Malware Analysis Report

2025-01-22 08:14

Sample ID 241026-fzdlwszgpd
Target https://pg.easypay.co.kr/security/raonnx/nxKey/module/TouchEn_nxKey_32bit.exe?ver=1.0.0.83
Tags
discovery execution persistence spyware stealer upx
score
8/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
8/10

Threat Level: Likely malicious

The file https://pg.easypay.co.kr/security/raonnx/nxKey/module/TouchEn_nxKey_32bit.exe?ver=1.0.0.83 was found to be: Likely malicious.

Malicious Activity Summary

discovery execution persistence spyware stealer upx

Downloads MZ/PE file

Creates new service(s)

Executes dropped EXE

Checks computer location settings

Loads dropped DLL

Reads user/profile data of web browsers

Adds Run key to start application

Checks installed software on the system

UPX packed file

Drops file in System32 directory

Drops file in Program Files directory

Launches sc.exe

Drops file in Windows directory

Enumerates physical storage devices

System Location Discovery: System Language Discovery

Browser Information Discovery

NSIS installer

Suspicious behavior: LoadsDriver

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Suspicious use of AdjustPrivilegeToken

Suspicious use of FindShellTrayWindow

Modifies Internet Explorer settings

Modifies registry class

Suspicious behavior: EnumeratesProcesses

Suspicious use of WriteProcessMemory

Uses Task Scheduler COM API

Suspicious use of SendNotifyMessage

Modifies data under HKEY_USERS

Uses Volume Shadow Copy WMI provider

Modifies system certificate store

Suspicious use of SetWindowsHookEx

Uses Volume Shadow Copy service COM API

Enumerates system info in registry

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2024-10-26 05:18

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2024-10-26 05:18

Reported

2024-10-26 05:27

Platform

win10ltsc2021-20241023-en

Max time kernel

510s

Max time network

485s

Command Line

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pg.easypay.co.kr/security/raonnx/nxKey/module/TouchEn_nxKey_32bit.exe?ver=1.0.0.83

Signatures

Creates new service(s)

persistence execution

Downloads MZ/PE file

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A

Reads user/profile data of web browsers

spyware stealer

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CrossEXService = "C:\\Program Files (x86)\\iniLINE\\CrossEX\\crossex\\CrossEXService.exe" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A

Checks installed software on the system

discovery

Drops file in System32 directory

Description Indicator Process Target
File created C:\Windows\SysWOW64\CKAgentNXE_t.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\SysWOW64\jrsoftcp.dll C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
File created C:\Windows\SysWOW64\keysharpcrypto.dll C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\system32\CKAgentNXE_t.exe C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\temp_JRSKD24.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\temp_JRSUKD25.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\CKAgent.dat C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\temp_JRSUKD25.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File opened for modification C:\Windows\system32\CKAgentNXE.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\system32\CKAgentNXE.dat C:\Windows\SysWOW64\CKSetup64.exe N/A
File opened for modification C:\Windows\system32\CKAgent.exe C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\CKAgent.dat C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\SysWOW64\CKAgent_t.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File opened for modification C:\Windows\system32\CKAgent.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\SysWOW64\CKSetup32.exe C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
File created C:\Windows\SysWOW64\CKSetup64.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File opened for modification C:\Windows\system32\JRSUKD25.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File opened for modification C:\Windows\SysWOW64\CKAgentNXE.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File opened for modification C:\Windows\system32\CKAgentNXE.exe C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\temp_JRSKD24.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File opened for modification C:\Windows\system32\JRSKD24.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File opened for modification C:\Windows\SysWOW64\CKAgent.exe C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\SysWOW64\CKAgent.dat C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\system32\CKAgentNXE.dat C:\Windows\SysWOW64\CKSetup32.exe N/A
File created C:\Windows\SysWOW64\CKAgentNXE.dat C:\Windows\SysWOW64\CKSetup32.exe N/A
File opened for modification C:\Windows\system32\JRSKD24.SYS C:\Windows\SysWOW64\CKSetup64.exe N/A
File created C:\Windows\system32\CKAgent_t.exe C:\Windows\SysWOW64\CKSetup64.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\digicert_root_g4.cer C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (X86)\RaonSecure\TouchEn nxKey\TKAppi.dll C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXProtocol.dll C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\kr.co.raon.touchenex.json C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\kr.co.raon.touchenex.firefox.json C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\UnInstallCrossEX.exe C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File opened for modification C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\digicert_root_g4.cer C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe.sig C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXChrome.exe C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXFirefox.dll C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEX.sig C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\iniLINE\CrossEX\crossex\UnInstallCrossEXLocal.exe C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
File created C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
File created C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
File created C:\Program Files (X86)\RaonSecure\TouchEn nxKey\TKAppm.dll C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
File created C:\Program Files (X86)\RaonSecure\TouchEn nxKey\KeySharpCryptoV15_32.dll C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
File created C:\Program Files (X86)\RaonSecure\TouchEn nxKey\TKMain.dll C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
File created C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\npraontouchenex.dll C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
File created C:\Program Files (x86)\iniLINE\CrossEX\crossex\rootCA.crt C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\SystemTemp C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Launches sc.exe

Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A
N/A N/A C:\Windows\SysWOW64\sc.exe N/A

Browser Information Discovery

discovery

Enumerates physical storage devices

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\CKSetup32.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\sc.exe N/A

NSIS installer

installer
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Enumerates system info in registry

Description Indicator Process Target
Key opened \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key value queried \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FD68F8A-641E-4204-AE47-DD835C1AE756}\Compatibility Flags = "0" C:\Windows\SysWOW64\CKSetup32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39} C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39}\AppName = "CKAgentNXE.exe" C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39}\AppPath = "C:\\Windows\\system32" C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39}\Policy = "3" C:\Windows\SysWOW64\CKSetup32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6CE20149-ABE3-462E-A1B4-5B549971AA38} C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\Compatibility Flags = "0" C:\Windows\SysWOW64\CKSetup32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FD68F8A-641E-4204-AE47-DD835C1AE756} C:\Windows\SysWOW64\CKSetup32.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133743935155273874" C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\CrossEXService = "C:\\Program Files (x86)\\iniLINE\\CrossEX\\crossex\\CrossEXService.exe" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CurVer\ = "touchenexProtocol.ProtocolMain.1" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\CrossExProtocol.DLL\AppID = "{BCC3963A-8284-48E1-9E44-72429E752393}" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\VersionIndependentProgID C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCC3963A-8284-48E1-9E44-72429E752393}\ = "CrossExProtocol" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\ = "ProtocolMain Class" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\VersionIndependentProgID\ = "touchenexProtocol.ProtocolMain" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node C:\Windows\SysWOW64\CKSetup32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\VersionIndependentProgID\ = "touchenexProtocol.ProtocolMain" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\FLAGS\ = "0" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\0 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CLSID\ = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\TypeLib\ = "{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\CrossExProtocol.DLL\AppID = "{BCC3963A-8284-48E1-9E44-72429E752393}" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCC3963A-8284-48E1-9E44-72429E752393} C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID\ = "touchenexProtocol.ProtocolMain.1" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\Programmable C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32\ThreadingModel = "Apartment" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560} C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex\ C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\FLAGS C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\0\win32 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\ = "{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex\CLSID = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9} C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\ = "CrossExProtocol 1.0 Çü½Ä ¶óÀ̺귯¸®" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\Version = "1.0" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain.1\CLSID\ = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\TypeLib C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer C:\Windows\SysWOW64\CKSetup32.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (int) \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\Compatibility Flags = "0" C:\Windows\SysWOW64\CKSetup32.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\RaonSecure\\bridge\\CrossEX\\touchenex\\1.0.1.1547" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f} C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID\ = "touchenexProtocol.ProtocolMain.1" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain.1\CLSID\ = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CurVer C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\HELPDIR C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\Programmable C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex\ C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FD68F8A-641E-4204-AE47-DD835C1AE756} C:\Windows\SysWOW64\CKSetup32.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\0\win32\ = "C:\\Program Files (x86)\\RaonSecure\\bridge\\CrossEX\\touchenex\\1.0.1.1547\\CrossEXProtocol.dll" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key deleted \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\Programmable C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32\ = "C:\\Program Files (x86)\\RaonSecure\\bridge\\CrossEX\\touchenex\\1.0.1.1547\\CrossEXProtocol.dll" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCC3963A-8284-48E1-9E44-72429E752393}\ = "CrossExProtocol" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\ = "{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain.1\ = "ProtocolMain Class" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CurVer\ = "touchenexProtocol.ProtocolMain.1" C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ = "ProtocolMain Class" C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DC2F16A0E1AF8FAF0D3E93EAC9ACA7315A409C79\Blob = 030000000100000014000000dc2f16a0e1af8faf0d3e93eac9aca7315a409c792000000001000000b6030000308203b23082029aa003020102020101300d06092a864886f70d01010b05003070310b3009060355040613024b523113301106035504080c0a536f6d652d5374617465310e300c06035504070c0553656f756c311a3018060355040a0c11696e694c494e4520436f2e2c204c74642e3120301e06035504030c17696e694c494e452043726f7373455820526f6f744341323020170d3138313031303038323831355a180f32303939313233313038323831355a3070310b3009060355040613024b523113301106035504080c0a536f6d652d5374617465310e300c06035504070c0553656f756c311a3018060355040a0c11696e694c494e4520436f2e2c204c74642e3120301e06035504030c17696e694c494e452043726f7373455820526f6f7443413230820122300d06092a864886f70d01010105000382010f003082010a0282010100c74641aea9b5c3ac70c760c8b9b4d913239c9f1f2ba22ec168ddf87c291a6f7bf65039a350a4df32666610daeef39f518c94566fb0883e95d5954bb6fa77fb741d85321d4779043dfae7530d23f0834bd602eac8380298c246d0ab9d8ad4c1b11fdfe8dac89f57872151fb07494e2611db05fd7a911b2072731304b583a100a8346d3e75aee2bc90fc82eda089b475919abc33f9c44b4d1642d059e6818d723c6a725bdbf3f1b0936580a6fe2cf8009d382e5e6bc1e8f16869c153d0cd1f58359761f250b8f2f28227acbb6d7467e60cc441618cf1805f4e5eccc4a0caf8b6b6f627e264f92ed3bcdde2899d7035145576c3d2e4b2f95ca5eb2bbaca8d0ea4d90203010001a355305330120603551d130101ff040830060101ff020100301d0603551d0e04160414baf05eca432879dc5a9fe9f563d90721fa1a504b300b0603551d0f040403020106301106096086480186f8420101040403020007300d06092a864886f70d01010b05000382010100c08cf619a76feef45d47324122595199e2825f963d4afdee811f2038e5d5fc369518cdb0fb4d0412499417a7f4f7308955370c7f1aa84a5806884b78817924ef7d5332214c70f0411d4434bdd009b6094fe5e1ec61a380058abfde0eb6f66f0727e74d6109266a36b2d563fdd9999d8eecd752271286e605247ef552ace03bb93550440002423e129308f4aeb1f416f33f8c4969abf2af6bcb33f5833e14aa51cb2194e9978cfe9f4158b2964faf0233841ddb09bac430b32981e65ef39611521e45b0188b549541d1188317fa287b987b9fc312613b63b218eafbe1d7152e175d58b313d67e59a3a691b73c0addf8eb2a2d8778392ff28b25faa6ff9145b080 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b812000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68 C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54 C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DC2F16A0E1AF8FAF0D3E93EAC9ACA7315A409C79 C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81 C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d542000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A

Suspicious behavior: EnumeratesProcesses

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup64.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup64.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup64.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup64.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup32.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup32.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup32.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup32.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup32.exe N/A
N/A N/A C:\Windows\SysWOW64\CKSetup32.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A
N/A N/A C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeShutdownPrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
Token: SeCreatePagefilePrivilege N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of FindShellTrayWindow

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of SendNotifyMessage

Description Indicator Process Target
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A
N/A N/A C:\Program Files\Google\Chrome\Application\chrome.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 5068 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 4760 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 2480 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3200 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe
PID 5068 wrote to memory of 3136 N/A C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe

Uses Task Scheduler COM API

persistence

Uses Volume Shadow Copy WMI provider

ransomware

Uses Volume Shadow Copy service COM API

ransomware

Processes

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pg.easypay.co.kr/security/raonnx/nxKey/module/TouchEn_nxKey_32bit.exe?ver=1.0.0.83

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7ffcdb47cc40,0x7ffcdb47cc4c,0x7ffcdb47cc58

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2056 /prefetch:2

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=512 /prefetch:3

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2436 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3220 /prefetch:1

C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe

"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5088,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5108 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5096,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5124 /prefetch:8

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1116,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5264 /prefetch:8

C:\Program Files\Google\Chrome\Application\chrome.exe

"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4076 /prefetch:8

C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe

"C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe"

C:\Windows\SysWOW64\CKSetup32.exe

C:\Windows\system32\CKSetup32.exe /install appm

C:\Windows\SysWOW64\CKSetup64.exe

"C:\Windows\SysWOW64\CKSetup64.exe" /update CKAgentNXE

C:\Windows\SysWOW64\CKSetup64.exe

"C:\Windows\SysWOW64\CKSetup64.exe" /update CKAgent

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe

"C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe" /S

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe

"C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe" /S

C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe

"C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe"

C:\Windows\SysWOW64\sc.exe

sc create "CrossEX Live Checker" binpath= "\"C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe\"" start= auto

C:\Windows\SysWOW64\sc.exe

sc description "CrossEX Live Checker" "checking live status of CrossEXService"

C:\Windows\SysWOW64\sc.exe

sc start "CrossEX Live Checker"

C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe

"C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe"

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe

"C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe" -noces

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe "C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe" -noces

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe

"C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe" -A -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release" -i "C:\Program Files (X86)\iniLINE\CrossEX\crossex\rootCA.crt" -n "iniLINE CrossEX RootCA2" -t "CT,C,C"

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe

"C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe" -L -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release"

Network

Country Destination Domain Proto
US 8.8.8.8:53 pg.easypay.co.kr udp
KR 203.233.72.17:443 pg.easypay.co.kr tcp
KR 203.233.72.17:443 pg.easypay.co.kr tcp
KR 203.233.72.17:443 pg.easypay.co.kr tcp
US 8.8.8.8:53 74.169.217.172.in-addr.arpa udp
US 8.8.8.8:53 0.159.190.20.in-addr.arpa udp
US 8.8.8.8:53 95.221.229.192.in-addr.arpa udp
US 8.8.8.8:53 17.72.233.203.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 fd.api.iris.microsoft.com udp
FR 20.199.58.43:443 fd.api.iris.microsoft.com tcp
US 8.8.8.8:53 53.210.109.20.in-addr.arpa udp
US 8.8.8.8:53 240.221.184.93.in-addr.arpa udp
US 8.8.8.8:53 171.39.242.20.in-addr.arpa udp
US 8.8.8.8:53 22.236.111.52.in-addr.arpa udp
US 8.8.8.8:53 168.117.168.52.in-addr.arpa udp

Files

\??\pipe\crashpad_5068_ATVYYTUCTUKSSPFK

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512 cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports

MD5 d751713988987e9331980363e24189ce
SHA1 97d170e1550eee4afc0af065b78cda302a97674c
SHA256 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
SHA512 b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 c7246d20bc66209fa42bcb1f4640ba0e
SHA1 8fe9ad7878a06cc18ddbc546b256e2708fe02444
SHA256 7b567de1363e13b4efc595daa922305bbcab44f6e4f0bde6b4900df9d0708d2f
SHA512 978fdf5d7fcda1813028bac60627897767870ddcfae12dcdcd7289375d2237eb4fc72f04242bbf55e18a17aa17f2cc7d0281e80a724d6ee336ee43dc13815e69

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 876acd1516b1f2bbb02e8ee0a0688007
SHA1 72a94a09c342b9bad2446594a87d689c0d609213
SHA256 5ddeedf3f3ec2f0399b3b51611107344ac34bf7011c8bd0fba1550f287afe011
SHA512 bf189ea234147d64ac9fcd706d3d43eddf6e4db612ec0721ae09edeae4867a2a50eb1d22a275a15f0ccec093484b7e74a2b8069b5d8f45dbeb23f7f56c4dfc65

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 301e6669823fe538e79e9e3e9392e894
SHA1 666e73ea2e63259c0aa26b5fcaa0f03e0529b890
SHA256 9ba0e0ef50a3ab1f00e7a15a8485e60f0d2fa6ab9bede1b3f6b2ef88e20bd6bd
SHA512 7ac6f24585bfb1ac54ee3d7f37ff712b94cc4496afefe458d9ab2378f4bfdf3b9be5721de22b9be63a281e5a52d24535d52f7c2240d8d7d2b4f065c3dac7f13e

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State

MD5 447666c8b6c1b68c0309a3f18c2edfa6
SHA1 c0919938b0f506de695430855b66088231121876
SHA256 afd94504f452607c92998bc83fc957bc50e1617c06fd9c59864cd137f43dc796
SHA512 16cf2016a763f017b61bf74ad33c8a4b5ca04115dfc9a343aaea14a78543ce17420432611605a1212b207d020af092c34fb270022b44cf55d66a41fd725a4149

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 5af06d0a0e07e53bbe80400dcb88de3c
SHA1 4f4596ca1b5f08a6687164edfb35d64ff4e37210
SHA256 986ec1b858a81aba343e8def3e4d3afed0af70fb3e9b9edc8a9e731dff863d73
SHA512 259251f8d480948bfc8ca460b437a3783928be64505df2d417ed3e6ea4da3cd1109dad92e2ea9fee816e9979311988467d1e62b0f52097a4b5339da960b0ebd4

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State

MD5 86378185d9be7a3d0e3f42bce71e22af
SHA1 e404b75929fc16213fd8cc7b9da7e1e453a9299c
SHA256 f734eb33ea61b15a21e6445543bf434ad4e532673052b5e5de703a1f43c82f93
SHA512 021d0c998bb775ee15d67abcc6971f30dc635da26a6fa2ba3ed9954d5d56d99287868ff70cc3f67980d339dedadb3e00bf56600803f3b1ac65663ff93eaff74c

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 48227282c87908c7a92662476804a5c1
SHA1 25b786f13ea3693a0aea20a7ba558d61b13ad8e1
SHA256 6458cd9dc9691f88d840442f0e6c1e3be8e20f3f01f3cde3e7756854a5c5eb89
SHA512 8575b0550faad00d18fdf871e54d8474a05dc8f8dfa4cd0ae74e0eeaed32004246d856227291fd9a641bd524be77d5893c6e1d1da28969e0e0bb493fb61b655f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 63b6f084a1daf6938041d369e03a2d72
SHA1 ccf41b28bb9f62d2c40d935037cf6dd3bd73ea20
SHA256 7aebfafcd0c3cee829be5c2937c7a1ab6e7e03207d4b35e56ec59b21c1a77363
SHA512 28636a76b3e95d26006f55d352c5cb1c545bd4fb96f2c2f42acb25def0d2a1bbf4999d8188c36598d14835852daf57a1b2dc172849a8f3638c732f3a4a7e2116

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c98acf97f9a27d073f455dfa52513840
SHA1 9e6ea87971df56553eb9bc49f2282deecf502e50
SHA256 4fb4cb0d91c1cbfd740dd374deefd1992eb7932ccb7b8a785384e598b250fc72
SHA512 9eb4d14765b24dc21d52f81e91545b64dd64da60041356f5cfd870a645df0a6ca75af5177cc94a83e91e2ec7007c77e8c7ca4aed4eb6a41ec0dc9910bbdc7dec

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 77eab702d6af57f489753408cfd3f728
SHA1 d0407a5dcbc53ae33b6b9e314cb21c6ac8d48147
SHA256 584bdd3176ad6a24cf1f3f9d9d3ce37ac3dd2902b9339fe4b4896ea71aacfdb7
SHA512 913d8448816b2b3645a8bb9975ebc223cec13acfec291033437f57d294f5557c95628299a94b3f1681ad294374bdefee2bf46d72cb6366eb5a50b25acbd65b17

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 c58df21ee08d0254f8dd52231fe83106
SHA1 0ed74aface74ebe2835860ac9e9d31e78ca49dae
SHA256 e906ddacdf58cc2ca85707ede2d8bb1a54b8202eb6445a30dfc17881179972df
SHA512 4a0f2c2c9f110c9e8194b6b211caef2182aed6ad0830a60b9632d8ec018c677855da838c044def2831e43195b9c63efdff40c808ac39f7ece5c580ab475b2fcf

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 72c8ac7cca41564b210abebb11071c09
SHA1 84970e06e4293abbe8974e5db56da546de82074a
SHA256 e94711f2e06e4448fe22121dfa2002db73271672aef6a21ea5cd4595b5376821
SHA512 2ae832453accf85e82d92b80bc9a1a66277addfab4966999007e4731cdf6b13c29428ae69df7d0a8d54ccfd8eb1110ef7dccc89cafa734829a73bfdc7c3aafb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07b1aae183d35c194df6782eb42e8795
SHA1 a6ee673fddf15336e850536ef2de3322ea5e90c4
SHA256 3d6e433858cacc825f8521ca9cfa5c80ac227179a70c844c5eb21677d68598ed
SHA512 cfbadcda553e3cf801152ece6159daaebcbe32605447e7382ff7835e721960cb33f1cb4b1114e18b40cd54a6c03e0e42694fd567d503b2d6d329868badae906f

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005

MD5 92f6969acb4baa0898c763d277bb4171
SHA1 55665bfa6fd54b06bdcfa4530ce172697ea1ea2d
SHA256 714357e72a0cc013c7829fd817afbc0757b57be09bdc7bf73105cb984b01330a
SHA512 4e1b4ec73de936679fbabf9dcb48876148d824e981c2e2e672e6f7dbca1ad11994aa72039a14d60cf8e63ad8294c09c511ebf9dbb192b9b6b86e29dfd89ca059

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 2076f2a12092d8a8458c184e478197b0
SHA1 433913305d58d3a679894b6ee67ada0e632a131f
SHA256 5ac37c48f0985f6c77d711be3b8916f69ef673d7b3e9749dc2905d7b3e25b941
SHA512 e46e460d7cfb745a3e0e5544b9fdcaa00da6292106689c44552d69e99368adcc96cd709d7c2db93de88c2c315bcdda9db45263b54d51e7219d263cd40d8de72d

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 b3f2040bbc698b768a94a8919a4bc5ef
SHA1 22bffd54ded1bfd91d6ddf21fb0bfa303ba1b8be
SHA256 266948f1cbe403c8b5a87b15ea299ef6c5c14efbeed7cd1d2dbecc5268191d31
SHA512 07c178f896fcb288aa11e9911037d338a8ef35c9457df68336a167e1eec54a229071f5a968dd93fd298026123cdfb31ab551b189db30f9b756152594984f8ba3

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4f48cd83973e0742c45833b7c38ce11b
SHA1 5a8f4dd7fcf971d6c15d04900cfae2d524f5caf9
SHA256 4f81643f33d104323840304ef31d466530064570d917d0b833a2aa6f846fdb2e
SHA512 b189d2c60ae3a39f9b750a64cf7a7fa44b4712d9edde9666b9085ccdbbc75f2d6947ee3d2b30e13c1ecb9f3b8fdf04d946dd46a5d4deed994ab38b90970fca14

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 07f5790218b51560ee7be427be9bd288
SHA1 7b08a2ae8dc8b14f8e64ec66c786cbe129c4228a
SHA256 8b7128052b4fed8998f4c667c5ca5bb9fdfe03fc9504734772632c7351777bdd
SHA512 3c0d34df0af19754b861188f819df73c675c9ee934fbd7d6696217647212d48f87510046c84ef540a6bba62f1ecf31d8d3a22f52d8935f6cd4cd36ae3b22f967

memory/3124-200-0x0000000000400000-0x000000000153B000-memory.dmp

C:\Windows\SysWOW64\CKSetup32.exe

MD5 4c223e09255ada447f0936d0aa58d9a7
SHA1 72aa56920be6bc4157b10b045d8680abdaafdbe3
SHA256 fcaced58f5b5815d1540a263172cd0e0b7a6d26c02fbe3832cef0df5665828a5
SHA512 ced2c3028576ff2365f7d85da28a8631fa1cadeee5382b9d03fb90df4dd0e1b1251d98c38f42e6218b832c196d7e82f51f15f40c0e5e7c849010a62fd690cd7a

C:\Windows\SysWOW64\CKSetup64.exe

MD5 99729c2dd5e6dee5c789fbf82576c1aa
SHA1 a0cc8bb5518642525b9a72c640f22a02ea0413e3
SHA256 4605135cce99d87f97110c7a291eca54aa38a34ad55eebfcaa1ac180ba20a9a2
SHA512 4c8f568ad52ed8d4225697e64cf91d5807dfa871b9cf7febd203d6df3b5d1276afbd1c41e15b079b1a3d083214d66e465b1b7b3d204669a2c12ceb60576844a5

C:\Windows\System32\CKAgentNXE.exe

MD5 4c94daea9957df6afba14daa4b0b44ff
SHA1 afb6f64e965ebea482336c7b549488e2b6db2b8b
SHA256 63f284d0253d3b69d52b247f2db002765c191d6f3d6f2827abee479c2652a12f
SHA512 c6059be0f10b93c55b90c69d29586db2d36fa409bd2528a7d07f2fe682d3149cc06e35dfbacf421034508bb6956de501fc1b02a0d7812504e2ae53102052e6bb

C:\Windows\System32\JRSKD24.SYS

MD5 00b020ba591f8844c02bacdaed83d4ea
SHA1 d0f8ac794a5daa5c6bb455ccb301f745cb6692e0
SHA256 229cbf7e662406d0babfad9652e5a7591a6f43d00f028bbb6eb9fd9ad86b904d
SHA512 06762ee1b325c42c60344fe199a429850f1747d3bfcc9680e93f2c2aeb2dce431a4f4c62bbd0809d50b2287cd695daf66eab18337b3f3244bd382affab4c4d2a

C:\Windows\System32\JRSUKD25.SYS

MD5 7be815e09606621986e428f2960c280f
SHA1 dd159d62817f529c9ab9fca415d0c54397531b34
SHA256 2e15f3c1470d9ae1ceba2a22569db1042893550370eab42412fddee9120217f8
SHA512 6fc11e85acaae07f90f1e6f5443b8bec02283f61322058b9693c3bd3e35c44ff8cb83000a70226f918ac82597b10a464d957a2542de50c87c43bddf646f68804

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 957a6b330036775e58842feeda34e378
SHA1 d996c43546c356d07219a58c8f0337acdfcea5fa
SHA256 47f36bad81aa47d5ff57865f345686d31fe5fe7ea82df6a27fd2881d5cf10eec
SHA512 bf4b1cc7c8dea23bc04dadb029a6c16f761d7232f42fac6047704e3b1a61d5a0b036636e8f3ebbd99c478cf87f70f9c1310dbd952ee4b6ef6b46762f3166be90

memory/3124-243-0x0000000000400000-0x000000000153B000-memory.dmp

memory/3124-244-0x0000000000400000-0x000000000153B000-memory.dmp

C:\Windows\System32\CKAgent.exe

MD5 10148c70d583efe33f5204ef0a309355
SHA1 7d3e2eb28a2c8fa3e915031980a0ed07bb694072
SHA256 986d4e4e0c9c45264425f738a045745a8b474317f91e130479208f5799d8e217
SHA512 c3b368dbff86e9fc9268acfd7fd2232a1a29ca17418a5f3ac31667032e9a8d6c5ab5cb527f089e4e4e5f664206d4f2b61ec65204989093007b40dee9ccab4d75

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe

MD5 8c4855b7132b88d53489a1445c04f9be
SHA1 5a71cac1ca558d251b1fc32fbba2597fbf58aff4
SHA256 3021a1d0d62fc3621731387c7ec498460f645c50cdd8888b54a77d0016dc5133
SHA512 abe55f76b7d78cfc5eb5e1406836493dab6ca7c6df49edf48b297cafd1e5f71f4bb64f2a4350ec08a8699688fa9e9ef93b5bc9d2b3c02286f6e41c644715e88a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0a23e11a02f976a463ad99c88ebfb481
SHA1 aaabb6f14a448dbe90c044409e482f515dba7647
SHA256 cad055891073e8e5c4559e4daa7d45c84e8a9cf5e52272ac9c2c97b301f3ed20
SHA512 433cb708b425dc742826a1071186dc6938035d4287eb5add5d5ea6b685d1f98609a47c64e986826c4c01b5aca9ff86eccdef6b71cb7597f2a3e50304db0b38fc

C:\Users\Admin\AppData\Local\Temp\nsaF7.tmp\System.dll

MD5 b0c77267f13b2f87c084fd86ef51ccfc
SHA1 f7543f9e9b4f04386dfbf33c38cbed1bf205afb3
SHA256 a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77
SHA512 f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e

C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXProtocol.dll

MD5 15f520c8f37eef28b3fed002d8857bf4
SHA1 cf500cdf40922effb56a22b91e92a998ab64936d
SHA256 57356e8335d6411802e2e04016e18d7ff463bf31923d1a53f94d25e2b463aa6d
SHA512 64e5c4ce99a5cca24cfa51d7ff219df1d516bf4dd5623cb3e5f3c856175fa63b1877de6195f103dd1f5d41b94f20e4c20fc307060219ee0d9dec7afb2ec37fec

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe

MD5 553cd633b61388b5fc7e8587dd5f0155
SHA1 96cb65b0b534272003a9be6cf14237b679518380
SHA256 feec9a4cd37be6f05d6c99bb0fd93e4aed2c04501ea419e8b773b14ad1803389
SHA512 21afa6b1b689185d1d86a163c90478199764e92b8d0a9fca3b4dc63806642c6569d26f98abaa1907f62177abff196d1825edd3634b7905ba76b290dc325834ee

C:\Users\Admin\AppData\Local\Temp\nsm359.tmp\System.dll

MD5 75ed96254fbf894e42058062b4b4f0d1
SHA1 996503f1383b49021eb3427bc28d13b5bbd11977
SHA256 a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7
SHA512 58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4

C:\Program Files (x86)\iniLINE\CrossEX\crossex\rootCA.crt

MD5 4b1b31388b4eb3b180e3139452dcf226
SHA1 9ec8eee9b03c73ecd42647b02fdbb97ab17d1e6e
SHA256 a938612c2c61b4dca94d64c7aae466b66114f67e0116d0104e1c2e34c10ae782
SHA512 750eccef84f7b527a59db3d2fd60c308685d7d48bbc581bd47d3422762f3bcc1fbf90293e7f0240ed028f6cd785729b1f5fd18e5f4af6fcf161e70546f8fe749

C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe

MD5 9ecd93d8924a0cd878cbe89f1925ae28
SHA1 fe8da43f4582a68c83217f7046cec2516e29749f
SHA256 fc389c5e12b2f863fd6ee1a55bb40058907afc04262706d133fdf175869e6972
SHA512 1465365e8ca1014acfda7b8ee09f5384b444a102881f4446b869295a4941f2dbc521636c92d039365c2d2648bf9ce691c0a336f86e429a594005ee6396214dc3

C:\Users\Admin\AppData\Local\Temp\nsm359.tmp\nsExec.dll

MD5 3d366250fcf8b755fce575c75f8c79e4
SHA1 2ebac7df78154738d41aac8e27d7a0e482845c57
SHA256 8bdd996ae4778c6f829e2bcb651c55efc9ec37eeea17d259e013b39528dddbb6
SHA512 67d2d88de625227ccd2cb406b4ac3a215d1770d385c985a44e2285490f49b45f23ce64745b24444e2a0f581335fda02e913b92781043e8dfd287844435ba9094

C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe

MD5 5ea501a38126f38a5453d5c7838f084f
SHA1 da927adb7c1eb37171d1e0eface5d3ec6c67de91
SHA256 fd233b6caf0ad2d5a8959b3d5387cc00e6da57642cb1d5471b359b7ff42fe279
SHA512 978f01a45e5cc8d280fb4fca2343e3930582d288aeefe7fa03e11527b1ff8c066580b52a3705c7fbad7a2c61c991a4c69a03497f3a6fef3e558f401e14dc373a

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe

MD5 1722924dc2aa30828221347020f4aa32
SHA1 0697fba169e80df58812f271650ea6dfed6034dd
SHA256 b42802a1fbce0d7c761693d86813f04a13386d8b05eb3f49d2f8c8ebcea6f1f9
SHA512 559cdaeafc59fa7dbca694902bd2e8b6d6845d13a3a16cf39f71f5f725aaa16a5d7db07d44c4ccdf385912b759c9bec1341816cb658459e50b3d9c2eb36f8c40

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe

MD5 b4968bf6adb62ea03519705caedcb842
SHA1 8c17c9f99ce163c931451773aaafa36282bb61c7
SHA256 e1b358325eb3d27395db248bc6a2bcc3f310c91e6d3ca9accefa50f41db62499
SHA512 847b40edfc8d08a76eb90c1629f721b950e2d1171613c8bf00f2c9a9424208a76ff0d554c49197fab9227769017c8dbe9c4b8c25964239483fde5080f7b7b201

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe

MD5 0c6b43c9602f4d5ac9dcf907103447c4
SHA1 7a77c7ae99d400243845cce0e0931f029a73f79a
SHA256 5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478
SHA512 b21b34a5886a3058ce26a6a5a6ead3b1ebae62354540492fb6508be869e7d292b351c0913461b47c4cc0c6a73333aad33cd9399bcb1f83c7dacfdb7f2ee1f7a9

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\nssutil3.dll

MD5 c26e940b474728e728cafe5912ba418a
SHA1 7256e378a419f8d87de71835e6ad12faadaaaf73
SHA256 1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d
SHA512 bd8673facd416c8f2eb9a45c4deef50e53d0bc41e6b3941fc20cda8e2d88267205526dadb44bd89869bd333bf7d6f8db589c95997e1f3322f7a66a09d562b1df

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\nss3.dll

MD5 a1c4628d184b6ab25550b1ce74f44792
SHA1 c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc
SHA256 3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847
SHA512 07737ac24c91645d9b4d376327b84cb0b470cecbad60920d7ee0e9b11ef4eeb8ee68fb38bf74b5d1f8817d104cecc65e461950242d940e8ff9ca64ce9d3ffbb7

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\smime3.dll

MD5 a5c670edf4411bf7f132f4280026137b
SHA1 c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58
SHA256 aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e
SHA512 acfcde89a968d81363ae1cd599a6a362b047ae207722fea8541577ac609bc5fefb2231ed946e13f0b4b3bcd56b947c13837c1b9e360d521ec7d580befcbb0f46

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\libplc4.dll

MD5 1fae68b740f18290b98b2f9e23313cc2
SHA1 fa3545dc8db38b3b27f1009e1d61dc2949df3878
SHA256 751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933
SHA512 5386aad83c76c625e2d64439b2b25bda8d0f8b1eb9344b58306883b66675d1f1e98e3189c1bc29cd4b2c98a9d4a594761488aae04d3748bba5775a51425b11ec

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\libplds4.dll

MD5 9ae76db13972553a5de5bdd07b1b654d
SHA1 0c4508eb6f13b9b178237ccc4da759bff10af658
SHA256 38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29
SHA512 db6fd98a2b27dd7622f10491bba08793d26ab59016d6862168aad278644f737dddbd312a690ded5091d5e999dc3c3518fd95b200124be8349829e5ce6685cf4b

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\msvcr100.dll

MD5 bf38660a9125935658cfa3e53fdc7d65
SHA1 0b51fb415ec89848f339f8989d323bea722bfd70
SHA256 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa
SHA512 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\libnspr4.dll

MD5 6e84af2875700285309dd29294365c6a
SHA1 fc3cb3b2a704250fc36010e2ab495cdc5e7378a9
SHA256 1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8
SHA512 0add9479b2fd631bafc617c787bca331e915edc6a29dd72269b6a24490ec1c85e677698e07944f5ff3bd8d849d3d20ace61a194a044c697fefcf992c6f05e747

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\softokn3.dll

MD5 2ab31c9401870adb4e9d88b5a6837abf
SHA1 4f0fdd699e63f614d79ed6e47ef61938117d3b7a
SHA256 22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad
SHA512 bc58c4da15e902351f1f161e9d8c1ee4d10aceb5eda7def4b4454cadf4cd9f437118ba9d63f25f4f0a5694e9d34a4def33d40ad51efb1cdebb6f02a81c481871

C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\sqlite3.dll

MD5 b58848a28a1efb85677e344db1fd67e6
SHA1 dad48e2b2b3b936efc15ac2c5f9099b7a1749976
SHA256 00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a
SHA512 762b3bd7f1f1a5c3accde8c36406b9beadd4270c570eb95a05935c1f7731513938ae5e99950c648b1eacdd2a85f002319b78b7e4ea9577c72335a2fa54796b13

C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\_Install.ini

MD5 ca648cd0ab9154254c2378233bb549cd
SHA1 4e938bbfc40b190d8985b1cd08232483c180b573
SHA256 0eadd7302e441b277f1e7698a473ae44ef4f3ff078e9dc8797870e2eb5240157
SHA512 418b7c33807252f31486341f395849f45ed855a6b46936f89bfc7031c8d12f1a4d84d76012eb38e2f0d279c954b9488be2de6afa73c99707a35e825fea634cf8

C:\Program Files (x86)\RaonSecure\TouchEn nxKey\TKMain.dll

MD5 a27e675886ae27ea5d3ca4f1e8b7bb94
SHA1 1fd2406ada2a54ec60470ddf05d5ab0f982ef06b
SHA256 707dae034ee366523939679938ff4ae440f03ee562cbf4a5f7c10547ab652e6a
SHA512 6354df992e2a600e9b99ae9bf7deb5c5a74a3231e1ada0e6ed502dbaaebadb89d9664d85d1f099c120e34ea3f60f0c8300188be339f4948d332ff1fc57e04ba6

memory/3124-522-0x0000000000400000-0x000000000153B000-memory.dmp

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f62872e09557e213a126800b1782d7e6
SHA1 aab58bfaf9fa438fc2299db1c6cae6187a2aef17
SHA256 32ac3d92bb623f0bc6c38ff576d980aefd99cc2d5443e39d2c1b3f407d6e90d4
SHA512 c564c2b4eb421a424450928e23a8af736e53ff9fa4b7a1871ccca42f70210d663183ec27d82d5e3ca6e88deb161f598f2151989d52ee399e426f0333313fa017

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 582eb20157afc74a7f514d4396207356
SHA1 f3db8d4c1f7c6a837201a219540a32991babcacc
SHA256 abbb0d0d61d8ba0f556fbd77ee3acfecb1bd01cef9c0fc2bd05b7b35799f5eac
SHA512 3f2d7bfae0f079ceae784bfc13b111e2f7034450cfdac6c9a25cba0e4756e942bd6c623c9f0b0133cd7dc57734fb4ca3482a766f91ed7c6a215ca8174ecacbad

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e6b944f2e9403f1fbf9720de51221c19
SHA1 d61598af515e50c2bf0e0b3c2c10d0040f22808a
SHA256 ef00e4a1e142808bb68ea9dcdeaf13bff16a934f661109395f542fa5cf9c55ac
SHA512 35e01fdb5beeb30a79c7904158d3682030d78460027955e24ad807bc7397d47f7786017e862d295863039578ebeb36cce21b2fe45e8a7afa4a60796d7d223b9a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 e2dac0d59aadd8e5f31b37149ba5e4b5
SHA1 e150b410390abd2b18754cb223f4cdab02ca6e28
SHA256 41573d7d1dd55f861cc504808365a773458a07e70957b15b55ae08ee83effa39
SHA512 36717062366df12e5684653f4269b7d6e0e7d0d0d432e780b48f01c32e500c8cc65671687f64d2a7086180109b9a33f689adae91cae2d13e1ce9fd83c3b68578

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 f9919b6fddce1b0f317db5e4601f26fb
SHA1 8559e2d59c237572ceb0ec72378e00912c943e1c
SHA256 eda9cad17033b04e46ce074680dce5b710a7f79afc0fd6d783ba8f647b7387bb
SHA512 f9e1f73dd0156792f9feb21d4fda48f9e7d67b31d1bb6d058fcf7944a7216f210894833dede6437bb028f22696b7098f5ece8f0631ca18dff62ca80eb13dda01

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dd635e1eb5741e446bd015cf699acc92
SHA1 8fb70aa5b8c6c23e79b683ef1743f7ff2ec1e4bc
SHA256 5e8f8d6e97c6ec92da210eb635285e83a24179f3a57ced700fd75c4311121d08
SHA512 aae06c925b99dcddfcb667159111aa7665b8963fcede2c75a6cfcbbe817b9b4e7eb51a68684d74300f69a4e181f5a9ea772a37071a7c3b4f7c700a089827a43a

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 9d1b707a8169939b10c4dcc0a3ba3b17
SHA1 ff65a450498a22064747c478db7c043bc9f17ce7
SHA256 d350037a59899d2cf49461f6cf4e192431712440d1a0d63823ca67f1f1faff19
SHA512 820b2b00709dcb99782c0f6d0825681145f0ef22358e7cf09812f295825b0f1a9125d12d5c9532e43d5d66b29357e6310be887f8bab987f96b558f9562b54207

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 4c49757298192440a4c4cdfd050b6fe5
SHA1 f938765aa459fd7ab26f2086059d95e59eb9daa6
SHA256 3a15c84d31ef40d1a41cf60112c75c28178836efa4ca065fafdc2a994733aa50
SHA512 c0c2591119b66b857f8e09fb72c5ae12b3b10e4e9e29b84d033838a124bba685e989968347404d9dbb1b06c84a64bbbd3b57ba307fdd6a38065589ae5bd4cbf2

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 0115de8023e58f7eb3d9129afe0e9f6f
SHA1 eec869c54dab8f909bbf34db2969efdb06427fc7
SHA256 721d39388f54737a39bf2dac1d62345026173147a61a0dc717dcce37a650b138
SHA512 2c9ed1df69d37e1418eabe5ae2816e51275242bab7553e82f7aa03f2e96ebbbc5c99ddb82e58e107a2382bf381616eeff42ca85c6c25b712efd2f7d27dfd8c09

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 a641948222a4c25d4a6538c6bb9b8ace
SHA1 b4e6ce553ff734a603c6f5e32cb8e3f8f0bb842c
SHA256 5e76221b865739751645eeb4185fc9920bdac6e847a4eddc2e635a8ad60050e8
SHA512 1a420331524c1fb5372c256c1b8e2e3a97df9da67d028c2e9b30161e05ada2400f6896352530f58a3249bf9fe3e301488354524e2a6212314c49f7534c733f6b

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 7b42954b38008c8fa165ec87162dea16
SHA1 e66e6231f42fbfaa3e0358804e517c9468be08be
SHA256 b7da7270c551e8f9c8b90f27ae49b908d1d589beb11135b0c669aa40302d8bb5
SHA512 91cd06faf4f1e4be7d5f460f244d027fbe2cde16c1f779eb37635502975389b80c4cd287687616b13ed50c92bb792cf3078d28ed45dfa8f22d66f9f40642beb8

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 55a2739be9834a3b6afb5c1b66ed8379
SHA1 73ecad948371319bf1a4a7fb352a1930b13ca0c5
SHA256 0369601fe6e5b6838c23933a738690f9607328c8e72b19a31cd138e6ec173c5e
SHA512 d80a8d649b13dbbf4854c934b2b23d23cdd622c227b3fef62deede5a2a84031ad042eb65bf99dfe7620e8f8718c11d8c95c0cc3a3f999bd68565d8c39e8468d5

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 fd72d888f5271ac9da7c4811a0cf491f
SHA1 7cfd72224a8639525f09a27f38b4e214a8f32859
SHA256 36c444d67c1fec43d5c0f5a8c753c626da1bb2bda8a1ba38ca9136bad5d7b5bd
SHA512 de2d4af48559c1be7da08f7d66346011721f17a4728fd2121863cd9206772bcdb9632d1d1c19d87658de7b1da0b5f892bdf198f3d01969770a9043fd509afecd

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 043bf9c2471bf690ca54a96362698b5e
SHA1 d8143738a02c5a48394049eeb5ea0253da7070ac
SHA256 d30b436f52f526bfca3f2f35c7b5f1c303c8c78750c5229795826264327d6b41
SHA512 539540c0a52e80a2a8835b3a4c3911458b740c8e8ed0c413d5c3a56eaf28ce004978b2098edf36e9f5a454a70613381d4b5f4366ed4a3f33eefa3f8b3cf33635

C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences

MD5 dbd196dd4d413ea0cc082bd8ed7e50bf
SHA1 2e44f7cc3bfa47950b0036631e755566112c5af9
SHA256 b8ce61e23f506f0c2224106bbbd1d5d3009f2fe2d445b95fc82fbb64389fa51f
SHA512 f007c5523af872cfaf98f154546330a92f5ba307624c73ec2c62387eaa905b9be6fb64951d4ee56713676b5c0323bb5ceb198b3d32ad21415c0d1338cb2f5520