KSLUI.EXE – Trojan SuspiciousFile

Trojan No Comments

I recommend you UnHackMe - Ultimate Malware Killer for fast malware removal:

Free Download
Fully Functional 30-day Trial. No credit card is required.
Reviews. EULA. Privacy Policy. Uninstall.

KSLUI.EXE – Trojan SuspiciousFile removal

FileMD5Virus Alias
KSLUI.EXE 7e24eab9648c12a04507df7e5844f083 Trojan SuspiciousFile

KSLUI.EXE size: 197393 bytes
KSLUI.EXE hash: 7E24EAB9648C12A04507DF7E5844F083

Created files:

%TEMP%\RarSFX0\data\KmsServer\KmsServer.exe
%TEMP%\RarSFX0\data\KmsServer\kslui.exe
%TEMP%\RarSFX0\data\KmsServer\Server.exe
%TEMP%\RarSFX0\data\Option\Edition.exe
%TEMP%\RarSFX0\data\Option\OGACheckControl.dll
%TEMP%\RarSFX0\data\slmgr\P\ospp.vbs
%TEMP%\RarSFX0\data\slmgr\P\osppc.dll
%TEMP%\RarSFX0\data\slmgr\P\ospprearm.exe
%TEMP%\RarSFX0\data\slmgr\P\slmgr.vbs
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\ppdlic\Security-SPP-Component-SKU-Enterprise-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-RAC-private.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-RAC-public.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VL-BYPASS-ul.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-pl.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Enterprise\tokens\skus\Security-SPP-Component-SKU-Enterprise\Security-SPP-Component-SKU-Enterprise-VLKMS1-ul-phn.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\ppdlic\Personalization-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\ppdlic\Security-SPP-Component-SKU-Professional-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\ppdlic\Security-SPP-ppdlic.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-private.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-RAC-public.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VL-BYPASS-ul.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-pl.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-oob.xrm-ms
%TEMP%\RarSFX0\data\spp\Professional\tokens\skus\Security-SPP-Component-SKU-Professional\Security-SPP-Component-SKU-Professional-VLKMS1-ul-phn.xrm-ms
%TEMP%\RarSFX0\data\VBS\HS.exe

Detected by UnHackMe:

KSLUI.EXE
Default location: %TEMP%\RARSFX0\DATA\KMSSERVER\KSLUI.EXE

Dropper information:
MD5: 37de6924ebb21cc748b7f153089d70d8
File size: 972902 bytes

Leave a Reply

Privacy Policy      Terms and Conditions

Thank you for theme by IdeaBox       Credits: Thank you to www.icons8.com for Icons and Images