505815795 – Trojan Swisyn removal

Created files:

%SysDir%\505815795 – Trojan Swisyn
%SysDir%\appmgr32.exe – Trojan Swisyn
%SysDir%\avtapi32.dll – Trojan Swisyn
%SysDir%\rasser32.dll – Trojan Swisyn
%SysDir%\rasser32.exe – Trojan Swisyn
%SysDir%\config\systemprofile\Local Settings\Application Data\Google\Chrome\User Data\Default\Default\ilablkideeagidpmpodpolkfifciopep\manifest.json – Trojan Swisyn
%SysDir%\config\systemprofile\Local Settings\Application Data\Google\Chrome\User Data\Default\Preferences – Trojan Swisyn

Autostart registry keys:

HKLM\Software\Classes\CLSID\{FE1007F4-5E87-40AA-9F97-ABBD2AA087Dd}\InprocServer32 : %WinDir%\System32\avtapi32.dll
HKLM\Software\Classes\CLSID\{FE1007F4-5E87-40AA-9F97-ABBD2AA087Dd}\InprocServer32\ThreadingModel: Both
HKLM\Software\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\RTHDBPL: \SysWin\lsass.exe2\rasser32.exe?q?q?
?|?????
?|???w9??w???Y?Ow???,$?$?q?q?????q??q?qp??6v?6
0????|6vp?,$???????????|T?????|??p?

HKLM\System\CurrentControlSet\Services\COMSysApp32\Type: 10000000
HKLM\System\CurrentControlSet\Services\COMSysApp32\Start: 02000000
HKLM\System\CurrentControlSet\Services\COMSysApp32\DisplayName: COM+ System Application
HKLM\System\CurrentControlSet\Services\COMSysApp32\ImagePath: %WinDir%\System32\appmgr32.exe

Detected by UnHackMe:

505815795
Default location: %SysDir%\505815795

Dropper information:
SHA256: c5991f6f9f37091b5a3b3c502af9bc5046225b733b0e41c1683bb50f610614cd
SHA1: 241fb62c6b04b8b26dda089ab2254753cb5ddefc
MD5: 0c17b3726a0d7f46ed8f3fa177bad696
File size: 1412096 bytes