How to remove KMSoffline.exe
- File Details
- Overview
- Analysis
KMSoffline.exe
The module KMSoffline.exe has been detected as Hack.AutoKMS
File Details
| Product Name: |
|
| MD5: |
f31a3449d1d502d444e39c8eb98baa25 |
| Size: |
3 MB |
| First Published: |
2019-05-25 11:13:35 (6 years ago) |
| Latest Published: |
2025-03-30 23:01:33 (8 months ago) |
| Status: |
Hack.AutoKMS (on last analysis) |
|
| Analysis Date: |
2025-03-30 23:01:33 (8 months ago) |
| %profile%\downloads\compressed |
| %temp% |
| %sysdrive%\$recycle.bin\s-1-5-21-1051439210-1889882723-775660982-1000\$rhr4y1l.com_microsoft_office_2016_pro_plus_x86 |
| %sysdrive%\system\-= w.g.a =- |
| %profile%\google drive\sync sav |
| %desktop%\seltene programme\koffline.2.1.2.wt |
| %sysdrive%\sources\$oem$\$progs\autosettingsps |
| %programfiles%\autosettingsps |
| %sysdrive%\softwares\microsoft office 2010 professional plus |
| %programfiles%\autosettingsps |
|
27.9% |
|
|
14.0% |
|
|
9.3% |
|
|
7.0% |
|
|
4.7% |
|
|
4.7% |
|
|
4.7% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
|
2.3% |
|
| Windows 10 |
86.0% |
|
| Windows 7 |
11.6% |
|
| Windows 8 |
2.3% |
|
Analysis
| Subsystem: |
Windows GUI |
| PE Type: |
pe |
| OS Bitness: |
32 |
| Image Base: |
0x00400000 |
| Entry Address: |
0x0032fcee |
| MVID: |
d61157cc-a970-46d2-b6a2-3c1b5e068cf5 |
| Typelib ID: |
4b59db8d-cdfc-436d-ad9c-648847dd40dd |
| Name |
Size of data |
MD5 |
| .text |
3333632 |
041ba0afa684677b8d957ca478301fab |
| .sdata |
512 |
dbe1afef41fa54a6cf50437d91afddfd |
| .rsrc |
73216 |
c08492a5e1863d1484e95d9fd9d176e1 |
| .reloc |
512 |
549ff2e3297b64f926415152513c908f |
