PUP.HackKMS

By CagedTech in Hacktool, Potentially Unwanted Programs

Table of Contents

Analysis Report

General information

Family Name:	PUP.HackKMS
Signature status:	No Signature

Known Samples

MD5: e59ecae7c1175dce7f816e1d917e62de

SHA1: a055bc458cd4a4723992a701e7d24376b89d022e

File Size: 4.01 MB, 4012110 bytes

MD5: 11bc2bb23e495b4ec3151b778ca36710

SHA1: 85982d423c55965478c3073a2ea2b3680a448057

File Size: 7.84 MB, 7835699 bytes

MD5: 57e039f32822ca7b0db0201a805e5f28

SHA1: 8a8de4438b4a873ba6df465ae17a14ab72d89b56

File Size: 809.26 KB, 809256 bytes

MD5: 9d299f079e309a9b512c32c5b93b2c0c

SHA1: b64ac577086d2cd870f490b246d444d0783f74ce

File Size: 68.10 KB, 68096 bytes

MD5: 023c0e8a1abc15adb35a32f4acebc786

SHA1: fe09d91fa8cdda49e746c1f607e00069cb3fbeb4

File Size: 365.22 KB, 365223 bytes

MD5: 5fe43e5f19607214c697c69a6869d408

SHA1: 126d33df094cee050cbb1646f29d1bfa26feff2d

File Size: 9.13 MB, 9129990 bytes

MD5: 326474646fbd1cc5bbaed1f69ccd565d

SHA1: 7d4e4d84f1e6e2e70e62a1331a81351e3cc71c40

SHA256: D215DB0AAAD0787E3819756D2F0DDFE4D9D7EA734526EC99303D812E4DEC3625

File Size: 3.12 MB, 3117568 bytes

MD5: df1b24cab857391c8ffa5a4d2bf6721e

SHA1: e3d8dde70fc0dfa52f588e1a5c7dd0be39e0bb8f

SHA256: 6F6A36B35BE47215936926EC2354155215CC282D85EE288AA8FC6CC06204984C

File Size: 980.48 KB, 980480 bytes

MD5: 5a71e1a165c3b912fedd7c257af0fe02

SHA1: d37aee288fe3341e696c8ef4c62a11a0389de7f8

SHA256: CE65889FC6417F758DF2CB520DF5F3D0D21CB2183109982F09EB14D1F7B51F95

File Size: 1.82 MB, 1816576 bytes

MD5: 4d6a0f8c8cbeeb26d0d4753a5e5357dc

SHA1: aec1211c2b438e7be17f8bd47fb0b034fd5a34db

SHA256: 8996BDD12011B57E4327C25365E3EEAE0F585F9FEA21086C19BBF8841250D2EA

File Size: 383.04 KB, 383039 bytes

MD5: 041926b8f5415a0c0d3cceab87a15230

SHA1: d2486affc2dbdc8806c3baa79c1fe9a8f41df6bc

SHA256: 3C53239B69F143658FEBAEF82BC268717F2A27C52B7116C7EAC5BAF2E84D09CB

File Size: 3.69 MB, 3691406 bytes

MD5: 176195b47fbd93e2717131e32995870f

SHA1: 46a3ac4608de5b818af7c63bfdc26ecdde38020d

SHA256: 346C43E1D01D1E6B9347FA607CA2C5BEB49E48F3F9EFDFAC38379403E6CD3312

File Size: 1.39 MB, 1386496 bytes

MD5: d71f5452634069ca7675bbd192b56590

SHA1: f4da4e51d8ba3c8c36b48359340e6d46c00b3d6c

SHA256: 6C319D7547E6F88147BDCC8CE52CD60D3C65C7BCB559C7FBB32B48F287041EE9

File Size: 6.16 MB, 6161024 bytes

MD5: 8430785d45e43d32855114b4ffadee8f

SHA1: 8b57f5abeb54e629bc3ecb86be3e6880df819c41

SHA256: 896F552102D1AC7DFAE48919C0806207F1CE8C1119A740AB138087C600308485

File Size: 1.73 MB, 1731838 bytes

MD5: 311a00d769472d1f1440cf1038eb36cf

SHA1: ba97032fa27916de583e227f757a0f993a747491

SHA256: 6D204B8065B17273982840920AB8C39DD41F3B81EBC8A156A14B09F6340607DB

File Size: 1.80 MB, 1799223 bytes

MD5: 05334d2a35ba05f288ffd574b81f4a6b

SHA1: fbd6e220a040f00a742e2962b450165731cac50a

SHA256: CBD15C55D3DE26A7B163C751C297E6763DA96EDA6C31C7FCF0D8E9B07E8BCE44

File Size: 6.72 MB, 6722560 bytes

MD5: c13edf0be372e090d833ef72a81acde6

SHA1: 01914a768744aeeb1f025618dd24d2787cf9ed14

SHA256: 60B170AC8BF94F696688947B1EB51D778CFD68A5D340CBD4868A40FECA8231CE

File Size: 5.78 MB, 5779456 bytes

MD5: 52e8a726babf88ea469545924a105e3a

SHA1: b6d6e3628d69ffce13c1a8b42c3fa3e57a60c94e

SHA256: 9FF947B310EECFC14EAFE5601429A2ECC2EB2567C24A03481AF3C74CA93D7826

File Size: 3.12 MB, 3120215 bytes

MD5: 09d42d9ea3a557586a7ce8d019200642

SHA1: fdc161e2598467b6089eaf3cd986865790eae79a

SHA256: E9A3E08472327988489064950B0FBF399D2044E72BBF5169FABB5B46C40D5A70

File Size: 5.11 MB, 5113800 bytes

MD5: 65118e1835ac5f23a7bd25f815bb1e61

SHA1: 9634a2ab446fa2cbe157bb9e28109907f2ce16f9

SHA256: BFB8FC0A40EF0F912EE81262CC3894C15F0AA557FEC96BE3FC0B5EC2F47FA69B

File Size: 5.14 MB, 5141469 bytes

MD5: 842c60a688586e885ad60889c12a7de9

SHA1: 1eb6956e471d6987acd7503743570d41e681d49b

SHA256: 1DF5B993B23A2763CA84627ABEA084F0F6ACAC1CA8A86EF2D032DAA8F733C9FC

File Size: 3.98 MB, 3980398 bytes

MD5: cb33fa794049b9e2364f251368e9a881

SHA1: 00781dae1a73b1ea115a016ac31815addfac25fc

SHA256: 6FE216FBC5D50FD85127B7D6C8DE9DC696CBF4AF199FC42C8AFDCF1925953E2C

File Size: 1.83 MB, 1825470 bytes

MD5: b57fa458ce8e334a52f75f87969b9957

SHA1: c516cd963bde7302c523f117676edccb09929a15

SHA256: 90EF8498D8CAB617119B5BDE8ED727854BB3A8FAE4012817A8DB8DD8BD1A812A

File Size: 366.08 KB, 366080 bytes

MD5: e640c88eb492f2c69049a77de9c79a0d

SHA1: 5d253fae97ffa54dab4e7aa977b1f7ad06da13a6

SHA256: 7EA81592DCBA990E0E1E30CC41CE516E93233938F6CCC0E85411F5C9D409250A

File Size: 1.95 MB, 1946632 bytes

MD5: 4e5928a795ad10e29dbff4eac24c83c8

SHA1: b95dcbe8f30a70075fa2fcdf770d021153f86f3d

SHA256: CDD9369087E23A128F9ADD63660DC112D40A1DF5896DF254EE2139978A67DEDE

File Size: 3.48 MB, 3481648 bytes

MD5: 6404d7a7dab33eacdce7b22269fb4f6a

SHA1: 6a7a462fded2a1a2575f5445164a7226f9e7a26b

SHA256: BFAE2EF78A8529EC6CE5C917350B6E32766F0920B6D42D1B038EF9BE669CB3E3

File Size: 3.80 MB, 3803365 bytes

MD5: efb8d7a6e65d98410279c6b191beecec

SHA1: f16a9fc8fc5ceb8757ab13a22234e574a0dfa444

SHA256: DAAAD42404AD1CB0FE077DBEB0C8D3046A5B5F1560506C7CDA1ACD819A5E3FA4

File Size: 1.90 MB, 1898658 bytes

MD5: 41b4d804692398d8fb566f5885f61181

SHA1: aea59527b9bd1ab5810f1800e0290de83e35f0e4

SHA256: 3BD0313988DFE6D41B9BD513B949F60364231883C35F7076284D8CBE7F3F9E03

File Size: 3.97 MB, 3971454 bytes

MD5: 121cbb5dc9e7c63c2dd6850f7816d4d5

SHA1: d9e13df57de1aed8cf70f34b7acac0474685eabc

SHA256: 117CB46829041A83042B3907D07DE370FEDA17278109AC5F440D630B9CE53890

File Size: 3.97 MB, 3969246 bytes

MD5: 75e54b3e2fd7d5a4dc9752ead57a56f1

SHA1: 55c9c805e2a4ed6a5f7ab5fca1a5d1f44cc3160d

SHA256: CC59502A6668953BA27D2BC60F6EC951755D4FDA4D2EA2B2428746AA03978BEA

File Size: 1.37 MB, 1371597 bytes

MD5: bea181f91d6bd6f6f4458eaf7189ef8e

SHA1: ced3f87fc414f12fc800ff4d346ebf511cf9f6fb

SHA256: FBF844EE13F5EBFB06DF7301C99A1B1D078378E721E18D8E1EE095FD759F660F

File Size: 1.40 MB, 1401623 bytes

MD5: 6ac29f1d974497c9b346de17a2461e97

SHA1: fc9c782f9cf606433b962ca328d8dc76715eadc7

SHA256: 45CDBCDBB97BA0E128951BF4537CB0C7F22E941D8EB8F2291862F86D712AAA05

File Size: 3.44 MB, 3440656 bytes

MD5: 935910da46d06c8820d79b9b94c5da3a

SHA1: 5ad68387c86600e2c411f64dc5a2fee3971deef9

SHA256: F23F983FFB0F5BBBB5176D957DE2107A78FC16F7EA02FB0224C27EBC500F4C4F

File Size: 8.42 MB, 8423936 bytes

MD5: 65087dd515afb841fb13305e45014fa6

SHA1: fed379bce4bf7de29a1932f5c667b14070faceae

SHA256: 433B054D4BFA453BED584A9839EA573267D80CE4F2EEC5D79B3DA3D5364B6BF3

File Size: 1.51 MB, 1512783 bytes

MD5: 641e9044c345e54808ec8e966ff03b0f

SHA1: 782429bcef5d1ef99bafc011dc315e2dae82929a

SHA256: ACD612B31A56565C1D3B7781105B07ECA5C8F0ED18434502A0B1F508ECBB167C

File Size: 1.28 MB, 1277952 bytes

MD5: bfea1fc53073922f555365fe47eabc36

SHA1: 050e8a914b82faeee83a648e5e69d80ac7499420

SHA256: 861D4CB7FF96A95DF2B84B7A1C3F5913AAB779156BCF357F697EE0499CE60FE2

File Size: 1.75 MB, 1746376 bytes

MD5: d6f756c7b02dc2dbb818e988ef84c728

SHA1: 79415d087919aa3cc268db8a21f8242ba259e09f

SHA256: F650E1853A3BFCEAB06D1059F58882B61E5F3AF530D585037F98EDCC6CA53A9C

File Size: 1.77 MB, 1765151 bytes

MD5: 71e40ede6e8c245c3127e02c5f2c41b5

SHA1: bae99c4956b7c73a42f51fd0cb1d6e5d8bfe864e

SHA256: 405FF26B22123C65FEE46652F2C38623369282A956B80234203225033628A06F

File Size: 3.79 MB, 3790061 bytes

MD5: afed875c58aff97c6191cd39ad0fca09

SHA1: c843b03d3c87cd70fb0ad62e6d1608120d4bc358

SHA256: 0303E376A1793564EEABEC15E5AEA641FD7844D467B241475D3DBA7EC0C4D926

File Size: 3.43 MB, 3430784 bytes

MD5: 13860dfde0d942e1c7503a65f3b985b2

SHA1: 49d70916cffc6bd149424b19af5589182ea41833

SHA256: 17EE5559FEF088FA4259869762A4AB677C1FFE0DFCC529F536F0AEC8BE07755F

File Size: 9.13 MB, 9129954 bytes

MD5: e4758f562b66c9b2ddbfb65aeac6e4dc

SHA1: e37ddf3e30ffb8f76bc668d14e96f5b65a81f7a1

SHA256: 85E94DCC9689C4AA72EE86A068FE3BEC2B88C8DBEEB7F505C9E33C2A0C6B7DC0

File Size: 5.45 MB, 5445717 bytes

MD5: e68809a3731128a7f4f9f6d918d37e2b

SHA1: efeaf688bccbf6163e0134ba4982930f5bfcd84e

SHA256: 36FBED2DACD12B70748E2EFDA456C754EB43599C7C940D384491D6185700AE33

File Size: 2.77 MB, 2773104 bytes

MD5: 26b6d7e40de4f2b12b37dec0fc6c2c41

SHA1: 998f6c24e2e23a1635cf9f313c47bcaaf47babbd

SHA256: 3A333F0E71B2E8ADB2F7FF7A86091D52EB6596067C283F2954477EBB08A4ABEF

File Size: 974.85 KB, 974848 bytes

MD5: 799531282040d983e2594b8504d1f114

SHA1: 6de964ebe2cb4418bc06b179a499126f4e36a813

SHA256: 7D9210E8E400E8713A0854E88D75A968712AC66FA8353CB4FD71F4687B375669

File Size: 3.96 MB, 3961582 bytes

MD5: e196de3852beb11669dcc49777be020f

SHA1: df1cda8048a216c7607665d7cb005ce4a4f88210

SHA256: 5DFEC9FB29F82A964463E1A604037B68973EDCE43753271A1B622385E753620E

File Size: 3.96 MB, 3961278 bytes

MD5: 1a26d770a16b0452a5143f80103bb7e3

SHA1: 86de90217992771252ea49e3247a56110f26e0a9

SHA256: D2E5357B955D196617D0A2A73BE844EEE8EA68178CA0F29812790A8E0E85919D

File Size: 3.61 MB, 3610183 bytes

MD5: 51b00f82c3f2f8432b178bb772947beb

SHA1: 5116328dce5b31e36dfd522f75c213991a5e0942

SHA256: 97D55B35E019CC6C673674A3ABC2FB0E633ADE6488AA726AE601362981526DBC

File Size: 5.67 MB, 5673984 bytes

MD5: ccb2d823f7a3853ccf1f6c474054a17c

SHA1: 5b0c99db5434af75a65b2e430cde806c424cd1f0

SHA256: 7FDB277CD59850EB87447F31B5DBFF2B74526C132A380A5FB5C8AD39AFD300E3

File Size: 2.26 MB, 2263040 bytes

MD5: 34a34f22ffe53285bcb4134f85cc357b

SHA1: 72fa806df4e6b35c9f97746e27792ffc6020c672

SHA256: DA09945B60956EBBDE29C8F964E3AA9D1DE25064619B04F8A82D8455B8FC24B4

File Size: 2.51 MB, 2507150 bytes

MD5: 9b4b87ccfe522da112f654008ddb7c9e

SHA1: 30cf5b02d3e3f75a10185d3379df5c2c48af8281

SHA256: 1A68FE97A7907B1CEBA3A2B1A6276C2D9115DC7DEE1EFFB8B3A86F17DF28906E

File Size: 3.13 MB, 3133672 bytes

MD5: a6c4a4992cc18f2b66daece1c3d07f98

SHA1: 54f9651709d4f1ee4145327ed2f0e81202ae119d

SHA256: 04DE15D74130900E3AC9AFB2314427804BC0FE39267225FC8477E4CCDF38DDA0

File Size: 1.61 MB, 1613620 bytes

MD5: bc20cafcf56e22a8f980e6c3a0d8c3ea

SHA1: cdf1d099c5284b975d46dc36ddee70d6d04a2efa

SHA256: 48855C9A843B254A32CCD8EA6996B065C31A3911B7662182D3B43DCB4141F510

File Size: 1.80 MB, 1795943 bytes

MD5: 893293558661b4a4dd5d9830fccd2fd3

SHA1: b85c8b2de58d76c50173dd1f717805442d5d85e4

SHA256: 9BC4EE928E815BE4605D37088DCA5213E5D633C79D72101ED01BE955F2A5CC02

File Size: 5.18 MB, 5179816 bytes

MD5: dea77eff7caaad070dac27b28e54e6da

SHA1: aa56641ccd83e3ab2b35231ea2ffd36de30ee0f6

SHA256: 999DCA9AED4A81D8C0F68FB65378DDB20587FBEBF96CA274263E2C52E63BF06A

File Size: 2.13 MB, 2130805 bytes

MD5: 9a79f230d4551eb9359b758ce9655470

SHA1: 436e675a7ce7d70d1a5caada1dee8d7112d01b34

SHA256: AF394FA073EE8759F61DEB2374802CD9231E36371B4CA93BA0B072F43A21221B

File Size: 1.83 MB, 1825470 bytes

MD5: 9d3981acd5cb643308b1d26278a9ce0a

SHA1: 9f8e02dabf14dd864f060e8aae606a1b1b3ce94c

SHA256: EC243B376434071E3EC50760C84EEF5F9E8D1DF15729588E82D7A22BF1C62A4C

File Size: 2.05 MB, 2049047 bytes

MD5: 1f2e27e86e4b51782a79e771882e1744

SHA1: 0b25e3d2c3a234a2c5e4ca1b656c93c67503e1b5

SHA256: 1D15EB2E35B778296BB6C0AB7AFCC7A4FC4A0919CA55CF5D5AFF719EF9C1F60C

File Size: 3.79 MB, 3790061 bytes

MD5: 9d5fd9cb265a4f6a2241a5bf556729fc

SHA1: 3ee08506ae224542ef6b202bc192b12accaae0a5

SHA256: 29844A63AA7AC3CDCBD1AF5B5CA9EBDBCA2BF79CD31FDC21249B7EEBAD80BDE3

File Size: 3.15 MB, 3154553 bytes

MD5: 6994241913c332d30cce26893c11c30f

SHA1: 9d34f3132315e8139a5e808b116bc074afd03560

SHA256: 15BE4E7AA5C3A1F340502AE3C258E00F56F99BA5ABAD462BDB7E175C07F8397E

File Size: 1.79 MB, 1790019 bytes

MD5: b2efb94c3f8971e5c12b4b31daae0a67

SHA1: 58b673020d2be79b06aa404cb888d7c9f444c378

SHA256: 52E3C8F86D0F769670701BC493B9808306463AA49C55CA7B9B7FC70EE7EB08CC

File Size: 2.55 MB, 2551296 bytes

MD5: a5f63d1377de131c3364d7d30c00ac05

SHA1: be4f838b908a2f7ef3e708154ce5dfadee61ddb9

SHA256: CB200868EBBD8D593EC2F26AA0A3DB4660D0A5DBAC2235ED5AA48554E4E825CB

File Size: 8.60 MB, 8599288 bytes

MD5: bc00c7848471cf74102c4a90a3629247

SHA1: e46cb0127185677fce001ae2e7fc8c55b8eb6b00

SHA256: 84962300DE43570E4C227915DA207B79627D69B3988BD6CB4E18FFEA007B9460

File Size: 6.34 MB, 6341438 bytes

MD5: d68d5bffc7373e0202ffa8fa3a84babe

SHA1: 6b2e1db891e513af395c2a2670d5284e9cdc93bc

SHA256: BE6F21E80B17DD116921D0627DE849FAF6994ED256F15813E9438857A840A068

File Size: 1.57 MB, 1572946 bytes

MD5: 9f942020022fa1edc3dba77ccd3e0e84

SHA1: 940448adfd436866fd879e1c8574ff3ba4aa1251

SHA256: 6A53F6E39B9C600A5F965933857C22EDCDDE954E3A30D7766C5E5C555FF99E75

File Size: 1.83 MB, 1834644 bytes

MD5: 86170161f0bce5de46268b7012e92d27

SHA1: 60747d0466acaf64de41dab779038ea644f1268e

SHA256: 6C375898F08B94164907E2C833340FA964F3703EFC91BB178F74EF4FD5E92558

File Size: 3.42 MB, 3419206 bytes

MD5: 2c97336c53930564aa554dc5eff2653b

SHA1: 82e8e36bee3043d888bae885012186312cbd17d2

SHA256: 269C873C0E9A2D0CF91135F270A7ADB6488860D08219869B7C6B8A0ECB2828FF

File Size: 134.06 KB, 134060 bytes

MD5: 1067ef20cdd80ce2fb2b83a07b53f07c

SHA1: db3225049d5ef17135c9509506bc39de50cd5123

SHA256: 4BB640328710329B19BAAC8366DA099C8038E9F63FE16944988F4BF36242F308

File Size: 2.35 MB, 2350080 bytes

MD5: 5782788dfe6d0474adb2d1e407505bda

SHA1: ff679d950e76a5f27489e6f383f6e3783b7c20dd

SHA256: CA5FBD547871292060FD7FF34854F78298A5CEEF639BB1CB247471C5F300765F

File Size: 3.93 MB, 3926046 bytes

MD5: fd610b872edea64ad0d79338d3b7e4ac

SHA1: 5a56a565956c6d457386c513357d3af3bba84a24

SHA256: BD1273822C952AF28684E08D0367F7EF67FC8B16B07FCE0ED96E9682D7DE294D

File Size: 9.05 MB, 9048082 bytes

MD5: a957eb462bd864b50280ad378a6abb0c

SHA1: fc66bddc825aeaa61c14e83e0c43607d2d87f52b

SHA256: D6BFD836E1632D0AA8912E8B9EFD954FD5346089B5C0472AA2175D61FDD8624D

File Size: 4.03 MB, 4026094 bytes

MD5: 56144ee9f6c64506fdaf10bb2a64f05d

SHA1: 3e74aca4f6a8af8e32a8d91cd959c68ecfedf574

SHA256: 1B81DEFBCD068E1E1A86AC40103EA8CC876F4B6E716CA93BC0D309555901F359

File Size: 3.69 MB, 3691624 bytes

MD5: bb8f0ddae62c4c0f016f852118ac8f00

SHA1: 1d3c37b2057fb9dc363ec95d672ff99005acda13

SHA256: 17F79F4F7371734F9FC2F528245D5B20C015FBFC327A91EDE00D3AA86CCFE078

File Size: 6.49 MB, 6493696 bytes

MD5: 8e7900e800f85c67d892c25ccb85ddca

SHA1: a073b11b8b0e238a4f215b45ebd6accf6dca3f8e

SHA256: 7EF697EC4733A164646CC36FB37626552E06363DE3BB29957FD084CA25C593C4

File Size: 49.15 KB, 49152 bytes

MD5: 8b19a1860bcd29adda05f172e71ce267

SHA1: 77fc48883823de6726c0baf3447e22a03ea86e65

SHA256: 6CAB3368BC617E8B89AE60E7C6B53533065D32BD9FD4CFE52BFD3875C196721D

File Size: 5.55 MB, 5546512 bytes

MD5: 6ec95d0874596df55f7fbba932c94a88

SHA1: b830eaaf33b542fee3fa73ff02a9551f8b87d5e2

SHA256: 7E38974A94B2519D3A1ADA324412F60D83F9B6609180B47215834759ACC8A329

File Size: 3.98 MB, 3983566 bytes

MD5: 828fcfe7bf741ce665700bb062c2bc8d

SHA1: 5ecf9cfb157221185d25fd85dd7647db88b0e8d6

SHA256: 84554BA408EDAFAC939230210CC633C4C4776898EAF8080D2B9E730C3B73F21E

File Size: 49.26 KB, 49260 bytes

MD5: c2374c5ffe03d7bc6288283325dc4c2c

SHA1: 46a514039c06921b61a735f1c3bcf546374321ea

SHA256: B67B065C510BC96798A40E7249745F1DEEBB4BBFB4CEB5DCF27D73CE960FFCE3

File Size: 1.23 MB, 1233028 bytes

MD5: 5677ad9dcbbbdd460625c83e330e50c2

SHA1: fa5fdf63b501ef7653f9009c41fd8c334c7021b3

SHA256: 4A6FC8BB2BCF2D5AFA224BDD8C642DE5CB0DDB607621A969CAED6EFAA83ACB0B

File Size: 4.45 MB, 4450562 bytes

MD5: ece065ad4de29f35065b96c8e3a004f1

SHA1: a37a76f995f40b2db8afeb7628e384769caa92ec

SHA256: 3B9476B3F3028E89D8CF96857CA8A7C2E7EB295BADD093B99D5529BB9EC9D48E

File Size: 1.80 MB, 1795943 bytes

MD5: 705576dd1aaa1ea9ccf6b58a66c83210

SHA1: 0360fce81a649a60805752d8e35928c17d5f3f69

SHA256: 22232B52B1D9E21925A6B621EA11F9EF7CE603D91F43FA830CFB9E1EA2A2D4F3

File Size: 1.61 MB, 1613870 bytes

MD5: 90b174bdc9c9d3f767262e7f1d9176f7

SHA1: d94c68cf67ed8d3608ecedb596f9ae6babf385df

SHA256: 21DFEDCD8EBA43423CCF00BC0B1B718BA184EF8B63C509E59F1F9304A6C40FAA

File Size: 1.77 MB, 1768950 bytes

MD5: 61546478e43460588e9dadabdb0eab7e

SHA1: 4cfd05522e144321bcbd2bc528bc6143fced5a60

SHA256: 4F58AF2C088FF1C22C8A3AC2FF4AD9AACDFD208F760777D9884D690096F65AF5

File Size: 2.71 MB, 2712215 bytes

MD5: 4878c1014c78b78830712f2513447c60

SHA1: 3cc6ddec6dacd4dc18794dc910385005f6646910

SHA256: B528D7D5186327EA8020A723FBF07B2430B814D2A3BCDCE40FFFDF8E6B485980

File Size: 2.59 MB, 2591744 bytes

MD5: 778f5b0a94d36cd5e9b917130c872863

SHA1: 4bac74bea9531ea42d3834894629a852804da169

SHA256: CBE74F24CCD62AE71D80D89DA005BF33C3E1CE8DA699CF44551C4BBE314921C8

File Size: 2.50 MB, 2504491 bytes

MD5: 875109767f2ccb40072ec0ac83052a11

SHA1: d0f17385744eba3000f33822c52d9ddbd02cd4c8

SHA256: 394CB2037725C8AF2601E6210867592F60DF3FCF0785855614DD9102677CC1FA

File Size: 3.34 MB, 3339264 bytes

MD5: c3d65ea1d676aa1c7ad1c2d56f503c9c

SHA1: 98d961d3dad99d330c262e11b0acd2e553c58095

SHA256: 8BF657DE673D9D38E5EC9846682631919E2A89F02B71ABD9A2435335B58EF28A

File Size: 1.31 MB, 1305088 bytes

MD5: ee7962bda3a0d4af00b8e69a2871ee81

SHA1: fd9ad7911b62c265bf48c1c1d6ce95bb0df6c17d

SHA256: D322B59D709AABBF29AC51C73BF2A32A98B8CE214B84ED7EFA8D224CDEEA67D7

File Size: 2.05 MB, 2052935 bytes

MD5: bae504269bae99e60a65c7963920bef8

SHA1: 73861909f0c8e92b2342906318d4d1cbd18da37d

SHA256: B5CF000EECABD0BA53C538E5FC7A1FC140BCEBF5DC6B8938E01DCF140DBB345B

File Size: 3.48 MB, 3477950 bytes

MD5: b30a6019f2e5a9f67894b759fedd450e

SHA1: 97aac46e0f26f267f2f6241faf4736bc5c23e681

SHA256: D5921ADC9E1B4B190500FA8BB40FFE047A9405DED2DD185E8E70F47666E8B144

File Size: 2.34 MB, 2341376 bytes

MD5: 0649bfd384f2571ec676a48e2b6c457d

SHA1: dba16dbf61bf67248fa14625bd280666e3c8ce37

SHA256: FBA3899E02406BAF6DABA6D2B55A42362BA17E55F4EF4D22DA0749ACD3BE43D5

File Size: 4.43 MB, 4425216 bytes

MD5: 4527e57f107bba4a821797502e0bfc96

SHA1: 709096c22ce35a9a2443e48a923a23683a26a0b0

SHA256: 4CC3B202882D46E05012701758A779850113BE4623AD17972274D9E986EC2A97

File Size: 7.90 MB, 7899136 bytes

MD5: 615070c6cf06f3ddf2f546fb7839b8a7

SHA1: 031ddaf6ed665d9b0981000c464c0ff11e6ead37

SHA256: 4471120D10C94D8949858D186C6FB1AC1D5A442B7BFC0D7B787F9D7070D33BEA

File Size: 1.87 MB, 1869294 bytes

Windows Portable Executable Attributes

File doesn't have "Rich" header
File doesn't have debug information
File doesn't have exports table
File doesn't have relocations information
File doesn't have security information
File has been packed
File has exports table
File has TLS information
File is .NET application
File is 32-bit executable

File is 64-bit executable
File is console application (IMAGE_SUBSYSTEM_WINDOWS_CUI)
File is either console or GUI application
File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
File is Native application (NOT .NET application)
File is not packed
IMAGE_FILE_DLL is not set inside PE header (Executable)
IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

File Icons

74 additional icons are not displayed above.

Windows PE Version Information

Name	Value
Assembly Version	15.0.0.9 5.3.6.1 5.0.2.10 2.3.6.100 1.4.2.5 1.3.2.101 1.0.0.0 0.0.0.0
Assembly Version	14.03.2016.1
Builder	host 03:28:16 13/11/2023 host 04:01:59 20/11/2022 host 15:54:16 05/11/2023 host 16:33:40 28/11/2023 user 00:19:30 06/11/2023
Comments	Allows Firefox to be run from a removable drive. For additional details, visit PortableApps.com/FirefoxPortable Created with AutoPlay Media Studio (www.indigorose.com) g3n-h@ckm@n Information at your mouseclicks Modified by an unpaid evaluation copy of Resource Tuner 2. http://www.heaventools.com Portable Restauration de paramètres système par défaut SolidShare.Net Unattended Installer The Finest Windows Optimizer This installation was built with Inno Setup. Show More Windows 8.1 KMS Activador (ES) V2.3 微软 Windows专业版&Office专业增强版专用激活工具微软软件激活服务
Company Name	@ByELDI @rgadguard AGUDELO AVG Technologies CZ, s.r.o. axon_t deadmoon © ∞ ESTsoft Corp. Fullserver Il Webmaster 21 Lucas Montano Show More Major Share MDL Forum, mod by Ratiborus Microsoft PortableApps.com Ratiborus SolidShare SosVirus The Blue List The Blue List / OEM edition by _odin_ www.mundoprogramas.tk 北京环宇通达有限公司北京环宇通达科技有限公司
Created	7z SFX Constructor v4.5.0.0 (http://usbtor.ru/viewtopic.php?t=798) 7z SFX Constructor v4.6.0.0 (http://usbtor.ru/viewtopic.php?t=798)
Created By	g3n-h@ckm@n
Edition	15
Email	contact@sosvirus.net
Entreprise	SosVirus Software
File Description	AAct x64 AAct x86 ActivateWin32 Setup Activator ALZip AutoPico AVG Installer Installazione del KMS 360.1 32Bit. KMSpico 2025 Download - Activate Windows Office.exe Setup KMS Server Emulator Service (XP) Show More Microsoft Online ActiveService Mozilla Firefox, Portable Edition Office 2016-2019 Optimizer Pre_Scan Setup/Uninstall SolidShare.Net Unattended Installer StartMenu 8+ Setup Velocity W10 Digital Activation Program W10 Digital Activation Program + KMS38 Windows 8.1 KMS Activador (ES) V2.3 Windows Activator Limited Edition v8.1 WindowsApplication1 Windows ve Office Açtivasyon Tools XPKeys Application XPKeysOEM Application Your AI companion for LeetCode - because sometimes we all feel stupid ZHPCleaner 激活与服务客户端
File Version	2015.4.30.204 2014.9.11.122 51.1054.0.0 51.1052.0.0 23.3.9.1 20.5.13.12842 15.0.0.9 14.3.2016.1 5.3.6.01 5.0.2.10 Show More 5, 1, 2, 0 4.2 3.0.6 2.3.06.100 2. 3. 0. 0 2.1.55.0 2.0.6.0 2.0.1.0 1.4.9.0 1.4.2.5 1.3.02.101 1.2.1.0 1.1.37.02 1.00 1.0.0.3 1.0.0.0 1.0.0.0 0.10.7 0.0.0.0
Internal Name	ActivateService.exe Activator.exe ams_runtime auirender AutoPico.exe E-PILOTE.exe KMSSS.exe MicrosoftActClient.exe microstub Mozilla Firefox, Portable Edition Show More Optimizer.exe Setupv4 TJprojMain Win Windows 8.1 KMS Activador (ES) V2.3 XPKey XPKeyOEM
Legal Copyright	Copyright (c) 1999 - present ESTsoft Corp. All right reserved. Copyright (C) 2000-2017 Plot Soft SMARTSOFT Copyright (C) 2002 Copyright (c) 2009 axon_t Copyright (C) 2013-2015 SosVirus Software Copyright (C) 2014 Il Webmaster 21 Copyright (C) 2021 AVG Technologies CZ, s.r.o. Copyright © 2013 Copyright © 2021 Copyright © 2025 Lucas Montano Show More Copyright © AGUDELO 2013 Copyright © By R@1n 2015 Creating by @rgadguard deadmoon © ∞ HEU KMS Activator 63 3 rar.exe HEU KMS Activator v63 3 Windows and MS Office Activator.exe John T. Haller KMSAuto Net 1 8 8 Download - Activate Windows Office.exe KMSAuto Net 173 Download - Activate Windows .exe KMSpico 2025 Download - Activate Windows Office.exe KMSpico 2026 Download - Activate Windows Office.exe MDL Forum, mod by Ratiborus Nicolas Coolman Windows Activator - Windows 11 10 8 1 7 Free Download.exe © 2022 By KiNGHaZe © Emir.Candan
Legal Trade Marks	g3n-h@ckm@n
Legal Trademarks	Firefox is a Registered Trademark of The Mozilla Foundation. PortableApps.com is a Registered Trademark of Rare Ideas, LLC. www.mundoprogramas.tk XP(tm)
Original File Name	Setupv4.aiui
Original Filename	ActivateService.exe Activator.exe AutoPico.exe autorun.exe E-PILOTE.exe FirefoxPortable.exe KMSSS.exe main-mfc.exe MicrosoftActClient.exe microstub.exe Show More Optimizer.exe setup.exe TJprojMain.exe Win.exe Windows 8.1 KMS Activador (ES) V2.3 Windows Loader.exe XPKey.EXE XPKeyOEM.EXE
Product Name	ActivateWin32 ALZip AutoPico AVG HEU KMS Activator 63 3 rar.exe HEU KMS Activator v63 3 Windows and MS Office Activator.exe KMS 360.1 32Bit KMSAuto Net 1 8 8 Download - Activate Windows Office.exe KMSAuto Net 173 Download - Activate Windows .exe KMSpico 2025 Download - Activate Windows Office.exe Show More KMSpico 2026 Download - Activate Windows Office.exe KMS Server Emulator Service (XP) Microsoft ActClient Mozilla Firefox, Portable Edition Office 2016-2019 Office Lisans Aracı Optimizer Perssua Project1 Re-Loader By R@1n StartMenu 8+ Team Fortress Velocity Win Windows 8.1 KMS Activador (ES) V2.3 Windows Activator - Windows 11 10 8 1 7 Free Download.exe Windows Activator LE WindowsApplication1 Windows ve Office Açtivasyon Tools XPKeys Application XPKeysOEM Application 微软软件激活服务
Product Version	20.5.13.12842 15.0.0.9 14.03.2016.1 12.14.0.1 6.5.0.0 5.3.6.01 5.0.2.10 5, 1, 2, 0 4.2 3.3.12.0 Show More 2.3.06.100 2. 3. 0. 0 2.1.55.0 2.0.6.0 1.4.9.0 1.4.2.5 1.3.02.101 1.2.1.0 1.1.37.02 1.1 1.00 1.0.0.3 1.0.0.0 1.0.0.0 1.0 0.10.7 0.0.0.0
Program I D	com.office.2016-2019
Publisher	g3n-h@ckm@n
Release	Final

Digital Signatures

Signer	Root	Status
Avast Software s.r.o.	DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1	Hash Mismatch
Rare Ideal	Rare Ideal	Self Signed
Rare Ideas	Rare Ideas	Self Signed
Smart	Smart	Self Signed
WZT	WZT	Hash Mismatch

WZTeam	WZTeam	Hash Mismatch
g3n-h@ckm@n	g3n-h@ckm@n	Self Signed
rgadguard	rgadguard	Self Signed

File Traits

.NET
.sdata
2+ executable sections
7-zip (In Overlay)
7-zip Installer
7zSFX
Agile.net
AMS
AutoHK
Autoit

Badsig autoit
big overlay
Fody
HighEntropy
imgui
Inno
InnoSetup Installer
Installer Manifest
Installer Version
JMC
NewLateBinding
nosig nsis
No Version Info
ntdll
Nullsoft Installer
packed
RAR (In Overlay)
RARinO
RijndaelManaged
themida
themida section variant
VirtualQueryEx
WinRAR SFX
WinZip SFX
WRARSFX
WriteProcessMemory
x64
x86
ZIP (In Overlay)

Block Information

Total Blocks:	946
Potentially Malicious Blocks:	11
Whitelisted Blocks:	934
Unknown Blocks:	1

Visual Map

0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 x 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 1 0 0 0 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 2 2 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 1 1 0 1 1 1 0 1 0 0 0 ?

0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

Agent.BKJ
Agent.KD
Agent.KFG
Agent.LKC
Autoit

BadJoke.FH
Banker.AN
Banker.GT
Banker.R
BestaFera.G
Casbaneiro.A
Delf.DA
Delf.Q
Detrahere.E
DialupPass.A
HackKMS.C
HackKMS.D
Injector.AK
Injector.DFF
Injector.DGB
Injector.FGSA
Injector.GDSA
Injector.GFDC
Injector.XD
Kryptik.DEK
Lumma.AC
Lumma.GFD
Lumma.Z
Lumma.ZA
MSIL.Bladabindi.ACB
MSIL.Bladabindi.BA
MSIL.Bladabindi.BI
MSIL.Gamehack.CA
MewsSpy.A
Ousaban.V
Philadelphia.A
Philadelphia.B
ReverseShell.XE
ReverseShell.XG
Rugmi.IA
ShellcodeRunner.NB
ShellcodeRunner.XF
Sheloader.A
Sheloader.C
Spacecolon.A
Startun.B
Stealer.KF

Files Modified

File	Attributes
\device\namedpipe	Generic Read,Write Attributes
\device\namedpipe	Generic Write,Read Attributes
c:\kinghaze1\kms_vl_all_aio.cmd	Generic Write,Read Attributes
c:\kinghaze1\kms_vl_all_aio.cmd	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Attributes
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.dat	Synchronize,Write Data
c:\program files (x86)\microsoft\edgeupdate\1.3.215.9\msedgeupdate.dll.tmp	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll	Generic Write,Read Attributes
c:\program files\common files\system\symsrv.dll.000	Generic Write,Read Attributes

c:\programdata\velocity\readymademenus\desktopshortcuts.reg	Generic Write,Read Attributes
c:\programdata\velocity\readymademenus\installtakeownership.reg	Generic Write,Read Attributes
c:\programdata\velocity\readymademenus\powermenu.reg	Generic Write,Read Attributes
c:\programdata\velocity\readymademenus\removetakeownership.reg	Generic Write,Read Attributes
c:\programdata\velocity\readymademenus\systemshortcuts.reg	Generic Write,Read Attributes
c:\programdata\velocity\readymademenus\systemtools.reg	Generic Write,Read Attributes
c:\programdata\velocity\readymademenus\windowsapps.reg	Generic Write,Read Attributes
c:\programdata\velocity\required\addopenwithcmd.reg	Generic Write,Read Attributes
c:\programdata\velocity\required\disableclassicphotoviewer.reg	Generic Write,Read Attributes
c:\programdata\velocity\required\disableofficetelemetrytasks.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\disableofficetelemetrytasks.reg	Generic Write,Read Attributes
c:\programdata\velocity\required\disabletelemetrytasks.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\disablexboxtasks.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\enableofficetelemetrytasks.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\enableofficetelemetrytasks.reg	Generic Write,Read Attributes
c:\programdata\velocity\required\enabletelemetrytasks.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\enablexboxtasks.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\gpeditenablerinhome.bat	Generic Write,Read Attributes
c:\programdata\velocity\required\onedrive_uninstaller.cmd	Generic Write,Read Attributes
c:\programdata\velocity\required\restoreclassicphotoviewer.reg	Generic Write,Read Attributes
c:\programdata\velocity\velocity.log	Generic Write,Read Attributes
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_16.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\microsoft\windows\explorer\iconcache_idx.db	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3396n90w.bat	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\3396n90w.bat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\5554.tmp.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5554.tmp.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\55a3.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5804.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5bce.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\5c3c.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2c86.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2ce4.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2cf5.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d06.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d16.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d27.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d47.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d67.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d78.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2d98.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2dc8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2de8.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2e09.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2e29.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2e68.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2ed7.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2f84.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2fb3.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut2ff3.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\aut3032.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\file001.txt	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\file001.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-136bieyf3q.tmp\_isetup\_setup64.tmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\is-136bieyf3q.tmp\idp.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\is-pxtzqf4kbh.tmp\9f8e02dabf14dd864f060e8aae606a1b1b3ce94c_0002049047.tmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\kmsautolite.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\nsba525.tmp\nsexec.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba525.tmp\stdutils.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\nsba525.tmp\system.dll	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\__tmp_rar_sfx_access_check_2926984	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\rarsfx0\install.bat	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\install.bat	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\kmspico_setup.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\kmspico_setup.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\readme kmspico install.txt	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\readme kmspico install.txt	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\rarsfx0\uninstall_service.cmd	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\rarsfx0\uninstall_service.cmd	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\screenshot001.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\screenshot001.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot002.jpg	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\appdata\local\temp\screenshot002.jpg	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot004.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot004.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot005.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot005.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot006.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot006.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot007.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot007.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot008.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot008.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot009.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot009.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot010.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot010.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot011.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot011.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot012.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot012.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot013.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot013.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot014.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot014.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot015.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot015.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot016.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot016.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot017.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot017.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot018.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot018.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot019.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot019.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\screenshot20.bmp	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\appdata\local\temp\screenshot20.bmp	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tweaks\w10da	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tweaks\w10da\w10digitalactivation.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tweaks\w10da\w10digitalactivation.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\tweaks\w10da\w10digitalactivation_x64.exe	Generic Write,Read Attributes
c:\users\user\appdata\local\temp\tweaks\w10da\w10digitalactivation_x64.exe	Synchronize,Write Attributes
c:\users\user\appdata\local\temp\~nsua.tmp\un_a.exe	Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144
c:\users\user\downloads\79415d087919aa3cc268db8a21f8242ba259e09f_0001765151	Synchronize,Write Attributes
c:\users\user\downloads\__tmp_rar_sfx_access_check_730640	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\aact.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\users\user\downloads\kmsautolite.ini	Generic Read,Write Data,Write Attributes,Write extended,Append data
c:\windows\system32\sbrknxe\vddocge.exe	Generic Write,Read Attributes
c:\windows\system32\sbrknxe\vddocge.sys	Generic Write,Read Attributes
c:\windows\system32\sbrknxe\vddocgedrv.sys	Generic Write,Read Attributes

Registry Modifications

Key::Value	Data	API Name
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::appinit_dlls	C:\PROGRA~1\COMMON~1\System\symsrv.dll	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::loadappinit_dlls		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\windows nt\currentversion\windows::requiresignedappinit_dlls		RegNtPreCreateKey
HKLM\system\controlset001\control\network::set_pt	z#sq\eo86o\UVo6f-WT\3nniTvT\G1RTy\lo4dR0n#lo4dR0n.8A8#9TTI648.8A8\|P#sq\eo86o\UVo6f-WT\3nniTvT\G1RTy\polAV80\|E#sq\eo86o\UVo6f-WT\	RegNtPreCreateKey
HKLM\system\controlset001\control\network::atimode	P\|O\|Y\|N\|L\|j\|u\|PP\|PN\|Pu\|rP\|rr\|rE\|rO\|rY\|rN\|rL\|rj\|ru\|Ez\|EP\|Er\|EE\|EO\|EY\|Eu\|Oz\|OP\|Or\|OY\|OL\|Oj\|YP\|Yr\|YE\|YO\|YN\|Yj\|Yu\|Nz\|NP\|Nr\|NE\|NO\|NY\|	RegNtPreCreateKey
HKLM\software\microsoft\windows script host\settings::enabled		RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules::tcp query user{a80137c5-6cba-412b-a1ec-d75758f79773}c:\users\user\downloads\fc9c782f9cf606433b962ca328d8dc76715eadc7_0003440656	v2.10\|Action=Allow\|Active=TRUE\|Dir=In\|Protocol=6\|Profile=Public\|App=c:\Users\user\downloads\fc9c782f9cf606433b962ca328d8dc76715e	RegNtPreCreateKey
HKLM\system\controlset001\services\sharedaccess\parameters\firewallpolicy\firewallrules::udp query user{8086f52e-78fa-489a-b2c4-2651dae624eb}c:\users\user\downloads\fc9c782f9cf606433b962ca328d8dc76715eadc7_0003440656	v2.10\|Action=Allow\|Active=TRUE\|Dir=In\|Protocol=17\|Profile=Public\|App=c:\Users\user\downloads\fc9c782f9cf606433b962ca328d8dc76715	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\content::cacheprefix		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\cookies::cacheprefix	Cookie:	RegNtPreCreateKey

HKCU\software\microsoft\windows\currentversion\internet settings\5.0\cache\history::cacheprefix	Visited:	RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::proxybypass		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::intranetname		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::uncasintranet		RegNtPreCreateKey
HKCU\software\microsoft\windows\currentversion\internet settings\zonemap::autodetect		RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	࢐乇垢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	⻱乎垢ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	믐ឭ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	腀ឲ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	㵷ᡒ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ꍡᡔ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	䐸ᢔ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	䓥ᢝ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ᧃ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	츓ᧈ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	腯ᨭ紷ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	잕ᨱ紷ǜ	RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enablefiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableautofiletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::enableconsoletracing		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filetracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::consoletracingmask		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::maxfilesize		RegNtPreCreateKey
HKLM\software\wow6432node\microsoft\tracing\rasapi32::filedirectory	%windir%\tracing	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	㢶缙郍ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\system\controlset001\control\session manager::pendingfilerenameoperations	1\??\C:\Windows\SystemTemp\MicrosoftEdgeUpdate.exe.old122e41\??\C:\Windows\SystemTemp\CopilotUpdate.exe.old12352*1\??\C:\P	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	样潍陹ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	煺車갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	颀軑갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	轮갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	ړ辂갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	૧辗갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	僧辞갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\cmd.exe	ﲥ鄒갫ǜ	RegNtPreCreateKey
HKLM\system\controlset001\services\bam\state\usersettings\s-1-5-21-3119368278-1123331430-659265220-1001::\device\harddiskvolume2\windows\system32\conhost.exe	֪鄘갫ǜ	RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc3475		RegNtPreCreateKey
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75		RegNtPreCreateKey

Windows API Usage

Category	API
Anti Debug	IsDebuggerPresent NtQuerySystemInformation OutputDebugString
User Data Access	GetComputerName GetComputerNameEx GetUserDefaultLocaleName GetUserName GetUserObjectInformation
Keyboard Access	GetKeyState
Other Suspicious	AdjustTokenPrivileges SetWindowsHookEx
Process Shell Execute	CreateProcess ShellExecuteEx WriteConsole
Syscall Use	ntdll.dll!NtAccessCheck ntdll.dll!NtAddAtomEx ntdll.dll!NtAlertThreadByThreadId ntdll.dll!NtAlpcConnectPort ntdll.dll!NtAlpcConnectPortEx ntdll.dll!NtAlpcQueryInformation ntdll.dll!NtAlpcSendWaitReceivePort ntdll.dll!NtApphelpCacheControl ntdll.dll!NtAssociateWaitCompletionPacket ntdll.dll!NtCancelTimer2 Show More ntdll.dll!NtCancelWaitCompletionPacket ntdll.dll!NtClearEvent ntdll.dll!NtClose ntdll.dll!NtCompareSigningLevels ntdll.dll!NtConnectPort ntdll.dll!NtCreateEvent ntdll.dll!NtCreateFile ntdll.dll!NtCreateIoCompletion ntdll.dll!NtCreateMutant ntdll.dll!NtCreatePrivateNamespace ntdll.dll!NtCreateSection ntdll.dll!NtCreateSemaphore ntdll.dll!NtCreateThreadEx ntdll.dll!NtCreateTimer2 ntdll.dll!NtCreateWaitCompletionPacket ntdll.dll!NtCreateWorkerFactory ntdll.dll!NtDelayExecution ntdll.dll!NtDeviceIoControlFile ntdll.dll!NtDuplicateObject ntdll.dll!NtDuplicateToken ntdll.dll!NtEnumerateKey ntdll.dll!NtEnumerateValueKey ntdll.dll!NtFindAtom ntdll.dll!NtFlushProcessWriteBuffers ntdll.dll!NtFreeVirtualMemory ntdll.dll!NtGetCachedSigningLevel ntdll.dll!NtGetContextThread ntdll.dll!NtMapViewOfSection ntdll.dll!NtNotifyChangeKey ntdll.dll!NtOpenDirectoryObject ntdll.dll!NtOpenEvent ntdll.dll!NtOpenFile ntdll.dll!NtOpenKey ntdll.dll!NtOpenKeyEx ntdll.dll!NtOpenMutant ntdll.dll!NtOpenProcess ntdll.dll!NtOpenProcessToken ntdll.dll!NtOpenProcessTokenEx ntdll.dll!NtOpenSection ntdll.dll!NtOpenSemaphore ntdll.dll!NtOpenThread ntdll.dll!NtOpenThreadToken ntdll.dll!NtOpenThreadTokenEx ntdll.dll!NtProtectVirtualMemory ntdll.dll!NtQueryAttributesFile ntdll.dll!NtQueryDefaultLocale ntdll.dll!NtQueryDirectoryFileEx ntdll.dll!NtQueryFullAttributesFile ntdll.dll!NtQueryInformationFile ntdll.dll!NtQueryInformationJobObject ntdll.dll!NtQueryInformationProcess ntdll.dll!NtQueryInformationThread ntdll.dll!NtQueryInformationToken ntdll.dll!NtQueryKey ntdll.dll!NtQueryLicenseValue ntdll.dll!NtQueryPerformanceCounter ntdll.dll!NtQuerySecurityAttributesToken ntdll.dll!NtQuerySecurityObject ntdll.dll!NtQuerySystemInformation ntdll.dll!NtQuerySystemInformationEx ntdll.dll!NtQueryValueKey ntdll.dll!NtQueryVirtualMemory ntdll.dll!NtQueryVolumeInformationFile ntdll.dll!NtQueryWnfStateData ntdll.dll!NtReadFile ntdll.dll!NtReadRequestData ntdll.dll!NtReleaseMutant ntdll.dll!NtReleaseSemaphore ntdll.dll!NtReleaseWorkerFactoryWorker ntdll.dll!NtRequestWaitReplyPort ntdll.dll!NtResumeThread ntdll.dll!NtSetEvent ntdll.dll!NtSetInformationFile ntdll.dll!NtSetInformationKey ntdll.dll!NtSetInformationProcess ntdll.dll!NtSetInformationThread ntdll.dll!NtSetInformationVirtualMemory ntdll.dll!NtSetInformationWorkerFactory ntdll.dll!NtSetTimer2 ntdll.dll!NtSubscribeWnfStateChange ntdll.dll!NtSuspendThread ntdll.dll!NtTerminateProcess ntdll.dll!NtTestAlert ntdll.dll!NtTraceControl ntdll.dll!NtUnmapViewOfSection ntdll.dll!NtUnmapViewOfSectionEx ntdll.dll!NtUnsubscribeWnfStateChange ntdll.dll!NtWaitForAlertByThreadId ntdll.dll!NtWaitForMultipleObjects ntdll.dll!NtWaitForSingleObject 106 additional items are not displayed above.
Service Control	OpenSCManager StartServiceCtrlDispatcher
Network Winsock2	WSAStartup
Network Winhttp	WinHttpOpen
Process Manipulation Evasion	NtUnmapViewOfSection ReadProcessMemory
Process Terminate	TerminateProcess
Encryption Used	BCryptOpenAlgorithmProvider CryptAcquireContext

Shell Command Execution


							"c:\users\user\downloads\fe09d91fa8cdda49e746c1f607e00069cb3fbeb4_0000365223.exe" -sfxwaitall:0 "KMS_VL_ALL_AIO.cmd"


							C:\Users\Musrjgwa\AppData\Local\Temp\5554.tmp.exe


							C:\Users\Musrjgwa\AppData\Local\Temp\55A3.tmp -insta


							"C:\WINDOWS\System32\cmd.exe"  /c  copy C:\WINDOWS\system32\Tasks\KMSAuto "C:\Users\Musrjgwa\AppData\Local\Temp\KMSAuto.tmp" /Y


							cmd.exe /c ""C:\Users\Nsdoppxl\AppData\Local\Temp\3396N90W.bat" "c:\users\user\downloads\c516cd963bde7302c523f117676edccb09929a15_0000366080""


									C:\WINDOWS\system32\mode.com mode  con: cols=90 lines=29


									C:\WINDOWS\system32\reg.exe REG  QUERY "HKU\S-1-5-19"


									C:\WINDOWS\system32\w32tm.exe w32tm  /config /manualpeerlist:"time.windows.com" /syncfromflags:manual /update


									 w32tm  /config /manualpeerlist:"time.windows.com" /syncfromflags:manual /update


									C:\WINDOWS\system32\w32tm.exe w32tm  /resync /nowait


									 w32tm  /resync /nowait


									"C:\WINDOWS\Sysnative\cmd.exe"  /c  copy C:\WINDOWS\system32\Tasks\KMSAuto "C:\Users\Zvrmwqyd\AppData\Local\Temp\KMSAuto.tmp" /Y


									"wmic.exe" process where (ProcessId=3088) get ParentProcessID /FORMAT:List /FORMAT:List


									"wmic.exe" process where (ProcessId=) get ExecutablePath /FORMAT:List /FORMAT:List


									"C:\WINDOWS\Sysnative\cmd.exe" /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="c:\users\user\downloads\cdf1d099c5284b975d46dc36ddee70d6d04a2efa_0001795943"


									"C:\WINDOWS\Sysnative\cmd.exe"  /c ver.exe


									C:\WINDOWS\System32\Wbem\WMIC.exe WMIC  /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="c:\users\user\downloads\cdf1d099c5284b975d46dc36ddee70d6d04a2efa_0001795943"


									WriteConsole: Access is denied


									"C:\WINDOWS\Sysnative\cmd.exe" /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="c:\users\user\downloads\AAct_files"


									C:\WINDOWS\System32\Wbem\WMIC.exe WMIC  /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="c:\users\user\downloads\AAct_files"


									"C:\WINDOWS\Sysnative\cmd.exe" /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="C:\WINDOWS\System32\SppExtComObjPatcher.exe"


									C:\WINDOWS\System32\Wbem\WMIC.exe WMIC  /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="C:\WINDOWS\System32\SppExtComObjPatcher.exe"


									"C:\WINDOWS\Sysnative\cmd.exe" /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="C:\WINDOWS\System32\SppExtComObjHook.dll"


									"C:\Users\Gqvqpuxp\AppData\Local\Temp\is-PXTZQF4KBH.tmp\9f8e02dabf14dd864f060e8aae606a1b1b3ce94c_0002049047.tmp" /SL5="$110068,971710,882176,c:\users\user\downloads\9f8e02dabf14dd864f060e8aae606a1b1b3ce94c_0002049047"


									(NULL) C:\Users\Lceybfja\AppData\Local\Temp\RarSFX0\Install.bat


									C:\WINDOWS\system32\mode.com mode  con cols=60 lines=35


									WriteConsole:


									WriteConsole:       Instalando


									WriteConsole:               Es


									WriteConsole:


									WriteConsole:


									WriteConsole:           Gracia


									WriteConsole:           Porfav


									WriteConsole:


									WriteConsole:   ==============


									WriteConsole:   **************


									C:\Users\Lceybfja\AppData\Local\Temp\RarSFX0\KMSpico_setup.exe KMSpico_setup.exe  /silent


									"C:\Users\Grfvctsr\AppData\Local\Temp\~nsuA.tmp\Un_A.exe"  _?=c:\users\user\downloads\


									"C:\WINDOWS\system32\cmd.exe" /c tasklist /FI "USERNAME eq %USERNAME%" /FI "IMAGENAME eq Perssua.exe" /FO csv | "C:\WINDOWS\system32\find.exe" "Perssua.exe"


									C:\WINDOWS\system32\tasklist.exe tasklist  /FI "USERNAME eq Grfvctsr" /FI "IMAGENAME eq Perssua.exe" /FO csv


									C:\WINDOWS\system32\find.exe "C:\WINDOWS\system32\find.exe"  "Perssua.exe"


									"C:\WINDOWS\Sysnative\cmd.exe" /c WMIC /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="c:\users\user\downloads\a37a76f995f40b2db8afeb7628e384769caa92ec_0001795943"


									C:\WINDOWS\System32\Wbem\WMIC.exe WMIC  /NAMESPACE:\\root\Microsoft\Windows\Defender PATH MSFT_MpPreference call Add ExclusionPath="c:\users\user\downloads\a37a76f995f40b2db8afeb7628e384769caa92ec_0001795943"


									(NULL) W10DigitalActivation_x64.exe

PUP.HackKMS

Analysis Report

General information

Known Samples

Known Samples

Windows Portable Executable Attributes

Windows Portable Executable Attributes

File Icons

File Icons

Windows PE Version Information

Windows PE Version Information

Digital Signatures

Digital Signatures

File Traits

Block Information

Block Information

Visual Map

Similar Families

Similar Families

Files Modified

Files Modified

Registry Modifications

Registry Modifications

Windows API Usage

Windows API Usage

Shell Command Execution

Shell Command Execution

Submit Comment

Related Posts

Trending

Most Viewed