Analysis Overview
SHA256
a4ff6ac33f545c591a3974d52f83f751abbba7b3ad33bc0b47611dcd620cd8db
Threat Level: Known bad
The file TLauncher-2.876-Installer-1.0.7.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Downloads MZ/PE file
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
Executes dropped EXE
Checks computer location settings
Checks installed software on the system
Enumerates connected drives
Enumerates physical storage devices
Modifies Internet Explorer settings
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Modifies system certificate store
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-18 10:08
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-18 10:08
Reported
2023-03-18 10:11
Platform
win7-20230220-en
Max time kernel
142s
Max time network
152s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Enumerates physical storage devices
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-3430344531-3702557399-3004411149-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds7193736.tmp\jre-windows.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe" "__IRCT:3" "__IRTSS:23742686" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-3430344531-3702557399-3004411149-1000"
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x70b724a8,0x70b724b8,0x70b724c4
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1736 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230318111006" --session-guid=ea013d92-412a-4da7-92bb-4b1ab2b9ddbe --server-tracking-blob=ZGNhNGVhOWRlNTU3MDE3YThhNGEyOTMzYjM5ZTQ2ODk0MjE3ZWY1Y2FmYjM5ZjJjMzZjZTU3NWVkNWJiNDMwMTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc5MTM0MjA0LjA5MjUiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6IjA0ZDRhMjAyLTE1NWUtNGQwNi04ODhmLTQyZTEyNjU1MDUwNSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=2003000000000000
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x700d24a8,0x700d24b8,0x700d24c4
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe" --version
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0x1046c28,0x1046c38,0x1046c44
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
C:\Users\Admin\AppData\Local\Temp\jds7193736.tmp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jds7193736.tmp\jre-windows.exe" "STATIC=1"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.234.70:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.112:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.117:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 82.145.216.15:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.3.211:443 | download5.operacdn.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NL | 69.192.71.29:80 | javadl.oracle.com | tcp |
| NL | 69.192.71.29:443 | javadl.oracle.com | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| NL | 173.223.112.78:443 | sdlc-esd.oracle.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| NL | 104.98.135.185:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| NL | 104.98.135.185:443 | rps-svcs.oracle.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
memory/1740-69-0x0000000002D20000-0x0000000003108000-memory.dmp
memory/1740-71-0x0000000002D20000-0x0000000003108000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/1104-73-0x00000000010F0000-0x00000000014D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
memory/1104-366-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1104-367-0x0000000000530000-0x0000000000533000-memory.dmp
memory/1104-368-0x00000000010F0000-0x00000000014D8000-memory.dmp
memory/1104-369-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1740-374-0x0000000002D20000-0x0000000003108000-memory.dmp
memory/1740-375-0x0000000002D20000-0x0000000003108000-memory.dmp
memory/1104-386-0x00000000010F0000-0x00000000014D8000-memory.dmp
memory/1104-387-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
| MD5 | 0a5ce0278bbd9bead2d6f375925d0539 |
| SHA1 | 64dd04e97d2fdadcaeb4932a24849f6d51630e42 |
| SHA256 | c89f6cd8120e32f17040dcc56d49f8e8722dc504e53c549cc534093a20939fde |
| SHA512 | a4b02168e6f850587e0db9d3236b4269a38a925d1ebe301f4755a19de4e945fc14d85707cb5dfaf672935843be5d777bdb7cc01a3fa95c99e9a64a7d835b664d |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
| MD5 | 04aab6c7b7826a2b6f51b650a7521a1f |
| SHA1 | 6d799f12a11ea635bbd9e416e8873dfdf54af57b |
| SHA256 | 4ba9621905723a3f00d1978ec65df8f0ca6366a62924fda94f7d25b031181777 |
| SHA512 | 85758224ce7127ad9cef659184fa8bccc87e886270195ceeb6a6c229c2a1326bd201604c302bb959d35d72654097651c65f8c4a6963ffb4e97f75d2579fa74b6 |
memory/1104-409-0x00000000010F0000-0x00000000014D8000-memory.dmp
memory/1104-410-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1104-411-0x00000000010F0000-0x00000000014D8000-memory.dmp
memory/1104-427-0x00000000010F0000-0x00000000014D8000-memory.dmp
memory/1104-428-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
| MD5 | 77942ad4995e0d60ba9cd6bb1e57d2a5 |
| SHA1 | a2b6a5e0a4be873cbbcfcd76337244ccc4f5f7b6 |
| SHA256 | 6f7826d544b5b82e639e374fdcf06b544451106cd0e796e1347c7972def94217 |
| SHA512 | 5e714a7cf78c156cc38ce952d8c4b87d6afec1ace25f9c0a7453f8321cbbcbba0958d0e28e66b2c142dadbe2ef8ffac39479e9b62317fa38bc89f00fe2221f31 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG46.PNG
| MD5 | bbb86d9285a2b5005038b3969064fd93 |
| SHA1 | 411a1691260b98f7109ebdf8df4c076155055ca9 |
| SHA256 | 967777f39c7353a35af2ab4c8df193c8e73d9cec03ff30973a6c628088900315 |
| SHA512 | b4dc7648dbee08841825e5a2bbdfa770fb8c1efcf0106ab25cd1c616339588d49f99f6fdbff5dce7e4fb39be6cd0a8ef6013b6ef143bea8789003ca87008ee6a |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
memory/1104-481-0x0000000002E90000-0x0000000002EA0000-memory.dmp
memory/652-483-0x0000000002B50000-0x0000000002F38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/652-485-0x0000000002B50000-0x0000000002F38000-memory.dmp
memory/652-484-0x0000000002B50000-0x0000000002F38000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/1900-488-0x0000000000F30000-0x0000000001318000-memory.dmp
memory/652-486-0x0000000002B50000-0x0000000002F38000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
memory/1104-490-0x00000000010F0000-0x00000000014D8000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
| MD5 | d3dd4f683780701612502436fb25d812 |
| SHA1 | ed6d09b2a690b842bc4c047e2291caa651ddc4d4 |
| SHA256 | 4ca3c80d1a50b2f3942736d0f9c633c3de99fedd2b962b526423368914652e28 |
| SHA512 | d12251e984ae1c91e365166b45ac3e66d503bce9f7ff616d719e09973312f522cf9e4d577213c584709b8b1521b29f028e57d4628c3cbb37fd15eaf6308c1012 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
| MD5 | aec508468d53ab8d55f5b4beb82c347d |
| SHA1 | 477d1ffb28834243f5811a4a2a54b4f0ca240120 |
| SHA256 | ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf |
| SHA512 | 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110033891736.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110040601876.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
C:\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110055111660.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110055111660.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
memory/1660-546-0x0000000000840000-0x0000000000D85000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110063691620.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | e2106d353fde506e0dc47e841b594e87 |
| SHA1 | 6b33fca8a7f6ebbe50720ee5523bfc2bf30335c4 |
| SHA256 | 4f976dd636ad988725a3bef9981e3df076025da326d5deee3da8c22547b0c012 |
| SHA512 | 368f2ff1012660c281d3c819151b6662495d077c04beed2b8d36e814b7275aecfbe14f0ac9cdb0633a8cee9b9b7acf63665b6fc6019ce83d495d3f3f8363c8f6 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303181110066961060.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | ebb6f39e5c104eb8df25c450b701f980 |
| SHA1 | 9dd2b5e3f76ea1c4d39da2c110310aaa3fa916e1 |
| SHA256 | 48519f7ad391efc0ddc775f1a85f1fd72103d7525507c37d5794d507156d0307 |
| SHA512 | e8b81343e072f90e423d69d8ccce563c701081ddfeddbf1e2b660cff50a242d7fb8a60a15e09c8a0c58d1535e0fc640e1b272290077eac743420fb17a732b377 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | ebb6f39e5c104eb8df25c450b701f980 |
| SHA1 | 9dd2b5e3f76ea1c4d39da2c110310aaa3fa916e1 |
| SHA256 | 48519f7ad391efc0ddc775f1a85f1fd72103d7525507c37d5794d507156d0307 |
| SHA512 | e8b81343e072f90e423d69d8ccce563c701081ddfeddbf1e2b660cff50a242d7fb8a60a15e09c8a0c58d1535e0fc640e1b272290077eac743420fb17a732b377 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | ab6366f03f42dad7a90c502023733fed |
| SHA1 | 482b7637b532d2731eac2bb92df0b6b0cd6a1939 |
| SHA256 | 00e07a4b42b438cea58e8a9c81db349a672d06e850670c835a4212838e4cd900 |
| SHA512 | 41aa5315fa889b68ad447cd6f6baef3b9903b51e6d0167882e7d99942081f1ab1fb07e6a74753fc5ab6ea370c07af1480f6cba46bdceede8a29ccc617e817fe5 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | a2e4d0b929bb626a863c6a9c4ef9ce81 |
| SHA1 | 09ac3865261c99b3d62e375f5cc9b7cf012f6522 |
| SHA256 | 9f5e3a67e5a7487b0fc87f14057cdf140a5056f672390c1a4317814217a74b39 |
| SHA512 | 7d23ccee5ff98208e15dd190dfd71a9abfc32ec7c9e116908e476da0258f052413457b13c3bf99ff165337ea5eeb6a80a904e7f45561d4539166c19eb9e93c29 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | a559c75a016be4d28ab7a7e98808cf0f |
| SHA1 | 566d65b678159ae705daeb55599a6bad41569555 |
| SHA256 | d6abbf08ef338d4380d3cf7314102dec5e033f9b884fe778d77c2fbacb72e278 |
| SHA512 | eade5683c66c37b705cce85f97cdf3111224e60a97d77a29c8003e729f4991583c52db1a6aa22af9eeb39931f4fae22ffaf66e94485cb14f2012e7ae424e358a |
C:\Users\Admin\AppData\Local\Temp\Tar5BAB.tmp
| MD5 | 73b4b714b42fc9a6aaefd0ae59adb009 |
| SHA1 | efdaffd5b0ad21913d22001d91bf6c19ecb4ac41 |
| SHA256 | c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd |
| SHA512 | 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd |
C:\Users\Admin\AppData\Local\Temp\Cab5B99.tmp
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | f08d9bbc61cff8e8c3504524c3220bef |
| SHA1 | b4268c667469620bb528c04eaa819d508159b398 |
| SHA256 | 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb |
| SHA512 | a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
| MD5 | 9fddfa14072fabea18ae4a035d325e33 |
| SHA1 | e901005bc13111ea44f675bb1b38f270b085f9f7 |
| SHA256 | 22df55a531ad1629836f44b5020f34b34d1ff07d38a63db43fd8ef2ec09feb6d |
| SHA512 | 745a5dee942089f8a5961ff88f21b72ec3af7fafbf6c6c75df057f5d11b14052d1bffe4dd391b5998fbaf0966a775eb4feb9069942fc4f6c84fee505999e3425 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
| MD5 | 91785fce056a122bac89a98f06af96df |
| SHA1 | 6b9744b90937444f7fc2c28fa5b1c222557fe4b5 |
| SHA256 | de9c89053f795767d014b40614a1fd38613ee4c04f2e7584c55c6c73870f7c0f |
| SHA512 | f7adfb3122cb036889cd0e341e0a0c82240e0e0a407c7582e10ba5aaaf94deec190f85ed0dbdd258dfd62be0628bc5022c437eb361e7bab0289abb574f2358ce |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | ab51798ba381f806d8aa0bb7d3ee3681 |
| SHA1 | a3447933eb54726309831fbc7c0d24342caee566 |
| SHA256 | 750e793affb682abe66654ccdd530cb0d04d9621193a310b3aad3f60dc16b8d9 |
| SHA512 | 8fb795cabc2219e9126252342a8238b1063b91ca0842872393ac2ad2507914d96600dcd84242de7741bd57cf72e3befb6627b2b080f01f106fc2bd5d9a9aa345 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG
| MD5 | 47003171b0d1d426a4b0c243d6d61f33 |
| SHA1 | 1aeb6d6b83cb899d26802f564b624551c53334b4 |
| SHA256 | d930264b51138a3c993aa7edf3c0285df49c8a30d66e41ef6e51a7a0343e3a89 |
| SHA512 | 915630b307517cafd3c3709f2c0181f33d5105fbf0078dd3a1b3d7225c797d9a473f6a76fc8242639c1b5c15828e0625ea7b6ae3bf9d108f059a95a99e4fcb4d |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
| MD5 | 32e2b3ea6f5a27b51b804b03843c7ca6 |
| SHA1 | 4e678b4d72f33bd4fa930401be3efd66fbf363d4 |
| SHA256 | 8e968fbc253d37c52bf83d0e7726aee83fb8eddedf659731257e2f267347bce0 |
| SHA512 | 575b036745df21bfcef772e6290e3a9e44845db6a28179fbb162d4a54618c8852a3014a138aba115482cb0d6a976f8c39cf921b02005a760a51c26fc8997bb43 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG
| MD5 | 916240d9971d1fc6bedc88010c7ae001 |
| SHA1 | 8c4906879c6681a61ca52d2b5e459bcd81bea0f6 |
| SHA256 | 9a0a9a4aa639381032dd8ac097866b19c559a53501d3c2452801e316f2695a31 |
| SHA512 | 730cadf9eaf955e4629ebf893d2237b08ac528086ff72355596bd760cf15e41a84f7f3afae3b1b872537c437a6ea52b56fb770ecfd6848d6aa57d28525f8daa7 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
| MD5 | 850f59f4a5abe0d3485a148971134723 |
| SHA1 | 719efe66cd784a6da7fa5b4d8c270f692a57de19 |
| SHA256 | e3fe5bff2b68bc5150b15e12b25067f21736e8a31ad45242abc947c783fffe2f |
| SHA512 | 64e47af80c3a775b6b1a77b70eef3c50da9244f9a99ce9aaa846b86afb736434b7f7b71e5ddd48344005f65a6fa6e84081fb6013cccf372b7eaf2f60fc67e67d |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
| MD5 | 0b445ace8798426e7185f52b7b7b6d1e |
| SHA1 | 7a77b46e0848cc9b32283ccb3f91a18c0934c079 |
| SHA256 | 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6 |
| SHA512 | 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
| MD5 | 926bef63745a4509526e65d5c60a73fd |
| SHA1 | 3bf538113194de549b25be80b53b0b1b8576769c |
| SHA256 | b9e840be108b6b06c7f30d17785154980c0e7655ce27f0cb77637d2dcf0084dc |
| SHA512 | 9e3c2381a1d090b22af38f27093f1b8ed84800deb6ff91980cea08eb75209e596ba2dba6819d1f79b1619a23407cb12fce79eb7f0bb5d524dacc69809ba37278 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
| MD5 | e8d56aaa5306ab8c1f98501c6620f59e |
| SHA1 | 1a9f5029689402ee039fefb8307d5f94db1727f4 |
| SHA256 | d1b4c9b95313d5ac7f85cec7bb986e7353e676b81c618883b7e74765a1f6f111 |
| SHA512 | 17d90fb31123ab2308e50b3f2de3981e5fd84420731c94980c083f55804e7930a0ced82faebb7e44868e86ffd4da3538f6b3ec4188f92a4224e2546522b5a6a6 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
| MD5 | c1bfe5f0b8b74dbbae017e6c8baddadb |
| SHA1 | 16adcc0516f19451cd1fb27e4c531696bddf8a85 |
| SHA256 | 39a8365512688fd5517956b59fa83a8196d7ab01cdf043c8dbbe867e8dcf53b6 |
| SHA512 | 4330a8cc84c014f8189a49a5b56aed36494c3c72550fb3aef70f6dc802fdb03385bdcee3e5c047ecbf334eb78afd24b1b5627a68a92b737c16a3e9ed3d8e30f5 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
| MD5 | 09831aecec902670753033f352f4ed91 |
| SHA1 | bb3f73656912b398be336817e1af309f186b81d8 |
| SHA256 | fbf81419194d889dc3e3cd83cfd6077c88ff1f9f83097cb994daca90405e266c |
| SHA512 | 0a8d476f10d873d8206ea267b39ebb28ec6faf87f9991bec2dd57d1fdeb949b42196e7392991c83c2b3defcc7187bfdee00c24657501f2791367e6f48921e58b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG
| MD5 | 970cc701c3b2bb4b51152cee033a9c56 |
| SHA1 | d8ca55ca4df931de7b2d213befab66be8cd09270 |
| SHA256 | 6b318a1bb1fed17c423e7ebdb00700fbed625f6302eb498ff66f67b6ddf064a9 |
| SHA512 | 55a6bd0a09c29b9d643ed17186ac267154da71be0405a102b51581ecfe6e932dbca86694b43843f02dd25c3cc750346027c5e1fc5b4a455529a20cdec3c1ee20 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG124.PNG
| MD5 | 10c772af771b4a66071baaed44524c13 |
| SHA1 | 66fb98f63a96b7bf78ae05e6974002e33b963bb4 |
| SHA256 | 2fcaed62302c7b6216d923dee9ac9b6dd2060597d88bf3557c582571e840266a |
| SHA512 | bebfd45a0b2b5822139ccd8f83a90ef882a08883f01cfe9fd11c8f68632512f728df10778c2b003912951537be9141c949dc6ef1a8851598cceeab04a005f456 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 4f3a61d57bece6285bca426e3c00baf3 |
| SHA1 | 44ff5d449d78669b3ed380dd11132ed5d222aa4a |
| SHA256 | da8f68ba7c1c97676ca8160a5f760e613105736bd34e3caab72b8557a1454f55 |
| SHA512 | 0dcdb6614824432ab6431ba6f09201e1dafef15d3aba7de3400cbf73034a875c5bf0bdae94a074acd4799d8ab37978e8d091fa86144d41aaa2e64bc6315287c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
| MD5 | b5aad713a58dad9ba81e57c60654727f |
| SHA1 | e4235836ecf0b5f20673ecfd02e8ea6058474c80 |
| SHA256 | 9565c84d9dbc68abde134446dcd335f11a26073b5ad47216449d2f0e96a150c4 |
| SHA512 | 2ff2ea11eca3ffe7f34afad49d5c3b0c11a3ee0e16d158c1f0b0cf481598c4970ee47c0a234ca3f69ae603829f4945a5e6d3b5eb709910510cecb7934999e158 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
| MD5 | 9dfdde005d90036d0a51b97fdfa02e7f |
| SHA1 | 26a848e697ab4a5c0b5046822a8006eef209309d |
| SHA256 | ec213c7a114335e8fcd8f69f4cede38ea39e42f13ff43ad1d078d78af1604063 |
| SHA512 | 237cbfb2fa082ae7a071d429997e22e976df4dc62788d492ccd787549f4ad809d41917a1a17fb76f764a0860e1bd2b54911284cffaa94e940f021207f172266e |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
| MD5 | 6cfda96c24d2884705c70312b63256ea |
| SHA1 | d47dbd295745854e26328718e3d8655106408f31 |
| SHA256 | 446944a836b0c53ae99b327412faa4aa03c213bc1984ed0d8542afe9b783bafd |
| SHA512 | 4a6419e4127cb1938df87ef6858dec800d2c557538127c45342463378f662a963d0ce3c073425a482b800fae9a0b9edbbdc1105b46c45158aaf86f8c999a17a1 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | e71c8443ae0bc2e282c73faead0a6dd3 |
| SHA1 | 0c110c1b01e68edfacaeae64781a37b1995fa94b |
| SHA256 | 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72 |
| SHA512 | b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6 |
C:\Users\Admin\AppData\Local\Temp\Tar9D7A.tmp
| MD5 | be2bec6e8c5653136d3e72fe53c98aa3 |
| SHA1 | a8182d6db17c14671c3d5766c72e58d87c0810de |
| SHA256 | 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd |
| SHA512 | 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\additional_file0.tmp
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303181110061\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
\Users\Admin\AppData\Local\Temp\jre-windows.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 2e0595055d1e7bd459383dbdda9bc06a |
| SHA1 | 05306d9d0742d54f27d12ee33095ae5629de10ee |
| SHA256 | f87972ddecb125075c64d3441c2076d6a38fe6e6806cf6379ecddf8622afb884 |
| SHA512 | c93f870f8619e1c05bcf488fe35afbda4b23de3d8aa625dd059999a4e4265375bf5cb67ebc1bf5a26258e8fadc2fa1bea5001329d3c3a4d4dc5cb54d50961dfb |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | e740bb44eb3a63c964a21c21f43d0497 |
| SHA1 | 555f56f0eebe6e515af5b111c1dc5271c117b704 |
| SHA256 | 33271fa09fa435e129970bff24ac4871d9c5e553d09d74588e5e2571c918b65a |
| SHA512 | 4826101c216a2a5427f46c9361576ef235c07cf3808e106a7ce62ae6fd5803d16071ffc255ab5824b4e65d7f2b8df879f85ae9f9e244fbf26319f709b3888035 |
Analysis: behavioral2
Detonation Overview
Submitted
2023-03-18 10:08
Reported
2023-03-18 10:11
Platform
win10v2004-20230220-en
Max time kernel
142s
Max time network
120s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-144354903-2550862337-1367551827-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 1384 wrote to memory of 3612 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
| PID 1384 wrote to memory of 3612 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
| PID 1384 wrote to memory of 3612 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7.exe" "__IRCT:3" "__IRTSS:23742686" "__IRSID:S-1-5-21-144354903-2550862337-1367551827-1000"
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | 104.219.191.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 140.145.190.20.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 210.81.184.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.235.70:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 70.235.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 206.23.85.13.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 176.122.125.40.in-addr.arpa | udp |
| US | 20.189.173.4:443 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| NL | 173.223.113.164:443 | tcp | |
| NL | 173.223.113.131:80 | tcp | |
| US | 204.79.197.203:80 | tcp | |
| US | 8.8.8.8:53 | 202.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 45.8.109.52.in-addr.arpa | udp |
Files
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 771e04cbe88ca3d9dcba71d583c20800 |
| SHA1 | 60b981afefc93524d16764631d78fb15a5e604d1 |
| SHA256 | 40836ee064ef2c3c1f66c1ee903d6ee510e7350fe5050e346fb2580f22bbc7c5 |
| SHA512 | 1b0e8e229a265a1843b508f75829c387cd41a827ea4bc5af289afdf7ef15d15be4e973f8960a82ea11beadadcb2fe05581c8ee7c496a2afdbd8d70bb17deb007 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/3612-273-0x0000000000440000-0x0000000000828000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
memory/3612-441-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3612-442-0x00000000069D0000-0x00000000069D3000-memory.dmp
memory/3612-457-0x0000000000440000-0x0000000000828000-memory.dmp
memory/3612-458-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3612-465-0x0000000000440000-0x0000000000828000-memory.dmp
memory/3612-482-0x0000000010000000-0x0000000010051000-memory.dmp
memory/3612-484-0x0000000010000000-0x0000000010051000-memory.dmp