18fb1efac7a965e3be1b7c090324e291fcdaba65ec213619d245aa4aa54387ba

Analysis

max time kernel
196s
max time network
215s
platform
windows7_x64
resource
win7-20231215-en
resource tags

arch:x64arch:x86image:win7-20231215-enlocale:en-usos:windows7-x64system
submitted
28/01/2024, 14:05

Sharing

Copy URL Twitter E-mail

Report Analysis Logs

General

Target

RADMIR_LAUNCHER (1).exe
Size

70.9MB
MD5

8465f7fc1db3beffa1db908f54d1cd04
SHA1

9d11a228c4a095fb1f76cc16e71ab21e8673547d
SHA256

18fb1efac7a965e3be1b7c090324e291fcdaba65ec213619d245aa4aa54387ba
SHA512

8782fb1e7800a4ba1038e093886a2c0c1d4a947892f222e62fdcaee0f12f7fd9ab259f67830321d04a1a45e22711c50aec555ba806eaf01930260db57a8485c3
SSDEEP

1572864:B2iif6jme1ExJH1h60Fw90txK5fr2gdfTJEk2FDbksrhvaF45B5CLLAtfSrS:B746jex9n41B1EvFNtva63CwNt

Score

7^/10

Malware Config

Signatures

Checks computer location settings 2 TTPs 2 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

description	ioc	Process
Key value queried	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation	RADMIR_LAUNCHER_EX.exe
Key value queried	\REGISTRY\USER\S-1-5-21-3427588347-1492276948-3422228430-1000\Control Panel\International\Geo\Nation	RADMIR_LAUNCHER_EX.exe

Executes dropped EXE 6 IoCs

pid	Process
2968	RADMIR_LAUNCHER.exe
1800	RADMIR_LAUNCHER_EX.exe
640	RADMIR_LAUNCHER_EX.exe
1736	RADMIR_LAUNCHER_EX.exe
580	RADMIR_LAUNCHER_EX.exe
2944	RADMIR_LAUNCHER_EX.exe

Loads dropped DLL 37 IoCs

pid	Process
2640	RADMIR_LAUNCHER (1).exe
2640	RADMIR_LAUNCHER (1).exe
2640	RADMIR_LAUNCHER (1).exe
2640	RADMIR_LAUNCHER (1).exe
2640	RADMIR_LAUNCHER (1).exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
1800	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
640	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
1736	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
580	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
2944	RADMIR_LAUNCHER_EX.exe

Unexpected DNS network traffic destination 1 IoCs

Network traffic to other servers than the configured DNS servers was detected on the DNS port.

description	ioc
Destination IP	208.67.222.222

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\vi.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\resources\config.xml	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\resources\projects\crmp\info.xml	RADMIR_LAUNCHER_EX.exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-multibyte-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\resources.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\tr.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-utility-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File opened for modification	C:\Program Files (x86)\RADMIR LAUNCHER\resources\projects\mta\info.xml	RADMIR_LAUNCHER_EX.exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\nl.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER.exe	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-private-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\en-GB.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\ms.pak	RADMIR_LAUNCHER (1).exe
File opened for modification	C:\Program Files (x86)\RADMIR LAUNCHER\resources\projects\ragemp_russia\info.xml	RADMIR_LAUNCHER_EX.exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-namedpipe-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-processthreads-l1-1-1.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-filesystem-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\sw.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\te.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\resources\projects\mta\info.xml	RADMIR_LAUNCHER_EX.exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-time-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\da.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\lv.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-runtime-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\resources\updater.exe	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-heap-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\bn.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\fil.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\cs.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\sr.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\zh-TW.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-file-l1-2-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-libraryloader-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-locale-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\icudtl.dat	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\ro.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\ru.pak	RADMIR_LAUNCHER (1).exe
File opened for modification	C:\Program Files (x86)\RADMIR LAUNCHER\resources\projects\ragemp\info.xml	RADMIR_LAUNCHER_EX.exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-file-l2-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-math-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\fa.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\et.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\kn.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\ffmpeg.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\de.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\el.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\he.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\ko.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\swiftshader\libGLESv2.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-sysinfo-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-xstate-l2-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\mr.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-console-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\chrome_100_percent.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\ml.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-environment-l1-1-0.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\v8_context_snapshot.bin	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\ar.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\zh-CN.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\vcruntime140.dll	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\hu.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\locales\nb.pak	RADMIR_LAUNCHER (1).exe
File created	C:\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-file-l1-1-0.dll	RADMIR_LAUNCHER (1).exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Suspicious behavior: EnumeratesProcesses 64 IoCs

pid	Process
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
640	RADMIR_LAUNCHER_EX.exe
1736	RADMIR_LAUNCHER_EX.exe
2968	RADMIR_LAUNCHER.exe
580	RADMIR_LAUNCHER_EX.exe
2968	RADMIR_LAUNCHER.exe
2944	RADMIR_LAUNCHER_EX.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe
2968	RADMIR_LAUNCHER.exe

Suspicious use of FindShellTrayWindow 3 IoCs

pid	Process
1800	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe

Suspicious use of SendNotifyMessage 3 IoCs

pid	Process
1800	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe
1800	RADMIR_LAUNCHER_EX.exe

Suspicious use of WriteProcessMemory 35 IoCs

description	pid	Process	procid_target
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 2968 wrote to memory of 1800	2968	RADMIR_LAUNCHER.exe	35
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 640	1800	RADMIR_LAUNCHER_EX.exe	36
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 1736	1800	RADMIR_LAUNCHER_EX.exe	37
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 580	1800	RADMIR_LAUNCHER_EX.exe	38
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39
PID 1800 wrote to memory of 2944	1800	RADMIR_LAUNCHER_EX.exe	39

C:\Users\Admin\AppData\Local\Temp\RADMIR_LAUNCHER (1).exe
"C:\Users\Admin\AppData\Local\Temp\RADMIR_LAUNCHER (1).exe"
1⤵
- Loads dropped DLL
- Drops file in Program Files directory
PID:2640

C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER.exe
"C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER.exe"
1⤵
- Executes dropped EXE
- Loads dropped DLL
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of WriteProcessMemory
PID:2968
- C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe
  "C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe"
  2⤵
  - Checks computer location settings
  - Executes dropped EXE
  - Loads dropped DLL
  - Drops file in Program Files directory
  - Suspicious use of FindShellTrayWindow
  - Suspicious use of SendNotifyMessage
  - Suspicious use of WriteProcessMemory
  PID:1800
- - C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe
    "C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe" --type=gpu-process --field-trial-handle=1140,13696292086667987939,3070767498445324092,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-sandbox --no-sandbox --disable-gpu-rasterization --user-data-dir="C:\Users\Admin\AppData\Roaming\radmir-launcher" --gpu-preferences=UAAAAAAAAADgAgAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAANAAAAEAAAAAAAAAABAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=disabled --mojo-platform-channel-handle=1188 /prefetch:2
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:640
- - C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe
    "C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1140,13696292086667987939,3070767498445324092,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=none --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\radmir-launcher" --mojo-platform-channel-handle=1328 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:1736
- - C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe
    "C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe" --type=renderer --user-data-dir="C:\Users\Admin\AppData\Roaming\radmir-launcher" --app-path="C:\Program Files (x86)\RADMIR LAUNCHER\resources\app.asar" --no-sandbox --no-zygote --no-sandbox --field-trial-handle=1140,13696292086667987939,3070767498445324092,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=4 --mojo-platform-channel-handle=1408 /prefetch:1
    3⤵
    - Checks computer location settings
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:580
- - C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe
    "C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=1140,13696292086667987939,3070767498445324092,131072 --disable-features=PlzServiceWorker,SpareRendererForSitePerProcess,WinRetrieveSuggestionsOnlyOnDemand --lang=en-US --service-sandbox-type=audio --no-sandbox --user-data-dir="C:\Users\Admin\AppData\Roaming\radmir-launcher" --mojo-platform-channel-handle=1812 /prefetch:8
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious behavior: EnumeratesProcesses
    PID:2944

Network

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe

Filesize
3.1MB

MD5
6babf778bcd72c7566a1ba5ab54a2267

SHA1
2ee7739586ee9c830bead3ed46ff7de8a46e52e2

SHA256
798a3962b96f27bd757c186a620fa08d7669f8d7ae55758a0170e3198c74da24

SHA512
8f15904b03a7de1e35cf1158c43b35f862ea60243b2cf9848caffca4911775d9cb914af771c7faa2447248bea378f7f967faa9ae90de1496f2a302c39ecdf89b

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe

Filesize
2.6MB

MD5
b179a2531412cebe86fc26b956d79430

SHA1
ba0e61f8e2ae15120936e402a211acb3e4e9c155

SHA256
c52d2ff8210639ada8e52c739c6781b1964c0e6934a069be12826c21fdc8a5d3

SHA512
a53088eed0c1dfd36adaf1d194fd97d4fd8267b50cc5f14fad6ffedbd5ceabcb0a0ca79d3cfc23b4a4ea4434c0ad0ca2404182b0df0f4826985ee77c4a545821

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe

Filesize
8.1MB

MD5
0d90029698a44016a90172b75ee8a77d

SHA1
b3100ab785d8a623046266e1ac14c63d1ce7433a

SHA256
8d5b6c1560abd1840c84c455341add2eeb09b11920fa8a87da5bbc3263da69b6

SHA512
ddf8b87e9ac60323dc502038c908b2f5b610d09b20e50bace9902dcab335f0aad0a6cff10134827899121796f608a998fb035588d268daf36e9ccee1af395e9e

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\chrome_100_percent.pak

Filesize
138KB

MD5
4f7cf265db503b21845d2df4dc903022

SHA1
970b35882db6670c81bd745bdeed11f011c609da

SHA256
c48e6d360aee16159d4be43f9144f77d3275a87b3f77eae548e357601c55fc16

SHA512
5645d2c226697c7ac69ce73e9124630696516fc18286a5579823588f93a936da71084a3850f1f9a7b34c624f4c502957107f5957ffba5e6c1e4da6d8da7d3348

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\chrome_200_percent.pak

Filesize
202KB

MD5
6a7a9dee6b4d47317b4478dba3b2076c

SHA1
e9167673a3d25ad37e2d83e04af92bfda48f0c86

SHA256
b820d19a7a8ce9d12a26837f967f983e45b07550b49e7b9a25e57b417c5f6fd9

SHA512
67466e21a13ca449b014b511fb49bfc51df841eb5776f93b4bda2e0023da96d368ac5c65de051ed9de1899275b9f33839af2c387be903688cdb48bf08993791e

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\ffmpeg.dll

Filesize
2.5MB

MD5
adf04efc00e4c9e5042d4e4d1d358a43

SHA1
9ee50616dd6bce2473df3f4ca630a01e4137d313

SHA256
119840b2d11d01c7b9125c8f4c48344fd56a8d6bc4801b2f7436df8536bc4e5d

SHA512
250b286b223dc5ddfd981828ce99b7e6721cdf06bd46a05e6a4cfc0b3c8870a573fb326dc5a3ab56aabb05331e620df14706e54b89ea999e305c9205dbdd8c2e

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\icudtl.dat

Filesize
4.2MB

MD5
b3c12ab44cf1c1e897b53f1cc1b6f2d3

SHA1
622a2f7a8c1c4831cfeb3149179b51bf0eceaa95

SHA256
74c34894f146c12856294614fa378dfb6a9ab07305903e4664c918a1bff7f92d

SHA512
a8372f872a8a46193b2d4b7d6a67f30e784b32a12b8e61edbb3775fa12fe71a8dfeb724b50f1195460b2c8b50ca8db5c48f05b4cc4f1a2ff3fed6965c0071f8c

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\locales\en-US.pak

Filesize
100KB

MD5
b6a2c492d2bc0278f350201bdb66ea21

SHA1
9c2652cf0bf720c41263c675db5c342c08f66b35

SHA256
a453fe4e06016aac08b58a1569074f3be985a730b5ca1e345cb3e286b042acf5

SHA512
cb39c7e9c58cdf23900014eb589c50e495b80e0cbc6a369110f84e96bf2a47e9057df1914287990c04d7a5fd3119eabb30642492d0a50d359ff7d2305cb4ae22

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\logs\2024-01-28 14-09-52.log

Filesize
2KB

MD5
82908142a6d8767a1e4007addfb11fe1

SHA1
63479a81a12a6d83a472ea7abe6cf07f4b632caa

SHA256
c863875402f07e7404aa6145b207ba426094e045e300ef71d113e8de2b0976d5

SHA512
4e33b7488d35e07c89591937d03fe7ee58d134a25471d306c9426201b7f58a5ada06fcbaa4ca5ffd03d5799aa08a5d63fa08b514c1b92c7c808b166d2bd2b02f

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\logs\2024-01-28 14-09-52.log

Filesize
4KB

MD5
eb88f47cec006029299ca1e9dba0efa3

SHA1
fba2ed2372e2f54030a5e0c90b127b68ffea35a1

SHA256
01dbd9cb4892c07e1671d920ff16731b3323d6723590e016ce66b92f14c72ccc

SHA512
2aee2602d4230d5e4e3af70a05913cd4bac22835f9bc00d7e758460a65496526d351ecda10ab7ddabed9c4df626fcd85e5699d2f9a0206b3d75136e2b684b81e

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\resources.pak

Filesize
4.9MB

MD5
2280f00811e2e4c40174a65e052a787e

SHA1
d918622cbd0eac79c3481cfbcf02990f68a4abda

SHA256
6c97bf22bba8016992d4f7284e85c35513e34d47763df50cbb772fbeb922ecfb

SHA512
979a4f6045342e5c7f956853e0ba61c8fad0c39988ae78d30411a9c8b8003ee9d4b6d92831f12025bd86a7d787fcc45b2664b8537e7a3b8ad0e176a67b3deb94

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\resources\app.asar

Filesize
5.9MB

MD5
d5d9ff128d8397d3789e6a2f5a74d889

SHA1
b2f94b49ffd25f7f01c624dd33d0053dad4f1b53

SHA256
0a55092f62dd44f3e6383ded0db78816aec15943e51c7046a9050aac29619ed7

SHA512
5b8f0233678b96358e23ba3b6594b211d5c042340839f07639ccbe783bba79bc60289e0426d76aa06f0a4cf228e8d05a57c7133a771729909c27b0a3a5f96c74

Download Submit
C:\Program Files (x86)\RADMIR LAUNCHER\v8_context_snapshot.bin

Filesize
160KB

MD5
2da5845c9024a219ae9638a2b3baa27a

SHA1
77a17e59da006b8d5322fe828813cb81a21bf9f7

SHA256
a6ac122a5c440b8ecd3e7b99cd5e7e7865d1aaf378fed1429494d7746d709b90

SHA512
b2967003c067c8758505153c4234b864217955a9572345bc497fd600d680d864dec9fe6ea92a3078a20355313ccc97f76b2c11868f681f474fc79e15b0a5f454

Download Submit
C:\Users\Admin\AppData\Local\Temp\nsoA814.tmp\modern-wizard.bmp

Filesize
150KB

MD5
76e7e1b158db2f6ca45115fcf755573f

SHA1
71c04592d23dcfbdee4b49437fc90c7526b65a18

SHA256
00ae62943b8366f557db72ecfac3277e3ef9e157ca0a40fa27d390a7d5333c7e

SHA512
09730cbee639de4538e9a15308fa5eb7f943e3b128c74f4da30f0f3237aa321c870bd3d690c6f8fec6702ba411042f31197f3101513a0f6237f56a8218448fed

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER.exe

Filesize
136KB

MD5
f65724f439f3ac47153fdec32d5d58fb

SHA1
9c842169664f734426e8d0b87ed068e554ea11c4

SHA256
c3566150c632c7cae3b96de78f5e5d7a3b816ce1b9a013ef74b326bb75df84c9

SHA512
10d3bf90b1f291494031cea1b14a9c55d30c75856bbeb8975585896016cf83b0d895f3edd9d28bb8867406979bb0b2922a6e28f93feff5b5dbd98aa5435f4745

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe

Filesize
3.2MB

MD5
8ebe90eccf157c48854401403c068248

SHA1
b088312d33da94c28888230d180f434e729100ce

SHA256
13f280ba781b1260c3fd047e3d2e96d3d91e9c291ec616eff9dd65afe8c5a8d4

SHA512
17e6911671f8b4fe86982dde84030cf1e64e393159afabfc12bb14ec82ad9b0a4faeba2632b671e2cb1c92450378266ff7da95deb36aeb08efbc36f2e8a45584

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\RADMIR_LAUNCHER_EX.exe

Filesize
11.7MB

MD5
783379d24dad61350b01b8a51b157947

SHA1
a1805256830cee492ea8f59497fcd88c040617f1

SHA256
93565a88bba4bde3392326eeace9673b401ac1cb2d7a1705bb94e9cbc974b92a

SHA512
f6155cdb5d0cd1dbc6f26657c5d8755f644b896e70c9537eab49987be6c5cc327dd0205414cf0bfc46f70b87e2ae616bcf65d99114f7a59dc9893ba94984bcd6

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-file-l1-2-0.dll

Filesize
17KB

MD5
79ee4a2fcbe24e9a65106de834ccda4a

SHA1
fd1ba674371af7116ea06ad42886185f98ba137b

SHA256
9f7bda59faafc8a455f98397a63a7f7d114efc4e8a41808c791256ebf33c7613

SHA512
6ef7857d856a1d23333669184a231ad402dc62c8f457a6305fe53ed5e792176ca6f9e561375a707da0d7dd27e6ea95f8c4355c5dc217e847e807000b310aa05c

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-file-l2-1-0.dll

Filesize
17KB

MD5
3f224766fe9b090333fdb43d5a22f9ea

SHA1
548d1bb707ae7a3dfccc0c2d99908561a305f57b

SHA256
ae5e73416eb64bc18249ace99f6847024eceea7ce9c343696c84196460f3a357

SHA512
c12ea6758071b332368d7ef0857479d2b43a4b27ceeab86cbb542bd6f1515f605ea526dfa3480717f8f452989c25d0ee92bf3335550b15ecec79e9b25e66a2ca

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-localization-l1-2-0.dll

Filesize
20KB

MD5
23bd405a6cfd1e38c74c5150eec28d0a

SHA1
1d3be98e7dfe565e297e837a7085731ecd368c7b

SHA256
a7fa48de6c06666b80184afee7e544c258e0fb11399ab3fe47d4e74667779f41

SHA512
c52d487727a34fbb601b01031300a80eca7c4a08af87567da32cb5b60f7a41eb2cae06697cd11095322f2fc8307219111ee02b60045904b5c9b1f37e48a06a21

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-processthreads-l1-1-1.dll

Filesize
18KB

MD5
95c5b49af7f2c7d3cd0bc14b1e9efacb

SHA1
c400205c81140e60dffa8811c1906ce87c58971e

SHA256
ff9b51aff7fbec8d7fe5cc478b12492a59b38b068dc2b518324173bb3179a0e1

SHA512
f320937b90068877c46d30a15440dc9ace652c3319f5d75e0c8bb83f37e78be0efb7767b2bd713be6d38943c8db3d3d4c3da44849271605324e599e1242309c3

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-synch-l1-2-0.dll

Filesize
18KB

MD5
6e704280d632c2f8f2cadefcae25ad85

SHA1
699c5a1c553d64d7ff3cf4fe57da72bb151caede

SHA256
758a2f9ef6908b51745db50d89610fe1de921d93b2dbea919bfdba813d5d8893

SHA512
ade85a6cd05128536996705fd60c73f04bab808dafb5d8a93c45b2ee6237b6b4ddb087f1a009a9d289c868c98e61be49259157f5161feccf9f572fd306b460e6

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-core-timezone-l1-1-0.dll

Filesize
18KB

MD5
c9a55de62e53d747c5a7fddedef874f9

SHA1
c5c5a7a873a4d686bfe8e3da6dc70f724ce41bad

SHA256
b5c725bbb475b5c06cc6cb2a2c3c70008f229659f88fba25ccd5d5c698d06a4b

SHA512
adca0360a1297e80a8d3c2e07f5fbc06d2848f572f551342ad4c9884e4ab4bd1d3b3d9919b4f2b929e2848c1a88a4e844dd38c86067cace9685f9640db100efb

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-convert-l1-1-0.dll

Filesize
21KB

MD5
9ddea3cc96e0fdd3443cc60d649931b3

SHA1
af3cb7036318a8427f20b8561079e279119dca0e

SHA256
b7c3ebc36c84630a52d23d1c0e79d61012dfa44cdebdf039af31ec9e322845a5

SHA512
1427193b31b64715f5712db9c431593bdc56ef512fe353147ddb7544c1c39ded4371cd72055d82818e965aff0441b7cbe0b811d828efb0ece28471716659e162

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-environment-l1-1-0.dll

Filesize
18KB

MD5
39325e5f023eb564c87d30f7e06dff23

SHA1
03dd79a7fbe3de1a29359b94ba2d554776bdd3fe

SHA256
56d8b7ee7619579a3c648eb130c9354ba1ba5b33a07a4f350370ee7b3653749a

SHA512
087b9dcb744ad7d330bacb9bda9c1a1df28ebb9327de0c5dc618e79929fd33d1b1ff0e1ef4c08f8b3ea8118b968a89f44fe651c66cba4ecbb3216cd4bcce3085

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-filesystem-l1-1-0.dll

Filesize
19KB

MD5
228c6bbe1bce84315e4927392a3baee5

SHA1
ba274aa567ad1ec663a2f9284af2e3cb232698fb

SHA256
ac0cec8644340125507dd0bc9a90b1853a2d194eb60a049237fb5e752d349065

SHA512
37a60cce69e81f68ef62c58bba8f2843e99e8ba1b87df9a5b561d358309e672ae5e3434a10a3dde01ae624d1638da226d42c64316f72f3d63b08015b43c56cab

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-heap-l1-1-0.dll

Filesize
18KB

MD5
1776a2b85378b27825cf5e5a3a132d9a

SHA1
626f0e7f2f18f31ec304fe7a7af1a87cbbebb1df

SHA256
675b1b82dd485cc8c8a099272db9241d0d2a7f45424901f35231b79186ec47ee

SHA512
541a5dd997fc5fec31c17b4f95f03c3a52e106d6fb590cb46bdf5adad23ed4a895853768229f3fbb9049f614d9bae031e6c43cec43fb38c89f13163721bb8348

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-locale-l1-1-0.dll

Filesize
18KB

MD5
034379bcea45eb99db8cdfeacbc5e281

SHA1
bbf93d82e7e306e827efeb9612e8eab2b760e2b7

SHA256
8b543b1bb241f5b773eb76f652dad7b12e3e4a09230f2e804cd6b0622e8baf65

SHA512
7ea6efb75b0c59d3120d5b13da139042726a06d105c924095ed252f39ac19e11e8a5c6bb1c45fa7519c0163716745d03fb9daaaca50139a115235ab2815cc256

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-math-l1-1-0.dll

Filesize
28KB

MD5
8da414c3524a869e5679c0678d1640c1

SHA1
60cf28792c68e9894878c31b323e68feb4676865

SHA256
39723e61c98703034b264b97ee0fe12e696c6560483d799020f9847d8a952672

SHA512
6ef3f81206e7d4dca5b3c1fafc9aa2328b717e61ee0acce30dfb15ad0fe3cb59b2bd61f92bf6046c0aae01445896dcb1485ad8be86629d22c3301a1b5f4f2cfa

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-multibyte-l1-1-0.dll

Filesize
25KB

MD5
19d7f2d6424c98c45702489a375d9e17

SHA1
310bc4ed49492383e7c669ac9145bda2956c7564

SHA256
a6b83b764555d517216e0e34c4945f7a7501c1b7a25308d8f85551fe353f9c15

SHA512
01c09edef90c60c9e6cdabff918f15afc9b728d6671947898ce8848e3d102f300f3fb4246af0ac9c6f57b3b85b24832d7b40452358636125b61eb89567d3b17e

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-runtime-l1-1-0.dll

Filesize
22KB

MD5
fb0ca6cbfff46be87ad729a1c4fde138

SHA1
2c302d1c535d5c40f31c3a75393118b40e1b2af9

SHA256
1ee8e99190cc31b104fb75e66928b8c73138902fefedbcfb54c409df50a364df

SHA512
99144c67c33e89b8283c5b39b8bf68d55638daa6acc2715a2ac8c5dba4170dd12299d3a2dffb39ae38ef0872c2c68a64d7cdc6ceba5e660a53942761cb9eca83

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-stdio-l1-1-0.dll

Filesize
23KB

MD5
d5166ab3034f0e1aa679bfa1907e5844

SHA1
851dd640cb34177c43b5f47b218a686c09fa6b4c

SHA256
7bcab4ca00fb1f85fea29dd3375f709317b984a6f3b9ba12b8cf1952f97beee5

SHA512
8f2d7442191de22457c1b8402faad594af2fe0c38280aaafc876c797ca79f7f4b6860e557e37c3dbe084fe7262a85c358e3eeaf91e16855a91b7535cb0ac832e

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-string-l1-1-0.dll

Filesize
23KB

MD5
ad99c2362f64cde7756b16f9a016a60f

SHA1
07c9a78ee658bfa81db61dab039cffc9145cc6cb

SHA256
73ab2161a7700835b2a15b7487045a695706cc18bcee283b114042570bb9c0aa

SHA512
9c72f239adda1de11b4ad7028f3c897c93859ef277658aeaa141f09b7ddfe788d657b9cb1e2648971ecd5d27b99166283110ccba437d461003dbb9f6885451f7

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-time-l1-1-0.dll

Filesize
20KB

MD5
9b79fda359a269c63dcac69b2c81caa4

SHA1
a38c81b7a2ec158dfcfeb72cb7c04b3eb3ccc0fb

SHA256
4d0f0ea6e8478132892f9e674e27e2bc346622fc8989c704e5b2299a18c1d138

SHA512
e69d275c5ec5eae5c95b0596f0cc681b7d287b3e2f9c78a9b5e658949e6244f754f96ad7d40214d22ed28d64e4e8bd507363cdf99999fea93cfe319078c1f541

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\api-ms-win-crt-utility-l1-1-0.dll

Filesize
18KB

MD5
70e9104e743069b573ca12a3cd87ec33

SHA1
4290755b6a49212b2e969200e7a088d1713b84a2

SHA256
7e6b33a4c0c84f18f2be294ec63212245af4fd8354636804ffe5ee9a0d526d95

SHA512
e979f28451d271f405b780fc2025707c8a29dcb4c28980ca42e33d4033666de0e4a4644defec6c1d5d4bdd3c73d405fafcffe3320c60134681f62805c965bfd9

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\msvcp140.dll

Filesize
429KB

MD5
109f0f02fd37c84bfc7508d4227d7ed5

SHA1
ef7420141bb15ac334d3964082361a460bfdb975

SHA256
334e69ac9367f708ce601a6f490ff227d6c20636da5222f148b25831d22e13d4

SHA512
46eb62b65817365c249b48863d894b4669e20fcb3992e747cd5c9fdd57968e1b2cf7418d1c9340a89865eadda362b8db51947eb4427412eb83b35994f932fd39

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\ucrtbase.dll

Filesize
1.1MB

MD5
6343ff7874ba03f78bb0dfe20b45f817

SHA1
82221a9ac1c1b8006f3f5e8539e74e3308f10bcb

SHA256
6f8f05993b8a25cadf5e301e58194c4d23402e467229b12e40956e4f128588b3

SHA512
63c3d3207577d4761103daf3f9901dd0a0ae8a89694ad1128fd7e054627cdd930d1020049317c5a898411735e2f75e2103ae303e7e514b6387a3c8463a4fb994

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\uninstall.exe

Filesize
79KB

MD5
28f289d508e59eadc3546c283af0fada

SHA1
f2c8d5d3bf1930e31bf9a50b48e5eb04b5a1f043

SHA256
72084db5bf37593e5f532df50a4e7e30b5ce4e90b2a1c5fc1333dae8b9c0eef5

SHA512
ecfeb9179c0e7d08da74425f229bebafd2cd4519bc17cf3b60397b16d92297707f3b070ffb9412030139bf29f4c3587e20b58180b76362d10c3a1e682aba1683

Download Submit
\Program Files (x86)\RADMIR LAUNCHER\vcruntime140.dll

Filesize
81KB

MD5
7587bf9cb4147022cd5681b015183046

SHA1
f2106306a8f6f0da5afb7fc765cfa0757ad5a628

SHA256
c40bb03199a2054dabfc7a8e01d6098e91de7193619effbd0f142a7bf031c14d

SHA512
0b63e4979846ceba1b1ed8470432ea6aa18cca66b5f5322d17b14bc0dfa4b2ee09ca300a016e16a01db5123e4e022820698f46d9bad1078bd24675b4b181e91f

Download Submit
\Users\Admin\AppData\Local\Temp\80abc806-94fd-49e8-af23-fa6367b87262.tmp.node

Filesize
5.0MB

MD5
ddd0f5bdcd8172c0656039f832fb16ed

SHA1
3824f11fe70a469037cfe1c17743c4fff5100881

SHA256
9e67a7de8942931631c79562e5bccfdbec32eb5d3629a93534b02debd5a7e658

SHA512
d3ede7e969709c6c2b167020093ce577233dd7c121c39abe50b7f20e4466bd2fd1e859ec137135a14ef070f13f0a1b682df73c7d2ad475dfaf07ff738ba6da90

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA814.tmp\System.dll

Filesize
12KB

MD5
cff85c549d536f651d4fb8387f1976f2

SHA1
d41ce3a5ff609df9cf5c7e207d3b59bf8a48530e

SHA256
8dc562cda7217a3a52db898243de3e2ed68b80e62ddcb8619545ed0b4e7f65a8

SHA512
531d6328daf3b86d85556016d299798fa06fefc81604185108a342d000e203094c8c12226a12bd6e1f89b0db501fb66f827b610d460b933bd4ab936ac2fd8a88

Download Submit
\Users\Admin\AppData\Local\Temp\nsoA814.tmp\nsDialogs.dll

Filesize
9KB

MD5
6c3f8c94d0727894d706940a8a980543

SHA1
0d1bcad901be377f38d579aafc0c41c0ef8dcefd

SHA256
56b96add1978b1abba286f7f8982b0efbe007d4a48b3ded6a4d408e01d753fe2

SHA512
2094f0e4bb7c806a5ff27f83a1d572a5512d979eefda3345baff27d2c89e828f68466d08c3ca250da11b01fc0407a21743037c25e94fbe688566dd7deaebd355

Download Submit