Analysis
-
max time kernel
147s -
max time network
153s -
platform
windows10-2004_x64 -
resource
win10v2004-20220812-en -
resource tags
-
submitted
06-02-2023 19:53
General
-
Target
TLauncher.lnk
-
Size
1KB
-
MD5
b20f8fecb2a8060d26691c88e49ca3e6
-
SHA1
7ddaf9983fc41f5f8c737b22418ee2920866ef23
-
SHA256
90da7db43a19c10ffd64e9ea38b24a74d304d83c100adaaa205b51d143985726
-
SHA512
fc57d5c0d9d1c23119cdaa9ea581285342d6e7eab9042bb47251ee371a4885078b7bc7e64ca7bf52497b15d30e05e1037c0a1f8884f462c1a96fbac6112eff19
Malware Config
Signatures
-
Downloads MZ/PE file
-
Checks computer location settings 2 TTPs 5 IoCs
Looks up country code configured in the registry, likely geofence.
-
Executes dropped EXE 16 IoCs
-
Loads dropped DLL 9 IoCs
-
Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
-
UPX packed file 24 IoCs
Detects executables packed with UPX/modified UPX open source packer.
-
Adds Run key to start application 2 TTPs 1 IoCs
-
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
-
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.
-
Drops file in Program Files directory 2 IoCs
-
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.
-
Enumerates system info in registry 2 TTPs 3 IoCs
-
Modifies registry class 1 IoCs
-
Modifies system certificate store 2 TTPs 8 IoCs
-
NTFS ADS 1 IoCs
-
Suspicious behavior: EnumeratesProcesses 8 IoCs
-
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 15 IoCs
-
Suspicious use of AdjustPrivilegeToken 2 IoCs
-
Suspicious use of FindShellTrayWindow 64 IoCs
-
Suspicious use of SendNotifyMessage 64 IoCs
-
Suspicious use of SetWindowsHookEx 10 IoCs
-
Suspicious use of WriteProcessMemory 64 IoCs
Processes
-
C:\Windows\system32\cmd.execmd /c C:\Users\Admin\AppData\Local\Temp\TLauncher.lnk1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies registry class
- NTFS ADS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3aee46f8,0x7fff3aee4708,0x7fff3aee47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=gpu-process --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --gpu-preferences=UAAAAAAAAADgAAAQAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAHgAAAAAAAAAeAAAAAAAAAAoAAAABAAAACAAAAAAAAAAKAAAAAAAAAAwAAAAAAAAADgAAAAAAAAAEAAAAAAAAAAAAAAADQAAABAAAAAAAAAAAQAAAA0AAAAQAAAAAAAAAAQAAAANAAAAEAAAAAAAAAAHAAAADQAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=2184 /prefetch:22⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 /prefetch:32⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2740 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=6 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=3328 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=8 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4292 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --disable-client-side-phishing-detection --instant-process --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=7 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4304 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3640 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=5672 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=11 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5756 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --msedge --force-configure-user-settings2⤵
- Drops file in Program Files directory
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\MsEdgeCrashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\Installer\setup.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0x224,0x228,0x1fc,0x220,0x22c,0x7ff607235460,0x7ff607235470,0x7ff6072354803⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe"C:\Program Files (x86)\Microsoft\Edge\Application\92.0.902.67\identity_helper.exe" --type=utility --utility-sub-type=winrt_app_id.mojom.WinrtAppIdService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=6148 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=13 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6528 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=14 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=4396 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=15 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6560 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=16 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6508 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6288 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=18 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5260 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=19 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6056 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=20 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6696 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=21 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5780 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=22 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6844 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=23 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=5840 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=renderer --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --disable-gpu-compositing --lang=en-US --disable-client-side-phishing-detection --device-scale-factor=1 --num-raster-threads=1 --renderer-client-id=25 --no-v8-untrusted-code-mitigations --mojo-platform-channel-handle=6460 /prefetch:12⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=edge_collections.mojom.CollectionsDataManager --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=collections --mojo-platform-channel-handle=7084 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=7476 /prefetch:82⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=7616 /prefetch:82⤵
- Suspicious behavior: EnumeratesProcesses
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe"C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe"C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe"2⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:24771453" "__IRSID:S-1-5-21-2629973501-4017243118-3254762364-1000"3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\AdditionalExecuteTL.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini4⤵
- Checks computer location settings
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-2629973501-4017243118-3254762364-1000"5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=06⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeC:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6f20e428,0x6f20e438,0x6f20e4447⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version7⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --pin-additional-shortcuts=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1900 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230206205459" --session-guid=4034b3fa-e3b1-4055-9b34-d1274274bfb8 --server-tracking-blob=ZDA3N2Q2MmMxY2I5ZDk1M2I4YTllNzM1ZGViMmQ2NzllNGU3YmVjMDRjYzg5MDE1MjBmM2UwNDcxMDNhOGVlZjp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijoib3BlcmEiLCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInRpbWVzdGFtcCI6IjE2NzU3MTMyOTQuMDU3OCIsInVzZXJhZ2VudCI6IlNldHVwIEZhY3RvcnkgOS4wIiwidXRtIjp7ImNhbXBhaWduIjoiT3BlcmFEZXNrdG9wIiwibWVkaXVtIjoiYXBiIiwic291cmNlIjoiTVNUTCJ9LCJ1dWlkIjoiMGVlNTQyNmQtMWM5ZC00NDcxLTk5NGItMmQxZDc4Y2UzNDcxIn0= --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=E8050000000000007⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeC:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=95.0.4635.25 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6e8ae428,0x6e8ae438,0x6e8ae4448⤵
- Executes dropped EXE
- Loads dropped DLL
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302062054591\assistant\_sfx.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302062054591\assistant\_sfx.exe"7⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302062054591\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302062054591\assistant\assistant_installer.exe" --version7⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302062054591\assistant\assistant_installer.exe"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202302062054591\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=94.0.4606.38 --initial-client-data=0x2f8,0x2fc,0x300,0x2d4,0x304,0x572dc0,0x572dd0,0x572ddc8⤵
- Executes dropped EXE
-
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"4⤵
- Executes dropped EXE
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"5⤵
- Suspicious use of SetWindowsHookEx
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe"C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exe"2⤵
- Executes dropped EXE
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=utility --utility-sub-type=unzip.mojom.Unzipper --field-trial-handle=2128,8217586433618822061,16639807198228014367,131072 --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=7336 /prefetch:82⤵
-
C:\Windows\System32\CompPkgSrv.exeC:\Windows\System32\CompPkgSrv.exe -Embedding1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xf8,0xfc,0x100,0xd4,0x104,0x7fff3aee46f8,0x7fff3aee4708,0x7fff3aee47182⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --profile-directory=Default1⤵
-
C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe"C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data" --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=92.0.4515.131 "--annotation=exe=C:\Program Files (x86)\Microsoft\Edge\Application\msedge.exe" --annotation=plat=Win64 "--annotation=prod=Microsoft Edge" --annotation=ver=92.0.902.67 --initial-client-data=0xfc,0x100,0x104,0xd8,0x108,0x7fff3aee46f8,0x7fff3aee4708,0x7fff3aee47182⤵
-
C:\Windows\system32\AUDIODG.EXEC:\Windows\system32\AUDIODG.EXE 0x4f0 0x3001⤵
- Suspicious use of AdjustPrivilegeToken
-
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"1⤵
- Executes dropped EXE
-
C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"2⤵
- Suspicious use of SetWindowsHookEx
Network
MITRE ATT&CK Matrix ATT&CK v6
Replay Monitor
Loading Replay Monitor...
Downloads
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565Filesize
471B
MD53dcd2f557214f77450208ef3c5404065
SHA1876b1a4c6a96aba9dae31ffbf0a0ec1afa5f635d
SHA2567f366ddf1645565b2dfb50e99078eb22a9865da6e9604597921fdba53ad6cfa7
SHA512e4b0b3b521f0788366803668b657052b3aa25bc1d3a8e9472ac75db83ddefdf733237c21bec2b9a8605dd4238ade3a6cf3485be228e09ed7d91e734e977984a4
-
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565Filesize
434B
MD5f792903282fdaa73c350ca08e50bec7f
SHA1a307242b99f64c6aa454b6767d5ba0e1c192f75f
SHA2562666a2e4fb98dae0a4dc8fc7edc1b0db9d2b25ad8fa07852eec0571c6599347c
SHA512f36f0c70cdce0782cb542631007b57441066d6dab10766a9b7db905e5dd74457368431c91ab96610e0d9cb8960dc00700b636731454c7a99886f399eb5e66ab4
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d46ac3d95ec929266535e7263b2d696a
SHA12c5130116c7a9f2ab5fa5b46a845dd1c637cc0dc
SHA256759dcb44adb9e6623d48b354451ada4d1069c0de091f86b7b7183cd9b5043dbd
SHA512776f36684418238f92cdadf435a614deeda4e65d5fa357d0322be3ab8663aea31f6b4bb1e549e54f0c5aea3c81617adff7f32943831839129b498576641ad828
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d46ac3d95ec929266535e7263b2d696a
SHA12c5130116c7a9f2ab5fa5b46a845dd1c637cc0dc
SHA256759dcb44adb9e6623d48b354451ada4d1069c0de091f86b7b7183cd9b5043dbd
SHA512776f36684418238f92cdadf435a614deeda4e65d5fa357d0322be3ab8663aea31f6b4bb1e549e54f0c5aea3c81617adff7f32943831839129b498576641ad828
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d46ac3d95ec929266535e7263b2d696a
SHA12c5130116c7a9f2ab5fa5b46a845dd1c637cc0dc
SHA256759dcb44adb9e6623d48b354451ada4d1069c0de091f86b7b7183cd9b5043dbd
SHA512776f36684418238f92cdadf435a614deeda4e65d5fa357d0322be3ab8663aea31f6b4bb1e549e54f0c5aea3c81617adff7f32943831839129b498576641ad828
-
C:\Users\Admin\AppData\Local\Microsoft\Edge\User Data\Crashpad\settings.datFilesize
152B
MD5d46ac3d95ec929266535e7263b2d696a
SHA12c5130116c7a9f2ab5fa5b46a845dd1c637cc0dc
SHA256759dcb44adb9e6623d48b354451ada4d1069c0de091f86b7b7183cd9b5043dbd
SHA512776f36684418238f92cdadf435a614deeda4e65d5fa357d0322be3ab8663aea31f6b4bb1e549e54f0c5aea3c81617adff7f32943831839129b498576641ad828
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062054552671900.dllFilesize
4.6MB
MD5914ec7fb3d69e977440248ef30323636
SHA12aa31e599769f34d0cb6e979947ca5728db9b009
SHA256528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203
SHA512ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a
-
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062054559995384.dllFilesize
4.6MB
MD5914ec7fb3d69e977440248ef30323636
SHA12aa31e599769f34d0cb6e979947ca5728db9b009
SHA256528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203
SHA512ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a
-
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062054584364944.dllFilesize
4.6MB
MD5914ec7fb3d69e977440248ef30323636
SHA12aa31e599769f34d0cb6e979947ca5728db9b009
SHA256528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203
SHA512ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a
-
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062054598592156.dllFilesize
4.6MB
MD5914ec7fb3d69e977440248ef30323636
SHA12aa31e599769f34d0cb6e979947ca5728db9b009
SHA256528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203
SHA512ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a
-
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2302062055001143576.dllFilesize
4.6MB
MD5914ec7fb3d69e977440248ef30323636
SHA12aa31e599769f34d0cb6e979947ca5728db9b009
SHA256528117e7c698fbe7ad3036aef77f99ab8af74316def7a4ba60f738c40168c203
SHA512ff62901ffe79bbc8ffe6cce3efc8f13e71f13a41772b8d0180614b6ba80d5b9db1094a97cf3d239057dca2efdd7b0adc217f3ddce5111267c50ec9d0d1125b3a
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exeFilesize
1.3MB
MD57e08af319c9eb3297e09ca7bb8387de4
SHA14cf091f77a3eb9437ef33985e64bd10c1257284f
SHA2566c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exeFilesize
1.3MB
MD57e08af319c9eb3297e09ca7bb8387de4
SHA14cf091f77a3eb9437ef33985e64bd10c1257284f
SHA2566c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\AdditionalExecuteTL.exeFilesize
1.8MB
MD5aa4de04ccc16b74a4c2301da8d621ec1
SHA1d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA51228d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\AdditionalExecuteTL.exeFilesize
1.8MB
MD5aa4de04ccc16b74a4c2301da8d621ec1
SHA1d05c6d8200f6e6b1283df82d24d687adc47d9664
SHA256e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b
SHA51228d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\IRZip.lmdFilesize
1.7MB
MD51bbf5dd0b6ca80e4c7c77495c3f33083
SHA1e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA51297bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\Wow64.lmdFilesize
97KB
MD5da1d0cd400e0b6ad6415fd4d90f69666
SHA1de9083d2902906cacf57259cf581b1466400b799
SHA2567a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exeFilesize
1.3MB
MD57e08af319c9eb3297e09ca7bb8387de4
SHA14cf091f77a3eb9437ef33985e64bd10c1257284f
SHA2566c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\irsetup.exeFilesize
1.3MB
MD57e08af319c9eb3297e09ca7bb8387de4
SHA14cf091f77a3eb9437ef33985e64bd10c1257284f
SHA2566c006c982746826a613bc0f09890955a1cdca309d9d98572aed35ad782dd11c8
SHA512bb7aaebd3f6c1ff18bd0cb9eb9347894f0785dc011ec9765d9bc180de9b60769c891151626fdef88aa3fd53ae6246c1cb91f723933da54920bfbc8a5a24f8851
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dllFilesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_2\lua5.1.dllFilesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exeFilesize
1.3MB
MD5e801c5847f5f9d207db53aaaf5c6f3a2
SHA18e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\irsetup.exeFilesize
1.3MB
MD5e801c5847f5f9d207db53aaaf5c6f3a2
SHA18e6818ce66555e2cca92e5c5f32551fb4a91645e
SHA256196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03
SHA512303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\lua5.1.dllFilesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_3\lua5.1.dllFilesize
326KB
MD580d93d38badecdd2b134fe4699721223
SHA1e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA5129f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exeFilesize
2.7MB
MD589f377487e673feb27ad0f39f5e0bcbf
SHA18fc505aa05554446103df01b01a51c6e9c38d06e
SHA256014a0a82a1a872a428eb3e5bd414f9a89a6b4ea3bf164cdd973951ef3b1c488b
SHA5124ebe76bfafe85a4c4e638297a3c0b725efb79772f65e06a602700817de325dabb44fb8e1d664090b1b68fd026d2ac266f9cefddcd0e0506b423c76da656fbb3d
-
C:\Users\Admin\AppData\Local\Temp\setuparguments.iniFilesize
646B
MD5c668944ba19f8247e10134b32add076c
SHA17c3b3d03ec1d0a34bd8a811be8a98a2b12447350
SHA256b63a50231d909728cc420974553929ed0868b9ef9c0213f6c6f6e6bf3da368f3
SHA5120c5e28af7536daf772124fdb95c2642f1cb512c8ad3417a7a63abef817d8346b4914ed927949571831fea9cfc38b172b712b3b2ec53101bf03a236919e516a98
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exeFilesize
23.6MB
MD57a4472a78d0651e11d20aa08e43cc045
SHA1aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exeFilesize
23.6MB
MD57a4472a78d0651e11d20aa08e43cc045
SHA1aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exeFilesize
23.6MB
MD57a4472a78d0651e11d20aa08e43cc045
SHA1aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
-
C:\Users\Admin\Downloads\TLauncher-2.871-Installer-1.0.6-global.exeFilesize
23.6MB
MD57a4472a78d0651e11d20aa08e43cc045
SHA1aab1d5f80d7399ae2c1982201733be7681d100b1
SHA256318df7404e6c4d5538a6d31997b95af52bbb8d40caf5553b3cbd9b1bc4f6db96
SHA512c152c9d21b0615548173dcc61accb1a1afd5b6f98e6ec21f6a7119536397f07a54ad4087669716c3344dd338ce4f24cecf9989d472f65eaa18c87d496f23c681
-
\??\pipe\LOCAL\crashpad_2056_QMTPWBRFNHQNKRRBMD5
d41d8cd98f00b204e9800998ecf8427e
SHA1da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA512cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e
-
memory/776-196-0x0000000000000000-mapping.dmp
-
memory/1436-134-0x0000000000000000-mapping.dmp
-
memory/1552-155-0x0000000000000000-mapping.dmp
-
memory/1780-138-0x0000000000000000-mapping.dmp
-
memory/1820-202-0x0000000000000000-mapping.dmp
-
memory/1900-228-0x0000000000000000-mapping.dmp
-
memory/1900-235-0x0000000000400000-0x0000000000947000-memory.dmpFilesize
5.3MB
-
memory/2140-159-0x0000000000000000-mapping.dmp
-
memory/2156-244-0x0000000000000000-mapping.dmp
-
memory/2156-252-0x0000000000400000-0x0000000000947000-memory.dmpFilesize
5.3MB
-
memory/2392-192-0x0000000000000000-mapping.dmp
-
memory/2584-135-0x0000000000000000-mapping.dmp
-
memory/3272-197-0x0000000000000000-mapping.dmp
-
memory/3332-201-0x0000000000000000-mapping.dmp
-
memory/3576-247-0x0000000000000000-mapping.dmp
-
memory/3576-253-0x0000000000400000-0x0000000000947000-memory.dmpFilesize
5.3MB
-
memory/3624-160-0x0000000000000000-mapping.dmp
-
memory/4020-142-0x0000000000000000-mapping.dmp
-
memory/4300-194-0x0000000000000000-mapping.dmp
-
memory/4336-198-0x0000000000000000-mapping.dmp
-
memory/4560-157-0x0000000000000000-mapping.dmp
-
memory/4808-184-0x0000000000000000-mapping.dmp
-
memory/4936-255-0x0000000000000000-mapping.dmp
-
memory/4944-237-0x0000000000000000-mapping.dmp
-
memory/4944-241-0x0000000000400000-0x0000000000947000-memory.dmpFilesize
5.3MB
-
memory/4944-243-0x0000000000400000-0x0000000000947000-memory.dmpFilesize
5.3MB
-
memory/4956-140-0x0000000000000000-mapping.dmp
-
memory/4992-144-0x0000000000000000-mapping.dmp
-
memory/4996-259-0x0000000000000000-mapping.dmp
-
memory/5068-132-0x0000000000000000-mapping.dmp
-
memory/5124-161-0x0000000000000000-mapping.dmp
-
memory/5132-182-0x0000000000000000-mapping.dmp
-
memory/5300-162-0x0000000000000000-mapping.dmp
-
memory/5384-232-0x0000000000000000-mapping.dmp
-
memory/5384-238-0x0000000000400000-0x0000000000947000-memory.dmpFilesize
5.3MB
-
memory/5420-270-0x0000000000000000-mapping.dmp
-
memory/5436-163-0x0000000000000000-mapping.dmp
-
memory/5452-164-0x0000000000000000-mapping.dmp
-
memory/5476-188-0x0000000000000000-mapping.dmp
-
memory/5496-227-0x0000000000C60000-0x0000000001048000-memory.dmpFilesize
3.9MB
-
memory/5496-236-0x0000000000C60000-0x0000000001048000-memory.dmpFilesize
3.9MB
-
memory/5496-220-0x0000000000000000-mapping.dmp
-
memory/5500-186-0x0000000000000000-mapping.dmp
-
memory/5572-190-0x0000000000000000-mapping.dmp
-
memory/5640-170-0x0000000000000000-mapping.dmp
-
memory/5696-257-0x0000000000000000-mapping.dmp
-
memory/5712-172-0x0000000000000000-mapping.dmp
-
memory/5784-256-0x0000000000000000-mapping.dmp
-
memory/5800-174-0x0000000000000000-mapping.dmp
-
memory/5880-176-0x0000000000000000-mapping.dmp
-
memory/5896-178-0x0000000000000000-mapping.dmp
-
memory/5940-272-0x0000000002A60000-0x0000000003A60000-memory.dmpFilesize
16.0MB
-
memory/5940-260-0x0000000000000000-mapping.dmp
-
memory/6012-180-0x0000000000000000-mapping.dmp
-
memory/6028-226-0x00000000002C0000-0x00000000006A8000-memory.dmpFilesize
3.9MB
-
memory/6028-215-0x0000000010000000-0x0000000010051000-memory.dmpFilesize
324KB
-
memory/6028-212-0x00000000002C0000-0x00000000006A8000-memory.dmpFilesize
3.9MB
-
memory/6028-263-0x00000000002C0000-0x00000000006A8000-memory.dmpFilesize
3.9MB
-
memory/6028-216-0x0000000006560000-0x0000000006563000-memory.dmpFilesize
12KB
-
memory/6028-207-0x0000000000000000-mapping.dmp
-
memory/6060-258-0x0000000000000000-mapping.dmp
-
memory/6104-217-0x0000000000000000-mapping.dmp