Malware Analysis Report

2024-09-22 06:27

Sample ID 230318-l6cwtsea2y
Target TLauncher-2.876-Installer-1.0.7.exe
SHA256 a4ff6ac33f545c591a3974d52f83f751abbba7b3ad33bc0b47611dcd620cd8db
Tags
bazarbackdoor backdoor discovery spyware stealer upx
score
10/10

Table of Contents

Analysis Overview

MITRE ATT&CK Matrix

Analysis: static1

Detonation Overview

Signatures

Analysis: behavioral1

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis: behavioral2

Detonation Overview

Command Line

Signatures

Processes

Network

Files

Analysis Overview

score
10/10

SHA256

a4ff6ac33f545c591a3974d52f83f751abbba7b3ad33bc0b47611dcd620cd8db

Threat Level: Known bad

The file TLauncher-2.876-Installer-1.0.7.exe was found to be: Known bad.

Malicious Activity Summary

bazarbackdoor backdoor discovery spyware stealer upx

BazarBackdoor

Bazar/Team9 Backdoor payload

Downloads MZ/PE file

Loads dropped DLL

Reads user/profile data of web browsers

UPX packed file

Executes dropped EXE

Checks computer location settings

Checks installed software on the system

Enumerates connected drives

Enumerates physical storage devices

Modifies Internet Explorer settings

Suspicious use of SetWindowsHookEx

Suspicious use of WriteProcessMemory

Modifies system certificate store

MITRE ATT&CK Matrix V6

Analysis: static1

Detonation Overview

Reported

2023-03-18 10:08

Signatures

N/A

Analysis: behavioral1

Detonation Overview

Submitted

2023-03-18 10:08

Reported

2023-03-18 10:11

Platform

win7-20230220-en

Max time kernel

142s

Max time network

152s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe"

Signatures

BazarBackdoor

backdoor bazarbackdoor

Bazar/Team9 Backdoor payload

Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A

Downloads MZ/PE file

Loads dropped DLL

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
N/A N/A C:\Users\Admin\AppData\Local\Temp\jre-windows.exe N/A
N/A N/A N/A N/A

Reads user/profile data of web browsers

spyware stealer

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates connected drives

Description Indicator Process Target
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
File opened (read-only) \??\D: C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Enumerates physical storage devices

Modifies Internet Explorer settings

adware spyware
Description Indicator Process Target
Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A
Key created \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main C:\Users\Admin\AppData\Local\Temp\jds7193736.tmp\jre-windows.exe N/A

Modifies system certificate store

evasion spyware trojan
Description Indicator Process Target
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe N/A
Key created \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A
Set value (data) \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe N/A

Suspicious use of WriteProcessMemory

Description Indicator Process Target
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1740 wrote to memory of 1104 N/A C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 1104 wrote to memory of 652 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 652 wrote to memory of 1900 N/A C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1900 wrote to memory of 1736 N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1876 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1660 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 1620 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1620 wrote to memory of 1060 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2484 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
PID 1736 wrote to memory of 2564 N/A C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe" "__IRCT:3" "__IRTSS:23742686" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x70b724a8,0x70b724b8,0x70b724c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1736 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230318111006" --session-guid=ea013d92-412a-4da7-92bb-4b1ab2b9ddbe --server-tracking-blob=ZGNhNGVhOWRlNTU3MDE3YThhNGEyOTMzYjM5ZTQ2ODk0MjE3ZWY1Y2FmYjM5ZjJjMzZjZTU3NWVkNWJiNDMwMTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc5MTM0MjA0LjA5MjUiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6IjA0ZDRhMjAyLTE1NWUtNGQwNi04ODhmLTQyZTEyNjU1MDUwNSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2003000000000000

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x700d24a8,0x700d24b8,0x700d24c4

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe"

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe" --version

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x1046c28,0x1046c38,0x1046c44

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1

C:\Users\Admin\AppData\Local\Temp\jds7193736.tmp\jre-windows.exe

"C:\Users\Admin\AppData\Local\Temp\jds7193736.tmp\jre-windows.exe" "STATIC=1"

Network

Country Destination Domain Proto
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.234.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 net.geo.opera.com udp
NL 185.26.182.112:443 net.geo.opera.com tcp
US 8.8.8.8:53 desktop-netinstaller-sub.osp.opera.software udp
US 8.8.8.8:53 autoupdate.geo.opera.com udp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
NL 82.145.216.20:443 autoupdate.geo.opera.com tcp
US 8.8.8.8:53 download.opera.com udp
NL 185.26.182.117:443 download.opera.com tcp
US 8.8.8.8:53 features.opera-api2.com udp
NL 82.145.216.15:443 features.opera-api2.com tcp
US 8.8.8.8:53 download5.operacdn.com udp
US 104.18.3.211:443 download5.operacdn.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 javadl.oracle.com udp
NL 69.192.71.29:80 javadl.oracle.com tcp
NL 69.192.71.29:443 javadl.oracle.com tcp
US 8.8.8.8:53 sdlc-esd.oracle.com udp
NL 173.223.112.78:443 sdlc-esd.oracle.com tcp
NL 82.145.217.121:443 desktop-netinstaller-sub.osp.opera.software tcp
US 8.8.8.8:53 javadl-esd-secure.oracle.com udp
NL 104.98.135.185:443 javadl-esd-secure.oracle.com tcp
US 8.8.8.8:53 rps-svcs.oracle.com udp
NL 104.98.135.185:443 rps-svcs.oracle.com tcp

Files

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

memory/1740-69-0x0000000002D20000-0x0000000003108000-memory.dmp

memory/1740-71-0x0000000002D20000-0x0000000003108000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/1104-73-0x00000000010F0000-0x00000000014D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/1104-366-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1104-367-0x0000000000530000-0x0000000000533000-memory.dmp

memory/1104-368-0x00000000010F0000-0x00000000014D8000-memory.dmp

memory/1104-369-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1740-374-0x0000000002D20000-0x0000000003108000-memory.dmp

memory/1740-375-0x0000000002D20000-0x0000000003108000-memory.dmp

memory/1104-386-0x00000000010F0000-0x00000000014D8000-memory.dmp

memory/1104-387-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG

MD5 0a5ce0278bbd9bead2d6f375925d0539
SHA1 64dd04e97d2fdadcaeb4932a24849f6d51630e42
SHA256 c89f6cd8120e32f17040dcc56d49f8e8722dc504e53c549cc534093a20939fde
SHA512 a4b02168e6f850587e0db9d3236b4269a38a925d1ebe301f4755a19de4e945fc14d85707cb5dfaf672935843be5d777bdb7cc01a3fa95c99e9a64a7d835b664d

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG

MD5 04aab6c7b7826a2b6f51b650a7521a1f
SHA1 6d799f12a11ea635bbd9e416e8873dfdf54af57b
SHA256 4ba9621905723a3f00d1978ec65df8f0ca6366a62924fda94f7d25b031181777
SHA512 85758224ce7127ad9cef659184fa8bccc87e886270195ceeb6a6c229c2a1326bd201604c302bb959d35d72654097651c65f8c4a6963ffb4e97f75d2579fa74b6

memory/1104-409-0x00000000010F0000-0x00000000014D8000-memory.dmp

memory/1104-410-0x0000000010000000-0x0000000010051000-memory.dmp

memory/1104-411-0x00000000010F0000-0x00000000014D8000-memory.dmp

memory/1104-427-0x00000000010F0000-0x00000000014D8000-memory.dmp

memory/1104-428-0x0000000010000000-0x0000000010051000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG

MD5 77942ad4995e0d60ba9cd6bb1e57d2a5
SHA1 a2b6a5e0a4be873cbbcfcd76337244ccc4f5f7b6
SHA256 6f7826d544b5b82e639e374fdcf06b544451106cd0e796e1347c7972def94217
SHA512 5e714a7cf78c156cc38ce952d8c4b87d6afec1ace25f9c0a7453f8321cbbcbba0958d0e28e66b2c142dadbe2ef8ffac39479e9b62317fa38bc89f00fe2221f31

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG46.PNG

MD5 bbb86d9285a2b5005038b3969064fd93
SHA1 411a1691260b98f7109ebdf8df4c076155055ca9
SHA256 967777f39c7353a35af2ab4c8df193c8e73d9cec03ff30973a6c628088900315
SHA512 b4dc7648dbee08841825e5a2bbdfa770fb8c1efcf0106ab25cd1c616339588d49f99f6fdbff5dce7e4fb39be6cd0a8ef6013b6ef143bea8789003ca87008ee6a

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

memory/1104-481-0x0000000002E90000-0x0000000002EA0000-memory.dmp

memory/652-483-0x0000000002B50000-0x0000000002F38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/652-485-0x0000000002B50000-0x0000000002F38000-memory.dmp

memory/652-484-0x0000000002B50000-0x0000000002F38000-memory.dmp

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/1900-488-0x0000000000F30000-0x0000000001318000-memory.dmp

memory/652-486-0x0000000002B50000-0x0000000002F38000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

memory/1104-490-0x00000000010F0000-0x00000000014D8000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\setuparguments.ini

MD5 d3dd4f683780701612502436fb25d812
SHA1 ed6d09b2a690b842bc4c047e2291caa651ddc4d4
SHA256 4ca3c80d1a50b2f3942736d0f9c633c3de99fedd2b962b526423368914652e28
SHA512 d12251e984ae1c91e365166b45ac3e66d503bce9f7ff616d719e09973312f522cf9e4d577213c584709b8b1521b29f028e57d4628c3cbb37fd15eaf6308c1012

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat

MD5 aec508468d53ab8d55f5b4beb82c347d
SHA1 477d1ffb28834243f5811a4a2a54b4f0ca240120
SHA256 ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf
SHA512 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe

MD5 52e46b1adf9cd40428b41755df527bd4
SHA1 5f0bb9c9c14208851beb5c93d9268c16ab39dc07
SHA256 a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13
SHA512 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669

\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe

MD5 5027f3112ac2d6f764769102a9145c8e
SHA1 a369a0e1d4ace1a8d66908aa43543bea03c76f5b
SHA256 d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c
SHA512 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110033891736.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110040601876.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110055111660.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110055111660.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

memory/1660-546-0x0000000000840000-0x0000000000D85000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110063691620.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe

MD5 e2106d353fde506e0dc47e841b594e87
SHA1 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4
SHA256 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012
SHA512 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6

\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110066961060.dll

MD5 927a01657c6bee50ca093ffcfdc9134a
SHA1 f7e484a777affe3c6227a2be0a6560111e1be8f9
SHA256 b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9
SHA512 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 ebb6f39e5c104eb8df25c450b701f980
SHA1 9dd2b5e3f76ea1c4d39da2c110310aaa3fa916e1
SHA256 48519f7ad391efc0ddc775f1a85f1fd72103d7525507c37d5794d507156d0307
SHA512 e8b81343e072f90e423d69d8ccce563c701081ddfeddbf1e2b660cff50a242d7fb8a60a15e09c8a0c58d1535e0fc640e1b272290077eac743420fb17a732b377

C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat

MD5 ebb6f39e5c104eb8df25c450b701f980
SHA1 9dd2b5e3f76ea1c4d39da2c110310aaa3fa916e1
SHA256 48519f7ad391efc0ddc775f1a85f1fd72103d7525507c37d5794d507156d0307
SHA512 e8b81343e072f90e423d69d8ccce563c701081ddfeddbf1e2b660cff50a242d7fb8a60a15e09c8a0c58d1535e0fc640e1b272290077eac743420fb17a732b377

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 ab6366f03f42dad7a90c502023733fed
SHA1 482b7637b532d2731eac2bb92df0b6b0cd6a1939
SHA256 00e07a4b42b438cea58e8a9c81db349a672d06e850670c835a4212838e4cd900
SHA512 41aa5315fa889b68ad447cd6f6baef3b9903b51e6d0167882e7d99942081f1ab1fb07e6a74753fc5ab6ea370c07af1480f6cba46bdceede8a29ccc617e817fe5

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565

MD5 a2e4d0b929bb626a863c6a9c4ef9ce81
SHA1 09ac3865261c99b3d62e375f5cc9b7cf012f6522
SHA256 9f5e3a67e5a7487b0fc87f14057cdf140a5056f672390c1a4317814217a74b39
SHA512 7d23ccee5ff98208e15dd190dfd71a9abfc32ec7c9e116908e476da0258f052413457b13c3bf99ff165337ea5eeb6a80a904e7f45561d4539166c19eb9e93c29

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015

MD5 a559c75a016be4d28ab7a7e98808cf0f
SHA1 566d65b678159ae705daeb55599a6bad41569555
SHA256 d6abbf08ef338d4380d3cf7314102dec5e033f9b884fe778d77c2fbacb72e278
SHA512 eade5683c66c37b705cce85f97cdf3111224e60a97d77a29c8003e729f4991583c52db1a6aa22af9eeb39931f4fae22ffaf66e94485cb14f2012e7ae424e358a

C:\Users\Admin\AppData\Local\Temp\Tar5BAB.tmp

MD5 73b4b714b42fc9a6aaefd0ae59adb009
SHA1 efdaffd5b0ad21913d22001d91bf6c19ecb4ac41
SHA256 c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd
SHA512 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd

C:\Users\Admin\AppData\Local\Temp\Cab5B99.tmp

MD5 fc4666cbca561e864e7fdf883a9e6661
SHA1 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5
SHA256 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b
SHA512 c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d

C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe

MD5 f08d9bbc61cff8e8c3504524c3220bef
SHA1 b4268c667469620bb528c04eaa819d508159b398
SHA256 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb
SHA512 a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG

MD5 9fddfa14072fabea18ae4a035d325e33
SHA1 e901005bc13111ea44f675bb1b38f270b085f9f7
SHA256 22df55a531ad1629836f44b5020f34b34d1ff07d38a63db43fd8ef2ec09feb6d
SHA512 745a5dee942089f8a5961ff88f21b72ec3af7fafbf6c6c75df057f5d11b14052d1bffe4dd391b5998fbaf0966a775eb4feb9069942fc4f6c84fee505999e3425

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG

MD5 91785fce056a122bac89a98f06af96df
SHA1 6b9744b90937444f7fc2c28fa5b1c222557fe4b5
SHA256 de9c89053f795767d014b40614a1fd38613ee4c04f2e7584c55c6c73870f7c0f
SHA512 f7adfb3122cb036889cd0e341e0a0c82240e0e0a407c7582e10ba5aaaf94deec190f85ed0dbdd258dfd62be0628bc5022c437eb361e7bab0289abb574f2358ce

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 ab51798ba381f806d8aa0bb7d3ee3681
SHA1 a3447933eb54726309831fbc7c0d24342caee566
SHA256 750e793affb682abe66654ccdd530cb0d04d9621193a310b3aad3f60dc16b8d9
SHA512 8fb795cabc2219e9126252342a8238b1063b91ca0842872393ac2ad2507914d96600dcd84242de7741bd57cf72e3befb6627b2b080f01f106fc2bd5d9a9aa345

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG

MD5 47003171b0d1d426a4b0c243d6d61f33
SHA1 1aeb6d6b83cb899d26802f564b624551c53334b4
SHA256 d930264b51138a3c993aa7edf3c0285df49c8a30d66e41ef6e51a7a0343e3a89
SHA512 915630b307517cafd3c3709f2c0181f33d5105fbf0078dd3a1b3d7225c797d9a473f6a76fc8242639c1b5c15828e0625ea7b6ae3bf9d108f059a95a99e4fcb4d

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG

MD5 32e2b3ea6f5a27b51b804b03843c7ca6
SHA1 4e678b4d72f33bd4fa930401be3efd66fbf363d4
SHA256 8e968fbc253d37c52bf83d0e7726aee83fb8eddedf659731257e2f267347bce0
SHA512 575b036745df21bfcef772e6290e3a9e44845db6a28179fbb162d4a54618c8852a3014a138aba115482cb0d6a976f8c39cf921b02005a760a51c26fc8997bb43

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG

MD5 916240d9971d1fc6bedc88010c7ae001
SHA1 8c4906879c6681a61ca52d2b5e459bcd81bea0f6
SHA256 9a0a9a4aa639381032dd8ac097866b19c559a53501d3c2452801e316f2695a31
SHA512 730cadf9eaf955e4629ebf893d2237b08ac528086ff72355596bd760cf15e41a84f7f3afae3b1b872537c437a6ea52b56fb770ecfd6848d6aa57d28525f8daa7

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG

MD5 850f59f4a5abe0d3485a148971134723
SHA1 719efe66cd784a6da7fa5b4d8c270f692a57de19
SHA256 e3fe5bff2b68bc5150b15e12b25067f21736e8a31ad45242abc947c783fffe2f
SHA512 64e47af80c3a775b6b1a77b70eef3c50da9244f9a99ce9aaa846b86afb736434b7f7b71e5ddd48344005f65a6fa6e84081fb6013cccf372b7eaf2f60fc67e67d

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP

MD5 0b445ace8798426e7185f52b7b7b6d1e
SHA1 7a77b46e0848cc9b32283ccb3f91a18c0934c079
SHA256 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6
SHA512 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG

MD5 926bef63745a4509526e65d5c60a73fd
SHA1 3bf538113194de549b25be80b53b0b1b8576769c
SHA256 b9e840be108b6b06c7f30d17785154980c0e7655ce27f0cb77637d2dcf0084dc
SHA512 9e3c2381a1d090b22af38f27093f1b8ed84800deb6ff91980cea08eb75209e596ba2dba6819d1f79b1619a23407cb12fce79eb7f0bb5d524dacc69809ba37278

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG

MD5 e8d56aaa5306ab8c1f98501c6620f59e
SHA1 1a9f5029689402ee039fefb8307d5f94db1727f4
SHA256 d1b4c9b95313d5ac7f85cec7bb986e7353e676b81c618883b7e74765a1f6f111
SHA512 17d90fb31123ab2308e50b3f2de3981e5fd84420731c94980c083f55804e7930a0ced82faebb7e44868e86ffd4da3538f6b3ec4188f92a4224e2546522b5a6a6

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG

MD5 c1bfe5f0b8b74dbbae017e6c8baddadb
SHA1 16adcc0516f19451cd1fb27e4c531696bddf8a85
SHA256 39a8365512688fd5517956b59fa83a8196d7ab01cdf043c8dbbe867e8dcf53b6
SHA512 4330a8cc84c014f8189a49a5b56aed36494c3c72550fb3aef70f6dc802fdb03385bdcee3e5c047ecbf334eb78afd24b1b5627a68a92b737c16a3e9ed3d8e30f5

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG

MD5 09831aecec902670753033f352f4ed91
SHA1 bb3f73656912b398be336817e1af309f186b81d8
SHA256 fbf81419194d889dc3e3cd83cfd6077c88ff1f9f83097cb994daca90405e266c
SHA512 0a8d476f10d873d8206ea267b39ebb28ec6faf87f9991bec2dd57d1fdeb949b42196e7392991c83c2b3defcc7187bfdee00c24657501f2791367e6f48921e58b

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG

MD5 970cc701c3b2bb4b51152cee033a9c56
SHA1 d8ca55ca4df931de7b2d213befab66be8cd09270
SHA256 6b318a1bb1fed17c423e7ebdb00700fbed625f6302eb498ff66f67b6ddf064a9
SHA512 55a6bd0a09c29b9d643ed17186ac267154da71be0405a102b51581ecfe6e932dbca86694b43843f02dd25c3cc750346027c5e1fc5b4a455529a20cdec3c1ee20

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG124.PNG

MD5 10c772af771b4a66071baaed44524c13
SHA1 66fb98f63a96b7bf78ae05e6974002e33b963bb4
SHA256 2fcaed62302c7b6216d923dee9ac9b6dd2060597d88bf3557c582571e840266a
SHA512 bebfd45a0b2b5822139ccd8f83a90ef882a08883f01cfe9fd11c8f68632512f728df10778c2b003912951537be9141c949dc6ef1a8851598cceeab04a005f456

C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml

MD5 4f3a61d57bece6285bca426e3c00baf3
SHA1 44ff5d449d78669b3ed380dd11132ed5d222aa4a
SHA256 da8f68ba7c1c97676ca8160a5f760e613105736bd34e3caab72b8557a1454f55
SHA512 0dcdb6614824432ab6431ba6f09201e1dafef15d3aba7de3400cbf73034a875c5bf0bdae94a074acd4799d8ab37978e8d091fa86144d41aaa2e64bc6315287c4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG

MD5 b5aad713a58dad9ba81e57c60654727f
SHA1 e4235836ecf0b5f20673ecfd02e8ea6058474c80
SHA256 9565c84d9dbc68abde134446dcd335f11a26073b5ad47216449d2f0e96a150c4
SHA512 2ff2ea11eca3ffe7f34afad49d5c3b0c11a3ee0e16d158c1f0b0cf481598c4970ee47c0a234ca3f69ae603829f4945a5e6d3b5eb709910510cecb7934999e158

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG

MD5 9dfdde005d90036d0a51b97fdfa02e7f
SHA1 26a848e697ab4a5c0b5046822a8006eef209309d
SHA256 ec213c7a114335e8fcd8f69f4cede38ea39e42f13ff43ad1d078d78af1604063
SHA512 237cbfb2fa082ae7a071d429997e22e976df4dc62788d492ccd787549f4ad809d41917a1a17fb76f764a0860e1bd2b54911284cffaa94e940f021207f172266e

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG

MD5 6cfda96c24d2884705c70312b63256ea
SHA1 d47dbd295745854e26328718e3d8655106408f31
SHA256 446944a836b0c53ae99b327412faa4aa03c213bc1984ed0d8542afe9b783bafd
SHA512 4a6419e4127cb1938df87ef6858dec800d2c557538127c45342463378f662a963d0ce3c073425a482b800fae9a0b9edbbdc1105b46c45158aaf86f8c999a17a1

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015

MD5 e71c8443ae0bc2e282c73faead0a6dd3
SHA1 0c110c1b01e68edfacaeae64781a37b1995fa94b
SHA256 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72
SHA512 b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6

C:\Users\Admin\AppData\Local\Temp\Tar9D7A.tmp

MD5 be2bec6e8c5653136d3e72fe53c98aa3
SHA1 a8182d6db17c14671c3d5766c72e58d87c0810de
SHA256 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd
SHA512 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\opera_package

MD5 6b7771354e081eb94cdbf7627799da4f
SHA1 199341a750443cc6e9b2b2fa1e657d0dd327711f
SHA256 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab
SHA512 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\additional_file0.tmp

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe

MD5 b386cdcb413405daa8219af8e4cbd318
SHA1 ce275ff8514fef0629c915a6ee7b5ac481b9043d
SHA256 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e
SHA512 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe

MD5 2f3d9e21e232b9bfea064d3b2264db06
SHA1 bafddc657d8d1bb531683b29b0342cc065ee51d2
SHA256 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d
SHA512 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5

C:\Users\Admin\AppData\Local\Temp\jre-windows.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

\Users\Admin\AppData\Local\Temp\jre-windows.exe

MD5 7542ec421a2f6e90751e8b64c22e0542
SHA1 d207d221a28ede5c2c8415f82c555989aa7068ba
SHA256 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6
SHA512 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 2e0595055d1e7bd459383dbdda9bc06a
SHA1 05306d9d0742d54f27d12ee33095ae5629de10ee
SHA256 f87972ddecb125075c64d3441c2076d6a38fe6e6806cf6379ecddf8622afb884
SHA512 c93f870f8619e1c05bcf488fe35afbda4b23de3d8aa625dd059999a4e4265375bf5cb67ebc1bf5a26258e8fadc2fa1bea5001329d3c3a4d4dc5cb54d50961dfb

C:\Users\Admin\AppData\Local\Temp\jusched.log

MD5 e740bb44eb3a63c964a21c21f43d0497
SHA1 555f56f0eebe6e515af5b111c1dc5271c117b704
SHA256 33271fa09fa435e129970bff24ac4871d9c5e553d09d74588e5e2571c918b65a
SHA512 4826101c216a2a5427f46c9361576ef235c07cf3808e106a7ce62ae6fd5803d16071ffc255ab5824b4e65d7f2b8df879f85ae9f9e244fbf26319f709b3888035

Analysis: behavioral2

Detonation Overview

Submitted

2023-03-18 10:08

Reported

2023-03-18 10:11

Platform

win10v2004-20230220-en

Max time kernel

142s

Max time network

120s

Command Line

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe"

Signatures

Checks computer location settings

Description Indicator Process Target
Key value queried \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe N/A

Executes dropped EXE

Description Indicator Process Target
N/A N/A C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe N/A

UPX packed file

upx
Description Indicator Process Target
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A
N/A N/A N/A N/A

Checks installed software on the system

discovery

Enumerates physical storage devices

Processes

C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe

"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe"

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe" "__IRCT:3" "__IRTSS:23742686" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"

Network

Country Destination Domain Proto
US 8.8.8.8:53 104.219.191.52.in-addr.arpa udp
US 8.8.8.8:53 76.38.195.152.in-addr.arpa udp
US 8.8.8.8:53 140.145.190.20.in-addr.arpa udp
US 8.8.8.8:53 210.81.184.52.in-addr.arpa udp
US 8.8.8.8:53 dl2.tlauncher.org udp
US 104.20.235.70:443 dl2.tlauncher.org tcp
US 8.8.8.8:53 70.235.20.104.in-addr.arpa udp
US 8.8.8.8:53 206.23.85.13.in-addr.arpa udp
US 8.8.8.8:53 176.122.125.40.in-addr.arpa udp
US 20.189.173.4:443 tcp
US 93.184.221.240:80 tcp
NL 173.223.113.164:443 tcp
NL 173.223.113.131:80 tcp
US 204.79.197.203:80 tcp
US 8.8.8.8:53 202.74.101.95.in-addr.arpa udp
US 8.8.8.8:53 45.8.109.52.in-addr.arpa udp

Files

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe

MD5 771e04cbe88ca3d9dcba71d583c20800
SHA1 60b981afefc93524d16764631d78fb15a5e604d1
SHA256 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5
SHA512 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll

MD5 80d93d38badecdd2b134fe4699721223
SHA1 e829e58091bae93bc64e0c6f9f0bac999cfda23d
SHA256 c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59
SHA512 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4

memory/3612-273-0x0000000000440000-0x0000000000828000-memory.dmp

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico

MD5 e043a9cb014d641a56f50f9d9ac9a1b9
SHA1 61dc6aed3d0d1f3b8afe3d161410848c565247ed
SHA256 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946
SHA512 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd

MD5 da1d0cd400e0b6ad6415fd4d90f69666
SHA1 de9083d2902906cacf57259cf581b1466400b799
SHA256 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575
SHA512 f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd

MD5 1bbf5dd0b6ca80e4c7c77495c3f33083
SHA1 e0520037e60eb641ec04d1e814394c9da0a6a862
SHA256 bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b
SHA512 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab

memory/3612-441-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3612-442-0x00000000069D0000-0x00000000069D3000-memory.dmp

memory/3612-457-0x0000000000440000-0x0000000000828000-memory.dmp

memory/3612-458-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3612-465-0x0000000000440000-0x0000000000828000-memory.dmp

memory/3612-482-0x0000000010000000-0x0000000010051000-memory.dmp

memory/3612-484-0x0000000010000000-0x0000000010051000-memory.dmp