Multi-License Discount Quote

Change Region

English
Threat Database Browser Hijackers FindWide.com Search

FindWide.com Search

By CagedTech in Browser Hijackers

Threat Scorecard

Popularity Rank: 2,118
Threat Level: 50 % (Medium)
Infected Computers: 82,775
First Seen: April 8, 2013
Last Seen: October 30, 2025
OS(es) Affected: Windows

File System Details

FindWide.com Search may create the following file(s):
Expand All | Collapse All
# File Name MD5 Detections
1. TNT2User.exe.vir e9c6ffc49b1a60794d1d9f39b86c0cf3 797
2. TNT2User.exe 15569b3f607a3a0f7229e5b051f430b7 15
3. searchus-tb10295.exe 173291b9f7f1d76406d7565f0e5dc57c 12
More files

Registry Details

FindWide.com Search may create the following registry entry or registry entries:
CLSID
{02F878DF-E2BE-4B85-8CB4-A0D2D4E2ED7F}
{0FEB2313-F89B-4AC6-8153-84025604A06A}
{2AF343DD-3102-4F9D-AC95-DCA4C95382C7}
{3137BC14-D8D7-4B67-8FFA-2E0B2E9D541B}
{4CA2AC92-971B-47B1-ACB6-357B552155AC}
{52C5395B-1FCD-47FA-A834-FD830701C2D5}
{554EBE31-AEC1-4E34-BCE3-606467760D88}
{5D3DCC39-9233-4330-94E9-DA92BE49CA1A}
{615FACDF-DADB-440D-AC91-8AAB0AE9E3AD}
{655847A1-FA36-46ED-923B-A5CD523696EA}
{762D463B-C45A-456D-A80D-8689C297C91E}
{7A6BE473-7960-44D0-BD54-D23DA76353DF}
{803F550E-BAAE-42BB-8917-64BA0006AB17}
{8D5BC51D-C9D3-43B9-B728-B30677B7C7E8}
{991C9D8D-A789-4DB9-BDFC-5F33398B04BF}
{A5ACC874-D943-483F-A2D1-14598D51F872}
{ABB8A8A5-FF98-40F6-B573-5841B063EA37}
{B0474212-0D9D-4361-90B3-B89D1A44275D}
{BFDE183A-C6FE-41D2-80F9-586C29210AC2}
{CE5A6611-5000-43C6-BBF7-014127FE985A}
{DD260902-9420-4055-A956-9152EB4F3E6A}
{EB1F9F3C-5526-4DAE-BD4B-3EAA7715DA9F}
{EBBC143E-44AC-4B9C-BCCE-9A0E42921F2A}
{F68DC16C-9C2B-455B-8853-7E4D34BAA3F4}
{FBA8498F-B3A0-4942-A2BF-E0CB7BC7E000}
HKEY..\..\..\..{RegistryKeys}
SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{0922CDBD-C8AD-43B7-AD06-1FAD706914C9}
Software\Microsoft\Internet Explorer\Approved Extensions\{0A7103A2-E174-4687-A4A2-781EEAA1000A}
Software\Microsoft\Internet Explorer\Approved Extensions\{11EAECED-3676-47E9-A76B-F1150C81DCB1}
Software\Microsoft\Internet Explorer\Approved Extensions\{20969DCF-2975-4425-8F58-9292A3F5D3C7}
Software\Microsoft\Internet Explorer\Approved Extensions\{2760BEE6-E922-4533-ADD0-5655AD0E9B51}
Software\Microsoft\Internet Explorer\Approved Extensions\{2D724534-4C06-4C7B-8855-FC382FF10B4E}
Software\Microsoft\Internet Explorer\Approved Extensions\{302891CB-2F47-46D8-8406-FC774074730C}
Software\Microsoft\Internet Explorer\Approved Extensions\{320CC2FF-86D7-4D68-AD89-2F2681B14BF0}
Software\Microsoft\Internet Explorer\Approved Extensions\{432BC798-4561-4D0A-8B04-AF188AC640D9}
Software\Microsoft\Internet Explorer\Approved Extensions\{44FBFC65-6311-40E3-9800-A2D9D6610262}
Software\Microsoft\Internet Explorer\Approved Extensions\{52668555-7190-4E6A-97E9-88C1149E60B5}
SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{529C8693-4DFA-4B7F-9116-2F2B38A2B5C2}
Software\Microsoft\Internet Explorer\Approved Extensions\{5511D068-2A76-43F8-A2F0-1FE40645002E}
Software\Microsoft\Internet Explorer\Approved Extensions\{5A196D79-D3DF-41F4-93CD-488B9543CF2A}
Software\Microsoft\Internet Explorer\Approved Extensions\{63B2B812-A562-4380-AF55-AFEFFC1FA2A1}
Software\Microsoft\Internet Explorer\Approved Extensions\{6F2F247A-473C-41FF-AF0D-1D0485CD0EC3}
Software\Microsoft\Internet Explorer\Approved Extensions\{756EC993-7543-4A3C-8629-84D64D0CC95F}
Software\Microsoft\Internet Explorer\Approved Extensions\{79AA1605-B844-4AE3-B3C0-14DC7E61F4B8}
Software\Microsoft\Internet Explorer\Approved Extensions\{7F4039FB-5565-4E55-ADDD-CB0C3536D6E0}
SOFTWARE\Microsoft\Internet Explorer\Approved Extensions\{895D47DF-47EB-406E-A715-160E87DE1CCB}
Software\Microsoft\Internet Explorer\Approved Extensions\{8EC1EB3E-7348-49F8-A6D8-92FAC4CFC478}
Software\Microsoft\Internet Explorer\Approved Extensions\{AF62EAA6-D30B-499E-8192-71BC89CC10AC}
Software\Microsoft\Internet Explorer\Approved Extensions\{BF6B2F46-72D8-4A0D-B7C1-A9177E752F18}
Software\Microsoft\Internet Explorer\Approved Extensions\{C3F82EA0-79C0-46EA-9F89-5A16809558C6}
Software\Microsoft\Internet Explorer\Approved Extensions\{C6B99C69-F157-425B-84E7-E634FFEDBD2E}
Software\Microsoft\Internet Explorer\Approved Extensions\{D9392729-08A6-4A11-B5A2-E098A9C7084D}
Software\Microsoft\Internet Explorer\Approved Extensions\{EDF97228-AF6A-4249-B05F-9DA9F0884F43}
Software\Microsoft\Internet Explorer\Approved Extensions\{F2C1F911-8F74-4364-82FB-A9BA17DB0C87}
Software\Microsoft\Internet Explorer\Approved Extensions\{F592552D-5E0E-4F1C-ACDA-52B0453EE138}
Software\Microsoft\Internet Explorer\DOMStorage\findwide.com
Software\Microsoft\Internet Explorer\DOMStorage\search.findwide.com
Software\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{06A0ADB2-E26C-499F-8BF8-0572E9DAB3B5}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{0A7103A2-E174-4687-A4A2-781EEAA1000A}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{2760BEE6-E922-4533-ADD0-5655AD0E9B51}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{63B2B812-A562-4380-AF55-AFEFFC1FA2A1}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{6F2F247A-473C-41FF-AF0D-1D0485CD0EC3}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{756EC993-7543-4A3C-8629-84D64D0CC95F}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{79AA1605-B844-4AE3-B3C0-14DC7E61F4B8}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7F4039FB-5565-4E55-ADDD-CB0C3536D6E0}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{895D47DF-47EB-406E-A715-160E87DE1CCB}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{BF6B2F46-72D8-4A0D-B7C1-A9177E752F18}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{C6B99C69-F157-425B-84E7-E634FFEDBD2E}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{D9392729-08A6-4A11-B5A2-E098A9C7084D}
Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EDF97228-AF6A-4249-B05F-9DA9F0884F43}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{06A0ADB2-E26C-499F-8BF8-0572E9DAB3B5}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{0922CDBD-C8AD-43B7-AD06-1FAD706914C9}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{11EAECED-3676-47E9-A76B-F1150C81DCB1}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2760BEE6-E922-4533-ADD0-5655AD0E9B51}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{2D724534-4C06-4C7B-8855-FC382FF10B4E}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{302891CB-2F47-46D8-8406-FC774074730C}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{312290C7-C68C-4E99-A847-59E7738EB72F}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{320CC2FF-86D7-4D68-AD89-2F2681B14BF0}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{432BC798-4561-4D0A-8B04-AF188AC640D9}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{44FBFC65-6311-40E3-9800-A2D9D6610262}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{52668555-7190-4E6A-97E9-88C1149E60B5}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{529C8693-4DFA-4B7F-9116-2F2B38A2B5C2}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5511D068-2A76-43F8-A2F0-1FE40645002E}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{5A196D79-D3DF-41F4-93CD-488B9543CF2A}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{63B2B812-A562-4380-AF55-AFEFFC1FA2A1}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{64E96A96-5776-48C4-9B5A-B503436D6401}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{6F2F247A-473C-41FF-AF0D-1D0485CD0EC3}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{756EC993-7543-4A3C-8629-84D64D0CC95F}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7F4039FB-5565-4E55-ADDD-CB0C3536D6E0}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{895D47DF-47EB-406E-A715-160E87DE1CCB}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{8EC1EB3E-7348-49F8-A6D8-92FAC4CFC478}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{9BA84DA9-4A1D-4A59-A63A-D998F9DA738E}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{AF62EAA6-D30B-499E-8192-71BC89CC10AC}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{B6396EF3-294A-45A2-A3F9-23B584AD8042}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{BF6B2F46-72D8-4A0D-B7C1-A9177E752F18}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C3F82EA0-79C0-46EA-9F89-5A16809558C6}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{C6B99C69-F157-425B-84E7-E634FFEDBD2E}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D026C6CC-5CF4-4DC7-926F-F076F490C9FE}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{D9392729-08A6-4A11-B5A2-E098A9C7084D}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{EDF97228-AF6A-4249-B05F-9DA9F0884F43}
SOFTWARE\Microsoft\Internet Explorer\Toolbar\{F592552D-5E0E-4F1C-ACDA-52B0453EE138}
Software\MozillaPlugins\@tnt2ghost.com/Plugin
Software\MozillaPlugins\@tnt2npapi.com/Plugin
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\DragDrop\{70BC1CDB-0744-4172-BDA0-B5A487D00C3A}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{72A6AB0F-2FA8-4C73-9FCB-1E62A608F001}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{06A0ADB2-E26C-499F-8BF8-0572E9DAB3B5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{0922CDBD-C8AD-43B7-AD06-1FAD706914C9}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{0A7103A2-E174-4687-A4A2-781EEAA1000A}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{11EAECED-3676-47E9-A76B-F1150C81DCB1}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2760BEE6-E922-4533-ADD0-5655AD0E9B51}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{2D724534-4C06-4C7B-8855-FC382FF10B4E}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{302891CB-2F47-46D8-8406-FC774074730C}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{312290C7-C68C-4E99-A847-59E7738EB72F}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{320CC2FF-86D7-4D68-AD89-2F2681B14BF0}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{432BC798-4561-4D0A-8B04-AF188AC640D9}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{44FBFC65-6311-40E3-9800-A2D9D6610262}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{52668555-7190-4E6A-97E9-88C1149E60B5}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{529C8693-4DFA-4B7F-9116-2F2B38A2B5C2}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5511D068-2A76-43F8-A2F0-1FE40645002E}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{5A196D79-D3DF-41F4-93CD-488B9543CF2A}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{63B2B812-A562-4380-AF55-AFEFFC1FA2A1}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{6F2F247A-473C-41FF-AF0D-1D0485CD0EC3}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{756EC993-7543-4A3C-8629-84D64D0CC95F}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{79AA1605-B844-4AE3-B3C0-14DC7E61F4B8}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{7F4039FB-5565-4E55-ADDD-CB0C3536D6E0}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{8386E749-3934-493D-91AF-252929E84847}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{895D47DF-47EB-406E-A715-160E87DE1CCB}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{9BA84DA9-4A1D-4A59-A63A-D998F9DA738E}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{AF62EAA6-D30B-499E-8192-71BC89CC10AC}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{B6396EF3-294A-45A2-A3F9-23B584AD8042}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{BF6B2F46-72D8-4A0D-B7C1-A9177E752F18}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C3F82EA0-79C0-46EA-9F89-5A16809558C6}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{C6B99C69-F157-425B-84E7-E634FFEDBD2E}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D026C6CC-5CF4-4DC7-926F-F076F490C9FE}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{D9392729-08A6-4A11-B5A2-E098A9C7084D}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{EDF97228-AF6A-4249-B05F-9DA9F0884F43}
SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{F592552D-5E0E-4F1C-ACDA-52B0453EE138}
SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASAPI32
SOFTWARE\Wow6432Node\Microsoft\Tracing\TNT2User_RASMANCS

Directories

FindWide.com Search may create the following directory or directories:

%LOCALAPPDATA%\TNT2
%PROGRAMFILES%\TNT2
%UserProfile%\Local Settings\Application Data\TNT2

URLs

FindWide.com Search may call the following URLs:

FindWide Toolbar
findwide.com
search.findwide.com

Analysis Report

General information

Family Name: FindWide.com Search
Signature status: Self Signed

Known Samples

MD5: b5fdd04667f09ad8cdcaa6c9eb3c8f50
SHA1: a4126a78ae3b5a7001a4884fab5f74b9e127c8ee
SHA256: 3DCDC9C9206EE8A8646FF1EF56C391637630F94D11D0F2EA681D57ECD42FDC8A
File Size: 1.40 MB, 1397504 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File is 32-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name Findwide
File Description Setup program
File Version 2.0.0.1995
Internal Name ExtractOnce.exe
Legal Copyright © Findwide All Rights Reserved
Original Filename ToolbarInst.exe
Product Name TNT2
Product Version 2.0.0.1995

Digital Signatures

Signer Root Status
FindWide VeriSign Class 3 Code Signing 2010 CA Self Signed

Block Information

Total Blocks: 508
Potentially Malicious Blocks: 6
Whitelisted Blocks: 476
Unknown Blocks: 26

Visual Map

0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 ? 0 0 0 0 0 0 0 0 0 1 0 0 0 ? 0 0 0 0 0 0 0 0 0 0 ? ? ? 0 ? ? x ? ? ? ? ? ? ? ? ? ? ? 0 0 0 ? 0 0 0 0 0 0 0 0 ? ? x x x 0 x x ? ? ? ? 0 ? 0 0 0 2 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 1 1 0 0 0 0 0 1 0 1 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 2 3 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 1 0 0 1 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 2 2 1 1 1 0 0 1 0 0 0 0 1 0 1 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 1 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Files Modified

File Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\autorun.inf Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\chromeinst.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\crx.tar Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\globaluninstall.tnt Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\hmac.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\iestage2.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\ietoolbar.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\ietoolbar64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\install.tnt Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\lastsession.log Generic Read,Write Data,Write Attributes,Write extended,Append data
Show More
c:\users\user\appdata\local\tnt2\2.0.0.1995\log.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\nptnt2.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\partner.tnt Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\passport.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\passport64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\pinnedsearch.htm Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\pinnedsearch_findwide.htm Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\pinnedsearch_freshy.htm Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\progress.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\regsvr.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\remoteskin.wms Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\sqlite.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\tnt2chrome.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\tnt2chrome64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\tnt2user.exe Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\tnt2userps.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\tnt2userps64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\tntmagicdel.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\uninjlib.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\uninjlib64.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\uninstall.tnt Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\uninstalldlg.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\untar.1.dll Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\update.tnt Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\xpi.tar Generic Write,Read Attributes
c:\users\user\appdata\local\tnt2\2.0.0.1995\zipunzip.1.dll Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3119368278-1123331430-659265220-1001\3310a4fa6cb9c60504498d7eea986fc2_bfeb5820-9643-42ad-a79f-071dff4d8e64 Generic Write,Read Attributes
c:\users\user\appdata\roaming\microsoft\crypto\rsa\s-1-5-21-3119368278-1123331430-659265220-1001\8193ab892c6ae64e89be24a4e941c49b_bfeb5820-9643-42ad-a79f-071dff4d8e64 Generic Write,Read Attributes

Registry Modifications

Key::Value Data API Name
HKLM\software\classes\jscript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\jscript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\livescript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\livescript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.1:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript1.1\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.2:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript1.2\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
Show More
HKLM\software\classes\javascript1.3:: JScript Language RegNtPreCreateKey
HKLM\software\classes\javascript1.3\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\ecmascript:: JScript Language RegNtPreCreateKey
HKLM\software\classes\ecmascript\clsid:: {f414c260-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}:: JScript Language RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\progid:: JScript RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c260-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\jscript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\jscript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\jscript.compact author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\jscript.compact author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\livescript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\livescript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\javascript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.1 author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\javascript1.1 author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\javascript1.2 authorjavascript1.3 author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\javascript1.2 authorjavascript1.3 author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\ecmascript author:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\ecmascript author\clsid:: {f414c261-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}:: JScript Language Authoring RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\progid:: JScript Author RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c261-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\jscript.encode:: JScript Language Encoding RegNtPreCreateKey
HKLM\software\classes\jscript.encode\clsid:: {f414c262-6ac0-11cf-b6d1-00aa00bbbb58} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}:: JScript Language Encoding RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\progid:: JScript.Encode RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{f414c262-6ac0-11cf-b6d1-00aa00bbbb58}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\jscript.compact:: JScript Compact Profile (ECMA 327) RegNtPreCreateKey
HKLM\software\classes\jscript.compact\clsid:: {cc5bbec3-db4a-4bed-828d-08d78ee3e1ed} RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}:: JScript Compact Profile (ECMA 327) RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\progid:: JScript.Compact RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\inprocserver32:: C:\WINDOWS\SysWow64\jscript.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{cc5bbec3-db4a-4bed-828d-08d78ee3e1ed}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKCU\wow6432node\clsid::{16d51579-a30b-4c8b-a276-0ff4dc41e755} JavaScript Language RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\inprocserver32:: C:\WINDOWS\SysWow64\jscript9.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{16d51579-a30b-4c8b-a276-0ff4dc41e755}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKCU\wow6432node\clsid::{842a1268-6e6a-465c-868f-8bc445b9828f} JavaScript Language RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{842a1268-6e6a-465c-868f-8bc445b9828f}\inprocserver32:: C:\WINDOWS\SysWow64\jscript9.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{842a1268-6e6a-465c-868f-8bc445b9828f}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c20ed5c4-0a2e-4f66-9be2-86a1c823dd68}\inprocserver32:: C:\WINDOWS\SysWow64\jscript9.dll RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c20ed5c4-0a2e-4f66-9be2-86a1c823dd68}\inprocserver32::threadingmodel Both RegNtPreCreateKey
HKLM\software\classes\wow6432node\clsid\{c20ed5c4-0a2e-4f66-9be2-86a1c823dd68}:: PSFactoryBuffer RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c20ed5c4-0a2e-4f66-9be2-86a1c823dd68}\proxystubclsid32:: {C20ED5C4-0A2E-4F66-9BE2-86A1C823DD68} RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c20ed5c4-0a2e-4f66-9be2-86a1c823dd68}:: IJavascriptDispatchRemoteProxy RegNtPreCreateKey
HKLM\software\classes\wow6432node\interface\{c20ed5c4-0a2e-4f66-9be2-86a1c823dd68}\nummethods:: 7 RegNtPreCreateKey
HKCU\software\tnt2\tnt2data:: 2.0.0.1995 RegNtPreCreateKey
HKCU\wow6432node\clsid\{554ebe31-aec1-4e34-bce3-606467760d88}:: TNT2 ToolbarManager RegNtPreCreateKey
HKCU\wow6432node\clsid\{554ebe31-aec1-4e34-bce3-606467760d88}\localserver32:: "C:\Users\Lximgrtk\AppData\Local\TNT2\2.0.0.1995\TNT2User.exe" RegNtPreCreateKey
HKCU\wow6432node\clsid\{554ebe31-aec1-4e34-bce3-606467760d88}\localserver32::serverexecutable C:\Users\Lximgrtk\AppData\Local\TNT2\2.0.0.1995\TNT2User.exe RegNtPreCreateKey
HKCU\wow6432node\clsid\{554ebe31-aec1-4e34-bce3-606467760d88}\localserver32::version 2.0 RegNtPreCreateKey
HKCU\wow6432node\clsid\{554ebe31-aec1-4e34-bce3-606467760d88}\typelib:: {ABB8A8A5-FF98-40F6-B573-5841B063EA37} RegNtPreCreateKey
HKCU\wow6432node\clsid\{554ebe31-aec1-4e34-bce3-606467760d88}\version:: 2.0 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{72a6ab0f-2fa8-4c73-9fcb-1e62a608f001}::appname TNT2User.exe RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{72a6ab0f-2fa8-4c73-9fcb-1e62a608f001}::apppath C:\Users\Lximgrtk\AppData\Local\TNT2\2.0.0.1995 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{72a6ab0f-2fa8-4c73-9fcb-1e62a608f001}::policy  RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\elevationpolicy\{72a6ab0f-2fa8-4c73-9fcb-1e62a608f001}::clsid {554EBE31-AEC1-4E34-BCE3-606467760D88} RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\dragdrop\{70bc1cdb-0744-4172-bda0-b5a487d00c3a}::appname TNT2User.exe RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\dragdrop\{70bc1cdb-0744-4172-bda0-b5a487d00c3a}::apppath C:\Users\Lximgrtk\AppData\Local\TNT2\2.0.0.1995 RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\dragdrop\{70bc1cdb-0744-4172-bda0-b5a487d00c3a}::policy  RegNtPreCreateKey
HKCU\software\microsoft\internet explorer\low rights\dragdrop\{70bc1cdb-0744-4172-bda0-b5a487d00c3a}::clsid {554EBE31-AEC1-4E34-BCE3-606467760D88} RegNtPreCreateKey

Windows API Usage

Category API
Process Manipulation Evasion
  • NtUnmapViewOfSection
  • ReadProcessMemory
Network Wininet
  • InternetOpen
  • InternetOpenUrl
Encryption Used
  • BCryptOpenAlgorithmProvider
  • CryptAcquireContext
Process Shell Execute
  • CreateProcess
  • WriteConsole
Anti Debug
  • IsDebuggerPresent
  • NtQuerySystemInformation
Network Winsock2
  • WSAStartup
User Data Access
  • GetUserObjectInformation
Keyboard Access
  • GetKeyState
Network Urlomon
  • URLDownloadToFile
Syscall Use
  • ntdll.dll!NtAccessCheck
  • ntdll.dll!NtAddAtomEx
  • ntdll.dll!NtAlertThreadByThreadId
  • ntdll.dll!NtAlpcConnectPort
  • ntdll.dll!NtAlpcQueryInformation
  • ntdll.dll!NtAlpcSendWaitReceivePort
  • ntdll.dll!NtApphelpCacheControl
  • ntdll.dll!NtClearEvent
  • ntdll.dll!NtClose
  • ntdll.dll!NtConnectPort
Show More
  • ntdll.dll!NtCreateEvent
  • ntdll.dll!NtCreateFile
  • ntdll.dll!NtCreateMutant
  • ntdll.dll!NtCreateSection
  • ntdll.dll!NtCreateSemaphore
  • ntdll.dll!NtDeviceIoControlFile
  • ntdll.dll!NtDuplicateObject
  • ntdll.dll!NtDuplicateToken
  • ntdll.dll!NtEnumerateKey
  • ntdll.dll!NtEnumerateValueKey
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtMapViewOfSection
  • ntdll.dll!NtOpenDirectoryObject
  • ntdll.dll!NtOpenEvent
  • ntdll.dll!NtOpenFile
  • ntdll.dll!NtOpenKey
  • ntdll.dll!NtOpenKeyEx
  • ntdll.dll!NtOpenProcessToken
  • ntdll.dll!NtOpenProcessTokenEx
  • ntdll.dll!NtOpenSection
  • ntdll.dll!NtOpenSemaphore
  • ntdll.dll!NtOpenThreadToken
  • ntdll.dll!NtOpenThreadTokenEx
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQueryAttributesFile
  • ntdll.dll!NtQueryInformationFile
  • ntdll.dll!NtQueryInformationProcess
  • ntdll.dll!NtQueryInformationThread
  • ntdll.dll!NtQueryInformationToken
  • ntdll.dll!NtQueryKey
  • ntdll.dll!NtQueryLicenseValue
  • ntdll.dll!NtQueryPerformanceCounter
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtQuerySecurityObject
  • ntdll.dll!NtQuerySystemInformation
  • ntdll.dll!NtQueryValueKey
  • ntdll.dll!NtQueryVirtualMemory
  • ntdll.dll!NtQueryVolumeInformationFile
  • ntdll.dll!NtQueryWnfStateData
  • ntdll.dll!NtReadFile
  • ntdll.dll!NtReleaseMutant
  • ntdll.dll!NtReleaseSemaphore
  • ntdll.dll!NtReleaseWorkerFactoryWorker
  • ntdll.dll!NtRequestWaitReplyPort
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationKey
  • ntdll.dll!NtSetInformationProcess
  • ntdll.dll!NtSetInformationVirtualMemory
  • ntdll.dll!NtSetTimer2
  • ntdll.dll!NtSubscribeWnfStateChange
  • ntdll.dll!NtTerminateProcess
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtTraceControl
  • ntdll.dll!NtUnmapViewOfSection
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWaitForAlertByThreadId
  • ntdll.dll!NtWaitForSingleObject
  • ntdll.dll!NtWaitForWorkViaWorkerFactory
  • ntdll.dll!NtWaitLowEventPair
  • ntdll.dll!NtWorkerFactoryWorkerReady
  • ntdll.dll!NtWriteFile
  • ntdll.dll!NtWriteVirtualMemory
  • win32u.dll!NtGdiAnyLinkedFonts
  • win32u.dll!NtGdiBitBlt
  • win32u.dll!NtGdiCreateBitmap
  • win32u.dll!NtGdiCreateCompatibleBitmap
  • win32u.dll!NtGdiCreateCompatibleDC
  • win32u.dll!NtGdiCreateDIBitmapInternal
  • win32u.dll!NtGdiCreateRectRgn
  • win32u.dll!NtGdiCreateSolidBrush
  • win32u.dll!NtGdiDeleteObjectApp
  • win32u.dll!NtGdiDoPalette
  • win32u.dll!NtGdiDrawStream
  • win32u.dll!NtGdiExtGetObjectW
  • win32u.dll!NtGdiExtTextOutW
  • win32u.dll!NtGdiFontIsLinked
  • win32u.dll!NtGdiGetCharABCWidthsW
  • win32u.dll!NtGdiGetDCDword
  • win32u.dll!NtGdiGetDCObject
  • win32u.dll!NtGdiGetDeviceCaps
  • win32u.dll!NtGdiGetDIBitsInternal
  • win32u.dll!NtGdiGetEntry
  • win32u.dll!NtGdiGetFontData
  • win32u.dll!NtGdiGetGlyphIndicesW
  • win32u.dll!NtGdiGetOutlineTextMetricsInternalW
  • win32u.dll!NtGdiGetRandomRgn
  • win32u.dll!NtGdiGetRealizationInfo
  • win32u.dll!NtGdiGetTextFaceW
  • win32u.dll!NtGdiGetTextMetricsW
  • win32u.dll!NtGdiGetWidthTable

66 additional items are not displayed above.

Service Control
  • OpenSCManager
  • OpenService
Process Terminate
  • TerminateProcess

Shell Command Execution

C:\Users\Lximgrtk\AppData\Local\TNT2\2.0.0.1995\TNT2User.exe /INSTALL PARTNER=b5a7001a4884fab5f74b9e127c8ee
netsh advfirewall firewall add rule action=allow profile=any protocol=any enable=yes direction=in name=TNT2 program="C:\Users\Lximgrtk\AppData\Local\TNT2\2.0.0.1995\TNT2User.exe"
sc delete DatamngrCoordinator
WriteConsole: [SC] OpenService
taskkill /F /IM "DatamngrCoordinator.exe"
Show More
WriteConsole: ERROR: CoInitial
taskkill /F /IM "DatamngrUI.exe"
WriteConsole: ERROR: CoInitial
sc delete "Updater By Sweetpacks"

Trending

Most Viewed

Loading...