Analysis Overview
Threat Level: Likely malicious
The file https://pg.easypay.co.kr/security/raonnx/nxKey/module/TouchEn_nxKey_32bit.exe?ver=1.0.0.83 was found to be: Likely malicious.
Malicious Activity Summary
Downloads MZ/PE file
Creates new service(s)
Executes dropped EXE
Checks computer location settings
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
Checks installed software on the system
UPX packed file
Drops file in System32 directory
Drops file in Program Files directory
Launches sc.exe
Drops file in Windows directory
Enumerates physical storage devices
System Location Discovery: System Language Discovery
Browser Information Discovery
NSIS installer
Suspicious behavior: LoadsDriver
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Modifies Internet Explorer settings
Modifies registry class
Suspicious behavior: EnumeratesProcesses
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Suspicious use of SendNotifyMessage
Modifies data under HKEY_USERS
Uses Volume Shadow Copy WMI provider
Modifies system certificate store
Suspicious use of SetWindowsHookEx
Uses Volume Shadow Copy service COM API
Enumerates system info in registry
MITRE ATT&CK
Analysis: static1
Detonation Overview
Reported
2024-10-26 05:18
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2024-10-26 05:18
Reported
2024-10-26 05:27
Platform
win10ltsc2021-20241023-en
Max time kernel
510s
Max time network
485s
Command Line
Signatures
Creates new service(s)
Downloads MZ/PE file
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe | N/A |
Loads dropped DLL
Reads user/profile data of web browsers
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\CrossEXService = "C:\\Program Files (x86)\\iniLINE\\CrossEX\\crossex\\CrossEXService.exe" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
Checks installed software on the system
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\SysWOW64\CKAgentNXE_t.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\SysWOW64\jrsoftcp.dll | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| File created | C:\Windows\SysWOW64\keysharpcrypto.dll | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\system32\CKAgentNXE_t.exe | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\temp_JRSKD24.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\temp_JRSUKD25.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\CKAgent.dat | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\temp_JRSUKD25.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File opened for modification | C:\Windows\system32\CKAgentNXE.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\system32\CKAgentNXE.dat | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File opened for modification | C:\Windows\system32\CKAgent.exe | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\CKAgent.dat | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\SysWOW64\CKAgent_t.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File opened for modification | C:\Windows\system32\CKAgent.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\SysWOW64\CKSetup32.exe | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| File created | C:\Windows\SysWOW64\CKSetup64.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File opened for modification | C:\Windows\system32\JRSUKD25.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\CKAgentNXE.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File opened for modification | C:\Windows\system32\CKAgentNXE.exe | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\temp_JRSKD24.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File opened for modification | C:\Windows\system32\JRSKD24.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File opened for modification | C:\Windows\SysWOW64\CKAgent.exe | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\SysWOW64\CKAgent.dat | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\system32\CKAgentNXE.dat | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File created | C:\Windows\SysWOW64\CKAgentNXE.dat | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| File opened for modification | C:\Windows\system32\JRSKD24.SYS | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
| File created | C:\Windows\system32\CKAgent_t.exe | C:\Windows\SysWOW64\CKSetup64.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\digicert_root_g4.cer | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (X86)\RaonSecure\TouchEn nxKey\TKAppi.dll | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXProtocol.dll | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\kr.co.raon.touchenex.json | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\kr.co.raon.touchenex.firefox.json | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\UnInstallCrossEX.exe | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File opened for modification | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\digicert_root_g4.cer | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe.sig | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXChrome.exe | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXFirefox.dll | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEX.sig | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\iniLINE\CrossEX\crossex\UnInstallCrossEXLocal.exe | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| File created | C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| File created | C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| File created | C:\Program Files (X86)\RaonSecure\TouchEn nxKey\TKAppm.dll | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| File created | C:\Program Files (X86)\RaonSecure\TouchEn nxKey\KeySharpCryptoV15_32.dll | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| File created | C:\Program Files (X86)\RaonSecure\TouchEn nxKey\TKMain.dll | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| File created | C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\npraontouchenex.dll | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| File created | C:\Program Files (x86)\iniLINE\CrossEX\crossex\rootCA.crt | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\SystemTemp | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Launches sc.exe
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\sc.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\sc.exe | N/A |
NSIS installer
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FD68F8A-641E-4204-AE47-DD835C1AE756}\Compatibility Flags = "0" | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39} | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39}\AppName = "CKAgentNXE.exe" | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39}\AppPath = "C:\\Windows\\system32" | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6CE20149-ABE3-462E-A1B4-5B549971AA39}\Policy = "3" | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6CE20149-ABE3-462E-A1B4-5B549971AA38} | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\Compatibility Flags = "0" | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FD68F8A-641E-4204-AE47-DD835C1AE756} | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133743935155273874" | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run\CrossEXService = "C:\\Program Files (x86)\\iniLINE\\CrossEX\\crossex\\CrossEXService.exe" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CurVer\ = "touchenexProtocol.ProtocolMain.1" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\CrossExProtocol.DLL\AppID = "{BCC3963A-8284-48E1-9E44-72429E752393}" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\VersionIndependentProgID | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCC3963A-8284-48E1-9E44-72429E752393}\ = "CrossExProtocol" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\ = "ProtocolMain Class" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\VersionIndependentProgID\ = "touchenexProtocol.ProtocolMain" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\VersionIndependentProgID\ = "touchenexProtocol.ProtocolMain" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\FLAGS\ = "0" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\0 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CLSID\ = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\TypeLib\ = "{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\CrossExProtocol.DLL\AppID = "{BCC3963A-8284-48E1-9E44-72429E752393}" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCC3963A-8284-48E1-9E44-72429E752393} | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID\ = "touchenexProtocol.ProtocolMain.1" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\Programmable | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32\ThreadingModel = "Apartment" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560} | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex\ | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\FLAGS | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\0\win32 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\ = "{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex\CLSID = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9} | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\ = "CrossExProtocol 1.0 Çü½Ä ¶óÀ̺귯¸®" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\Version = "1.0" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain.1\CLSID\ = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\TypeLib | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (int) | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{6CE20149-ABE3-462E-A1B4-5B549971AA38}\Compatibility Flags = "0" | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\HELPDIR\ = "C:\\Program Files (x86)\\RaonSecure\\bridge\\CrossEX\\touchenex\\1.0.1.1547" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f} | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ProgID\ = "touchenexProtocol.ProtocolMain.1" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain.1\CLSID\ = "{ae2e4412-b293-11ed-b067-000c2936bd4f}" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CurVer | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\HELPDIR | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\Programmable | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\touchenex\ | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-4074627901-37362009-3519777259-1000_Classes\VirtualStore\MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\ActiveX Compatibility\{8FD68F8A-641E-4204-AE47-DD835C1AE756} | C:\Windows\SysWOW64\CKSetup32.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\TypeLib\{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}\1.0\0\win32\ = "C:\\Program Files (x86)\\RaonSecure\\bridge\\CrossEX\\touchenex\\1.0.1.1547\\CrossEXProtocol.dll" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\ProxyStubClsid32\ = "{00020424-0000-0000-C000-000000000046}" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\Programmable | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\InprocServer32\ = "C:\\Program Files (x86)\\RaonSecure\\bridge\\CrossEX\\touchenex\\1.0.1.1547\\CrossEXProtocol.dll" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\AppID\{BCC3963A-8284-48E1-9E44-72429E752393}\ = "CrossExProtocol" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Interface\{4C3ED391-18E2-461F-9CFF-7F3C679AB560}\TypeLib\ = "{E9544A71-CBFA-4CE0-A01B-28F39B976CC9}" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain.1\ = "ProtocolMain Class" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\touchenexProtocol.ProtocolMain\CurVer\ = "touchenexProtocol.ProtocolMain.1" | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{ae2e4412-b293-11ed-b067-000c2936bd4f}\ = "ProtocolMain Class" | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DC2F16A0E1AF8FAF0D3E93EAC9ACA7315A409C79\Blob = 030000000100000014000000dc2f16a0e1af8faf0d3e93eac9aca7315a409c792000000001000000b6030000308203b23082029aa003020102020101300d06092a864886f70d01010b05003070310b3009060355040613024b523113301106035504080c0a536f6d652d5374617465310e300c06035504070c0553656f756c311a3018060355040a0c11696e694c494e4520436f2e2c204c74642e3120301e06035504030c17696e694c494e452043726f7373455820526f6f744341323020170d3138313031303038323831355a180f32303939313233313038323831355a3070310b3009060355040613024b523113301106035504080c0a536f6d652d5374617465310e300c06035504070c0553656f756c311a3018060355040a0c11696e694c494e4520436f2e2c204c74642e3120301e06035504030c17696e694c494e452043726f7373455820526f6f7443413230820122300d06092a864886f70d01010105000382010f003082010a0282010100c74641aea9b5c3ac70c760c8b9b4d913239c9f1f2ba22ec168ddf87c291a6f7bf65039a350a4df32666610daeef39f518c94566fb0883e95d5954bb6fa77fb741d85321d4779043dfae7530d23f0834bd602eac8380298c246d0ab9d8ad4c1b11fdfe8dac89f57872151fb07494e2611db05fd7a911b2072731304b583a100a8346d3e75aee2bc90fc82eda089b475919abc33f9c44b4d1642d059e6818d723c6a725bdbf3f1b0936580a6fe2cf8009d382e5e6bc1e8f16869c153d0cd1f58359761f250b8f2f28227acbb6d7467e60cc441618cf1805f4e5eccc4a0caf8b6b6f627e264f92ed3bcdde2899d7035145576c3d2e4b2f95ca5eb2bbaca8d0ea4d90203010001a355305330120603551d130101ff040830060101ff020100301d0603551d0e04160414baf05eca432879dc5a9fe9f563d90721fa1a504b300b0603551d0f040403020106301106096086480186f8420101040403020007300d06092a864886f70d01010b05000382010100c08cf619a76feef45d47324122595199e2825f963d4afdee811f2038e5d5fc369518cdb0fb4d0412499417a7f4f7308955370c7f1aa84a5806884b78817924ef7d5332214c70f0411d4434bdd009b6094fe5e1ec61a380058abfde0eb6f66f0727e74d6109266a36b2d563fdd9999d8eecd752271286e605247ef552ace03bb93550440002423e129308f4aeb1f416f33f8c4969abf2af6bcb33f5833e14aa51cb2194e9978cfe9f4158b2964faf0233841ddb09bac430b32981e65ef39611521e45b0188b549541d1188317fa287b987b9fc312613b63b218eafbe1d7152e175d58b313d67e59a3a691b73c0addf8eb2a2d8778392ff28b25faa6ff9145b080 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81\Blob = 03000000010000001400000091c6d6ee3e8ac86384e548c299295c756c817b812000000001000000240400003082042030820308a0030201020210344ed55720d5edec49f42fce37db2b6d300d06092a864886f70d01010505003081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f74204341301e170d3036313131373030303030305a170d3336303731363233353935395a3081a9310b300906035504061302555331153013060355040a130c7468617774652c20496e632e31283026060355040b131f43657274696669636174696f6e205365727669636573204469766973696f6e31383036060355040b132f2863292032303036207468617774652c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79311f301d06035504031316746861777465205072696d61727920526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100aca0f0fb8059d49cc7a4cf9da159730910450c0d2c6e68f16c5b4868495937fc0b3319c2777fcc102d95341ce6eb4d09a71cd2b8c9973602b789d4245f06c0cc4494948d02626feb5add118d289a5c8490107a0dbd74662f6a38a0e2d55444eb1d079f07ba6feee9fd4e0b29f53e84a001f19cabf81c7e89a4e8a1d871650da3517beebcd222600db95b9ddfbafc515b0baf98b2e92ee904e86287de2bc8d74ec14c641eddcf8758ba4a4fca68071d1c9d4ac6d52f91cc7c71721cc5c067eb32fdc9925c94da85c09bbf537d2b09f48c9d911f976a52cbde0936a477d87b875044d53e6e2969fb3949261e09a5807b402debe82785c9fe61fd7ee67c971dd59d0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106301d0603551d0e041604147b5b45cfafcecb7afd31921a6ab6f346eb574850300d06092a864886f70d010105050003820101007911c04bb391b6fcf0e967d40d6e45be55e893d2ce033fedda25b01d57cb1e3a76a04cec5076e864720ca4a9f1b88bd6d68784bb32e54111c077d9b3609deb1bd5d16e4444a9a601ec55621d77b85c8e48497c9c3b5711acad73378e2f785c906847d96060e6fc073d222017c4f716e9c4d872f9c8737cdf162f15a93efd6a27b6a1eb5aba981fd5e34d640a9d13c861baf5391c87bab8bd7b227ff6feac4079e5ac106f3d8f1b79768bc437b3211884e53600eb632099b9e9fe3304bb41c8c102f94463209e81ce42d3d63f2c76d3639c59dd8fa6e10ea02e41f72e9547cfbcfd33f3f60b617e7e912b8147c22730eea7105d378f5c392be404f07b8d568c68 | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54 | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\DC2F16A0E1AF8FAF0D3E93EAC9ACA7315A409C79 | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\91C6D6EE3E8AC86384E548C299295C756C817B81 | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\3679CA35668772304D30A5FB873B0FA77BB70D54\Blob = 0300000001000000140000003679ca35668772304d30a5fb873b0fa77bb70d542000000001000000bd040000308204b9308203a1a0030201020210401ac46421b31321030ebbe4121ac51d300d06092a864886f70d01010b05003081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f72697479301e170d3038303430323030303030305a170d3337313230313233353935395a3081bd310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303820566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79313830360603550403132f566572695369676e20556e6976657273616c20526f6f742043657274696669636174696f6e20417574686f7269747930820122300d06092a864886f70d01010105000382010f003082010a0282010100c761375eb10134db62d7159bff585a8c2323d6608e91d79098837ae65819388cc5f6e56485b4a271fbedbdb9dacd4d00b4c82d73a5c76971951f393cb244079ce80efa4d4ac421df29618f32226182c5871f6e8c7c5f16205144d1704f57eae31ce3cc79ee58d80ec2b34593c02ce79a172b7b00377a413378e133e2f3101a7f872cbef6f5f742e2e5bf8762895f004bdfc5dde4754432413a1e716e69cb0b754608d1cad22b95d0cffbb9406b648c574dfc13117984ed5e54f6349f0801f3102506174adaf11d7a666b986066a4d9efd22e82f1f0ef09ea44c9156ae2036e33d3ac9f5500c7f6086a94b95fdce033f18460f95b2711b4fc16f2bb566a80258d0203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e04160414b677fa6948479f5312d5c2ea07327607d1970719300d06092a864886f70d01010b050003820101004af8f8b003e62c677be4947763cc6e4cf97d0e0ddcc8b935b9704f63fa24fa6c838c479d3b63f39af976329591b177bcac9abeb1e43121c68195565a0eb1c2d4b1a659acf163cbb84c1d59904aef9016281f5aae10fb8150380c6cccf13dc3f563e3b3e321c92439e9fd156646f41b11d04d73a37d46f93deda85f62d4f13ff8e074572b189d81b4c428da9497a570ebac1dbe0711f0d5dbdde58cf0d532b083e657e28fbfbea1aabf3d1db5d438ead7b05c3a4f6a3f8fc0666c63aae9d9a416f481d195140e7dcd9534d9d28f7073817b9c7ebd9861d845879890c5eb8630c635bff0ffc35588834bef05920671f2b89893b7eccd8261f138e64f97982a5a8d | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5 | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\ROOT\Certificates\4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5\Blob = 0300000001000000140000004eb6d578499b1ccf5f581ead56be3d9b6744a5e52000000001000000d7040000308204d3308203bba003020102021018dad19e267de8bb4a2158cdcc6b3b4a300d06092a864886f70d01010505003081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d204735301e170d3036313130383030303030305a170d3336303731363233353935395a3081ca310b300906035504061302555331173015060355040a130e566572695369676e2c20496e632e311f301d060355040b1316566572695369676e205472757374204e6574776f726b313a3038060355040b1331286329203230303620566572695369676e2c20496e632e202d20466f7220617574686f72697a656420757365206f6e6c79314530430603550403133c566572695369676e20436c6173732033205075626c6963205072696d6172792043657274696669636174696f6e20417574686f72697479202d20473530820122300d06092a864886f70d01010105000382010f003082010a0282010100af240808297a359e600caae74b3b4edc7cbc3c451cbb2be0fe2902f95708a364851527f5f1adc831895d22e82aaaa642b38ff8b955b7b1b74bb3fe8f7e0757ecef43db66621561cf600da4d8def8e0c362083d5413eb49ca59548526e52b8f1b9febf5a191c23349d843636a524bd28fe870514dd189697bc770f6b3dc1274db7b5d4b56d396bf1577a1b0f4a225f2af1c926718e5f40604ef90b9e400e4dd3ab519ff02baf43ceee08beb378becf4d7acf2f6f03dafdd759133191d1c40cb7424192193d914feac2a52c78fd50449e48d6347883c6983cbfe47bd2b7e4fc595ae0e9dd4d143c06773e314087ee53f9f73b8330acf5d3f3487968aee53e825150203010001a381b23081af300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020106306d06082b0601050507010c0461305fa15da05b3059305730551609696d6167652f6769663021301f300706052b0e03021a04148fe5d31a86ac8d8e6bc3cf806ad448182c7b192e30251623687474703a2f2f6c6f676f2e766572697369676e2e636f6d2f76736c6f676f2e676966301d0603551d0e041604147fd365a7c2ddecbbf03009f34339fa02af333133300d06092a864886f70d0101050500038201010093244a305f62cfd81a982f3deadc992dbd77f6a5792238ecc4a7a07812ad620e457064c5e797662d98097e5fafd6cc2865f201aa081a47def9f97c925a0869200dd93e6d6e3c0d6ed8e606914018b9f8c1eddfdb41aae09620c9cd64153881c994eea284290b136f8edb0cdd2502dba48b1944d2417a05694a584f60ca7e826a0b02aa251739b5db7fe784652a958abd86de5e8116832d10ccdefda8822a6d281f0d0bc4e5e71a2619e1f4116f10b595fce7420532dbce9d515e28b69e85d35befa57d4540728eb70e6b0e06fb33354871b89d278bc4655f0d86769c447af6955cf65d320833a454b6183f685cf2424a853854835fd1e82cf2ac11d6a8ed636a | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
| N/A | N/A | C:\Program Files\Google\Chrome\Application\chrome.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| N/A | N/A | C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Uses Volume Shadow Copy WMI provider
Uses Volume Shadow Copy service COM API
Processes
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --disable-background-networking --disable-component-update --simulate-outdated-no-au='Tue, 31 Dec 2099 23:59:59 GMT' --single-argument https://pg.easypay.co.kr/security/raonnx/nxKey/module/TouchEn_nxKey_32bit.exe?ver=1.0.0.83
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:4 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=123.0.6312.123 --initial-client-data=0x224,0x228,0x22c,0x1f8,0x230,0x7ffcdb47cc40,0x7ffcdb47cc4c,0x7ffcdb47cc58
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --no-appcompat-clear --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=2064,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2056 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=1948,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=512 /prefetch:3
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=service --no-appcompat-clear --field-trial-handle=2252,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=2436 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --field-trial-handle=3144,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3172 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --no-appcompat-clear --lang=en-US --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --field-trial-handle=3160,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=3220 /prefetch:1
C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\123.0.6312.123\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4652,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4664 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5088,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5108 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --no-appcompat-clear --field-trial-handle=5096,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5124 /prefetch:8
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted -p -s NgcSvc
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=4318 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.4355 --no-appcompat-clear --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAEAAAA4AAAAAAAAAAAAAACEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --field-trial-handle=1116,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=5264 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --no-appcompat-clear --field-trial-handle=4764,i,13677956493665693631,9260663314313804306,262144 --variations-seed-version=20241022-180310.361000 --mojo-platform-channel-handle=4076 /prefetch:8
C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe
"C:\Users\Admin\Downloads\TouchEn_nxKey_32bit.exe"
C:\Windows\SysWOW64\CKSetup32.exe
C:\Windows\system32\CKSetup32.exe /install appm
C:\Windows\SysWOW64\CKSetup64.exe
"C:\Windows\SysWOW64\CKSetup64.exe" /update CKAgentNXE
C:\Windows\SysWOW64\CKSetup64.exe
"C:\Windows\SysWOW64\CKSetup64.exe" /update CKAgent
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe
"C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe" /S
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe
"C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe" /S
C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe
"C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe"
C:\Windows\SysWOW64\sc.exe
sc create "CrossEX Live Checker" binpath= "\"C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe\"" start= auto
C:\Windows\SysWOW64\sc.exe
sc description "CrossEX Live Checker" "checking live status of CrossEXService"
C:\Windows\SysWOW64\sc.exe
sc start "CrossEX Live Checker"
C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe
"C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe"
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe
"C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe" -noces
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe "C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe" -noces
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe
"C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe" -A -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release" -i "C:\Program Files (X86)\iniLINE\CrossEX\crossex\rootCA.crt" -n "iniLINE CrossEX RootCA2" -t "CT,C,C"
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe
"C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe" -L -d sql:"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\mfuo34j5.default-release"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | pg.easypay.co.kr | udp |
| KR | 203.233.72.17:443 | pg.easypay.co.kr | tcp |
| KR | 203.233.72.17:443 | pg.easypay.co.kr | tcp |
| KR | 203.233.72.17:443 | pg.easypay.co.kr | tcp |
| US | 8.8.8.8:53 | 74.169.217.172.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.159.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 17.72.233.203.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | fd.api.iris.microsoft.com | udp |
| FR | 20.199.58.43:443 | fd.api.iris.microsoft.com | tcp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 240.221.184.93.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 171.39.242.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 168.117.168.52.in-addr.arpa | udp |
Files
\??\pipe\crashpad_5068_ATVYYTUCTUKSSPFK
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\SCT Auditing Pending Reports
| MD5 | d751713988987e9331980363e24189ce |
| SHA1 | 97d170e1550eee4afc0af065b78cda302a97674c |
| SHA256 | 4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945 |
| SHA512 | b25b294cb4deb69ea00a4c3cf3113904801b6015e5956bd019a8570b1fe1d6040e944ef3cdee16d0a46503ca6e659a25f21cf9ceddc13f352a3c98138c15d6af |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | c7246d20bc66209fa42bcb1f4640ba0e |
| SHA1 | 8fe9ad7878a06cc18ddbc546b256e2708fe02444 |
| SHA256 | 7b567de1363e13b4efc595daa922305bbcab44f6e4f0bde6b4900df9d0708d2f |
| SHA512 | 978fdf5d7fcda1813028bac60627897767870ddcfae12dcdcd7289375d2237eb4fc72f04242bbf55e18a17aa17f2cc7d0281e80a724d6ee336ee43dc13815e69 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 876acd1516b1f2bbb02e8ee0a0688007 |
| SHA1 | 72a94a09c342b9bad2446594a87d689c0d609213 |
| SHA256 | 5ddeedf3f3ec2f0399b3b51611107344ac34bf7011c8bd0fba1550f287afe011 |
| SHA512 | bf189ea234147d64ac9fcd706d3d43eddf6e4db612ec0721ae09edeae4867a2a50eb1d22a275a15f0ccec093484b7e74a2b8069b5d8f45dbeb23f7f56c4dfc65 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 301e6669823fe538e79e9e3e9392e894 |
| SHA1 | 666e73ea2e63259c0aa26b5fcaa0f03e0529b890 |
| SHA256 | 9ba0e0ef50a3ab1f00e7a15a8485e60f0d2fa6ab9bede1b3f6b2ef88e20bd6bd |
| SHA512 | 7ac6f24585bfb1ac54ee3d7f37ff712b94cc4496afefe458d9ab2378f4bfdf3b9be5721de22b9be63a281e5a52d24535d52f7c2240d8d7d2b4f065c3dac7f13e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | 447666c8b6c1b68c0309a3f18c2edfa6 |
| SHA1 | c0919938b0f506de695430855b66088231121876 |
| SHA256 | afd94504f452607c92998bc83fc957bc50e1617c06fd9c59864cd137f43dc796 |
| SHA512 | 16cf2016a763f017b61bf74ad33c8a4b5ca04115dfc9a343aaea14a78543ce17420432611605a1212b207d020af092c34fb270022b44cf55d66a41fd725a4149 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 5af06d0a0e07e53bbe80400dcb88de3c |
| SHA1 | 4f4596ca1b5f08a6687164edfb35d64ff4e37210 |
| SHA256 | 986ec1b858a81aba343e8def3e4d3afed0af70fb3e9b9edc8a9e731dff863d73 |
| SHA512 | 259251f8d480948bfc8ca460b437a3783928be64505df2d417ed3e6ea4da3cd1109dad92e2ea9fee816e9979311988467d1e62b0f52097a4b5339da960b0ebd4 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
| MD5 | 86378185d9be7a3d0e3f42bce71e22af |
| SHA1 | e404b75929fc16213fd8cc7b9da7e1e453a9299c |
| SHA256 | f734eb33ea61b15a21e6445543bf434ad4e532673052b5e5de703a1f43c82f93 |
| SHA512 | 021d0c998bb775ee15d67abcc6971f30dc635da26a6fa2ba3ed9954d5d56d99287868ff70cc3f67980d339dedadb3e00bf56600803f3b1ac65663ff93eaff74c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 48227282c87908c7a92662476804a5c1 |
| SHA1 | 25b786f13ea3693a0aea20a7ba558d61b13ad8e1 |
| SHA256 | 6458cd9dc9691f88d840442f0e6c1e3be8e20f3f01f3cde3e7756854a5c5eb89 |
| SHA512 | 8575b0550faad00d18fdf871e54d8474a05dc8f8dfa4cd0ae74e0eeaed32004246d856227291fd9a641bd524be77d5893c6e1d1da28969e0e0bb493fb61b655f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 63b6f084a1daf6938041d369e03a2d72 |
| SHA1 | ccf41b28bb9f62d2c40d935037cf6dd3bd73ea20 |
| SHA256 | 7aebfafcd0c3cee829be5c2937c7a1ab6e7e03207d4b35e56ec59b21c1a77363 |
| SHA512 | 28636a76b3e95d26006f55d352c5cb1c545bd4fb96f2c2f42acb25def0d2a1bbf4999d8188c36598d14835852daf57a1b2dc172849a8f3638c732f3a4a7e2116 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c98acf97f9a27d073f455dfa52513840 |
| SHA1 | 9e6ea87971df56553eb9bc49f2282deecf502e50 |
| SHA256 | 4fb4cb0d91c1cbfd740dd374deefd1992eb7932ccb7b8a785384e598b250fc72 |
| SHA512 | 9eb4d14765b24dc21d52f81e91545b64dd64da60041356f5cfd870a645df0a6ca75af5177cc94a83e91e2ec7007c77e8c7ca4aed4eb6a41ec0dc9910bbdc7dec |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 77eab702d6af57f489753408cfd3f728 |
| SHA1 | d0407a5dcbc53ae33b6b9e314cb21c6ac8d48147 |
| SHA256 | 584bdd3176ad6a24cf1f3f9d9d3ce37ac3dd2902b9339fe4b4896ea71aacfdb7 |
| SHA512 | 913d8448816b2b3645a8bb9975ebc223cec13acfec291033437f57d294f5557c95628299a94b3f1681ad294374bdefee2bf46d72cb6366eb5a50b25acbd65b17 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | c58df21ee08d0254f8dd52231fe83106 |
| SHA1 | 0ed74aface74ebe2835860ac9e9d31e78ca49dae |
| SHA256 | e906ddacdf58cc2ca85707ede2d8bb1a54b8202eb6445a30dfc17881179972df |
| SHA512 | 4a0f2c2c9f110c9e8194b6b211caef2182aed6ad0830a60b9632d8ec018c677855da838c044def2831e43195b9c63efdff40c808ac39f7ece5c580ab475b2fcf |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 72c8ac7cca41564b210abebb11071c09 |
| SHA1 | 84970e06e4293abbe8974e5db56da546de82074a |
| SHA256 | e94711f2e06e4448fe22121dfa2002db73271672aef6a21ea5cd4595b5376821 |
| SHA512 | 2ae832453accf85e82d92b80bc9a1a66277addfab4966999007e4731cdf6b13c29428ae69df7d0a8d54ccfd8eb1110ef7dccc89cafa734829a73bfdc7c3aafb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07b1aae183d35c194df6782eb42e8795 |
| SHA1 | a6ee673fddf15336e850536ef2de3322ea5e90c4 |
| SHA256 | 3d6e433858cacc825f8521ca9cfa5c80ac227179a70c844c5eb21677d68598ed |
| SHA512 | cfbadcda553e3cf801152ece6159daaebcbe32605447e7382ff7835e721960cb33f1cb4b1114e18b40cd54a6c03e0e42694fd567d503b2d6d329868badae906f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Cache\Cache_Data\f_000005
| MD5 | 92f6969acb4baa0898c763d277bb4171 |
| SHA1 | 55665bfa6fd54b06bdcfa4530ce172697ea1ea2d |
| SHA256 | 714357e72a0cc013c7829fd817afbc0757b57be09bdc7bf73105cb984b01330a |
| SHA512 | 4e1b4ec73de936679fbabf9dcb48876148d824e981c2e2e672e6f7dbca1ad11994aa72039a14d60cf8e63ad8294c09c511ebf9dbb192b9b6b86e29dfd89ca059 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 2076f2a12092d8a8458c184e478197b0 |
| SHA1 | 433913305d58d3a679894b6ee67ada0e632a131f |
| SHA256 | 5ac37c48f0985f6c77d711be3b8916f69ef673d7b3e9749dc2905d7b3e25b941 |
| SHA512 | e46e460d7cfb745a3e0e5544b9fdcaa00da6292106689c44552d69e99368adcc96cd709d7c2db93de88c2c315bcdda9db45263b54d51e7219d263cd40d8de72d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | b3f2040bbc698b768a94a8919a4bc5ef |
| SHA1 | 22bffd54ded1bfd91d6ddf21fb0bfa303ba1b8be |
| SHA256 | 266948f1cbe403c8b5a87b15ea299ef6c5c14efbeed7cd1d2dbecc5268191d31 |
| SHA512 | 07c178f896fcb288aa11e9911037d338a8ef35c9457df68336a167e1eec54a229071f5a968dd93fd298026123cdfb31ab551b189db30f9b756152594984f8ba3 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4f48cd83973e0742c45833b7c38ce11b |
| SHA1 | 5a8f4dd7fcf971d6c15d04900cfae2d524f5caf9 |
| SHA256 | 4f81643f33d104323840304ef31d466530064570d917d0b833a2aa6f846fdb2e |
| SHA512 | b189d2c60ae3a39f9b750a64cf7a7fa44b4712d9edde9666b9085ccdbbc75f2d6947ee3d2b30e13c1ecb9f3b8fdf04d946dd46a5d4deed994ab38b90970fca14 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 07f5790218b51560ee7be427be9bd288 |
| SHA1 | 7b08a2ae8dc8b14f8e64ec66c786cbe129c4228a |
| SHA256 | 8b7128052b4fed8998f4c667c5ca5bb9fdfe03fc9504734772632c7351777bdd |
| SHA512 | 3c0d34df0af19754b861188f819df73c675c9ee934fbd7d6696217647212d48f87510046c84ef540a6bba62f1ecf31d8d3a22f52d8935f6cd4cd36ae3b22f967 |
memory/3124-200-0x0000000000400000-0x000000000153B000-memory.dmp
C:\Windows\SysWOW64\CKSetup32.exe
| MD5 | 4c223e09255ada447f0936d0aa58d9a7 |
| SHA1 | 72aa56920be6bc4157b10b045d8680abdaafdbe3 |
| SHA256 | fcaced58f5b5815d1540a263172cd0e0b7a6d26c02fbe3832cef0df5665828a5 |
| SHA512 | ced2c3028576ff2365f7d85da28a8631fa1cadeee5382b9d03fb90df4dd0e1b1251d98c38f42e6218b832c196d7e82f51f15f40c0e5e7c849010a62fd690cd7a |
C:\Windows\SysWOW64\CKSetup64.exe
| MD5 | 99729c2dd5e6dee5c789fbf82576c1aa |
| SHA1 | a0cc8bb5518642525b9a72c640f22a02ea0413e3 |
| SHA256 | 4605135cce99d87f97110c7a291eca54aa38a34ad55eebfcaa1ac180ba20a9a2 |
| SHA512 | 4c8f568ad52ed8d4225697e64cf91d5807dfa871b9cf7febd203d6df3b5d1276afbd1c41e15b079b1a3d083214d66e465b1b7b3d204669a2c12ceb60576844a5 |
C:\Windows\System32\CKAgentNXE.exe
| MD5 | 4c94daea9957df6afba14daa4b0b44ff |
| SHA1 | afb6f64e965ebea482336c7b549488e2b6db2b8b |
| SHA256 | 63f284d0253d3b69d52b247f2db002765c191d6f3d6f2827abee479c2652a12f |
| SHA512 | c6059be0f10b93c55b90c69d29586db2d36fa409bd2528a7d07f2fe682d3149cc06e35dfbacf421034508bb6956de501fc1b02a0d7812504e2ae53102052e6bb |
C:\Windows\System32\JRSKD24.SYS
| MD5 | 00b020ba591f8844c02bacdaed83d4ea |
| SHA1 | d0f8ac794a5daa5c6bb455ccb301f745cb6692e0 |
| SHA256 | 229cbf7e662406d0babfad9652e5a7591a6f43d00f028bbb6eb9fd9ad86b904d |
| SHA512 | 06762ee1b325c42c60344fe199a429850f1747d3bfcc9680e93f2c2aeb2dce431a4f4c62bbd0809d50b2287cd695daf66eab18337b3f3244bd382affab4c4d2a |
C:\Windows\System32\JRSUKD25.SYS
| MD5 | 7be815e09606621986e428f2960c280f |
| SHA1 | dd159d62817f529c9ab9fca415d0c54397531b34 |
| SHA256 | 2e15f3c1470d9ae1ceba2a22569db1042893550370eab42412fddee9120217f8 |
| SHA512 | 6fc11e85acaae07f90f1e6f5443b8bec02283f61322058b9693c3bd3e35c44ff8cb83000a70226f918ac82597b10a464d957a2542de50c87c43bddf646f68804 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 957a6b330036775e58842feeda34e378 |
| SHA1 | d996c43546c356d07219a58c8f0337acdfcea5fa |
| SHA256 | 47f36bad81aa47d5ff57865f345686d31fe5fe7ea82df6a27fd2881d5cf10eec |
| SHA512 | bf4b1cc7c8dea23bc04dadb029a6c16f761d7232f42fac6047704e3b1a61d5a0b036636e8f3ebbd99c478cf87f70f9c1310dbd952ee4b6ef6b46762f3166be90 |
memory/3124-243-0x0000000000400000-0x000000000153B000-memory.dmp
memory/3124-244-0x0000000000400000-0x000000000153B000-memory.dmp
C:\Windows\System32\CKAgent.exe
| MD5 | 10148c70d583efe33f5204ef0a309355 |
| SHA1 | 7d3e2eb28a2c8fa3e915031980a0ed07bb694072 |
| SHA256 | 986d4e4e0c9c45264425f738a045745a8b474317f91e130479208f5799d8e217 |
| SHA512 | c3b368dbff86e9fc9268acfd7fd2232a1a29ca17418a5f3ac31667032e9a8d6c5ab5cb527f089e4e4e5f664206d4f2b61ec65204989093007b40dee9ccab4d75 |
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\raon_touchenex_Install.exe
| MD5 | 8c4855b7132b88d53489a1445c04f9be |
| SHA1 | 5a71cac1ca558d251b1fc32fbba2597fbf58aff4 |
| SHA256 | 3021a1d0d62fc3621731387c7ec498460f645c50cdd8888b54a77d0016dc5133 |
| SHA512 | abe55f76b7d78cfc5eb5e1406836493dab6ca7c6df49edf48b297cafd1e5f71f4bb64f2a4350ec08a8699688fa9e9ef93b5bc9d2b3c02286f6e41c644715e88a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0a23e11a02f976a463ad99c88ebfb481 |
| SHA1 | aaabb6f14a448dbe90c044409e482f515dba7647 |
| SHA256 | cad055891073e8e5c4559e4daa7d45c84e8a9cf5e52272ac9c2c97b301f3ed20 |
| SHA512 | 433cb708b425dc742826a1071186dc6938035d4287eb5add5d5ea6b685d1f98609a47c64e986826c4c01b5aca9ff86eccdef6b71cb7597f2a3e50304db0b38fc |
C:\Users\Admin\AppData\Local\Temp\nsaF7.tmp\System.dll
| MD5 | b0c77267f13b2f87c084fd86ef51ccfc |
| SHA1 | f7543f9e9b4f04386dfbf33c38cbed1bf205afb3 |
| SHA256 | a0cac4cf4852895619bc7743ebeb89f9e4927ccdb9e66b1bcd92a4136d0f9c77 |
| SHA512 | f2b57a2eea00f52a3c7080f4b5f2bb85a7a9b9f16d12da8f8ff673824556c62a0f742b72be0fd82a2612a4b6dbd7e0fdc27065212da703c2f7e28d199696f66e |
C:\Program Files (x86)\RaonSecure\bridge\CrossEX\touchenex\1.0.1.1547\CrossEXProtocol.dll
| MD5 | 15f520c8f37eef28b3fed002d8857bf4 |
| SHA1 | cf500cdf40922effb56a22b91e92a998ab64936d |
| SHA256 | 57356e8335d6411802e2e04016e18d7ff463bf31923d1a53f94d25e2b463aa6d |
| SHA512 | 64e5c4ce99a5cca24cfa51d7ff219df1d516bf4dd5623cb3e5f3c856175fa63b1877de6195f103dd1f5d41b94f20e4c20fc307060219ee0d9dec7afb2ec37fec |
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\CrossEX_LocalService_Install.exe
| MD5 | 553cd633b61388b5fc7e8587dd5f0155 |
| SHA1 | 96cb65b0b534272003a9be6cf14237b679518380 |
| SHA256 | feec9a4cd37be6f05d6c99bb0fd93e4aed2c04501ea419e8b773b14ad1803389 |
| SHA512 | 21afa6b1b689185d1d86a163c90478199764e92b8d0a9fca3b4dc63806642c6569d26f98abaa1907f62177abff196d1825edd3634b7905ba76b290dc325834ee |
C:\Users\Admin\AppData\Local\Temp\nsm359.tmp\System.dll
| MD5 | 75ed96254fbf894e42058062b4b4f0d1 |
| SHA1 | 996503f1383b49021eb3427bc28d13b5bbd11977 |
| SHA256 | a632d74332b3f08f834c732a103dafeb09a540823a2217ca7f49159755e8f1d7 |
| SHA512 | 58174896db81d481947b8745dafe3a02c150f3938bb4543256e8cce1145154e016d481df9fe68dac6d48407c62cbe20753320ebd5fe5e84806d07ce78e0eb0c4 |
C:\Program Files (x86)\iniLINE\CrossEX\crossex\rootCA.crt
| MD5 | 4b1b31388b4eb3b180e3139452dcf226 |
| SHA1 | 9ec8eee9b03c73ecd42647b02fdbb97ab17d1e6e |
| SHA256 | a938612c2c61b4dca94d64c7aae466b66114f67e0116d0104e1c2e34c10ae782 |
| SHA512 | 750eccef84f7b527a59db3d2fd60c308685d7d48bbc581bd47d3422762f3bcc1fbf90293e7f0240ed028f6cd785729b1f5fd18e5f4af6fcf161e70546f8fe749 |
C:\Program Files (x86)\iniLINE\CrossEX\crossex\CrossEXService.exe
| MD5 | 9ecd93d8924a0cd878cbe89f1925ae28 |
| SHA1 | fe8da43f4582a68c83217f7046cec2516e29749f |
| SHA256 | fc389c5e12b2f863fd6ee1a55bb40058907afc04262706d133fdf175869e6972 |
| SHA512 | 1465365e8ca1014acfda7b8ee09f5384b444a102881f4446b869295a4941f2dbc521636c92d039365c2d2648bf9ce691c0a336f86e429a594005ee6396214dc3 |
C:\Users\Admin\AppData\Local\Temp\nsm359.tmp\nsExec.dll
| MD5 | 3d366250fcf8b755fce575c75f8c79e4 |
| SHA1 | 2ebac7df78154738d41aac8e27d7a0e482845c57 |
| SHA256 | 8bdd996ae4778c6f829e2bcb651c55efc9ec37eeea17d259e013b39528dddbb6 |
| SHA512 | 67d2d88de625227ccd2cb406b4ac3a215d1770d385c985a44e2285490f49b45f23ce64745b24444e2a0f581335fda02e913b92781043e8dfd287844435ba9094 |
C:\Program Files (x86)\iniLINE\CrossEX\crossex\ObCrossEXService.exe
| MD5 | 5ea501a38126f38a5453d5c7838f084f |
| SHA1 | da927adb7c1eb37171d1e0eface5d3ec6c67de91 |
| SHA256 | fd233b6caf0ad2d5a8959b3d5387cc00e6da57642cb1d5471b359b7ff42fe279 |
| SHA512 | 978f01a45e5cc8d280fb4fca2343e3930582d288aeefe7fa03e11527b1ff8c066580b52a3705c7fbad7a2c61c991a4c69a03497f3a6fef3e558f401e14dc373a |
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\FFCert.exe
| MD5 | 1722924dc2aa30828221347020f4aa32 |
| SHA1 | 0697fba169e80df58812f271650ea6dfed6034dd |
| SHA256 | b42802a1fbce0d7c761693d86813f04a13386d8b05eb3f49d2f8c8ebcea6f1f9 |
| SHA512 | 559cdaeafc59fa7dbca694902bd2e8b6d6845d13a3a16cf39f71f5f725aaa16a5d7db07d44c4ccdf385912b759c9bec1341816cb658459e50b3d9c2eb36f8c40 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\Firefox_CertUtil.exe
| MD5 | b4968bf6adb62ea03519705caedcb842 |
| SHA1 | 8c17c9f99ce163c931451773aaafa36282bb61c7 |
| SHA256 | e1b358325eb3d27395db248bc6a2bcc3f310c91e6d3ca9accefa50f41db62499 |
| SHA512 | 847b40edfc8d08a76eb90c1629f721b950e2d1171613c8bf00f2c9a9424208a76ff0d554c49197fab9227769017c8dbe9c4b8c25964239483fde5080f7b7b201 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\certutil.exe
| MD5 | 0c6b43c9602f4d5ac9dcf907103447c4 |
| SHA1 | 7a77c7ae99d400243845cce0e0931f029a73f79a |
| SHA256 | 5950722034c8505daa9b359127feb707f16c37d2f69e79d16ee6d9ec37690478 |
| SHA512 | b21b34a5886a3058ce26a6a5a6ead3b1ebae62354540492fb6508be869e7d292b351c0913461b47c4cc0c6a73333aad33cd9399bcb1f83c7dacfdb7f2ee1f7a9 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\nssutil3.dll
| MD5 | c26e940b474728e728cafe5912ba418a |
| SHA1 | 7256e378a419f8d87de71835e6ad12faadaaaf73 |
| SHA256 | 1af1ac51a92b36de8d85d1f572369815404912908c3a489a6cd7ca2350c2a93d |
| SHA512 | bd8673facd416c8f2eb9a45c4deef50e53d0bc41e6b3941fc20cda8e2d88267205526dadb44bd89869bd333bf7d6f8db589c95997e1f3322f7a66a09d562b1df |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\nss3.dll
| MD5 | a1c4628d184b6ab25550b1ce74f44792 |
| SHA1 | c2c447fd2fda68c0ec44b3529a2550d2e2a8c3bc |
| SHA256 | 3f997d3f1674de9fd119f275638861bc229352f12c70536d8c83a70fcc370847 |
| SHA512 | 07737ac24c91645d9b4d376327b84cb0b470cecbad60920d7ee0e9b11ef4eeb8ee68fb38bf74b5d1f8817d104cecc65e461950242d940e8ff9ca64ce9d3ffbb7 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\smime3.dll
| MD5 | a5c670edf4411bf7f132f4280026137b |
| SHA1 | c0e3cbdde7d3cebf41a193eeca96a11ce2b6da58 |
| SHA256 | aba2732c7a016730e94e645dd04e8fafcc173fc2e5e2aac01a1c0c66ead1983e |
| SHA512 | acfcde89a968d81363ae1cd599a6a362b047ae207722fea8541577ac609bc5fefb2231ed946e13f0b4b3bcd56b947c13837c1b9e360d521ec7d580befcbb0f46 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\libplc4.dll
| MD5 | 1fae68b740f18290b98b2f9e23313cc2 |
| SHA1 | fa3545dc8db38b3b27f1009e1d61dc2949df3878 |
| SHA256 | 751c2156dc00525668dd990d99f7f61c257951c3fad01c0ee6359fcdff69f933 |
| SHA512 | 5386aad83c76c625e2d64439b2b25bda8d0f8b1eb9344b58306883b66675d1f1e98e3189c1bc29cd4b2c98a9d4a594761488aae04d3748bba5775a51425b11ec |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\libplds4.dll
| MD5 | 9ae76db13972553a5de5bdd07b1b654d |
| SHA1 | 0c4508eb6f13b9b178237ccc4da759bff10af658 |
| SHA256 | 38a906373419501966daf6ec19ca2f8db7b29609128ae5cb424d2aa511652c29 |
| SHA512 | db6fd98a2b27dd7622f10491bba08793d26ab59016d6862168aad278644f737dddbd312a690ded5091d5e999dc3c3518fd95b200124be8349829e5ce6685cf4b |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\msvcr100.dll
| MD5 | bf38660a9125935658cfa3e53fdc7d65 |
| SHA1 | 0b51fb415ec89848f339f8989d323bea722bfd70 |
| SHA256 | 60c06e0fa4449314da3a0a87c1a9d9577df99226f943637e06f61188e5862efa |
| SHA512 | 25f521ffe25a950d0f1a4de63b04cb62e2a3b0e72e7405799586913208bf8f8fa52aa34e96a9cc6ee47afcd41870f3aa0cd8289c53461d1b6e792d19b750c9a1 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\libnspr4.dll
| MD5 | 6e84af2875700285309dd29294365c6a |
| SHA1 | fc3cb3b2a704250fc36010e2ab495cdc5e7378a9 |
| SHA256 | 1c158e680749e642e55f721f60a71314e26e03e785cd92e560bf650b83c4c3c8 |
| SHA512 | 0add9479b2fd631bafc617c787bca331e915edc6a29dd72269b6a24490ec1c85e677698e07944f5ff3bd8d849d3d20ace61a194a044c697fefcf992c6f05e747 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\softokn3.dll
| MD5 | 2ab31c9401870adb4e9d88b5a6837abf |
| SHA1 | 4f0fdd699e63f614d79ed6e47ef61938117d3b7a |
| SHA256 | 22ecece561510f77b100cff8109e5ed492c34707b7b14e0774aaa9ca813de4ad |
| SHA512 | bc58c4da15e902351f1f161e9d8c1ee4d10aceb5eda7def4b4454cadf4cd9f437118ba9d63f25f4f0a5694e9d34a4def33d40ad51efb1cdebb6f02a81c481871 |
C:\Users\Admin\AppData\Local\Temp\ffcert_raon\bin\sqlite3.dll
| MD5 | b58848a28a1efb85677e344db1fd67e6 |
| SHA1 | dad48e2b2b3b936efc15ac2c5f9099b7a1749976 |
| SHA256 | 00db98ab4d50e9b26ecd193bfad6569e1dd395db14246f8c233febba93965f7a |
| SHA512 | 762b3bd7f1f1a5c3accde8c36406b9beadd4270c570eb95a05935c1f7731513938ae5e99950c648b1eacdd2a85f002319b78b7e4ea9577c72335a2fa54796b13 |
C:\Users\Admin\AppData\Local\Temp\~RAPack1821484\_Install.ini
| MD5 | ca648cd0ab9154254c2378233bb549cd |
| SHA1 | 4e938bbfc40b190d8985b1cd08232483c180b573 |
| SHA256 | 0eadd7302e441b277f1e7698a473ae44ef4f3ff078e9dc8797870e2eb5240157 |
| SHA512 | 418b7c33807252f31486341f395849f45ed855a6b46936f89bfc7031c8d12f1a4d84d76012eb38e2f0d279c954b9488be2de6afa73c99707a35e825fea634cf8 |
C:\Program Files (x86)\RaonSecure\TouchEn nxKey\TKMain.dll
| MD5 | a27e675886ae27ea5d3ca4f1e8b7bb94 |
| SHA1 | 1fd2406ada2a54ec60470ddf05d5ab0f982ef06b |
| SHA256 | 707dae034ee366523939679938ff4ae440f03ee562cbf4a5f7c10547ab652e6a |
| SHA512 | 6354df992e2a600e9b99ae9bf7deb5c5a74a3231e1ada0e6ed502dbaaebadb89d9664d85d1f099c120e34ea3f60f0c8300188be339f4948d332ff1fc57e04ba6 |
memory/3124-522-0x0000000000400000-0x000000000153B000-memory.dmp
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f62872e09557e213a126800b1782d7e6 |
| SHA1 | aab58bfaf9fa438fc2299db1c6cae6187a2aef17 |
| SHA256 | 32ac3d92bb623f0bc6c38ff576d980aefd99cc2d5443e39d2c1b3f407d6e90d4 |
| SHA512 | c564c2b4eb421a424450928e23a8af736e53ff9fa4b7a1871ccca42f70210d663183ec27d82d5e3ca6e88deb161f598f2151989d52ee399e426f0333313fa017 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 582eb20157afc74a7f514d4396207356 |
| SHA1 | f3db8d4c1f7c6a837201a219540a32991babcacc |
| SHA256 | abbb0d0d61d8ba0f556fbd77ee3acfecb1bd01cef9c0fc2bd05b7b35799f5eac |
| SHA512 | 3f2d7bfae0f079ceae784bfc13b111e2f7034450cfdac6c9a25cba0e4756e942bd6c623c9f0b0133cd7dc57734fb4ca3482a766f91ed7c6a215ca8174ecacbad |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e6b944f2e9403f1fbf9720de51221c19 |
| SHA1 | d61598af515e50c2bf0e0b3c2c10d0040f22808a |
| SHA256 | ef00e4a1e142808bb68ea9dcdeaf13bff16a934f661109395f542fa5cf9c55ac |
| SHA512 | 35e01fdb5beeb30a79c7904158d3682030d78460027955e24ad807bc7397d47f7786017e862d295863039578ebeb36cce21b2fe45e8a7afa4a60796d7d223b9a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | e2dac0d59aadd8e5f31b37149ba5e4b5 |
| SHA1 | e150b410390abd2b18754cb223f4cdab02ca6e28 |
| SHA256 | 41573d7d1dd55f861cc504808365a773458a07e70957b15b55ae08ee83effa39 |
| SHA512 | 36717062366df12e5684653f4269b7d6e0e7d0d0d432e780b48f01c32e500c8cc65671687f64d2a7086180109b9a33f689adae91cae2d13e1ce9fd83c3b68578 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | f9919b6fddce1b0f317db5e4601f26fb |
| SHA1 | 8559e2d59c237572ceb0ec72378e00912c943e1c |
| SHA256 | eda9cad17033b04e46ce074680dce5b710a7f79afc0fd6d783ba8f647b7387bb |
| SHA512 | f9e1f73dd0156792f9feb21d4fda48f9e7d67b31d1bb6d058fcf7944a7216f210894833dede6437bb028f22696b7098f5ece8f0631ca18dff62ca80eb13dda01 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dd635e1eb5741e446bd015cf699acc92 |
| SHA1 | 8fb70aa5b8c6c23e79b683ef1743f7ff2ec1e4bc |
| SHA256 | 5e8f8d6e97c6ec92da210eb635285e83a24179f3a57ced700fd75c4311121d08 |
| SHA512 | aae06c925b99dcddfcb667159111aa7665b8963fcede2c75a6cfcbbe817b9b4e7eb51a68684d74300f69a4e181f5a9ea772a37071a7c3b4f7c700a089827a43a |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 9d1b707a8169939b10c4dcc0a3ba3b17 |
| SHA1 | ff65a450498a22064747c478db7c043bc9f17ce7 |
| SHA256 | d350037a59899d2cf49461f6cf4e192431712440d1a0d63823ca67f1f1faff19 |
| SHA512 | 820b2b00709dcb99782c0f6d0825681145f0ef22358e7cf09812f295825b0f1a9125d12d5c9532e43d5d66b29357e6310be887f8bab987f96b558f9562b54207 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 4c49757298192440a4c4cdfd050b6fe5 |
| SHA1 | f938765aa459fd7ab26f2086059d95e59eb9daa6 |
| SHA256 | 3a15c84d31ef40d1a41cf60112c75c28178836efa4ca065fafdc2a994733aa50 |
| SHA512 | c0c2591119b66b857f8e09fb72c5ae12b3b10e4e9e29b84d033838a124bba685e989968347404d9dbb1b06c84a64bbbd3b57ba307fdd6a38065589ae5bd4cbf2 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 0115de8023e58f7eb3d9129afe0e9f6f |
| SHA1 | eec869c54dab8f909bbf34db2969efdb06427fc7 |
| SHA256 | 721d39388f54737a39bf2dac1d62345026173147a61a0dc717dcce37a650b138 |
| SHA512 | 2c9ed1df69d37e1418eabe5ae2816e51275242bab7553e82f7aa03f2e96ebbbc5c99ddb82e58e107a2382bf381616eeff42ca85c6c25b712efd2f7d27dfd8c09 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | a641948222a4c25d4a6538c6bb9b8ace |
| SHA1 | b4e6ce553ff734a603c6f5e32cb8e3f8f0bb842c |
| SHA256 | 5e76221b865739751645eeb4185fc9920bdac6e847a4eddc2e635a8ad60050e8 |
| SHA512 | 1a420331524c1fb5372c256c1b8e2e3a97df9da67d028c2e9b30161e05ada2400f6896352530f58a3249bf9fe3e301488354524e2a6212314c49f7534c733f6b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 7b42954b38008c8fa165ec87162dea16 |
| SHA1 | e66e6231f42fbfaa3e0358804e517c9468be08be |
| SHA256 | b7da7270c551e8f9c8b90f27ae49b908d1d589beb11135b0c669aa40302d8bb5 |
| SHA512 | 91cd06faf4f1e4be7d5f460f244d027fbe2cde16c1f779eb37635502975389b80c4cd287687616b13ed50c92bb792cf3078d28ed45dfa8f22d66f9f40642beb8 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 55a2739be9834a3b6afb5c1b66ed8379 |
| SHA1 | 73ecad948371319bf1a4a7fb352a1930b13ca0c5 |
| SHA256 | 0369601fe6e5b6838c23933a738690f9607328c8e72b19a31cd138e6ec173c5e |
| SHA512 | d80a8d649b13dbbf4854c934b2b23d23cdd622c227b3fef62deede5a2a84031ad042eb65bf99dfe7620e8f8718c11d8c95c0cc3a3f999bd68565d8c39e8468d5 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | fd72d888f5271ac9da7c4811a0cf491f |
| SHA1 | 7cfd72224a8639525f09a27f38b4e214a8f32859 |
| SHA256 | 36c444d67c1fec43d5c0f5a8c753c626da1bb2bda8a1ba38ca9136bad5d7b5bd |
| SHA512 | de2d4af48559c1be7da08f7d66346011721f17a4728fd2121863cd9206772bcdb9632d1d1c19d87658de7b1da0b5f892bdf198f3d01969770a9043fd509afecd |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 043bf9c2471bf690ca54a96362698b5e |
| SHA1 | d8143738a02c5a48394049eeb5ea0253da7070ac |
| SHA256 | d30b436f52f526bfca3f2f35c7b5f1c303c8c78750c5229795826264327d6b41 |
| SHA512 | 539540c0a52e80a2a8835b3a4c3911458b740c8e8ed0c413d5c3a56eaf28ce004978b2098edf36e9f5a454a70613381d4b5f4366ed4a3f33eefa3f8b3cf33635 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | dbd196dd4d413ea0cc082bd8ed7e50bf |
| SHA1 | 2e44f7cc3bfa47950b0036631e755566112c5af9 |
| SHA256 | b8ce61e23f506f0c2224106bbbd1d5d3009f2fe2d445b95fc82fbb64389fa51f |
| SHA512 | f007c5523af872cfaf98f154546330a92f5ba307624c73ec2c62387eaa905b9be6fb64951d4ee56713676b5c0323bb5ceb198b3d32ad21415c0d1338cb2f5520 |