a0277ea9c3a7aa405bdd

SHA512
70d84b12ec65f497720dd3ee2c634a67d2f0011c9ea825bdbf20343f3572a99432a843cb178f705d923649694cd38aea9ed97b7162138e56374cd369d158d2b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-file-l1-1-0.dll

Filesize
14KB

MD5
7f3c75a78482e1ea21cdd81055b3135f

SHA1
e0fa94d72626531aa971c3f1385f03ded6bde6a0

SHA256
50347ffd660720cb1f41691be2793d00b169c864f7260dba1966a8ce5c9da943

SHA512
925ee75ea5261de55d50e0c72de891833e20975b06cf9a1712385c077fef4548639d629354969cc8d18bc7664b6b3e03ffd11d08965e2fc94b3a11d3de6cf839

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-file-l1-2-0.dll

Filesize
11KB

MD5
cd3cec3d65ae62fdf044f720245f29c0

SHA1
c4643779a0f0f377323503f2db8d2e4d74c738ca

SHA256
676a6da661e0c02e72bea510f5a48cae71fdc4da0b1b089c24bff87651ec0141

SHA512
aca1029497c5a9d26ee09810639278eb17b8fd11b15c9017c8b578fced29cef56f172750c4cc2b0d1ebf8683d29e15de52a6951fb23d78712e31ddcb41776b0f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-file-l2-1-0.dll

Filesize
10KB

MD5
b181124928d8eb7b6caa0c2c759155cb

SHA1
1aadbbd43eff2df7bab51c6f3bda2eb2623b281a

SHA256
24ea638dfa9f40e2f395e26e36d308db2ab25ed1baa5c796ac2c560ad4c89d77

SHA512
2a43bf4d50d47924374cde689be24799c4e1c132c0bc981f5109952d3322e91dd5a9352b53bb55ca79a6ea92e2c387e87c064b9d8c8f519b77fff973d752dc8f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-handle-l1-1-0.dll

Filesize
10KB

MD5
d65ef6902015757c4b5e2b550c233e1d

SHA1
8b3a44beceb81727071337a9c9e7d0f3b1370455

SHA256
9f2c87a8f541fd2e563778208c51f1e1852d4874571b6c5218066c0d58f9539c

SHA512
01dc60cf2d8f902848a4234cb97b12329d813f836786407ee090083a9fa6750df7f6b4db6d3496a873fc352bba4edf109ea6d5811d124075d8f3d21008c96773

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-heap-l1-1-0.dll

Filesize
11KB

MD5
8af9779906d36b71166a1e286c880d0d

SHA1
deb18c79ab7def1f7ce1b22f90d21b3f6c5d8ef3

SHA256
2e9a683aa69db2f8186ce9ac3e6a610fc727390155668b2680a728a6e6c67247

SHA512
c9927edc959272747aad42f9d243119fba2d126ac7e0463b59847e3738fe62fe58c01f666791d66177949e61b6bf36da67d558475382aa71a236794137186e96

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-interlocked-l1-1-0.dll

Filesize
11KB

MD5
2f68cbb35c4c8e66c7d1a8b6c2079700

SHA1
2acb3bdfb7209323d586866e276e152d540d5ae3

SHA256
96509b560bc604a30af26e08d6181d24dde1d51bf3654a12cd663a4ba1a11eac

SHA512
d5886e85abb2b2b4dd0d632e56d7f056f58374b774769bc83dc84f734827fc87b91d85f609f6faae3e3c10703716b31d775ca7f5819a1f719a355a154a8cc1ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-libraryloader-l1-1-0.dll

Filesize
11KB

MD5
57a0a074d52e17ce0fec69b4106bceb4

SHA1
f6fbe3fe91884d3aa19ce93156423da55bdd6ced

SHA256
f378ed4e0a68ca5fefff824912a5ec14992a6a8859e088a50a6df6d632611834

SHA512
8878c3bc77e004924e4595e03d0e717c75e44475e3bef923facd8435fbb26d2f7b3e16acb1e0516e0d0a5df502375ef86aa360d7c9cd79a52256b946896a7df3

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-localization-l1-2-0.dll

Filesize
13KB

MD5
21519f4d5f1fea53532a0b152910ef8b

SHA1
7833ac2c20263c8be42f67151f9234eb8e4a5515

SHA256
5fbd69186f414d1d99ac61c9c15a57390ff21fe995e5c01f1c4e14510b6fb9b1

SHA512
97211fad4aae2f6a6b783107938f0635c302445e74fc34a26aa386864509919c3f084e80579d2502105d9256aab9f57ea16137c43344b1c62f64e5bc1125a417

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-memory-l1-1-0.dll

Filesize
11KB

MD5
ed6d551457d8a41b48bf017b79765e27

SHA1
fa1609389caea2192f37017a23ec66e0c7f21d65

SHA256
7733252eb66a1f3ce0efc5c375fadd6fa20a596324658c72d4e707f67909a433

SHA512
a0fb6d1420c9a74266c368f246af06c173379c78f0ac6eb676aa95f5c41e9b12f52fc32ec79c89d1cf4ea67c0a8d092d0ca3caba651188598a52b1a2ff2f4c69

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-namedpipe-l1-1-0.dll

Filesize
10KB

MD5
d8873df4158c5d449f13fd32442f10f5

SHA1
52c9bf4137e466124eab9aa639671795d05125f1

SHA256
04532aed545a391a9e95d6103a816ec5d26df14af51f51dd0c649ddd57862e5c

SHA512
e52876ca557755f50bdd3f9adf124a6a562798a725480238f747348c9f81539903f8a19eeb00a61e50f5fde6e7acc8e613b4ba94cc0d8facc2a91f98078997d3

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-processenvironment-l1-1-0.dll

Filesize
11KB

MD5
0a34f6f91287218a1d451999957701b3

SHA1
05727b747b29845e025d2efde0e43ee36927439e

SHA256
ed755e302cc2a9f5d3cc38140a90697c6bb24965acc6cdaddb63e95c3d2cb9bd

SHA512
24d69f006cdfb91182e3cf9d917dad90353c5824cb19a00a9c4dc9feff0a279a32750a83774a5fe4f5e863386e23efb96a0b54a82c551f28822c6df410eebed8

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-processthreads-l1-1-0.dll

Filesize
13KB

MD5
45578c4fafc6d9d5ab6e78a07827c19e

SHA1
2fdf383c24a697a0cc29231dab4d0a77207a29f1

SHA256
6d298ae58e7651d23b75a4f6cc070794e716574fe497105fb4ef727ce9782779

SHA512
63ce2272ecc03e7e8c60395360fc685b4b144fb1cadc709f15e070e4e7b769ab282e7a652254386e83827d7982936f38a152014848e183fdb0ea38dff92e83bd

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
11KB

MD5
b5c8334a10b191031769d5de01df9459

SHA1
83a8fcc777c7e8c42fa4c59ee627baf6cbed1969

SHA256
6c27ac0542281649ec8638602fbc24f246424ba550564fc7b290b683f79e712d

SHA512
59e53c515dfa2cd96182ca6539ed0ea2ebb01f5991beb08166d1fc53576aeaafebbb2c5ee0ccbdab60ae45fc6a048fff0b5e1b8c9c26907791d31fb7e75b1f39

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-profile-l1-1-0.dll

Filesize
10KB

MD5
1672a33674cbaf42b3eec20d52930bd9

SHA1
f6e3da76e7de8a0d5f2e254b080ba973c92ba817

SHA256
a99b485112b305623ec3c8ea0d4c9acfac0c5c66821d4a98cde7b43edb8b78fc

SHA512
7b405243d474706c192e3e3b67ff61412adf41ea3bbbdcd5281aab2e7bed01c0c83a09fe60c0a0274d176a3aeb54dc0406dd044e002b8a447503c6dceb34d237

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-rtlsupport-l1-1-0.dll

Filesize
10KB

MD5
83cad14da9e92a8baf84a9afe2c9a5b0

SHA1
14c89f2ade657eb9249b95f9290fb4284908c9c6

SHA256
a45a7143971e7f8bbe4d5667927e3ba0fe5d0c025ef5d776ff8a5826341a99cf

SHA512
a5e93d77555e65bff5d47b2d6e9f7668cc6353a815cb1b11eaa6910594d53a9a2a538b8fe6b89cc2589f0dee321215039c012637809fc513b39fb902c02fdb4d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-string-l1-1-0.dll

Filesize
10KB

MD5
990cba52bd41c096c79778188dd63a15

SHA1
4a902cf7e4500c736ab4830e762cc1e18bb224ec

SHA256
0c1cbbb4630d38632ed6a5bae9ba7e06fe19433f2a5bd548f3d73f315359d79e

SHA512
1ed847989d02ef2c57edbd4726d818ea4bd811a255873765dd6090b9f8b204dff3610e887979ff8016c9b40bdcd2eab39ed064bb0f5f4447a94d56ab24e5183e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-synch-l1-1-0.dll

Filesize
12KB

MD5
69e1eddc7cd991f9f5db2fc6fdb6f46e

SHA1
6e8a961767f5ac308d569fd57e84b56b145c6c53

SHA256
cc39ce8fe4a38a80c7b316a7191bd319efd99f9f7cb5b97fe8c3d65d2e788070

SHA512
61935e8eab14babb17dc4362e49f06119efde5de0d3b8d0e330b8b8989ffaeacefd23eada19d4747605f9e9f510ed4f11618b047f6c915554162f19e5a138f3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-synch-l1-2-0.dll

Filesize
11KB

MD5
eb6f7af7eed6aa9ab03495b62fd3563f

SHA1
5a60eebe67ed90f3171970f8339e1404ca1bb311

SHA256
148adef6a34269e403bb509f9d5260abe52f413a6c268e8bd9869841d5f2bd02

SHA512
a9961212b40efc12fd1ab3cc6551c97c987e73b6e409c9ab8a5e1b24542f9e5884811f06883bd31d2585219c4f60c30de2d188788513c01b6cbfe22d539d7875

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-sysinfo-l1-1-0.dll

Filesize
11KB

MD5
d4359815e2a7f10b4dd3ec3945eed45a

SHA1
4c83bd868c963c3afa29d92f75d185ad612c9b11

SHA256
328dff5738e59b78e2951920efcc69e97548c8081f4714540b4e723443b8feb4

SHA512
09ac1040e0a9edd8562c4b76430c82cc25ca94634a9c632803d8bc8eec6ac34d9ad5fb6509416bcd970accb6dce27730bcfeb1ce29d0920c84cc2daf5102d627

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-timezone-l1-1-0.dll

Filesize
11KB

MD5
86421619dad87870e5f3cc0beb1f7963

SHA1
2f0fe3eb94fa90577846d49c03c4fd08ef9d3fb2

SHA256
64eccd818f6ffc13f57a2ec5ca358b401ffbb1ca13b0c523d479ef5ee9eb44ab

SHA512
dbce9904dd5a403a5a69e528ee1179cc5faab1361715a29b1a0de0cd33ad3ae9c9d5620dafb161fda86cb27909d001be8955940fd051077ffe6f3ff82357ad31

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-core-util-l1-1-0.dll

Filesize
10KB

MD5
e0727785f827d39eb167749227a316ed

SHA1
c063a309aeff016f0a7d728c44fe169ce6da12c5

SHA256
e4e4e55abf599d1a9ef7b95da0d7fd37f23a6cf1d368a77f88390eb2e0c1340d

SHA512
83c2bc0f3049b619bf39a8cd6b5fa1ee1346ada2075e7495f264360a62f6fe7ddaafb382b60dfc18857c981c584c750a0b07c1d5d81410a80c296fa1b276ad0b

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-conio-l1-1-0.dll

Filesize
11KB

MD5
a76584c4923b1be911d9ece4ea439116

SHA1
e025b0afc3b9a8046f83e5df718bac4ad05c9c2c

SHA256
3181c520d7ab831c8ff330afe15ad717a5a1ed85b5d91b50b838be1e5c96d052

SHA512
9e701066b81979318f41ac54ef4e1faf7a5e4cfa7482e61a60717fde10bba0851bf86f446f53a8bb26a1df95405cba0969648435fff3368bf9c2fec9ffc333be

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-convert-l1-1-0.dll

Filesize
14KB

MD5
88f89d0f2bd5748ed1af75889e715e6a

SHA1
8ada489b9ff33530a3fb7161cc07b5b11dfb8909

SHA256
02c78781bf6cc5f22a0ecedc3847bfd20bed4065ac028c386d063dc2318c33cc

SHA512
1f5a00284ca1d6dc6ae2dfce306febfa6d7d71d421583e4ce6890389334c2d98291e98e992b58136f5d1a41590553e3ad42fb362247ae8adf60e33397afbb5df

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-environment-l1-1-0.dll

Filesize
11KB

MD5
0979785e3ef8137cdd47c797adcb96e3

SHA1
4051c6eb37a4c0dba47b58301e63df76bff347dd

SHA256
d5164aecde4523ffa2dcfd0315b49428ac220013132ad48422a8ea4ca2361257

SHA512
e369bc53babd327f5d1b9833c0b8d6c7e121072ad81d4ba1fb3e2679f161fb6a9fa2fca0df0bac532fd439beb0d754583582d1dbfeccf2d38cc4f3bdca39b52d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
12KB

MD5
a1b6cebd3d7a8b25b9a9cbc18d03a00c

SHA1
5516de099c49e0e6d1224286c3dc9b4d7985e913

SHA256
162ccf78fa5a4a2ee380f72fbd54d17a73c929a76f6e3659f537fa8f42602362

SHA512
a322fb09e6faaff0daabb4f0284e4e90ccacff27161dbfd77d39a9a93dbf30069b9d86bf15a07fc2006a55af2c35cd8ea544895c93e2e1697c51f2dafad5a9d7

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-heap-l1-1-0.dll

Filesize
11KB

MD5
a6a9dfb31be2510f6dbfedd476c6d15a

SHA1
cdb6d8bd1fbd1c71d85437cff55ddeb76139dbe7

SHA256
150d32b77b2d7f49c8d4f44b64a90d7a0f9df0874a80fc925daf298b038a8e4c

SHA512
b4f0e8fa148fac8a94e04bf4b44f2a26221d943cc399e7f48745ed46e8b58c52d9126110cdf868ebb723423fb0e304983d24fe6608d3757a43ad741bddb3b7ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-locale-l1-1-0.dll

Filesize
11KB

MD5
50b721a0c945abe3edca6bcee2a70c6c

SHA1
f35b3157818d4a5af3486b5e2e70bb510ac05eff

SHA256
db495c7c4ad2072d09b2d4506b3a50f04487ad8b27d656685ea3fa5d9653a21d

SHA512
ef2f6d28d01a5bad7c494851077d52f22a11514548c287e513f4820c23f90020a0032e2da16cc170ae80897ae45fc82bffc9d18afb2ae1a7b1da6eef56240840

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-math-l1-1-0.dll

Filesize
21KB

MD5
461d5af3277efb5f000b9df826581b80

SHA1
935b00c88c2065f98746e2b4353d4369216f1812

SHA256
f9ce464b89dd8ea1d5e0b852369fe3a8322b4b9860e5ae401c9a3b797aed17bf

SHA512
229bf31a1de1e84cf238a0dfe0c3a13fee86da94d611fbc8fdb65086dee6a8b1a6ba37c44c5826c3d8cfa120d0fba9e690d31c5b4e73f98c8362b98be1ee9600

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
18KB

MD5
cce453c53f6dac9496bfa5415cc92731

SHA1
18fee669be0aa8a1839a75a167980f3f246c93a4

SHA256
50752719a62627e7a8d2c26970fe59af839692d060c009fd0652325362752659

SHA512
2cfe07c602c2e6205a2a2aa0de4ca8e105c9973d14b9d131a6372ba54697d17af7c84c898329425a3d19fd6c1434bcaf162ca0dbc5f0d20cb5973c63aee6b23a

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-private-l1-1-0.dll

Filesize
64KB

MD5
1f72bfe2fb7bb2a403efda6ee963d259

SHA1
bcfb984771542970488bd6132dfa2746267b7fbc

SHA256
601ccd84d252fc6e024b1319902e48cf98bb922bf7799384a85640d5ce6f4a16

SHA512
e47c4c7a939d8e1022b6ce41ca15b1e3e4028f3bb302d1836bbdb3ec8d0c0141dd79ff147e6dc7fe56e09ab65dd15385362ea190d8792173674660a33acd5d61

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-process-l1-1-0.dll

Filesize
11KB

MD5
108433c271995786a8289afd611ea28c

SHA1
ba58c577311e39ff7e92a6be0dd6b80abfee6edc

SHA256
4c058e5b8f83ce395a7004d8c4043735526de01c5764242d4ce4f683dcf1425c

SHA512
800bd7a8702905fd9be83f17087440228f1428237d202160a5618aa6cfe1d1aad3c2608f324db38d235348bd2c8682f55d8ff52d13f9c37fa7c32d64a967db77

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
15KB

MD5
4f06da894ea013a5e18b8b84a9836d5a

SHA1
40cf36e07b738aa8bba58bc5587643326ff412a9

SHA256
876bd768c8605056579dd8962e2fd7cc96306fab5759d904e8a24e46c25bd732

SHA512
1d7c0682d343416e6942547e6a449be4654158d6a70d78ad3c7e8c2b39c296c9406013a3cfe84d1ae8608f19bee1d4f346d26576d7ed56456eea39d5d7200f79

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
16KB

MD5
5765103e1f5412c43295bd752ccaea03

SHA1
6913bf1624599e55680a0292e22c89cab559db81

SHA256
8f7ace43040fa86e972cc74649d3e643d21e4cad6cb86ba78d4c059ed35d95e4

SHA512
5844ac30bc73b7ffba75016abefb8a339e2f2822fc6e1441f33f70b6eb7114f828167dfc34527b0fb5460768c4de7250c655bc56efd8ba03115cd2dd6f6c91c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-string-l1-1-0.dll

Filesize
17KB

MD5
f364190706414020c02cf4d531e0229d

SHA1
5899230b0d7ad96121c3be0df99235ddd8a47dc6

SHA256
a797c0d43a52e7c8205397225ac931638d73b567683f38dd803195da9d34eac2

SHA512
a9c8abbd846ab55942f440e905d1f3864b82257b8daa44c784b1997a060de0c0439ecc25a2193032d4d85191535e9253e435deed23bdf3d3cb48c4209005a02e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-time-l1-1-0.dll

Filesize
13KB

MD5
d0b6a2caec62f5477e4e36b991563041

SHA1
8396e1e02dace6ae4dde33b3e432a3581bc38f5d

SHA256
fd44d833ea40d50981b3151535618eb57b5513ed824a9963251d07abff2baedf

SHA512
69bd6df96de99e6ab9c12d8a1024d20a034a7db3e2b62e8be7fdbc838c4e9001d2497b04209e07a5365d00366c794c31ee89b133304e475dde5f92fdb7fcb0bc

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\api-ms-win-crt-utility-l1-1-0.dll

Filesize
11KB

MD5
3dfb82541979a23a9deb5fd4dcfb6b22

SHA1
5da1d02b764917b38fdc34f4b41fb9a599105dd9

SHA256
0cd6d0ff0ff5ecf973f545e98b68ac6038db5494a8990c3b77b8a95b664b6feb

SHA512
f9a20b3d44d39d941fa131c3a1db37614a2f9b2af7260981a0f72c69f82a5326901f70a56b5f7ad65862630fce59b02f650a132ee7ecfe2e4fc80f694483ca82

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\concrt140.dll

Filesize
238KB

MD5
4cc02ba9d10b18be0a02e3555aa78a98

SHA1
d1f63d5aa58b0b7ea1925dd3447861b3faf8cd8e

SHA256
1cddacbfb0c61652fcd543fef1e72cf649e27f3ee8f0d1c0d3988c0b5093e74e

SHA512
9d345573ec7a55aa06414cdd5b23e9085d016f4e9eec10581f93109c12e51603f39b01ce5539f8b1d16086e92b94baba05ebe45e9556c96a6b439c97cb82dc3e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\dbghelp.dll

Filesize
1.2MB

MD5
56d017aef6a7c74cd136f2390b8ea6d3

SHA1
46cc837c64abe4e757e66a24ece56e3f975e9ef6

SHA256
900da3e0ea1b4f94773689b41d3f00b28b0fad0f6390da3aec3a9f84a3f85920

SHA512
7b5573461693c6125df7ff9040afb6f4fa818a68add9073071a3317767216dd9a6cf25704f3189f3923ead36751fa830e9899eb79f9b6cad3be405262bf53f49

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\extensibility.dll

Filesize
10KB

MD5
c6133749ba22cf955b526d9bb3911f09

SHA1
dc61798a22b3e6a9dfc66782a1020107eac0a9b5

SHA256
39e9af87ed0eae0fa0c520088d7edc3e1edd3889f109ef1220467ffa0e425e36

SHA512
b17b0e23e0dd52e6ac778f27916367199290fe7e25e6e2b444491e39a65b5dc3906d87037c1e6c73c35e6fd9e6302f5346a35fd2f280f4b8f31683ab46ab95bf

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\gdiplus.dll

Filesize
1.4MB

MD5
31b9fc652711265760068b421aaabd52

SHA1
ac6e6b4f16b706083f74d2294ea7fdc631ee8b0d

SHA256
66732f097fe39d370410d85aec9a86f373638e7cac46473da799e9e666fc6c8b

SHA512
58d8a4bfc8d60882e84a4c8270645623d2256c4a354d1db22791c2e98c3ada2a90bdb576f7ecdb0df5c420b13aa51ce6e728f24b941846e27de101b59e563cee

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\kpacketui.dll

Filesize
2.9MB

MD5
e10a99406583a469f237a22262b5c146

SHA1
a6ef7da1b1c04b9abd4568b831487a8c12ff2a40

SHA256
400aa8843ba36752a44658d9b94ac1eb2c13ee713b9e2f3c7fab0c5fda2ed290

SHA512
aae3102e6616224be47c5ef226dbbf60aa63fa4b17dcb30d178c4f01a55cf8ed0dd0fdefc806808ca4b7123e986c0250d4b650569f1fd9fa1b7ace877ed428b0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\kpacketui\mui\en_US\kpacketui.qm

Filesize
8KB

MD5
f52456f3e71a3c50b7f974279c276de9

SHA1
c37faf95f4e0a9cd203770b9d82103c538511384

SHA256
2925b8a77adbf7dde1d608f3eb52fa235490eabbd5d418c8899f37b03b1ea7e1

SHA512
07dc0fb69d66bc351391fcebb82d49a07e6f2d74df4fe84d45de63b5d6a86571be746ad6cc0195bc50d8e21869e2d7bd3509de549fade1416d6638a00e2b8d44

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\msaddndr.dll

Filesize
96KB

MD5
0febe1efb25daac6f6f301b6e341dff4

SHA1
3d356f13e2363bdee48c817e31575019d2eff335

SHA256
561c909f76faedfd010fc049faa503e249f00cab16d6b57bff0fa74604345731

SHA512
a81b66160a4d1205d400107b213841d19c21369836e5e285aff369e717f96a51952d0eea99d0cdd26179253133a0004a69a345d1cd10a85d203573a7a3101e11

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\msvcp140.dll

Filesize
427KB

MD5
db1e9807b717b91ac6df6262141bd99f

SHA1
f55b0a6b2142c210bbfeebf1bac78134acc383b2

SHA256
5a6dfa5e1ffb6c1e7fc76bd121c6c91305e10dd75fc2124f79fee291a9dd9e86

SHA512
f0621977d20989d21ae14b66c1a7a6c752bfd6d7ccc2c4c4ec1c70ba6756e642fb7f9b1c6a94afadd0f8a05d3c377792e4aa4c1a771d833c40a6f46b90cbe7c3

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\msvcp140_1.dll

Filesize
21KB

MD5
4c3501beb23e601cef5337a47289cb34

SHA1
a39b0f789e3fa8be545ba5b62f537d611d68e11c

SHA256
4e94f9c89188fba7cae4bde37cf824d654717731559d47985d2b0749cfb11aa6

SHA512
336c54f5c9fd537f1c870a02bd41a39074b85723e1c8c9cb56d80d0356a0df030e67b5e6f61a9e5d267b0db26a4fba7774cfa8e3ee061a709cebfc71d2c14bfe

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\msvcp140_2.dll

Filesize
163KB

MD5
d11eb12bf225dcad9219c5938d97c6df

SHA1
fee3132cfa6ea6b9a5d3e3bdcc90050e4b2fcbd8

SHA256
94a12bedb9a25393dc75fccde7243d5e90acf40b1f14406132a44ff42e220f2e

SHA512
8749aceb55f92c3e92862bd07a83fb999cd7db15a5cee7ddd468ffc42be8df8e8b7b32b82fcd73d2c17c64d9f760ce32c76b70f378d5430b67cef39104c3be09

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\msvcp140_codecvt_ids.dll

Filesize
19KB

MD5
a8fc72d7ffaa5fbaafa754a4db378b8e

SHA1
76ff351f692637e456eb988d4609792fe44b152f

SHA256
74ee4398ae24c1b787af944d650aa345ba0e9787cd112542d782b714209e35cc

SHA512
244a0fd1d08dcc17a17c99375d52e1ab47736dc6909f039ca9d62c28dbb91e7c128c9dc5c12daafea6741fed3c58a4ebcb591203a65442ee28f92b6f2387d6eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\qt\plugins\iconengines\qsvgicon.dll

Filesize
61KB

MD5
b480020e850eef0f7e29b7de8ef2932d

SHA1
9f8a8ecef875e914aafbc507994e46b6faa5df24

SHA256
bfb4b52dd2702b41fb3caac651943d82d19c99e723b1aab4adc0512d29bf729f

SHA512
80fb5efb81a0394f943b889b8921e2c12b9fd775bbe8f853f0b33cf522e22b63efb407f272dbaeebdeed04d14ba58aec20a67d25ef32e3dea0121a1631568f8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\qt\plugins\imageformats\qsvg.dll

Filesize
41KB

MD5
d9770019407e188a48958e70e5d40334

SHA1
002465bc93da3d4a2f5b54e16148f8825f8bd855

SHA256
00768ed43ff8419cfdcef24030db6d52447671739bd8e5ddd28ba177007a1506

SHA512
41528483fe4131e55f617c47f8c5b4657aa55698959e63b886a0937aeccc2846f6dd3f43fe93488f99fb2ade908adf959d7c69cdb63c650e02c4e200818c583e

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\qt\plugins\platforms\qwindows.dll

Filesize
1.3MB

MD5
01373f9d2c39ef7c2dfc44ad58f3a96f

SHA1
1058f3d73f2f2d8bd87b8c03152cc7a0f4ec17bb

SHA256
4cfc2acb4cc2d91d65d8af2fbce6c593be8a495be6564fd0eed504c890e27a2c

SHA512
e994d2ac55788187747d4ccdd63ce8c20f70d1935c494fea60a350750b79bc593f97e231624649afe1234984eacd47dea848c56731811ff6442d12b9882ca202

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\qt\plugins\printsupport\windowsprintersupport.dll

Filesize
71KB

MD5
e33949e542502215fcc6424df0a2a055

SHA1
dcfb137c4e520395bc5ee970e7f607789116e2e7

SHA256
c7771c1f4b4d140d58173a5befa1f32af92f64875d70f6c6eed3d14048710491

SHA512
a3f47357c02d2c2a8be0ac2d7986d14b1386b186f62142c8a457211dc46538a82376194d18bd97990d8d7fe1c2c553b962fa13d704e309efd1a22e7b6ff4f980

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\qt\plugins\styles\qwindowsvistastyle.dll

Filesize
145KB

MD5
efe1164b815de4516d5b621c904f29d9

SHA1
da31c52cc3bb16b8d3335d95800de668d0aab9f6

SHA256
798be93c7c2cdc7c21b7b7f3b23f780b2c8876514666efe38e0fde3d5944eb33

SHA512
df738e165bc6753d7c4bc14f417d645d06431c291fc0a488509e6e74c8e6e8077c3170bfa287e87f88504eb4fce02bb6c55de6d0133b1c933483612bbf133f03

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\stdole.dll

Filesize
21KB

MD5
a390735ec9f5136a1228c5c855672848

SHA1
7357d079dafd1d63a3eba255bec2152f83f8cb35

SHA256
8cc8b5f4aac936407520b2e792a2bff207ed80df60a316a52d569f9d248b5872

SHA512
834a59231f36d4b98e9535ab1e3ab735aa1d4ff34a28051f694ff582abccd5ada9ec88bbb57c6f391b0498f4638d5dd44631acd7930952979ceaf93f2f20de79

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\ucrtbase.dll

Filesize
1.1MB

MD5
2040cdcd779bbebad36d36035c675d99

SHA1
918bc19f55e656f6d6b1e4713604483eb997ea15

SHA256
2ad9a105a9caa24f41e7b1a6f303c07e6faeceaf3aaf43ebd644d9d5746a4359

SHA512
83dc3c7e35f0f83e1224505d04cdbaee12b7ea37a2c3367cb4fccc4fff3e5923cf8a79dd513c33a667d8231b1cc6cfb1e33f957d92e195892060a22f53c7532f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\vccorlib140.dll

Filesize
262KB

MD5
1b3229660d446d18e5659d74fe84d2aa

SHA1
e27b0e3e98d13a0d5860618a674743da0d3b57b8

SHA256
d43812f712f02a50017128463c357eae8f78b665353f889848f59a9faefd8ff7

SHA512
bdfa91ac0962d56671aadf2ed45f4079faca08aece763201a19f79b74aed7c547252879e021169f491bf0bd2e3048529ca99900d7adf4eb0a133cc4fc4d3a7eb

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\office6\vcruntime140.dll

Filesize
75KB

MD5
8fdb26199d64ae926509f5606460f573

SHA1
7d7d8849e7c77af3042a6f54bdf2bb303d7cd678

SHA256
f1fd5f6ec1cfe0cc3b66b5322ac97568bc63b19c1e415b99aad7c69ddbafa33c

SHA512
f56bf11d4259dbf5d4d1f9fc2ad60ff609cddb21278999e9fa55fe5d74552e8a01ddc55cfdc9bf4b09b3e3130a1356142a24a7db8ec5ea19344de617dc9fa99f

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\pl_PL\style.xml

Filesize
3KB

MD5
034f37e6536c1430d55f64168b7e9f05

SHA1
dd08c0ef0d086dfbe59797990a74dab14fc850e2

SHA256
183a140011774d955e9de189e7a1d53cb4128d6abed61c7bfd5994268ee5f384

SHA512
0e1911c882152a4e1059a3ce1880d7fb2aed1e1e36cbd37055de2e2a1333acb2a0233ba2a4d969ccebbef1e77809aa5e78807aa9239545beae8c548c0f8f35c0

Download Submit
C:\Users\Admin\AppData\Local\Temp\wps\~e6002a4\CONTROL\product.dat

Filesize
126KB

MD5
a1c9a08df0d89e550a34148bacae06ea

SHA1
67232bd7c610597e0fda0096dacbca2d736ce25b

SHA256
7ee46410e003ba53744d1455f74f68c8867b3b7c6e56dc60eb148589ca44eb85

SHA512
9e545c6d79c0c4edb8d83d8bc8b160da175fbe1043f8d845b7c102c8139b39f70bf3cfa08a6943ac46a820babcd3ea925d59f377bad988d8fbe709878f8a29a0

Download Submit
C:\Users\Admin\AppData\Local\tempinstall.ini

Filesize
387B

MD5
c38481658f9149eba0b9b8fcbcb16708

SHA1
f16a40af74c0a04a331f7833251e3958d033d4da

SHA256
d0d73f49bc21b62fe05c47024d69406a3227da0f6b4ffe237726e6a031f188d2

SHA512
8f98d62f88442b8ef94aa10074e35aa8d9494f3c76ce8b143ca0bf7fa0d917f3175212fbcd6e7b0597fd0ec0e1b2827f157135512fb01c88218d36e2f7dd73ce

Download Submit
C:\Users\Admin\AppData\Local\tempinstall.ini

Filesize
433B

MD5
a9519168ca6299588edf9bd39c10828a

SHA1
9f0635e39d50d15af39f5e2c52ad240a428b5636

SHA256
9e87b2ff306efedf7bf1074749b4602c332bc825aed80721eba19d5f544d2ec3

SHA512
0607eb1f5598320961fbd8ef75beeb1b6dc1af3cae7eeb5ba352f3e2a2edb25e1d9e68fb46c24e4299957352c0c906314c889c2d1092437eccc1d1a0485f3557

Download Submit
C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Recent\CustomDestinations\R6ZHOA4UVPJFD1SHCCLS.temp

Filesize
8KB

MD5
ab5bb42ee6075d0df231dc3f0f38beb9

SHA1
45092a01308f7081aba8c32426c6de7d2750aa16

SHA256
9c6aaaf90b2a9654411d379039cd602a033dd0bd3aae2641d5645a876cc4f328

SHA512
d7dfdbad6388a01d8ba37874a85894c78e43a3e8ea9d3b4fc84037dc396160dc7b124f457f9cd03d2f11c0e285c2fa262804e1df45e66a75711e614cdfe2ca68

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\cfg\onlineconfig.data

Filesize
101KB

MD5
c548c9fb698b6cfc66ef3bcd292cf349

SHA1
2ca660a98b0b012aca4df4ff671a259fc184bdb8

SHA256
deb2a2dbb82888248265e501b92be07fd9c1d276c80b12f0ab4e11973b863fa5

SHA512
c027329d3d84b696c3b58e808fd8f714cb8814e066484da72da63190aece9c609c9c40097064af342b76ade25191879faae8d39c2ccbf055ef6150716571baba

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\configs\configure2

Filesize
208B

MD5
64ef802b5d176b987ff05b3b9ef34e48

SHA1
ed50c554288752697e3ebade1a257bd1efaca416

SHA256
55f13754e6954e9ef0d7f42d908ed684e4f26b0d655a28a8f4825d2f1d04ad01

SHA512
6a6359216afa8ae0a0aacd8e7a03016cf0885e94a101d8aa0a40c6bdf73d524745773490b821c24d5e38275c4d615761059aa1dedc58ef6617087d73f468c3f0

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\configs\configure2

Filesize
208B

MD5
e2b4e94e163f3af6dfc59376e1951171

SHA1
df01d8819402f967eec351782d656493a0093dd0

SHA256
3eb638354660e307b2d308fca440cf8a1667847323760934754ec7c90c6332cd

SHA512
ec2802ca5dfc0f8288a43be8ea5a0a840e3e9be584810cd11e7f9bcf972607a5c7f4ad2772f7107276fc7aca5f05900badafc2ea980ba63f4075e6f534c00cfc

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\ksomisc\ksomisc_2024_11_19.log

Filesize
6KB

MD5
a7b9508510a4e9d73c33742e70f02dce

SHA1
64b95d3de73d7d29710326eefe4824be079878bc

SHA256
78e4dbc0067160d6b6a86de625ab71338efe33cb04e211c6b1cb167e88620967

SHA512
ced03057b19c3b68a1cc977e6725523c6764740ee35dcfe2f9dbb3e5b6b1e33285aa5e6a628fbb2310c18716ca576076c59970ab61ae01d4b0586bc94a1d036f

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
12KB

MD5
1292fbfc9f82e815bf24e7308ab54499

SHA1
5f45c4f12cf6f6945590dae6d01f3526ba8bd59c

SHA256
3eefbaabde237b3da0030806da13892b776fd23d9a01fb4257dd99d9bb95ff8f

SHA512
d29bf30698dea7111056325e591dd0877322386c356613a36fd3c610a486e4ffeeddf00014dc27ab40fc9e7abc8d37fd10e09cf4f5eee446151a74b8c2301396

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
13KB

MD5
73498fb389a5a046a51ba238a56ec0e5

SHA1
0a77deade3af43e1121bbba60ee3a186377bf4f0

SHA256
ea47e65de14c6907a0da7e037318d713bdc4fc6ed0bbf84c93e9a773fdcdf192

SHA512
1d68ced0a4f1c27d0de30268175ab4a24404ca258a09baf8172fa232b47e66830612fb8db81ec98c87e4e71e36d20fc29bcc861ac29e6d2e8a3141d87cbbcef3

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
31KB

MD5
6c0c50aed0cd1dc601551ff48101367b

SHA1
aa5b2d11e8d6e94d0f5baf46735d864be2c548ae

SHA256
67daf713ac4260d8cd2cd0a4e828d9b893edc69b27080069edfddeb172581812

SHA512
d52746ace2787fb1583582cc4f87ce0289b7af60a447e86e8f85b4c1d8aceb3a33fdbcd94e0f5a6d50cdca46927148998e1395d5ef36936c96ffb30f86b1da9b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
49KB

MD5
e4e8f257297318097f25543c2317ed10

SHA1
584498438836d6253c94ae56dbf103eb171d5b92

SHA256
cf97c6d29fd8e770f80db8efbeb63816b931af6d8dc5b2106e82b09d4340cf79

SHA512
3b513041223b02e2c459ac87d35d8399f8d76a76c5f57d6a8cc2892f2defa93b6cd24f7db469e74a97d09fe70a715f95190be4755baa7731896b1ea5cd1b0040

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\office6\log\setup\wpssetup.log

Filesize
59KB

MD5
380664c1d85ecfd6498a1d73229c4f7f

SHA1
982397b1341e260590294b185acb6a060481c4d3

SHA256
18f71025d0f32913edbb99645b3e246b6aca4128e3e6f2a25f68e1fd83ddf7ab

SHA512
a722f9362cfa71d1e6064b30c12e392c61c1ad50ef45fb7447efbe3fd04ffa6096547df0fcccd76a022c113e0a5cbb36fa15a2fea2461f4b33e8a7c575bc0d2e

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\LocalPrefs.json

Filesize
540B

MD5
d5637870402e161edef9e014aa5ccb57

SHA1
a5ae01faf22d14a245deb4982a55fb5560ab64aa

SHA256
eeb906eb51b4e3a6922f2b2dc429e86fa020e292145c096feff525a8d80be0ff

SHA512
e021d2b29090e458681bf531e442d439aaac97ba3e02ece83e954e4173ce5f6d652df1e3e345f8c297ee9c1964921a4760ff8532c7a3c43ad280d4e3f71cf0b7

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Code Cache\wasm\index

Filesize
24B

MD5
54cb446f628b2ea4a5bce5769910512e

SHA1
c27ca848427fe87f5cf4d0e0e3cd57151b0d820d

SHA256
fbcfe23a2ecb82b7100c50811691dde0a33aa3da8d176be9882a9db485dc0f2d

SHA512
8f6ed2e91aed9bd415789b1dbe591e7eab29f3f1b48fdfa5e864d7bf4ae554acc5d82b4097a770dabc228523253623e4296c5023cf48252e1b94382c43123cb0

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\cef\cache\KWPSBubble\Network\5d3b3788-da7b-45ff-83ba-7d8e361acd1a.tmp

Filesize
59B

MD5
2800881c775077e1c4b6e06bf4676de4

SHA1
2873631068c8b3b9495638c865915be822442c8b

SHA256
226eec4486509917aa336afebd6ff65777b75b65f1fb06891d2a857a9421a974

SHA512
e342407ab65cc68f1b3fd706cd0a37680a0864ffd30a6539730180ede2cdcd732cc97ae0b9ef7db12da5c0f83e429df0840dbf7596aca859a0301665e517377b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\kconfigcenter\kccsdkdb\kccsdkpriortydb\mdbx.dat

Filesize
64KB

MD5
f53366cc91e9830c808ad96cc695d7f3

SHA1
d8d37e2b07051d9f0211539b998c0ba5f1ef1871

SHA256
7f9833864a033a7e06cd2ff0f6791bb7d188515e421f69d4cf89a3823b868191

SHA512
a5a62072b5c337ee5c5a6551ccce1200208955b0cb08a6f944f4109c483ea1664b7b17d2da7da6fc959443d29e7e777c106305f830195f9b3be37d42d8ba073b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\promebrowser\cookie\Cache\Cache_Data\f_000006

Filesize
104KB

MD5
37dfd524890a310ddea434c71e49bd7a

SHA1
3009d8a56e6d7c8f69163de18fc5e25641152288

SHA256
e4c6142b1e36f89b0d0368a52c4542bae8688cc535aea13d65f3d0f303fa9a2a

SHA512
28bbfb84da9d1daf43435d41efd40a190bc7f5998d1ae1409129f473b80c160bf5f7f84e1c0498e1c979d2609fe0439a0ee2d3c120f6bec2d1d089242b2823fa

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\promebrowser\cookie\Local Storage\leveldb\CURRENT

Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\promebrowser\cookie\Network\TransportSecurity

Filesize
370B

MD5
acf5ba00fcb500856a48782e17204f5c

SHA1
806723d1c5975774a714295e71966edcf9b0ec14

SHA256
c8d117845b2e532493914832fb6e7dd217ceb31358900ba66a85d3266bc9e761

SHA512
c85fafc384708098f604df52bf775d964addd1aa44cacf6ea81011adacffdb3255112dd10f450340b98dd505887a5d6bd45d8a9ed5e6458376a3e39171a59b7c

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\promebrowser\cookie\Network\TransportSecurity~RFe61a632.TMP

Filesize
370B

MD5
d184d79ac855d31a8d8eaf69e7e06a79

SHA1
f0f35c3228b7ccabc03d0f05dc72bf8543bd3b27

SHA256
f375d7e5bccfe6704d8861ff062cbb485e4b588f08ccfcd1e5e7545f9b61a46b

SHA512
0268cb0eefb15674bc149ed4bd29a37d21c06fa6d41af0750c4facc9de431709ff3ab29e28dcd363ba85aedbedfb7868ccb17711513e5b0abfde385c18ef736f

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\data\win-i386\promebrowser\cookie\Session Storage\MANIFEST-000001

Filesize
41B

MD5
5af87dfd673ba2115e2fcf5cfdb727ab

SHA1
d5b5bbf396dc291274584ef71f444f420b6056f1

SHA256
f9d31b278e215eb0d0e9cd709edfa037e828f36214ab7906f612160fead4b2b4

SHA512
de34583a7dbafe4dd0dc0601e8f6906b9bc6a00c56c9323561204f77abbc0dc9007c480ffe4092ff2f194d54616caf50aecbd4a1e9583cae0c76ad6dd7c2375b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\chromeguide\plugin.plg

Filesize
728B

MD5
266f5e7165bdc893f6d928ad939952a6

SHA1
d3d09ed43fbaab5fe5e83934a088eaa1ca5bf0ce

SHA256
36edaf6800e9839d7bd5cf429776b1f6fe8c78380ba4d78d509145e02c395b08

SHA512
919b8894b14c86bdf64ec224827ce83a817b5d191fbd72f8d6991c018c13881722786be371f1ebd3a09d686a1643802b147e2e51d30fdce4d0cdd8009af9b0bc

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\et\plugin.plg

Filesize
15KB

MD5
81364ca54bd89d4eb82f7829c4f709f4

SHA1
651e23b05da83934aa8c162b66da7f1dc70e0352

SHA256
3d22f4dc710db86e3b27b25d676ce4305c4df23f3642b10871e346858bdc879b

SHA512
2ee8d72052687e144b05ea48541f2258692240bed03a3691a40297c29d8bb979de5583225ee860cf63accf32365fbbf1153a54d573026c2a3ff93489490f8a48

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\kappframework\plugin.plg

Filesize
3KB

MD5
3a1499c4e1b3f83eda802451ad7b7270

SHA1
9905ba12cc68bfab316cf96cd4e34ac5ce66c410

SHA256
0425efb16d52dec5f25522db4d8e84de94d21e9c50eb3c1b480f320c25f907f4

SHA512
1c57280eee5d352e4c20f6eb11cd5f96f949ad4cd5e7b7bc52c4273bcea9219de0f54c47d66c773a8225f6ffe46ceb77fd07256a4b4e52c043c20380bcc991f5

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\pdf2word\plugin.plg

Filesize
744B

MD5
04a7efb2bdb11d9219eb296521bff388

SHA1
358d57411fa9cb81e1c34a263bb5068d484e3a48

SHA256
e85765442527f49f3db4dc38c665021e2e9f288f87ce1fb68e0fa52f1945aa7f

SHA512
668ea0960b32987e33a6a47b3b11c0332e8b5a903f2e3bf5e13670a0104315af7082dc791673632aaefd9edd9b8e748316052c55c3bf79fd7f890460e19fafdf

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\pdf\plugin.plg

Filesize
8KB

MD5
1eda84f2868ddd30ae6932f771d0fd3b

SHA1
2ca00f487c6c4601c5be75574fd04db83ef96b27

SHA256
299beee5e59741c35b18ef563eb3f2d450f8ad04e01099a2afe038a13726609b

SHA512
b21920c0ddaa0026cbc7736676042a52ba602febdaa58245318dfd0912b8f323475b405fe6c8374b17ba51a27fd3d5689652873157478dfcd9e69d94359b5b1d

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\photo\plugin.plg

Filesize
4KB

MD5
5f97feebfc5fb31e33ed460629bb3cd0

SHA1
295ec37a86ec626089ae1a852b8cd8e3893fad6c

SHA256
d99cc12d5bce29d5e37384c277cbbd6d219def550f2d572803ed75b8375379b6

SHA512
5cfdf6db0cda4b5b5b750af57df1f8ba4fd0e58eb9f9faf357de0aa56e1c598d78eddfbf4288e00be65d1b08ff4c6885a66f1371f82a65c271b3d502f363101a

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\plgpack.plgx

Filesize
6KB

MD5
2cbcd7e7cc9515126a0ae9be2933dfcc

SHA1
46c14e228df42fad345cf7514214a0d8b6206d92

SHA256
e0c184f4d33a1823ef443c62f0b2346f8f89ba780c8cdc458ee5672f52fb20a4

SHA512
c52f70a48d8695dc7619f86a9dc97598dece12894f544bc64f2ddac492ae2c19ae3a5122d70f0b750da840b2aacee4605d62c74ea368cc23a1a033e1b5d8a4cd

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\qing\plugin.plg

Filesize
8KB

MD5
770bd3bf8ed345d1e4fbf150c08640ef

SHA1
4bc0e3d204aa6cbbd630f14dc9c3bdbed6901061

SHA256
a796311a14795c3625baf996eb386d8b28765df7a848f5a1498182835a11bec6

SHA512
13048df6b6e6ed834f6eb89292851743c83d313338a0fc86b680615cf5ab632de7347eabd291928b4e0d14cefb4b3adfa7088d1380a3844af24d87750ab046e2

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\wpp\plugin.plg

Filesize
16KB

MD5
82cc490d44114dda08a888e87f41c8f1

SHA1
596bd3c25d6ad06da7083fba18bf4c50732c4eb0

SHA256
e4c48de0472cd1b5a741cb15f741e7b22148b12c111201300ef5fbe62cb0f66e

SHA512
05865474b7960f13e5ff290d487e4a643a18a64246f8c8661af04960076403df0c3fd7c3a3dd705ef2a4115e25f310f0ee8c535faef8f18a93905bc9593ee851

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\wps\plugin.plg

Filesize
16KB

MD5
bdd8c3934488939c56f085e23cce2608

SHA1
cddaf2a460ab4b69515779962418dad830d21db0

SHA256
ddde4fbd803e5da0059bd9f57887f80945044d386c78ded9b405927b7e684c73

SHA512
73945f5ca5e95f91268f04ae2b6aa5feb3187a5798157bd1f2560c421665dfe7a297096c239aa3ee017d7d934b16fdc3f11ee9a76db27600a2ba25605cbc33ce

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\wpsbox\plugin.plg

Filesize
776B

MD5
a1097a1b6e56daade6735b33a43a4dec

SHA1
8204f4c6dc378cf14b6a1be58b7f9e153599d9c7

SHA256
e93823f30b04a8a9273173d01d3347269642fe6b7cc165b176b55c20fea36f3e

SHA512
d13e6bbc4f7e2c58b6dcb24b2f12be574edc1809c1e86c50ad5650ff3090b7c67617c0ba0bea5edd9f9b8cdf988dd8e175d13be66c646848f450756e2ec5a5be

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\list\win-i386\12.2.0.18911\wpsoffice\plugin.plg

Filesize
8KB

MD5
185bdd05b0b58e4f5789a291e63ccb0a

SHA1
48abc8151c40906b62cae435e65271e73c7d3d15

SHA256
5f00070b209c594d31bba708e1fd6e471474ece16a8e8b2945ed8afda32dd677

SHA512
464849316b42b1ed0bd215a91ef67dc6ffefae5c9d7e1b3852bdaf2918c15345c502c2c3f9aa74f274cab846fbd67dbc1f88f1866a0c6e8820c14f1be520af34

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\chromehost_1.0.2024.67\chromelauncher.exe

Filesize
107KB

MD5
2eda531e451bed15790dbeec759dadba

SHA1
45acb533eb7d9dc88a81d0c282af058908397e37

SHA256
1c9d5209c70720c2629d59e5a8ac50f6c79f64fd5d9a916cf18f08612cd6c143

SHA512
3e8a77327ccb5d357b153ce2fa14f2fdc18460e278ab5d746ec7d8d5bc804400efad8ee9755ee9b6a5ea10a0b9030b956ea6b6d8d3cfb3d6f56d81275a15c5f8

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\chromehost_1.0.2024.67\download.7z

Filesize
2.2MB

MD5
5fb168447ccce6339daf768ca18713a8

SHA1
fc8e642a062ad9432c69f3c31fd87bab70b6358d

SHA256
34ddd03527a25cf483764612f708d2601b4531a63a47d98f66ba7679fac9e80d

SHA512
86507e9e29be0148b88a041f98d47a757c4996fc64336aa1371820008fb1b3039021724dcf2ff31de24cc0ffe4a1ff2efb286cba22ae818f090c20163a4ed847

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\chromehost_1.0.2024.67\run.ini

Filesize
443B

MD5
4e1aecfb8f941521e3a16cbbcf1e3418

SHA1
d61831a61049424ce80f5076e91be965d764e32e

SHA256
bbc30b97c2d501333061f4f77439a2da8e8454b8cf5602467af260c9bebb6b18

SHA512
ee74b3eba02b80ca9032d1c1afc5b436031e57ac4a7a52924185b2c8eabae81f3309a089fb9f23864b43363d9d3587a7338da2c4e1c33991d5648ec361c9a9ef

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kaifeaturesmanager_1.0.2024.7\download.7z

Filesize
79KB

MD5
6c89afe39ee5eecf2d4878c845bdb51d

SHA1
db5beac5106488c5a786bffe8df2230fee1f8d7f

SHA256
d25544bcb4c0b01024dfa10d4f1e2fa6c8bc1c353b502dc39e11151410b6ed1d

SHA512
55930a40727489fa83c9d6471a95ad839ecc068ea31debe01489e16854bd5fe323e7904445a5233adf16c270cd719927393f4f951406d6665f624d3a67e5ff32

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kcopilotentry_1.0.2024.14\download.7z

Filesize
168KB

MD5
5ccc874292110eaa08b17c30a7411678

SHA1
d8fe3570f7760b6cbaad74c3c1c886aea96516be

SHA256
f5ff4b734a78eddd128007277cccf8a1be8217bcd29ee36e01499b0c16a6995b

SHA512
32decb664c324c5b5076177272766bfe64524ebe6086d1025b09ef3a3c4d7199da930f4af2435e7f8106a0f3dc9d255db6ad8be24eaff7fccfd5d2e4beca326b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kcopilotentrylite_1.0.2024.2\download.7z

Filesize
431KB

MD5
ea004cc4318b7494e456a151d4d1ae69

SHA1
ac2d8f794adab65186f1a38ec618655ace2fe447

SHA256
2494391a350d6a84d5068646ae7965d492473b89afc6b6105aa86d91e6ab3699

SHA512
6c53a9bb405a9e21730f8e8b641bcb49cd91075672ddc1055ed7d7d6d4f7805e4186d597b7a2117bab11e6c01ab1526542433a367a69a2d95c83d6d04d822615

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.172\download.7z

Filesize
318KB

MD5
4eba9776ecb456532cddd01a338f7423

SHA1
7f4fdf8386e1719e6f1c5e6b7ae0239aeec64057

SHA256
438c6a1377a3216a2c50c598e34ab3d60284b6ba0533f5a0eebcc33e2b3e86b4

SHA512
23daec7964953e949f523882905a4c6a9815bbb62fdea3407d741bbd4b97ded074ab8297922bf862519c7f1ba892b4e096711362d74ef434f37cf84193218ba0

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.172\mui\es_MX\kdiagnostictool.qm

Filesize
3KB

MD5
5afc7d8ba894df59c2b3f44726cfc2db

SHA1
a21a7a8fd943455fa47cc5d950603bf1bc5a145a

SHA256
4824e414e29358d0011ad1195059bda195a90cedfbd4c0f07f8cdeb0e84dc2be

SHA512
a9a040e0f3555f61094b42202581a262d29377d414dc6a87596a2bbe4daea8fa3bf2eb10ac52fa6d94a522d54f404e247ee7b272cb41acda898ed6734c8ed639

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdiagnostictool_1.1.2022.172\mui\fr_FR\kdiagnostictool.qm

Filesize
3KB

MD5
62f3720e184f094c874fe0eab7f0f598

SHA1
cdd858a80bbd1268e7c5278ebe19c35659871d2b

SHA256
bdf3b27cc070b3cd9deb9a5e2bea450382d6851723c266eb0d5f3db4798f5a14

SHA512
14f532053b0272fe0c614de9b56bfd9ac85aee11e878e099531250b00f667d2428789e81b5ded64cbe51dc8e3e8e19d7cea8dc08314b1c0274de15fca17b92b6

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdocreminder_1.1.2021.190\download.7z

Filesize
144KB

MD5
2a8407b597b246bb5b4038709d45900d

SHA1
3ea5b7cc094606c207d02e51988cabc73ad99da8

SHA256
1b4af117f1b5e2f1aba0744a7a10db1dbb800aca376a8cb157f35b8ad3246658

SHA512
93ae271efe74377fe3dc98bb1508780d4d5f7059156eed535b821cdb843dd53b5e0f6f09ed8884c6badbc09c57d9a029dd8dacdecbc909bd5f3c4a85aa2ce9fd

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kdocreminder_1.1.2021.190\run.ini

Filesize
292B

MD5
da4b75c3d70c08be415e7b25abdc11cf

SHA1
c84dfbb528a3c8ce94d068dfc5fbdf7d621d0225

SHA256
e93c62beee030970bf56bf0a3aa372ab0b155c1c3436173617c8c735024e8f36

SHA512
0fa811055deed42a6cbc0f16f93da173718f4169ebf8d4ea125276c6225ba033c7644a68ee010250379b67a057e17e5cba6351deca067850ab318c505f49e491

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\download.7z

Filesize
1.4MB

MD5
ccceeaf73b49365309316cf11248f966

SHA1
b51547425c5dca5eae4380b4f9bcdc3ab4386aa8

SHA256
110df7b773e9dda8846000ad032c04ed7ff6793c335873883b71cd8a8e26939c

SHA512
e70859071a419e4ff85ef25e51a624074a9c7a38d1688012743f8612537f69238f5188df994a7e3e422862cb8e15140fe5114e7a014974ec7fe06b05c5cff7c1

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\html\img\loading.svg

Filesize
1KB

MD5
544223e85768fd134633a1af9d5bf536

SHA1
5536a0023ddbfb2ab67e9ad8ca4d38c60f413b9a

SHA256
a3df9710c7e09fd8cffc14bfe45f5a1576deb1846ced44e5050b34caf5527049

SHA512
a5cacba054d41af8efd607074c02f36ab731b5d6bc9ffd3bd7ce6b09a4af09b31e29359eb965728d2a00849467b1af66e16186a0c07b4415b3b423a5ea4f68ca

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\icons_svg.data

Filesize
39KB

MD5
8e1774c0fe66f4bef544d36308637bf8

SHA1
222b2f630a0a6f6f150a9b5c477e438997e8d797

SHA256
77453126b08738d939f4a9460b9a652d4402981854afe8e9e2666533dc45f9f1

SHA512
7457c4853f80b08f0f87cf7ac8cd7e0326ff58759ef7d6c6a364609050b8a82440426d3b18e5db55d8886f862bbed17ed1e85b20cb48603d533a89c0b3f3cd00

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\css\app.css

Filesize
1KB

MD5
83a68c2c85c5f145ecaa9413c88691b6

SHA1
d1a020800bef51b4d43c676c0e88ebafeb9c8d1b

SHA256
a8c3bd7978e4a42ef7d926c3caf2365847e92abb091e7c11ed36614138c5730c

SHA512
58fbd9db0f79f477d80924df69239aa232ee6377ee3a63c2568b4c90c333312b6a3169d7b6c3a01dd805aaeaf1cae04c7c762e0e592db1d20d74c94f5a150ab7

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\css\homePage.css

Filesize
580B

MD5
e2c45fcd2c69df9f496b2bbb22c6d48e

SHA1
84afcc60b11cea137a017ad0ae114e9e32527619

SHA256
ba665f18d5d56cd4f1d8019a7de6c5eaea80536a42f94cf3446fef497ba30069

SHA512
fe5833016458ccee93165a02e782397f67b0f8abaaf4fd620146470077a2bb7700eb7af50d75d787662649b65eb6a879c55737df37d1818cac0ae2635ca5ab74

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\css\multiPage.css

Filesize
2KB

MD5
c7740e680ae5b57982d15ab38e10afdb

SHA1
526ab869fea8e88ff8231c2b866a0c73dc7d0e38

SHA256
961ab1402d1a5746b2394b7e032c6ba9a3db6c7bcf531dcbb5202a37a8f0e2f9

SHA512
ef353c60ca54ad0b2a5df02d4b18a593a97c7542090a0bcd5db3681f68f4884f0d7990a250c9ca3200cca7fcb281b16dc61ceb73eff712fe53a4c6186f66b7c4

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\img\icon-close.svg

Filesize
685B

MD5
443ad49f8d1fa9e366534b547c321cc1

SHA1
0d6be081ca866642fc0807d1c1f661fdeaa7a580

SHA256
c4bcd8b8845597087720fd45ec897b059c14d7d334d6ac2e24d896fd74c39ec1

SHA512
7e5b42eeb96b0362b4612b082f33f855ec1e705ab97ce446086a7f6a9efece5ab9b1aa8b3b02d4a35390399ba3a7313c745be39c0d56289c39ada0b65045ff68

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\img\loading.gif

Filesize
114KB

MD5
c1f84a35bab3b188f418ac182a4c1925

SHA1
1cfed637d9b8c29aaf283c4cc9c3a7ad5c473d54

SHA256
82d8414b3b6cc2eec424bb3467a0e2d5c7b29bd98051e2adc4c86b071c2059b2

SHA512
efb5073f04681970c0b4e75b8cf903360f7d4efdb206fcc7675113e2ab1d35eb1d009a458b20de07ff11c6b1bc928a87a8873cb8c340cf88308c1b778222305a

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\index.html

Filesize
1KB

MD5
285a619384633f9b076a9fcf9ca08703

SHA1
fa0293ecb1adc619e3250bcc039cfdadf7903209

SHA256
340a2528177d7cdbbd4f248823fe3910a1c1c1667ed905a27ba384fd403badff

SHA512
a54ac06f88d497357a6b5b44e13e379b4529dbe70f4bc8771e9579ff7b818af633c9bd3eb73c8159c2aa34a71d7098fd4741b4f719fa2b63b7decd30aac53c6d

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\js\app.js

Filesize
15KB

MD5
fb0254176a3f42531833fa896a153910

SHA1
04f5bd747bd5fc3e7cfde37a68e894b6e30ec03b

SHA256
55b140d74928a11af5051bdb2ab7594882f1e19f16d1fdeefeb97111d7d8aac8

SHA512
040b2f60cfce11a72ca176bc0b16d3b2894fe572d7c151a4787a1f0b58dd6319d31cec0b0db336d99e249607ac5895697fcadcfd8d7ef5dc3fc66db2041b0491

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\js\chunk-vendors.js

Filesize
327KB

MD5
c13bf6372076e369fd2bca6aaa2791a5

SHA1
37105d1cd19f1dc2057dbdc2db29fa86c7b93be6

SHA256
240cae849357b5643038e2b7eb9542659299747df9017ac2467e602a2e38f911

SHA512
236b855b49fe492f89d4df199912181be57959f43458d04f24b1bb41f53f67819c1d8e8b03cea084666cc6f57887bebad3371abc8856588236a12cdbee464e6e

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\js\homePage.js

Filesize
3KB

MD5
d18f2f15b5e4f2f7747fdf7c9277c260

SHA1
bb3b085836b50dcf9d6ebb745c79db0751ca5832

SHA256
e3876bd3c6ba9783efc57cf65760cf36d73b4ec8dd15f913b404f274fca76f05

SHA512
869f0135e73b460b9f28700d086efb2cff998186e5c8aa6f015a1f67332e52bc1fbcf6ea1abf20b353899a6c1e91d69a8419befb2be454d650827135fe9303b1

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kguidestartuppane_xa_1.0.2024.16\mui\default\shortlink\js\multiPage.js

Filesize
48KB

MD5
d592f77577638144a3f3d1069e3c4fde

SHA1
175ac25b546142b37234bd327bb40882fe99e784

SHA256
c3785be984f4b336f6aed38debec4b66039156290a93e0015043178f194543a1

SHA512
890934ddfd41ee1bdf769670e4078ec5bc2fe0e1b11ee721efcb3bd635b6cfe6729c14b067db0f4f766e08fe3cec835da0da13085fd089991f6875851d86364c

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.32\download.7z

Filesize
277KB

MD5
6091bd82cf8ebcbdf551a812077e9149

SHA1
dd9fb66db29f19e17950dfb73885bd0d70669e3c

SHA256
0853a3f8b9b3a76269ba64edb80c7ca8cb0de5f683fdbce7f32f57eee63efb7b

SHA512
a3155caf789e026eea3fa3140160d4ee6027b16ecb0b7075a7939a4fde49d37c03cac9f61ec195044593c279d6ab4e1fdd0c90a7ddbd30bbb885269f4896144c

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kheaderupgradenotice_1.1.2024.32\res\static\js\manifest.js

Filesize
800B

MD5
8def9f056a8244b677dbd42be7bfc987

SHA1
460f4946c829d43aea3d731b2fc2babb81ed4b71

SHA256
77b87f2e8468b07df6dcb7c12fe7cedc619153bb8489b20e12fb5092136cc948

SHA512
2d00b432a7b8f2245f600dac1a90052e6baae8e89c5766015d65120917d94c8cfe3684f86c2f5a3af4af31d635c081fe714c2a1ec6873801edd0793ebb4eb918

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kmessagepushcenter_1.0.2024.12\download.7z

Filesize
72KB

MD5
dd775f6fdbfb9627196a5b1af9532a62

SHA1
45f6076bba397e8412d89156670512121022be55

SHA256
8581af2a8acb1a7fc7aa57f97e57c110345fe643d06e2419b88fe4cd9e052e44

SHA512
4713d0b62653086831125f6380baafc78eed14249bcf9971d1e4581a34ab179ba1285907d2489c4cd7a8cbf014e311655212e9a4b7573a7952c09e9feab816ff

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kmessagepushcenter_1.0.2024.12\run.ini

Filesize
322B

MD5
329e569b9371da4371c8cf0d0a4ba8d1

SHA1
1a8065c062d2a7dcf27db3d44b39044c230cff9d

SHA256
7c61ebc61f25a91be8271e8ce07cd80132335a66785c4b5070f66bf8d69bdab1

SHA512
687d815a44fbec7b9f25325b0fec44a655b020c9c03cb87263cf3290e756066b40d216dbce92c2930401aaaf021b3ecfdb54534b4ae6d5da21a3343029aea675

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\knewstylewebwidget_1.0.2024.48\download.7z

Filesize
29KB

MD5
6575b3628efa9620d0b12150f75cda3a

SHA1
9970cf91a608a24d0044bf685f123e2b82bbdcd8

SHA256
afd96d761b2d23ef92269526de97a723502b7308459c73585c8e427ba6e4bb51

SHA512
2a98899426e7c17e7de136a9bfd01b2c231b0692f3b746e394b42db67111a135bf5ba70029fdafac3d65b5d0fc853f80d042f89e4d72366d93f7b7c69616e317

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.31\download.7z

Filesize
2.7MB

MD5
75145eb8a77c9518ed5da72aa0072080

SHA1
e69407bd35cf84da059af78841043a95c51e4554

SHA256
93aaf542222d8bbb75d203be23c7842cf441f9df9a2a31c10db81088cef75187

SHA512
2bdd900b39bba56bfe68015436d302393abf35cf54aa567647c1a217318aeb3ee804acd5c6093731dbf9d124f85d7fd76ac40f8b75d18f92a4521a4f78d37a4f

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.31\resource\premiumcode\element-icons.ttf

Filesize
54KB

MD5
732389ded34cb9c52dd88271f1345af9

SHA1
8058fc55ef8432832d0b3033680c73702562de0f

SHA256
a30f5b3ba6a48822eae041e0ca5412a289125e4ba661d047dae565ac43b4a6b2

SHA512
e8971ae48f5287d252f5b0a2d0516091bef0d2febf7d01fd7b435e426d106fea251037439ec42c2937e934b66f38e5eb43d00a213cdf334f482f4a06b1817f9c

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kqingaccountsdk_1.1.2024.31\resource\premiumcode\element-icons.woff

Filesize
27KB

MD5
535877f50039c0cb49a6196a5b7517cd

SHA1
0000c4e27d38f9f8bbe4e58b5ce2477e589507a7

SHA256
ab40a58972be2ceab32e7e35dab3131b959aae63835d7bda1a79ae51f9a73c17

SHA512
da269b20f13fb5b0bb4628b75ec29e69bb2d36999e94b61a846cb58db679287a13d0aa38cdf64b2893558d183c4cc5df8da770e5a5b2a3288622cd4bd0e1c87b

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\krpt_1.0.0.107\download.7z

Filesize
703B

MD5
0edafbd62638a75ae8b4debc9fd0b3db

SHA1
814e953384ee2771bfcde0584b0f6f5691217ede

SHA256
3332953a07daf624094590bc8d2bf9d4ff1ec12c53a43a7310efa11c7cfb71e8

SHA512
ab42c6b7922f7137779417bdb5246ff660133f8d566a54fd067ecf787d27ffaee1d65704a4b9574a6fffede9b497b93638f558ff2689d375017d5b074ec88120

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kscreengrabapp_1.0.2020.247\download.7z

Filesize
22KB

MD5
af7cde4657b32a0058f659dfafacf4ca

SHA1
fe27cdda3c9b68bb74232271fe42d4018f1ab612

SHA256
2b27b65dd5127e1e0a981bedb3a9378015e6280f0a2746175e58a46dd35af6c5

SHA512
7dc51d1e05d4162810ee53246f756132c32c2c59a0ecd24d77048086e7dda89cb0af0ee8f864689e7c15647040867461bd1cd07055755ad570fae38d9da129bb

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kweboperationtab_1.1.2024.1\download.7z

Filesize
19KB

MD5
4a30eb0cdcbf96f908b6f11c170e1e2f

SHA1
4cafaae0245cf2e80acb38ba491ddc8429156f9c

SHA256
0813dfe0633730732166c259a0c23cba7f6b7e0444d3fc3d64cd4258c5b33d51

SHA512
f9a3d57be5598b03c4e6abbd33ec5b75ca81068d8c5dfe29a79b98507a0fe464093c4ff97dd583a971fcfddae28f0da1aef23591e9721e94ccfade11af5d081c

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kweboperationtab_1.1.2024.1\run.ini

Filesize
173B

MD5
765c422cea53cab2f5bdd7954e220686

SHA1
28fa977b2c4c8700a136870f77dc5d9cd6b42be1

SHA256
fca39bfd9b191988ebaaa0061c425f27e791658e978720295e924eaac41d3a39

SHA512
3df888be78b24cc0329215e85f5d8ce9bba68bc5dcb103139b0a7765aa28c7e7470b3fa6a681c8ea2d0ba6551a3c29ef9ab85d7d733c5f16ea89ccad6794abdb

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsbubble_1.0.2024.61\download.7z

Filesize
66KB

MD5
70aef169a3db443b7dba7deae20c6184

SHA1
c955b7bcae21dac053d368c103cb6a0829dd0671

SHA256
06b0be6f216189e0a1a0c542eb8355dcd79a93ec714bb52e2e06275556bb7038

SHA512
62dafcf667c15ae021e5a37799836c60ce1dc79cac7c20de3ddc68909e08119d2f62bef539c018b7db75e0be9c202bc4d4db70c2dcf5dd41a58eac43c7f78a91

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\kwpsbubble_1.0.2024.61\run.ini

Filesize
311B

MD5
236e5baf01686e858f69fca4cabf90cf

SHA1
5247a8fe0e59ead62affd63a9f8e9c4f13f05def

SHA256
226e9b2204745d5b685d0d22a6a3eed8b7f2374d0aeee799f4320cb500235df3

SHA512
ad3b13639da06cd30ff18e3c4cf2b5a470d28fd63ab8ea84a50c10ff5b4cd0a7d8a6344c5e3a501a8f5da351a5164326b157a1bfa742c1a65ccf3972c3814854

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.51\download.7z

Filesize
21KB

MD5
9fe8e793eaa059abeca4b5b276109183

SHA1
ead5ee371ae38c6a2c1f7958cd422c258735ea40

SHA256
bf4a4a71b47999de8af088581ae4c87a0c7ade7e643cb503f83bc7bde8c2e6a6

SHA512
5427dbbb8037e84d37c31bec57ab3804da15f3303fdab38b184022c206075e4ff004cefed981128c6382a0a98e8dfc6c60fd7ed190bb327cc222837745402148

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.51\pdfwspvreg.dll

Filesize
51KB

MD5
913c1b9663d3eaac1fe37b6918a8af94

SHA1
0f6e4815e0a57dec21797ecb6e428c5e50825e2d

SHA256
9c897a8c5572fbd35640cc4c46b807e33bf8f351785667875795bf337d2843fa

SHA512
a66ceab2bd86f64397efdbf1888ab4f30971c33d07d202a4b68c940cf3e66f69d79bed7969bb9db1719fafc03ae1089e89bac1b30d829dcf1fead17bf0d51fcd

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\pdfwspvreg_1.0.2024.51\run.ini

Filesize
253B

MD5
0d914e316c8fc542e5685b1598899979

SHA1
52e575fc0c66b60cd79d29ae4486944cf06995b0

SHA256
484e6146403c96eaeead06a97a8ed86d67334a9185bf009a44f7b1cbe5402e2a

SHA512
77ca461895bc65f31dd8fc5182dbed383804b4d3315e210bf65195776510bf9c09c11d87589796ec1bd272f67762e5ba28be4d64b8a58f2577cb6da79dbd7319

Download Submit
C:\Users\Admin\AppData\Roaming\kingsoft\wps\addons\pool\win-i386\wpsbox_1.1.2020.262\download.7z

Filesize
578KB

MD5
daabceb5846c4b13dd47646ea9ac897d

SHA1
37957b95a68d4aaf9ff3ea7c29c96cdd76bd9e8b

SHA256
0a252ee74273b012c91e9fe38e7b370d6d101a8dd5bfacf15f526b53c561acf1

SHA512
6e25acfc133ee00f859310e792e75c58966b23662c4f6a30562949b26fcdaf923d689efc7c558f45d45bb7125096d040a14a9166dcf3a727f7590f7b4ec2b81a

Download Submit
memory/2180-4447-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4446-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4437-0x000000006B4A0000-0x000000006BC1D000-memory.dmp

Filesize
7.5MB

Download
memory/2180-4450-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4449-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4448-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4439-0x000000006DF60000-0x000000006E96D000-memory.dmp

Filesize
10.1MB

Download
memory/2180-4438-0x000000006E970000-0x00000000700B0000-memory.dmp

Filesize
23.2MB

Download
memory/2180-4445-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4440-0x000000006B0C0000-0x000000006B0D0000-memory.dmp

Filesize
64KB

Download
memory/2180-4444-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4443-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4463-0x0000000001440000-0x0000000001457000-memory.dmp

Filesize
92KB

Download
memory/2180-4442-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2180-4441-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/2800-4577-0x000000006B5C0000-0x000000006BD3D000-memory.dmp

Filesize
7.5MB

Download
memory/2800-4576-0x000000006DA00000-0x000000006E40D000-memory.dmp

Filesize
10.1MB

Download
memory/4052-4467-0x000000006DA00000-0x000000006E40D000-memory.dmp

Filesize
10.1MB

Download
memory/4052-4478-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4477-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4476-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4475-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4474-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4473-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4472-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4471-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4470-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4479-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4052-4468-0x000000006B5C0000-0x000000006BD3D000-memory.dmp

Filesize
7.5MB

Download
memory/4052-4526-0x0000000003630000-0x0000000003647000-memory.dmp

Filesize
92KB

Download
memory/4052-4466-0x000000006E410000-0x000000006FB50000-memory.dmp

Filesize
23.2MB

Download
memory/4316-4554-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4541-0x000000006B5C0000-0x000000006BD3D000-memory.dmp

Filesize
7.5MB

Download
memory/4316-4572-0x0000000003230000-0x0000000003247000-memory.dmp

Filesize
92KB

Download
memory/4316-4540-0x000000006E410000-0x000000006FB50000-memory.dmp

Filesize
23.2MB

Download
memory/4316-4543-0x000000006DA00000-0x000000006E40D000-memory.dmp

Filesize
10.1MB

Download
memory/4316-4548-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4545-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4546-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4547-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4549-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4550-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4552-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4553-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4316-4551-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4501-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4493-0x000000006B5C0000-0x000000006BD3D000-memory.dmp

Filesize
7.5MB

Download
memory/4824-4496-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4497-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4498-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4499-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4500-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4495-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4502-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4503-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4504-0x000000006B0B0000-0x000000006B0C0000-memory.dmp

Filesize
64KB

Download
memory/4824-4491-0x000000006E410000-0x000000006FB50000-memory.dmp

Filesize
23.2MB

Download
memory/4824-4561-0x0000000002F40000-0x0000000002F57000-memory.dmp

Filesize
92KB

Download
memory/4824-4492-0x000000006DA00000-0x000000006E40D000-memory.dmp

Filesize
10.1MB

Download