Analysis Overview
SHA256
7b7f665e2a046ad30257ecd77257cd33b306dd73a17a5fce238b5a1038d592bd
Threat Level: Known bad
The file testit.exe was found to be: Known bad.
Malicious Activity Summary
HawkEye
Hawkeye family
Remcos family
Modifies security service
Drops file in Drivers directory
Downloads MZ/PE file
Modifies Windows Firewall
Checks computer location settings
Executes dropped EXE
Loads dropped DLL
Adds Run key to start application
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Unsigned PE
Event Triggered Execution: Netsh Helper DLL
Enumerates physical storage devices
Browser Information Discovery
System Location Discovery: System Language Discovery
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of SetWindowsHookEx
Suspicious use of SendNotifyMessage
Suspicious use of AdjustPrivilegeToken
Suspicious use of WriteProcessMemory
Enumerates system info in registry
Suspicious use of FindShellTrayWindow
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Checks SCSI registry key(s)
Modifies data under HKEY_USERS
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: LoadsDriver
Uses Task Scheduler COM API
Modifies registry class
Checks processor information in registry
Suspicious behavior: AddClipboardFormatListener
NTFS ADS
MITRE ATT&CK
Enterprise Matrix V15
Analysis: static1
Detonation Overview
Reported
2024-12-05 08:02
Signatures
Remcos family
Unsigned PE
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
Analysis: behavioral1
Detonation Overview
Submitted
2024-12-05 08:02
Reported
2024-12-05 08:20
Platform
win10v2004-20241007-en
Max time kernel
1050s
Max time network
1048s
Command Line
Signatures
HawkEye
Hawkeye family
Modifies security service
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MpsSvc\Parameters\PortKeywords\Teredo | C:\Windows\System32\svchost.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Parameters\PortKeywords\Teredo\Collection | C:\Windows\System32\svchost.exe | N/A |
Downloads MZ/PE file
Drops file in Drivers directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\System32\drivers\SET2AEE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\drivers\SET2AEE.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\drivers\RvNetMP60.sys | C:\Windows\system32\DrvInst.exe | N/A |
Modifies Windows Firewall
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\testit.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\Downloads\Radmin_VPN_1.4.4642.1.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\is-BNKGK.tmp\Radmin_VPN_1.4.4642.1.tmp | N/A |
| N/A | N/A | C:\Windows\Installer\MSI266B.tmp | N/A |
| N/A | N/A | C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | N/A |
Loads dropped DLL
Adds Run key to start application
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\RadminVPN = "\"C:\\Program Files (x86)\\Radmin VPN\\RvRvpnGui.exe\" /minimized" | C:\Windows\system32\msiexec.exe | N/A |
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\System32\DriverStore\drvstore.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\netmp60.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e} | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\netmp60.PNF | C:\Windows\Installer\MSI266B.tmp | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\msmouse.inf_amd64_1793a485b491b199\msmouse.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\netrtl64.inf_amd64_8e9c2368fe308df2\netrtl64.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\RvNetMP60.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\netmp60.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\SET2860.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\CatRoot2\dberr.txt | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\hdaudbus.inf_amd64_533c8d455025cc59\hdaudbus.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_amd64_0d06b6638bdb4763\mshdc.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\machine.inf_amd64_b748590104fe1c15\machine.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\SET283F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\SET285F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\SET283F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\SET2860.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\RvNetMP60.sys | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\NetMP60.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\RadminVpn_setupapi_20241205_080458493.log | C:\Windows\Installer\MSI266B.tmp | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\usbport.inf_amd64_254cd5ae09de6b08\usbport.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\input.inf_amd64_adeb6424513f60a2\input.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\SET285F.tmp | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\System32\DriverStore\Temp\{af12844a-224d-8445-b597-0526b8b9bc1e}\NetMP60.cat | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\System32\DriverStore\FileRepository\keyboard.inf_amd64_5938c699b80ebb8f\keyboard.PNF | C:\Windows\SysWOW64\dxdiag.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files (x86)\Radmin VPN\amt.ini | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-heap-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\CHATLOGS\info.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Radmin30.chm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_hu_HU.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1048.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-synch-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_lt_LT.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_nb_NO.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1054.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-handle-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvTCPConnect.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1037.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-datetime-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-time-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvDownloader.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_da_DK.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\eula.txt | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\vcruntime140.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1028.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1041.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1049.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1086.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-file-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_pl_PL.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\unicows.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\2052.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-debug-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-util-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Qt5Gui.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_id_ID.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\vcintcx.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\voicex.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-errorhandling-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-processthreads-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvFwHelper.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Driver.1.1\NetMP60.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Qt5Widgets.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_ar_SA.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_el_GR.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_uk_UA.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1046.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\ChatLPCx.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Qt5Core.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Qt5WinExtras.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_cs_CZ.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_he_IL.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\1044.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\drvinst.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRolUpdater.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvRvpnGui_th_TH.qm | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\WinLpcDl.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-utility-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Driver.1.0\NetMP60.inf | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvGuiStarter.exe | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\3082.lng_rad | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-core-synch-l1-2-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-environment-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-locale-l1-1-0.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\Qt5Svg.dll | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Program Files (x86)\Radmin VPN\RvEnetConnect.dll | C:\Windows\system32\msiexec.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File opened for modification | C:\Windows\Installer\e59141b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\svchost.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File created | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\inprogressinstallinfo.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI1EC9.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\INF\setupapi.dev.log | C:\Windows\Installer\MSI266B.tmp | N/A |
| File created | C:\Windows\Installer\e59141b.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9}\ProductIcon | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI266B.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\inf\oem3.inf | C:\Windows\system32\DrvInst.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI2CB5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\e59141f.msi | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\SourceHash{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9} | C:\Windows\system32\msiexec.exe | N/A |
Browser Information Discovery
Enumerates physical storage devices
Event Triggered Execution: Netsh Helper DLL
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key value enumerated | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key queried | \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh | C:\Windows\SysWOW64\netsh.exe | N/A |
System Location Discovery: System Language Discovery
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\is-BNKGK.tmp\Radmin_VPN_1.4.4642.1.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\Downloads\Radmin_VPN_1.4.4642.1.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\syswow64\MsiExec.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Users\Admin\AppData\Local\Temp\testit.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\cmd.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language | C:\Windows\SysWOW64\netsh.exe | N/A |
Checks SCSI registry key(s)
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\system32\svchost.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 | C:\Windows\system32\svchost.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 | C:\Windows\system32\DrvInst.exe | N/A |
| Key opened | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 | C:\Windows\system32\DrvInst.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters | C:\Windows\system32\DrvInst.exe | N/A |
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~Mhz | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\VendorIdentifier | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
Enumerates system info in registry
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key deleted | \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\Installer\MSI266B.tmp | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%systemroot%\system32\FirewallControlPanel.dll,-12122 = "Windows Defender Firewall" | C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" | C:\Windows\System32\svchost.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27 | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CRLs | C:\Windows\system32\DrvInst.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates | C:\Windows\Installer\MSI266B.tmp | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople | C:\Windows\Installer\MSI266B.tmp | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1 | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F\f_exe | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\AdvertiseFlags = "388" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Media\1 = ";" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove\ = "Programmable" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\ProgID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\VersionIndependentProgID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\is-6C3LR.tmp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7} | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ThreadingModel = "Apartment" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Media | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ = "DxDiagClassObject Class" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1 | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\is-6C3LR.tmp\\" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{FE5A1463-4AF5-46D8-9570-26F468707DF8} | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32\ = "C:\\Windows\\SysWOW64\\dxdiagn.dll" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer\ = "DxDiag.DxDiagClassObject.1" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ProgID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\ = "DxDiagClassObject Class" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{A65B8071-3BFE-4213-9A5B-491DA4461CA7}\InprocServer32 | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F\f_viewer | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Language = "1033" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DC8202FE7C90E71498671B8FE6BB092E | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CurVer | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\ = "DxDiagProvider Class" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\PackageCode = "17C5BD852BFC91540874754C6DF8C806" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\PackageName = "RadminVPN_1.4.4642.1.msi" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID\ = "DxDiag.DxDiagClassObject" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\ForceRemove | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\InstanceType = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DC8202FE7C90E71498671B8FE6BB092E\9713ADC21A76A014189ABAA1F48DD99F | C:\Windows\system32\msiexec.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Clients = 3a0000000000 | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Assignment = "1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\DeploymentFlags = "3" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject\CLSID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CurVer | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Version = "17044002" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Net | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\ = "DxDiagClassObject Class" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3227495264-2217614367-4027411560-1000_Classes\Local Settings | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B} | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-3227495264-2217614367-4027411560-1000\{4DB36D8A-118B-43F9-A5BF-C72A2D0352EF} | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\VersionIndependentProgID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\ProductName = "Radmin VPN 1.4.1" | C:\Windows\system32\msiexec.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\ProductIcon = "C:\\Windows\\Installer\\{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9}\\ProductIcon" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider\CLSID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F\f_radmin | C:\Windows\system32\msiexec.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\AuthorizedLUAApp = "0" | C:\Windows\system32\msiexec.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\CLSID | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagClassObject.1\CLSID\ = "{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{EEB1CAE3-D0B2-446E-AEDE-727AA9089A1B}\InprocServer32 | C:\Windows\SysWOW64\dxdiag.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\DxDiag.DxDiagProvider.1\ = "DxDiagProvider Class" | C:\Windows\SysWOW64\dxdiag.exe | N/A |
NTFS ADS
| Description | Indicator | Process | Target |
| File opened for modification | C:\Users\Admin\Downloads\Unconfirmed 429674.crdownload:SmartScreen | C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe | N/A |
Suspicious behavior: AddClipboardFormatListener
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | N/A |
Suspicious behavior: EnumeratesProcesses
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\testit.exe | N/A |
Suspicious behavior: LoadsDriver
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
Suspicious use of AdjustPrivilegeToken
Suspicious use of FindShellTrayWindow
Suspicious use of SendNotifyMessage
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Program Files\Mozilla Firefox\firefox.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | N/A |
| N/A | N/A | C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe | N/A |
| N/A | N/A | C:\Windows\SysWOW64\dxdiag.exe | N/A |
Suspicious use of WriteProcessMemory
Uses Task Scheduler COM API
Processes
C:\Users\Admin\AppData\Local\Temp\testit.exe
"C:\Users\Admin\AppData\Local\Temp\testit.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1992 -parentBuildID 20240401114208 -prefsHandle 1924 -prefMapHandle 1916 -prefsLen 23680 -prefMapSize 244658 -appDir "C:\Program Files\Mozilla Firefox\browser" - {05e1fa1d-7453-4c5b-b82c-bcc0818415a6} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" gpu
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2408 -parentBuildID 20240401114208 -prefsHandle 2400 -prefMapHandle 2396 -prefsLen 23716 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {3eaa0297-0b6f-4f9a-b6fc-f098655dcd8f} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" socket
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2864 -childID 1 -isForBrowser -prefsHandle 2856 -prefMapHandle 2860 -prefsLen 23857 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {54f1c148-71a3-4350-8482-2b64c76f69be} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4084 -childID 2 -isForBrowser -prefsHandle 4076 -prefMapHandle 4072 -prefsLen 29090 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {96c1a0bd-b8f0-4aee-ad84-437576f1316c} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=4804 -parentBuildID 20240401114208 -sandboxingKind 0 -prefsHandle 4992 -prefMapHandle 4692 -prefsLen 29197 -prefMapSize 244658 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {b04005ba-fdb0-45d0-92c1-6d52ce39befd} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" utility
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=5384 -childID 3 -isForBrowser -prefsHandle 5364 -prefMapHandle 5360 -prefsLen 27132 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {507512e9-4feb-4a8c-8cdc-e3bec51e8014} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=1516 -childID 4 -isForBrowser -prefsHandle 5644 -prefMapHandle 5548 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {5f38fbf5-bb36-4bf7-b4bb-32c63282ce0c} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=2752 -childID 5 -isForBrowser -prefsHandle 5556 -prefMapHandle 2820 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {794b9df2-ead6-4c31-a2b7-58df19887c06} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" tab
C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe" -contentproc --channel=6136 -childID 6 -isForBrowser -prefsHandle 6068 -prefMapHandle 6060 -prefsLen 27211 -prefMapSize 244658 -jsInitHandle 908 -jsInitLen 234952 -parentBuildID 20240401114208 -win32kLockedDown -appDir "C:\Program Files\Mozilla Firefox\browser" - {9db86d93-1503-4102-a880-453e759247eb} 1784 "\\.\pipe\gecko-crash-server-pipe.1784" tab
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x11c,0x120,0x124,0xf8,0x128,0x7ff901ff46f8,0x7ff901ff4708,0x7ff901ff4718
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2060 /prefetch:2
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2168 /prefetch:3
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2936 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3416 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=5 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3432 /prefetch:1
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Windows\System32\CompPkgSrv.exe
C:\Windows\System32\CompPkgSrv.exe -Embedding
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5096 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4752 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=9 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3492 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=10 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5292 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5184 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4860 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5384 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4788 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5848 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=5436 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4764 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=6276 /prefetch:8
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6436 /prefetch:8
C:\Users\Admin\Downloads\Radmin_VPN_1.4.4642.1.exe
"C:\Users\Admin\Downloads\Radmin_VPN_1.4.4642.1.exe"
C:\Users\Admin\AppData\Local\Temp\is-BNKGK.tmp\Radmin_VPN_1.4.4642.1.tmp
"C:\Users\Admin\AppData\Local\Temp\is-BNKGK.tmp\Radmin_VPN_1.4.4642.1.tmp" /SL5="$90220,21145108,189952,C:\Users\Admin\Downloads\Radmin_VPN_1.4.4642.1.exe"
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding AF8EC9CD94CC81B7EA8AB0068D8209B6
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=244 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6096 /prefetch:1
C:\Windows\Installer\MSI266B.tmp
"C:\Windows\Installer\MSI266B.tmp" install "C:\Program Files (x86)\Radmin VPN\Driver.1.1\NetMP60.inf" "C:\Program Files (x86)\Radmin VPN\Driver.1.0\NetMP60.inf" ad_InstallDriver_64 ""
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall
C:\Windows\system32\DrvInst.exe
DrvInst.exe "4" "1" "c:\program files (x86)\radmin vpn\driver.1.1\netmp60.inf" "9" "42f731a47" "000000000000014C" "WinSta0\Default" "000000000000015C" "208" "c:\program files (x86)\radmin vpn\driver.1.1"
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=2996 /prefetch:1
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe
"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2044,107587314809498862,4578581162249901102,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=4 --enable-main-frame-before-activation --renderer-client-id=24 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6580 /prefetch:1
C:\Windows\system32\DrvInst.exe
DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:c36c271bc64eefc9:RVpnNetMP.ndi:15.39.54.8:{b06d84d1-af78-41ec-a5b9-3cce676528b2}\rvnetmp60," "42f731a47" "000000000000014C"
C:\Windows\syswow64\MsiExec.exe
C:\Windows\syswow64\MsiExec.exe -Embedding 85A4D45C701A289D12FB684A48662C1D E Global\MSI0000
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Radmin VPN Control Service" dir=in action=allow program="C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe" enable=yes profile=any edge=yes
C:\Windows\SysWOW64\netsh.exe
netsh advfirewall firewall add rule name="Radmin VPN icmpv4" action=allow enable=yes dir=in profile=any remoteip=26.0.0.0/8 protocol=icmpv4
C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe
"C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe" /service
C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe
"C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe" /show
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ipv4 set interface interface="Radmin VPN" metric=1
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe interface ipv4 set interface interface="Radmin VPN" metric=1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ip delete route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe interface ip delete route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ip add route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1 publish=Yes metric=9256
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe interface ip add route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1 publish=Yes metric=9256
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ip add address name="Radmin VPN" addr=26.127.113.186 mask=255.0.0.0 gateway=26.0.0.1 gwmetric=9256
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe interface ip add address name="Radmin VPN" addr=26.127.113.186 mask=255.0.0.0 gateway=26.0.0.1 gwmetric=9256
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ipv6 add address interface="Radmin VPN" address=fdfd::1a7f:71ba
C:\Windows\SysWOW64\netsh.exe
C:\Windows\system32\netsh.exe interface ipv6 add address interface="Radmin VPN" address=fdfd::1a7f:71ba
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc
C:\Windows\SysWOW64\dxdiag.exe
"C:\Windows\System32\dxdiag.exe" /t C:\Users\Admin\AppData\Local\Temp\sysinfo.txt
C:\Windows\System32\rundll32.exe
C:\Windows\System32\rundll32.exe C:\Windows\System32\shell32.dll,SHCreateLocalServerRunDll {9aa46009-3ce0-458a-a354-715610a075e6} -Embedding
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 8.8.8.8.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | 58.55.71.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.210.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 95.221.229.192.in-addr.arpa | udp |
| N/A | 127.0.0.1:51675 | tcp | |
| US | 8.8.8.8:53 | spocs.getpocket.com | udp |
| US | 8.8.8.8:53 | firefox-api-proxy.cdn.mozilla.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy.cdn.mozilla.net | tcp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.ads.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.content-signature-chains.prod.webservices.mozgcp.net | udp |
| US | 34.149.97.1:443 | firefox-api-proxy-prod.pocket.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | shavar.prod.mozaws.net | udp |
| US | 8.8.8.8:53 | prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 1.97.149.34.in-addr.arpa | udp |
| US | 8.8.8.8:53 | firefox-settings-attachments.cdn.mozilla.net | udp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 34.117.121.53:443 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | tcp |
| US | 8.8.8.8:53 | attachments.prod.remote-settings.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | 83.106.226.44.in-addr.arpa | udp |
| N/A | 127.0.0.1:51684 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | tcp |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | www.google.com | udp |
| GB | 142.250.187.196:443 | www.google.com | udp |
| US | 8.8.8.8:53 | 196.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 227.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 195.187.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 241.42.69.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 53.210.109.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 172.214.232.199.in-addr.arpa | udp |
| US | 8.8.8.8:53 | location.services.mozilla.com | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 35.190.72.216:443 | location.services.mozilla.com | tcp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.balrog.prod.cloudops.mozgcp.net | udp |
| US | 8.8.8.8:53 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 35.190.72.216:443 | prod.classify-client.prod.webservices.mozgcp.net | udp |
| US | 8.8.8.8:53 | ciscobinary.openh264.org | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 88.221.134.155:80 | ciscobinary.openh264.org | tcp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | tcp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | a19.dscg10.akamai.net | udp |
| US | 8.8.8.8:53 | redirector.gvt1.com | udp |
| GB | 142.250.180.14:443 | redirector.gvt1.com | udp |
| US | 8.8.8.8:53 | r4---sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4---sn-5hne6n6e.gvt1.com | tcp |
| US | 8.8.8.8:53 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | r4.sn-5hne6n6e.gvt1.com | udp |
| NL | 172.217.132.233:443 | r4.sn-5hne6n6e.gvt1.com | udp |
| US | 8.8.8.8:53 | 201.181.244.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.72.190.35.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 155.134.221.88.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 14.180.250.142.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 233.132.217.172.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | www.google.com | udp |
| US | 8.8.8.8:53 | 83.210.23.2.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | 95.242.123.52.in-addr.arpa | udp |
| US | 95.100.195.182:443 | www.bing.com | tcp |
| US | 95.100.195.182:443 | www.bing.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | r.bing.com | udp |
| US | 8.8.8.8:53 | th.bing.com | udp |
| US | 8.8.8.8:53 | 182.195.100.95.in-addr.arpa | udp |
| US | 95.100.195.146:443 | th.bing.com | tcp |
| US | 95.100.195.182:443 | r.bing.com | tcp |
| US | 95.100.195.182:443 | r.bing.com | tcp |
| US | 95.100.195.146:443 | th.bing.com | tcp |
| US | 8.8.8.8:53 | login.microsoftonline.com | udp |
| US | 8.8.8.8:53 | 146.195.100.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.160.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 68.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 237.21.107.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | www.radmin-vpn.com | udp |
| US | 104.26.14.96:80 | www.radmin-vpn.com | tcp |
| US | 104.26.14.96:80 | www.radmin-vpn.com | tcp |
| US | 104.26.14.96:443 | www.radmin-vpn.com | tcp |
| US | 8.8.8.8:53 | 96.14.26.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | ajax.googleapis.com | udp |
| GB | 216.58.213.10:443 | ajax.googleapis.com | tcp |
| US | 8.8.8.8:53 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | stats.g.doubleclick.net | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| GB | 74.125.71.156:443 | stats.g.doubleclick.net | tcp |
| US | 216.239.32.36:443 | region1.analytics.google.com | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | tcp |
| US | 8.8.8.8:53 | 74.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 72.204.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 156.71.125.74.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 10.213.58.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 36.32.239.216.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 3.169.217.172.in-addr.arpa | udp |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | download.radmin-vpn.com | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | 88.210.23.2.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 22.236.111.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 0.7.c.8.0.3.b.b.1.8.7.c.6.5.0.c.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 3.26.192.23.in-addr.arpa | udp |
| N/A | 255.255.255.255:67 | udp | |
| US | 8.8.8.8:53 | fail.radminte.com | udp |
| GB | 57.128.187.188:17301 | fail.radminte.com | tcp |
| US | 8.8.8.8:53 | 188.187.128.57.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| GB | 198.244.203.247:17301 | fail.radminte.com | tcp |
| US | 8.8.8.8:53 | 247.203.244.198.in-addr.arpa | udp |
| GB | 198.244.203.247:17301 | fail.radminte.com | tcp |
| US | 8.8.8.8:53 | win1910.ipv6.microsoft.com | udp |
| US | 8.8.8.8:53 | 112.140.254.169.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.255.254.169.in-addr.arpa | udp |
| N/A | 224.0.0.251:5353 | udp | |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | 186.113.127.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 255.255.255.26.in-addr.arpa | udp |
| GB | 57.128.187.188:17301 | fail.radminte.com | tcp |
| CA | 148.113.190.78:17301 | fail.radminte.com | tcp |
| FI | 135.181.75.11:17306 | udp | |
| FI | 135.181.75.11:17307 | udp | |
| FI | 135.181.75.20:17307 | udp | |
| UY | 179.25.199.80:49690 | tcp | |
| US | 51.81.56.201:17351 | tcp | |
| US | 8.8.8.8:53 | 11.75.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 78.190.113.148.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 20.75.181.135.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 80.199.25.179.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 201.56.81.51.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | 120.28.184.26.in-addr.arpa | udp |
| US | 8.8.8.8:53 | geoplugin.net | udp |
| NL | 178.237.33.50:80 | geoplugin.net | tcp |
| US | 8.8.8.8:53 | 1.f.d.7.0.e.a.4.6.2.7.d.2.7.4.5.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa | udp |
| US | 8.8.8.8:53 | 50.33.237.178.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 26.184.28.120:8080 | tcp | |
| US | 26.184.28.120:8080 | tcp | |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | 84.65.42.20.in-addr.arpa | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 216.239.32.36:443 | region1.analytics.google.com | udp |
| US | 8.8.8.8:53 | www.google.co.uk | udp |
| US | 95.100.195.175:443 | www.bing.com | tcp |
| GB | 172.217.169.3:443 | www.google.co.uk | udp |
| US | 8.8.8.8:53 | 175.195.100.95.in-addr.arpa | udp |
| CA | 148.113.190.78:17301 | fail.radminte.com | tcp |
| FR | 57.129.52.56:17301 | fail.radminte.com | tcp |
| US | 8.8.8.8:53 | 56.52.129.57.in-addr.arpa | udp |
| FI | 135.181.75.11:17358 | udp | |
| FI | 135.181.75.11:17359 | udp | |
| US | 51.81.56.201:17351 | tcp | |
| FI | 135.181.75.20:17359 | udp | |
| UY | 179.25.199.80:49950 | tcp | |
| UY | 179.25.199.80:49556 | udp | |
| US | 26.184.28.120:8080 | tcp | |
| US | 26.184.28.120:8080 | tcp | |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | win1910.ipv6.microsoft.com | udp |
| US | 26.184.28.120:8080 | tcp | |
| US | 8.8.8.8:53 | win1910.ipv6.microsoft.com | udp |
| US | 8.8.8.8:53 | win1910.ipv6.microsoft.com | udp |
| US | 8.8.8.8:53 | win1910.ipv6.microsoft.com | udp |
Files
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\08ad4501-5134-43fe-953a-00b5dbf1be74
| MD5 | 1e91bef77af6030a99ec403e51f3ffe2 |
| SHA1 | b1abd84e18b31d1f44f9e503fab19a1d42f24e56 |
| SHA256 | 73128aa34eb1b3d1e6f1f1a3f41ee1d4eb711b9799fc0c44729d302b51d7e74e |
| SHA512 | 17b4f85a14a5c00630d34229686c0f36b2275f0a745907177b23516370f5739e0811eb97c06fd5c09fefb09b4e5210f5fcbce240c587a3c7b3778abbabfa8abd |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
| MD5 | 3b53be25c8f47d231e1e9ab3a196e97e |
| SHA1 | f0fcf926498ef2ebcc40c60560e58ba7796e12e6 |
| SHA256 | 864fc792735fa83e98d1e3cfd2565392793a0b01582daba8b3c601d14850427f |
| SHA512 | 7e2cdcd4acd9b100d0e2e5ebdc70eab75a0bc6ff7b04447ff1a7bd776ffac937d9d7c7601725540679d07e00149352f72df4edce80242a8d51176b837f053cac |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\e9bf3638-91c9-4a0c-8e3f-3878a6e5484e
| MD5 | c208f737ff195d7443666fbdea569909 |
| SHA1 | eeb418ecc6843dda3bddeb99c155aa7fa173f4ae |
| SHA256 | 2a922aa920f51369095051165684848e40ff17464de3c4fe9a076777c7c53971 |
| SHA512 | b2b0a2d6f0c876189c75984fab00e450217a2eb02dd13c4379bf1aed48533131010e5dd6cbb4f31a7f0abe24c6f46b19133106a9a7b832065e7ceba90d17754b |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 4c7bcebf53d2d1ab2f2aaeba9b62334d |
| SHA1 | ddf9626fcc5f41dfba9a511f11f3bf056ee5e7fd |
| SHA256 | e4aacc43622da9a32f3ec47b58d08eec465499b30c17df15ddeb2adee985885c |
| SHA512 | e908baa8b8946c178b9b892527f2a43d735972101a4c1733c248f32871449eb9eb6baba68d7489ae5f94154346c394766c259eead593ccc68bcfd99241826da9 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\987ce653-6645-4662-8df1-e971f5b981a8
| MD5 | 937c93cbac4758afcecf5012f9af2be5 |
| SHA1 | 5317ce6f349cc0798c2b0d80fbe4dc1e1e58cf8d |
| SHA256 | 1a5836a86e0a6b629d246f93e06b78f03e9aeac16cc3c49f784936887fd72564 |
| SHA512 | a0c010613f57d5deb62b8d7b6e458e6922338ef098077ee0c5e1fe643dec2cf8cd481c87fab90e15120c74e0d86ff91fa0a53b16754568238efa53619bb120d5 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | f72c9fec949960e5ed65a73ed6801416 |
| SHA1 | 0cd81e9f6cb2c250cb984d979f1e51232430c6a1 |
| SHA256 | da059a006a9939ebb191d6d34f3e89b1235ecad332c76b0285ef4588cb66280b |
| SHA512 | 2fe4877efccc6c779d9176bacfeb2bd369d53bac161c83ea0609eb7c8b9b6423dca7cc6aca522a32f0425c8cf3bc32ca9be81fc43fb4d1137d1eba3ac70c0aab |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\activity-stream.discovery_stream.json
| MD5 | eb28237c54f60f05340a5ba1bc611621 |
| SHA1 | 45aa645ac6c64b20066e24af74117d80972d0bf5 |
| SHA256 | 497be32676333275a9d0b7f6980902627d730cfb358a88468efd69db3acf6178 |
| SHA512 | 62edf9028c407d1a6cf77a6a2f3af84d531aa126615318ebc320ae137aafd0c49bf77da7dce6c74ad0773101918cb89b7dae9735773cf769f9190eaab5cd9d2e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 300961055d40e63668dc6fe0d155cb90 |
| SHA1 | cd614f927cac0c45f07e296a352eac56931b804e |
| SHA256 | b2b14bc939c7dfc3f2495e7a25d513a87052184bcadfc5e5c6dd3b574fb0ab92 |
| SHA512 | dcef8a793ec4abe782fb07bb68bbf9997a11a7cb73b672ffdcace3ee4d409bb0da0a5ab8b28a0ede418d6d9f958679a9fb07b32a44adc36323384834ee45ef0c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
| MD5 | db167b476a7aca440d3f05b5d6840f32 |
| SHA1 | c13b8cda7362ed406835be0d046c11f4e84d198a |
| SHA256 | db2fd6bf72587ca446caf44789c7fca2c7cdac3aad96a647274a91ad05e384de |
| SHA512 | d21c15b76683c3c8fa854ec7c88af23819276dc0d3516c7d20ee9f8c1d3fd598280ff01403a45e338ec3899deb634aab6ccfe13a6a33cf93958e812c753cec99 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\settings\main\ms-language-packs\browser\newtab\asrouter.ftl
| MD5 | 96c542dec016d9ec1ecc4dddfcbaac66 |
| SHA1 | 6199f7648bb744efa58acf7b96fee85d938389e4 |
| SHA256 | 7f32769d6bb4e875f58ceb9e2fbfdc9bd6b82397eca7a4c5230b0786e68f1798 |
| SHA512 | cda2f159c3565bc636e0523c893b293109de2717142871b1ec78f335c12bad96fc3f62bcf56a1a88abdeed2ac3f3e5e9a008b45e24d713e13c23103acc15e658 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
| MD5 | 1f46f1501befc5fa693d81fd9ed7f236 |
| SHA1 | 59d080b8f385176b665bd277534c4c6e3a3e6fc4 |
| SHA256 | 80005f8b69502e2a1868189e645ea094b29222620acc922f734472311d762b9d |
| SHA512 | fb38fab0bfbf94d18ddcb8c6c4e5e0f4d29f7ddf8f8d8dde01c80b2d3fe45ba5694e45ae34404e4fb650148054489fb627cafb477f214a5252928e4841e670fb |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
| MD5 | 1157cfb69aff54c58ed55e2a0a33f1ff |
| SHA1 | 159c7af1271aebbe24d95ffabd3b214773ef33eb |
| SHA256 | a7b1c50e970ed27e49844a967121856519a5031957c40764bb0b252a32b5a6f7 |
| SHA512 | eb0d5c620425ed53f6678eda66c8da7c07863ba196ac8818a42df0ba109580d8cf43e94280bcdfa81b2f8680ff5853abd171c36f48e192f0915471528713eba7 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.sqlite
| MD5 | 7aa16d4ca07a987b9d3d7643f699f31f |
| SHA1 | cb27eb1c90e94565d835ead380476cdb9631bde4 |
| SHA256 | f960390742d2f35627722ed7c03ee308de9bcc74f19e05a1520230e5798a398b |
| SHA512 | 54685a5282fa8fec9ba08bfac71e445d9c66dcf1688ce09d6344905d66ee840f0d4ef94fc4991f4d45cbc249fb543432bf5fc6f8f7dbec6c2a9726c10b12d4e6 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\C500E8C3949C9252B3999969CAB31B7432CC6DA1
| MD5 | efcdf37e3a9143ee8a99f3e923b31cac |
| SHA1 | c69b6c527d913a64d5edbb0494d77c804919c12f |
| SHA256 | 211dea817d0aab767ef2596d822eb1f1f33f3aad3e8a9333373cde62ea1c719a |
| SHA512 | 9ff1e42361521f229f488f2169e03386a9b47ba1d761b1a09fd8b6ee23adcefd39edf8a2a73b553e65d744efa686d0cf17b74aa8f32afc408cb723dd3ac68d45 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon
| MD5 | 09372174e83dbbf696ee732fd2e875bb |
| SHA1 | ba360186ba650a769f9303f48b7200fb5eaccee1 |
| SHA256 | c32efac42faf4b9878fb8917c5e71d89ff40de580c4f52f62e11c6cfab55167f |
| SHA512 | b667086ed49579592d435df2b486fe30ba1b62ddd169f19e700cd079239747dd3e20058c285fa9c10a533e34f22b5198ed9b1f92ae560a3067f3e3feacc724f1 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.info
| MD5 | 2a461e9eb87fd1955cea740a3444ee7a |
| SHA1 | b10755914c713f5a4677494dbe8a686ed458c3c5 |
| SHA256 | 4107f76ba1d9424555f4e8ea0acef69357dfff89dfa5f0ec72aa4f2d489b17bc |
| SHA512 | 34f73f7bf69d7674907f190f257516e3956f825e35a2f03d58201a5a630310b45df393f2b39669f9369d1ac990505a4b6849a0d34e8c136e1402143b6cedf2d3 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-gmpopenh264\2.3.2\gmpopenh264.dll
| MD5 | 842039753bf41fa5e11b3a1383061a87 |
| SHA1 | 3e8fe1d7b3ad866b06dca6c7ef1e3c50c406e153 |
| SHA256 | d88dd3bfc4a558bb943f3caa2e376da3942e48a7948763bf9a38f707c2cd0c1c |
| SHA512 | d3320f7ac46327b7b974e74320c4d853e569061cb89ca849cd5d1706330aca629abeb4a16435c541900d839f46ff72dfde04128c450f3e1ee63c025470c19157 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\AlternateServices.bin
| MD5 | 756595675d93688869c47b1ce34a0a1b |
| SHA1 | d4bc22d5ee9ed77aa79cfc31ab0258a402403e0f |
| SHA256 | f095bfaa775c7c844dac3079cbd5a5ca842a1b1a072b3a823d3b486d08ffe22a |
| SHA512 | aa053a442dd9928238a4012221e350f020bf71a3e80aefda9e9c7217dab09568e2c235919fceed8996232ac4766bbd57da3c184acdae0810c7238fa18cd82b06 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs.js
| MD5 | 617158ec8cbc4d23bf156f74da5eea80 |
| SHA1 | f1b316b45c105b5109471f768866b85118813fe1 |
| SHA256 | 1dcbf692dfd1c915fe902ee6c210f8ee627342b0835297b366a051515b66e1f5 |
| SHA512 | b401ac829b84e38bd81f810a20ac4a094b3c2d211292f40aa72846d74024e2eb0e18f2d2d01f53873d691c75861a690863aa43f56bf7ed1da2c6572de2e53bce |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 105654dbaf0b3d131b3224a812ce8e5a |
| SHA1 | 953e37b8ea89937f57b9cab2747eefd32875941f |
| SHA256 | e351a90e2040126771fd098da4f1ca13e82a34b24b49d8dd8412eb6e185e9447 |
| SHA512 | e6062cc7f77c301230cab4063724f1f11d747155e7d343224221494481d796d8a48749f787be335c81845ca099fb7c3a36f0dc12cb1fe5918289a8682cab255c |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\prefs-1.js
| MD5 | 94f52f46b09fe2937dc8ddb049cea6cf |
| SHA1 | 0f0324f30ef7788300ab2d2accc16a88b6264af7 |
| SHA256 | 76b4a728fe52e9382486b8438bb8c65b981a82f9bed94c04955481731b8a3338 |
| SHA512 | 91bd037de977ab36cbe218da07680af3e04247569a5f661fb8f5bf591010a714670a5341991a85e87b8b6304b498a4d46d9867d5ad6d4b21dcb7fd7d18f0c207 |
C:\Users\Admin\AppData\Local\Temp\tmpaddon-1
| MD5 | 0a8747a2ac9ac08ae9508f36c6d75692 |
| SHA1 | b287a96fd6cc12433adb42193dfe06111c38eaf0 |
| SHA256 | 32d544baf2facc893057a1d97db33207e642f0dacf235d8500a0b5eff934ce03 |
| SHA512 | 59521f8c61236641b3299ab460c58c8f5f26fa67e828de853c2cf372f9614d58b9f541aae325b1600ec4f3a47953caacb8122b0dfce7481acfec81045735947d |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\manifest.json
| MD5 | bf957ad58b55f64219ab3f793e374316 |
| SHA1 | a11adc9d7f2c28e04d9b35e23b7616d0527118a1 |
| SHA256 | bbab6ca07edbed72a966835c7907b3e60c7aa3d48ddea847e5076bd05f4b1eda |
| SHA512 | 79c179b56e4893fb729b225818ab4b95a50b69666ac41d17aad0b37ab0ca8cd9f0848cbc3c5d9e69e4640a8b261d7ced592eae9bcb0e0b63c05a56e7c477f44e |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\gmp-widevinecdm\4.10.2710.0\widevinecdm.dll
| MD5 | daf7ef3acccab478aaa7d6dc1c60f865 |
| SHA1 | f8246162b97ce4a945feced27b6ea114366ff2ad |
| SHA256 | bc40c7821dcd3fea9923c6912ab1183a942c11b7690cfd79ed148ded0228777e |
| SHA512 | 5840a45cfdb12c005e117608b1e5d946e1b2e76443ed39ba940d7f56de4babeab09bee7e64b903eb82bb37624c0a0ef19e9b59fbe2ce2f0e0b1c7a6015a63f75 |
C:\Users\Admin\AppData\Local\Mozilla\Firefox\Profiles\yuzka873.default-release\cache2\entries\CE657C0FBE4D63BE45BB366353D75ADF9A52FF96
| MD5 | 1053c6686c644ed085d27e4d773402c9 |
| SHA1 | 5c1c2222f3bb043509c58a211fadc02305f4f520 |
| SHA256 | df68dab8e6f6413b606587f78898ba21055d99c85b12a92e65743c363effe4db |
| SHA512 | e2e21e60d0a642aba35111727597c941f5b702df72615b69a67f1a697cc6ef8d880c74f7c5260c0ce4d53fad1d2a766afded23206635311d16239332d832ad74 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | b5d95d5170e59d597f1b06293f0b9b9a |
| SHA1 | f0e4cc6857f60e3c445659b59d1ab9048086c4ec |
| SHA256 | e25b85bb3aaaecb8fab287e80b7a73a6f15868de1b056b80928216cd04ec83a7 |
| SHA512 | 37df51afffc90e51467a120922d23018344469570587359069d0d01d0f78801637a04b9aa36f48687de95e36ee959c7a29c284f7e725faf908f9e89c24d7bdb6 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\sessionstore-backups\recovery.baklz4
| MD5 | 886e68197b60048ac7a2b6df3f6f739a |
| SHA1 | b9a589d569f1aa4953fbd62ee7176a3362fc9550 |
| SHA256 | a0a758f3bf9af159c660c388fe0a4570cbc40aaea0cde0be342d262dfa1866d8 |
| SHA512 | 07a2653f5e49fae93e6fb3e197903e9e8ebabb8248f4e1952c8d9fc6bf862e04ad928f199e1b909d81b8e52c5d1fc31f5efa4f2031739bebbd7096e927e6a52a |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\pending_pings\9db66288-552c-42bc-b744-cc0a854084a3
| MD5 | 40bef18a84d124aa528e25de4ad4bd67 |
| SHA1 | a7bbabc015ccddcd04f843abbbfb321562de2a06 |
| SHA256 | 3c3cb961eab754713f99c52b89239265b32d5123f7362090ad58b92892cfcf04 |
| SHA512 | 2efd21a612b34afbd23ba6fd45d7a9facee9cd9f04d1b602d4769aa4a3b538aba17179e5525c43a3ca6cbe208e4abb1c50a7abf65db5009b8a500237d90cc940 |
C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\yuzka873.default-release\datareporting\glean\db\data.safe.tmp
| MD5 | 8798bd24323d7749ac300d9252930f03 |
| SHA1 | 9b5730d2bd727486a546032c4e159553d3b5ec96 |
| SHA256 | 278abef8a36ccefbe9a287d4b11da07a6eb04bb4b588ae93de32fd251cfdded5 |
| SHA512 | 35e221fa9cb07b92bca888b35e2417aab01e9df5f4610ecc4be12f96ad904916947be1b9b95b2d253d8533e19b059f3f82c39ccbcec542fe6ffdc854e1f845c4 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | 36988ca14952e1848e81a959880ea217 |
| SHA1 | a0482ef725657760502c2d1a5abe0bb37aebaadb |
| SHA256 | d7e96088b37cec1bde202ae8ec2d2f3c3aafc368b6ebd91b3e2985846facf2e6 |
| SHA512 | d04b2f5afec92eb3d9f9cdc148a3eddd1b615e0dfb270566a7969576f50881d1f8572bccb8b9fd7993724bdfe36fc7633a33381d43e0b96c4e9bbd53fc010173 |
\??\pipe\LOCAL\crashpad_3164_TANNKLRFVGLLZRZD
| MD5 | d41d8cd98f00b204e9800998ecf8427e |
| SHA1 | da39a3ee5e6b4b0d3255bfef95601890afd80709 |
| SHA256 | e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855 |
| SHA512 | cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.dat
| MD5 | fab8d8d865e33fe195732aa7dcb91c30 |
| SHA1 | 2637e832f38acc70af3e511f5eba80fbd7461f2c |
| SHA256 | 1b034ffe38e534e2b7a21be7c1f207ff84a1d5f3893207d0b4bb1a509b4185ea |
| SHA512 | 39a3d43ef7e28fea2cb247a5d09576a4904a43680db8c32139f22a03d80f6ede98708a2452f3f82232b868501340f79c0b3f810f597bcaf5267c3ccfb1704b43 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 889114b25b6a787e3ca85c9ce788d127 |
| SHA1 | 4856c743309f9ecf4b9bb2aba32af0cde142e6fe |
| SHA256 | ffaed45f5e548b04ee8ce55edd1071bc6fc586b539f75e1a5c4b6e247d98cda6 |
| SHA512 | 6d66b993919920e060d69c26b702b8e66aa70af6ea948299396ba629fb94d2813c3867de4c9fb87fa846f874429df7314d53667ea65bba930871ec7bea6e9ff6 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 206702161f94c5cd39fadd03f4014d98 |
| SHA1 | bd8bfc144fb5326d21bd1531523d9fb50e1b600a |
| SHA256 | 1005a525006f148c86efcbfb36c6eac091b311532448010f70f7de9a68007167 |
| SHA512 | 0af09f26941b11991c750d1a2b525c39a8970900e98cba96fd1b55dbf93fee79e18b8aab258f48b4f7bda40d059629bc7770d84371235cdb1352a4f17f80e145 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\data_reduction_proxy_leveldb\CURRENT
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | e9938d465ed5e9a72f089811ec4b7b66 |
| SHA1 | 7706e69c9955cb7ce38c5e873dab6ed76c330db0 |
| SHA256 | a234166d56946b0d99e96d25cdf5fa7b0cddfe8fe001cfc312a931fe99d377df |
| SHA512 | febc73d9c31b0acef23b84b8ae6c4c531407e5f14f39360dfb97528b54fc7950c50d49dca57bf454767e2bc64df60e976878c4b80893b1678dacac2d819128d3 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 84ea3998a1aaff51b306b78c9a11aa1b |
| SHA1 | 6bfb8fd7ffa49076145281e1bc9509f1b18c542a |
| SHA256 | 5dda2b4e4abd29b3342853f653c7b0013b30302c62ce8cf5d34681928b5af997 |
| SHA512 | b4371a942171a3d6fdd1154421f80ff041ffb6f0555be6745ca160d27d5c241ca0a96f25c75b9cd273a80ca3aa9d5ac633af5c550854f39ca8e54d80b10c9f36 |
C:\Users\Admin\Downloads\Unconfirmed 429674.crdownload
| MD5 | 5d8706970dd725471dcbc5acb4dbddce |
| SHA1 | c86dad0644fe6b38351fe16add60b12444e23fd0 |
| SHA256 | 8ca04d27ef8c28e0edac3b740ebe7fb8839b4794752a0d359ae18de22fc6be35 |
| SHA512 | 4a284ca5026cdb7dea9d860e51d141447b572d86dcc16bbe831416fb52a7d0ef8390aafd1b141842196c758208e461cfb013ff2e3e44774e022795b94e4ade74 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | 8e214f0a51d1c66f41fcdf26658d0982 |
| SHA1 | 4aa636eb970b5883f6a553e6151fb2d7613d8585 |
| SHA256 | bc404831c6911b4de9f52160d36a7c340c36f592428e9dc6587a34fc9cc1b922 |
| SHA512 | 2f42a1b9af0c7206a017f32925d99be5708634d8d08cb14a50658a16cf566c7a294084fb0ccfd9375442c2ab8f8ba08b6980c18a9854732e77d57277da2d46d5 |
memory/3840-845-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\is-BNKGK.tmp\Radmin_VPN_1.4.4642.1.tmp
| MD5 | ec5312e06da51691d2e26820f3c93ece |
| SHA1 | 552bceec2bbb0fdc0472eba0bb4c5993b35b0a83 |
| SHA256 | 421cb7e48e3063d927eefe28940e119fb1309a3990bc7325c7f7052a2b286a09 |
| SHA512 | 4fdbbb662b0a8ef4770cd18b358135557ec0134e87365eb800520ce8d87fb8cca2f28c572fd50346daea0964eb62524b9ac7a5fc0e34c30500358cce4b90fb0a |
C:\Users\Admin\AppData\Local\Temp\is-6C3LR.tmp\Rvis_install_dll.dll
| MD5 | 2cf9bac0b1e6af2f444e993659454476 |
| SHA1 | 22ca45a9e2f9f17e95421c722954fdb352a4c008 |
| SHA256 | 19d00d00079177f3e78533ecb9f2e797092dd4d6bddae7d394218501afa4d51e |
| SHA512 | cb6ec66415c50bc9c807def6a0eea79dc4dda73a9c1d2a5d077121fb21c7f4486cbe28784eb5c4c5d9e95d98288ba6d4eece1ca0d3c838f7bd58e97c81294bdb |
C:\Users\Admin\AppData\Local\Temp\is-6C3LR.tmp\RadminVPN_1.4.4642.1.msi
| MD5 | 896d5c916b19c7a1ad8d11b1d0518c5e |
| SHA1 | 351600ac2237432fec3e79db9e1d2a22a5e9a6d9 |
| SHA256 | 09388bf21b20c4f5ef0674bd8a00a0eb11225174f767b548b5bbb7bfab2b486f |
| SHA512 | 73afa4574ce1b9e3804958c78015182f908836ed171efa6cfd11cebd0f3040ca129b290026f27f5fcc16b1c33c2f8d01cf4734bd60b30ad567cf65eb029cf076 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\8EC9B1D0ABBD7F98B401D425828828CE_E8A1D4619D52FB86B679531C48D42087
| MD5 | eea5a4dfb0082008a00e19af0675a56a |
| SHA1 | 63aa90d2392891e5ec77eb8394df0760201b00b1 |
| SHA256 | dac11d282aad6bca0c33b3adbb219df9627c88524e94e22e284780477629544d |
| SHA512 | f3b236dd389352152c4e5a4d6ae2f2ecb6fc2b47964c3d0bba8e73c63447bb3d742b4b512a0ff908185425a6f3e93f17174d640fb4157b02646ba5405fbd33ba |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8EC9B1D0ABBD7F98B401D425828828CE_E8A1D4619D52FB86B679531C48D42087
| MD5 | 2180607b0a50abf73a139c5b9091877b |
| SHA1 | 9dd0dd9202e77ad0e5ffa6f825842506b32c6048 |
| SHA256 | a3a062885041e50a5f511310173843932c5514f53cee6d20651c004f71ef970f |
| SHA512 | aabab6cb07b6dd79a4d02d40565fecb439c1eca2e3506c7a4cf0bd7a8a896508b4ebb8545bd80ee4456cd0023cab240f0db3ed73004197a48f50d5e95f63076a |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 4165b81b68ffb0444ef0ce862027e86b |
| SHA1 | e2eca2a98ad765c2bd329e311d071e03e6853701 |
| SHA256 | 5bc6098b57cb923ba66f448cd3651d42159aebf038bfa6b1d383701bf16029ed |
| SHA512 | 2860e27fc5edd449aca2853971bf675f7645b92902df767d2d707cf96841772685cf307cc710649d5eed4e233bce9030f187614fed4d5cf67046d3dbb124463d |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C8E534EE129F27D55460CE17FD628216_1130D9B25898B0DB0D4F04DC5B93F141
| MD5 | 9d1b9cb89aa96055aff3ec2781f0c3f1 |
| SHA1 | 52a1a3cf872057f5e94fa218d296a98e2abb678f |
| SHA256 | 0cf57ec607c54e1ed674bcff44f96349bd75bf79b2ef84f216e4917ad815243f |
| SHA512 | 73987ef10a790ac4c51203ddf277ef499a74bbeaacde9e88f736b8f336dd8fb3b397e35fc5ee0064fd7b2ad8f0298a467cde829210b773d8c3c53de21d458e46 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Code Cache\js\index-dir\the-real-index
| MD5 | f35bd1c705455448631a50a8e91603dd |
| SHA1 | 90be158dea16e7fb664ca9e89a870f322c68c888 |
| SHA256 | ce896b314065631e75a02cabedf1efa9f36d48e688c362c3312b9588cecab199 |
| SHA512 | a18bf5cc71273f48aced0af23dbb007a2fe40b0b6e766f79e5229df3b08aa3d10a9eb032c1f5bb98c957546c071896daad80f60341ef740c7eebf7c56c19eb3a |
C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe
| MD5 | 8dfb8feccc75f737363de85f66e753a6 |
| SHA1 | 7265f3dc35904256e1f33f8cc3bab085e7bb4eb2 |
| SHA256 | 716a11cdc1b12827ee18027caa947f813cb3550412b5dcaae427be3bbcc0221f |
| SHA512 | 0bc0ff8c7a95ca26320c3161116d1bdd868eb36b6eea254f08718a4be1961ffa386c9d6ee4dfbcda434130d7139ce230c7b7c620361169e5e5c4b8a74875015c |
C:\Windows\Installer\MSI266B.tmp
| MD5 | 2a8bd75bda91871347497a88f1bd8a1d |
| SHA1 | 67f58b4506d51931df5f1e07ab0020e587308759 |
| SHA256 | 383e45cfe4d4f54e6d0743f2ee8c1c7a54540c59cd071df1e6b978770b1fcba6 |
| SHA512 | 58063c46af7c3c409cc1fa450af22849c82034c1046fc63e23f55f9ea70b4a3a9ae3a2e591f67569abc404ce0e415436f20973c4d37ac79762675e65d3b36df6 |
C:\Program Files (x86)\Radmin VPN\Driver.1.1\NetMP60.inf
| MD5 | 79e0ccabcf7d9d6077deeb2c1acbc926 |
| SHA1 | 4577c7377043569adc29804d0b7585b63f4252ca |
| SHA256 | ef6769520c94a3b5885458cd19696b45cf79010e9757729b2049ba6782fecfd7 |
| SHA512 | 2d4343e011f1557acbda0fdb096dc106c4345aed8fc220f4d496d72052441331d1568e0974fc4df72e9ce6f1a6aaaa727c66e0b70be91457bf80e4e9e5e45844 |
\??\c:\program files (x86)\radmin vpn\driver.1.1\NetMP60.cat
| MD5 | ceff01d9a2585878343f1b10ac597c7a |
| SHA1 | 030e3b4382eb00f1ecfd1c2fc8e59c5b5594d991 |
| SHA256 | 6ba444527b66803b9fa43b80509788c761fa18b52360e27b74cc2e8a1c115b3a |
| SHA512 | 8f7a6b4cf9e753778a63460f39bc1d82f53d8d01f531227f1c60202079a933471c6c4479e9aa8fe8020ba78f4762f0d4a985f8203542ab663799449291d9bec1 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 363c6fd7ebb580a2f5f5a3f37e7541bc |
| SHA1 | 577ef105a02a8964f5de7ef91ca6b7aec3f3e41e |
| SHA256 | dd86dd764fa34f0f68add04b333aaca1dc75607d52eb941d7babb3bb49893b0a |
| SHA512 | a2a4ca7e2b99d5ebc0d85c9f0626caad929baeed953103466313259b0ba8b466e19e85e40a51fa66e80660b303c5ebed87adf78e70fceae62809b2fcd0810099 |
\??\c:\PROGRA~2\RADMIN~1\DRIVER~1.1\RvNetMP60.sys
| MD5 | 4c175bfd31248cbade0f875dbf9f54e6 |
| SHA1 | ce9074101ec98d66c46dfe2f52421e467dcf2694 |
| SHA256 | 88765957ac41e3f00f1fd98393342ea40ddcc05952aba418e099d866296c1bf2 |
| SHA512 | ed999936d2593ea8895b177f532c7ee76a24a78365839c5c8761912a8848d2a650a834114c632853356aec8fb470e722a8e6771123c74a4185bf54250440fc3d |
memory/3840-1106-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Windows\Installer\MSI2CB5.tmp
| MD5 | f6de727441d84b427e7d2b4e9ec1db17 |
| SHA1 | 6d3b8159796bef81166271ae4f8372d5148d9488 |
| SHA256 | b90ffb402c6dd7607fe48666f5944fea43083c30f54e41bc589226999b5a2b01 |
| SHA512 | 9e0333f6ad668bc268af9699dea98cf21c3ada33ccc254535b0b96c8cfb4f2e58392d55664b6ce8d05bc06c5fdbf156b300cb51503222e6d0121cfdce443818f |
memory/1916-1129-0x0000000000400000-0x000000000053C000-memory.dmp
C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe
| MD5 | 3d1b360c5a73c72cbdeac1ada8813c38 |
| SHA1 | 06d0cb4c0a15a2a62df9f15e4c4dc016c1350517 |
| SHA256 | 7e9b855c9bd2932e94a21635a58c572c4c7c2b0d2ce44dc2200b299290ea281a |
| SHA512 | f57adad8bfe7784c5d5bcc82156582d7ff479b4acccd04b6b7658960aab3989651f9fc2b144f468d778272670f263adc6df95fbcfb8716242f19371eb3017ddd |
C:\Program Files (x86)\Radmin VPN\shelper.dll
| MD5 | 37146d9781bdd07f09849ce762ce3217 |
| SHA1 | a0b1d8943aecf9a35b330e5f3c3d63bea9b2ceac |
| SHA256 | d89daf6bcd5cafa3c7f6173f835ccf045baf8e7134f868819db6fd7615959ac4 |
| SHA512 | 98973fd690cb43a6c88b6d53808ec998a9b627759c316e84621e6527d1ad1734d7cbc9d9f5ebf422a639c1946fffd284306a505eb4395abdec8aee32257ff609 |
C:\Program Files (x86)\Radmin VPN\RvROLClient.dll
| MD5 | 1f4369227916423f70da0112077cc180 |
| SHA1 | fb4ae9f45a31346121b138b545bdc05412c6fa5e |
| SHA256 | 5af3ab5bcd4d0edcd3294a2dc816f2669ddd08bbfc565c51ddaf3a276c38c6e9 |
| SHA512 | 45bcd06ab4ac0bf86af3377d07cba6110b00ed912b377b2e2f04079bbc0a7d6ecdac511d76bcc33878543b053f294e1c98ebb60a65692ea901b5cc829f735e04 |
C:\Program Files (x86)\Radmin VPN\RvEnetConnect.dll
| MD5 | 5dc885ab290f62810981f54861382c10 |
| SHA1 | a39867ff6efe6d5ac90f8573f61c24189c14b6e0 |
| SHA256 | 02829cb94bae4385e197be5dd2a932a2477f9239bb0d89dc117020d1e09d2f46 |
| SHA512 | f61ec585e2eaaa350afaf35eee04d258d3fdfeecf367378f3e5c6595dfb8e515a0184ab50c40979b9afd35b88567d991989074bb376eff9ea42522b0c67b216c |
C:\Program Files (x86)\Radmin VPN\RvTCPConnect.dll
| MD5 | 1686fc54af6d8e1297fe811c8a12c193 |
| SHA1 | 7646435404c3766fc2e895799b7cf3ff8a202f4a |
| SHA256 | 22470f4001c91b695826db8b89fa470b3a211344c4c43e3c45aac371c6f4bd94 |
| SHA512 | 33d68b3f22f32fce2c743f61799dd58b4a177d18a031e2bf8196821f6d5bb0c5c09178775eab0dc9136d4c2e677ce09603b2ea76f2929633e1d463261a8da1f6 |
C:\Program Files (x86)\Radmin VPN\RvTRSConnect.dll
| MD5 | 734a2822348ab0a4e249f2b065847077 |
| SHA1 | 002c8dfc2e63ab51dbba1c6cebd18b2d025912bc |
| SHA256 | c2c024be677b875bf9f88dae7135ba92614e983d28c2dac513d09061400e661f |
| SHA512 | 70f5cccbb7236a0a845487324bbe6f9cf3ef635389f96ed54e5b678917bd90b53a610621c8eb9980d8f596b8769c3779984eaa08bf4671d01a465ec2cc3aced9 |
C:\Program Files (x86)\Radmin VPN\RvRolUpdater.dll
| MD5 | 8ea6a38a4d7b4e51f1ab046658135c4e |
| SHA1 | 7f06702a94d3073a975d31c4627639f7f046ba7c |
| SHA256 | c77034de1ffebac41a6f299a07ee19b7324e20cb7270ed0351d339efcbce4992 |
| SHA512 | 0bcfa7d4c50e9baa00275ce7a9c9c1d4142686b1c332e486f50503cc6b47b847e04848aa06f54afe0f910f20044b9b7b3b569739de8399510b20b70a3e274082 |
C:\Program Files (x86)\Radmin VPN\RvUESClient.dll
| MD5 | 1cc25786d6c26010f5552d9a3f4db024 |
| SHA1 | c4d07fb9608c2c594efa79dfed75d32d39e8bb2a |
| SHA256 | 042a6c071a8b4d6230ea0b5c292aa2f6ca926e81f7a834c0a8e974d07f5c484f |
| SHA512 | fd4f18bd9d35ac2a6dea88bfe38b4b4144b40dd67214ebf2c6695b5123d2d10af4420eaf553042cd3983d7f21d15fd216c0b2639c207b53960998b719996a69d |
C:\Program Files (x86)\Radmin VPN\RvDownloader.dll
| MD5 | dbd19ec366fdc6cb44a6b879d5b0b25e |
| SHA1 | 7eef3bef49d5c49baba2b38d2f6751fe3f78d194 |
| SHA256 | 2b6e0e7ab342da05460986fa161c5ec60803235852c1277599064459395e30fc |
| SHA512 | 7f93fb753c8bf803f21b95dae4754b3edb967428918567da6825b7a4f68b3a4950d9442f4f666643b3d37fda32a6b4a05e8069d79fc49756fd9b9fdd3b83d34b |
C:\Config.Msi\e59141e.rbs
| MD5 | d4879decd56b964f4722860126176fbb |
| SHA1 | 3355523f1772f32b2036007233abf2ebe4fb0945 |
| SHA256 | 8ca66d6fd3da3cbc55863515e308250628a417856d44e7fc038a6cfbb2b9df43 |
| SHA512 | d1134177b39b1d06f47139d28b3284c197d5a8168ae4c2d87388bc97558b3c12ab90f5895b11326c20c94844afcf928ee92fe5f6f8438a3e57c9a6c7d5fe3721 |
C:\Program Files (x86)\Radmin VPN\Qt5Core.dll
| MD5 | 84f0b48079bbdcbdaac889074e90cef6 |
| SHA1 | 13be727af609a5aad66144c8f3771ceee1223e27 |
| SHA256 | 36a668c0bc57a86bbdb2ae183110cbacff479eac02e62b405abb7b4da67630c4 |
| SHA512 | 40b60f1716a2cb21b822830208e4951c7edcd902593544b08cda662eb9e2b72d732675051c5f00e9e3e7de4bf681f767d2e8222a4ce587267fb831ee7fd7a048 |
C:\Program Files (x86)\Radmin VPN\Qt5Network.dll
| MD5 | d52831bba5f65db7a1dd310c65c63ca1 |
| SHA1 | 32ea3c1ec75c919ea587ae69d172345bb78b3aa0 |
| SHA256 | 5ffbf8fd312922fc7aab26654f0da5d41cde2734c5321f8f4bcfd596c2660825 |
| SHA512 | 796e9be75a43167bef2d8a8f5539a59a97c30ca5c2392309a3e447a1eb5369a623a3979bd214c2d210664587b289ecc31c7e92a8b14faf264d5c81f70743aa60 |
C:\Program Files (x86)\Radmin VPN\Qt5Gui.dll
| MD5 | b2d36d9e7aeb6fe317deaaf7cc4a34ed |
| SHA1 | 7eb1cdcf9a59a348064c2f41eedfd73bc00e7724 |
| SHA256 | 63c05cfdd2ee44057e619d1a9acead538e867cbee55873529d01686d1ec678a6 |
| SHA512 | 5bdedc810d891158e3d7b35c402a29d6eb0523fcd75465f0ccd620ddfdb21871f41795535cea6b999cf3de6a2994603be0d02db9258b2afea07bda4e658b4178 |
memory/1916-1174-0x0000000000400000-0x000000000053C000-memory.dmp
memory/3840-1175-0x0000000000400000-0x0000000000439000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | 7074a69bd0857f65352b3217d624e0e1 |
| SHA1 | fb8cb57f6883dbf38c2d9b2f1f0bcb51824292bc |
| SHA256 | 0c43b106895a1168f938971ab8d4f3c13edaab85b1cb4f80f357a35f64f02e51 |
| SHA512 | 5e649b38c4ef84c93dbc478589b61f254ec3620cf1cb02b034e1dc07b417461cbd7f88b0911029bfb9ac2b66b4ab1c5efbb5583f8a567c092be7e4fda56b902d |
memory/5124-1221-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1220-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1219-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1227-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1231-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1230-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1229-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1228-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1225-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
memory/5124-1226-0x0000000000AF0000-0x0000000000AF1000-memory.dmp
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Preferences
| MD5 | e72bfc21be5f8d4e0972819b0666eb0f |
| SHA1 | edfab92a71a5396c19f89691e15d1bde9373c0e9 |
| SHA256 | e716fe91c5e58e3571041d44ed77850c5b2ad9999ae34244a5f77021cf739cce |
| SHA512 | 776ebca12ceb7b114b9728e4a66e59ba7c01cd90459cc7f8b855b50c8fe9f743ce227dd43d71b8629b1c4bc8dc22b4c4dec79bc62950ae66f830b972807b3ed0 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Local State
| MD5 | 150cb4040f84a1be89d0085f2bef6955 |
| SHA1 | b250e1335af12db2abd1a44389a1d2bac6385158 |
| SHA256 | a3517cd8c2d15d5f1bd31aaf26b2aad2868af3b8eecc59233d6707b63892677c |
| SHA512 | 4ae07129269c7bea553b701a7217a997defc0ae01829a5391f9ce5249b738b6771de10e0ca5baaf9ab1892f7b1b537a0e3aae3c47569d1a0d4132c7b4fcc58e9 |
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Default\Network Persistent State
| MD5 | abf062050f49e6c13a8b3ffb056d6653 |
| SHA1 | 1b92ae8b7b20558d0a1c3735ee0ed676d6a9e353 |
| SHA256 | f5930c83921d298dce3d148ac6b157f2bdb5a9fb20c78f554f419db1f49a2819 |
| SHA512 | 495c36ada2a3e57f02829d59d46ba87ad6fb40f9bec9e42240c05b588de347ba87f1deba9e4a6ce4c31ff8259496edaa2e7f2cd07b50132b91171a44a43561b6 |
memory/4856-1376-0x0000000010000000-0x0000000010006000-memory.dmp
memory/4856-1374-0x0000000010000000-0x0000000010006000-memory.dmp
memory/4856-1377-0x0000000010000000-0x0000000010006000-memory.dmp