File name:

sm70101533e.exe

Full analysis: https://app.any.run/tasks/b0f5917b-02fc-43cf-aa17-6b16b00dd9be
Verdict: Malicious activity
Threats:

Adware is a form of malware that targets users with unwanted advertisements, often disrupting their browsing experience. It typically infiltrates systems through software bundling, malicious websites, or deceptive downloads. Once installed, it may track user activity, collect sensitive data, and display intrusive ads, including pop-ups or banners. Some advanced adware variants can bypass security measures and establish persistence on devices, making removal challenging. Additionally, adware can create vulnerabilities that other malware can exploit, posing a significant risk to user privacy and system security.

Malware Trends Tracker     >>>
Analysis date: November 30, 2024, 21:11:15
OS: Windows 10 Professional (build: 19045, 64 bit)
Tags:
adware
arch-scr
arch-html
exploit
crypto-regex
stealer
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, 4 sections
MD5:

5C528A8923D7BFA35A6C55C0C58FD229

SHA1:

32E9A5AFE56501991A9668E97B210E0CC6BFD554

SHA256:

1B5607E14718AAB45D3388F8CFA7073030B2EE83F1783BC2A454677C7C41BD11

SSDEEP:

98304:lpqixpfV5VCNXs4ujlWbAuMow2gm8hT5JQdsxcyrirB+BpNn84aJjgbKMln+Away:lfxcyE6drB

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Connects to the CnC server

      • sm70101533e.exe (PID: 6480)

    • ADWARE has been detected (SURICATA)

      • sm70101533e.exe (PID: 6480)

    • Actions looks like stealing of personal data

      • kxetray.exe (PID: 6980)

    • Changes the autorun value in the registry

      • sm70101533e.exe (PID: 6480)

  • SUSPICIOUS

    • Potential Corporate Privacy Violation

      • sm70101533e.exe (PID: 6480)

    • Access to an unwanted program domain was detected

      • sm70101533e.exe (PID: 6480)

    • Executable content was dropped or overwritten

      • sm70101533e.exe (PID: 6480)
      • kxetray.exe (PID: 6980)
      • kwsprotect64.exe (PID: 1220)
      • kxescore.exe (PID: 7120)

    • Reads security settings of Internet Explorer

      • sm70101533e.exe (PID: 6480)
      • kxetray.exe (PID: 6980)

    • Creates files in the driver directory

      • sm70101533e.exe (PID: 6480)

    • The process drops C-runtime libraries

      • sm70101533e.exe (PID: 6480)

    • Process drops legitimate windows executable

      • sm70101533e.exe (PID: 6480)

    • The process creates files with name similar to system file names

      • sm70101533e.exe (PID: 6480)

    • The process verifies whether the antivirus software is installed

      • knewvip.exe (PID: 6276)
      • ksysslim.exe (PID: 2676)
      • sm70101533e.exe (PID: 6480)
      • kxetray.exe (PID: 6980)

    • Creates a software uninstall entry

      • sm70101533e.exe (PID: 6480)
      • kxetray.exe (PID: 6980)

    • Drops a system driver (possible attempt to evade defenses)

      • sm70101533e.exe (PID: 6480)

    • Creates/Modifies COM task schedule object

      • kxetray.exe (PID: 6980)

    • Executes as Windows Service

      • kxescore.exe (PID: 7120)
      • kxewsc.exe (PID: 6984)

    • Uses NETSH.EXE to add a firewall rule or allowed programs

      • ksoftmgr.exe (PID: 4556)

    • Found regular expressions for crypto-addresses (YARA)

      • kxetray.exe (PID: 6980)

    • Application launched itself

      • knewvip.exe (PID: 6276)

  • INFO

    • Checks supported languages

      • sm70101533e.exe (PID: 6480)
      • InstallHelper.exe (PID: 6444)
      • kxetray.exe (PID: 6980)
      • knewvip.exe (PID: 6276)
      • ksysslim.exe (PID: 2676)

    • Reads the computer name

      • sm70101533e.exe (PID: 6480)
      • InstallHelper.exe (PID: 6444)
      • kxetray.exe (PID: 6980)
      • knewvip.exe (PID: 6276)

    • Reads the machine GUID from the registry

      • sm70101533e.exe (PID: 6480)

    • Creates files in the program directory

      • sm70101533e.exe (PID: 6480)
      • knewvip.exe (PID: 6276)
      • kxetray.exe (PID: 6980)

    • Process checks whether UAC notifications are on

      • sm70101533e.exe (PID: 6480)

    • Create files in a temporary directory

      • sm70101533e.exe (PID: 6480)

    • Checks proxy server information

      • sm70101533e.exe (PID: 6480)
      • kxetray.exe (PID: 6980)

    • Creates files or folders in the user directory

      • sm70101533e.exe (PID: 6480)
      • kxetray.exe (PID: 6980)
      • knewvip.exe (PID: 6276)

    • The process uses the downloaded file

      • sm70101533e.exe (PID: 6480)

    • Process checks computer location settings

      • sm70101533e.exe (PID: 6480)

    • Sends debugging messages

      • kxetray.exe (PID: 6980)
      • knewvip.exe (PID: 6276)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1970:02:16 18:59:12+00:00
ImageFileCharacteristics: No relocs, Executable, 32-bit
PEType: PE32
LinkerVersion: 8
CodeSize: 1687552
InitializedDataSize: 2351104
UninitializedDataSize: -
EntryPoint: 0xa4a18
OSVersion: 4
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 2023.11.21.973
ProductVersionNumber: 9.3.0.2524
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Windows NT 32-bit
ObjectFileType: Dynamic link library
FileSubtype: -
LanguageCode: Neutral
CharacterSet: Unicode
CompanyName: Kingsoft Corporation
FileDescription: Kingsoft Security - 安装程序
FileVersion: 2023,11,09,2524
InternalName: KInstallTool
LegalCopyright: Copyright (C) 1998-2023 Kingsoft Corporation
OriginalFileName: -
ProductName: Kingsoft Internet Security
ProductVersion: 9,3,0,2524
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
153
Monitored processes
22
Malicious processes
3
Suspicious processes
1

Behavior graph

Click at the process to see the details
start #ADWARE sm70101533e.exe installhelper.exe kxetray.exe knewvip.exe ksysslim.exe no specs kavlog2.exe no specs ksoftmgr.exe no specs kwsprotect64.exe ksyshelper64.exe no specs kxescore.exe no specs kislive.exe no specs conhost.exe no specs kxescore.exe kxewsc.exe no specs ksoftmgr.exe no specs kxecenter.exe no specs netsh.exe no specs conhost.exe no specs kxecenter.exe no specs kupdata.exe no specs knewvip.exe no specs sm70101533e.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
396"c:\program files (x86)\kingsoft\kingsoft antivirus\kavlog2.exe" -installC:\Program Files (x86)\kingsoft\kingsoft antivirus\kavlog2.exesm70101533e.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - KXEngine KeventLog3
Exit code:
0
Version:
2023,01,30,2217
1220"kwsprotect64.exe" (null)C:\Program Files (x86)\kingsoft\kingsoft antivirus\kwsprotect64.exe
kxetray.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - Kingsoft Web-Protection Module
Version:
2024,05,15,2719
2676"c:\program files (x86)\kingsoft\kingsoft antivirus\ksysslim.exe" -create_virtualdiskC:\Program Files (x86)\kingsoft\kingsoft antivirus\ksysslim.exekxetray.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - C盘瘦身专家
Exit code:
0
Version:
2024,06,21,13
4264"c:\program files (x86)\kingsoft\kingsoft antivirus\kislive.exe" /autorun /std /skipcs3C:\Program Files (x86)\kingsoft\kingsoft antivirus\kislive.exesm70101533e.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - 在线升级程序
Exit code:
1
Version:
2024,08,02,2812
4556"c:\program files (x86)\kingsoft\kingsoft antivirus\ksoftmgr.exe" -install:60000850 -src:106 -lenovoodd:lSuSIZA=C:\Program Files (x86)\kingsoft\kingsoft antivirus\ksoftmgr.exesm70101533e.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - 软件管家
Version:
2024,11,11,2927
4952"c:\program files (x86)\kingsoft\kingsoft antivirus\kxecenter.exe" /runbycmd /modulename:ktrashmon.dll /taskid:{052C1269-FD1C-4506-B705-1CC140EC26DF}C:\Program Files (x86)\kingsoft\kingsoft antivirus\kxecenter.exekxetray.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - kxecenter
Exit code:
0
Version:
2024,05,06,2716
5160"c:\program files (x86)\kingsoft\kingsoft antivirus\ksyshelper64.exe" /WindowsToastHook:3668C:\Program Files (x86)\kingsoft\kingsoft antivirus\ksyshelper64.exekxetray.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - Kingsoft KSysHelper 64 bit
Exit code:
0
Version:
2024,10,28,2895
5472"c:\program files (x86)\kingsoft\kingsoft antivirus\kxescore.exe" /start kxescoreC:\Program Files (x86)\kingsoft\kingsoft antivirus\kxescore.exesm70101533e.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - 防御服务
Exit code:
0
Version:
2024,09,03,2853
6192"c:\program files (x86)\kingsoft\kingsoft antivirus\ksoftmgr.exe" -preloadC:\Program Files (x86)\kingsoft\kingsoft antivirus\ksoftmgr.exesm70101533e.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - 软件管家
Exit code:
0
Version:
2024,11,11,2927
6276"knewvip.exe" --open_opction=1 --from=1 --startC:\Program Files (x86)\kingsoft\kingsoft antivirus\knewvip.exe
kxetray.exe
User:
admin
Company:
Kingsoft Corporation
Integrity Level:
HIGH
Description:
Kingsoft Security - 会员中心
Version:
2024,10,31,26
Modules
Images
c:\program files (x86)\kingsoft\kingsoft antivirus\knewvip.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
3 446
Read events
3 214
Write events
95
Delete events
137

Modification events

(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
Operation:writeName:idex
Value:
c39ad35ccb210f193b9ba4debba67fbb
(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
Operation:writeName:idno
Value:
1
(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}
Operation:writeName:did
Value:
544CE2F7AD2086089700061031EBEE5C
(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{79B5BC47-CEA1-4772-B433-7D1B3139F278}\Implemented Categories\{607568DD-B059-434b-B7E7-38EC51998F8E}
Operation:writeName:PacketPath_100_716_1
Value:
C:\Users\admin\AppData\Local\Temp\duba_u15730079_sv1_83_29.dll
(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
Operation:writeName:svrid
Value:
(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{9B7A98EC-7EF9-468c-ACC8-37C793DBD7E0}\Implemented Categories\{A5F7140E-4311-4ef9-AABC-F55941B5EBE5}
Operation:writeName:svrid
Value:
fcvft27q845su8h2n44o2eu47wel
(PID) Process:(6480) sm70101533e.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content
Operation:writeName:CachePrefix
Value:
(PID) Process:(6480) sm70101533e.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies
Operation:writeName:CachePrefix
Value:
Cookie:
(PID) Process:(6480) sm70101533e.exeKey:HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History
Operation:writeName:CachePrefix
Value:
Visited:
(PID) Process:(6480) sm70101533e.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\kingsoft\installfail
Operation:writeName:calltime
Value:
Executable files
398
Suspicious files
734
Text files
568
Unknown types
6

Dropped files

PID
Process
Filename
Type
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\jcqgx.initext
MD5:478B13BDC92E7D49E1E4A9B9C496FE9A
SHA256:7B8DFFD78EB43C4FA4472104DFC03C787196E5E6D852189F0F5BC0DC816E4F79
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\backup_0307\6000.xmltext
MD5:B1C00F67FE681FFF27F80A020D4D8CD9
SHA256:7C37E942CE92FC48457FC6D484E8ED788DA7B8B23689C0ED4601D26B0F629336
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\duba_u15730079_sv1_83_29.dll
MD5:
SHA256:
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\100.pngimage
MD5:A64D7F2A825F5547182E9E3EE25B4544
SHA256:E78B678846C177786E70E29D5111359D4AFF20D9AC5935FAD2BE87B17D7F9FC9
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\6000.xmltext
MD5:9605F14AED72906A40155329EAE6F49B
SHA256:B6C22395227C36B8BBE240CB826B1277A65DC6AAB15A46A0E2D3F96485BFB098
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\backup_0317\6000.xmltext
MD5:9605F14AED72906A40155329EAE6F49B
SHA256:B6C22395227C36B8BBE240CB826B1277A65DC6AAB15A46A0E2D3F96485BFB098
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\110.pngimage
MD5:020AE4ED917D5F84277384CAB39E56B0
SHA256:DC35117220A1A6959FFC2125DBD3A40452F88FFCA94B2A69CCBD9CF58380FDD9
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\backup_0307\6001.xmltext
MD5:A41FE6AD4115C9508AF69013806AF36D
SHA256:C300345EA071E284C7B619544ED1BBD993DA4052307189962A7876AFE042D082
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\kinst.logtext
MD5:C979830A20C981F431473FB7FAE1AF0C
SHA256:7014F89C341D5BA8495F9E5B230E8F5C3CDD1F2A51A84111D3C5B9EAB544728A
6480sm70101533e.exeC:\Users\admin\AppData\Local\Temp\install_res\backup_0317\soft.ico_image
MD5:6F2B23D493B22D7CB414C9BCB69903CB
SHA256:4574F94F61954AC1D9B57E5254E8217DC9CA9BE6DF2A6046CDAB8FFFFD7AD8ED
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
348
TCP/UDP connections
231
DNS requests
58
Threats
190

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTrjrydRyt%2BApF3GSPypfHBxR5XtQQUs9tIpPmhxdiuNkHMEWNpYim8S8YCEAI5PUjXAkJafLQcAAsO18o%3D
unknown
whitelisted
GET
200
184.30.21.171:80
http://www.microsoft.com/pkiops/crl/MicSecSerCA2011_2011-10-18.crl
unknown
whitelisted
GET
200
23.48.23.143:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
6480
sm70101533e.exe
GET
200
221.194.141.153:80
http://2398.35go.net/defend/o1/jcqgx.ini
unknown
whitelisted
6480
sm70101533e.exe
POST
200
139.9.43.42:80
http://infoc0.duba.net/c/
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
6480
sm70101533e.exe
POST
200
139.9.43.42:80
http://infoc0.duba.net/c/
unknown
whitelisted
6480
sm70101533e.exe
POST
200
139.9.43.42:80
http://infoc0.duba.net/c/
unknown
whitelisted
6480
sm70101533e.exe
HEAD
404
221.194.141.171:80
http://dubacdn.cmcmcdn.com/sem/installer/716.png
unknown
unknown
6480
sm70101533e.exe
GET
404
221.194.141.171:80
http://dubacdn.cmcmcdn.com/sem/installer/716.png
unknown
unknown
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4712
MoUsoCoreWorker.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
4
System
192.168.100.255:137
whitelisted
3220
svchost.exe
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
51.104.136.2:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
5064
SearchApp.exe
104.126.37.137:443
www.bing.com
Akamai International B.V.
DE
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
23.48.23.143:80
crl.microsoft.com
Akamai International B.V.
DE
whitelisted
184.30.21.171:80
www.microsoft.com
AKAMAI-AS
DE
whitelisted
4
System
192.168.100.255:138
whitelisted
6480
sm70101533e.exe
221.194.141.153:80
2398.35go.net
CHINA UNICOM China169 Backbone
CN
whitelisted

DNS requests

Domain
IP
Reputation
settings-win.data.microsoft.com
  • 51.104.136.2
  • 51.124.78.146
whitelisted
google.com
  • 172.217.18.14
whitelisted
www.bing.com
  • 104.126.37.137
  • 104.126.37.144
  • 104.126.37.170
  • 104.126.37.139
  • 104.126.37.160
  • 104.126.37.130
  • 104.126.37.128
  • 104.126.37.154
  • 104.126.37.131
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
crl.microsoft.com
  • 23.48.23.143
  • 23.48.23.156
whitelisted
www.microsoft.com
  • 184.30.21.171
whitelisted
2398.35go.net
  • 221.194.141.153
  • 218.12.76.154
  • 221.194.141.155
  • 218.12.76.158
whitelisted
infoc0.duba.net
  • 139.9.43.42
  • 139.9.36.107
  • 139.9.44.129
  • 121.37.247.153
  • 139.9.43.12
  • 139.9.35.91
  • 139.9.37.26
  • 139.9.45.227
  • 139.9.36.178
whitelisted
login.live.com
  • 40.126.32.68
  • 20.190.160.17
  • 40.126.32.136
  • 20.190.160.14
  • 40.126.32.133
  • 20.190.160.20
  • 40.126.32.72
  • 40.126.32.140
whitelisted
go.microsoft.com
  • 23.213.166.81
whitelisted

Threats

PID
Process
Class
Message
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6480
sm70101533e.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] PUP.Win32/KingSoft.E HTTP POST Request
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6480
sm70101533e.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] PUP.Win32/KingSoft.E HTTP POST Request
6480
sm70101533e.exe
Possibly Unwanted Program Detected
ADWARE [ANY.RUN] PUP.Win32/KingSoft.E HTTP POST Request
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
6480
sm70101533e.exe
Potentially Bad Traffic
ET HUNTING Suspicious Mozilla User-Agent - Likely Fake (Mozilla/4.0)
24 ETPRO signatures available at the full report
Process
Message
kxetray.exe
[magic cube] already init
kxetray.exe
[magic cube] local cache file not exist,reset data
kxetray.exe
[magic cube] loading file : c:\program files (x86)\kingsoft\kingsoft antivirus\data\switch_record.dat
kxetray.exe
[magic cube] loading file : c:\program files (x86)\kingsoft\kingsoft antivirus\data\switch_record.dat
kxetray.exe
[magic cube] local cache file not exist,reset data
kxetray.exe
[magic cube] local cache file not exist,reset data
kxetray.exe
[magic cube] loading file : c:\program files (x86)\kingsoft\kingsoft antivirus\data\switch_record.dat
kxetray.exe
[magic cube] loading file : c:\program files (x86)\kingsoft\kingsoft antivirus\data\switch_record.dat
kxetray.exe
[magic cube] local cache file not exist,reset data
kxetray.exe
[magic cube] loading file : c:\program files (x86)\kingsoft\kingsoft antivirus\data\abtest_record.dat
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
sm70101533e.exe