7efd1055ea05a8fb0e8dab395b68017720d468d3ffb3ef3baeb501f809528827

Analysis

max time kernel
144s
max time network
152s
platform
windows7_x64
resource
win7-20230220-en
resource tags

arch:x64arch:x86image:win7-20230220-enlocale:en-usos:windows7-x64system
submitted
17/03/2023, 21:55

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

TLauncher-2.876-Installer-1.0.6-global.exe
Size

22.6MB
MD5

2c46460b0b6c89f4993db4ab214fc9ee
SHA1

0a8b0696a59d2635f2303a4f2302cd97ea6d835a
SHA256

7efd1055ea05a8fb0e8dab395b68017720d468d3ffb3ef3baeb501f809528827
SHA512

e79fc7a3bdea24e2425f56b94399b7b732436bec6dc5de3e416a0e0e43ddd8044fc83992f4a1d7a1f86397957f808ce93a40c58c1101566af77a0f62e85a7c44
SSDEEP

393216:YXMHKmnDMP/n8IPfs/dQETVlOBbpFEjdGphRqV56HpkvQFa2Vj4h2cv:Y8q8MH8aHExi73qqHpU2Vj4h/

Score

7^/10

discovery upx

Malware Config

Signatures

Executes dropped EXE 3 IoCs

pid	Process
1720	irsetup.exe
1052	AdditionalExecuteTL.exe
1936	irsetup.exe

Loads dropped DLL 19 IoCs

pid	Process
2016	TLauncher-2.876-Installer-1.0.6-global.exe
2016	TLauncher-2.876-Installer-1.0.6-global.exe
2016	TLauncher-2.876-Installer-1.0.6-global.exe
2016	TLauncher-2.876-Installer-1.0.6-global.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1052	AdditionalExecuteTL.exe
1052	AdditionalExecuteTL.exe
1052	AdditionalExecuteTL.exe
1052	AdditionalExecuteTL.exe
1936	irsetup.exe
1936	irsetup.exe
1936	irsetup.exe

UPX packed file 36 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
behavioral1/files/0x000800000001272d-57.dat	upx
behavioral1/files/0x000800000001272d-60.dat	upx
behavioral1/files/0x000800000001272d-66.dat	upx
behavioral1/files/0x000800000001272d-64.dat	upx
behavioral1/files/0x000800000001272d-61.dat	upx
behavioral1/files/0x000800000001272d-68.dat	upx
behavioral1/files/0x000800000001272d-72.dat	upx
behavioral1/memory/1720-73-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx
behavioral1/memory/1720-366-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx
behavioral1/memory/1720-382-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx
behavioral1/memory/1720-383-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx
behavioral1/memory/1720-393-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx
behavioral1/memory/1720-438-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx
behavioral1/files/0x000800000001272d-442.dat	upx
behavioral1/files/0x000400000001ca06-473.dat	upx
behavioral1/files/0x000400000001ca06-482.dat	upx
behavioral1/files/0x000400000001ca06-484.dat	upx
behavioral1/files/0x000400000001ca06-480.dat	upx
behavioral1/files/0x000400000001ca06-477.dat	upx
behavioral1/files/0x000400000001ca06-476.dat	upx
behavioral1/files/0x000400000001ca06-487.dat	upx
behavioral1/memory/1936-498-0x0000000000AE0000-0x0000000000EC8000-memory.dmp	upx
behavioral1/files/0x000400000001ca06-518.dat	upx
behavioral1/files/0x000400000001cb3c-519.dat	upx
behavioral1/files/0x000400000001cb3c-533.dat	upx
behavioral1/files/0x000400000001cb3c-535.dat	upx
behavioral1/files/0x000400000001cb3c-530.dat	upx
behavioral1/files/0x000400000001cb3c-527.dat	upx
behavioral1/files/0x000400000001cb3c-526.dat	upx
behavioral1/files/0x000400000001cb3c-587.dat	upx
behavioral1/memory/1936-592-0x0000000000AE0000-0x0000000000EC8000-memory.dmp	upx
behavioral1/memory/1704-599-0x0000000000940000-0x0000000000E85000-memory.dmp	upx
behavioral1/files/0x000400000001cb3c-586.dat	upx
behavioral1/memory/1760-603-0x0000000000940000-0x0000000000E85000-memory.dmp	upx
behavioral1/files/0x000400000001cb3c-585.dat	upx
behavioral1/memory/1720-617-0x0000000000AB0000-0x0000000000E98000-memory.dmp	upx

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012
Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

System Information Discovery
T1082

Modifies Internet Explorer settings 1 TTPs 1 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3499517378-2376672570-1134980332-1000\Software\Microsoft\Internet Explorer\Main	irsetup.exe

Suspicious use of SetWindowsHookEx 8 IoCs

pid	Process
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1720	irsetup.exe
1936	irsetup.exe
1936	irsetup.exe

Suspicious use of WriteProcessMemory 21 IoCs

description	pid	Process	procid_target
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 2016 wrote to memory of 1720	2016	TLauncher-2.876-Installer-1.0.6-global.exe	28
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1720 wrote to memory of 1052	1720	irsetup.exe	31
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32
PID 1052 wrote to memory of 1936	1052	AdditionalExecuteTL.exe	32

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.6-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.6-global.exe"
1⤵
- Loads dropped DLL
- Suspicious use of WriteProcessMemory
PID:2016
- C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
  "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.6-global.exe" "__IRCT:3" "__IRTSS:23643746" "__IRSID:S-1-5-21-3499517378-2376672570-1134980332-1000"
  2⤵
  - Executes dropped EXE
  - Loads dropped DLL
  - Modifies Internet Explorer settings
  - Suspicious use of SetWindowsHookEx
  - Suspicious use of WriteProcessMemory
  PID:1720
- - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe
    "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
    3⤵
    - Executes dropped EXE
    - Loads dropped DLL
    - Suspicious use of WriteProcessMemory
    PID:1052
  - - C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
      "C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816850 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe" "__IRCT:3" "__IRTSS:1840872" "__IRSID:S-1-5-21-3499517378-2376672570-1134980332-1000"
      4⤵
      Executes dropped EXE
      Loads dropped DLL
      Suspicious use of SetWindowsHookEx
      PID:1936
    - - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        "C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
        5⤵
        
        PID:1704
      - C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
        
        C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x713924a8,0x713924b8,0x713924c4
        6⤵
        
        PID:1760

Network

MITRE ATT&CK Enterprise v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

Filesize
116KB

MD5
e043a9cb014d641a56f50f9d9ac9a1b9

SHA1
61dc6aed3d0d1f3b8afe3d161410848c565247ed

SHA256
9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946

SHA512
4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

Filesize
339B

MD5
27e7f3d4f0383f5aa2747a73b2247056

SHA1
bab94178cde996a35dfaa905cede8015da321552

SHA256
71d7808cae47025784d1a5a759d80c07704d5c745661c07d2bb5f883e821a7b7

SHA512
56f486ca2dff3a94db51696f402d73b43b9f7adc576299c7fca1472dd1194c03cc36c9933dccb94579aaf87d6943c0b108a26a09b269f8fab07bec26067a9ac7

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

Filesize
280B

MD5
342916f21c1e06bea05bbf019607713c

SHA1
93a20cbead12b1d710aa30b7ad11f322b6e253fc

SHA256
93fb9f9ed1a680f419d545084a11db8a1ff1a9466cedec71ac33d78f39c367d1

SHA512
321a5b6120008c510cbb43813b56eefeacbba3cc67fe1d9fc579579a6b8577999ac1a14e17301c4a3bdf3c98644a1c3519c63b6d079d06e614eca4b79fdc7518

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

Filesize
281B

MD5
3e4f9ad22e78d1916883ba8ec1b40391

SHA1
4eb8e83f9e4f24d6252c83640061cf6fbf8daf08

SHA256
20ed02f9caeab1a1947e436aa39f99f8e69653e6f9ba5da3b88e31a461676e88

SHA512
d80793d15dc318fa2ab89252d153398ee5924391b0d3ff63b1063bea076c6681f9692284b6e744dd68abdca240c3c1b3eaa224a0449eddadd2c7bd7e943e8190

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

Filesize
106KB

MD5
51be149c8e20df63087c584165516ecd

SHA1
feabbb95b65e6929f086266b06ee1cfef83539a7

SHA256
b949eb246d81688efea07a7655652107ad435f37d493d93dd68c88a9fe6f3e33

SHA512
6f24e4caafd6af85c2f8641d7f2b066dfafa7d6abb512fa62f3642eaa42b549692b15043a3bf0e13cb1fae377fc1d3139dcf5cea3d4def24de197f75297e17f0

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

Filesize
602B

MD5
5e1d7eb1892a28b80c87918cd3e44c99

SHA1
d15265386f466e39de2f469d3093f62cd9ea3fb2

SHA256
1ddf0e5f26edd3234e5c5518c9951bcee868ed2f91ca4865add14c6f2a2d365e

SHA512
0781f2fa384957ad620df2ba8e324d9c3bcf0ce1ff520bb799c864e79220c98132b971693b3e0e69553bbf29e20ee4f8b718e4f8bb3088bae55605f95bf1fff0

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303172257456591704.dll

Filesize
4.6MB

MD5
927a01657c6bee50ca093ffcfdc9134a

SHA1
f7e484a777affe3c6227a2be0a6560111e1be8f9

SHA256
b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9

SHA512
718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

Download Submit
\Users\Admin\AppData\Local\Temp\Opera_installer_2303172257464391760.dll

Filesize
3.4MB

MD5
34f7c351d826540eb559c9e3d0763a0e

SHA1
c48e1767f9d77ca01a5f5e3d66dc577d9fb91303

SHA256
d08722777e1889494ebfa212d447c5d67a3d6c78dc96c9ff108818ead92f5423

SHA512
13507327a18b6d823549411033169425332911a7320e468a920cfba82f3ecd990572695138b50bebf859645bb5bb686aa2d68d0f1eab54b7456de13e9023c547

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\AdditionalExecuteTL.exe

Filesize
1.8MB

MD5
aa4de04ccc16b74a4c2301da8d621ec1

SHA1
d05c6d8200f6e6b1283df82d24d687adc47d9664

SHA256
e2b0c8e54983b6fcd847a891c5443cb321fb4f0c9106ec8ed6a37cab5ebcc81b

SHA512
28d62bbe394bc2300d60263971cdee15fa417c6fcc7e44ecd2b3b567821e99953377383d137b0827f3f904d30deb508732bcb77cd37d444032d6ffc25c60712e

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

Filesize
1.7MB

MD5
1bbf5dd0b6ca80e4c7c77495c3f33083

SHA1
e0520037e60eb641ec04d1e814394c9da0a6a862

SHA256
bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b

SHA512
97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

Filesize
97KB

MD5
da1d0cd400e0b6ad6415fd4d90f69666

SHA1
de9083d2902906cacf57259cf581b1466400b799

SHA256
7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575

SHA512
f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

Filesize
1.3MB

MD5
5b4c988e2c4f9b703e7c14ea3ba5115d

SHA1
6191f653571a192ed43f637be0be2d0713c355de

SHA256
6a295ca07cc92c2d463b1ae9606f9c3017814edee923073737a4af9022f7fa69

SHA512
5a51728631c11391c92f3f46e55ad574c3bf63de896689249127922f5c42db80cf131353ded2ba04446e5f4e0f459f487d964b973a9f91bd8242132570077473

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

Filesize
1.3MB

MD5
e801c5847f5f9d207db53aaaf5c6f3a2

SHA1
8e6818ce66555e2cca92e5c5f32551fb4a91645e

SHA256
196eb4b81988326f6b44b1efcc4fa7a31a289bcf3893a16c3db6f889aa439b03

SHA512
303ab54112fd38a36c10484037f8ff4eeadd0c6f7dde18cf4f3b7f64bf7f7756b30f634427be1cf596ec995f41923c8678040a9a06244129f2337a3fe2f9bab3

Download Submit
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

Filesize
326KB

MD5
80d93d38badecdd2b134fe4699721223

SHA1
e829e58091bae93bc64e0c6f9f0bac999cfda23d

SHA256
c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59

SHA512
9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

Filesize
2.7MB

MD5
35c7adf12aecd33fc11adb1a07916d76

SHA1
c3acb6dd7af164023e09f79724862d4380ccda20

SHA256
e5d7488bb76529c3f2b06666545956c2c7bb67a2c712ab76d3efdf684fc09b07

SHA512
445dc18295bf6e62d6de378e79355e460b1be3091b713a9e95a98f41c39ebb0f1452b7eb2c7bb6e42c70b6767da944f42bb4f414094a0f4bfa5d54e8974eda12

Download Submit
memory/1052-497-0x0000000002A70000-0x0000000002E58000-memory.dmp

Filesize
3.9MB

Download
memory/1052-495-0x0000000002A70000-0x0000000002E58000-memory.dmp

Filesize
3.9MB

Download
memory/1052-496-0x0000000002A70000-0x0000000002E58000-memory.dmp

Filesize
3.9MB

Download
memory/1704-599-0x0000000000940000-0x0000000000E85000-memory.dmp

Filesize
5.3MB

Download
memory/1704-616-0x0000000002980000-0x0000000002EC5000-memory.dmp

Filesize
5.3MB

Download
memory/1720-367-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1720-366-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-406-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1720-393-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-386-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1720-384-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1720-383-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-382-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-454-0x0000000002F70000-0x0000000002F80000-memory.dmp

Filesize
64KB

Download
memory/1720-617-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-365-0x0000000000A00000-0x0000000000A03000-memory.dmp

Filesize
12KB

Download
memory/1720-439-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1720-73-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-438-0x0000000000AB0000-0x0000000000E98000-memory.dmp

Filesize
3.9MB

Download
memory/1720-364-0x0000000010000000-0x0000000010051000-memory.dmp

Filesize
324KB

Download
memory/1760-603-0x0000000000940000-0x0000000000E85000-memory.dmp

Filesize
5.3MB

Download
memory/1936-592-0x0000000000AE0000-0x0000000000EC8000-memory.dmp

Filesize
3.9MB

Download
memory/1936-578-0x0000000000AD0000-0x0000000000AE0000-memory.dmp

Filesize
64KB

Download
memory/1936-498-0x0000000000AE0000-0x0000000000EC8000-memory.dmp

Filesize
3.9MB

Download
memory/2016-71-0x0000000002DE0000-0x00000000031C8000-memory.dmp

Filesize
3.9MB

Download