610d1dbf3f80cfbe020d1fcbd7ee377cfc996de1237eaae7368097b7bc5703b3

Analysis

max time kernel
494s
max time network
404s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
10-03-2023 23:18

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

Stack of money and gold coins 3d cartoon style icon.jpg
Size

1.4MB
MD5

1598b5567488f34bcfe0ad1eae92957a
SHA1

5d2ff1a667799435cfc1665c67a64c1d0e3f95b8
SHA256

610d1dbf3f80cfbe020d1fcbd7ee377cfc996de1237eaae7368097b7bc5703b3
SHA512

3a55830056e8af361145348a89a315abe45e8d9f517a03f74c5d1aec131382020ffcc44095e5e9a443223c4866317895d51a50234a81aa2c48c40dace6a60ddf
SSDEEP

24576:CScJY1EosNy7y7qvzItm5XUVnmZxLHXiJzd3mFaf+:C1JYuMzEm2QxLH+JmoW

Score

8^/10

discovery persistence spyware stealer upx

Malware Config

Signatures

Downloads MZ/PE file

Checks computer location settings 2 TTPs 4 IoCs

Looks up country code configured in the registry, likely geofence.

Query Registry

T1012

System Information Discovery

T1082

Processes:

TLauncher-2.876-Installer-1.0.6-global.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exe

description	ioc	process
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	TLauncher-2.876-Installer-1.0.6-global.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	irsetup.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	AdditionalExecuteTL.exe
Key value queried	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation	irsetup.exe

Executes dropped EXE 16 IoCs

Processes:

TLauncher-2.876-Installer-1.0.6-global.exeirsetup.exeAdditionalExecuteTL.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe_sfx.exeassistant_installer.exeassistant_installer.exeTLauncher.exeTLauncher.exeTLauncher.exeTLauncher.exe

pid	process
5264	TLauncher-2.876-Installer-1.0.6-global.exe
5580	irsetup.exe
5624	AdditionalExecuteTL.exe
5736	irsetup.exe
5932	opera-installer-bro.exe
5076	opera-installer-bro.exe
3352	opera-installer-bro.exe
5752	opera-installer-bro.exe
3484	opera-installer-bro.exe
2328	_sfx.exe
5228	assistant_installer.exe
3732	assistant_installer.exe
4644	TLauncher.exe
2308	TLauncher.exe
5552	TLauncher.exe
516	TLauncher.exe

Loads dropped DLL 9 IoCs

Processes:

irsetup.exeirsetup.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exeopera-installer-bro.exe

pid	process
5580	irsetup.exe
5580	irsetup.exe
5580	irsetup.exe
5736	irsetup.exe
5932	opera-installer-bro.exe
5076	opera-installer-bro.exe
3352	opera-installer-bro.exe
5752	opera-installer-bro.exe
3484	opera-installer-bro.exe

Reads user/profile data of web browsers 2 TTPs
Infostealers often target stored browser data, which can include saved credentials etc.
spyware stealer

Data from Local System
T1005

Credentials in Files
T1081

UPX packed file 29 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

Processes:

resource	yara_rule
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe	upx
behavioral2/memory/5580-408-0x0000000000500000-0x00000000008E8000-memory.dmp	upx
behavioral2/memory/5580-731-0x0000000000500000-0x00000000008E8000-memory.dmp	upx
behavioral2/memory/5580-867-0x0000000000500000-0x00000000008E8000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe	upx
behavioral2/memory/5736-917-0x0000000000160000-0x0000000000548000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/5932-943-0x0000000000640000-0x0000000000B8A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/5736-950-0x0000000000160000-0x0000000000548000-memory.dmp	upx
behavioral2/memory/5076-966-0x0000000000640000-0x0000000000B8A000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
behavioral2/memory/3352-985-0x0000000000980000-0x0000000000ECA000-memory.dmp	upx
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe	upx
behavioral2/memory/5752-1009-0x0000000000640000-0x0000000000B8A000-memory.dmp	upx
behavioral2/memory/5580-1013-0x0000000000500000-0x00000000008E8000-memory.dmp	upx
behavioral2/memory/3484-1022-0x0000000000640000-0x0000000000B8A000-memory.dmp	upx
behavioral2/memory/5580-1033-0x0000000000500000-0x00000000008E8000-memory.dmp	upx
behavioral2/memory/5932-1037-0x0000000000640000-0x0000000000B8A000-memory.dmp	upx
behavioral2/memory/5580-2025-0x0000000000500000-0x00000000008E8000-memory.dmp	upx
behavioral2/memory/5580-2353-0x0000000000500000-0x00000000008E8000-memory.dmp	upx

Adds Run key to start application 2 TTPs 1 IoCs
persistence

Registry Run Keys / Startup Folder
T1060

Modify Registry
T1112

Processes:

chrome.exe

description ioc process

Key created \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run chrome.exe
Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates connected drives 3 TTPs 2 IoCs
Attempts to read the root path of hard drives other than the default C: drive.

Query Registry
T1012

Peripheral Device Discovery
T1120

System Information Discovery
T1082

Processes:

opera-installer-bro.exeopera-installer-bro.exe

description ioc process

File opened (read-only) \??\D: opera-installer-bro.exe
File opened (read-only) \??\D: opera-installer-bro.exe
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Software\Microsoft\Windows\CurrentVersion\Run	chrome.exe

description	ioc	process
File opened (read-only)	\??\D:	opera-installer-bro.exe
File opened (read-only)	\??\D:	opera-installer-bro.exe

Checks processor information in registry 2 TTPs 3 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

firefox.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Signature	firefox.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\Update Revision	firefox.exe

Enumerates system info in registry 2 TTPs 3 IoCs

Query Registry

T1012

System Information Discovery

T1082

Processes:

chrome.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemProductName	chrome.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\BIOS\SystemManufacturer	chrome.exe

Modifies data under HKEY_USERS 2 IoCs

Processes:

chrome.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-19\Software\Microsoft\Cryptography\TPM\Telemetry	chrome.exe
Set value (int)	\REGISTRY\USER\S-1-5-19\SOFTWARE\Microsoft\Cryptography\TPM\Telemetry\TraceTimeLast = "133229639121843201"	chrome.exe

Modifies system certificate store 2 TTPs 8 IoCs

evasion spyware trojan

Install Root Certificate

T1130

Modify Registry

T1112

Processes:

opera-installer-bro.exe

description	ioc	process
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 04000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e19962000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 190000000100000010000000ffac207997bb2cfe865570179ee037b90f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e404000000010000001000000078f2fcaa601f2fb4ebc937ba532e75492000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 5c00000001000000040000000010000004000000010000001000000078f2fcaa601f2fb4ebc937ba532e7549030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e41d0000000100000010000000a86dc6a233eb339610f3ed414927c559140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac899880b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996190000000100000010000000ffac207997bb2cfe865570179ee037b92000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703086200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c14000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 5c000000010000000400000000080000190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f6200000001000000200000003e9099b5015e8f486c00bcea9d111ee721faba355a89bcf1df69561e3dc6325c090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b06010505070308530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c00f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa604000000010000001000000087ce0b7b2a0e4900e158719b37a893722000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2	opera-installer-bro.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4	opera-installer-bro.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\DDFB16CD4931C973A2037D3FC83A4D7D775D05E4\Blob = 0f00000001000000300000004ea1b34b10b982a96a38915843507820ad632c6aad8343e337b34d660cd8366fa154544ae80668ae1fdf3931d57e1996530000000100000040000000303e301f06096086480186fd6c020130123010060a2b0601040182373c0101030200c0301b060567810c010330123010060a2b0601040182373c0101030200c0090000000100000034000000303206082b0601050507030206082b0601050507030306082b0601050507030406082b0601050507030106082b060105050703080b00000001000000320000004400690067006900430065007200740020005400720075007300740065006400200052006f006f0074002000470034000000620000000100000020000000552f7bdcf1a7af9e6ce672017f4f12abf77240c78e761ac203d1d9d20ac89988140000000100000014000000ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f1d0000000100000010000000a86dc6a233eb339610f3ed414927c559030000000100000014000000ddfb16cd4931c973a2037d3fc83a4d7d775d05e42000000001000000940500003082059030820378a0030201020210059b1b579e8e2132e23907bda777755c300d06092a864886f70d01010c05003062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f74204734301e170d3133303830313132303030305a170d3338303131353132303030305a3062310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3121301f060355040313184469676943657274205472757374656420526f6f7420473430820222300d06092a864886f70d01010105000382020f003082020a0282020100bfe6907368debbe45d4a3c3022306933ecc2a7252ec9213df28ad859c2e129a73d58ab769acdae7b1b840dc4301ff31ba43816eb56c6976d1dabb279f2ca11d2e45fd6053c520f521fc69e15a57ebe9fa95716595572af689370c2b2ba75996a733294d11044102edf82f30784e6743b6d71e22d0c1bee20d5c9201d63292dceec5e4ec893f821619b34eb05c65eec5b1abcebc9cfcdac34405fb17a66ee77c848a86657579f54588e0c2bb74fa730d956eeca7b5de3adc94f5ee535e731cbda935edc8e8f80dab69198409079c378c7b6b1c4b56a183803108dd8d437a42e057d88f5823e109170ab55824132d7db04732a6e91017c214cd4bcae1b03755d7866d93a31449a3340bf08d75a49a4c2e6a9a067dda427bca14f39b5115817f7245c468f64f7c169887698763d595d4276878997697a48f0e0a2121b669a74cade4b1ee70e63aee6d4ef92923a9e3ddc00e4452589b69a44192b7ec094b4d2616deb33d9c5df4b0400cc7d1c95c38ff721b2b211b7bb7ff2d58c702c4160aab1631844951a76627ef680b0fbe864a633d18907e1bdb7e643a418b8a67701e10f940c211db2542925896ce50e52514774be26acb64175de7aac5f8d3fc9bcd34111125be51050eb31c5ca72162209df7c4c753f63ec215fc420516b6fb1ab868b4fc2d6455f9d20fca11ec5c08fa2b17e0a2699f5e4692f981d2df5d9a9b21de51b0203010001a3423040300f0603551d130101ff040530030101ff300e0603551d0f0101ff040403020186301d0603551d0e04160414ecd7e382d2715d644cdf2e673fe7ba98ae1c0f4f300d06092a864886f70d01010c05000382020100bb61d97da96cbe17c4911bc3a1a2008de364680f56cf77ae70f9fd9a4a99b9c9785c0c0c5fe4e61429560b36495d4463e0ad9c9618661b230d3d79e96d6bd654f8d23cc14340ae1d50f552fc903bbb9899696bc7c1a7a868a427dc9df927ae3085b9f6674d3a3e8f5939225344ebc85d03caed507a7d62210a80c87366d1a005605fe8a5b4a7afa8f76d359c7c5a8ad6a23899f3788bf44dd2200bde04ee8c9b4781720dc01432ef30592eaee071f256e46a976f92506d968d687a9ab236147a06f224b9091150d708b1b8897a8423614229e5a3cda22041d7d19c64d9ea26a18b14d74c19b25041713d3f4d7023860c4adc81d2cc3294840d0809971c4fc0ee6b207430d2e03934108521150108e85532de7149d92817504de6be4dd175acd0cafb41b843a5aad3c305444f2c369be2fae245b823536c066f67557f46b54c3f6e285a7926d2a4a86297d21ee2ed4a8bbc1bfd474a0ddf67667eb25b41d03be4f43bf40463e9efc2540051a08a2ac9ce78ccd5ea870418b3ceaf4988aff39299b6b3e6610fd28500e7501ae41b959d19a1b99cb19bb1001eefd00f4f426cc90abcee43fa3a71a5c84d26a535fd895dbc85621d32d2a02b54ed9a57c1dbfa10cf19b78b4a1b8f01b6279553e8b6896d5bbc68d423e88b51a256f9f0a680a0d61eb3bc0f0f537529aaea1377e4de8c8121ad07104711ad873d07d175bccff3667e	opera-installer-bro.exe

Suspicious behavior: EnumeratesProcesses 2 IoCs

Processes:

chrome.exe

pid process

3864 chrome.exe
3864 chrome.exe
Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary 7 IoCs

Processes:

chrome.exe

pid process

3864 chrome.exe
3864 chrome.exe
3864 chrome.exe
3864 chrome.exe
3864 chrome.exe
3864 chrome.exe
3864 chrome.exe

Suspicious use of AdjustPrivilegeToken 64 IoCs

Processes:

chrome.exe

description	pid	process
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe
Token: SeShutdownPrivilege	3864	chrome.exe
Token: SeCreatePagefilePrivilege	3864	chrome.exe

Suspicious use of FindShellTrayWindow 39 IoCs

Processes:

chrome.exe

pid	process
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe

Suspicious use of SendNotifyMessage 24 IoCs

Processes:

chrome.exe

pid	process
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe
3864	chrome.exe

Suspicious use of SetWindowsHookEx 12 IoCs

Processes:

irsetup.exeirsetup.exejavaw.exejavaw.exejavaw.exe

pid	process
5580	irsetup.exe
5580	irsetup.exe
5580	irsetup.exe
5580	irsetup.exe
5580	irsetup.exe
5580	irsetup.exe
5736	irsetup.exe
5736	irsetup.exe
2116	javaw.exe
2116	javaw.exe
4024	javaw.exe
2996	javaw.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

chrome.exe

description	pid	process	target process
PID 3864 wrote to memory of 4856	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4856	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 4492	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 2740	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 2740	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe
PID 3864 wrote to memory of 3616	3864	chrome.exe	chrome.exe

C:\Windows\system32\cmd.exe
cmd /c "C:\Users\Admin\AppData\Local\Temp\Stack of money and gold coins 3d cartoon style icon.jpg"
1⤵
PID:1728

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
1⤵
- Adds Run key to start application
- Enumerates system info in registry
- Modifies data under HKEY_USERS
- Suspicious behavior: EnumeratesProcesses
- Suspicious behavior: NtCreateUserProcessBlockNonMicrosoftBinary
- Suspicious use of AdjustPrivilegeToken
- Suspicious use of FindShellTrayWindow
- Suspicious use of SendNotifyMessage
- Suspicious use of WriteProcessMemory
PID:3864

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x108,0x10c,0x110,0xe4,0x114,0x7ff9a33c9758,0x7ff9a33c9768,0x7ff9a33c9778
2⤵
PID:4856

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1776 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:2
2⤵
PID:4492

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2180 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:2740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2216 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:3616

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=3224 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:1488

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=3256 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:4008

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --mojo-platform-channel-handle=4512 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:4300

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4744 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:3252

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=4716 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:4400

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.ProcessorMetrics --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=4856 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:3744

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --reenable-autoupdates --system-level
2⤵
PID:4428

C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\Installer\setup.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Windows\TEMP\Crashpad --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0x238,0x23c,0x240,0x214,0x244,0x7ff60f6c7688,0x7ff60f6c7698,0x7ff60f6c76a8
3⤵
PID:3236

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=3980 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:2288

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=5040 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=13 --mojo-platform-channel-handle=3260 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:4740

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=14 --mojo-platform-channel-handle=5156 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:3876

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=15 --mojo-platform-channel-handle=5640 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:1
2⤵
PID:3468

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=4692 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:1012

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5888 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:3064

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=quarantine.mojom.Quarantine --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=5984 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:824

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5996 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:2176

C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilReadIcon --lang=en-US --service-sandbox-type=icon_reader --mojo-platform-channel-handle=5368 --field-trial-handle=1824,i,6336207281624918338,4478968942899483026,131072 /prefetch:8
2⤵
PID:232

C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe
"C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe"
2⤵
- Checks computer location settings
- Executes dropped EXE
PID:5264

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:23643746" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
3⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5580

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
4⤵
- Checks computer location settings
- Executes dropped EXE
PID:5624

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
5⤵
- Checks computer location settings
- Executes dropped EXE
- Loads dropped DLL
- Suspicious use of SetWindowsHookEx
PID:5736

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
6⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
- Modifies system certificate store
PID:5932

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x340,0x344,0x348,0x31c,0x34c,0x6f0924a8,0x6f0924b8,0x6f0924c4
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:5076

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
7⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3352

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=5932 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230310231931" --session-guid=17dd5e30-dad7-46a7-a36e-97cf5c644243 --server-tracking-blob="M2VhMzliMTA4MTZhZTJhNjRhZjEwZTM4NWQwZmEwMDFhODlhZTk0ZmY4NzI1YTdiZTBlMDMyNTJhOTRiZTE1NTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjEwIiwicGFja2FnZSI6IkVYRSJ9fSwidGltZXN0YW1wIjoiMTY3ODQ5MDM2OS43OTQyIiwidXNlcmFnZW50IjoiU2V0dXAgRmFjdG9yeSA5LjAiLCJ1dG0iOnsiY2FtcGFpZ24iOiJPcGVyYURlc2t0b3AiLCJtZWRpdW0iOiJhcGIiLCJzb3VyY2UiOiJNU1RMIn0sInV1aWQiOiI4ODA4MjdhYy0wYTc2LTRkODEtYjNhNS0yOGY2MDE0ODM1MGUifQ== " --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=7405000000000000
7⤵
- Executes dropped EXE
- Loads dropped DLL
- Enumerates connected drives
PID:5752

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x34c,0x350,0x354,0x31c,0x358,0x6e5524a8,0x6e5524b8,0x6e5524c4
8⤵
- Executes dropped EXE
- Loads dropped DLL
PID:3484

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\_sfx.exe"
7⤵
- Executes dropped EXE
PID:2328

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe" --version
7⤵
- Executes dropped EXE
PID:5228

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x2f0,0x2f4,0x2f8,0x2cc,0x2fc,0x446c28,0x446c38,0x446c44
8⤵
- Executes dropped EXE
PID:3732

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
4⤵
- Executes dropped EXE
PID:4644

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
5⤵
- Suspicious use of SetWindowsHookEx
PID:2116

C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
1⤵
PID:4636

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
PID:2308

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:4024

C:\Windows\SYSTEM32\cmd.exe
cmd.exe /C chcp 437 & wmic qfe get HotFixID
3⤵
PID:736

C:\Windows\system32\chcp.com
chcp 437
4⤵
PID:5528

C:\Windows\System32\Wbem\WMIC.exe
wmic qfe get HotFixID
4⤵
PID:1824

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
PID:5552

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
- Suspicious use of SetWindowsHookEx
PID:2996

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
"C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
1⤵
- Executes dropped EXE
PID:516

C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe" -jar "C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe"
2⤵
PID:2112

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
1⤵
PID:4456

C:\Program Files\Mozilla Firefox\firefox.exe
"C:\Program Files\Mozilla Firefox\firefox.exe"
2⤵
- Checks processor information in registry
PID:4344

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Registry Run Keys / Startup Folder

T1060

Privilege Escalation

Defense Evasion

Install Root Certificate

T1130

Modify Registry

T1112

Credential Access

Credentials in Files

T1081

Discovery

Peripheral Device Discovery

T1120

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Data from Local System

T1005

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
471B

MD5
5fe3c8d4142e4c1bf3d89f54a013fe66

SHA1
74a0bf6dc210812b7ee1b91df9d20aa3aa2a0c76

SHA256
18a716349cc1701d88d71214712ae52ef2b3a657b65a315df54d536e58c715ea

SHA512
83d37a67e98c7283329033891b9f17b9c9730c86d47edfd851aa110b542b944b651ae56efcd31e70c3e2326b59c1707289b1fea41d1f5b5b5e96ad947805d023

Download Submit
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
Filesize
434B

MD5
ab77bf8221979a9a7d2d558735f81718

SHA1
a25bd3a46a3fa4bb47d78f12d7f35f8dcd3823e1

SHA256
7bf1b02bb9f7c00f3540c47c810d1e7de64942c9f87922f27cc75519c52313b2

SHA512
51d50ef463f28ea3eb7fda045210131dd5483fbdc37c04fb4ce077e70968d65b424688421056fda474eb6071b383bb6815d02605cfc9f97df165334af334dc76

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\21e02d6e-429d-412d-955d-8e60fc0ad0a1.tmp
Filesize
6KB

MD5
e225becfb7ba6f9bffb73095276bf1d3

SHA1
05893a8d3c9ec5e5a6005cc5fad875605d82ce7d

SHA256
1b5d96030f998f38ad73082fcd8199319e95fcf09de43126601865181d247b02

SHA512
df309585018ae1dc7cbd6bf381132c356c71d89b79141a12f5ad13e3a924c41f82e1397e70def3c7c66eb074bb3d187e2d604e8df23321b1c175461718dc4b2b

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-index
Filesize
816B

MD5
f16a70f3df0054513befafff911a329f

SHA1
dbeb6aff2d84202c1c6d746d33bc5da8a9b142b1

SHA256
60cf9b04a7485ce3961f063778d1877091bde1454834a98a7c1e21cb6b46804d

SHA512
e7f6975dcca18e0daa5c8c9e2c1dd21a291ecda8dc3ae2d76f0c323356bfe360533a6955b6800cf50d833e6ecf660c2cce979de623d6fb74907ae31a0f788f1f

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
Filesize
264KB

MD5
11f638c6017578e96d103d5f6cc9b65a

SHA1
e501783b3e469125c1445e865ef7de6e4ebdfedb

SHA256
5bb2b68097420a73c5b5aa9e86d5d5cde73aba8b171aedbc8d8dc524d359984f

SHA512
6b8434a6bf5fbd3fd161217cdb8d346ded0e9510fdcf063c463c60fe091482a529d377a4316805c7eb0cfeb324103d9e3429cd932f0aa3e9cb406e6a515c75be

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\File System\Origins\CURRENT
Filesize
16B

MD5
46295cac801e5d4857d09837238a6394

SHA1
44e0fa1b517dbf802b18faf0785eeea6ac51594b

SHA256
0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443

SHA512
8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
Filesize
4KB

MD5
472010036087950b44f678fdff3ddad1

SHA1
cdbbf868f865231ac8eae59c490a923648989c42

SHA256
47b6ef3e7a129fcc3b23f9ce28e6ceab8b4fa5ca7bbe625804f6ee27d6af5739

SHA512
dc0f790e818a32848675792348f231ac742b8e7cef9ecf7ba14b5914be82c2d837ebfb7891e44b2c2434bf2fc76bf791d0d7e060c46b4e79fd382d9e3a17a44d

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
371B

MD5
afe5c355c4e83e6baaeb171966c5fc4a

SHA1
bd59c0612f5f2586817500712eda5c43ea921ddc

SHA256
95e25b51bf8dd4c75c01bab8426fd3a142b7ef82caaac75ec66090f1a05ca37b

SHA512
720521c0b03dfc1ad9a0c9a184ac7a17037bce3c7a4efc69cfde02c39b0b4d90f9f28d5ced93b210964ba71641752ced8185c15e12b5635ddc8f4d3ab22ba9c7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
b45bad4dd34713bdfe94101ab80d84c3

SHA1
af92fd8aaf38e491d0c94a6b47c2336caae66dff

SHA256
9ba177025e94927b212b0bf0e86cc039ffdf52d3055d194c9aacd9f353542054

SHA512
2a960d099c0cf5f7f051aef7a67e6b3eff0f13186d368b8be3642bb50b38dcd6dfae2918104ee888b75b8677b0982116ac7660db4e2b883c78158b44a2a06f8c

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
e2d6ef2640ff1936a9200723acf216cc

SHA1
ee3c971c741983500b0e6371a5f8f441e6887048

SHA256
bc46725bcde86b06fce83a3cfda520a1854da974d9b5d7192c5086b888aa8aa1

SHA512
6b6c076ffd7a09294990981b4e15259353a322b67a103cd4a5af4b5ba9c3aa992bce9e2e8888695ab6bc1a27db8a7d7359be2e0db03382eefd7bc83b1af9fa9a

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurity
Filesize
1KB

MD5
2c1f7b72def207cd01dc7695856f67d7

SHA1
2151ab5660f57b76dd01136f8b7234b382097e89

SHA256
66aa165cb249185a3905e1df10db2ccd780042fd73e18e57817118fae7c69a27

SHA512
995f84999445df7e648a44a0e6dd676d75d7bb89daf5fe33e9570175dbe8281ff8f96feee4afad1e9a048ed3f6f56404fffd5c6c3a4159cac9eea281cd77d960

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
fcad5fa42ee90da0b472d910150991f5

SHA1
fa5510abc801a2bc3a4953cbbb3a7fb61e5b8643

SHA256
c101ecb48b140932a0752bcf558aed7029ec10ca0835e2647f5cacfd713a1397

SHA512
59a678a73cfb62cec73861d3891e2434138c1a24a71811d2b749bde9a1072f0f24ffa0ea8b3124f9d80ae369f0edf11c59d7742bb4b50fd085b72831b59bdfe8

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
f6f88d80284f37aa11158b701036bac2

SHA1
7bd536c19e82befe2affa125f9e303a0653cd982

SHA256
d87cc97100e8f71277223d0b15d326ea16fbe6aefa7e834b0efe899a86c5b074

SHA512
5811d32a7b13429edb0332c6b0cb8ecf0828ea873c1d41815b633896ee591ce3993b301e81dce81f2d1532d83f0c6346c3100045d31eab844534aaa109e9d9c6

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
5KB

MD5
d5d7599e1fc0eaa2f3651d2393c86bf3

SHA1
2472dd3aa289ccc174c0e339aa5c031b33de4062

SHA256
ad7f8fc21ecb5aa651935851cfec0a6bad88fb1730bb4da0758eec886a8216f0

SHA512
9af30300eecd765137cc90cd4bb9bb9dec1b702a84dc354f17ce325256fd1ee121568409089664130f16c249aa328b845201a5dbcd70a326f9fabaffc5655e73

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
Filesize
6KB

MD5
de9c08b10b64ddd8a483be15205fa969

SHA1
d55bcdbc4c60011bc1d85bebd84746da1b3a316a

SHA256
6b217e20a345b01b6156b17e934f9dd2f4712af89d1ea68a257507dae7ee6a1d

SHA512
3ffebcea085bef484c19a90826c3fd9be4581e3415405df711a96915b14aa6e9146a303b3203b900f460debd20b9f6dcf246952a6eb8a927f01bc0e75a3a43eb

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt
Filesize
56B

MD5
ae1bccd6831ebfe5ad03b482ee266e4f

SHA1
01f4179f48f1af383b275d7ee338dd160b6f558a

SHA256
1b11047e738f76c94c9d15ee981ec46b286a54def1a7852ca1ade7f908988649

SHA512
baf7ff6747f30e542c254f46a9678b9dbf42312933962c391b79eca6fcb615e4ba9283c00f554d6021e594f18c087899bc9b5362c41c0d6f862bba7fb9f83038

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Service Worker\CacheStorage\379f1cbab5b08b6fc9e08681e42d8be311441c88\index.txt~RFe574100.TMP
Filesize
120B

MD5
0327efdc1755916b96ded8cf132d1000

SHA1
b650070e80313caff6bd09507396eb169d7e4fb7

SHA256
03a14b943ae16744e01198b45e58a78a0a57de0f3cac177bf4122501efe68cbd

SHA512
5db6d813356959a2bc5db0d9695873f6ab16a100450805e47b1484669efa7c9438cb2f79100c871e95108feec980e360d3c7a769a376049372ad2fc6fe9d612e

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
f67c8821b071fbf54888a378a65ada61

SHA1
2b484ab568d34c3fc4cbfb916da96198f8b0ac6d

SHA256
4e0dd8777f6e8d8fdd9d0773540e924d69694580450534928b2098f726fd6b0e

SHA512
bec0c93d5c8494c2c904cbdf6dd911755d15cdc6ba58965ea170076b3ca2b2cc6ce2950d15436a30e87862a19d673703e399c3e844a399198d9e81cc1f5ba185

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State
Filesize
143KB

MD5
d86f0b53d20ddfadd5d9b15899a7c5f6

SHA1
299c6021f9d436d3d3b55a903be446549765b31c

SHA256
f00a2718767a2a2f0e14c03e5a2edd4e1c20f8e9d025aac8cd01239053e1925a

SHA512
c3a555e5b8e1c07a6747e1353fbb5aa177b1d814bf78bfa35ce54bdce7ac786c692811c4a833731f205e9621bf0fcefa70670e43afbe51489b274f3ce5365da7

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache
Filesize
116KB

MD5
d033e335d962147d98cf8927772485ee

SHA1
557d0c6fecc0efe870cc91743fe3ded7eb05f780

SHA256
4ac700f76efd0809f721be0dfacb85f92fe83a3d5c4d8c01c216d98012300274

SHA512
7e0b97ee71efc1fdefbf232e068cc63455292342b7cc3b046734a4183d6fc26a37752963f4341e4c056ac2916517a16abf28b404c90eecc72b84a5e6467c1f32

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Module Info Cache~RFe57a6bf.TMP
Filesize
97KB

MD5
33ccfff5130a782b2a25372973ec3e09

SHA1
1aa6e7321dce068640c21d7af21d90d43546ca66

SHA256
f42c4c043da327400d485d65aa577ab4e5a3b0cdfb5c32daed2abb6bc5924a4e

SHA512
5622cbc2a95fc7ce9ceb99e76c69ed8b81b8d78b89780fb8299805a976edc2ef3987fdbfd4766604498c8c902013f83b4959fcbc8dbf380474f836328afa3943

Download Submit
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\persisted_first_party_sets.json
Filesize
2B

MD5
99914b932bd37a50b983c5e7c90ae93b

SHA1
bf21a9e8fbc5a3846fb05b4fa0859e0917b2202f

SHA256
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

SHA512
27c74670adb75075fad058d5ceaf7b20c4e7786c83bae8a32f626f9782af34c9a33c2046ef60fd2a7878d378e29fec851806bbd9a67878f3a9f1cda4830763fd

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\_sfx.exe
Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\_sfx.exe
Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\_sfx.exe
Filesize
1.7MB

MD5
b386cdcb413405daa8219af8e4cbd318

SHA1
ce275ff8514fef0629c915a6ee7b5ac481b9043d

SHA256
408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e

SHA512
91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe
Filesize
2.1MB

MD5
2f3d9e21e232b9bfea064d3b2264db06

SHA1
bafddc657d8d1bb531683b29b0342cc065ee51d2

SHA256
25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d

SHA512
94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe
Filesize
2.1MB

MD5
2f3d9e21e232b9bfea064d3b2264db06

SHA1
bafddc657d8d1bb531683b29b0342cc065ee51d2

SHA256
25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d

SHA512
94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\assistant\assistant_installer.exe
Filesize
2.1MB

MD5
2f3d9e21e232b9bfea064d3b2264db06

SHA1
bafddc657d8d1bb531683b29b0342cc065ee51d2

SHA256
25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d

SHA512
94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

Download Submit
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303102319311\opera_package
Filesize
87.9MB

MD5
b004716641db018a37f534c46df35215

SHA1
f612420cfa0570cd5f8f051cc99ebdcc57eb129a

SHA256
29bdf09755fc63557e1b4a12e664a13513560669aab3f819c7966bd7cae6a7db

SHA512
aa6a3414f1bc390eee3a00f5d83082ede3b12e1efe6fd311b4e4a50d985eebf875ddb485a7f01a47e0582d9f0a812a7a1f219d61fadfa95e70f2eb1a89b7f53f

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303102319291415932.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303102319300475076.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303102319300475076.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303102319306583352.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303102319313605752.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303102319315943484.dll
Filesize
4.6MB

MD5
02cdbf798a668878b72b920b6e265272

SHA1
2301a19f2e1003656463d77d536aa18d27cdd513

SHA256
c9da947548474485935e7e8780b765fa6b8b4ad3afc4a1ad216fbe1097f8ad94

SHA512
d4b10633b2bd5845b05c6880f3a4812f69e590e157c45e49d59594d8c78fbc385b89dfec058ae1461cac6175cb318d27839d7f462e550cf3d2338933c4b18aaf

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
Filesize
339B

MD5
27e7f3d4f0383f5aa2747a73b2247056

SHA1
bab94178cde996a35dfaa905cede8015da321552

SHA256
71d7808cae47025784d1a5a759d80c07704d5c745661c07d2bb5f883e821a7b7

SHA512
56f486ca2dff3a94db51696f402d73b43b9f7adc576299c7fca1472dd1194c03cc36c9933dccb94579aaf87d6943c0b108a26a09b269f8fab07bec26067a9ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
Filesize
644B

MD5
d0283575c47a16d567f02b70550e22a9

SHA1
189ce85ca43d3aa4336c2e7719cf206691257999

SHA256
44464fa74b703a959540202a83383c33cee05f7affc69898e0d3b541b1e87970

SHA512
5b70a22b0a48aa3c6e88123c4d3ff928b02bbe158d63e565bd558aa990482a4d9a98e710ec3dded8fef6042eedb5a1ed62ffc632fe9d102a9cb49342727c515d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG105.PNG
Filesize
40KB

MD5
add45fcce9e1d8992e60401842562c2e

SHA1
7869dc6ad6116e2c864f32b959a489ee4100aa2e

SHA256
4c9e68ac4cebbfde2f2f5a9318b597825f3d7a41f32cd288e3fa964b95a69fff

SHA512
2f98fc864d4bf46c8595f94c4296e6d4213d90591ee197679b2c4f5f4a27b248a52a941b811fceca2f8d32044d42dfe589ec981baaba86a7e4d844d687d048fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG106.PNG
Filesize
1KB

MD5
e321fee6bb1a5aa942de8f0c33a47acc

SHA1
ed9d1f96abbe8cb1d4d073982aba790941b8e412

SHA256
e1de043473910537b81a7b533a401eb5abf09951bd595a943b2fae399156fcca

SHA512
a331bb6fcb1180405e85001a5809eca98dea401e770ab1767d9c7d46cc5a87ea40d54ab3ceec2f81a80ca06c7033d132f80b0fbdcc26431a2e3920f2de8863ce

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG108.PNG
Filesize
2KB

MD5
8691619d3729db635b36abf4cb92b722

SHA1
5f65a27c0b8d2a25a3c107eadcde937a6c9620b1

SHA256
386db08587c847acba938e16a37f345f8d95cc1c77ed562b3c2cc71c1ccbfc1c

SHA512
0f2e192e6f23a512c7e0b75ecf54bfe8cdfcd4c18f48cb4a4ccbb879881ece3308e1fb97891583f1248c2a833c36509e8e1b81bf39958189676b05d9bd9605a6

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG19.PNG
Filesize
1KB

MD5
1c9e24d780e12c81094546db7dba85ac

SHA1
9a21b5304a8326f4d115f1aeed413191969f82ca

SHA256
06fd6ea5ff0c58b5dd1ee0ff062e79f66f40a2ab4a0cb3937949781db90b0ad7

SHA512
a0d66cdf4e11fcb991acf2faae92f91dbb2144694a353a41e450ede37c9de605cedf5772744c90967eddcd88055023ba6e4a9bf1a8a6875f8750aedffcf6618a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
Filesize
280B

MD5
342916f21c1e06bea05bbf019607713c

SHA1
93a20cbead12b1d710aa30b7ad11f322b6e253fc

SHA256
93fb9f9ed1a680f419d545084a11db8a1ff1a9466cedec71ac33d78f39c367d1

SHA512
321a5b6120008c510cbb43813b56eefeacbba3cc67fe1d9fc579579a6b8577999ac1a14e17301c4a3bdf3c98644a1c3519c63b6d079d06e614eca4b79fdc7518

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
Filesize
281B

MD5
3e4f9ad22e78d1916883ba8ec1b40391

SHA1
4eb8e83f9e4f24d6252c83640061cf6fbf8daf08

SHA256
20ed02f9caeab1a1947e436aa39f99f8e69653e6f9ba5da3b88e31a461676e88

SHA512
d80793d15dc318fa2ab89252d153398ee5924391b0d3ff63b1063bea076c6681f9692284b6e744dd68abdca240c3c1b3eaa224a0449eddadd2c7bd7e943e8190

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
Filesize
43KB

MD5
e0901ba1513ace1b39991bfa0b911498

SHA1
4ce82072212487c2f484bacf1de20e179b3fac6e

SHA256
c571b49df24291011ff427f5f450b673531409c7b4576c34ca3f284ef3c55493

SHA512
7ff181c9ea32ca2828ef7d1e34c96c6855dac906108eb680a90da5dd9f2008d815c96969263b3314b7db1a83bf7032da631c878dfa4a99976d8cabf79ea62b8d

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
Filesize
1KB

MD5
be778d72fc00a94c08f8d34a7f4808eb

SHA1
6a9ac4c50c259f13c811aec861b7d8a178226a2a

SHA256
6b87aaec39e8dcaa1ff58dd1ce9b4ff963111281197efb498feda447374ca362

SHA512
4ea18bb91fdf830d55250a245af0c5777657844ee1d9293a35cdb2f56e50ceafdeaf49135e9266bb7615c8f0a57a1ee26b7d74c6d4e98b2cab38dae5085c8a3f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
Filesize
106KB

MD5
51be149c8e20df63087c584165516ecd

SHA1
feabbb95b65e6929f086266b06ee1cfef83539a7

SHA256
b949eb246d81688efea07a7655652107ad435f37d493d93dd68c88a9fe6f3e33

SHA512
6f24e4caafd6af85c2f8641d7f2b066dfafa7d6abb512fa62f3642eaa42b549692b15043a3bf0e13cb1fae377fc1d3139dcf5cea3d4def24de197f75297e17f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
Filesize
2.7MB

MD5
86509a22a9a5313a8bb898fb6f1cc540

SHA1
d1524c9407195c4fb85e7f82db626d61c88bd5e4

SHA256
67e93194b24ed0b0af3db4435f06fbd6961bf314a9e220e5966c4e5d9410b19d

SHA512
3528af77dd2a45bf00eb1b7e9536aed4e0cdf1d015981aa42105e340f6fd0ae7ee01b1136f8605eaca86f607994a214c8b8550fa141faa7c2e4eb6504934f3ec

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
Filesize
645B

MD5
fcdb501020cf6814b9c686436ee87ea3

SHA1
bd65665a83eb606986f458cdc51eb208d3d2e5af

SHA256
37fe73f7f771e0795780a1e102d790b18438ca123c5c9c81e7e1461822729f7c

SHA512
a9a76d66a06910f54d71fe5e8d9f07139c638a6be248869a612103a58942c8d751c6f8312a7d6f632e5be53a6db8d2b1e83e89818cc634b940f7c05ab5916b78

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
f08d9bbc61cff8e8c3504524c3220bef

SHA1
b4268c667469620bb528c04eaa819d508159b398

SHA256
2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb

SHA512
a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
f08d9bbc61cff8e8c3504524c3220bef

SHA1
b4268c667469620bb528c04eaa819d508159b398

SHA256
2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb

SHA512
a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
f08d9bbc61cff8e8c3504524c3220bef

SHA1
b4268c667469620bb528c04eaa819d508159b398

SHA256
2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb

SHA512
a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
Filesize
6.3MB

MD5
f08d9bbc61cff8e8c3504524c3220bef

SHA1
b4268c667469620bb528c04eaa819d508159b398

SHA256
2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb

SHA512
a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\aopalliance\aopalliance\1.0\aopalliance-1.0.jar
Filesize
4KB

MD5
04177054e180d09e3998808efa0401c7

SHA1
0235ba8b489512805ac13a8f9ea77a1ca5ebe3e8

SHA256
0addec670fedcd3f113c5c8091d783280d23f75e3acb841b61a9cdb079376a08

SHA512
3f44a932d8c00cfeee2eb057bcd7c301a2d029063e0a916e1e20b3aec4877d19d67a2fd8aaf58fa2d5a00133d1602128a7f50912ffb6cabc7b0fdc7fbda3f8a1

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\guava\guava\19.0\guava-19.0.jar
Filesize
2.2MB

MD5
43bfc49bdc7324f6daaa60c1ee9f3972

SHA1
6ce200f6b23222af3d8abb6b6459e6c44f4bb0e9

SHA256
58d4cc2e05ebb012bbac568b032f75623be1cb6fb096f3c60c72a86f7f057de4

SHA512
834f2bf4a5b35edffde0263409649aeaf34ca9a742ba511a06bb9b01626f9e774d2d3c8ba91a7905929dc8cd5e6471de29f7d0ab10260ece2af709b7fdbe4bc3

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\extentions\guice-assistedinject\4.1.0\guice-assistedinject-4.1.0.jar
Filesize
41KB

MD5
65912196b6e91f2ceb933001c1fb5c94

SHA1
af799dd7e23e6fe8c988da12314582072b07edcb

SHA256
663728123fb9a6b79ea39ae289e5d56b4113e1b8e9413eb792f91e53a6dd5868

SHA512
60b15182130ddfd801dd0438058d641dd5ba9122f2d1e081eb63f5e2c12fff0271d9d47c58925be0be8267ed22ae893ea9d1b251faba17dc1d2552b5d93056de

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\com\google\inject\guice\4.1.0\guice-4.1.0.jar
Filesize
658KB

MD5
41f66d1d4d250efebde3bbf8b2d55dfa

SHA1
eeb69005da379a10071aa4948c48d89250febb07

SHA256
9b9df27a5b8c7864112b4137fd92b36c3f1395bfe57be42fedf2f520ead1a93e

SHA512
109a1595668293b32376e885ad59e0e4c0e088ea00f58119f0f7d0d2055f03eb93a9f92d974b6dbd56ef721792ac03c889d9add3a2850aa7ccd732c2682d17ef

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\javax\inject\javax.inject\1\javax.inject-1.jar
Filesize
2KB

MD5
289075e48b909e9e74e6c915b3631d2e

SHA1
6975da39a7040257bd51d21a231b76c915872d38

SHA256
91c77044a50c481636c32d916fd89c9118a72195390452c81065080f957de7ff

SHA512
e126b7ccf3e42fd1984a0beef1004a7269a337c202e59e04e8e2af714280d2f2d8d2ba5e6f59481b8dcd34aaf35c966a688d0b48ec7e96f102c274dc0d3b381e

Download Submit
C:\Users\Admin\AppData\Roaming\.minecraft\tlauncher_libraries\org\apache\commons\commons-lang3\3.4\commons-lang3-3.4.jar
Filesize
424KB

MD5
8667a442ee77e509fbe8176b94726eb2

SHA1
5fe28b9518e58819180a43a850fbc0dd24b7c050

SHA256
734c8356420cc8e30c795d64fd1fcd5d44ea9d90342a2cc3262c5158fbc6d98b

SHA512
b1b556692341a240f8b81f8f71b8b5c0225ccf857ce1b185e7fe6d7a9bb2a4d77823496cd6e2697a20386e7f3ba02d476a0e4ff38071367beb3090104544922d

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
Filesize
451KB

MD5
0b445ace8798426e7185f52b7b7b6d1e

SHA1
7a77b46e0848cc9b32283ccb3f91a18c0934c079

SHA256
2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6

SHA512
51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
Filesize
1KB

MD5
15bfc779ca849b269af035c19524f515

SHA1
4a82eff7f31c2d688a00376ed36403d4d52d538c

SHA256
18c77fc1a6092e0169f574e46d72636578abe3744b76f632ad7430d576519353

SHA512
ce05807a115b2e8fd7c5874c3a01155501ee37095c02c5679f6e3b848093caad05e45086a88b16128da0e3d95c204e6810667463d08e411529ffde0e79b2ec51

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
Filesize
45KB

MD5
c00a190340711134584dc004bf18b506

SHA1
72bbbf9ab0e5b3fbf825b0a46da1b25641fbf346

SHA256
db127cc179eb800b489b1d0d014d6d5b5bf04988b23b55ce7b2d108a4852f343

SHA512
597ce1ae67201158e554f2e85218f2bb3321d0b47593c845d5130d80f7817b5ad4b92f30053ef0809315c4f02299edfe09fa67870e11cdc6095390683c0b4d56

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
Filesize
457B

MD5
96df483076fe5b82a193e0f74ae9427c

SHA1
e2914a84864c5a0507406b7e013c915eb64c5d88

SHA256
b08c9f5d1d5375498e555889886992e45c805658e7fb18def814a4ea6539c096

SHA512
732dc92695e193f359b42bd0eea7310406fade281ab3965727ca22b707ccedbae4c7f7706597b8b23ba93f9c259229e9c14a1d1efd959c6acb17905b36d52769

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
Filesize
352B

MD5
82b5905aadccafd519f5baaba8b4235c

SHA1
ac20c24c050d67ac9cf6d5d012f6c4e3e109dc6d

SHA256
7b0e92663780a8c412e31cde6f5abc18ed58bb19e3791208e8bd77ff9df2a4e7

SHA512
28a04532b8416eec31022493b725150711036cab5b87a7e4a39284ff4799e024abb34b808fc2182318cdad282c75958210d68368222ecc583ac139e6c1f0b802

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG
Filesize
438B

MD5
343b2dec000aeb270da2da3d091cccee

SHA1
8ab8987520beb6f4ee7ecf85f5d3caf88afb4c9c

SHA256
36d9a038c082d934df2209fccdd5ddf7bfd15b393581bfd48f510cc161db5232

SHA512
3ab0006fe9be943285f8294752d9ee14959284103676af7418fa2f59c967056bb2646fd48432af0e97be00c608ba493f08b160aa725898084bc726c904ffaa0c

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
Filesize
206B

MD5
bd8b796fabf29bce107b327cd690807f

SHA1
edde96dc69ec4c6a8374069e56b27cfa98b50694

SHA256
8f65c8b2c3c27ce8bb37fc64aba53eb01ded825f26f9f09bd4b03c6bc41b6ca2

SHA512
b4091792afe29bb346350928b7726c1a4411bbae732f4d7a862faa909453b6efb79417053a10db1c70f11315a2064682842655bdbd2c374cb6564693f5f1fbfa

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
Filesize
1KB

MD5
fd59d734aeb9fc2e4b9fb8953f1030f2

SHA1
4eeaa16cfcdae90383fb4e38fd6cc52180201705

SHA256
509323570038a79f2f494cb2323e141ba345bd5f0af6316b334553b411a4efac

SHA512
5319c35e80f13be56b8f450a364802ae922352baa2ed7858bdf0e43c66f44da3af8b9f4485a04e8c83f985c492543be6665e25edb650ed4ddb6a48d6d60d5397

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
Filesize
1KB

MD5
d2462eb1e0591d5128d496df81adb09b

SHA1
71bfe6ef2f6b42950b9504ea9f3be42a9274e1ea

SHA256
a9592b4657867255adb69ee757da5858a0cb005b7388b4dd9ed4a814a31cc3f7

SHA512
cb22e19cb876bf3111434bbeb0243265b9899a40cf346ebd5b12d40db324cd776494f43f8570a64fada10f86d76644184e6982fb6bbd0af251c170f107ac50f5

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
Filesize
41KB

MD5
f2664610dabb317dfe1120518e323887

SHA1
33f8a173d6a0d4b7ecd4b5be9fd052795d689919

SHA256
67d18f4a1cdf8906751fed972deb353a773101fea9c62929e434cf4a31124cc9

SHA512
16ef6bd74c99e4c805ddc53d2cfb6ea3913f8e78ca674e3f61c3b49510c40d7b2b7a96f80e72dd428a28334deebe6859f59d3fdd40e44a0356224695c8cb8eb9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
Filesize
1KB

MD5
4065249457c60ff8868e439399f9a3b5

SHA1
1432b33e9704b0346899e6897103e4a9a29f7dde

SHA256
c230c0787a4a68aab9175ac6630abc6cf012aa74dc67229554a4d9853aeb62f6

SHA512
9cd3387d8191305d7954cb32055c3dd8f7cbcec481c949d9873fe5c9533ccce3e6d73c6f30613e9495493f513beea9e7059d3fbcd3ad480885bdafd0b2dcc3c3

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
6KB

MD5
4f7be9736242579cb8afa1af86980dfe

SHA1
1c486393847996db4f6b78532dd7bd9a0a924549

SHA256
9cecc28716f392d2394829f4cc3f307d08f5aecaf3e2124bdaaa0d6d9c3400b4

SHA512
4c55bc2698d8934713e791c015480248198e22efa66dd5ca79ea834b9835c9e85ca8c2869c9b40dc394ae7e27da039f79c392f88472dedc1adfa83dd1e94f1c9

Download Submit
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
Filesize
21KB

MD5
53f273f8e2da4ae72b5e0229470ef9d3

SHA1
4bf71767acac851a90f66888920f0625e7dc6557

SHA256
43978b0ee53ab74bdc6cecdc7823daa6249f6c76e746fd6308a2ef5f1abe352f

SHA512
48c63eee75ba759f8eea35243decfd667a336415dfeec25e3655b6726b46ce68d2cbc7119e09aa0f23bcdeb564e4ef006b0d7dbc5e37bfe33109d9452bf1166e

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
989d9ca269d341d53c8c0f107d0bc80e

SHA1
ea15975a440f451edf3b81cb504f31656910abe6

SHA256
72c6efe0bb59f278979e9282ea2ef905ad5f13f07192267a9519eb8c652b61cf

SHA512
e6dcca0a6da477cd0210953f83c8b8ef8edc15502e3b8d75eaf2660ed636134d0ec7f5df20fdef18d7d946d86b044ef0386ee35bb9f2c75fc6147c0914878970

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
989d9ca269d341d53c8c0f107d0bc80e

SHA1
ea15975a440f451edf3b81cb504f31656910abe6

SHA256
72c6efe0bb59f278979e9282ea2ef905ad5f13f07192267a9519eb8c652b61cf

SHA512
e6dcca0a6da477cd0210953f83c8b8ef8edc15502e3b8d75eaf2660ed636134d0ec7f5df20fdef18d7d946d86b044ef0386ee35bb9f2c75fc6147c0914878970

Download Submit
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
Filesize
40B

MD5
989d9ca269d341d53c8c0f107d0bc80e

SHA1
ea15975a440f451edf3b81cb504f31656910abe6

SHA256
72c6efe0bb59f278979e9282ea2ef905ad5f13f07192267a9519eb8c652b61cf

SHA512
e6dcca0a6da477cd0210953f83c8b8ef8edc15502e3b8d75eaf2660ed636134d0ec7f5df20fdef18d7d946d86b044ef0386ee35bb9f2c75fc6147c0914878970

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe
Filesize
22.6MB

MD5
2c46460b0b6c89f4993db4ab214fc9ee

SHA1
0a8b0696a59d2635f2303a4f2302cd97ea6d835a

SHA256
7efd1055ea05a8fb0e8dab395b68017720d468d3ffb3ef3baeb501f809528827

SHA512
e79fc7a3bdea24e2425f56b94399b7b732436bec6dc5de3e416a0e0e43ddd8044fc83992f4a1d7a1f86397957f808ce93a40c58c1101566af77a0f62e85a7c44

Download Submit
C:\Users\Admin\Downloads\TLauncher-2.876-Installer-1.0.6-global.exe
Filesize
22.6MB

MD5
2c46460b0b6c89f4993db4ab214fc9ee

SHA1
0a8b0696a59d2635f2303a4f2302cd97ea6d835a

SHA256
7efd1055ea05a8fb0e8dab395b68017720d468d3ffb3ef3baeb501f809528827

SHA512
e79fc7a3bdea24e2425f56b94399b7b732436bec6dc5de3e416a0e0e43ddd8044fc83992f4a1d7a1f86397957f808ce93a40c58c1101566af77a0f62e85a7c44

Download Submit
C:\Users\Admin\Downloads\Unconfirmed 414841.crdownload
Filesize
22.6MB

MD5
2c46460b0b6c89f4993db4ab214fc9ee

SHA1
0a8b0696a59d2635f2303a4f2302cd97ea6d835a

SHA256
7efd1055ea05a8fb0e8dab395b68017720d468d3ffb3ef3baeb501f809528827

SHA512
e79fc7a3bdea24e2425f56b94399b7b732436bec6dc5de3e416a0e0e43ddd8044fc83992f4a1d7a1f86397957f808ce93a40c58c1101566af77a0f62e85a7c44

Download Submit
\??\pipe\crashpad_3864_NNNEZZYCDBOGGVOK
MD5
d41d8cd98f00b204e9800998ecf8427e

SHA1
da39a3ee5e6b4b0d3255bfef95601890afd80709

SHA256
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

SHA512
cf83e1357eefb8bdf1542850d66d8007d620e4050b5715dc83f4a921d36ce9ce47d0d13c5d85f2b0ff8318d2877eec2f63b931bd47417a81a538327af927da3e

Download Submit
memory/2116-2373-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2370-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2438-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2363-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2426-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2362-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2400-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2116-2398-0x0000000001070000-0x0000000001071000-memory.dmp

Filesize
4KB

Download
memory/2308-2409-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/3352-985-0x0000000000980000-0x0000000000ECA000-memory.dmp

Filesize
5.3MB

Download
memory/3484-1022-0x0000000000640000-0x0000000000B8A000-memory.dmp

Filesize
5.3MB

Download
memory/4024-2431-0x0000000000DF0000-0x0000000000DF1000-memory.dmp

Filesize
4KB

Download
memory/4644-2347-0x0000000000400000-0x0000000000417000-memory.dmp

Filesize
92KB

Download
memory/5076-966-0x0000000000640000-0x0000000000B8A000-memory.dmp

Filesize
5.3MB

Download
memory/5580-1033-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-701-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5580-408-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-2025-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-732-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5580-2026-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5580-1016-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5580-731-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-2353-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-1013-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-868-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/5580-867-0x0000000000500000-0x00000000008E8000-memory.dmp

Filesize
3.9MB

Download
memory/5580-702-0x00000000069D0000-0x00000000069D3000-memory.dmp

Filesize
12KB

Download
memory/5736-917-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/5736-950-0x0000000000160000-0x0000000000548000-memory.dmp

Filesize
3.9MB

Download
memory/5752-1009-0x0000000000640000-0x0000000000B8A000-memory.dmp

Filesize
5.3MB

Download
memory/5932-943-0x0000000000640000-0x0000000000B8A000-memory.dmp

Filesize
5.3MB

Download
memory/5932-1037-0x0000000000640000-0x0000000000B8A000-memory.dmp

Filesize
5.3MB

Download