Malware Analysis Report

2025-08-05 16:54

Sample ID 250127-skd1bstrcv
Target Radmin_VPN_1.4.4642.1.exe
SHA256 8ca04d27ef8c28e0edac3b740ebe7fb8839b4794752a0d359ae18de22fc6be35
Tags
defense_evasion discovery persistence privilege_escalation
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK

Enterprise Matrix V15

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

8ca04d27ef8c28e0edac3b740ebe7fb8839b4794752a0d359ae18de22fc6be35

Threat Level: Known bad

The file Radmin_VPN_1.4.4642.1.exe was found to be: Known bad.

Malicious Activity Summary

defense_evasion discovery persistence privilege_escalation

Modifies security service

Drops file in Drivers directory

Blocklisted process makes network request

Adds Run key to start application

Enumerates connected drives

Modifies Windows Firewall

Downloads MZ/PE file

Drops file in System32 directory

Executes dropped EXE

Loads dropped DLL

Drops file in Windows directory

Drops file in Program Files directory

System Location Discovery: System Language Discovery

Event Triggered Execution: Netsh Helper DLL

Suspicious use of FindShellTrayWindow

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Checks SCSI registry key(s)

Suspicious behavior: AddClipboardFormatListener

Suspicious behavior: GetForegroundWindowSpam

Suspicious use of SendNotifyMessage

Modifies registry class

Modifies data under HKEY_USERS

Suspicious behavior: EnumeratesProcesses

Suspicious behavior: LoadsDriver

Suspicious use of AdjustPrivilegeToken

MITRE ATT&CK

Analysis: static1

Detonation Overview

Reported

2025-01-27 15:10

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2025-01-27 15:10

Reported

2025-01-27 15:11

Platform

win10v2004-20241007-en

Max time kernel

28s

Max time network

29s

Command Line

"C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe"

Signatures

Modifies security service

defense_evasion
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\MpsSvc\Parameters\PortKeywords\Teredo C:\Windows\System32\svchost.exe N/A
Set value (data) \REGISTRY\MACHINE\SYSTEM\ControlSet001\Services\mpssvc\Parameters\PortKeywords\Teredo\Collection C:\Windows\System32\svchost.exe N/A

Drops file in Drivers directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\drivers\RvNetMP60.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\drivers\SETE34B.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\drivers\SETE34B.tmp C:\Windows\system32\DrvInst.exe N/A

Adds Run key to start application

persistence
Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\RadminVPN = "\"C:\\Program Files (x86)\\Radmin VPN\\RvRvpnGui.exe\" /minimized" C:\Windows\system32\msiexec.exe N/A

Blocklisted process makes network request

Description Indicator Process Target
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A
N/A N/A C:\Windows\system32\msiexec.exe N/A

Downloads MZ/PE file

Description Indicator Process Target
N/A N/A N/A N/A

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\E: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\H: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\U: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\W: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Z: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\J: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\N: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\O: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Y: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\X: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\G: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\I: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\Q: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\R: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\M: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\P: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\S: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\T: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\A: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\B: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\K: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\L: C:\Windows\system32\msiexec.exe N/A
File opened (read-only) \??\V: C:\Windows\system32\msiexec.exe N/A

Modifies Windows Firewall

defense_evasion
Description Indicator Process Target
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A
N/A N/A C:\Windows\SysWOW64\netsh.exe N/A

Drops file in System32 directory

Description Indicator Process Target
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\SETE197.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\SETE1A7.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\SETE1A7.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\RvNetMP60.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\SETE186.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\RvNetMP60.sys C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\NetMP60.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\drvstore.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\netmp60.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\CatRoot2\dberr.txt C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368} C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\SETE186.tmp C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\SETE197.tmp C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\Temp\{1a1bddba-f89a-634a-9098-a87b25621368}\netmp60.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\NetMP60.cat C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\System32\DriverStore\FileRepository\netmp60.inf_amd64_f32b93923791d26a\netmp60.PNF C:\Windows\Installer\MSIE05E.tmp N/A
File opened for modification C:\Windows\System32\RadminVpn_setupapi_20250127_151108828.log C:\Windows\Installer\MSIE05E.tmp N/A

Drops file in Program Files directory

Description Indicator Process Target
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-utility-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\boot.txt C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvFwHelper.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1038.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1049.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\amt.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-errorhandling-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-stdio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_da_DK.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\imrsdk.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\Qt5Core.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\shelper.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1086.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-rtlsupport-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-sysinfo-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-conio-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-private-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1036.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1042.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\platforms\qwindows.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\voicex.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\WinLpcDl.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1031.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\Driver.1.0\NetMP60.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\imageformats\qico.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_ja_JP.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-debug-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-profile-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvGuiStarter.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1044.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-datetime-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\drvinst.exe C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\msvcp140.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_sv_SE.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvUESClient.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1045.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\2052.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\Driver.1.1\NetMP60.cat C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_hr_HR.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvROLClient.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_tr_TR.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvTRSConnect.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\amt.ini C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-heap-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\Driver.1.0\RvNetMP60.sys C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_bg_BG.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1040.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_uk_UA.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\vcintcx.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_zh_CN.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_zh_TW.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1025.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-console-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-memory-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\Qt5Svg.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_fi_FI.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\rserv35ml.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\RvRvpnGui_sk_SK.qm C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\vcintsx.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-core-libraryloader-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1048.lng_rad C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\api-ms-win-crt-string-l1-1-0.dll C:\Windows\system32\msiexec.exe N/A
File created C:\Program Files (x86)\Radmin VPN\1032.lng_rad C:\Windows\system32\msiexec.exe N/A

Drops file in Windows directory

Description Indicator Process Target
File opened for modification C:\Windows\Microsoft.NET\Framework64\v4.0.30319\ngen.log C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIDA24.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\svchost.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\e57d12b.msi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File created C:\Windows\Installer\e57d12f.msi C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\inprogressinstallinfo.ipi C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\MSIE05E.tmp C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\ C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\SourceHash{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9} C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\Installer\{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9}\ProductIcon C:\Windows\system32\msiexec.exe N/A
File opened for modification C:\Windows\INF\setupapi.dev.log C:\Windows\Installer\MSIE05E.tmp N/A
File created C:\Windows\inf\oem3.inf C:\Windows\system32\DrvInst.exe N/A
File opened for modification C:\Windows\Installer\MSIE512.tmp C:\Windows\system32\msiexec.exe N/A
File created C:\Windows\Installer\e57d12b.msi C:\Windows\system32\msiexec.exe N/A

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
N/A N/A C:\Windows\syswow64\MsiExec.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A

Event Triggered Execution: Netsh Helper DLL

persistence privilege_escalation
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key queried \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key value enumerated \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SOFTWARE\WOW6432Node\Microsoft\NetSh C:\Windows\SysWOW64\netsh.exe N/A

System Location Discovery: System Language Discovery

discovery
Description Indicator Process Target
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\cmd.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\syswow64\MsiExec.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Control\NLS\Language C:\Windows\SysWOW64\netsh.exe N/A

Checks SCSI registry key(s)

Description Indicator Process Target
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\Installer\MSIE05E.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\Installer\MSIE05E.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\Installer\MSIE05E.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\HardwareID C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Filters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Phantom C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Phantom C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\Service C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Service C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\Filters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\HardwareID C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\HardwareID C:\Windows\Installer\MSIE05E.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_QEMU&PROD_QEMU_DVD-ROM\4&215468A5&0&010000 C:\Windows\system32\svchost.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000001\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\ConfigFlags C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000\CompatibleIDs C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\UpperFilters C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\LowerFilters C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000002 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\Properties\{83da6326-97a6-4088-9453-a1923f573b29}\0009 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\DISK&VEN_WDC&PROD_WDS100T2B0A\4&215468A5&0&000000 C:\Windows\system32\svchost.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\Disk&Ven_WDC&Prod_WDS100T2B0A\4&215468a5&0&000000 C:\Windows\system32\DrvInst.exe N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000 C:\Windows\system32\DrvInst.exe N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_Msft&Prod_Virtual_DVD-ROM\2&1f4adffe&0&000002\CompatibleIDs C:\Windows\Installer\MSIE05E.tmp N/A
Key value queried \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CdRom&Ven_QEMU&Prod_QEMU_DVD-ROM\4&215468a5&0&010000\CompatibleIDs C:\Windows\Installer\MSIE05E.tmp N/A
Key opened \REGISTRY\MACHINE\SYSTEM\ControlSet001\Enum\SCSI\CDROM&VEN_MSFT&PROD_VIRTUAL_DVD-ROM\2&1F4ADFFE&0&000001 C:\Windows\system32\svchost.exe N/A

Modifies data under HKEY_USERS

Description Indicator Process Target
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\WinTrust\Trust Providers\Software Publishing C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Set value (str) \REGISTRY\USER\.DEFAULT\Software\Classes\Local Settings\MuiCache\27\52C64B7E\@%SystemRoot%\system32\hnetcfgclient.dll,-201 = "HNetCfg Client" C:\Windows\System32\svchost.exe N/A
Key deleted \REGISTRY\USER\.DEFAULT\SOFTWARE\CLASSES\LOCAL SETTINGS\MUICACHE\26\52C64B7E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\CA\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\CA\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\Disallowed\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\SmartCardRoot\Certificates C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CRLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Root C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\Disallowed C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust\CTLs C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\CTLs C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Policies\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\system32\DrvInst.exe N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\trust C:\Windows\Installer\MSIE05E.tmp N/A
Key created \REGISTRY\USER\.DEFAULT\Software\Microsoft\SystemCertificates\TrustedPeople\Certificates C:\Windows\Installer\MSIE05E.tmp N/A

Modifies registry class

Description Indicator Process Target
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Net\1 = "C:\\Users\\Admin\\AppData\\Local\\Temp\\is-TKL5S.tmp\\" C:\Windows\system32\msiexec.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Clients = 3a0000000000 C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F\f_exe C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F\f_radmin C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Net C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\PackageName = "RadminVPN_1.4.4642.1.msi" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Media C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\LastUsedSource = "n;1;C:\\Users\\Admin\\AppData\\Local\\Temp\\is-TKL5S.tmp\\" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\ProductName = "Radmin VPN 1.4.1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\PackageCode = "17C5BD852BFC91540874754C6DF8C806" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Assignment = "1" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DC8202FE7C90E71498671B8FE6BB092E\9713ADC21A76A014189ABAA1F48DD99F C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Language = "1033" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\Version = "17044002" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\SourceList\Media\1 = ";" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\InstanceType = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\AuthorizedLUAApp = "0" C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\DeploymentFlags = "3" C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\UpgradeCodes\DC8202FE7C90E71498671B8FE6BB092E C:\Windows\system32\msiexec.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Features\9713ADC21A76A014189ABAA1F48DD99F\f_viewer C:\Windows\system32\msiexec.exe N/A
Set value (int) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\AdvertiseFlags = "388" C:\Windows\system32\msiexec.exe N/A
Set value (str) \REGISTRY\MACHINE\SOFTWARE\Classes\Installer\Products\9713ADC21A76A014189ABAA1F48DD99F\ProductIcon = "C:\\Windows\\Installer\\{2CDA3179-67A1-410A-81A9-AB1A4FD89DF9}\\ProductIcon" C:\Windows\system32\msiexec.exe N/A

Suspicious behavior: AddClipboardFormatListener

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A

Suspicious behavior: GetForegroundWindowSpam

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A

Suspicious behavior: LoadsDriver

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Suspicious use of AdjustPrivilegeToken

Description Indicator Process Target
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeCreateTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeAssignPrimaryTokenPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeLockMemoryPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeIncreaseQuotaPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeMachineAccountPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeTcbPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeSecurityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeTakeOwnershipPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeLoadDriverPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeSystemProfilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeSystemtimePrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeProfSingleProcessPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeIncBasePriorityPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeCreatePagefilePrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeCreatePermanentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeBackupPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeRestorePrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeDebugPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeAuditPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeSystemEnvironmentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeChangeNotifyPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeRemoteShutdownPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeUndockPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeSyncAgentPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeEnableDelegationPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeManageVolumePrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeImpersonatePrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeCreateGlobalPrivilege N/A C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeAuditPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeSecurityPrivilege N/A C:\Windows\system32\svchost.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\Installer\MSIE05E.tmp N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeBackupPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeLoadDriverPrivilege N/A C:\Windows\system32\DrvInst.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
Token: SeIncBasePriorityPrivilege N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeRestorePrivilege N/A C:\Windows\system32\msiexec.exe N/A
Token: SeTakeOwnershipPrivilege N/A C:\Windows\system32\msiexec.exe N/A

Suspicious use of SetWindowsHookEx

Description Indicator Process Target
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A
N/A N/A C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 3308 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp
PID 3308 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp
PID 3308 wrote to memory of 2136 N/A C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp
PID 4008 wrote to memory of 2940 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4008 wrote to memory of 2940 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4008 wrote to memory of 2940 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4008 wrote to memory of 4836 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSIE05E.tmp
PID 4008 wrote to memory of 4836 N/A C:\Windows\system32\msiexec.exe C:\Windows\Installer\MSIE05E.tmp
PID 4736 wrote to memory of 4288 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 4736 wrote to memory of 4288 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 4736 wrote to memory of 3640 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 4736 wrote to memory of 3640 N/A C:\Windows\system32\svchost.exe C:\Windows\system32\DrvInst.exe
PID 4008 wrote to memory of 2936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4008 wrote to memory of 2936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 4008 wrote to memory of 2936 N/A C:\Windows\system32\msiexec.exe C:\Windows\syswow64\MsiExec.exe
PID 2936 wrote to memory of 3596 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\netsh.exe
PID 2936 wrote to memory of 3596 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\netsh.exe
PID 2936 wrote to memory of 3596 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\netsh.exe
PID 2936 wrote to memory of 4936 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\netsh.exe
PID 2936 wrote to memory of 4936 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\netsh.exe
PID 2936 wrote to memory of 4936 N/A C:\Windows\syswow64\MsiExec.exe C:\Windows\SysWOW64\netsh.exe
PID 2736 wrote to memory of 844 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 844 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 844 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 844 wrote to memory of 1108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 844 wrote to memory of 1108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 844 wrote to memory of 1108 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2736 wrote to memory of 3116 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 3116 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 3116 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 3116 wrote to memory of 1912 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 3116 wrote to memory of 1912 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 3116 wrote to memory of 1912 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2736 wrote to memory of 4596 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 4596 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 4596 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 4596 wrote to memory of 1864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 4596 wrote to memory of 1864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 4596 wrote to memory of 1864 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2736 wrote to memory of 2576 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2576 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 2576 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2576 wrote to memory of 3956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2576 wrote to memory of 3956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2576 wrote to memory of 3956 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 2736 wrote to memory of 4504 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 4504 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 2736 wrote to memory of 4504 N/A C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe C:\Windows\SysWOW64\cmd.exe
PID 4504 wrote to memory of 5096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 4504 wrote to memory of 5096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe
PID 4504 wrote to memory of 5096 N/A C:\Windows\SysWOW64\cmd.exe C:\Windows\SysWOW64\netsh.exe

Processes

C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe

"C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe"

C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp

"C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp" /SL5="$6020E,21145108,189952,C:\Users\Admin\AppData\Local\Temp\Radmin_VPN_1.4.4642.1.exe"

C:\Windows\system32\msiexec.exe

C:\Windows\system32\msiexec.exe /V

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 3E3BCA824BD2BAE305C0748D96207BAB

C:\Windows\Installer\MSIE05E.tmp

"C:\Windows\Installer\MSIE05E.tmp" install "C:\Program Files (x86)\Radmin VPN\Driver.1.1\NetMP60.inf" "C:\Program Files (x86)\Radmin VPN\Driver.1.0\NetMP60.inf" ad_InstallDriver_64 ""

C:\Windows\system32\svchost.exe

C:\Windows\system32\svchost.exe -k DcomLaunch -p -s DeviceInstall

C:\Windows\system32\DrvInst.exe

DrvInst.exe "4" "1" "c:\program files (x86)\radmin vpn\driver.1.1\netmp60.inf" "9" "42f731a47" "0000000000000154" "WinSta0\Default" "0000000000000164" "208" "c:\program files (x86)\radmin vpn\driver.1.1"

C:\Windows\system32\DrvInst.exe

DrvInst.exe "2" "211" "ROOT\NET\0000" "C:\Windows\INF\oem3.inf" "oem3.inf:c36c271bc64eefc9:RVpnNetMP.ndi:15.39.54.8:{b06d84d1-af78-41ec-a5b9-3cce676528b2}\rvnetmp60," "42f731a47" "0000000000000154"

C:\Windows\syswow64\MsiExec.exe

C:\Windows\syswow64\MsiExec.exe -Embedding 1CD0321E506105EB60F74B62D580D6C0 E Global\MSI0000

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Radmin VPN Control Service" dir=in action=allow program="C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe" enable=yes profile=any edge=yes

C:\Windows\SysWOW64\netsh.exe

netsh advfirewall firewall add rule name="Radmin VPN icmpv4" action=allow enable=yes dir=in profile=any remoteip=26.0.0.0/8 protocol=icmpv4

C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe

"C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe" /service

C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe

"C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe" /show

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted -p -s Netman

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ipv4 set interface interface="Radmin VPN" metric=1

C:\Windows\SysWOW64\netsh.exe

C:\Windows\system32\netsh.exe interface ipv4 set interface interface="Radmin VPN" metric=1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ip delete route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1

C:\Windows\SysWOW64\netsh.exe

C:\Windows\system32\netsh.exe interface ip delete route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ip add route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1 publish=Yes metric=9256

C:\Windows\SysWOW64\netsh.exe

C:\Windows\system32\netsh.exe interface ip add route prefix=0.0.0.0/0 interface="Radmin VPN" nexthop=26.0.0.1 publish=Yes metric=9256

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ip add address name="Radmin VPN" addr=26.147.8.132 mask=255.0.0.0 gateway=26.0.0.1 gwmetric=9256

C:\Windows\SysWOW64\netsh.exe

C:\Windows\system32\netsh.exe interface ip add address name="Radmin VPN" addr=26.147.8.132 mask=255.0.0.0 gateway=26.0.0.1 gwmetric=9256

C:\Windows\SysWOW64\cmd.exe

C:\Windows\system32\cmd.exe C:\Windows\system32\cmd.exe /c C:\Windows\system32\netsh.exe interface ipv6 add address interface="Radmin VPN" address=fdfd::1a93:884

C:\Windows\SysWOW64\netsh.exe

C:\Windows\system32\netsh.exe interface ipv6 add address interface="Radmin VPN" address=fdfd::1a93:884

C:\Windows\System32\svchost.exe

C:\Windows\System32\svchost.exe -k NetSvcs -p -s iphlpsvc

Network

Country Destination Domain Proto
US 8.8.8.8:53 209.205.72.20.in-addr.arpa udp
US 8.8.8.8:53 14.160.190.20.in-addr.arpa udp
US 8.8.8.8:53 167.173.78.104.in-addr.arpa udp
US 8.8.8.8:53 196.249.167.52.in-addr.arpa udp
US 8.8.8.8:53 e.6.c.5.b.4.3.9.c.4.6.d.5.2.4.1.0.0.0.0.0.0.0.0.0.0.0.0.0.8.e.f.ip6.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 167.57.26.184.in-addr.arpa udp
N/A 255.255.255.255:67 udp
US 8.8.8.8:53 fail.radminte.com udp
GB 57.128.187.188:17301 fail.radminte.com tcp
CA 148.113.190.78:17301 fail.radminte.com tcp
US 8.8.8.8:53 188.187.128.57.in-addr.arpa udp
US 8.8.8.8:53 78.190.113.148.in-addr.arpa udp
GB 198.244.203.247:17301 fail.radminte.com tcp
US 8.8.8.8:53 247.203.244.198.in-addr.arpa udp
GB 198.244.203.247:17301 fail.radminte.com tcp
US 8.8.8.8:53 win1910.ipv6.microsoft.com udp
US 8.8.8.8:53 110.92.254.169.in-addr.arpa udp
US 8.8.8.8:53 255.255.254.169.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 132.8.147.26.in-addr.arpa udp
N/A 224.0.0.251:5353 udp
US 8.8.8.8:53 update.radmin-te.com udp
GB 51.89.153.153:80 update.radmin-te.com tcp
US 8.8.8.8:53 153.153.89.51.in-addr.arpa udp
US 8.8.8.8:53 255.255.255.26.in-addr.arpa udp
GB 51.89.153.153:80 update.radmin-te.com tcp

Files

memory/3308-0-0x0000000000400000-0x0000000000439000-memory.dmp

memory/3308-2-0x0000000000401000-0x0000000000412000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-O2NFG.tmp\Radmin_VPN_1.4.4642.1.tmp

MD5 ec5312e06da51691d2e26820f3c93ece
SHA1 552bceec2bbb0fdc0472eba0bb4c5993b35b0a83
SHA256 421cb7e48e3063d927eefe28940e119fb1309a3990bc7325c7f7052a2b286a09
SHA512 4fdbbb662b0a8ef4770cd18b358135557ec0134e87365eb800520ce8d87fb8cca2f28c572fd50346daea0964eb62524b9ac7a5fc0e34c30500358cce4b90fb0a

memory/2136-7-0x0000000000400000-0x000000000053C000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\is-TKL5S.tmp\Rvis_install_dll.dll

MD5 2cf9bac0b1e6af2f444e993659454476
SHA1 22ca45a9e2f9f17e95421c722954fdb352a4c008
SHA256 19d00d00079177f3e78533ecb9f2e797092dd4d6bddae7d394218501afa4d51e
SHA512 cb6ec66415c50bc9c807def6a0eea79dc4dda73a9c1d2a5d077121fb21c7f4486cbe28784eb5c4c5d9e95d98288ba6d4eece1ca0d3c838f7bd58e97c81294bdb

C:\Users\Admin\AppData\Local\Temp\is-TKL5S.tmp\RadminVPN_1.4.4642.1.msi

MD5 896d5c916b19c7a1ad8d11b1d0518c5e
SHA1 351600ac2237432fec3e79db9e1d2a22a5e9a6d9
SHA256 09388bf21b20c4f5ef0674bd8a00a0eb11225174f767b548b5bbb7bfab2b486f
SHA512 73afa4574ce1b9e3804958c78015182f908836ed171efa6cfd11cebd0f3040ca129b290026f27f5fcc16b1c33c2f8d01cf4734bd60b30ad567cf65eb029cf076

C:\Program Files (x86)\Radmin VPN\RvRvpnGui.exe

MD5 8dfb8feccc75f737363de85f66e753a6
SHA1 7265f3dc35904256e1f33f8cc3bab085e7bb4eb2
SHA256 716a11cdc1b12827ee18027caa947f813cb3550412b5dcaae427be3bbcc0221f
SHA512 0bc0ff8c7a95ca26320c3161116d1bdd868eb36b6eea254f08718a4be1961ffa386c9d6ee4dfbcda434130d7139ce230c7b7c620361169e5e5c4b8a74875015c

C:\Windows\Installer\MSIE05E.tmp

MD5 2a8bd75bda91871347497a88f1bd8a1d
SHA1 67f58b4506d51931df5f1e07ab0020e587308759
SHA256 383e45cfe4d4f54e6d0743f2ee8c1c7a54540c59cd071df1e6b978770b1fcba6
SHA512 58063c46af7c3c409cc1fa450af22849c82034c1046fc63e23f55f9ea70b4a3a9ae3a2e591f67569abc404ce0e415436f20973c4d37ac79762675e65d3b36df6

C:\Program Files (x86)\Radmin VPN\Driver.1.1\NetMP60.inf

MD5 79e0ccabcf7d9d6077deeb2c1acbc926
SHA1 4577c7377043569adc29804d0b7585b63f4252ca
SHA256 ef6769520c94a3b5885458cd19696b45cf79010e9757729b2049ba6782fecfd7
SHA512 2d4343e011f1557acbda0fdb096dc106c4345aed8fc220f4d496d72052441331d1568e0974fc4df72e9ce6f1a6aaaa727c66e0b70be91457bf80e4e9e5e45844

\??\c:\program files (x86)\radmin vpn\driver.1.1\NetMP60.cat

MD5 ceff01d9a2585878343f1b10ac597c7a
SHA1 030e3b4382eb00f1ecfd1c2fc8e59c5b5594d991
SHA256 6ba444527b66803b9fa43b80509788c761fa18b52360e27b74cc2e8a1c115b3a
SHA512 8f7a6b4cf9e753778a63460f39bc1d82f53d8d01f531227f1c60202079a933471c6c4479e9aa8fe8020ba78f4762f0d4a985f8203542ab663799449291d9bec1

\??\c:\PROGRA~2\RADMIN~1\DRIVER~1.1\RvNetMP60.sys

MD5 4c175bfd31248cbade0f875dbf9f54e6
SHA1 ce9074101ec98d66c46dfe2f52421e467dcf2694
SHA256 88765957ac41e3f00f1fd98393342ea40ddcc05952aba418e099d866296c1bf2
SHA512 ed999936d2593ea8895b177f532c7ee76a24a78365839c5c8761912a8848d2a650a834114c632853356aec8fb470e722a8e6771123c74a4185bf54250440fc3d

C:\Windows\Installer\MSIE512.tmp

MD5 f6de727441d84b427e7d2b4e9ec1db17
SHA1 6d3b8159796bef81166271ae4f8372d5148d9488
SHA256 b90ffb402c6dd7607fe48666f5944fea43083c30f54e41bc589226999b5a2b01
SHA512 9e0333f6ad668bc268af9699dea98cf21c3ada33ccc254535b0b96c8cfb4f2e58392d55664b6ce8d05bc06c5fdbf156b300cb51503222e6d0121cfdce443818f

C:\Program Files (x86)\Radmin VPN\RvControlSvc.exe

MD5 3d1b360c5a73c72cbdeac1ada8813c38
SHA1 06d0cb4c0a15a2a62df9f15e4c4dc016c1350517
SHA256 7e9b855c9bd2932e94a21635a58c572c4c7c2b0d2ce44dc2200b299290ea281a
SHA512 f57adad8bfe7784c5d5bcc82156582d7ff479b4acccd04b6b7658960aab3989651f9fc2b144f468d778272670f263adc6df95fbcfb8716242f19371eb3017ddd

C:\Program Files (x86)\Radmin VPN\shelper.dll

MD5 37146d9781bdd07f09849ce762ce3217
SHA1 a0b1d8943aecf9a35b330e5f3c3d63bea9b2ceac
SHA256 d89daf6bcd5cafa3c7f6173f835ccf045baf8e7134f868819db6fd7615959ac4
SHA512 98973fd690cb43a6c88b6d53808ec998a9b627759c316e84621e6527d1ad1734d7cbc9d9f5ebf422a639c1946fffd284306a505eb4395abdec8aee32257ff609

C:\Program Files (x86)\Radmin VPN\RvROLClient.dll

MD5 1f4369227916423f70da0112077cc180
SHA1 fb4ae9f45a31346121b138b545bdc05412c6fa5e
SHA256 5af3ab5bcd4d0edcd3294a2dc816f2669ddd08bbfc565c51ddaf3a276c38c6e9
SHA512 45bcd06ab4ac0bf86af3377d07cba6110b00ed912b377b2e2f04079bbc0a7d6ecdac511d76bcc33878543b053f294e1c98ebb60a65692ea901b5cc829f735e04

C:\Program Files (x86)\Radmin VPN\RvEnetConnect.dll

MD5 5dc885ab290f62810981f54861382c10
SHA1 a39867ff6efe6d5ac90f8573f61c24189c14b6e0
SHA256 02829cb94bae4385e197be5dd2a932a2477f9239bb0d89dc117020d1e09d2f46
SHA512 f61ec585e2eaaa350afaf35eee04d258d3fdfeecf367378f3e5c6595dfb8e515a0184ab50c40979b9afd35b88567d991989074bb376eff9ea42522b0c67b216c

C:\Program Files (x86)\Radmin VPN\RvTCPConnect.dll

MD5 1686fc54af6d8e1297fe811c8a12c193
SHA1 7646435404c3766fc2e895799b7cf3ff8a202f4a
SHA256 22470f4001c91b695826db8b89fa470b3a211344c4c43e3c45aac371c6f4bd94
SHA512 33d68b3f22f32fce2c743f61799dd58b4a177d18a031e2bf8196821f6d5bb0c5c09178775eab0dc9136d4c2e677ce09603b2ea76f2929633e1d463261a8da1f6

C:\Program Files (x86)\Radmin VPN\RvTRSConnect.dll

MD5 734a2822348ab0a4e249f2b065847077
SHA1 002c8dfc2e63ab51dbba1c6cebd18b2d025912bc
SHA256 c2c024be677b875bf9f88dae7135ba92614e983d28c2dac513d09061400e661f
SHA512 70f5cccbb7236a0a845487324bbe6f9cf3ef635389f96ed54e5b678917bd90b53a610621c8eb9980d8f596b8769c3779984eaa08bf4671d01a465ec2cc3aced9

C:\Program Files (x86)\Radmin VPN\RvRolUpdater.dll

MD5 8ea6a38a4d7b4e51f1ab046658135c4e
SHA1 7f06702a94d3073a975d31c4627639f7f046ba7c
SHA256 c77034de1ffebac41a6f299a07ee19b7324e20cb7270ed0351d339efcbce4992
SHA512 0bcfa7d4c50e9baa00275ce7a9c9c1d4142686b1c332e486f50503cc6b47b847e04848aa06f54afe0f910f20044b9b7b3b569739de8399510b20b70a3e274082

C:\Program Files (x86)\Radmin VPN\RvDownloader.dll

MD5 dbd19ec366fdc6cb44a6b879d5b0b25e
SHA1 7eef3bef49d5c49baba2b38d2f6751fe3f78d194
SHA256 2b6e0e7ab342da05460986fa161c5ec60803235852c1277599064459395e30fc
SHA512 7f93fb753c8bf803f21b95dae4754b3edb967428918567da6825b7a4f68b3a4950d9442f4f666643b3d37fda32a6b4a05e8069d79fc49756fd9b9fdd3b83d34b

C:\Program Files (x86)\Radmin VPN\RvUESClient.dll

MD5 1cc25786d6c26010f5552d9a3f4db024
SHA1 c4d07fb9608c2c594efa79dfed75d32d39e8bb2a
SHA256 042a6c071a8b4d6230ea0b5c292aa2f6ca926e81f7a834c0a8e974d07f5c484f
SHA512 fd4f18bd9d35ac2a6dea88bfe38b4b4144b40dd67214ebf2c6695b5123d2d10af4420eaf553042cd3983d7f21d15fd216c0b2639c207b53960998b719996a69d

memory/2136-282-0x0000000000400000-0x000000000053C000-memory.dmp

memory/3308-280-0x0000000000400000-0x0000000000439000-memory.dmp

C:\Config.Msi\e57d12e.rbs

MD5 c8d157e6f8ffca4ca227de577113fe47
SHA1 181a855f15156f1f124fea91c4fe90efeddd31db
SHA256 19f8847e8d1682eb95d4869d3506655152029821eea35c12ceaa72a6c3d1f7ed
SHA512 b0ecfffef53d0679b3aa8f42c6f5067379d6495ec389a0d955b28ac68167d006267e5d5298a20fd623cb78106f0399385e2f6645574bd405555059b54514d857

C:\Program Files (x86)\Radmin VPN\Qt5Gui.dll

MD5 b2d36d9e7aeb6fe317deaaf7cc4a34ed
SHA1 7eb1cdcf9a59a348064c2f41eedfd73bc00e7724
SHA256 63c05cfdd2ee44057e619d1a9acead538e867cbee55873529d01686d1ec678a6
SHA512 5bdedc810d891158e3d7b35c402a29d6eb0523fcd75465f0ccd620ddfdb21871f41795535cea6b999cf3de6a2994603be0d02db9258b2afea07bda4e658b4178

C:\Program Files (x86)\Radmin VPN\Qt5Network.dll

MD5 d52831bba5f65db7a1dd310c65c63ca1
SHA1 32ea3c1ec75c919ea587ae69d172345bb78b3aa0
SHA256 5ffbf8fd312922fc7aab26654f0da5d41cde2734c5321f8f4bcfd596c2660825
SHA512 796e9be75a43167bef2d8a8f5539a59a97c30ca5c2392309a3e447a1eb5369a623a3979bd214c2d210664587b289ecc31c7e92a8b14faf264d5c81f70743aa60

C:\Program Files (x86)\Radmin VPN\vcruntime140.dll

MD5 1b171f9a428c44acf85f89989007c328
SHA1 6f25a874d6cbf8158cb7c491dcedaa81ceaebbae
SHA256 9d02e952396bdff3abfe5654e07b7a713c84268a225e11ed9a3bf338ed1e424c
SHA512 99a06770eea07f36abc4ae0cecb2ae13c3acb362b38b731c3baed045bf76ea6b61efe4089cd2efac27701e9443388322365bdb039cd388987b24d4a43c973bd1

C:\Program Files (x86)\Radmin VPN\Qt5Widgets.dll

MD5 f7a79aaa6a0075311756a488e49d12e0
SHA1 7608655af255b78f05b012497297e974044736f6
SHA256 508f772bde00e8cee5e5d185b3e44003982843d283e8448e3a4b6b29b4ff28a8
SHA512 403b54dbc3affe2c6a00c7697ba5898c7b21cc38a81002d7d19c29728615a906b417ecc69568a2932c4ed4c866ea17ec83af61a568f482965776821df9cee18a

memory/3308-324-0x0000000000400000-0x0000000000439000-memory.dmp

memory/2136-323-0x0000000000400000-0x000000000053C000-memory.dmp

C:\Program Files (x86)\Radmin VPN\Qt5WinExtras.dll

MD5 a3bd87494bc7174bff35998c4f418afe
SHA1 0ed2b03bc45135af2367be0dc2d95073752c0da5
SHA256 3245b97f939bbfb0d6ad0732c48097a45b3b7a7f1081eba41562c08ff33130cd
SHA512 56702fa23547c018deb71669b71e63902204645e57946c5ea8656d4a6bbdcff04683de20432b46321fbaad84ce877e3ff5c0ac6dadc06a97cfed544055ae2d7e

C:\Program Files (x86)\Radmin VPN\Qt5Svg.dll

MD5 cec0a6577e3f784bf44a7a13f88bbbe5
SHA1 138974a9f5e4b2d5dd18c7d135dbd884d99341d6
SHA256 674e9e8f298c568798e965a9078f79578b07ef71d02a733231257a435f73b36d
SHA512 eaa9be28b70a56d18094947df2136da9c411539b92b982f4a77b4b097ab5a4dd079b2fbdc3022cf53722eec7147134440500cd9c195d2537142b94919a70d88a

C:\Program Files (x86)\Radmin VPN\Qt5Core.dll

MD5 84f0b48079bbdcbdaac889074e90cef6
SHA1 13be727af609a5aad66144c8f3771ceee1223e27
SHA256 36a668c0bc57a86bbdb2ae183110cbacff479eac02e62b405abb7b4da67630c4
SHA512 40b60f1716a2cb21b822830208e4951c7edcd902593544b08cda662eb9e2b72d732675051c5f00e9e3e7de4bf681f767d2e8222a4ce587267fb831ee7fd7a048

C:\Program Files (x86)\Radmin VPN\msvcp140.dll

MD5 1fb93933fd087215a3c7b0800e6bb703
SHA1 a78232c352ed06cedd7ca5cd5cb60e61ef8d86fb
SHA256 2db7fd3c9c3c4b67f2d50a5a50e8c69154dc859780dd487c28a4e6ed1af90d01
SHA512 79cd448e44b5607863b3cd0f9c8e1310f7e340559495589c428a24a4ac49beb06502d787824097bb959a1c9cb80672630dac19a405468a0b64db5ebd6493590e

C:\Program Files (x86)\Radmin VPN\platforms\qwindows.dll

MD5 30c24c0cca7c155e221eb2baabddb674
SHA1 5ea59ebb936611571549aab2a1dcfd4a5f31924d
SHA256 8b6af03472ecf29b377c188a25b812ff5635cba77664062263a0e7d47e942ddd
SHA512 100dcebb05889ba23bda9e6a5e6fb1c97ad1de8223880d9c552132d33284b08ec2e06836e7c6d9ee760eb61c1319f4e1a7819395e00bf773815bd7e7a04022d6

C:\Program Files (x86)\Radmin VPN\imageformats\qsvg.dll

MD5 49624471cbc5bfb3206ed00c669baa29
SHA1 9ecdf88c1dc80456ebb27be61a3d096fb6a828fd
SHA256 236367daea763155a50891614609207f022ac55fa1d8d3965813d976179b4fc2
SHA512 ddde272478642d264fff50ee437b34eb251b6e6ff7fbf9eeb3465a615b6414156631584751fa4f0d09a7a5131ee49d40c63cc4d569a63b0f293a346e99d30595

C:\Program Files (x86)\Radmin VPN\imageformats\qico.dll

MD5 da81cea0c66193b68ab6373216b8ea4c
SHA1 029e90a345dea93c8a514f98cbf4741eb8ea7250
SHA256 33fac42baec44d498c17cf392a7eb3962b4a67e61a8f309209ede7801b61b3ec
SHA512 be42281515880d450fdfb95a13ae51bfaa4ec22ce1a61fd62270c6fb99923f6cccf27548cc656fb5019ddafc1e58061014983d79b6008f1087e1ef7aded43179

C:\Program Files (x86)\Radmin VPN\imageformats\qgif.dll

MD5 8d66762b1dfd8a03616cec05c0c435b0
SHA1 89a6819d0e26f8541c1e8f884c85a9ed19106f0a
SHA256 d921d8a72898d9bee3163cdaaf28d71893a9369f30d6ffe0412ed3521a76b251
SHA512 e6d4d80b3564941000489decf00dd5bdf818fce44a2686397d83e771e8a151af3080e93e1ba04e7ac2c6edd2f77c81adb57fe5277e09fdad43e71a0351efdae2

C:\Program Files (x86)\Radmin VPN\RvRvpnGui_en_us.qm

MD5 b5765b50115c50042ed96640bbe1c521
SHA1 db50587e2ab7b08d1f7b0fb390790e6e78645f91
SHA256 c2d97b39154a54f07dc76f029a2e1219e1e254d8a161308f965a72795d77dad0
SHA512 b302652873b6fd2ff37d78fb5a6a2cf67fece964ad22e46d4f3b66130211ed46aaab276de97407e345c00b3a7bafeb44622785bfbc02d250e2b663fc8155f419