BUGREPORT.EXE – Trojan ADH removal

BUGREPORT.EXE size: 421888 bytes
BUGREPORT.EXE hash: 7AD5828066CBECD6B14BABDB5056DEC8

Created files:

%TEMP%\Tencent\QQPCMgr\~2bc085\AMD64.Microsoft.VC80.ATL\8.0.50727.4053.policy
%TEMP%\Tencent\QQPCMgr\~2bc085\AMD64.Microsoft.VC80.ATL\ATL80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\AMD64.Microsoft.VC80.CRT\8.0.50727.4053.policy
%TEMP%\Tencent\QQPCMgr\~2bc085\AMD64.Microsoft.VC80.CRT\msvcm80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\AMD64.Microsoft.VC80.CRT\msvcp80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\AMD64.Microsoft.VC80.CRT\msvcr80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\bugreport.exe
%TEMP%\Tencent\QQPCMgr\~2bc085\dr.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\InstAsm.exe
%TEMP%\Tencent\QQPCMgr\~2bc085\Microsoft.VC80.ATL\8.0.50727.4053.Policy
%TEMP%\Tencent\QQPCMgr\~2bc085\Microsoft.VC80.ATL\ATL80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\Microsoft.VC80.CRT\8.0.50727.4053.Policy
%TEMP%\Tencent\QQPCMgr\~2bc085\Microsoft.VC80.CRT\msvcm80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\Microsoft.VC80.CRT\msvcp80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\Microsoft.VC80.CRT\msvcr80.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\notbolock.sys
%TEMP%\Tencent\QQPCMgr\~2bc085\PackageConf.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\QMInsys.sys
%TEMP%\Tencent\QQPCMgr\~2bc085\QQPCDetector\dlcore.dll
%TEMP%\Tencent\QQPCMgr\~2bc085\RemNPX.exe
%TEMP%\Tencent\QQPCMgr\~2bc085\TestMSVCR.exe
%TEMP%\Tencent\QQPCMgr\~2bc085\TestMSVCR_64.exe
%TEMP%\Tencent\QQPCMgr\~2bc085\UpdateTrayIcon.exe
%WinDir%\WinSxS\InstallTemp\55798154\amd64_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_79404cdd\ATL80.dll

Autostart registry keys:

HKLM\Software\Microsoft\Windows\CurrentVersion\RunOnce\WinSideBySideSetupCleanup 55798154: rundll32 sxs.dll,SxspRunDllDeleteDirectory %WinDir%\WinSxS\InstallTemp\55798154

Detected by UnHackMe:

BUGREPORT.EXE
Default location: %TEMP%\TENCENT\QQPCMGR\~2BC085\BUGREPORT.EXE

Dropper information:
MD5: f7c3cafbff5264dffe239c42ea0b75ee
File size: 45007056 bytes