Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

"<fontsize=3style='font-family:;'>Dearcongpinzhu<br><br>IT2023%2F07%2F20%2022%3A22%3A23:co..

Decoded Output download

<?  "<fontsize=3style='font-family:;'>Dearcongpinzhu<br><br>IT2023%2F07%2F20%2022%3A22%3A23:congpinzhu,IP9.218.226.85device_id:rd1abbb1e6f3add49ffd8f1861310c26100000001,ksysslim.exePid:32140<br>e%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksysslim.exe<br>md5c80ed941e1546ab7ca0979648b916a4b<br><br>%3Cbr%3EMD5%EF%BC%9AC80ED941E1546AB7CA0979648B916A4B%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksysslim.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Ckxetray.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A12880%7C%3Cbr%3EMD5%EF%BC%9A86191D9E0E30631DB3E78E4645804358%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AC%3A%5CWindows%5CSystem32%5Cconhost.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksyshelper64.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A12540%7C%3Cbr%3EMD5%EF%BC%9A8D54B4573E6155FD73122AC5BF6D9B0E%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksyshelper64.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksysslim.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A32140%7C%3Cbr%3EMD5%EF%BC%9A86191D9E0E30631DB3E78E4645804358%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AC%3A%5CWindows%5CSystem32%5Cconhost.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AC%3A%5CProgram%20Files%20%28x86%29%5CiOA%5CVBScript.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A26136<br>()<br>%3ctable%3e%3ctr%3e%3cth%3e%e7%89%b9%e5%be%81%3c%2fth%3e%3cth%3e%e5%80%bc%3c%2fth%3e%3cth%3e%e8%af%b4%e6%98%8e%3c%2fth%3e%3cth%3e%e5%8e%9f%e5%a7%8b%e6%95%b0%e6%8d%ae%3c%2fth%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_browser_cookie%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%8e%b7%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8%e6%95%8f%e6%84%9f%e4%bf%a1%e6%81%af%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e733_is_none%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%90%91%e7%b3%bb%e7%bb%9f%e8%bf%9b%e7%a8%8b%e7%94%b3%e8%af%b7%e6%9d%83%e9%99%90%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_wxwork%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%a7%a6%e7%a2%b0%e4%bc%81%e4%b8%9a%e5%be%ae%e4%bf%a1%e9%85%8d%e7%bd%ae%e6%96%87%e4%bb%b6%e6%88%96%e8%80%85%e8%af%b1%e9%a5%b5%e6%96%87%e4%bb%b6%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cDocuments%5cWXWork%5cGlobal%5cConfig.cfg%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_open_process_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eOpenProcessToken%e7%aa%83%e5%8f%96%e5%87%ad%e6%8d%ae%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e738_is_exe%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e6%98%af%e5%90%a6%e9%87%8a%e6%94%beexe%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismCore.dll%7cE%3a%5ckinggsoft%5ckduu_ba%5csp7%5cdata%5cksrengz.dll%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_initialize_proc_thread_attribute_list%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+InitializeProcThreadAttributeList%3c%2ftd%3e%3ctd%3eE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_set_window_long%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+SetWindowLong%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_system_info%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetSystemInfo%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3emingan_black_feature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_duplicate_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+DuplicateTokenEx%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e742_process_quit%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e7%bb%93%e6%9d%9f%e6%a0%87%e5%bf%97%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject_bei%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e8%a2%ab%e6%b3%a8%e5%85%a5%3c%2ftd%3e%3ctd%3e%7cE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_logical_drive%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetLogicalDriveStringsW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e6%b3%a8%e5%85%a5%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismHost.exe%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_current_directory%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetCurrentDirectoryW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_zwquery_system%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8ZwQuerySystemInformation%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e732_is_no_signature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%9d%9e%e5%b8%b8%e8%a7%81%e8%bf%9b%e7%a8%8b%3c%2ftd%3e%3ctd%3eksysslim.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_C80ED941E1546AB7CA0979648B916A4B%7cksyshelper64.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_8D54B4573E6155FD73122AC5BF6D9B0E%7cconhost.exe__86191D9E0E30631DB3E78E4645804358%7cDismHost.exe_Microsoft+Windows_E5D5E9C1F65B8EC7AA5B7F1B1ACDD731%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_browser_mingan%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%bc%82%e5%b8%b8%e8%af%bb%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8cookie%ef%bc%8c%e4%b9%a6%e7%ad%be%ef%bc%8c%e6%b5%8f%e8%a7%88%e8%ae%b0%e5%bd%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e863_is_anony%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%88%9b%e5%bb%ba%e5%8c%bf%e5%90%8d%e7%ae%a1%e9%81%93%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_adjust_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+AdjustTokenPrivileges%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e738_is_create_exe%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e8%a2%ab%e5%88%9b%e5%bb%ba%3c%2ftd%3e%3ctd%3ee%3a%5ckinggsoft%5ckduu_ba%5csp7%5cksyshelper64.exe%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_find_first_file_usual%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%81%8d%e5%8e%86%e6%96%87%e4%bb%b6%e8%a1%8c%e4%b8%ba%3c%2ftd%3e%3ctd%3e%cache1%25%5c%2a.%2a%7cC%3a%5c%2a%3c%2ftd%3e%3c%2ftr%3e%3c%2ftable%3e<br>()<br>%3ctable%3e%3ctr%3e%3cth%3e%e7%89%b9%e5%be%81%3c%2fth%3e%3cth%3e%e5%80%bc%3c%2fth%3e%3cth%3e%e8%af%b4%e6%98%8e%3c%2fth%3e%3cth%3e%e5%8e%9f%e5%a7%8b%e6%95%b0%e6%8d%ae%3c%2fth%3e%3c%2ftr%3e%3ctr%3e%3ctd%3emingan_black_feature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e733_is_none%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%90%91%e7%b3%bb%e7%bb%9f%e8%bf%9b%e7%a8%8b%e7%94%b3%e8%af%b7%e6%9d%83%e9%99%90%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e738_is_exe%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e6%98%af%e5%90%a6%e9%87%8a%e6%94%beexe%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismCore.dll%7cE%3a%5ckinggsoft%5ckduu_ba%5csp7%5cdata%5cksrengz.dll%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e732_is_no_signature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%9d%9e%e5%b8%b8%e8%a7%81%e8%bf%9b%e7%a8%8b%3c%2ftd%3e%3ctd%3eksysslim.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_C80ED941E1546AB7CA0979648B916A4B%7cconhost.exe__86191D9E0E30631DB3E78E4645804358%7cksyshelper64.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_8D54B4573E6155FD73122AC5BF6D9B0E%7cDismHost.exe_Microsoft+Windows_E5D5E9C1F65B8EC7AA5B7F1B1ACDD731%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e863_is_anony%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%88%9b%e5%bb%ba%e5%8c%bf%e5%90%8d%e7%ae%a1%e9%81%93%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_browser_mingan%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%bc%82%e5%b8%b8%e8%af%bb%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8cookie%ef%bc%8c%e4%b9%a6%e7%ad%be%ef%bc%8c%e6%b5%8f%e8%a7%88%e8%ae%b0%e5%bd%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_browser_cookie%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%8e%b7%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8%e6%95%8f%e6%84%9f%e4%bf%a1%e6%81%af%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_wxwork%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%a7%a6%e7%a2%b0%e4%bc%81%e4%b8%9a%e5%be%ae%e4%bf%a1%e9%85%8d%e7%bd%ae%e6%96%87%e4%bb%b6%e6%88%96%e8%80%85%e8%af%b1%e9%a5%b5%e6%96%87%e4%bb%b6%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cDocuments%5cWXWork%5cGlobal%5cConfig.cfg%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_open_process_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eOpenProcessToken%e7%aa%83%e5%8f%96%e5%87%ad%e6%8d%ae%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_set_window_long%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+SetWindowLong%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e6%b3%a8%e5%85%a5%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismHost.exe%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject_bei%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e8%a2%ab%e6%b3%a8%e5%85%a5%3c%2ftd%3e%3ctd%3e%7cE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_adjust_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+AdjustTokenPrivileges%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_duplicate_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+DuplicateTokenEx%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_find_first_file_usual%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%81%8d%e5%8e%86%e6%96%87%e4%bb%b6%e8%a1%8c%e4%b8%ba%3c%2ftd%3e%3ctd%3e%cache1%25%5c%2a.%2a%7cC%3a%5c%2a%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_current_directory%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetCurrentDirectoryW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_logical_drive%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetLogicalDriveStringsW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_system_info%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetSystemInfo%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_initialize_proc_thread_attribute_list%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+InitializeProcThreadAttributeList%3c%2ftd%3e%3ctd%3eE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_zwquery_system%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8ZwQuerySystemInformation%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e742_process_quit%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e7%bb%93%e6%9d%9f%e6%a0%87%e5%bf%97%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3c%2ftable%3e<br></font>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>1<br>2<br>3<br>4<br>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~","level":"3","title":"ITITcongpinzhuksysslim.exeAI:" ?>

Did this file decode correctly?

Original Code

"<fontsize=3style='font-family:;'>Dearcongpinzhu<br><br>IT2023%2F07%2F20%2022%3A22%3A23:congpinzhu,IP9.218.226.85device_id:rd1abbb1e6f3add49ffd8f1861310c26100000001,ksysslim.exePid:32140<br>e%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksysslim.exe<br>md5c80ed941e1546ab7ca0979648b916a4b<br><br>%3Cbr%3EMD5%EF%BC%9AC80ED941E1546AB7CA0979648B916A4B%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksysslim.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Ckxetray.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A12880%7C%3Cbr%3EMD5%EF%BC%9A86191D9E0E30631DB3E78E4645804358%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AC%3A%5CWindows%5CSystem32%5Cconhost.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksyshelper64.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A12540%7C%3Cbr%3EMD5%EF%BC%9A8D54B4573E6155FD73122AC5BF6D9B0E%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksyshelper64.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AE%3A%5Ckinggsoft%5Ckduu_ba%5Csp7%5Cksysslim.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A32140%7C%3Cbr%3EMD5%EF%BC%9A86191D9E0E30631DB3E78E4645804358%3Cbr%3E%E5%91%8A%E8%AD%A6%E8%BF%9B%E7%A8%8B%EF%BC%9AC%3A%5CWindows%5CSystem32%5Cconhost.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8B%EF%BC%9AC%3A%5CProgram%20Files%20%28x86%29%5CiOA%5CVBScript.exe%3Cbr%3E%E7%88%B6%E8%BF%9B%E7%A8%8Bid%EF%BC%9A26136<br>()<br>%3ctable%3e%3ctr%3e%3cth%3e%e7%89%b9%e5%be%81%3c%2fth%3e%3cth%3e%e5%80%bc%3c%2fth%3e%3cth%3e%e8%af%b4%e6%98%8e%3c%2fth%3e%3cth%3e%e5%8e%9f%e5%a7%8b%e6%95%b0%e6%8d%ae%3c%2fth%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_browser_cookie%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%8e%b7%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8%e6%95%8f%e6%84%9f%e4%bf%a1%e6%81%af%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e733_is_none%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%90%91%e7%b3%bb%e7%bb%9f%e8%bf%9b%e7%a8%8b%e7%94%b3%e8%af%b7%e6%9d%83%e9%99%90%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_wxwork%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%a7%a6%e7%a2%b0%e4%bc%81%e4%b8%9a%e5%be%ae%e4%bf%a1%e9%85%8d%e7%bd%ae%e6%96%87%e4%bb%b6%e6%88%96%e8%80%85%e8%af%b1%e9%a5%b5%e6%96%87%e4%bb%b6%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cDocuments%5cWXWork%5cGlobal%5cConfig.cfg%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_open_process_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eOpenProcessToken%e7%aa%83%e5%8f%96%e5%87%ad%e6%8d%ae%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e738_is_exe%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e6%98%af%e5%90%a6%e9%87%8a%e6%94%beexe%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismCore.dll%7cE%3a%5ckinggsoft%5ckduu_ba%5csp7%5cdata%5cksrengz.dll%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_initialize_proc_thread_attribute_list%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+InitializeProcThreadAttributeList%3c%2ftd%3e%3ctd%3eE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_set_window_long%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+SetWindowLong%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_system_info%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetSystemInfo%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3emingan_black_feature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_duplicate_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+DuplicateTokenEx%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e742_process_quit%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e7%bb%93%e6%9d%9f%e6%a0%87%e5%bf%97%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject_bei%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e8%a2%ab%e6%b3%a8%e5%85%a5%3c%2ftd%3e%3ctd%3e%7cE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_logical_drive%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetLogicalDriveStringsW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e6%b3%a8%e5%85%a5%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismHost.exe%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_current_directory%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetCurrentDirectoryW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_zwquery_system%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8ZwQuerySystemInformation%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e732_is_no_signature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%9d%9e%e5%b8%b8%e8%a7%81%e8%bf%9b%e7%a8%8b%3c%2ftd%3e%3ctd%3eksysslim.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_C80ED941E1546AB7CA0979648B916A4B%7cksyshelper64.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_8D54B4573E6155FD73122AC5BF6D9B0E%7cconhost.exe__86191D9E0E30631DB3E78E4645804358%7cDismHost.exe_Microsoft+Windows_E5D5E9C1F65B8EC7AA5B7F1B1ACDD731%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_browser_mingan%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%bc%82%e5%b8%b8%e8%af%bb%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8cookie%ef%bc%8c%e4%b9%a6%e7%ad%be%ef%bc%8c%e6%b5%8f%e8%a7%88%e8%ae%b0%e5%bd%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e863_is_anony%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%88%9b%e5%bb%ba%e5%8c%bf%e5%90%8d%e7%ae%a1%e9%81%93%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_adjust_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+AdjustTokenPrivileges%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e738_is_create_exe%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e8%a2%ab%e5%88%9b%e5%bb%ba%3c%2ftd%3e%3ctd%3ee%3a%5ckinggsoft%5ckduu_ba%5csp7%5cksyshelper64.exe%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_find_first_file_usual%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%81%8d%e5%8e%86%e6%96%87%e4%bb%b6%e8%a1%8c%e4%b8%ba%3c%2ftd%3e%3ctd%3e%cache1%25%5c%2a.%2a%7cC%3a%5c%2a%3c%2ftd%3e%3c%2ftr%3e%3c%2ftable%3e<br>()<br>%3ctable%3e%3ctr%3e%3cth%3e%e7%89%b9%e5%be%81%3c%2fth%3e%3cth%3e%e5%80%bc%3c%2fth%3e%3cth%3e%e8%af%b4%e6%98%8e%3c%2fth%3e%3cth%3e%e5%8e%9f%e5%a7%8b%e6%95%b0%e6%8d%ae%3c%2fth%3e%3c%2ftr%3e%3ctr%3e%3ctd%3emingan_black_feature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e733_is_none%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%90%91%e7%b3%bb%e7%bb%9f%e8%bf%9b%e7%a8%8b%e7%94%b3%e8%af%b7%e6%9d%83%e9%99%90%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e738_is_exe%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e6%98%af%e5%90%a6%e9%87%8a%e6%94%beexe%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismCore.dll%7cE%3a%5ckinggsoft%5ckduu_ba%5csp7%5cdata%5cksrengz.dll%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e732_is_no_signature%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%9d%9e%e5%b8%b8%e8%a7%81%e8%bf%9b%e7%a8%8b%3c%2ftd%3e%3ctd%3eksysslim.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_C80ED941E1546AB7CA0979648B916A4B%7cconhost.exe__86191D9E0E30631DB3E78E4645804358%7cksyshelper64.exe_Beijing+Kingsoft+Security+software+Co.%2cLtd_8D54B4573E6155FD73122AC5BF6D9B0E%7cDismHost.exe_Microsoft+Windows_E5D5E9C1F65B8EC7AA5B7F1B1ACDD731%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e863_is_anony%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%88%9b%e5%bb%ba%e5%8c%bf%e5%90%8d%e7%ae%a1%e9%81%93%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_browser_mingan%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e5%bc%82%e5%b8%b8%e8%af%bb%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8cookie%ef%bc%8c%e4%b9%a6%e7%ad%be%ef%bc%8c%e6%b5%8f%e8%a7%88%e8%ae%b0%e5%bd%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_browser_cookie%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%8e%b7%e5%8f%96%e6%b5%8f%e8%a7%88%e5%99%a8%e6%95%8f%e6%84%9f%e4%bf%a1%e6%81%af%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cGoogle%5cChrome%5cUser+Data%5cDefault%5cHistory%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1011_is_touch_wxwork%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%a7%a6%e7%a2%b0%e4%bc%81%e4%b8%9a%e5%be%ae%e4%bf%a1%e9%85%8d%e7%bd%ae%e6%96%87%e4%bb%b6%e6%88%96%e8%80%85%e8%af%b1%e9%a5%b5%e6%96%87%e4%bb%b6%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cDocuments%5cWXWork%5cGlobal%5cConfig.cfg%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_open_process_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eOpenProcessToken%e7%aa%83%e5%8f%96%e5%87%ad%e6%8d%ae%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_set_window_long%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+SetWindowLong%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e6%b3%a8%e5%85%a5%e6%89%8b%e6%b3%95%3c%2ftd%3e%3ctd%3eC%3a%5cUsers%5cadmin%5cAppData%5cLocal%5cTemp%5c833D7E58-8C5D-402C-B587-FF867C1704BE%5cDismHost.exe%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1122_is_zwwrite_inject_bei%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3eZwWriteVirtualMemory%e8%a2%ab%e6%b3%a8%e5%85%a5%3c%2ftd%3e%3ctd%3e%7cE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_adjust_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+AdjustTokenPrivileges%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_duplicate_token%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+DuplicateTokenEx%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_find_first_file_usual%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e9%81%8d%e5%8e%86%e6%96%87%e4%bb%b6%e8%a1%8c%e4%b8%ba%3c%2ftd%3e%3ctd%3e%cache1%25%5c%2a.%2a%7cC%3a%5c%2a%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_current_directory%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetCurrentDirectoryW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_logical_drive%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetLogicalDriveStringsW%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_get_system_info%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+GetSystemInfo%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_initialize_proc_thread_attribute_list%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8API+InitializeProcThreadAttributeList%3c%2ftd%3e%3ctd%3eE%3a%5cKINGGSOFT%5cKDUU_BA%5cSP7%5cKSYSHELPER64.EXE%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e1119_is_zwquery_system%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%b0%83%e7%94%a8ZwQuerySystemInformation%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3ctr%3e%3ctd%3e742_process_quit%3c%2ftd%3e%3ctd%3e1%3c%2ftd%3e%3ctd%3e%e8%bf%9b%e7%a8%8b%e7%bb%93%e6%9d%9f%e6%a0%87%e5%bf%97%3c%2ftd%3e%3ctd%3e%3c%2ftd%3e%3c%2ftr%3e%3c%2ftable%3e<br></font>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~<br>1<br>2<br>3<br>4<br>~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~","level":"3","title":"ITITcongpinzhuksysslim.exeAI:"

Function Calls

None

Variables

None

Stats

MD5	88cdda4b80e7ce5dd8fa1a1def303e89
Eval Count	0
Decode Time	45 ms

Find this useful? Enter your email to receive occasional updates for securing PHP code.

PHP Decode

Decoded Output download

Did this file decode correctly?

How would you describe this file?

Original Code

Function Calls

Variables

Stats