How to remove $RP4488N.exe
- File Details
- Overview
- Analysis
$RP4488N.exe
The module $RP4488N.exe has been detected as Hijack.Explorer
File Details
| MD5: |
94fef1eebf8b9ea06f49d7f8b7814826 |
| Size: |
4 KB |
| First Published: |
2017-05-21 03:01:57 (8 years ago) |
| Latest Published: |
2025-09-29 23:00:53 (a month ago) |
| Status: |
Hijack.Explorer (on last analysis) |
|
| Analysis Date: |
2025-09-29 23:00:53 (a month ago) |
| %windir%\system32 |
| %localappdata%\winsys\kms_vl_all\64-bit |
| %desktop%\kms啟動\64-bit |
| %profile%\downloads\compressed\dll_act\kms_vl_act.rar\kms_vl_act\64-bit |
| %temp%\rar$exa0.540\windows kms activator v3.1\kms_files\64-bit |
| %temp%\rar$exa0.542\windows kms activator v3.1\kms_files\64-bit |
| %windir%\setup\scripts\x64 |
| %desktop%\activate tool\x64 |
| %profile%\downloads\documents\kms_vl_all_6.6.1\kms_vl_all_6.6.1\64-bit |
| %profile%\dropbox\programlar\kms vl all 6.6.1\64-bit |
| SppExtComObjPatcher.exe |
| sppextcomobjpatcher.exe |
| KMS8Load.exe |
| 64-bit_SppExtComObjPatcher.exe |
| $RAYYZKC.exe |
| 26625 (2017_08_10 13_53_02 UTC).exe |
| gSppExtComObjPatcher.exe |
| SppExtComObjPatcher.exe.quarantined |
| $RH5IRJU.exe |
| $R7859KV.exe |
| $RP4488N.exe |
|
11.7% |
|
|
6.4% |
|
|
5.7% |
|
|
5.5% |
|
|
4.6% |
|
|
4.5% |
|
|
3.7% |
|
|
3.2% |
|
|
3.0% |
|
|
3.0% |
|
|
3.0% |
|
|
2.3% |
|
|
2.1% |
|
|
2.1% |
|
|
2.0% |
|
|
1.8% |
|
|
1.3% |
|
|
1.3% |
|
|
1.2% |
|
|
1.2% |
|
|
1.2% |
|
|
1.1% |
|
|
1.0% |
|
|
1.0% |
|
|
1.0% |
|
|
0.9% |
|
|
0.9% |
|
|
0.8% |
|
|
0.8% |
|
|
0.8% |
|
|
0.8% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.7% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.6% |
|
|
0.5% |
|
|
0.5% |
|
|
0.5% |
|
|
0.4% |
|
|
0.4% |
|
|
0.4% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.3% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.2% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
|
0.1% |
|
| Windows 10 |
87.4% |
|
| Windows 7 |
6.7% |
|
| Windows 8.1 |
4.5% |
|
| Windows Server 2016 |
0.6% |
|
| Windows Server 2012 R2 |
0.4% |
|
| Windows Embedded 8.1 |
0.1% |
|
| Windows 8 |
0.1% |
|
| Windows XP |
0.1% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
64 |
| Image Base: |
0x0000000140000000 |
| Entry Address: |
0x00001000 |
| Name |
Size of data |
MD5 |
| .text |
1024 |
f4c696a25346888e110e3a6df8265945 |
| .rdata |
1536 |
5823acce36bad8c8cb1a6c1332f2b13b |
| .pdata |
512 |
b9eabb0a9a3f9e3e07b4174fa36c1881 |
| .rsrc |
512 |
8d096de51d16180d98ba04bad2632f19 |
