25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600

Analysis

max time kernel
251s
max time network
275s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
13/03/2024, 21:03

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

New - Trigon Evo - Installer V2.5_30999513.exe
Size

9.5MB
MD5

1198daaa23f0af650c7cd4555fbef9e8
SHA1

783f86460785027a41a84e41b42a05b4d4a1a462
SHA256

25c846183e10bd2a146325effecddbabf0f390717fd11d597012a033e6daf600
SHA512

1a67d52794c2047936fc4814b70dd6474837b90df7a8b5653eb8a09cf98d4df2c93fb07451a29254e2e161e9e3f0c3f87e9f5e1252a2c89f2b7f95537e80227d
SSDEEP

196608:+5DcteeKaKIZJjwrqN/RFmQ3bKfIiaNPFHNRsiK1:8ctVtKckrqNnL3bIIiEHMn

Score

6^/10

discovery

Malware Config

Signatures

Checks for any installed AV software in registry 1 TTPs 8 IoCs

Security Software Discovery

T1518.001

description	ioc	Process
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV\Dir	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVG\AV	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast\Version	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVAST Software\Avast	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast\Version	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\WOW6432Node\AVAST Software\Avast	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV\Dir	setup30999513.exe
Key opened	\REGISTRY\MACHINE\SOFTWARE\AVG\AV	setup30999513.exe

Legitimate hosting services abused for malware hosting/C2 1 TTPs 5 IoCs

Web Service

T1102

flow	ioc
68	raw.githubusercontent.com
69	raw.githubusercontent.com
79	raw.githubusercontent.com
80	discord.com
81	discord.com

Drops file in System32 directory 64 IoCs

description	ioc	Process
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\perl.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-merbivore.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\worker-json.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\d.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\json.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\velocity.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\sparql.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\theme-github.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-tomorrow_night.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\worker-xquery.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\RobloxVersion	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\diff.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\mel.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\perl6.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\pig.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-terminal.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\ext-beautify.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\ext-searchbox.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\mode-lua.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\clojure.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\csharp.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\rst.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\ruby.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\themes\WhiteTheme.json	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\latex.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\theme-idle_fingers.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-textmate.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\ext-themelist.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\keybinding-emacs.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\csound_document.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\lsl.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\actionscript.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\elixir.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\logiql.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\csound_orchestra.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\html_elixir.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\mushcode.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\nsis.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\csp.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\nginx.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\xquery.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\themes\Gravity Falls.json	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\asciidoc.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\curly.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-idle_fingers.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\autohotkey.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\html_elixir.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\mask.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\ext-elastic_tabstops_lite.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\vhdl.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\theme-dreamweaver.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-merbivore_soft.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\worker-coffee.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\ext-settings_menu.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\php.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\scripts\Folder 1\Anti-Afk .txt	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\mysql.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\Key.sec	Trigon.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\bro.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\c_cpp.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\nsis.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\snippets\tcl.js	TrigonLauncher_v2.exe
File created	C:\Windows\SysWOW64\Trigon\bin\ace\theme-gruvbox.js	TrigonLauncher_v2.exe
File opened for modification	C:\Windows\SysWOW64\Trigon\bin\ace\theme-xcode.js	TrigonLauncher_v2.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Program Files directory 2 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\QWRtaW4zMDIwMTk3NDI1\path.txt	Trigon.exe
File created	C:\Program Files (x86)\QWRtaW4zMDIwMTk3NDI1\Key.sec	Trigon.exe

Executes dropped EXE 5 IoCs

pid	Process
2600	setup30999513.exe
1248	setup30999513.exe
2532	OfferInstaller.exe
2472	TrigonLauncher_v2.exe
2444	Trigon.exe

Loads dropped DLL 64 IoCs

pid	Process
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe
1248	setup30999513.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Delays execution with timeout.exe 3 IoCs

evasion

pid	Process
1984	timeout.exe
2000	timeout.exe
1924	timeout.exe

Enumerates processes with tasklist 1 TTPs 3 IoCs

Process Discovery

T1057

pid	Process
2596	tasklist.exe
1988	tasklist.exe
2680	tasklist.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies Internet Explorer settings 1 TTPs 24 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\FullScreen = "no"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\BrowserEmulation\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\GPU	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IntelliForms	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry\DontShowMeThisDialogAgain	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\Window_Placement = 2c0000000200000003000000ffffffffffffffffffffffffffffffff2400000024000000aa04000089020000	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "1"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\LowRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive\{CDED59F1-E17D-11EE-9511-66DD11CD6629} = "0"	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Main	IEXPLORE.EXE
Set value (int)	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Recovery\PendingRecovery\AdminActive = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\IETld\LowMic	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\InternetRegistry	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\PageSetup	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000\Software\Microsoft\Internet Explorer\Zoom	iexplore.exe

Modifies registry class 2 IoCs

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-330940541-141609230-1670313778-1000_CLASSES\Opera GXStable	New - Trigon Evo - Installer V2.5_30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\Opera GXStable	New - Trigon Evo - Installer V2.5_30999513.exe

Modifies system certificate store 2 TTPs 24 IoCs

evasion spyware trojan

Install Root Certificate

T1553.004

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13	New - Trigon Evo - Installer V2.5_30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 190000000100000010000000fd960962ac6938e0d4b0769aa1a64e26030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a1d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e709000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f00720069007400790000000f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6502000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6	setup30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A\Blob = 0f00000001000000140000000f6aad4c3fe04619cdc8b2bd655aa1a26042e6500b000000010000005400000053007400610072006600690065006c006400200043006c00610073007300200032002000430065007200740069006600690063006100740069006f006e00200041007500740068006f007200690074007900000053000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b06010505070303140000000100000014000000bf5fb7d1cedd1f86f45b55acdcd710c20ea988e71d000000010000001000000090c4f4233b006b7bfaa6adcd8f577d77030000000100000014000000ad7e1c28b064ef8f6003402014c3d0e3370eb58a2000000001000000130400003082040f308202f7a003020102020100300d06092a864886f70d01010505003068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479301e170d3034303632393137333931365a170d3334303632393137333931365a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f7269747930820120300d06092a864886f70d01010105000382010d00308201080282010100b732c8fee971a60485ad0c1164dfce4defc80318873fa1abfb3ca69ff0c3a1dad4d86e2b5390fb24a43e84f09ee85fece52744f528a63f7bdee02af0c8af532f9eca0501931e8f661c39a74dfa5ab673042566eb777fe759c64a99251454eb26c7f37f19d530708fafb0462affadeb29edd79faa0487a3d4f989a5345fdb43918236d9663cb1b8b982fd9c3a3e10c83bef0665667a9b19183dff71513c302e5fbe3d7773b25d066cc323569a2b8526921ca702b3e43f0daf087982b8363dea9cd335b3bc69caf5cc9de8fd648d1780336e5e4a5d99c91e87b49d1ac0d56e1335235edf9b5f3defd6f776c2ea3ebb780d1c42676b04d8f8d6da6f8bf244a001ab020103a381c53081c2301d0603551d0e04160414bf5fb7d1cedd1f86f45b55acdcd710c20ea988e73081920603551d2304818a3081878014bf5fb7d1cedd1f86f45b55acdcd710c20ea988e7a16ca46a3068310b300906035504061302555331253023060355040a131c537461726669656c6420546563686e6f6c6f676965732c20496e632e31323030060355040b1329537461726669656c6420436c61737320322043657274696669636174696f6e20417574686f72697479820100300c0603551d13040530030101ff300d06092a864886f70d01010505000382010100059d3f889dd1c91a55a1ac69f3f359da9b01871a4f57a9a179092adbf72fb21eccc75e6ad88387a197ef49353e7706415862bf8e58b80a673fecb3dd21661fc954fa72cc3d4c40d881af779e837abba2c7f534178ed91140f4fc2c2a4d157fa7625d2e25d3000b201a1d68f917b8f4bd8bed2859dd4d168b1783c8b265c72d7aa5aabc53866ddd57a4caf820410b68f0f4fb74be565d7a79f5f91d85e32d95bef5719043cc8d1f9a000a8729e95522580023eae31243295b4708dd8c416a6506a8e521aa41b4952195b97dd134ab13d6adbcdce23d39cdbd3e7570a1185903c922b48f9cd55e2ad7a5b6d40a6df8b74011469a1f790e62bf0f97ece02f1f1794	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	OfferInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	OfferInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 0f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c1320000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	New - Trigon Evo - Installer V2.5_30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A	setup30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	OfferInstaller.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e	TrigonLauncher_v2.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	setup30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8	New - Trigon Evo - Installer V2.5_30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\CABD2A79A1076A31F21D253635CB039D4329A5E8\Blob = 0400000001000000100000000cd2f9e0da1773e9ed864da5e370e74e14000000010000001400000079b459e67bb6e5e40173800888c81a58f6e99b6e030000000100000014000000cabd2a79a1076a31f21d253635cb039d4329a5e80f00000001000000200000003f0411ede9c4477057d57e57883b1f205b20cdc0f3263129b1ee0269a2678f631900000001000000100000002fe1f70bb05d7c92335bc5e05b984da620000000010000006f0500003082056b30820353a0030201020211008210cfb0d240e3594463e0bb63828b00300d06092a864886f70d01010b0500304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f74205831301e170d3135303630343131303433385a170d3335303630343131303433385a304f310b300906035504061302555331293027060355040a1320496e7465726e65742053656375726974792052657365617263682047726f7570311530130603550403130c4953524720526f6f7420583130820222300d06092a864886f70d01010105000382020f003082020a0282020100ade82473f41437f39b9e2b57281c87bedcb7df38908c6e3ce657a078f775c2a2fef56a6ef6004f28dbde68866c4493b6b163fd14126bbf1fd2ea319b217ed1333cba48f5dd79dfb3b8ff12f1219a4bc18a8671694a66666c8f7e3c70bfad292206f3e4c0e680aee24b8fb7997e94039fd347977c99482353e838ae4f0a6f832ed149578c8074b6da2fd0388d7b0370211b75f2303cfa8faeddda63abeb164fc28e114b7ecf0be8ffb5772ef4b27b4ae04c12250c708d0329a0e15324ec13d9ee19bf10b34a8c3f89a36151deac870794f46371ec2ee26f5b9881e1895c34796c76ef3b906279e6dba49a2f26c5d010e10eded9108e16fbb7f7a8f7c7e50207988f360895e7e237960d36759efb0e72b11d9bbc03f94905d881dd05b42ad641e9ac0176950a0fd8dfd5bd121f352f28176cd298c1a80964776e4737baceac595e689d7f72d689c50641293e593edd26f524c911a75aa34c401f46a199b5a73a516e863b9e7d72a712057859ed3e5178150b038f8dd02f05b23e7b4a1c4b730512fcc6eae050137c439374b3ca74e78e1f0108d030d45b7136b407bac130305c48b7823b98a67d608aa2a32982ccbabd83041ba2830341a1d605f11bc2b6f0a87c863b46a8482a88dc769a76bf1f6aa53d198feb38f364dec82b0d0a28fff7dbe21542d422d0275de179fe18e77088ad4ee6d98b3ac6dd27516effbc64f533434f0203010001a3423040300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff301d0603551d0e0416041479b459e67bb6e5e40173800888c81a58f6e99b6e300d06092a864886f70d01010b05000382020100551f58a9bcb2a850d00cb1d81a6920272908ac61755c8a6ef882e5692fd5f6564bb9b8731059d321977ee74c71fbb2d260ad39a80bea17215685f1500e59ebcee059e9bac915ef869d8f8480f6e4e99190dc179b621b45f06695d27c6fc2ea3bef1fcfcbd6ae27f1a9b0c8aefd7d7e9afa2204ebffd97fea912b22b1170e8ff28a345b58d8fc01c954b9b826cc8a8833894c2d843c82dfee965705ba2cbbf7c4b7c74e3b82be31c822737392d1c280a43939103323824c3c9f86b255981dbe29868c229b9ee26b3b573a82704ddc09c789cb0a074d6ce85d8ec9efceabc7bbb52b4e45d64ad026cce572ca086aa595e315a1f7a4edc92c5fa5fbffac28022ebed77bbbe3717b9016d3075e46537c3707428cd3c4969cd599b52ae0951a8048ae4c3907cecc47a452952bbab8fbadd233537de51d4d6dd5a1b1c7426fe64027355ca328b7078de78d3390e7239ffb509c796c46d5b415b3966e7e9b0c963ab8522d3fd65be1fb08c284fe24a8a389daac6ae1182ab1a843615bd31fdc3b8d76f22de88d75df17336c3d53fb7bcb415fffdca2d06138e196b8ac5d8b37d775d533c09911ae9d41c1727584be0241425f67244894d19b27be073fb9b84f817451e17ab7ed9d23e2bee0d52804133c31039edd7a6c8fc60718c67fde478e3f289e0406cfa5543477bdec899be91743df5bdb5ffe8e1e57a2cd409d7e6222dade1827	New - Trigon Evo - Installer V2.5_30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 1900000001000000100000006cf252fec3e8f20996de5d4dd9aef424030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131d00000001000000100000004558d512eecb27464920897de7b66053140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc41560858910090000000100000016000000301406082b0601050507030406082b060105050703010b000000010000001e000000440053005400200052006f006f00740020004300410020005800330000000f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d20000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	New - Trigon Evo - Installer V2.5_30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DAC9024F54D8F6DF94935FB1732638CA6AD77C13\Blob = 040000000100000010000000410352dc0ff7501b16f0028eba6f45c50f00000001000000140000005bcaa1c2780f0bcb5a90770451d96f38963f012d0b000000010000001e000000440053005400200052006f006f0074002000430041002000580033000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000c4a7b1a47b2c71fadbe14b9075ffc415608589101d00000001000000100000004558d512eecb27464920897de7b66053030000000100000014000000dac9024f54d8f6df94935fb1732638ca6ad77c131900000001000000100000006cf252fec3e8f20996de5d4dd9aef42420000000010000004e0300003082034a30820232a003020102021044afb080d6a327ba893039862ef8406b300d06092a864886f70d0101050500303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f74204341205833301e170d3030303933303231313231395a170d3231303933303134303131355a303f31243022060355040a131b4469676974616c205369676e617475726520547275737420436f2e311730150603550403130e44535420526f6f7420434120583330820122300d06092a864886f70d01010105000382010f003082010a0282010100dfafe99750088357b4cc6265f69082ecc7d32c6b30ca5becd9c37dc740c118148be0e83376492ae33f214993ac4e0eaf3e48cb65eefcd3210f65d22ad9328f8ce5f777b0127bb595c089a3a9baed732e7a0c063283a27e8a1430cd11a0e12a38b9790a31fd50bd8065dfb7516383c8e28861ea4b6181ec526bb9a2e24b1a289f48a39e0cda098e3e172e1edd20df5bc62a8aab2ebd70adc50b1a25907472c57b6aab34d63089ffe568137b540bc8d6aeec5a9c921e3d64b38cc6dfbfc94170ec1672d526ec38553943d0fcfd185c40f197ebd59a9b8d1dbada25b9c6d8dfc115023aabda6ef13e2ef55c089c3cd68369e4109b192ab62957e3e53d9b9ff0025d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e04160414c4a7b1a47b2c71fadbe14b9075ffc41560858910300d06092a864886f70d01010505000382010100a31a2c9b17005ca91eee2866373abf83c73f4bc309a095205de3d95944d23e0d3ebd8a4ba0741fce10829c741a1d7e981addcb134bb32044e491e9ccfc7da5db6ae5fee6fde04eddb7003ab57049aff2e5eb02f1d1028b19cb943a5e48c4181e58195f1e025af00cf1b1ada9dc59868b6ee991f586cafab96633aa595bcee2a7167347cb2bcc99b03748cfe3564bf5cf0f0c723287c6f044bb53726d43f526489a5267b758abfe67767178db0da256141339243185a2a8025a3047e1dd5007bc02099000eb6463609b16bc88c912e6d27d918bf93d328d65b4e97cb15776eac5b62839bf15651cc8f677966a0a8d770bd8910b048e07db29b60aee9d82353510	New - Trigon Evo - Installer V2.5_30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde	setup30999513.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\317A2AD07F2B335EF5A1C34E4B57E8B7D8F1FCA6\Blob = 040000000100000010000000a923759bba49366e31c2dbf2e766ba870f000000010000001400000007eeabaf80a9ef4ae1b2cb9b4b5fc70d0428e6a953000000010000004800000030463021060b6086480186fd6d0107170330123010060a2b0601040182373c0101030200c03021060b6086480186fd6e0107170330123010060a2b0601040182373c0101030200c00b000000010000002e00000053007400610072006600690065006c006400200054006500630068006e006f006c006f0067006900650073000000090000000100000016000000301406082b0601050507030406082b06010505070301140000000100000014000000a848b4242fc6ea24a0d78e3cb93c5c78d79833e41d00000001000000100000005959ddbc9c7632ba0a05f06316846fe6030000000100000014000000317a2ad07f2b335ef5a1c34e4b57e8b7d8f1fca619000000010000001000000044ba5fd9039fc9b56fd8aadccd597ca62000000001000000eb020000308202e730820250020101300d06092a864886f70d01010505003081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d301e170d3939303632363030313935345a170d3139303632363030313935345a3081bb312430220603550407131b56616c69436572742056616c69646174696f6e204e6574776f726b31173015060355040a130e56616c69436572742c20496e632e31353033060355040b132c56616c694365727420436c617373203220506f6c6963792056616c69646174696f6e20417574686f726974793121301f06035504031318687474703a2f2f7777772e76616c69636572742e636f6d2f3120301e06092a864886f70d0109011611696e666f4076616c69636572742e636f6d30819f300d06092a864886f70d010101050003818d0030818902818100ce3a71cae5abc8599255d7abd8740ef9eed9f655475965470e0555dceb98363c5c535dd330cf38ecbd4189ed254209246b0a5eb37cdd522d4ce6d4d67d5a59a965d449132d244d1c506fb5c185543bfe71e4d35c42f980e0911a0a5b393667f33f557c1b3fb45f647334e3b412bf8764f8da12ff3727c1b343bbef7b6e2e69f70203010001300d06092a864886f70d0101050500038181003b7f506f6f509499496238381f4bf8a5c83ea78281f62bc7e8c5cee83a1082cb18008e4dbda8587fa17900b5bbe98daf41d90f34ee218119a0324928f4c48e56d55233fd50d57e996c03e4c94cfccb6cab66b34a218ce5b50c323e10b2cc6ca1dc9a984c025bf3ceb99ea5720e4ab73f3ce61668f8beed744cbc5bd5621f43dd	setup30999513.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349	TrigonLauncher_v2.exe

Opens file in notepad (likely ransom note) 1 IoCs

ransomware

pid	Process
2484	NOTEPAD.EXE

Suspicious behavior: EnumeratesProcesses 60 IoCs

pid	Process
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2600	setup30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2600	setup30999513.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2532	OfferInstaller.exe
2620	chrome.exe
2620	chrome.exe
2472	TrigonLauncher_v2.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

description	pid	Process
Token: SeDebugPrivilege	2600	setup30999513.exe
Token: SeDebugPrivilege	2532	OfferInstaller.exe
Token: SeDebugPrivilege	2680	tasklist.exe
Token: SeDebugPrivilege	2596	tasklist.exe
Token: SeDebugPrivilege	1988	tasklist.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeRestorePrivilege	2892	7zFM.exe
Token: 35	2892	7zFM.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeSecurityPrivilege	2892	7zFM.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe
Token: SeShutdownPrivilege	2620	chrome.exe

Suspicious use of FindShellTrayWindow 45 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2892	7zFM.exe
2892	7zFM.exe
2620	chrome.exe
3048	iexplore.exe

Suspicious use of SendNotifyMessage 32 IoCs

pid	Process
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe
2620	chrome.exe

Suspicious use of SetWindowsHookEx 9 IoCs

pid	Process
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2220	New - Trigon Evo - Installer V2.5_30999513.exe
2600	setup30999513.exe
3048	iexplore.exe
3048	iexplore.exe
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE
2276	IEXPLORE.EXE

Suspicious use of WriteProcessMemory 64 IoCs

description	pid	Process	procid_target
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 2600	2220	New - Trigon Evo - Installer V2.5_30999513.exe	33
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2220 wrote to memory of 1248	2220	New - Trigon Evo - Installer V2.5_30999513.exe	34
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2532	2600	setup30999513.exe	35
PID 2600 wrote to memory of 2844	2600	setup30999513.exe	36
PID 2600 wrote to memory of 2844	2600	setup30999513.exe	36
PID 2600 wrote to memory of 2844	2600	setup30999513.exe	36
PID 2600 wrote to memory of 2844	2600	setup30999513.exe	36
PID 2844 wrote to memory of 2680	2844	cmd.exe	38
PID 2844 wrote to memory of 2680	2844	cmd.exe	38
PID 2844 wrote to memory of 2680	2844	cmd.exe	38
PID 2844 wrote to memory of 2680	2844	cmd.exe	38
PID 2844 wrote to memory of 1148	2844	cmd.exe	39
PID 2844 wrote to memory of 1148	2844	cmd.exe	39
PID 2844 wrote to memory of 1148	2844	cmd.exe	39
PID 2844 wrote to memory of 1148	2844	cmd.exe	39
PID 2844 wrote to memory of 1984	2844	cmd.exe	41
PID 2844 wrote to memory of 1984	2844	cmd.exe	41
PID 2844 wrote to memory of 1984	2844	cmd.exe	41
PID 2844 wrote to memory of 1984	2844	cmd.exe	41
PID 2532 wrote to memory of 2652	2532	OfferInstaller.exe	42
PID 2532 wrote to memory of 2652	2532	OfferInstaller.exe	42
PID 2532 wrote to memory of 2652	2532	OfferInstaller.exe	42
PID 2532 wrote to memory of 2652	2532	OfferInstaller.exe	42
PID 2652 wrote to memory of 2596	2652	cmd.exe	44
PID 2652 wrote to memory of 2596	2652	cmd.exe	44
PID 2652 wrote to memory of 2596	2652	cmd.exe	44
PID 2652 wrote to memory of 2596	2652	cmd.exe	44
PID 2652 wrote to memory of 2184	2652	cmd.exe	45
PID 2652 wrote to memory of 2184	2652	cmd.exe	45
PID 2652 wrote to memory of 2184	2652	cmd.exe	45
PID 2652 wrote to memory of 2184	2652	cmd.exe	45
PID 2652 wrote to memory of 2000	2652	cmd.exe	46
PID 2652 wrote to memory of 2000	2652	cmd.exe	46
PID 2652 wrote to memory of 2000	2652	cmd.exe	46
PID 2652 wrote to memory of 2000	2652	cmd.exe	46
PID 2652 wrote to memory of 1988	2652	cmd.exe	47
PID 2652 wrote to memory of 1988	2652	cmd.exe	47
PID 2652 wrote to memory of 1988	2652	cmd.exe	47
PID 2652 wrote to memory of 1988	2652	cmd.exe	47
PID 2652 wrote to memory of 2272	2652	cmd.exe	48
PID 2652 wrote to memory of 2272	2652	cmd.exe	48
PID 2652 wrote to memory of 2272	2652	cmd.exe	48
PID 2652 wrote to memory of 2272	2652	cmd.exe	48
PID 2652 wrote to memory of 1924	2652	cmd.exe	49
PID 2652 wrote to memory of 1924	2652	cmd.exe	49
PID 2652 wrote to memory of 1924	2652	cmd.exe	49

Uses Task Scheduler COM API 1 TTPs
The Task Scheduler COM API can be used to schedule applications to run on boot or at set times.
persistence

Query Registry
T1012
Uses Volume Shadow Copy WMI provider
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware
Uses Volume Shadow Copy service COM API
The Volume Shadow Copy service is used to manage backups/snapshots.
ransomware

C:\Users\Admin\AppData\Local\Temp\New - Trigon Evo - Installer V2.5_30999513.exe
"C:\Users\Admin\AppData\Local\Temp\New - Trigon Evo - Installer V2.5_30999513.exe"
1⤵
- Loads dropped DLL
- Modifies registry class
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:2220
- C:\Users\Admin\AppData\Local\setup30999513.exe
  C:\Users\Admin\AppData\Local\setup30999513.exe hhwnd=459038 hreturntoinstaller hextras=id:ad413892c2b60f5-RO-shtlu
  2⤵
  - Checks for any installed AV software in registry
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies system certificate store
  - Suspicious behavior: EnumeratesProcesses
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:2600
- - C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe
    "C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferInstaller.exe"
    3⤵
    - Executes dropped EXE
    - Modifies system certificate store
    - Suspicious behavior: EnumeratesProcesses
    - Suspicious use of AdjustPrivilegeToken
    - Suspicious use of WriteProcessMemory
    PID:2532
  - - C:\Windows\SysWOW64\cmd.exe
      cmd /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
      4⤵
      Suspicious use of WriteProcessMemory
      PID:2652
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 2532" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:2596
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "2532"
        5⤵
        
        PID:2184
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 1
        5⤵
        Delays execution with timeout.exe
        
        PID:2000
    - - C:\Windows\SysWOW64\tasklist.exe
        
        tasklist /FI "PID eq 2532" /fo csv
        5⤵
        Enumerates processes with tasklist
        Suspicious use of AdjustPrivilegeToken
        
        PID:1988
    - - C:\Windows\SysWOW64\find.exe
        
        find /I "2532"
        5⤵
        
        PID:2272
    - - C:\Windows\SysWOW64\timeout.exe
        
        timeout 5
        5⤵
        Delays execution with timeout.exe
        
        PID:1924
- - C:\Windows\SysWOW64\cmd.exe
    cmd /c ""C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat""
    3⤵
    - Suspicious use of WriteProcessMemory
    PID:2844
  - - C:\Windows\SysWOW64\tasklist.exe
      tasklist /FI "PID eq 2600" /fo csv
      4⤵
      Enumerates processes with tasklist
      Suspicious use of AdjustPrivilegeToken
      PID:2680
  - - C:\Windows\SysWOW64\find.exe
      find /I "2600"
      4⤵
      PID:1148
  - - C:\Windows\SysWOW64\timeout.exe
      timeout 5
      4⤵
      Delays execution with timeout.exe
      PID:1984
- C:\Users\Admin\AppData\Local\setup30999513.exe
  C:\Users\Admin\AppData\Local\setup30999513.exe hready
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  PID:1248
- C:\Windows\SysWOW64\NOTEPAD.EXE
  "C:\Windows\system32\NOTEPAD.EXE" C:\Users\Admin\AppData\Local\link.txt
  2⤵
  - Opens file in notepad (likely ransom note)
  PID:2484

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2836

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Enumerates system info in registry
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
PID:2620
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef6939758,0x7fef6939768,0x7fef6939778
  2⤵
  PID:2636
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1184 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:2
  2⤵
  PID:2856
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1504 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:8
  2⤵
  PID:2428
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=1608 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:8
  2⤵
  PID:2036
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2312 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:1
  2⤵
  PID:1432
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2328 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:1
  2⤵
  PID:1292
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=1468 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:2
  2⤵
  PID:2352
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --mojo-platform-channel-handle=2208 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:1
  2⤵
  PID:2744
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4004 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:8
  2⤵
  PID:2132
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --mojo-platform-channel-handle=3856 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:1
  2⤵
  PID:2148
- C:\Program Files\Google\Chrome\Application\chrome.exe
  "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3732 --field-trial-handle=1196,i,12044853658645104334,9462295920332465500,131072 /prefetch:8
  2⤵
  PID:2324
- C:\Program Files\7-Zip\7zFM.exe
  "C:\Program Files\7-Zip\7zFM.exe" "C:\Users\Admin\Downloads\TrigonLauncher_v2.rar"
  2⤵
  - Suspicious use of AdjustPrivilegeToken
  - Suspicious use of FindShellTrayWindow
  PID:2892

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:1544

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2004

C:\Users\Admin\Downloads\TrigonLauncher_v2.exe
"C:\Users\Admin\Downloads\TrigonLauncher_v2.exe"
1⤵
- Drops file in System32 directory
- Executes dropped EXE
- Modifies system certificate store
- Suspicious behavior: EnumeratesProcesses
PID:2472
- C:\Windows\SysWOW64\Trigon\Trigon.exe
  "C:\Windows\System32\Trigon\Trigon.exe" {Arguments If Needed}
  2⤵
  - Drops file in System32 directory
  - Drops file in Program Files directory
  - Executes dropped EXE
  PID:2444
- - C:\Program Files\Internet Explorer\iexplore.exe
    "C:\Program Files\Internet Explorer\iexplore.exe" https://arponag.xyz/Discord
    3⤵
    - Modifies Internet Explorer settings
    - Suspicious use of FindShellTrayWindow
    - Suspicious use of SetWindowsHookEx
    PID:3048
  - - C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
      "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:3048 CREDAT:275457 /prefetch:2
      4⤵
      Modifies Internet Explorer settings
      Suspicious use of SetWindowsHookEx
      PID:2276

C:\Windows\explorer.exe
"C:\Windows\explorer.exe"
1⤵
PID:2720

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Subvert Trust Controls

T1553

Install Root Certificate

T1553.004

Credential Access

Discovery

Process Discovery

T1057

Query Registry

T1012

Software Discovery

T1518

Security Software Discovery

T1518.001

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Web Service

T1102

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

Filesize
67KB

MD5
753df6889fd7410a2e9fe333da83a429

SHA1
3c425f16e8267186061dd48ac1c77c122962456e

SHA256
b42dc237e44cbc9a43400e7d3f9cbd406dbdefd62bfe87328f8663897d69df78

SHA512
9d56f79410ad0cf852c74c3ef9454e7ae86e80bdd6ff67773994b48ccac71142bcf5c90635da6a056e1406e81e64674db9584928e867c55b77b59e2851cf6444

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
0800f534dafff5d7bd2d3843ab2961a1

SHA1
e2e38261b48c5c548a05c9715ee3fbdfedc03f04

SHA256
d99a68458e8ff89997583ca030fb5872be4130e802e58006871902f556463f11

SHA512
fa50405240bbce4327a2cf54085f3bdc5f69c88a460647dc59c6f9ecb4ee4fb548f93b2a925a9e9ec29ab3a83f4acf96d9a9e40451ab7c60398d6a6376c0911d

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
9759b6775c26948e3fb14c16599d273b

SHA1
c84c885b0e8d3b314b4df624e5d10e22892a553d

SHA256
2b94926146a9c0ce36554568d954aa652ae760ab5300f8e3a9eacd3d6a438a78

SHA512
24f3f8218943b79428f2a004d751e81e89a98958fa2a156214924c0a66a4631bd1a26b96c3a55e301e7d1df794e5a7071a6392d03c320153e759835f46cd06a8

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e852a46c5e0d37174e0637fb839d4a65

SHA1
6f27e60c3dfc1d68f8e6d9c21b02443136d77117

SHA256
049f1a61642ea76e7e712c59648e29a9a228701a89da485ed97e3d6b19bad8e0

SHA512
d390e0e4a6234288e85a05e8fa01858823a473e94f8e33fae80cd597648e2ddb88b27e5b115fd46ff7f26d80db9e8f4e9b544370532bb49ca27466e062b6d604

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
f1bade3802bfb169975521be0d5ba27e

SHA1
fb207a5eeb300f44dafc7fefb8dcb807570991e0

SHA256
4f2c29ef8392d2774102061ea1129b33317526cfb58249f30e64a90ecb3a7425

SHA512
3a83913cc329b3929957f779f4f9b0acce788a0b753fd0f6a0ea49e58ba28b05c0326a31450b0b22c07b3bdbdb73595dc311f59aee19d7023eb086d3d2bf964b

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
971dd35ea07f60c57451a14dd396bd5c

SHA1
0855db19f9d87653e397f7acc47a4820a96f3754

SHA256
ffbd28a498e48d429285f3b1ffa91246337d2a347bcde2117146d2fda9d6790c

SHA512
46ba3081a70fb3cf8f379bc7c5dda4ea0e60c195abf16dc24f396281f2542ce4c21de2d597f89d5fe37769d2d1b1dfbf41ff92d9369610e4177dcaa3d6464e2f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2fd842e63d669888ad07363599708c27

SHA1
3dd09fa543af6f71bce1553544141f13b989811b

SHA256
4367106b979ee0579f66f7ba784314cc33250ce18e92b6c4836147d21332ba5b

SHA512
95516b4226bb6ef97baa956b1176d1ca1e9c63cdef17e32902dec8256ed7abfa7386776f38d571298aae92b063d112dcba66ec510ccdb5291c2707f947faa9cc

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
76292b7134c2a2c988f9047a2d62633c

SHA1
d5879afe84f8932cdf61134871ac8227ec53b615

SHA256
0518bfb018e7f79f9dda0cceab3f14dcde84458f92f729af82d9a3bb9895d83c

SHA512
ca9b102067eed0d746e48e2d7124da64321245210be1816888ed48fdcb24801b172f4f0d147197f334db685084702dfab1b1031af5e286ccecfade301f17e564

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
e7089e2a71f3ea904bccd59de73fd1da

SHA1
1263f50952d161634ae1e31da60527151dfc5eb4

SHA256
8a415b28e1c30fcb8037061248230c925fc44442408bdc93fc9ae1fea682be24

SHA512
61c017b4ba0f4308db1e66e5f499ff855838f5fcb89e18426b9e0a8c5ba975c56c527bb1b1bf3002b89663e652ee41e462d1fd13f39581a535eed84a3a04693a

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
3bb381969754b3e58a5271288a22ca8c

SHA1
9943ee4fd8e9ba6f97483c410dfc814d7d8688bb

SHA256
440c7bbd2738b0e374bd023892c358de77910d440f1967a21e727647b3e22050

SHA512
aa77010bb43df6cffde85a9fbbf5e088de88efdca0094e423cba5a11992dbc60ab52f125ba838bf867f695cda27ea5f64fb223707cfd653af6c6da54bd84f125

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
930dc63cb26adfe23ea36ed6460baa6a

SHA1
68c106a38dafec178ccefb767ca67afaabddab6c

SHA256
fdce70624363957b006e171c6435b0a73255a7231fc6bc2e42d4d006552e5c63

SHA512
5be5d4255abe667ff21b87cdab41ae27dc0a302002f379896232a09df8bea5868189a7c3b0778722d897ae6427059cc4a74b4a91f1f104ce882ea53130c494a2

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
134843e1dc6c8e0e32f459bd59aba8ac

SHA1
db525e8a0af2c0314d38993b3c7437fa76d0a885

SHA256
7a8af5030ce73b478b18855f08e8b3d2efa772f459058a489c6dc5eea7467984

SHA512
bda0f0521f56b943b4789b969ed7526a27344d68e39fb49ca2f406f8def5477535fb1fcd39e8592bce27955ccdbb1a41952c36e22bb8bb33ee9c5d78e818f43f

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
371fa5604ea05695056503ee53617481

SHA1
0d8123fe70840a766944157ae914e84880df721a

SHA256
3f7d79edd79f3b0a016f3d440a1737770f824dd052e86b8810fc76b764af7abf

SHA512
88d80270493a1f434d45e226191c43da7a80eb1a6dcbcd2766d5ca718fe5ab75ba816beb51e05c061b7dd0b68c1662b00e7fb3f3c2ee716a79ab36529174a2ea

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
592a3cc05dcf6cee997d9a4dddcae16a

SHA1
8232d11448aef0a5cc040e5c69ff39b1a1343025

SHA256
a1b17868a2ed69e5417b9f7858ff1d1dec74ff93cee1952740b221c8493d2a5d

SHA512
a464a3855c5d9bd9ee6a01e88467dd3425d8294261df47d5b662f2006e9554bd61a139b0135934c1445e409599becebcf50a7fb4efaa2faa25a754807da42eca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
2e0c53de414d132a24c4d3ae0b0a8ff4

SHA1
3609b580111bdfa3e70ef0ed028da1184b0c1e66

SHA256
60863e1dcd3fef6f8a8b91e2be49b2672d0ad1ed4d41671d3b0b9c135845fd00

SHA512
3bf9551a84e129ae137c910c273e046f9aa1e48b1a3a30a68328f4ee5dad520a94a0f8904da37b01aa1727ee2561e728e4db581d34d5a0efc32cf94d72b548ca

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

Filesize
344B

MD5
cc5fb6c10c947e9862915e4252e8fad6

SHA1
9339315d4682ea7bd3826fd9a4cbcc2cb9608b6d

SHA256
2cc6879f1f09ff7d0519368429a377cc9e3cf70fcfe95a614f0cf4d149925fb9

SHA512
1e30de6ee10e07ff9fd9e62b2b63558fd1135295761a3bc1267017d010a565206a8c3d4ef4f1f8e27b1fea6c90d1c96475b0855059da6b35b0743d7ec745b77c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\7502ddfa-7892-4759-a373-e65ec72a14ff.tmp

Filesize
259KB

MD5
3905ee243a0f1ec4ed6f27aca7bef733

SHA1
80c83ade1b212c77cc8b8a3a932a4c5c0736ff43

SHA256
255cc853419ee287a33b8b4788d0c662c70470dbdffc3324722d8fef98fa6041

SHA512
25fc6de5176eaa95548053f090c7484e0c12a3e1b39307d2ac99c99fa6e4251e60b2bb3119ea63f98462d83b0c4691dfd92af3f42900b332aa315579fc982cf9

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1

Filesize
264KB

MD5
f50f89a0a91564d0b8a211f8921aa7de

SHA1
112403a17dd69d5b9018b8cede023cb3b54eab7d

SHA256
b1e963d702392fb7224786e7d56d43973e9b9efd1b89c17814d7c558ffc0cdec

SHA512
bf8cda48cf1ec4e73f0dd1d4fa5562af1836120214edb74957430cd3e4a2783e801fa3f4ed2afb375257caeed4abe958265237d6e0aacf35a9ede7a2e8898d58

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
6336a5d28e92a3079d07c8b9c8d24aa3

SHA1
9100761acd8f7de519a8e4f7af3b0f2c39d88500

SHA256
4df72d6089c95077de76fdff4b7ddf043f7de958c5d2b918f26ee93209966092

SHA512
2265537706d20f4a274ee8387b508160f806ce7c83024e1da1ed5c083f7dac75a3f43c4bde243aa49fe215d7a69013d0789a479ca707de41f491875cb5d5beeb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

Filesize
4KB

MD5
11ec759d559f8721e683066cc6527b0a

SHA1
7b06d8b4cfa261205d4be8482dbd6a447aa81bba

SHA256
03f1982e1bf9e7531ef1d9785e8e76047c05f31221b1551d663692bbe7bcf2c1

SHA512
3699cf72e89621abbdaf94a1ac906d7b62f804f51f0fac07a5593e41383c7528b02ee679db1b91be0773f48cfe294792db1b47af54232bd172e155af5263f655

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000007.dbtmp

Filesize
16B

MD5
18e723571b00fb1694a3bad6c78e4054

SHA1
afcc0ef32d46fe59e0483f9a3c891d3034d12f32

SHA256
8af72f43857550b01eab1019335772b367a17a9884a7a759fdf4fe6f272b90aa

SHA512
43bb0af7d3984012d2d67ca6b71f0201e5b948e6fe26a899641c4c6f066c59906d468ddf7f1df5ea5fa33c2bc5ea8219c0f2c82e0a5c365ad7581b898a8859e2

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

Filesize
259KB

MD5
3d5adf107539967516b9a2dae5cc7eda

SHA1
038a2b00e9229e1af119623391dfbb75d918f478

SHA256
a0ed7f1cb79010272a0ba840a69130f86b4a548229c24bf5df37071776388a4f

SHA512
b4840d730548d7e13a781f7f62e7943c20e1692141c9cdebc02895df141770044fc6e318d60666a0f318ae00f090608a5be897f3ae30783c9939993f9fa44ab8

Download Submit
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\9M0HR0P6\qsml[1].xml

Filesize
218B

MD5
be0a61d2b36210e864ee9caf06557bf4

SHA1
eaf8285ae1c26578ace93f981f7217d5244ff3c9

SHA256
baece41f73f12a4520dd9b542fb27191a0bbf70de50300bb929fcdc00b8a1b8c

SHA512
8b766d8d87a1b1ac37138a39a980693c6bd8b5c1a8316b31bfff293aa7cd7cb07d32c73aef438839a515fdc596c6859acdd914a4a0d3282578e12cd60514571d

Download Submit
C:\Users\Admin\AppData\Local\Temp\CabF99B.tmp

Filesize
65KB

MD5
ac05d27423a85adc1622c714f2cb6184

SHA1
b0fe2b1abddb97837ea0195be70ab2ff14d43198

SHA256
c6456e12e5e53287a547af4103e0397cb9697e466cf75844312dc296d43d144d

SHA512
6d0ef9050e41fbae680e0e59dd0f90b6ac7fea5579ef5708b69d5da33a0ece7e8b16574b58b17b64a34cc34a4ffc22b4a62c1ece61f36c4a11a0665e0536b90d

Download Submit
C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat

Filesize
304B

MD5
c7bed6bc879f98f4019d0ba6c4f42bfb

SHA1
b9a8e4265b69037f3fb08ba9def58bfe86c40703

SHA256
1159d544811c0989f0ae99c36d130dfc3db0e594e17e875e6690eba03b4e5a51

SHA512
74ea1fda335acd30813f0ad0418786ee7c25265cc523dcb32ab46afe997eb7114d5b5a1f9b9308c2562634fda6fac848848484148077767a43e7cc6bed21b433

Download Submit
C:\Users\Admin\AppData\Local\Temp\H2OCleanup.bat

Filesize
304B

MD5
d7795a2acc7b0f6933f120e3ec143da7

SHA1
74697032a73068d070495f66def8b16cccd6fa7c

SHA256
8cf086d8964e0ec3f1bc3f9dd0f9e27c7b8388e924307b9c30d4e0d162cfa1ba

SHA512
841a61d8a2f694e6ada20146ec862992d3d58bd0cabdba003a463ef7d4da3d1bfeda9c3a91395b352bcb1afbd23afa3043caf191396f1c807a265e1b40624c84

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF8.tmp

Filesize
175KB

MD5
dd73cead4b93366cf3465c8cd32e2796

SHA1
74546226dfe9ceb8184651e920d1dbfb432b314e

SHA256
a6752b7851b591550e4625b832a393aabcc428de18d83e8593cd540f7d7cae22

SHA512
ce1bdd595065c94fa528badf4a6a8777893807d6789267612755df818ba6ffe55e4df429710aea29526ee4aa8ef20e25f2f05341da53992157d21ae032c0fb63

Download Submit
C:\Users\Admin\AppData\Local\Temp\TarF9FB.tmp

Filesize
171KB

MD5
9c0c641c06238516f27941aa1166d427

SHA1
64cd549fb8cf014fcd9312aa7a5b023847b6c977

SHA256
4276af3669a141a59388bc56a87f6614d9a9bdddf560636c264219a7eb11256f

SHA512
936ed0c0b0a7ff8e606b1cc4175a1f9b3699748ccbba1c3aff96203033d2e9edabf090e5148370df42fbfc4e31d7229493706ff24f19ff42ff7bef74a6baad06

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OCommonResources.dll

Filesize
695KB

MD5
efce3ffa983ba0a189c050260ac96041

SHA1
8998a583ec9e168badc0f5c0389ead9994b89701

SHA256
45d6d2b2601cef53989d3d67cb389b411afb5bf2d3a1cedf47c97a42107e697d

SHA512
d10280133ea8061f80ea6135d37bff7c2014b11bda7b6c2ac2857ac6fa2ccc711ac9456d990534881feffc46b263970df573a4a94daea1a81c0bbca1c03e0623

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OResources.dll

Filesize
19KB

MD5
554c3e1d68c8b5d04ca7a2264ca44e71

SHA1
ef749e325f52179e6875e9b2dd397bee2ca41bb4

SHA256
1eb0795b1928f6b0459199dace5affdc0842b6fba87be53ca108661275df2f3e

SHA512
58ce13c47e0daf99d66af1ea35984344c0bb11ba70fe92bc4ffa4cd6799d6f13bcad652b6883c0e32c6e155e9c1b020319c90da87cb0830f963639d53a51f9c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
2KB

MD5
3489b09cb247354fe97e30899e0f3f62

SHA1
f89a0893368928ff73580450082db1e4178b8892

SHA256
498737de6ab47173edc4df765fb27b78771c40b04d13d9f0d7aeb721af138853

SHA512
2c6b01026b1bbf0083f2860d9ef4114480c6286dc23005652a98d5c776d58c76bb008715d845a5d77f7cfb5afb65ae88b674cb697d7ed9ecd44679d6203e1616

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Extension.dll

Filesize
168KB

MD5
28f1996059e79df241388bd9f89cf0b1

SHA1
6ad6f7cde374686a42d9c0fcebadaf00adf21c76

SHA256
c3f8a46e81f16bbfc75de44dc95f0d145213c8af0006bb097950ac4d1562f5ce

SHA512
9654d451cb2f184548649aa04b902f5f6aff300c6f03b9261ee3be5405527b4f23862d8988f9811987da22e386813e844e7c5068fd6421c91551f5b33c625f29

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Newtonsoft.Json.dll

Filesize
95KB

MD5
2055e240e18e0d4932c28be59b88de12

SHA1
e5f6d15c3003635296990e3c19b34f93b95d1da0

SHA256
77b445323dc7fdf7fbb32d7e1946ce4781d390b4ea2f57bacbad5ce7f417840e

SHA512
e90a99a23948903d73bf2c6a485e356e5979a1c27d20ab69a55c93fbb2359413a44abde88418d67a603e0c8ac0ddfd78e3b86c16192e2715c9429e6acac12b61

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\OfferPage.html

Filesize
1KB

MD5
9ba0a91b564e22c876e58a8a5921b528

SHA1
8eb23cab5effc0d0df63120a4dbad3cffcac6f1e

SHA256
2ad742b544e72c245f4e9c2e69f989486222477c7eb06e85d28492bd93040941

SHA512
38b5fb0f12887a619facce82779cb66e2592e5922d883b9dc4d5f9d2cb12e0f84324422cd881c948f430575febd510e948a22cd291595e3a0ba0307fce73bec9

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Resources\tis\Config.tis

Filesize
291B

MD5
bf5328e51e8ab1211c509b5a65ab9972

SHA1
480dfb920e926d81bce67113576781815fbd1ea4

SHA256
98f22fb45530506548ae320c32ee4939d27017481d2ad0d784aa5516f939545b

SHA512
92bd7895c5ff8c40eecfdc2325ee5d1fb7ed86ce0ef04e8e4a65714fcf5603ea0c87b71afadb473433abb24f040ccabd960fa847b885322ad9771e304b661928

Download Submit
C:\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\app.ico

Filesize
766B

MD5
4003efa6e7d44e2cbd3d7486e2e0451a

SHA1
a2a9ab4a88cd4732647faa37bbdf726fd885ea1e

SHA256
effd42c5e471ea3792f12538bf7c982a5cda4d25bfbffaf51eed7e09035f4508

SHA512
86e71ca8ca3e62949b44cfbc7ffa61d97b6d709fc38216f937a026fb668fbb1f515bac2f25629181a82e3521dafa576cac959d2b527d9cc9eb395e50d64c1198

Download Submit
C:\Users\Admin\AppData\Local\Trigon_Evo_v2\Trigon.exe_Url_d1idik151cmi442sbrpw3idw55vqxrgv\2.0.0.0\user.config

Filesize
797B

MD5
bd4166518dcdd367dc51f66eba4dfc73

SHA1
4734f6d1ddf0cb0780a49b404f9a3cf8cda75f44

SHA256
6c5450a5f60a27e9c1714766fd8131e1e39e54616303ab82e1c6f66e1c4cbad9

SHA512
79b53d91b0447a43e3f57401c407e5b939331ac534f23580abea4b2ae60c199cbf94cfa9ffdb574604799c56b9cd6b49882962bd584b4b04406d6a545e87047d

Download Submit
C:\Users\Admin\AppData\Local\Trigon_Evo_v2\Trigon.exe_Url_d1idik151cmi442sbrpw3idw55vqxrgv\2.0.0.0\user.config

Filesize
920B

MD5
9e0d92b76d739f1d4bbd540d85de1bfc

SHA1
18be3c87843e500b49a11114b7293eb238c11e74

SHA256
08d4e347030a9cc8b188b08218192fe595deec06277dd89a284430485163f3cd

SHA512
3e346ee3411b3f7c8dd979a3c09a6e08ce0356891f2ac952e58de942ffa4558e4d0ce38b3901c6070a52948343ad199afa08348348e7d5743ef2f33a8a2b0a21

Download Submit
C:\Users\Admin\AppData\Local\setup30999513.exe

Filesize
3.8MB

MD5
29d3a70cec060614e1691e64162a6c1e

SHA1
ce4daf2b1d39a1a881635b393450e435bfb7f7d1

SHA256
cc70b093a19610e9752794d757aec9ef07ca862ea9267ec6f9cc92b2aa882c72

SHA512
69d07437714259536373872e8b086fc4548f586e389f67e50f56d343e980546f92b8a13f28c853fc1daf187261087a9dceb33769ba2031c42382742d86c60e4b

Download Submit
C:\Users\Admin\Downloads\TrigonLauncher_v2.rar

Filesize
37KB

MD5
29607b89f8b10b975370d01630f0d578

SHA1
269f53b8e02d60403df02489e2fccad5ec0b94c2

SHA256
71bf4760c3d756edb14f64a3e875cc97eee14e1869b101849d68f9c1b5f1743c

SHA512
c2c28368456b3782f0fe4127c2ff77449277a867c6c79f1a62cd31b97d6d0ebf39c261a447439620f19e369ed962e55692f46dc690e1e35c76ee36ef4d658450

Download Submit
C:\Windows\SysWOW64\Trigon\bin\ace\worker-html.js

Filesize
329KB

MD5
9b72ecdeddb846d5647a815c13516e8a

SHA1
20d5c8dbd11c71497bf675a518f0b370df6d71d3

SHA256
875094b00677b6d9c4b68bd2a8123348ed20965fd55b7d9226cc996e588e4de7

SHA512
83e0cc90195b353d523a708576def71aaf650436538ec6515e58cbc12fb4ea1c143ff1f29fad644a949f1cefe261ddbd482329f2998415f667e89740380ac288

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.LastScreen.dll

Filesize
57KB

MD5
6e001f8d0ee4f09a6673a9e8168836b6

SHA1
334ad3cf0e4e3c03415a4907b2d6cf7ba4cbcd38

SHA256
6a30f9c604c4012d1d2e1ba075213c378afb1bfcb94276de7995ed7bbf492859

SHA512
0eff2e6d3ad75abf801c2ab48b62bc93ebc5a128d2e03e507e6e5665ff9a2ab58a9d82ca71195073b971f8c473f339baffdd23694084eaaff321331b5faaecf6

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\GenericSetup.dll

Filesize
117KB

MD5
08112f27dcd8f1d779231a7a3e944cb1

SHA1
39a98a95feb1b6295ad762e22aa47854f57c226f

SHA256
11c6a8470a3f2b2be9b8cafe5f9a0afce7303bfd02ab783a0f0ee09a184649fa

SHA512
afd0c7df58b63c7cfdbedea7169a1617f2ac4bad07347f8ed7757a25ab0719489d93272109b73a1b53e9c5997dedad8da89da7b339d30fc2573ca2f76c630ddb

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2ODAL.dll

Filesize
15KB

MD5
422be1a0c08185b107050fcf32f8fa40

SHA1
c8746a8dad7b4bf18380207b0c7c848362567a92

SHA256
723aea78755292d2f4f87ad100a99b37bef951b6b40b62e2e2bbd4df3346d528

SHA512
dff51c890cb395665839070d37170d321dc0800981a42f173c6ea570684460146b4936af9d8567a6089bef3a7802ac4931c14031827689ef345ea384ceb47599

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OModels.dll

Filesize
75KB

MD5
c06ac6dcfa7780cd781fc9af269e33c0

SHA1
f6b69337b369df50427f6d5968eb75b6283c199d

SHA256
b23b8310265c14d7e530b80defc6d39cdc638c07d07cd2668e387863c463741d

SHA512
ad167ad62913243e97efaeaa7bad38714aba7fc11f48001974d4f9c68615e9bdfb83bf623388008e77d61cee0eaba55ce47ebbb1f378d89067e74a05a11d9fe3

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
160KB

MD5
6df226bda27d26ce4523b80dbf57a9ea

SHA1
615f9aba84856026460dc54b581711dad63da469

SHA256
17d737175d50eee97ac1c77db415fe25cc3c7a3871b65b93cc3fad63808a9abc

SHA512
988961d7a95c9883a9a1732d0b5d4443c790c38e342a9e996b072b41d2e8686389f36a249f2232cb58d72f8396c849e9cc52285f35071942bec5c3754b213dd5

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OServices.dll

Filesize
108KB

MD5
5dd1d572ef94b58b1b25138cc5229ec1

SHA1
fe19d34469c15fa1300404e78e833839c2687860

SHA256
8259bb548032ab1728224ababa4eaa2a996db8353d1dfd8bc75aa4d261bd17cf

SHA512
edfe32e223385c17071a0d1715dc5412c642ed495e10ce4669fc50ab25e1da2b67cfac454ef104581ba8086306ffb7eb8e169ae938548afc98a10d6e3538f710

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OUtilities.dll

Filesize
119KB

MD5
9d2c520bfa294a6aa0c5cbc6d87caeec

SHA1
20b390db533153e4bf84f3d17225384b924b391f

SHA256
669c812cb8f09799083014a199b0deee10237c95fb49ee107376b952fee5bd89

SHA512
7e2e569549edb6ddd2b0cb0012386aed1f069e35d1f3045bb57704ef17b97129deb7cde8e23bc49980e908e1a5a90b739f68f36a1d231b1302a5d29b722e7c15

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\H2OViewModels.dll

Filesize
8KB

MD5
be4c2b0862d2fc399c393fca163094df

SHA1
7c03c84b2871c27fa0f1914825e504a090c2a550

SHA256
c202e4f92b792d34cb6859361aebdbfc8c61cf9e735edfd95e825839920fb88a

SHA512
d9c531687a5051bbfe5050c5088623b3fd5f20b1e53dd4d3ed281c8769c15f45da36620231f6d0d76f8e2aa7de00c2324a4bf35a815cefc70ca97bc4ab253799

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\HtmlAgilityPack.dll

Filesize
154KB

MD5
17220f65bd242b6a491423d5bb7940c1

SHA1
a33fabf2b788e80f0f7f84524fe3ed9b797be7ad

SHA256
23056f14edb6e0afc70224d65de272a710b5d26e6c3b9fe2dfd022073050c59f

SHA512
bfbe284a2ee7361ada9a9cb192580fd64476e70bc78d14e80ad1266f7722a244d890600cf24bfb83d4914e2434272679ba177ee5f98c709950e43192f05e215e

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\MyDownloader.Core.dll

Filesize
56KB

MD5
f931e960cc4ed0d2f392376525ff44db

SHA1
1895aaa8f5b8314d8a4c5938d1405775d3837109

SHA256
1c1c5330ea35f518bf85fad69dc2da1a98a4dfeadbf6ac0ba0ac7cc51bbcc870

SHA512
7fa5e582ad1bb094cbbb68b1db301dcf360e180eb58f8d726a112133277ceaa39660c6d4b3248c19a8b5767a4ae09f4597535711d789ca4f9f334a204d87ffe0

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\Ninject.dll

Filesize
133KB

MD5
8db691813a26e7d0f1db5e2f4d0d05e3

SHA1
7c7a33553dd0b50b78bf0ca6974c77088da253eb

SHA256
3043a65f11ac204e65bca142ff4166d85f1b22078b126b806f1fecb2a315c701

SHA512
d02458180ec6e6eda89b5b0e387510ab2fad80f9ce57b8da548aaf85c34a59c39afaeacd1947bd5eb81bee1f6d612ca57d0b2b756d64098dfc96ca0bf2d9f62f

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\OfferSDK.dll

Filesize
172KB

MD5
b199dcd6824a02522a4d29a69ab65058

SHA1
f9c7f8c5c6543b80fa6f1940402430b37fa8dce4

SHA256
9310a58f26be8bd453cde5ca6aa05042942832711fbdeb5430a2840232bfa5e4

SHA512
1d3e85e13ff24640c76848981ca84bafb32f819a082e390cb06fe13445814f50f8e3fc3a8a8e962aae8867e199c1517d570c07f28d5f7e5f007b2bb6e664ddb1

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\SciterWrapper.dll

Filesize
134KB

MD5
105a9e404f7ac841c46380063cc27f50

SHA1
ec27d9e1c3b546848324096283797a8644516ee3

SHA256
69fe749457218ec9a765f9aac74caf6d4f73084cf5175d3fd1e4f345af8b3b8b

SHA512
6990cbfc90c63962abde4fdaae321386f768be9fcf4d08bccd760d55aba85199f7a3e18bd7abe23c3a8d20ea9807cecaffb4e83237633663a8bb63dd9292d940

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.Net.dll

Filesize
101KB

MD5
83d37fb4f754c7f4e41605ec3c8608ea

SHA1
70401de8ce89f809c6e601834d48768c0d65159f

SHA256
56db33c0962b3c34cba5279d2441bc4c12f28b569eadc1b3885dd0951b2c4020

SHA512
f5f3479f485b1829bbfb7eb8087353aee569184f9c506af15c4e28bfe4f73bf2cc220d817f6dfc34b2a7a6f69453f0b71e64b79c4d500ff9a243799f68e88b9f

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\ServiceHide.dll

Filesize
151KB

MD5
72990c7e32ee6c811ea3d2ea64523234

SHA1
a7fcbf83ec6eefb2235d40f51d0d6172d364b822

SHA256
e77e0b4f2762f76a3eaaadf5a3138a35ec06ece80edc4b3396de7a601f8da1b3

SHA512
2908b8c387d46b6329f027bc1e21a230e5b5c32460f8667db32746bc5f12f86927faa10866961cb2c45f6d594941f6828f9078ae7209a27053f6d11586fd2682

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\msvcp140.dll

Filesize
426KB

MD5
8ff1898897f3f4391803c7253366a87b

SHA1
9bdbeed8f75a892b6b630ef9e634667f4c620fa0

SHA256
51398691feef7ae0a876b523aec47c4a06d9a1ee62f1a0aee27de6d6191c68ad

SHA512
cb071ad55beaa541b5baf1f7d5e145f2c26fbee53e535e8c31b8f2b8df4bf7723f7bef214b670b2c3de57a4a75711dd204a940a2158939ad72f551e32da7ab03

Download Submit
\Users\Admin\AppData\Local\Temp\ec05d89197b949eb6957b79472e8723d\vcruntime140.dll

Filesize
74KB

MD5
1a84957b6e681fca057160cd04e26b27

SHA1
8d7e4c98d1ec858db26a3540baaaa9bbf96b5bfe

SHA256
9faeaa45e8cc986af56f28350b38238b03c01c355e9564b849604b8d690919c5

SHA512
5f54c9e87f2510c56f3cf2ceeb5b5ad7711abd9f85a1ff84e74dd82d15181505e7e5428eae6ff823f1190964eb0a82a569273a4562ec4131cecfa00a9d0d02aa

Download Submit
\Users\Admin\AppData\Local\setup30999513.exe

Filesize
227KB

MD5
1f00d79f39264e118b3a0ba47964bfef

SHA1
09f33333a307ebd18ae55e093ffe6c52fd5a20f1

SHA256
2572a1975f2efb69a0788e893288b844f21d6ae8299d110c9aa600e57c165eaa

SHA512
a36c7239ac8e677ec291d8ef6806abd0bb9647b1f21c592be28f4f8d1aea097316354b02123ec409be2e12a9747b2de7e9ed28c9fd74d78f958d5b71cead8ba1

Download Submit
memory/1248-285-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download
memory/1248-503-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download
memory/1248-307-0x00000000048B0000-0x00000000048F0000-memory.dmp

Filesize
256KB

Download
memory/2444-1572-0x0000000000430000-0x000000000043A000-memory.dmp

Filesize
40KB

Download
memory/2444-1609-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/2444-1570-0x00000000003E0000-0x00000000003FC000-memory.dmp

Filesize
112KB

Download
memory/2444-1571-0x00000000079D0000-0x0000000007A6E000-memory.dmp

Filesize
632KB

Download
memory/2444-1608-0x00000000052D0000-0x0000000005310000-memory.dmp

Filesize
256KB

Download
memory/2444-1569-0x0000000000380000-0x00000000003D0000-memory.dmp

Filesize
320KB

Download
memory/2444-1568-0x00000000068B0000-0x0000000006F5C000-memory.dmp

Filesize
6.7MB

Download
memory/2444-1627-0x00000000052D0000-0x0000000005310000-memory.dmp

Filesize
256KB

Download
memory/2444-1611-0x0000000000430000-0x000000000043A000-memory.dmp

Filesize
40KB

Download
memory/2444-1628-0x00000000052D0000-0x0000000005310000-memory.dmp

Filesize
256KB

Download
memory/2444-1610-0x00000000052D0000-0x0000000005310000-memory.dmp

Filesize
256KB

Download
memory/2444-1573-0x0000000000430000-0x000000000043A000-memory.dmp

Filesize
40KB

Download
memory/2444-1606-0x00000000052D0000-0x0000000005310000-memory.dmp

Filesize
256KB

Download
memory/2444-1566-0x00000000052D0000-0x0000000005310000-memory.dmp

Filesize
256KB

Download
memory/2444-1565-0x0000000001060000-0x00000000018E8000-memory.dmp

Filesize
8.5MB

Download
memory/2444-1564-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/2444-1607-0x0000000008E30000-0x0000000008EE0000-memory.dmp

Filesize
704KB

Download
memory/2472-1017-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/2472-1018-0x0000000004C60000-0x0000000004CA0000-memory.dmp

Filesize
256KB

Download
memory/2472-1000-0x0000000004C60000-0x0000000004CA0000-memory.dmp

Filesize
256KB

Download
memory/2472-999-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/2472-998-0x0000000000EC0000-0x0000000000ED6000-memory.dmp

Filesize
88KB

Download
memory/2472-1567-0x0000000074940000-0x000000007502E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-792-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-811-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download
memory/2532-791-0x0000000000C30000-0x0000000000C3C000-memory.dmp

Filesize
48KB

Download
memory/2532-793-0x0000000004980000-0x00000000049C0000-memory.dmp

Filesize
256KB

Download
memory/2600-111-0x0000000000D50000-0x0000000000D5A000-memory.dmp

Filesize
40KB

Download
memory/2600-801-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download
memory/2600-559-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2600-558-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download
memory/2600-489-0x0000000005B60000-0x0000000005B8E000-memory.dmp

Filesize
184KB

Download
memory/2600-465-0x0000000006BF0000-0x00000000071A4000-memory.dmp

Filesize
5.7MB

Download
memory/2600-459-0x00000000054F0000-0x00000000054FC000-memory.dmp

Filesize
48KB

Download
memory/2600-451-0x0000000004E40000-0x0000000004E4A000-memory.dmp

Filesize
40KB

Download
memory/2600-446-0x0000000005DC0000-0x0000000005E4C000-memory.dmp

Filesize
560KB

Download
memory/2600-166-0x0000000004B90000-0x0000000004BA2000-memory.dmp

Filesize
72KB

Download
memory/2600-139-0x0000000000E10000-0x0000000000E2D000-memory.dmp

Filesize
116KB

Download
memory/2600-127-0x0000000000DE0000-0x0000000000E0C000-memory.dmp

Filesize
176KB

Download
memory/2600-119-0x0000000000DB0000-0x0000000000DB8000-memory.dmp

Filesize
32KB

Download
memory/2600-103-0x0000000000C20000-0x0000000000C44000-memory.dmp

Filesize
144KB

Download
memory/2600-95-0x0000000000B60000-0x0000000000B7A000-memory.dmp

Filesize
104KB

Download
memory/2600-87-0x0000000000BD0000-0x0000000000C02000-memory.dmp

Filesize
200KB

Download
memory/2600-79-0x0000000000B20000-0x0000000000B48000-memory.dmp

Filesize
160KB

Download
memory/2600-71-0x0000000000AF0000-0x0000000000B1E000-memory.dmp

Filesize
184KB

Download
memory/2600-63-0x0000000000A60000-0x0000000000A88000-memory.dmp

Filesize
160KB

Download
memory/2600-55-0x00000000008C0000-0x00000000008E4000-memory.dmp

Filesize
144KB

Download
memory/2600-47-0x00000000006B0000-0x00000000006C4000-memory.dmp

Filesize
80KB

Download
memory/2600-29-0x0000000004E50000-0x0000000004E90000-memory.dmp

Filesize
256KB

Download
memory/2600-26-0x0000000000FC0000-0x0000000001398000-memory.dmp

Filesize
3.8MB

Download
memory/2600-27-0x0000000073760000-0x0000000073E4E000-memory.dmp

Filesize
6.9MB

Download