Analysis Overview
SHA256
f7f8880582210c104511885f52112ef6bb8977775dd3e3343c62e6d9e196f3e8
Threat Level: Known bad
The file Trojan_Remover_V6.9.6.exe was found to be: Known bad.
Malicious Activity Summary
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
Checks BIOS information in registry
Checks whether UAC is enabled
Event Triggered Execution: Component Object Model Hijacking
Drops file in Program Files directory
Loads dropped DLL
Modifies system executable filetype association
Executes dropped EXE
Checks installed software on the system
System Location Discovery: System Language Discovery
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
Suspicious use of FindShellTrayWindow
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of AdjustPrivilegeToken
Modifies system certificate store
Checks processor information in registry
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-08-18 06:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-08-18 06:10
Reported
2024-08-18 06:12
Platform
win7-20240705-en
Max time kernel
147s
Max time network
118s
Command Line
Signatures
Banload
Identifies VirtualBox via ACPI registry values (likely anti-VM)
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\ACPI\DSDT\VBOX__ | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Checks BIOS information in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosDate | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Checks whether UAC is enabled
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Event Triggered Execution: Component Object Model Hijacking
Checks installed software on the system
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Trojan Remover\is-8SQB7.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-1IAL5.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\Win32\is-O6KU3.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\Win32\is-FUEQH.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\Win32\is-REPB4.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-UFPIL.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\unins000.msg | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-E445J.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-8T3JN.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-RBO1J.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-UGPKU.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-R3JNP.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-2J6K9.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-JPT03.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\Win32\is-1GOJF.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\Win32\is-2GV0A.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-D965K.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-75QGG.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File created | C:\Program Files (x86)\Trojan Remover\is-0OOLH.tmp | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| File opened for modification | C:\Program Files (x86)\Trojan Remover\unins000.dat | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-QRFC2.tmp\TaskInst.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\Sschk.exe | N/A |
Loads dropped DLL
Modifies system executable filetype association
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\ShellEx\ContextMenuHandlers\Trojan Remover | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\ShellEx | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\Trojan Remover | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\Trojan Remover\ = "{52B87208-9CCF-42C9-B88E-069281105805}" | C:\Windows\system32\regsvr32.exe | N/A |
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-QRFC2.tmp\TaskInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Trojan Remover\Sschk.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\CentralProcessor\0 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\Hardware\Description\System\BIOS | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemVersion | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\BIOSVersion | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\Trojan Remover | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}\1.0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5EE211E-46A8-4019-BF37-AD5C8FF3D39D}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\Version | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Trshlex64.TRShellEx\Clsid\ = "{52B87208-9CCF-42C9-B88E-069281105805}" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E5EE211E-46A8-4019-BF37-AD5C8FF3D39D} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TRElevationHelper.TRPrivilegedObject | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}\1.0\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Trshlex64.TRShellEx | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Folder\ShellEx\ContextMenuHandlers\Trojan Remover\ = "{52B87208-9CCF-42C9-B88E-069281105805}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5EE211E-46A8-4019-BF37-AD5C8FF3D39D}\TypeLib\Version = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\TRElevationHelper.dll | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\ = "TRElevationHelper" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52B87208-9CCF-42C9-B88E-069281105805}\ = "Trojan Remover Shell Extension" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A5CDBAE-FB8C-4406-8CBE-54C7AEDAA2B5}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\Version\ = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers\Trojan Remover\ = "{52B87208-9CCF-42C9-B88E-069281105805}" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{518932EE-5045-451E-BDE5-B864132BE471}\DllSurrogate | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{518932EE-5045-451E-BDE5-B864132BE471} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A5CDBAE-FB8C-4406-8CBE-54C7AEDAA2B5}\ = "IMyPrivilegedObject" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52B87208-9CCF-42C9-B88E-069281105805}\ProgID | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\TypeLib | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{518932EE-5045-451E-BDE5-B864132BE471}\Version\ = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{518932EE-5045-451E-BDE5-B864132BE471}\TypeLib\ = "{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}\1.0\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TRPrivilegesLib.TRElevationHelper\ = "TRElevationHelper" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5EE211E-46A8-4019-BF37-AD5C8FF3D39D}\TypeLib\ = "{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{518932EE-5045-451E-BDE5-B864132BE471}\InprocServer32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}\1.0\HELPDIR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TRPrivilegesLib.TRElevationHelper | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\shellex\ContextMenuHandlers | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{518932EE-5045-451E-BDE5-B864132BE471}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}\1.0\ = "Trojan Remover Privileges Library" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}\1.0\FLAGS\ = "0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Trshlex64.TRShellEx\ = "Trojan Remover Shell Extension" | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\Elevation | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}\1.0\ = "TRElevationHelper Library" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{E5EE211E-46A8-4019-BF37-AD5C8FF3D39D}\ProxyStubClsid32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{518932EE-5045-451E-BDE5-B864132BE471} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52B87208-9CCF-42C9-B88E-069281105805}\InprocServer32 | C:\Windows\system32\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A5CDBAE-FB8C-4406-8CBE-54C7AEDAA2B5}\TypeLib\ = "{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\ = "TRElevationHelper" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\DllSurrogate | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\AppID\TRElevationHelper32.dll | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EF5725D-1198-1361-A97F-3D0AAB164C39} | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\piffile\ShellEx | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}\1.0\HELPDIR | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\TRElevationHelper.dll\AppID = "{518932EE-5045-451E-BDE5-B864132BE471}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{518932EE-5045-451E-BDE5-B864132BE471}\AccessPermission = 01000480440000005400000000000000140000000200300002000000000014000300000001010000000000050400000000001400030000000101000000000005120000000102000000000005200000002002000001020000000000052000000020020000 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A5CDBAE-FB8C-4406-8CBE-54C7AEDAA2B5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{9EF5725D-1198-1361-A97F-3D0AAB164C39}\ = "{0000031A-0000-0000-C000-000000000046}" | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\*\ShellEx\ContextMenuHandlers\Trojan Remover | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{5A5CDBAE-FB8C-4406-8CBE-54C7AEDAA2B5} | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}\InprocServer32\ = "C:\\PROGRA~2\\TROJAN~1\\TRELEV~2.DLL" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\TRElevationHelper32.dll\AppID = "{8C47CD61-C5D9-4A1B-8D3E-AD7D6435196E}" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{5A5CDBAE-FB8C-4406-8CBE-54C7AEDAA2B5}\TypeLib\Version = "1.0" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{52B87208-9CCF-42C9-B88E-069281105805}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\system32\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}\1.0\0 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{B87A5C78-0783-4F35-B2BA-90F45E1E2C37}\1.0\0\win32 | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{518932EE-5045-451E-BDE5-B864132BE471}\ = "TRPrivilegedObject" | C:\Windows\SysWOW64\regsvr32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{008F705E-B937-4E1F-8FF8-C4D68AA3A67B}\1.0\FLAGS | C:\Windows\SysWOW64\regsvr32.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 190000000100000010000000e843ac3b52ec8c297fa948c9b1fb2819030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d461d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf67080b00000001000000140000005500530045005200540072007500730074000000140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d8090000000100000016000000301406082b0601050507030306082b060105050703080f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb20000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 040000000100000010000000a7f2e41606411150306b9ce3b49cb0c90f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d46190000000100000010000000e843ac3b52ec8c297fa948c9b1fb281920000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 190000000100000010000000d8b5fb368468620275d142ffd2aade370300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e51d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610b000000010000001200000056006500720069005300690067006e0000001400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af33313353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c009000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b060105050703030f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c92000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\E12DFB4B41D7D9C32B30514BAC1D81D8385E2D46\Blob = 0f0000000100000014000000f45a0858c9cd920e647bad539ab9f1cfc77f24cb090000000100000016000000301406082b0601050507030306082b06010505070308140000000100000014000000daed6474149c143cabdd99a9bd5b284d8b3cc9d80b000000010000001400000055005300450052005400720075007300740000001d0000000100000010000000f919b9ccce1e59c2e785f7dc2ccf6708030000000100000014000000e12dfb4b41d7d9c32b30514bac1d81d8385e2d4620000000010000006a040000308204663082034ea003020102021044be0c8b500024b411d3362de0b35f1b300d06092a864886f70d0101050500308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a656374301e170d3939303730393138333132305a170d3139303730393138343033365a308195310b3009060355040613025553310b3009060355040813025554311730150603550407130e53616c74204c616b652043697479311e301c060355040a131554686520555345525452555354204e6574776f726b3121301f060355040b1318687474703a2f2f7777772e7573657274727573742e636f6d311d301b0603550403131455544e2d5553455246697273742d4f626a65637430820122300d06092a864886f70d01010105000382010f003082010a0282010100ceaa813fa3a36178aa31005595119e270f1f1cdf3a9b826830c04a611df12f0efabe79f7a523ef55519684cddbe3b96e3e31d80a2067c7f4d9bf94eb47043e02ce2aa25d870409f6309d188a97b2aa1cfc41d2a136cbfb3d91bae7d97035fae4e790c39ba39bd33cf5129977b1b709e068e61cb8f39463886a6afe0b76c9bef422e467b9ab1a5e77c18507dd0d6cbfee06c7776a419ea70fd7fbee9417b7fc85bea4abc41c31ddd7b6d1e4f0efdf168fb25293d7a1d489a1072ebfe10112421e1ae1d89534db647928ffba2e11c2e5e85b9248fb470bc26cdaad328341f3a5e54170fd65906dfafa51c4f9bd962b19042cd36da7dcf07f6f8365e26aab8786750203010001a381af3081ac300b0603551d0f0404030201c6300f0603551d130101ff040530030101ff301d0603551d0e04160414daed6474149c143cabdd99a9bd5b284d8b3cc9d830420603551d1f043b30393037a035a0338631687474703a2f2f63726c2e7573657274727573742e636f6d2f55544e2d5553455246697273742d4f626a6563742e63726c30290603551d250422302006082b0601050507030306082b06010505070308060a2b0601040182370a0304300d06092a864886f70d01010505000382010100081f52b1374478dbfdceb9da959698aa556480b55a40dd21a5c5c1f35f2c4cc8475a69eae8f03535f4d025f3c8a6a4874abd1bb17308bdd4c3cab635bb59867731cda78014ae13effcb148f96b25252d51b62c6d45c198c88a565d3eee434e3e6b278ed03a4b850b5fd3ed6aa775cbd15a872f3975135a72b002819fbef00f845420626c69d4e14dc60d9943010d12968c789dbf50a2b144aa6acf177acf6f0fd4f824555ff0341649663e5046c96371383162b862b9f353ad6cb52ba212aa194f09da5ee793c68e1408fef0308018a086854dc87dd78b03fe6ed5f79d16ac922ca023e59c91521f94df179473c3b3c1c17105200078bd13521da83ecd001fc8 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 0f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e349200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 040000000100000010000000cb17e431673ee209fe455793f30afa1c0f0000000100000014000000e91e1e972b8f467ab4e0598fa92285387dee94c909000000010000002a000000302806082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030353000000010000002500000030233021060b6086480186f8450107170630123010060a2b0601040182373c0101030200c01400000001000000140000007fd365a7c2ddecbbf03009f34339fa02af3331330b000000010000001200000056006500720069005300690067006e0000001d0000000100000010000000c6cbcafa17955c4cfd41eca0c654c3610300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e5190000000100000010000000d8b5fb368468620275d142ffd2aade372000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 040000000100000010000000497904b0eb8719ac47b0bc11519b74d00f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030853000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c00b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f000000140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b41d00000001000000100000002e0d6875874a44c820912e85e964cfdb030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D1EB23A46D17D68FD92564C2F1F1601764D8E349\Blob = 1900000001000000100000002aa1c05e2ae606f198c2c5e937c97aa2030000000100000014000000d1eb23a46d17d68fd92564c2f1f1601764d8e3491d00000001000000100000002e0d6875874a44c820912e85e964cfdb140000000100000014000000a0110a233e96f107ece2af29ef82a57fd030a4b40b00000001000000180000004300b7004f00b7004d00b7004f00b7004400b7004f00000053000000010000002600000030243022060c2b06010401b231010201050130123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000003e8e6487f8fd27d322a269a71edaac5d57811286200000000100000036040000308204323082031aa003020102020101300d06092a864886f70d0101050500307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c18414141204365727469666963617465205365727669636573301e170d3034303130313030303030305a170d3238313233313233353935395a307b310b3009060355040613024742311b301906035504080c1247726561746572204d616e636865737465723110300e06035504070c0753616c666f7264311a3018060355040a0c11436f6d6f646f204341204c696d697465643121301f06035504030c1841414120436572746966696361746520536572766963657330820122300d06092a864886f70d01010105000382010f003082010a0282010100be409df46ee1ea76871c4d45448ebe46c883069dc12afe181f8ee402faf3ab5d508a16310b9a06d0c57022cd492d5463ccb66e68460b53eacb4c24c0bc724eeaf115aef4549a120ac37ab23360e2da8955f32258f3dedccfef8386a28c944f9f68f29890468427c776bfe3cc352c8b5e07646582c048b0a891f9619f762050a891c766b5eb78620356f08a1a13ea31a31ea099fd38f6f62732586f07f56bb8fb142bafb7aaccd6635f738cda0599a838a8cb17783651ace99ef4783a8dcf0fd942e2980cab2f9f0e01deef9f9949f12ddfac744d1b98b547c5e529d1f99018c7629cbe83c7267b3e8a25c7c0dd9de6356810209d8fd8ded2c3849c0d5ee82fc90203010001a381c03081bd301d0603551d0e04160414a0110a233e96f107ece2af29ef82a57fd030a4b4300e0603551d0f0101ff040403020106300f0603551d130101ff040530030101ff307b0603551d1f047430723038a036a0348632687474703a2f2f63726c2e636f6d6f646f63612e636f6d2f414141436572746966696361746553657276696365732e63726c3036a034a0328630687474703a2f2f63726c2e636f6d6f646f2e6e65742f414141436572746966696361746553657276696365732e63726c300d06092a864886f70d010105050003820101000856fc02f09be8ffa4fad67bc64480ce4fc4c5f60058cca6b6bc1449680476e8e6ee5dec020f60d68d50184f264e01e3e6b0a5eebfbc745441bffdfc12b8c74f5af48960057f60b7054af3f6f1c2bfc4b97486b62d7d6bccd2f346dd2fc6e06ac3c334032c7d96dd5ac20ea70a99c1058bab0c2ff35c3acf6c37550987de53406c58effcb6ab656e04f61bdc3ce05a15c69ed9f15948302165036cece92173ec9b03a1e037ada015188ffaba02cea72ca910132cd4e50826ab229760f8905e74d4a29a53bdf2a968e0a26ec2d76cb1a30f9ebfeb68e756f2aef2e32b383a0981b56b85d7be2ded3f1ab7b263e2f5622c82d46a004150f139839f95e93696986e | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Suspicious behavior: EnumeratesProcesses
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\trupd.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe"
C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp
"C:\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp" /SL5="$3012C,20691785,1103872,C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe"
C:\Windows\system32\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Trojan Remover\Trshlex64.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Trojan Remover\TRElevationHelper.dll"
C:\Windows\SysWOW64\regsvr32.exe
"C:\Windows\system32\regsvr32.exe" /s "C:\Program Files (x86)\Trojan Remover\TRElevationHelper32.dll"
C:\Users\Admin\AppData\Local\Temp\is-QRFC2.tmp\TaskInst.exe
"C:\Users\Admin\AppData\Local\Temp\is-QRFC2.tmp\TaskInst.exe"
C:\Program Files (x86)\Trojan Remover\trupd.exe
"C:\Program Files (x86)\Trojan Remover\trupd.exe" /dbinstall
C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
"C:\Program Files (x86)\Trojan Remover\Rmvtrjan.exe"
C:\Program Files (x86)\Trojan Remover\Sschk.exe
"C:\Program Files (x86)\Trojan Remover\Sschk.exe" trh89B9.tmp
C:\Windows\system32\AUDIODG.EXE
C:\Windows\system32\AUDIODG.EXE 0x43c
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | www.simplysup.com | udp |
| US | 172.67.179.173:443 | www.simplysup.com | tcp |
| US | 172.67.179.173:443 | www.simplysup.com | tcp |
Files
memory/2936-2-0x0000000000401000-0x00000000004A9000-memory.dmp
memory/2936-0-0x0000000000400000-0x000000000051B000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-3IECH.tmp\Trojan_Remover_V6.9.6.tmp
| MD5 | 5eca6b6cd4733323140d8e32cb484355 |
| SHA1 | 75401d7c0e0f1bc14be20da23787785dbb01e7b2 |
| SHA256 | f6861456cacb82a1a999c1233fe67408e8eb25e3c5ed08a516111c9225143e72 |
| SHA512 | 9910f01b32c65f1fe1f7c3a1eaecd8550a6a229475cbec2090e5524d6f1ac632d0710fa9e9e462ba8538ed1cf67a033f13d2baa500954a08edbda3058a743ce4 |
memory/2420-9-0x0000000000400000-0x000000000074F000-memory.dmp
memory/2936-10-0x0000000000400000-0x000000000051B000-memory.dmp
memory/2420-12-0x0000000000400000-0x000000000074F000-memory.dmp
memory/2420-22-0x0000000000400000-0x000000000074F000-memory.dmp
memory/2420-70-0x0000000007C80000-0x0000000007C90000-memory.dmp
\Program Files (x86)\Trojan Remover\Rmvtrjan.exe
| MD5 | 57490eb9a715f68ea6f52182b3e639cf |
| SHA1 | 2a24774e517008a6d6c38ec5ae6f056fe2fb058b |
| SHA256 | ea5528aea2e54d6721ed0f33cf6a7cb5c4e55ddc6ff6401ae0ec1dfb96156195 |
| SHA512 | 9f863c51dbb2402912952b2788ea51f78cf86b4d9befc467875542696560a401594c1fbdaa0a64d5b2df065eabc9c4838443ca6d5ac7261f069865f3626ca08c |
\Program Files (x86)\Trojan Remover\Trjscan.exe
| MD5 | 0ae2865b8bf7f460f0a352e94dd37ed6 |
| SHA1 | 21326b2fb72d6c182df39afdcab659c7b2275ea4 |
| SHA256 | f3f3af510869982fbaad92b6c36daa11d88805dcb304c04ddf31d81bd1b4b1fd |
| SHA512 | b4aa0564fb50ee1054f01490149453fe721f91f5ae0aff0cb4cf1644ea3b180521e9c16c373f9522dadef93910094b67fe4622de097e721ee074be42cacba97d |
\Program Files (x86)\Trojan Remover\trupd.exe
| MD5 | 0c6d014b195761f7c92c74f8982b0a5b |
| SHA1 | 45fa5bea10d8bf914fec190f7e33907b02784e76 |
| SHA256 | c24f0baeee75ae5bb79bf3ea3315ce75f19192388d340aaacf8ccd2361f904e0 |
| SHA512 | 53a1c7c3feeecf93af20649a9cef145997aabb3e5e03b9b7d0b038859ff2d81057f730d3c663e8f4df90c7785f924cba2673b6a294c46bd206bc0c4795544132 |
memory/2420-83-0x0000000007C80000-0x0000000007C90000-memory.dmp
C:\Program Files (x86)\Trojan Remover\Trshlex64.dll
| MD5 | bc168257a6d847002c942f725e6c4d45 |
| SHA1 | 252e52be7982fd7cf69ed1ae0d7b9d5246b76cae |
| SHA256 | 8332bd218920b6bec2a043ca6409d672335c0269b2d437cd7c1b00456e6f1726 |
| SHA512 | 3ebad8455a440eb5bb87503fea557e3e30f136a461199bf66aa4ad11307d4dd52914469c59f0c8627310221f80c6048beada8275358c4db5c89eb4de26e16732 |
memory/328-92-0x0000000001DF0000-0x000000000216F000-memory.dmp
C:\Program Files (x86)\Trojan Remover\TRElevationHelper.dll
| MD5 | 4af801176ac79f0a2a32b2d71d6ef691 |
| SHA1 | e4ad5d68fbd01d31d13e3737879c5adfaa05518b |
| SHA256 | f0cd8bcd09a72de3bd900776fb129416877df869f27e8b2a1bb86d04ca8856f1 |
| SHA512 | dffb0ad4ea97fdfd58642eeeec6c2138de8cf5f2562e72d4503fe8da40b020595aa3e3cd5c4d1522335b9d64e8b83871f8c54365dbc2b6d2ee50e11df78d42c4 |
memory/2548-95-0x0000000002200000-0x000000000230A000-memory.dmp
C:\Program Files (x86)\Trojan Remover\TRElevationHelper32.dll
| MD5 | 4214adca95cec26e3cf661678a6c3705 |
| SHA1 | 57604b65ef8ca91927dcfe2b4cf8ca0b4e0f1286 |
| SHA256 | 03c6998fc83a8b89deb233e571e0ae1a5c07905578304440a06b5a912cc20700 |
| SHA512 | c0e980dab170caa2cad8b04bb34d12a65378e4d925efe2a3d3b9eb8a66ae487c573c6d6ba2d6565005f90defcf93e93273b1e6650b049ad3f250af5d3a14e084 |
memory/1788-98-0x0000000002360000-0x00000000025BE000-memory.dmp
\Users\Admin\AppData\Local\Temp\is-QRFC2.tmp\TaskInst.exe
| MD5 | 5abd23455548d16a0919e6259479840d |
| SHA1 | 22aa3e4418ee276f06928a2e99f4de0804416656 |
| SHA256 | 0468b4bb783331a3eb69ae07fb09a12cc470df58fe8bfc10cca49da287792266 |
| SHA512 | d4a4dd9ee28dd4dcfaaa278824af0a345c5a55f2544ef176a5ac2a4258dad9d146e0e48d87e7b427a76e84e7c8b4ce84bd4af215550d42b4d825880b8f3d6bbd |
memory/2852-105-0x0000000000400000-0x000000000067A000-memory.dmp
C:\ProgramData\Simply Super Software\Trojan Remover\Data\dlservers.dta
| MD5 | 11da9dbdee7dd02901cddaed4841802b |
| SHA1 | a53152510c5f81e423355deda4502abc29ea8af7 |
| SHA256 | 11956755580ed92378df8fb11cccf980ec134943c6a2e08581dcbf6b770411f9 |
| SHA512 | 137985e2dde65c70056ac618fcb617ead6d9ce75bfadb25310ca45c5c6670663b8ecd8218b7ce2beb8022c7847a48a607f5725df48e05b56282ecc5d2e8992aa |
C:\Users\Admin\Documents\Simply Super Software\Trojan Remover Logfiles\updlog.txt
| MD5 | 3752f2c2e34216d032270d090e5d4c24 |
| SHA1 | 71b9c732a53158d930127eb96b9bd2755584c74e |
| SHA256 | 895a1c1971ac8a300a70cb098b4364a5edd673e0463c3f4d36489fe333e5fdb3 |
| SHA512 | 15b06d721e102f3f3027ebf3a92673ffe72e972d3a25c0b2947954334cef6f761c55b760bc63ae4294414de2bd6ec0372731c81555441b3fe590894bb44c3a59 |
C:\Program Files (x86)\Trojan Remover\Win32\libeay32.dll
| MD5 | de66601165d003a7dbe444b128461694 |
| SHA1 | b6daca91c628bfeac760fb41f22ac591a6bb98e3 |
| SHA256 | ed98fc88dfe77719474dbe680cafdb1ec1ff6311513ac4e2cf233f7520ec59ef |
| SHA512 | 21812241e34ff8b3cc98add32df719aa4947d6d7250dbaec9c4135b51c8e017f0d108da22ece878d0a59289433fb286d9ae9dc82ae34f4f5af2b1e8f8f27378f |
C:\Program Files (x86)\Trojan Remover\Win32\ssleay32.dll
| MD5 | 9f487404116e9718f3b62bad39891488 |
| SHA1 | efedbce65290163364db72796ea38331c605b063 |
| SHA256 | e04f10dc724496de19c5201d045e7951e5d508e71c13139523cdc42ed96707cc |
| SHA512 | f56bf9df702a37dd625f5732bf8a0d24c8259d2ba4cbfb3b1ee9d48aeaed27eb485032b3bd4ba28e8d51b102daa5e14712aca40af43d1141b160968303e52d53 |
memory/2420-133-0x0000000000400000-0x000000000074F000-memory.dmp
memory/2420-134-0x0000000007C80000-0x0000000007C90000-memory.dmp
memory/2420-135-0x0000000007C80000-0x0000000007C90000-memory.dmp
memory/2524-136-0x0000000001220000-0x00000000018C0000-memory.dmp
memory/2524-139-0x0000000001220000-0x00000000018C0000-memory.dmp
memory/2524-299-0x0000000001220000-0x00000000018C0000-memory.dmp
C:\ProgramData\Simply Super Software\Trojan Remover\Data\epack.dta
| MD5 | 8dff7e81d2865623790c9229cfb8aceb |
| SHA1 | 68f657d56065b244ac6cbeffad1d5bb7bf85b963 |
| SHA256 | 34a0be0d7f4afb9763d47df8417eed7f0364bc5c00ed8dc707f5af0fbdc35d02 |
| SHA512 | 844e0a0603ea2a74ffc54dcbde180df4f969be07e2af54cf39d5b65324c5b85da8dc77433944bd668c4a3a5e7e8778752d026edf86b229d60285e0d3cd3b1af8 |
memory/2524-480-0x0000000001220000-0x00000000018C0000-memory.dmp
memory/2872-490-0x0000000003D00000-0x0000000003EF1000-memory.dmp
memory/2872-486-0x0000000003D00000-0x0000000003EF1000-memory.dmp
memory/2420-491-0x0000000007CF0000-0x0000000009063000-memory.dmp
memory/2872-492-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-506-0x0000000001880000-0x00000000018A0000-memory.dmp
memory/2872-497-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-499-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-502-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-510-0x0000000003D00000-0x0000000003EF1000-memory.dmp
\Program Files (x86)\Trojan Remover\ztvunrar39.dll
| MD5 | af2b46a3087a6b9512324c42b15bfd52 |
| SHA1 | 2883e3bf9207c50ed1322db413367d5609e52a85 |
| SHA256 | b277af92360d2797f39ace6f6901f90949d78c5287e3af51e87da7cb516e49bc |
| SHA512 | 2f5046daa1234dfeda3aa9c30f18217e2109e74235b15dba43d5f3be6a588f6781dcc32be17d30d9be9be31a78c09459e1973e7166451cbc48c9829d4ccb6b17 |
memory/2872-500-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-503-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-507-0x0000000000400000-0x0000000001773000-memory.dmp
memory/2872-505-0x0000000000400000-0x0000000001773000-memory.dmp
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist22.dta
| MD5 | d44d4ad880580dc04e1f65e43237903c |
| SHA1 | 5e3622932b465ca96a79eb17fe951b79a7d4591f |
| SHA256 | 791b7d0e1ae49ac7665f5aa9fa9df1700a17e0fdcc822455bf186e7a939ffb27 |
| SHA512 | 39735080d2dd7ec0ec9fc5177db9dbdf0f4f8cc577d88cb753d6fb4d1293c84af950aaf1b800dd1c97358d48ac4dd8330937b07e6f9786ca8c87bf13835d8acf |
memory/2872-509-0x0000000000400000-0x0000000001773000-memory.dmp
C:\ProgramData\Simply Super Software\Trojan Remover\Data\reflist.dta
| MD5 | 4862c030cb619bcd5064bab79be7c3c1 |
| SHA1 | bf155fe3fd675669b0522f9d30f7c9a4a8ce7f84 |
| SHA256 | d2027d66e548b7c6928c0170087b4e240db91f961a9ecccab4e661ce7d194342 |
| SHA512 | e0bad8f80d4e3ad5131d184d212a4dfc56f0d798494a49d60905e5ab867b270922eb5fa3e8e74f65681b51bb4177e88067d5af921988e7e51e4369838e2bb45d |
memory/2872-518-0x0000000003D00000-0x0000000003EF1000-memory.dmp
memory/2420-519-0x0000000000400000-0x000000000074F000-memory.dmp
memory/2420-520-0x0000000007CF0000-0x0000000009063000-memory.dmp
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist2.dta
| MD5 | 792bc7d977f2111d7f9765be8aa119e6 |
| SHA1 | fa2f1029791bff4d94a74eb00967645999b0c07e |
| SHA256 | 08af529a1a93c76d464d22d6eaa51d5e6f70144d7a16c31c6c45b0619a430610 |
| SHA512 | d1ba2459beb8e6656360c9a07d3c90a8aac915422de60f64acc78d305edf376557fcd555d83511ff14b2b80d19865873072072c7aae4c7f837e12a98ec11b48d |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist31.dta
| MD5 | b22793860090250432ec27d0b8f6a30e |
| SHA1 | e9029385e2c7b9fd7ed0a5ee976c5ad8788c354c |
| SHA256 | 0a248719b54a52a87e22729657caa2d1dd8d3aad949053b8f7b2aa6678ca8c3a |
| SHA512 | fe9184cda2f8283bd20735753691499ef06d3665a3ca7bae322e05027ae6cee2eb2274f98edeb58b2a973b0c1c43fe262bdff23bb0bff3d8af44f9db44a516ca |
C:\Users\Admin\Documents\Simply Super Software\Trojan Remover Logfiles\TRLog.tmp
| MD5 | 7539c1eab0f7086eb361731298e0251c |
| SHA1 | 374854024f4a4e4c7bbd1c1bb17e6c9d311a41cb |
| SHA256 | 3f991008556fe5e674953f8bb4ced676a45fb99b3ac075fa85d073ed04bcf7e7 |
| SHA512 | dba96671fa7f8d3a2f655b368dd9d0f28fdf7abac89032d839a77b5d0b3d728814ed54929b9361aaceb8eb3367795f3bdc25aaf1126582883c59d1a6620a4ace |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist7.dta
| MD5 | 1b44043961c5c7bbe3222560dff74103 |
| SHA1 | 7cd8809cf1978c0345b52187b814903be6202840 |
| SHA256 | d95aa3e90d499b39bd823abf69fb2e0223adaeba61d6260d4791dc239c1f4e9d |
| SHA512 | f0556a72eacbb55901afedd1b3c791a2540102853637a013d97221dfa2f7ad637bbe81a41e3e717a83458609574b930429a0b0800b017a36835494214be4f8be |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist6.dta
| MD5 | 5f9e3abbd7831ade0f80c0f6f4a76545 |
| SHA1 | 6f86c0cd24b196e75f8f181fc2d1d0511a90e15f |
| SHA256 | 99bc614f4952b7a55bb9b38b78b7bc0176f119495bbf41e8c4857b71e86df45a |
| SHA512 | 8b915cd731df13000bf365f1bd9f02c5520530580983dd2e19a7c7fafbcbedffd8639ad41c70551698cda2d10be902e2444bdbda4aa40b40ceaecc07c0803e25 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist5.dta
| MD5 | 85214ecff84537055e1df1cb02cf7f03 |
| SHA1 | 10f42244f9c9e79bd50a25086d81ce8abc4221bb |
| SHA256 | da1834d29ff387ed0fc45f67fdb2f9d0567f87c3b44b8c38b97c08cec77b1a97 |
| SHA512 | d0624900a3ffc631cdfbe1b5c43a95450bdeabe52ea8cc7a57f406ae86999ea3032faf094f9047a6afddc64c91e4972c91bcc5f850d9664895e8f2ad486f4c98 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist3.dta
| MD5 | 3330d1570014d10354af8729c3fba9ad |
| SHA1 | 19ebfe14dd1b54b96f981ca544b1b45fc7a0e7fe |
| SHA256 | 630a79660cbfaf8b6fb240b5f256d2349fc7fc230ba0a30f30bdde21512be36c |
| SHA512 | 546944f9231236762d77e528d78cd557fa8af0fb1498b0a9847d7c8ae5712fcd8d6efcb55cb341d8b7df8d0e624cba5822a1dd8e6b0f93a7f3adbb9c833d798f |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist4.dta
| MD5 | 7b8fc6b65af0fa741889dcd52acd30fb |
| SHA1 | d499ef936090293f51c0592452b54e3f551d1986 |
| SHA256 | 73d59cac1180c1ceb68bed21cfb19f3f1c49eb5f9adff4962b26aa195af7ce4b |
| SHA512 | 7200acec100d528db24106f331f3d2da6f202936519c36c2c78cfc3338888736c022e7fcfc4f8aa2d7a18990243ea5b3dfa026f7fcd4c50f00922206abc714f4 |
C:\Users\Admin\Documents\Simply Super Software\Trojan Remover Logfiles\TRLog.tmp
| MD5 | 9c14602394db432c1c28652a65befcc1 |
| SHA1 | 9125715a356328c3082dc20f6f13dc0e8cdd2531 |
| SHA256 | 0a1023728a7e2c5342056689b6522b6bdcfc49f828bd92c9a1d3acc575b5ebd2 |
| SHA512 | a6151e79eed6295909a6ebc32cfb30e689237eeb06a8a8db2af643ecdb591e662610b7306bdfb312477a88e06a688c2dbdfd7c058173ed40d6b468ae78985104 |
C:\Program Files (x86)\Trojan Remover\Sschk.exe
| MD5 | 45cfdea1dabe6f4b48281e4ce61a241a |
| SHA1 | 073eb8ee933617628367bf079c77bea6736c1dc7 |
| SHA256 | 8701091bd868c17ccde76c0333e42b866b73c96b3f4ebe5f979f194d8b9b2c3a |
| SHA512 | d90597dea5ae9d78816c4891f0ec6fef6fc364b0851005f870a7d15b72a6f75e6c80250f5d4a1bfa3b88c4d83eb90a46b1d1a5f896706f54dbc6e59f2589b73a |
memory/2872-552-0x0000000000400000-0x0000000001773000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\trh89B9.tmp
| MD5 | 6e82e8b9e2940f399af4783be3ecefdf |
| SHA1 | fb54c3246b0ec92aba57fe65ae8ef2debbdb2300 |
| SHA256 | c1e0d65d3b7fe56ba28a3329603449b2a0434b6084c1e8aa61e8bd23203b2d7c |
| SHA512 | 557a28a0644e8e3263ba0c55315130d97628b77839ffe5662310865468374e788f9eb017a9fe925e1d02c9aa050d6b4ade5f1e4aa658dd84fad9b64fb5e9e32d |
C:\Users\Admin\Documents\Simply Super Software\Trojan Remover Logfiles\TRLog.tmp
| MD5 | 3b585c5097e0c5bdc5269f0e0a084bf7 |
| SHA1 | 1ab2786f394399fe18555159f6afc42079c1b091 |
| SHA256 | ebfd0f646b1b61295f918cab40209d72b18e0a38e63e28782d025589faf67b20 |
| SHA512 | 3a2ce8e248c9849cc79f9e359d47837ae6c469e99b5384956523f59031e12b988ad62dcc441189aa5faea89d9edfb25cfd8699ee109eb8558c20eb60b4d9f188 |
C:\Users\Admin\Documents\Simply Super Software\Trojan Remover Logfiles\TRLog.tmp
| MD5 | 7291c764627e88b87591566d0a660cd4 |
| SHA1 | 6f81297a18777419c06e4874f63edeb5af51c616 |
| SHA256 | 88c29ac05d3cc91750f41916450e740ea80fec23e033f51d13902f181d653aaf |
| SHA512 | 9d754c871ad20b6a77bc8da2cf9f7bc19f478c6dc39459ec2fc1a924a14ab182ba3712a23aa07920851582ed5ec424c16c4624bb36d06426999764c663c5f702 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist29.dta
| MD5 | 21fc270f152e79fdbd6d9be43b4cb494 |
| SHA1 | 6ac28d0470a00bbc128cf8ed057646a4ddbb1a1b |
| SHA256 | b2d45f14ece1bb79380b2717014d86434ddfdabd71cbce14851fcaf6c654ee88 |
| SHA512 | dbc4df59a905a9fb0caca0fd008fef654355b897a5a2b15cede63cf6dcf42fb32aa0ef07f221c0819d165dc8028f2f941ef2696228f929ed4aedc4a97dcfcb8d |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist77.dta
| MD5 | 8fa4172fd3907367645f89b80ee0d493 |
| SHA1 | 64cf1deb7388eb31e2623d62930105f5fc6de609 |
| SHA256 | d1a3fb2495412eeebd5e9b77e6fc7d64a73e46e09e0b938467a73cb31e150268 |
| SHA512 | 32c1dc2bb35778f6931ff500e6a1f91cf4db3e8fc1e85c20dfc2a3613e78ddbc6957bb420eeacb1793b3b60aa4dc2a6d67c8c3ac3c33576789762ac7dd15d3d4 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist107.dta
| MD5 | a18f99de1a9ec9c4152444634dfa14e5 |
| SHA1 | c5f79129e693d379848a435eb60dd3feed265a0c |
| SHA256 | 5387a98ac1be647e16fca3f050af790f2c1d85f8807b459d8b56fa123241daf2 |
| SHA512 | 404e52328167e229e655e8dbf2a8e4b069419578a2fd7cb1ce27a8d8740dfd6cc3623988354abf8f09c2ae85ec8fe021d4621dbb33efaa69fafbaf7cd4f567ac |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist33.dta
| MD5 | 4fd6d0fdcc632d03fb2c938952fd5f64 |
| SHA1 | 00664229fc988d4fa99208d1ab52aa9095653040 |
| SHA256 | 43d449f352d10536e5fc02808754c3bdd0780c56429a519246bf4e66ad0f857e |
| SHA512 | c401603ec901db4de6d5dd35fd31185f837522d6682b0b987d9b063e899ed8d96950fc60f0c07750fcbf6ea3eb0592bfa197dfc3cae1c5310a39395444a8b6ad |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist34.dta
| MD5 | 3fbb24a6e135bb59bb27d591bc0fe7dc |
| SHA1 | ca80ec99fbfaa368d1d422691e18fa6a31b3657f |
| SHA256 | a17c79284d6f33d86069d53bc7dd4f4bde0f05c1439328aa40bc414d6484108c |
| SHA512 | b0cae16f35fb7a503c3f392d3ae57be6fadbee79a9583eb35bba89d2cb086b24005af7771de92db85bdec426adeca1ac0579d3cffdda9e4035a2fca01494fcb7 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist43.dta
| MD5 | a0b042d0a59ef14fb98b6cf00e420e46 |
| SHA1 | 3b1c4044a0d9097e64849f215e965a56119c6de7 |
| SHA256 | 299553e7fad1fbd89a26814a528ca9b894b13174176a058da9de28beb346a61d |
| SHA512 | 0129d03343ca03b94542ef55cae26b9dfb5637ca7cbac4119c025a035757ed9aa28ca220635f973d56d11e79a6ef9b3f43a506f2ded6c9d836e601ceeb9354a8 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist35.dta
| MD5 | e503cd4677a29399743176752b419fc7 |
| SHA1 | 17c35774fe36141b89951535fdb4a11764a1571d |
| SHA256 | 3bd9a646c1c61ffc3bd3f301f0b9293016992556c6f35f3e1bc33613942eaa26 |
| SHA512 | 08d33d765d99fbd78298cedfb2809f1775fed0dbe349043051da1c2580d6c58e4f9832396c39a2e1e5b5be9a67d0c75aca87367135d5298344e508edcc5b0e08 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist61.dta
| MD5 | 1dbf507c8a81e74958de13de7a000eac |
| SHA1 | 191ec62e3ae80973ea012b9310d1147a9b9f096d |
| SHA256 | 6bf12ed0a76c4f6b7044be997ec4865a1cdb1d4b0ad9cc87a8d6057c3710a77a |
| SHA512 | aacea6b87d39f2707dc6b3361ad7fa8098b02c867783cbb81dab38c5409e17456846c09137e1a7e29e0fa148b1470349ae47506754e333cf9654863b30d5c1d8 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist91.dta
| MD5 | ca25bbd8b10c3d286c76ef29524208a3 |
| SHA1 | 2adb72ba8fb817f49bebceeffe0dd75841d47acf |
| SHA256 | 8e9b18a3e4c2dd0628bf53cb6d411e8a390ed4a01476788cd460ba2cded2c6c7 |
| SHA512 | cdb83af7056577d7c429228b591de5932403d73e14ff56e30e903557002bb61632899c0baa97234dad7bcda01192d704def2881b3b8792d5aded1dc3d9a832a6 |
C:\Users\Admin\Documents\Simply Super Software\Trojan Remover Logfiles\TRLog.tmp
| MD5 | 7aaed89cb5a67e348e0f42f7c90c8eae |
| SHA1 | 3ddf67935539cb3eba38eba3d988204d0cf59ffd |
| SHA256 | c562fa911824d5829e873a27068060fe71f73274c3b2e59be9a5a1011685f00e |
| SHA512 | 499b6ef35a3a1f8763d69da2d41af1553d3bed741bea2df02d907aeb40a49fe773d04bb75288050b0d5a4b96cbcca8e167f00fedf44de980195642ce729b0eb0 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist79.dta
| MD5 | dee4237f9de139ed7d7e8d42d464cf1c |
| SHA1 | 4f2bef1e06715701bbe9da9ba71d48fcbbead4c4 |
| SHA256 | 34f62b9e49515ad38f820f136268907ffa8bd4f66fff277abc3f5b76ca26a544 |
| SHA512 | 25a0cad8b0204776e5e654752a28688fe69e9e0e57617cccb6f44adceef2855cac01deb5320bb172c5059798045a67fc56d431ed72de0df57f774d94665e7431 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist109.dta
| MD5 | 4452cab8a424e786273a09d2ff17491f |
| SHA1 | 1d80e961f90931207c05cad28f86c47337360a0b |
| SHA256 | 6cabeda016f1ca02fe9c6bece071692fc013a3db8068a0558ce341136f0b1e79 |
| SHA512 | 9f0d719242e05044cc11b9f16bfbb0fe44657e2286e270d49b7757587a7ac66109a2154926416ae6f9b8fbfea0c0972a38ce82dcced255726056011516336708 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist60.dta
| MD5 | fdb5b6df1bcf2010266f0b64156c7834 |
| SHA1 | d33eab45316d5046b4c999b2579fd203d175e956 |
| SHA256 | 75d98eab3910e4d262e7d8f74b70ac5535704b1eb860b2ffcb27d7b07519e8b0 |
| SHA512 | ba666ae380fcb533212a31d0270f668df780f3cf4ee2ed8852aad32c020d772b095a74ed865981c5657a0cd34c06f81ea1d6b5697f34b528ee0a1564587cd722 |
C:\Users\Admin\AppData\Local\Temp\Cab9A40.tmp
| MD5 | 49aebf8cbd62d92ac215b2923fb1b9f5 |
| SHA1 | 1723be06719828dda65ad804298d0431f6aff976 |
| SHA256 | b33efcb95235b98b48508e019afa4b7655e80cf071defabd8b2123fc8b29307f |
| SHA512 | bf86116b015fb56709516d686e168e7c9c68365136231cc51d0b6542ae95323a71d2c7acec84aad7dcecc2e410843f6d82a0a6d51b9acfc721a9c84fdd877b5b |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist78.dta
| MD5 | 369f82a82a58628f047f1369ec3ccd2e |
| SHA1 | d13d9a98fb8f0fd63c622dfef731179d053b97f5 |
| SHA256 | c18e204d044545b593b934d06ab566cf7d541f7eaa7dfbd5734d1f38ce969e2a |
| SHA512 | 6ba496e9a5208b44c8b951dcd52c59b15d1a3beb049f31ca3ba24e202194df27c8230a54553a07ddb3717cb47dde807cb86fa209344e5becfdba82fb52121f05 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist108.dta
| MD5 | 6f81c53414dc584e751ed53a64f722fa |
| SHA1 | cc9789e2ab1485bd5d4fc74c96df73c004c01e8c |
| SHA256 | 51d82d8c36c334b3b478e0b162cc5ce09320ee4be4fec824a6ad547fe2a72ab7 |
| SHA512 | 0488e644bb53bc436f481650596dfec32d181e45e789d970eaba48722321c91852506bb0d7076a12f4c1f499054bc17d0099cb32de04c3238931247a01c94f35 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist57.dta
| MD5 | 42f5a081b4307e0ab365eeebd0221701 |
| SHA1 | 56bbbee7cd3d05d2d0a160918ce7cc67a35abe5c |
| SHA256 | ebf5fdbde8abb00357942ea615b23c47f868fca9398fa57a517aca774fc6eb4b |
| SHA512 | a00c779d0a5dc8139f29c0183dfff11f1b9baa4a9c1555edeb75466937cc10a5849e380dbd4aa8922c2a561fc7b362da9afeecbfa4f55fc35b7aa0e92009c0b2 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist52.dta
| MD5 | 59e0c111dba55dcad60dd6b69821a12b |
| SHA1 | ac400737d2d690399b4e6c548461331bd6ec167e |
| SHA256 | 3523ff6498add733a5f5421437f6deecfd25d835843ea3a18588c7585e93b89a |
| SHA512 | 9fd33a19c3fb016b08125c434b6cb687b814c4a488abfb71fe35321c4296ce9cb50b2262f8995bd73522f1d648222b2e28cd69fa999ac4db2c3fb731667bdf99 |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist47.dta
| MD5 | b026eb2ba7fdc833c5588c60964638d5 |
| SHA1 | c4b9998c9c8b72519f43f58e428cac19cd3b8ffe |
| SHA256 | 7017d6eb6c25048b35b0232ab2d7dee12f627569a5c4a0a4e6d696417f10e296 |
| SHA512 | 685f9bf8796b24c5b40c213b151a82003682de9f360b232118b9e8a72edd8f97ec673bc835c738efad6a8dee2213431bda6bcc1065b3ae43a2cb9e48536874dc |
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist51.dta
| MD5 | f7e856487e03ed72cb3c6be2b4e894ec |
| SHA1 | 79a9f4c99b1658c50e404a118be5b3e1dfca78a4 |
| SHA256 | 0e6cc44ad8f4b7eb688a71403918aa98fb4891591fa80eea8c3bc922ee9df17c |
| SHA512 | 411a3de0f8e6663ec7d5aadcb686479fbba33ccf9bdc2e60dbc57bea49631aec1a5744ef5546b6593b4ff643d4383d04e3de25a3797b6807b9f8ec10b8e1e979 |
memory/2872-715-0x000000000F860000-0x000000000F89E000-memory.dmp
memory/2872-714-0x000000000F860000-0x000000000F89E000-memory.dmp
memory/2872-717-0x000000000FAD0000-0x000000000FB27000-memory.dmp
memory/2872-716-0x000000000FAD0000-0x000000000FB27000-memory.dmp
memory/2872-719-0x00000000046B0000-0x00000000046BA000-memory.dmp
memory/2872-718-0x00000000046B0000-0x00000000046BA000-memory.dmp
memory/2872-721-0x000000000FAD0000-0x000000000FB4B000-memory.dmp
memory/2872-720-0x000000000FAD0000-0x000000000FB4B000-memory.dmp
memory/2872-724-0x000000000FAD0000-0x000000000FB26000-memory.dmp
memory/2872-723-0x000000000F860000-0x000000000F89E000-memory.dmp
memory/2872-722-0x000000000FAD0000-0x000000000FB26000-memory.dmp
memory/2872-728-0x0000000004940000-0x000000000496F000-memory.dmp
memory/2872-727-0x000000000F860000-0x000000000F89E000-memory.dmp
memory/2872-726-0x0000000004940000-0x000000000496F000-memory.dmp
memory/2872-725-0x000000000FAD0000-0x000000000FB27000-memory.dmp
memory/2872-730-0x000000000FAD0000-0x000000000FB59000-memory.dmp
memory/2872-729-0x000000000FAD0000-0x000000000FB59000-memory.dmp
memory/2872-734-0x00000000046B0000-0x00000000046C2000-memory.dmp
memory/2872-733-0x00000000046B0000-0x00000000046BA000-memory.dmp
memory/2872-732-0x00000000046B0000-0x00000000046C2000-memory.dmp
memory/2872-731-0x00000000046B0000-0x00000000046BA000-memory.dmp
memory/2872-735-0x000000000FAD0000-0x000000000FB4B000-memory.dmp
memory/2872-737-0x00000000046B0000-0x00000000046B7000-memory.dmp
memory/2872-736-0x000000000FAD0000-0x000000000FB4B000-memory.dmp
memory/2872-740-0x00000000046B0000-0x00000000046B7000-memory.dmp
memory/2872-739-0x000000000FAD0000-0x000000000FB26000-memory.dmp
memory/2872-738-0x000000000FAD0000-0x000000000FB26000-memory.dmp
memory/2872-743-0x00000000046B0000-0x00000000046C7000-memory.dmp
memory/2872-742-0x00000000046B0000-0x00000000046C7000-memory.dmp
memory/2872-741-0x0000000004940000-0x000000000496F000-memory.dmp
memory/2872-747-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-746-0x000000000FAD0000-0x000000000FB59000-memory.dmp
memory/2872-744-0x000000000FAD0000-0x000000000FB59000-memory.dmp
memory/2872-745-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-748-0x00000000046B0000-0x00000000046C2000-memory.dmp
memory/2872-751-0x00000000046B0000-0x00000000046CE000-memory.dmp
memory/2872-750-0x00000000046B0000-0x00000000046CE000-memory.dmp
memory/2872-749-0x00000000046B0000-0x00000000046C2000-memory.dmp
memory/2872-755-0x000000000FAD0000-0x000000000FB17000-memory.dmp
memory/2872-754-0x000000000FAD0000-0x000000000FB17000-memory.dmp
memory/2872-752-0x00000000046B0000-0x00000000046B7000-memory.dmp
memory/2872-753-0x00000000046B0000-0x00000000046B7000-memory.dmp
memory/2872-756-0x00000000046B0000-0x00000000046B7000-memory.dmp
memory/2872-759-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-758-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-757-0x00000000046B0000-0x00000000046B7000-memory.dmp
memory/2872-763-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-762-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-761-0x00000000046B0000-0x00000000046C7000-memory.dmp
memory/2872-760-0x00000000046B0000-0x00000000046C7000-memory.dmp
memory/2872-764-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-767-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-766-0x00000000046B0000-0x00000000046C9000-memory.dmp
memory/2872-765-0x00000000046B0000-0x00000000046C9000-memory.dmp
memory/2872-771-0x00000000046B0000-0x00000000046CB000-memory.dmp
memory/2872-770-0x00000000046B0000-0x00000000046CB000-memory.dmp
memory/2872-769-0x00000000046B0000-0x00000000046CE000-memory.dmp
memory/2872-768-0x00000000046B0000-0x00000000046CE000-memory.dmp
memory/2872-774-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-773-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-772-0x000000000FAD0000-0x000000000FB17000-memory.dmp
memory/2872-778-0x00000000046B0000-0x00000000046B9000-memory.dmp
memory/2872-777-0x00000000046B0000-0x00000000046B9000-memory.dmp
memory/2872-776-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-775-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-779-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-780-0x00000000046B0000-0x00000000046C5000-memory.dmp
memory/2872-782-0x000000000FAD0000-0x000000000FB4B000-memory.dmp
memory/2872-781-0x000000000FAD0000-0x000000000FB4B000-memory.dmp
memory/2872-783-0x00000000046B0000-0x00000000046C9000-memory.dmp
memory/2872-784-0x00000000046B0000-0x00000000046C9000-memory.dmp
memory/2872-786-0x000000000FAD0000-0x000000000FB18000-memory.dmp
memory/2872-785-0x000000000FAD0000-0x000000000FB18000-memory.dmp
memory/2872-790-0x00000000046B0000-0x00000000046C1000-memory.dmp
memory/2872-789-0x00000000046B0000-0x00000000046C1000-memory.dmp
memory/2872-788-0x00000000046B0000-0x00000000046CB000-memory.dmp
memory/2872-787-0x00000000046B0000-0x00000000046CB000-memory.dmp
memory/2872-794-0x00000000046B0000-0x00000000046CE000-memory.dmp
memory/2872-793-0x00000000046B0000-0x00000000046CE000-memory.dmp
memory/2872-792-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-791-0x00000000046B0000-0x00000000046BB000-memory.dmp
memory/2872-798-0x00000000046B0000-0x00000000046BA000-memory.dmp
memory/2872-797-0x00000000046B0000-0x00000000046BA000-memory.dmp
memory/2872-796-0x00000000046B0000-0x00000000046B9000-memory.dmp
memory/2872-795-0x00000000046B0000-0x00000000046B9000-memory.dmp
memory/2872-799-0x00000000046B0000-0x00000000046B8000-memory.dmp
C:\ProgramData\Simply Super Software\Trojan Remover\Data\trjlist65.dta
| MD5 | 0c104aa91cab2d465f69ea7a2b0c0a19 |
| SHA1 | ddadf626b333baca6fed0cba351ae03e0c2037a0 |
| SHA256 | dc2bb3edf37556668a13f38c0819bb037cac50f9885c650b3ae2ece8a7f9dfc1 |
| SHA512 | 52871958a37849725bd58345ba441a4278a8a8f68c596c2e6b5440f2048655e8a1f49c78ec7ee72a59264ed59c3d51f28cda237354d5118597214b49ab43045f |
memory/2872-1107-0x0000000000400000-0x0000000001773000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\TarC049.tmp
| MD5 | 4ea6026cf93ec6338144661bf1202cd1 |
| SHA1 | a1dec9044f750ad887935a01430bf49322fbdcb7 |
| SHA256 | 8efbc21559ef8b1bcf526800d8070baad42474ce7198e26fa771dbb41a76b1d8 |
| SHA512 | 6c7e0980e39aacf4c3689802353f464a08cd17753bd210ee997e5f2a455deb4f287a9ef74d84579dbde49bc96213cd2b8b247723919c412ea980aa6e6bfe218b |
memory/2872-1514-0x0000000004940000-0x0000000004956000-memory.dmp
memory/2872-1515-0x00000000046C0000-0x00000000046C9000-memory.dmp
memory/2872-1710-0x000000001B5E0000-0x000000001B619000-memory.dmp
memory/2872-1711-0x000000001B620000-0x000000001B650000-memory.dmp
memory/2872-1712-0x000000001B650000-0x000000001B686000-memory.dmp
memory/2872-1714-0x0000000000400000-0x0000000001773000-memory.dmp
Analysis: behavioral2
Detonation Overview
Submitted
2024-08-18 06:10
Reported
2024-08-18 06:12
Platform
win10v2004-20240802-en
Max time kernel
141s
Max time network
140s
Command Line
Signatures
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 888 wrote to memory of 3292 | N/A | C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe | C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp |
| PID 888 wrote to memory of 3292 | N/A | C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe | C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp |
| PID 888 wrote to memory of 3292 | N/A | C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe | C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp |
Processes
C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe
"C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe"
C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp
"C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp" /SL5="$50280,20691785,1103872,C:\Users\Admin\AppData\Local\Temp\Trojan_Remover_V6.9.6.exe"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | g.bing.com | udp |
| US | 204.79.197.237:443 | g.bing.com | tcp |
| US | 8.8.8.8:53 | 149.220.183.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 133.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.197.79.204.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 50.23.12.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 15.164.165.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 147.142.123.92.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 43.58.199.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 23.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | tse1.mm.bing.net | udp |
| US | 8.8.8.8:53 | 205.47.74.20.in-addr.arpa | udp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
| US | 150.171.27.10:443 | tse1.mm.bing.net | tcp |
Files
memory/888-2-0x0000000000401000-0x00000000004A9000-memory.dmp
memory/888-0-0x0000000000400000-0x000000000051B000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-NVGQF.tmp\Trojan_Remover_V6.9.6.tmp
| MD5 | 5eca6b6cd4733323140d8e32cb484355 |
| SHA1 | 75401d7c0e0f1bc14be20da23787785dbb01e7b2 |
| SHA256 | f6861456cacb82a1a999c1233fe67408e8eb25e3c5ed08a516111c9225143e72 |
| SHA512 | 9910f01b32c65f1fe1f7c3a1eaecd8550a6a229475cbec2090e5524d6f1ac632d0710fa9e9e462ba8538ed1cf67a033f13d2baa500954a08edbda3058a743ce4 |
memory/3292-6-0x0000000000400000-0x000000000074F000-memory.dmp
memory/888-8-0x0000000000400000-0x000000000051B000-memory.dmp
memory/3292-10-0x0000000000400000-0x000000000074F000-memory.dmp