Analysis Overview
SHA256
78d84068b47cf28b76c88ba4474c7c187510f4e4e967d079d3761dcab7851655
Threat Level: Known bad
The file TLauncher-2.876-Installer-1.0.7-global.exe was found to be: Known bad.
Malicious Activity Summary
BazarBackdoor
Bazar/Team9 Backdoor payload
Blocklisted process makes network request
Downloads MZ/PE file
Executes dropped EXE
Reads user/profile data of web browsers
Registers COM server for autorun
Checks computer location settings
Loads dropped DLL
UPX packed file
Checks installed software on the system
Installs/modifies Browser Helper Object
Enumerates connected drives
Drops file in System32 directory
Drops file in Program Files directory
Drops file in Windows directory
Enumerates physical storage devices
Modifies data under HKEY_USERS
Modifies system certificate store
Modifies Internet Explorer settings
Checks processor information in registry
Suspicious behavior: GetForegroundWindowSpam
Suspicious use of AdjustPrivilegeToken
Modifies registry class
Suspicious use of SetWindowsHookEx
Suspicious use of WriteProcessMemory
MITRE ATT&CK Matrix V6
Analysis: static1
Detonation Overview
Reported
2023-03-19 18:10
Signatures
Analysis: behavioral1
Detonation Overview
Submitted
2023-03-19 18:10
Reported
2023-03-19 18:28
Platform
win7-20230220-en
Max time kernel
166s
Max time network
996s
Command Line
Signatures
BazarBackdoor
Bazar/Team9 Backdoor payload
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Blocklisted process makes network request
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Windows\system32\msiexec.exe | N/A |
Downloads MZ/PE file
Executes dropped EXE
Loads dropped DLL
Reads user/profile data of web browsers
Registers COM server for autorun
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0279-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0072-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0119-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0215-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0080-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0339-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0022-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0032-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0229-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0084-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0184-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0078-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0274-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0299-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0056-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0083-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0156-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0216-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0204-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0199-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0032-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0183-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0074-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0064-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0113-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0119-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0223-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0081-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0001-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0070-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0074-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0066-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0267-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0099-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0053-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0138-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0049-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0076-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0035-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0037-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0071-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0140-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0073-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0086-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates connected drives
| Description | Indicator | Process | Target |
| File opened (read-only) | \??\S: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\T: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\U: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Z: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\H: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\I: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\J: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\L: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\N: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\P: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Q: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\R: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\G: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\V: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\A: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\E: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\F: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\K: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\O: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\X: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\Y: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| File opened (read-only) | \??\B: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\M: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\W: | C:\Windows\system32\msiexec.exe | N/A |
| File opened (read-only) | \??\D: | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Installs/modifies Browser Helper Object
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}\NoExplorer = "1" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Drops file in System32 directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\system32\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Drops file in Program Files directory
| Description | Indicator | Process | Target |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\dom.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\mesa3d.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\cmm\GRAY.pf | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_HK.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\instrument.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jpeg.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\resource.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\verify.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\charsets.pack | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\THIRDPARTYLICENSEREADME.txt | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\msvcp140.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\localedata.pack | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\[email protected] | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-namedpipe-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npdeployJava1.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\gstreamer-lite.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\javacpl.cpl | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\fonts\LucidaSansRegular.ttf | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-memory-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-heap-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\orbd.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\calendars.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jfxmedia.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-file-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\xerces.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\sunec.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\security\policy\unlimited\local_policy.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\win32_MoveNoDrop32x32.gif | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\sound.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\prism_d3d.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\tnameserv.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\javafx\jpeg_fx.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\cmm\LINEAR_RGB.pf | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\jabswitch.exe | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\relaxngom.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_zh_CN.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\images\cursors\cursors.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-debug-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-sysinfo-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-process-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-crt-time-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\flavormap.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\rt.jar | C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-console-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\colorimaging.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\deploy\messages_es.properties | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\meta-index | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jfr\default.jfc | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-processenvironment-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-rtlsupport-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\WindowsAccessBridge-64.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jce.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\fxplugins.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\javafx\webkit.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\amd64\jvm.cfg | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\jfxswt.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-synch-l1-1-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\psfont.properties.ja | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\security\public_suffix_list.dat | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\meta-index | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\api-ms-win-core-console-l1-2-0.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\bin\prism_sw.dll | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\legal\jdk\pkcs11cryptotoken.md | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| File created | C:\Program Files\Java\jre1.8.0_351\lib\ext\cldrdata.jar | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Drops file in Windows directory
| Description | Indicator | Process | Target |
| File created | C:\Windows\Installer\6de620.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\ | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\6de61c.msi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI4B5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6de61e.ipi | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSIF70.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI13A5.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File opened for modification | C:\Windows\Installer\MSI13E4.tmp | C:\Windows\system32\msiexec.exe | N/A |
| File created | C:\Windows\Installer\6de61c.msi | C:\Windows\system32\msiexec.exe | N/A |
Enumerates physical storage devices
Checks processor information in registry
| Description | Indicator | Process | Target |
| Key opened | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0 | C:\Windows\system32\msiexec.exe | N/A |
| Key value queried | \REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\ProcessorNameString | C:\Windows\system32\msiexec.exe | N/A |
Modifies Internet Explorer settings
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppName = "javaws.exe" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\AppPath = "C:\\Program Files\\Java\\jre1.8.0_351\\bin" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (int) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284}\Policy = "0" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| Key created | \REGISTRY\USER\S-1-5-21-2647223082-2067913677-935928954-1000\Software\Microsoft\Internet Explorer\Main | C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5852F5ED-8BF4-11D4-A245-0080C6F74284} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Modifies data under HKEY_USERS
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0165-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_165" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0292-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0307-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0328-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0083-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0114-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0115-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0298-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0036-ABCDEFFEDCBA}\ = "Java Plug-in 1.3.1_36" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0042-ABCDEFFEDCBC}\ = "Java Plug-in 1.5.0_42" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0170-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0210-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0291-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0033-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0063-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0332-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0033-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0121-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0238-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0039-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0098-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0240-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0244-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0068-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0055-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0051-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0256-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_256" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0282-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0045-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_45" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0098-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0312-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0125-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0195-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0136-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0162-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0048-ABCDEFFEDCBB}\ = "Java Plug-in 1.6.0_48" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0046-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0086-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0275-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0302-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_04" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0064-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0071-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0096-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0162-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_162" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0195-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0045-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0102-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\USER\.DEFAULT\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0030-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Modifies registry class
| Description | Indicator | Process | Target |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0151-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0020-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0157-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0041-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0164-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0053-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0153-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_153" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0304-ABCDEFFEDCBB}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0012-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0072-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0080-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0040-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBC}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0055-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_55" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_04" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0003-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\jnlps | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0068-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0125-ABCDEFFEDCBB}\ = "Java Plug-in 1.7.0_125" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0300-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0056-ABCDEFFEDCBA}\ = "Java Plug-in 1.5.0_56" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0043-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0145-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_145" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0068-ABCDEFFEDCBC}\ = "Java Plug-in 1.7.0_68" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_05" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0085-ABCDEFFEDCBA}\ = "Java Plug-in 1.4.2_85" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0039-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0147-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0071-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0165-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0170-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0258-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0074-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0062-ABCDEFFEDCBC}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0171-ABCDEFFEDCBA}\ = "Java Plug-in 1.7.0_171" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0307-ABCDEFFEDCBA}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}\ = "Java Plug-in 1.3.1_28" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBB}\INPROCSERVER32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0200-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0043-ABCDEFFEDCBA} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0172-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_172" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0209-ABCDEFFEDCBA}\ = "Java Plug-in 1.6.0_209" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0182-ABCDEFFEDCBA}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0124-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0201-ABCDEFFEDCBC}\InprocServer32 | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0220-ABCDEFFEDCBA}\InprocServer32\ThreadingModel = "Apartment" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0015-ABCDEFFEDCBC}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0129-ABCDEFFEDCBC} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0090-ABCDEFFEDCBC}\ = "Java Plug-in 1.6.0_90" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Key deleted | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0017-0000-0051-ABCDEFFEDCBB} | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
| Set value (str) | \REGISTRY\MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0092-ABCDEFFEDCBB}\InprocServer32\ = "C:\\Program Files\\Java\\jre1.8.0_351\\bin\\jp2iexp.dll" | C:\Program Files\Java\jre1.8.0_351\installer.exe | N/A |
Modifies system certificate store
| Description | Indicator | Process | Target |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436 | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\A8985D3A65E5E5C4B2D7D66D40C6DD2FB19C5436\Blob = 04000000010000001000000079e4a9840d7d3a96d7c04fe2434c892e0f0000000100000014000000b34ddd372ed92e8f2abfbb9e20a9d31f204f194b090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000003de503556d14cbb66f0a3e21b1bc397b23dd1550b00000001000000120000004400690067006900430065007200740000001d000000010000001000000059779e39e21a2e3dfced6857ed5c5fd9030000000100000014000000a8985d3a65e5e5c4b2d7d66d40c6dd2fb19c54361900000001000000100000000f3a0527d242de2dc98e5cfcb1e991ee2000000001000000b3030000308203af30820297a0030201020210083be056904246b1a1756ac95991c74a300d06092a864886f70d01010505003061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3061310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d3120301e06035504031317446967694365727420476c6f62616c20526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100e23be11172dea8a4d3a357aa50a28f0b7790c9a2a5ee12ce965b010920cc0193a74e30b753f743c46900579de28d22dd870640008109cece1b83bfdfcd3b7146e2d666c705b37627168f7b9e1e957deeb748a308dad6af7a0c3906657f4a5d1fbc17f8abbeee28d7747f7a78995985686e5c23324bbf4ec0e85a6de370bf7710bffc01f685d9a844105832a97518d5d1a2be47e2276af49a33f84908608bd45fb43a84bfa1aa4a4c7d3ecf4f5f6c765ea04b37919edc22e66dce141a8e6acbfecdb3146417c75b299e32bff2eefad30b42d4abb74132da0cd4eff881d5bb8d583fb51be84928a270da3104ddf7b216f24c0a4e07a8ed4a3d5eb57fa390c3af270203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041403de503556d14cbb66f0a3e21b1bc397b23dd155301f0603551d2304183016801403de503556d14cbb66f0a3e21b1bc397b23dd155300d06092a864886f70d01010505000382010100cb9c37aa4813120afadd449c4f52b0f4dfae04f5797908a32418fc4b2b84c02db9d5c7fef4c11f58cbb86d9c7a74e79829ab11b5e370a0a1cd4c8899938c9170e2ab0f1cbe93a9ff63d5e40760d3a3bf9d5b09f1d58ee353f48e63fa3fa7dbb466df6266d6d16e418df22db5ea774a9f9d58e22b59c04023ed2d2882453e7954922698e08048a837eff0d6796016deace80ecd6eac4417382f49dae1453e2ab93653cf3a5006f72ee8c457496c612118d504ad783c2c3a806ba7ebaf1514e9d889c1b9386ce2916c8aff64b977255730c01b24a3e1dce9df477cb5b424080530ec2dbd0bbf45bf50b9a9f3eb980112adc888c698345f8d0a3cc6e9d595956dde | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\D4DE20D05E66FC53FE1A50882C78DB2852CAE474\Blob = 040000000100000010000000acb694a59c17e0d791529bb19706a6e40f0000000100000014000000ce0e658aa3e847e467a147b3049191093d055e6f0b0000000100000034000000420061006c00740069006d006f007200650020004300790062006500720054007200750073007400200052006f006f007400000053000000010000002400000030223020060a2b06010401b13e01640130123010060a2b0601040182373c0101030200c0140000000100000014000000e59d5930824758ccacfa085436867b3ab5044df01d0000000100000010000000918ad43a9475f78bb5243de886d8103c09000000010000000c000000300a06082b06010505070301030000000100000014000000d4de20d05e66fc53fe1a50882c78db2852cae47419000000010000001000000068cb42b035ea773e52ef50ecf50ec52920000000010000007b030000308203773082025fa0030201020204020000b9300d06092a864886f70d0101050500305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f74301e170d3030303531323138343630305a170d3235303531323233353930305a305a310b300906035504061302494531123010060355040a130942616c74696d6f726531133011060355040b130a43796265725472757374312230200603550403131942616c74696d6f7265204379626572547275737420526f6f7430820122300d06092a864886f70d01010105000382010f003082010a0282010100a304bb22ab983d57e826729ab579d429e2e1e89580b1b0e35b8e2b299a64dfa15dedb009056ddb282ece62a262feb488da12eb38eb219dc0412b01527b8877d31c8fc7bab988b56a09e773e81140a7d1ccca628d2de58f0ba650d2a850c328eaf5ab25878a9a961ca967b83f0cd5f7f952132fc21bd57070f08fc012ca06cb9ae1d9ca337a77d6f8ecb9f16844424813d2c0c2a4ae5e60feb6a605fcb4dd075902d459189863f5a563e0900c7d5db2067af385eaebd403ae5e843e5fff15ed69bcf939367275cf77524df3c9902cb93de5c923533f1f2498215c079929bdc63aece76e863a6b97746333bd681831f0788d76bffc9e8e5d2a86a74d90dc271a390203010001a3453043301d0603551d0e04160414e59d5930824758ccacfa085436867b3ab5044df030120603551d130101ff040830060101ff020103300e0603551d0f0101ff040403020106300d06092a864886f70d01010505000382010100850c5d8ee46f51684205a0ddbb4f27258403bdf764fd2dd730e3a41017ebda2929b6793f76f6191323b8100af958a4d46170bd04616a128a17d50abdc5bc307cd6e90c258d86404feccca37e38c637114feddd68318e4cd2b30174eebe755e07481a7f70ff165c84c07985b805fd7fbe6511a30fc002b4f852373904d5a9317a18bfa02af41299f7a34582e33c5ef59d9eb5c89e7c2ec8a49e4e08144b6dfd706d6b1a63bd64e61fb7cef0f29f2ebb1bb7f250887392c2e2e3168d9a3202ab8e18dde91011ee7e35ab90af3e30947ad0333da7650ff5fc8e9e62cf47442c015dbb1db532d247d2382ed0fe81dc326a1eb5ee3cd5fce7811d19c32442ea6339a9 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Key created | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 0f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d432000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 190000000100000010000000749966cecc95c1874194ca7203f9b6200300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d431d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0b000000010000001200000044006900670069004300650072007400000014000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b060105050703080f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa62000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
| Set value (data) | \REGISTRY\MACHINE\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43\Blob = 04000000010000001000000087ce0b7b2a0e4900e158719b37a893720f00000001000000140000006dca5bd00dcf1c0f327059d374b29ca6e3c50aa6090000000100000034000000303206082b0601050507030106082b0601050507030206082b0601050507030406082b0601050507030306082b0601050507030814000000010000001400000045eba2aff492cb82312d518ba7a7219df36dc80f0b00000001000000120000004400690067006900430065007200740000001d00000001000000100000004f5f106930398d09107b40c3c7ca8f1c0300000001000000140000000563b8630d62d75abbc8ab1e4bdfb5a899b24d43190000000100000010000000749966cecc95c1874194ca7203f9b6202000000001000000bb030000308203b73082029fa00302010202100ce7e0e517d846fe8fe560fc1bf03039300d06092a864886f70d01010505003065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f74204341301e170d3036313131303030303030305a170d3331313131303030303030305a3065310b300906035504061302555331153013060355040a130c446967694365727420496e6331193017060355040b13107777772e64696769636572742e636f6d312430220603550403131b4469676943657274204173737572656420494420526f6f7420434130820122300d06092a864886f70d01010105000382010f003082010a0282010100ad0e15cee443805cb187f3b760f97112a5aedc269488aaf4cef520392858600cf880daa9159532613cb5b128848a8adc9f0a0c83177a8f90ac8ae779535c31842af60f98323676ccdedd3ca8a2ef6afb21f25261df9f20d71fe2b1d9fe1864d2125b5ff9581835bc47cda136f96b7fd4b0383ec11bc38c33d9d82f18fe280fb3a783d6c36e44c061359616fe599c8b766dd7f1a24b0d2bff0b72da9e60d08e9035c678558720a1cfe56d0ac8497c3198336c22e987d0325aa2ba138211ed39179d993a72a1e6faa4d9d5173175ae857d22ae3f014686f62879c8b1dae45717c47e1c0eb0b492a656b3bdb297edaaa7f0b7c5a83f9516d0ffa196eb085f18774f0203010001a3633061300e0603551d0f0101ff040403020186300f0603551d130101ff040530030101ff301d0603551d0e0416041445eba2aff492cb82312d518ba7a7219df36dc80f301f0603551d2304183016801445eba2aff492cb82312d518ba7a7219df36dc80f300d06092a864886f70d01010505000382010100a20ebcdfe2edf0e372737a6494bff77266d832e4427562ae87ebf2d5d9de56b39fccce1428b90d97605c124c58e4d33d834945589735691aa847ea56c679ab12d8678184df7f093c94e6b8262c20bd3db32889f75fff22e297841fe965ef87e0dfc16749b35debb2092aeb26ed78be7d3f2bf3b726356d5f8901b6495b9f01059bab3d25c1ccb67fc2f16f86c6fa6468eb812d94eb42b7fa8c1edd62f1be5067b76cbdf3f11f6b0c3607167f377ca95b6d7af112466083d72704be4bce97bec3672a6811df80e70c3366bf130d146ef37f1f63101efa8d1b256d6c8fa5b76101b1d2a326a110719dade2c3f9c39951b72b0708ce2ee650b2a7fa0a452fa2f0f2 | C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe | N/A |
Suspicious behavior: GetForegroundWindowSpam
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe | N/A |
Suspicious use of AdjustPrivilegeToken
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe | N/A |
Suspicious use of WriteProcessMemory
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-2647223082-2067913677-935928954-1000"
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
"C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe" /S:C:\Users\Admin\AppData\Local\Temp\setuparguments.ini __IRAOFF:1816338 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe" "__IRCT:3" "__IRTSS:1840798" "__IRSID:S-1-5-21-2647223082-2067913677-935928954-1000"
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --silent --allusers=0
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1a4,0x1a8,0x1ac,0x178,0x1b0,0x718824a8,0x718824b8,0x718824c4
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe" --version
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.80 --initial-client-data=0x1b0,0x1b4,0x1b8,0x178,0x1bc,0x70de24a8,0x70de24b8,0x70de24c4
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
"C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe" --backend --install --import-browser-data=0 --enable-stats=1 --enable-installer-stats=1 --consent-given=0 --general-interests=0 --general-location=0 --personalized-content=0 --personalized-ads=0 --launchopera=1 --installfolder="C:\Users\Admin\AppData\Local\Programs\Opera" --profile-folder --language=en --singleprofile=0 --copyonly=0 --allusers=0 --setdefaultbrowser=1 --pintotaskbar=1 --pintostartmenu=1 --run-at-startup=1 --server-tracking-data=server_tracking_data --initial-pid=1092 --package-dir-prefix="C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_20230319191146" --session-guid=54d1da6d-7905-4329-8549-b7539aa237ac --server-tracking-blob=OGE3OWM2ZTMyNmNhYWU3OWU1NmEyNjE0MWY1MTI0OWE5ZDZiNDAxOThhMjJiODcxMDc5ZWZiZTg0N2MyOGU0OTp7ImNvdW50cnkiOiJJTiIsImluc3RhbGxlcl9uYW1lIjoiT3BlcmFTZXR1cC5leGUiLCJwcm9kdWN0Ijp7Im5hbWUiOiJvcGVyYSJ9LCJxdWVyeSI6Ii9vcGVyYS9zdGFibGUvd2luZG93cz91dG1fbWVkaXVtPWFwYiZ1dG1fc291cmNlPU1TVEwmdXRtX2NhbXBhaWduPU9wZXJhRGVza3RvcCIsInN5c3RlbSI6eyJwbGF0Zm9ybSI6eyJhcmNoIjoieDg2XzY0Iiwib3BzeXMiOiJXaW5kb3dzIiwib3BzeXMtdmVyc2lvbiI6IjciLCJwYWNrYWdlIjoiRVhFIn19LCJ0aW1lc3RhbXAiOiIxNjc5MjQ5NTAwLjc3NTkiLCJ1c2VyYWdlbnQiOiJTZXR1cCBGYWN0b3J5IDkuMCIsInV0bSI6eyJjYW1wYWlnbiI6Ik9wZXJhRGVza3RvcCIsIm1lZGl1bSI6ImFwYiIsInNvdXJjZSI6Ik1TVEwifSwidXVpZCI6ImYyOTFiOGY0LTYyOWQtNDg2OS1hYzQxLTI1Y2FmNDk2YWRhYSJ9 --silent --desktopshortcut=1 --wait-for-package --initial-proc-handle=1003000000000000
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jre-windows.exe" STATIC=1
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\_sfx.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\_sfx.exe"
C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe
"C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe" "STATIC=1"
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\assistant_installer.exe" --type=crashpad-handler /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports" "--crash-count-file=C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\crash_count.txt" --url=https://crashstats-collector.opera.com/collector/submit --annotation=channel=Stable --annotation=plat=Win32 --annotation=prod=OperaDesktop --annotation=ver=96.0.4693.50 --initial-client-data=0x148,0x14c,0x150,0x11c,0x154,0xa66c28,0xa66c38,0xa66c44
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\assistant_installer.exe
"C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\assistant_installer.exe" --version
C:\Windows\system32\msiexec.exe
C:\Windows\system32\msiexec.exe /V
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding B74943C718B2FC7685126EBBDFD99691
C:\Program Files\Java\jre1.8.0_351\installer.exe
"C:\Program Files\Java\jre1.8.0_351\installer.exe" /s INSTALLDIR="C:\Program Files\Java\jre1.8.0_351\\" STATIC=1 INSTALL_SILENT=1 REPAIRMODE=0 ProductCode={26A24AE4-039D-4CA4-87B4-2F64180351F0}
C:\ProgramData\Oracle\Java\installcache_x64\7218837.tmp\bspatch.exe
"bspatch.exe" baseimagefam8 newimage diff
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/plugin.pack" "C:\Program Files\Java\jre1.8.0_351\lib/plugin.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/javaws.pack" "C:\Program Files\Java\jre1.8.0_351\lib/javaws.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/deploy.pack" "C:\Program Files\Java\jre1.8.0_351\lib/deploy.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/rt.pack" "C:\Program Files\Java\jre1.8.0_351\lib/rt.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/jsse.pack" "C:\Program Files\Java\jre1.8.0_351\lib/jsse.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/charsets.pack" "C:\Program Files\Java\jre1.8.0_351\lib/charsets.jar"
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
"C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe" -r "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.pack" "C:\Program Files\Java\jre1.8.0_351\lib/ext/localedata.jar"
C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe
"C:\Program Files\Java\jre1.8.0_351\bin\javaw.exe" -Xshare:dump -Djdk.disableLastUsageTracking
C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe
"C:\Program Files\Java\jre1.8.0_351\bin\ssvagent.exe" -doHKCUSSVSetup
C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -permissions -silent
C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtcGVybWlzc2lvbnMALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a19758,0x7fef5a19768,0x7fef5a19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xbc,0xc0,0xc4,0x90,0xc8,0x7fef5a19758,0x7fef5a19768,0x7fef5a19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a19758,0x7fef5a19768,0x7fef5a19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a19758,0x7fef5a19768,0x7fef5a19778
C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe
"C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe" -wait -fix -shortcut -silent
C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe
"C:\Program Files\Java\jre1.8.0_351\bin\jp2launcher.exe" -secure -javaws -jre "C:\Program Files\Java\jre1.8.0_351" -vma LWNsYXNzcGF0aABDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxkZXBsb3kuamFyAC1EamF2YS5zZWN1cml0eS5wb2xpY3k9ZmlsZTpDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxzZWN1cml0eVxqYXZhd3MucG9saWN5AC1EdHJ1c3RQcm94eT10cnVlAC1YdmVyaWZ5OnJlbW90ZQAtRGpubHB4LmhvbWU9QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxiaW4ALURqYXZhLnNlY3VyaXR5Lm1hbmFnZXIALURzdW4uYXd0Lndhcm11cD10cnVlAC1YYm9vdGNsYXNzcGF0aC9hOkM6XFByb2dyYW0gRmlsZXNcSmF2YVxqcmUxLjguMF8zNTFcbGliXGphdmF3cy5qYXI7QzpcUHJvZ3JhbSBGaWxlc1xKYXZhXGpyZTEuOC4wXzM1MVxsaWJcZGVwbG95LmphcjtDOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGxpYlxwbHVnaW4uamFyAC1EamF2YS5hd3QuaGVhZGxlc3M9dHJ1ZQAtRGpubHB4Lmp2bT1DOlxQcm9ncmFtIEZpbGVzXEphdmFcanJlMS44LjBfMzUxXGJpblxqYXZhdy5leGU= -ma LXdhaXQALWZpeAAtc2hvcnRjdXQALXNpbGVudAAtbm90V2ViSmF2YQ==
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=crashpad-handler "--user-data-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler "--database=C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad" "--metrics-dir=C:\Users\Admin\AppData\Local\Google\Chrome\User Data" --url=https://clients2.google.com/cr/report --annotation=channel= --annotation=plat=Win64 --annotation=prod=Chrome --annotation=ver=106.0.5249.119 --initial-client-data=0xc0,0xc4,0xc8,0x94,0xcc,0x7fef5a19758,0x7fef5a19768,0x7fef5a19778
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1136 --field-trial-handle=1164,i,6845832363776769319,102526453003872135,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1364 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1088 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1068 --field-trial-handle=1200,i,14315218456676183508,9513826086345696498,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1484 --field-trial-handle=1164,i,6845832363776769319,102526453003872135,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1300 --field-trial-handle=980,i,647079678092498085,16684496494492795554,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1180 --field-trial-handle=980,i,647079678092498085,16684496494492795554,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1420 --field-trial-handle=1200,i,14315218456676183508,9513826086345696498,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=664 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Windows\system32\MsiExec.exe
C:\Windows\system32\MsiExec.exe -Embedding 32C203D746DB9E54C973E871DCCCDDCF M Global\MSI0000
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --first-renderer-process --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --mojo-platform-channel-handle=2176 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe
"C:\Program Files\Google\Chrome\Application\106.0.5249.119\elevation_service.exe"
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --mojo-platform-channel-handle=2196 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1020 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1260 --field-trial-handle=1400,i,10820169088564671703,7743833336752024565,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --mojo-platform-channel-handle=1060 --field-trial-handle=1400,i,10820169088564671703,7743833336752024565,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1692 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-US --service-sandbox-type=utility --mojo-platform-channel-handle=2516 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=gpu-process --gpu-preferences=UAAAAAAAAADgAAAYAAAAAAAAAAAAAAAAAABgAAAAAAAwAAAAAAAAAAAAAAAQAAAAAAAAAAAAAAAAAAAAAAAAAEgAAAAAAAAASAAAAAAAAAAYAAAAAgAAABAAAAAAAAAAGAAAAAAAAAAQAAAAAAAAAAAAAAAOAAAAEAAAAAAAAAABAAAADgAAAAgAAAAAAAAACAAAAAAAAAA= --use-gl=angle --use-angle=swiftshader-webgl --mojo-platform-channel-handle=2656 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:2
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=renderer --display-capture-permissions-policy-allowed --enable-chrome-cart --disable-gpu-compositing --lang=en-US --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=12 --mojo-platform-channel-handle=3232 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:1
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3684 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3692 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=3572 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=data_decoder.mojom.DataDecoderService --lang=en-US --service-sandbox-type=service --mojo-platform-channel-handle=1380 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
C:\Program Files\Google\Chrome\Application\chrome.exe
"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=chrome.mojom.UtilWin --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2768 --field-trial-handle=1392,i,2101905636073533460,495224253697746797,131072 /prefetch:8
Network
| Country | Destination | Domain | Proto |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.235.70:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | net.geo.opera.com | udp |
| NL | 185.26.182.111:443 | net.geo.opera.com | tcp |
| US | 8.8.8.8:53 | autoupdate.geo.opera.com | udp |
| US | 8.8.8.8:53 | desktop-netinstaller-sub.osp.opera.software | udp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.216.20:443 | autoupdate.geo.opera.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | features.opera-api2.com | udp |
| NL | 185.26.182.93:443 | features.opera-api2.com | tcp |
| US | 8.8.8.8:53 | download.opera.com | udp |
| NL | 185.26.182.122:443 | download.opera.com | tcp |
| US | 8.8.8.8:53 | download5.operacdn.com | udp |
| US | 104.18.2.211:443 | download5.operacdn.com | tcp |
| US | 8.8.8.8:53 | javadl.oracle.com | udp |
| NL | 23.206.103.83:80 | javadl.oracle.com | tcp |
| NL | 23.206.103.83:443 | javadl.oracle.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | sdlc-esd.oracle.com | udp |
| NL | 173.223.112.78:443 | sdlc-esd.oracle.com | tcp |
| NL | 82.145.217.121:443 | desktop-netinstaller-sub.osp.opera.software | tcp |
| US | 8.8.8.8:53 | javadl-esd-secure.oracle.com | udp |
| NL | 23.222.50.60:443 | javadl-esd-secure.oracle.com | tcp |
| US | 8.8.8.8:53 | rps-svcs.oracle.com | udp |
| NL | 23.222.50.60:443 | rps-svcs.oracle.com | tcp |
| US | 8.8.8.8:53 | www.java.com | udp |
| NL | 95.101.74.137:443 | www.java.com | tcp |
| N/A | 224.0.0.251:5353 | udp | |
| US | 8.8.8.8:53 | apis.google.com | udp |
| NL | 172.217.168.206:443 | apis.google.com | udp |
| US | 8.8.8.8:53 | beacons.gcp.gvt2.com | udp |
| GB | 216.58.208.99:443 | beacons.gcp.gvt2.com | tcp |
Files
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
memory/1944-68-0x0000000002E40000-0x0000000003228000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
memory/1944-167-0x0000000002E40000-0x0000000003228000-memory.dmp
memory/1456-172-0x0000000001090000-0x0000000001478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
memory/1456-365-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1456-366-0x0000000000590000-0x0000000000593000-memory.dmp
memory/1456-367-0x0000000001090000-0x0000000001478000-memory.dmp
memory/1456-368-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1944-383-0x0000000002E40000-0x0000000003228000-memory.dmp
memory/1456-384-0x0000000001090000-0x0000000001478000-memory.dmp
memory/1456-386-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1456-388-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG3.PNG
| MD5 | 05d7bba3d6ac92766c4495b8928202a6 |
| SHA1 | 50b65a8ba5ed2633e43929ee4bd58c95a91a3363 |
| SHA256 | 4804f3c4fae714657fdb85e98244828acc6ac938505c2da1ed694ae7b58f2949 |
| SHA512 | 1544d5cd6f85aaeeacd26f2deb9da9eb510226b41079ee78c4dede14386e5ea3446efdfd475bfbfa3a6846fa2ff23d64f4dad3a4ddd304e32de80e4d7bcbc600 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG2.PNG
| MD5 | 5a7901f7df307fba45b1c377f2c94ccc |
| SHA1 | d6630cf733033cdfbda7af3213d49b32f5b06919 |
| SHA256 | d8471d5a5b4792c4b49e80b5cb22ef1e938dc3069b210646704f658548d7a9f8 |
| SHA512 | fc0036a7ed4b53edd72b91c4824919e6e8a82b5be1e82cdc134e267ef4792424124fb6ba5d7c86cf686910da0baba8453d7a6c12b39a5b4c0cb70658580f3bc9 |
memory/1456-422-0x0000000001090000-0x0000000001478000-memory.dmp
memory/1456-423-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
memory/1456-445-0x00000000031D0000-0x00000000031E0000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG1.PNG
| MD5 | bbdf2e8c0262e7e606d41ddbe5a3cd12 |
| SHA1 | acbb25f729af14b692ec9c8187a23b1a696f8e47 |
| SHA256 | d7c76896d206d977739556ad2d5811f7cf3117252afcd439a5aa0f2b645f6949 |
| SHA512 | 0334fae3682889adbc18594b7917d8c93252a86bc04d08efc6860d5714ba4eb8aabc39c51e532c4aee57a938021540d2f2899781d9cd1de311036e1850a65067 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.dat
| MD5 | aec508468d53ab8d55f5b4beb82c347d |
| SHA1 | 477d1ffb28834243f5811a4a2a54b4f0ca240120 |
| SHA256 | ebee84e34e221ad822486432333bad9e6357af2fb0d9651cc61c7fab8ec9b5bf |
| SHA512 | 26a0278af2a9e75ef966bc3f7f40d7669204c2004a043adaad102ef440caa6282e69372ca0c3c7d39a8450691d528c2dc77a4386bfb0c6e5a2a76c3fef900fbe |
C:\Users\Admin\AppData\Local\Temp\setuparguments.ini
| MD5 | 769a15ff9b8da38993f9cf3440b21e7c |
| SHA1 | 63ea1d4551de93d98fb342a50fef0078cd13e622 |
| SHA256 | 2de6d9affccb809e81f5747a0e199bbe0e6aaa5174c82a21e801a58e557c3d7f |
| SHA512 | c689175106aad6c65bf6f051561adeddcd3c7ab10da3a0d0a66f9d93aac873cb618db362872d16fde142a049c1cd96551519d62df121bd7956d22ff40f087d80 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
\Users\Admin\AppData\Local\Temp\BrowserInstaller.exe
| MD5 | 52e46b1adf9cd40428b41755df527bd4 |
| SHA1 | 5f0bb9c9c14208851beb5c93d9268c16ab39dc07 |
| SHA256 | a2794481de60c7dd95b148cd5197db8f8b6a549c74e9ba7ac54da7590f89cf13 |
| SHA512 | 813186667e3c63ee624482642609901d2210a8f99fb134e5fc58e5d1e603055ed2903eadf62c6419c16f00a3a41ed6580bc7693cfed1957d077f53a96b577669 |
memory/1760-485-0x0000000002C30000-0x0000000003018000-memory.dmp
memory/1760-486-0x0000000002C30000-0x0000000003018000-memory.dmp
memory/1760-487-0x0000000002C30000-0x0000000003018000-memory.dmp
memory/1760-488-0x0000000002C30000-0x0000000003018000-memory.dmp
memory/1792-489-0x0000000000390000-0x0000000000778000-memory.dmp
memory/1456-502-0x0000000001090000-0x0000000001478000-memory.dmp
\Users\Admin\AppData\Local\Temp\_ir_sf_temp_1\irsetup.exe
| MD5 | 5027f3112ac2d6f764769102a9145c8e |
| SHA1 | a369a0e1d4ace1a8d66908aa43543bea03c76f5b |
| SHA256 | d61d2469b6058ac40def94cea42045a6f53e39694645add82949e0a011d5b36c |
| SHA512 | 181a00ac87820a08f73ffe7c3d26dfec56d3440a40d9ea67ab9b242b4653b712461a201118c9d0f747502a06e689d3badcc0986667814bb0a19c8f00d47d491f |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303191911422441092.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\Opera_installer_2303191911425401360.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
memory/1792-547-0x00000000027F0000-0x0000000002800000-memory.dmp
memory/1792-549-0x0000000005700000-0x0000000005C45000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
memory/1792-550-0x0000000005700000-0x0000000005C45000-memory.dmp
memory/1792-551-0x0000000005700000-0x0000000005C45000-memory.dmp
memory/1792-559-0x0000000005700000-0x0000000005C45000-memory.dmp
memory/1792-567-0x0000000000390000-0x0000000000778000-memory.dmp
memory/1092-571-0x0000000000970000-0x0000000000EB5000-memory.dmp
memory/1092-578-0x0000000002B60000-0x00000000030A5000-memory.dmp
memory/1360-591-0x0000000000970000-0x0000000000EB5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Opera_installer_230319191143149932.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
memory/932-601-0x0000000001380000-0x00000000018C5000-memory.dmp
\Users\Admin\AppData\Local\Temp\Opera_installer_230319191146752900.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
memory/900-608-0x0000000000970000-0x0000000000EB5000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\opera-installer-bro.exe
| MD5 | 2be50a041d91f81bad63915b5dda99dd |
| SHA1 | a3fb54e63c980f942c943a72464e273a155ee1bf |
| SHA256 | eea216cfa94db46f800d615b76c459297696003b58caf76b2fa2292f35d4f82d |
| SHA512 | 819fe2d04b9edcc177cb3fb0f69c7153f53a84778fc6444d983ec7b676611c326a1b42316be20738cf94ef8632321aabca16d6d2e6d165bf15b419ff866fe766 |
\Users\Admin\AppData\Local\Temp\Opera_installer_230319191147205472.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
\Users\Admin\AppData\Local\Temp\Opera_installer_230319191143149932.dll
| MD5 | 927a01657c6bee50ca093ffcfdc9134a |
| SHA1 | f7e484a777affe3c6227a2be0a6560111e1be8f9 |
| SHA256 | b1012ab0e2e6a363372a14b480b4c8275c013e66c94adfb8857e523899350cc9 |
| SHA512 | 718c25b4e95948b728fe7eda6c5953bc0246dc5730ba99a71c3963ebcffda58b1759bf2554fca297d1590d8768d50e0fd9c39bdf790f4d372bc4aa255bfb5db7 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015
| MD5 | 339beefc06d052b449cc2be2f53a43a2 |
| SHA1 | b1595cda3813f4ea4806516bce78619eafd71a17 |
| SHA256 | dfc8c4038020f5b9f4a087844603f27c7d2a8b811cf08b6d3f7867c79d2d58e5 |
| SHA512 | dca9fbd9cb0487b2efe0855fd99a09046b30f7dd413cf3f2312c0aa896f1f0cd8e9414874d060ef3cd175da26e210b7b1b7cb5167bc77eea208651949407f4c9 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | b810253646056c2366b824aae40e8bef |
| SHA1 | 2d6e5e506f1adef14eac5bf1fad0f572af8c7292 |
| SHA256 | 586c9d7219d3920a4f3b356f58c49909797a309b2ffa600b7b859f1f092e1c2e |
| SHA512 | 7811b0809374120a24edab497dbbce5a8957ccd4f6e6ffa1d0a90523447d6e0d8eda0bacfb0781cb04450f101719a52d5413fa7728e0cfcb63a5e146087c2cb2 |
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\B398B80134F72209547439DB21AB308D_ADE4E4D3A3BCBCA5C39C54D362D88565
| MD5 | b83d0d3c45020d6d439edfda0deed810 |
| SHA1 | 5d61cc8323c039035c7b3d72c006ef8b5e475c8c |
| SHA256 | 641e2879305d469e08cc1fbaf455f80b90f71eab5f63fc1db1ab2bd13e31148a |
| SHA512 | 1f0c0e800df17551370559fe428e59462e0dbd61bef4028d9abf84b0e079ad3280ddf5f3e6a5f0158750c083bee74c6bea44467283af0e277ac6f5101eb07e70 |
memory/1456-635-0x0000000001090000-0x0000000001478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Cab257C.tmp
| MD5 | fc4666cbca561e864e7fdf883a9e6661 |
| SHA1 | 2f8d6094c7a34bf12ea0bbf0d51ee9c5bb7939a5 |
| SHA256 | 10f3deb6c452d749a7451b5d065f4c0449737e5ee8a44f4d15844b503141e65b |
| SHA512 | c71f54b571e01f247f072be4bbebdf5d8410b67eb79a61e7e0d9853fe857ab9bd12f53e6af3394b935560178107291fc4be351b27deb388eba90ba949633d57d |
memory/1092-645-0x0000000003F20000-0x0000000004465000-memory.dmp
memory/900-758-0x0000000002960000-0x0000000002EA5000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG23.PNG
| MD5 | fa8aa84ef4bf0de505f6e3447d4b55b3 |
| SHA1 | b99654dfa5f6c56857b4f4102af2d27503bcdc74 |
| SHA256 | f3b7e85e8e5e41496fb563816fbf79e6640feb1591bd5e0c0b876d80053ad913 |
| SHA512 | b3a7d0d5abe554301b8745bd738662d80e439fba8df6f984cc05151ec8c081a61f0538765653e8587b431cdc97d384ee35d17ab3324c06a2ca40a069e1525ba6 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG22.PNG
| MD5 | 46a65321aa1fce57d465c26e8b6eb392 |
| SHA1 | 9efb9a3acd5b32556ea66398c74b014f91087559 |
| SHA256 | 61df7a1f0367209668d4f0f6a285b8baff864d1341d382ebbc7fd4e71036b666 |
| SHA512 | 094d69016f066ae835c71d7a950217b9ad09e8cd4d74131787203cae950e572c18213dc1ded139b1fa46c7f803cc15bf4f596c9d51aefe0d43850ae2865f3707 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG5.PNG
| MD5 | 3094925a8de871bcc72ae50882d2a6f7 |
| SHA1 | 9f7894bc4b2a498ad20b14b2b3cac175bf4d7a9f |
| SHA256 | 523e7230db0c47a436abbc442db93e41b6f549b32da6c2a10db7a18228491216 |
| SHA512 | bf2349354321397652d834507aae4c32885273209d1409b796170292e37ebf35878e2934d3f53545e66724561e646cc660f952e0bb5006cd7a262a790b64e39e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG4.PNG
| MD5 | 2799f9daca46770a871ce1b5eed32e7c |
| SHA1 | a2792f571210a7f38cdbe49391017300ee7b1ce4 |
| SHA256 | fc22676f5b6cdae17b78ddfd16bb070687516fbc827a7edd0541f3a32d85c9e9 |
| SHA512 | c41f2e4c4ca59d6f9d11fac11296ab87f1b508b5d64e5db7762f2f6dd387aa96206b2b0fa127f17c0b8c24a0b56e81af12d5937474a450222d9c4416c1acb16a |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | dc70dbc69935e787f641c5d1319d31a4 |
| SHA1 | fde179e72db4833eb24703c2d0bc450c992d506b |
| SHA256 | 460526bcbba18498f002abf061c2f20ca386ab08aca251fdfa45ed2cab955900 |
| SHA512 | 0504571f31ebd9f238bd9c6617a38f7a86056b5da9c897b4ec79429ae38ba17639550afb2ca8d29b5c681ab599bc878c81bd14ff4b2346f0bea2c67bf3a02220 |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | c47fbbb3c0d401941ba9b6ab1a5eb035 |
| SHA1 | 24ba1613cf3c389f31ac968b05dd5aeff04ff29f |
| SHA256 | 3b6eed22fd843f9a7e451db985be90fec8722e050e4a81860682b9d21c9c19bf |
| SHA512 | e1fb2acc1932a6b2bba80f5d6b875dcd0f0c8702f39c91fc960fbcc0973e3c9111292242d64819ae549258f5bee6839a8fa57921e164e24c8ea60c672a9192bd |
C:\Users\Admin\AppData\Roaming\Opera Software\Opera Stable\Crash Reports\settings.dat
| MD5 | c47fbbb3c0d401941ba9b6ab1a5eb035 |
| SHA1 | 24ba1613cf3c389f31ac968b05dd5aeff04ff29f |
| SHA256 | 3b6eed22fd843f9a7e451db985be90fec8722e050e4a81860682b9d21c9c19bf |
| SHA512 | e1fb2acc1932a6b2bba80f5d6b875dcd0f0c8702f39c91fc960fbcc0973e3c9111292242d64819ae549258f5bee6839a8fa57921e164e24c8ea60c672a9192bd |
C:\Users\Admin\AppData\Roaming\.minecraft\TLauncher.exe
| MD5 | f08d9bbc61cff8e8c3504524c3220bef |
| SHA1 | b4268c667469620bb528c04eaa819d508159b398 |
| SHA256 | 2c4d8b48344ae221e349e525ac16eb364ffb5ab8deae80c7caa28dd5967cabdb |
| SHA512 | a64a03d959487399fb57e1bd062c0e9f88a17ff9b3ad15e6b96a4b7332341d0fc9186ef99b2ab9bdcfa51864f21d08bce48479202c01d15470916e90fb09fef4 |
memory/472-762-0x0000000000970000-0x0000000000EB5000-memory.dmp
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG1.BMP
| MD5 | 0b445ace8798426e7185f52b7b7b6d1e |
| SHA1 | 7a77b46e0848cc9b32283ccb3f91a18c0934c079 |
| SHA256 | 2bbf97ccba3f87d469eac909c4ce8a3f13ed29c8f31b611e7d5cf89a0619eda6 |
| SHA512 | 51523d5b711481293305465a3a3c6a3a50dca984cdc8cca1f4c44f3c21bfa430cd9aac1a8782d9605e6954cbafb307beb6b1a52e9785de1bc3f71067d80c6b6e |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG46.PNG
| MD5 | d8a095202e08fa1ac2578982e9a486db |
| SHA1 | 397ffc8af43ac18466b8df245b4faa6b278659e6 |
| SHA256 | 28fed2b9a3cbde34da4b6b5d1af2d2844437d21f6dec85b3ca2faa5cd3b512e5 |
| SHA512 | ac751386a0004e335f4e5f4ea24bf6a474478c8a7ca54d018734e7cd44b8e9a0eb262b00fe1219b1c62c96b018b08ba6b1056d3a13e64b55c7e70d748a6ae9c6 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG45.PNG
| MD5 | 09229c3bfb801177839a7c2e22e33a1b |
| SHA1 | f679c05c4c7b2f3722069420c6d6481fc856e7aa |
| SHA256 | cbf81d779b469942613297a3ca6c09d885e3b1d4aa952dc1994a7175fbfc7e3f |
| SHA512 | 503bfa063b29dda95f15da303f707e5b78a6bdb74662c222d8a8b7e3a33264016a66acdd9de44aea932e7cde80a43c2406ea6f0250d3df8e182217bc4a0a7ed7 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG42.PNG
| MD5 | 1f5c8939031a7f93762862cfc88a8e56 |
| SHA1 | 6dc4df87344db0ddf09c777e7a80d1b5661559b8 |
| SHA256 | 14be26e969eb15ef7e76e0ad02d8aa0516c5391e8b09dba0a9a6c5f57ae24aba |
| SHA512 | de45d700c86329c704777917863fd1ddeca90d2bed67a72794164882bf15725ce83c7733f664ee0a2af7df54a6be2def729d19237fb2c434115396ac126ff47f |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG48.PNG
| MD5 | 59d6f22fdc11d6b116b38193ed5f4b97 |
| SHA1 | cddc7eb2110b3179dd6d1e32b4b37f3568a22ebf |
| SHA256 | 782cafea76d24d76885d88ee1302e5f78d75a4e335529dc20ad476fdb9e34744 |
| SHA512 | 5b0fab5139736d30a69c98ea88d95a5c70f59aab1b82394c58b33617b824447b861a6e6067b62dd1ca1812a4989937e06ad473c6c94376af957871e9e63553fa |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG41.PNG
| MD5 | ce17d7ce06488f394ce124f17d5acafc |
| SHA1 | 8a5dceae9ea369b686123c8f940bb0ea07870ffa |
| SHA256 | c4b04568930f03979d71f48a57b9ad06b4cdf687272f6753ff662006e8e6237f |
| SHA512 | c33f1370213cabd1b84c936f1ac14f9bcc83bc03a633bbe25efe1e906bcee515d0e615c86b7ee3b34404dd1d95ce74d1a00908de8cdacbf9961de3f1ceb8362b |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG67.PNG
| MD5 | 5eecdc666e6dc0b8e5e8d2fc3b9cc1b2 |
| SHA1 | 72a16d461bd2410d5749c6bf939a127683d83a95 |
| SHA256 | 052f0289886f9cc0931d7026dfe1f5253ad39123479627e37afa5c430e8f8ff1 |
| SHA512 | 5d465d2c61d97ec2a52db3aeee8d42ececdef08930692842f9c6a41b0611cb774015d369e4fe5186079e97839acc78e8403ea6a6c33ee54a7aef3eea41c3d7db |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\IRIMG66.PNG
| MD5 | 1557c08e187b7783083e0b80051fd321 |
| SHA1 | 2c6ee47799d713e88fd589609b81912a4522044e |
| SHA256 | 0c0e74dd07c45833a5dd7ba931e5d528eb16334defdd06171df2f632d6e47842 |
| SHA512 | 485f69b3878b2bd7fdf52ad020dde2cbc34dd1970aaa4e5eb8f8618f6091b5b827b428447859499c3d61ea9cde2edcbb97c8fb0560cd0aaff50027c0f97ee6f3 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG109.PNG
| MD5 | 03b1d78771eb279766efb2d9f2fa8463 |
| SHA1 | 8f10e304fd65e58136ccd6ab012ffc594e6fb707 |
| SHA256 | eec16d2cb57e38b485b6a269e9c2554c1dfc3b70dec9f7bbddc2b62526b3d832 |
| SHA512 | ca51cbaf20e6f62eb6ec69555d259ef61828d3166d09106bcd335dd417ed30660af71e7fd8db6bd22bf134cc530e1a55ecdd2c307e64e8edb28af95299d66f5a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG85.PNG
| MD5 | 667b0b54ee5ba0d1cb66190226596e46 |
| SHA1 | b8658b35e7cf44b24053e4d01d3b51233d6526f6 |
| SHA256 | 3a9ab8c3640f1b40b33553d7d3dd3d15bd6e702ef510ec0b66a2f14aa744bf83 |
| SHA512 | 9ccc773214a0074634be66801d81d7a593ab154351fdbd1b93f56ffa80cf824ee31ff2e13f26536d5f3096e90df43fa223080b4dc55340614b076c08ef976dcb |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG104.PNG
| MD5 | 38c12e1a54f8fd216ed3f13b36798cc6 |
| SHA1 | ccf1fe585d3374ebce4c1ec025e2d8ec39968a7c |
| SHA256 | 608924ba294590b5b706658d9aaa71b480ad9aa1b6797bbc5cf1632ac6c616b1 |
| SHA512 | 0918af63f006d7fa04a3faeeb813e61c060316a126c4742a948a30f5b6ea368c3b8592011319dad3dbf8427dfcc095aa72f7b651d6fc31061f861f070447331b |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRIMG86.PNG
| MD5 | 5bc85d12eb492baa3be9230f1fbdc342 |
| SHA1 | 456fe4284fa916ad3817e7c3d419c13f4c949737 |
| SHA256 | 9a27f240758513aa1cc05500171fe22fdb3a485781cba4798cefc29f6944373c |
| SHA512 | 3d55c597ac29d7f810980dfd89404d3ecbd2e652ae1bc5e6710668ad5386a0caecf3149289df13f6dabed6b2e4305a26684ab3bd21b255b37f8a596fe8d641b9 |
C:\Users\Admin\AppData\Roaming\.tlauncher\Uninstall\uninstall.xml
| MD5 | 3769d802d0cc4b6a85eca87a7f8ce5c0 |
| SHA1 | 2edb6f2ce3284b95d0a4b6becc24acadd0027d6e |
| SHA256 | 7604308cff1157828f09bd1bedf7dfb4e59591ca39aaa08c7f28b1450b0d1b77 |
| SHA512 | 04ad0d82ea505a6d291f74319f44a2408c3561aa4cc1bb96611616457763cf371004bffead29f3fd068d84194dcefb3c6905c4e7fb401b4a537b17c45e635f91 |
memory/1456-1417-0x0000000001090000-0x0000000001478000-memory.dmp
memory/1456-1422-0x00000000031D0000-0x00000000031E0000-memory.dmp
memory/1760-1423-0x0000000002C30000-0x0000000003018000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\Tar59F7.tmp
| MD5 | 73b4b714b42fc9a6aaefd0ae59adb009 |
| SHA1 | efdaffd5b0ad21913d22001d91bf6c19ecb4ac41 |
| SHA256 | c0cf8cc04c34b5b80a2d86ad0eafb2dd71436f070c86b0321fba0201879625fd |
| SHA512 | 73af3c51b15f89237552b1718bef21fd80788fa416bab2cb2e7fb3a60d56249a716eda0d2dd68ab643752272640e7eaaaf57ce64bcb38373ddc3d035fb8d57cd |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
memory/932-1498-0x0000000001380000-0x00000000018C5000-memory.dmp
C:\Users\Admin\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015
| MD5 | e71c8443ae0bc2e282c73faead0a6dd3 |
| SHA1 | 0c110c1b01e68edfacaeae64781a37b1995fa94b |
| SHA256 | 95b0a5acc5bf70d3abdfd091d0c9f9063aa4fde65bd34dbf16786082e1992e72 |
| SHA512 | b38458c7fa2825afb72794f374827403d5946b1132e136a0ce075dfd351277cf7d957c88dc8a1e4adc3bcae1fa8010dae3831e268e910d517691de24326391a6 |
C:\Users\Admin\AppData\Local\Temp\Tar6F18.tmp
| MD5 | be2bec6e8c5653136d3e72fe53c98aa3 |
| SHA1 | a8182d6db17c14671c3d5766c72e58d87c0810de |
| SHA256 | 1919aab2a820642490169bdc4e88bd1189e22f83e7498bf8ebdfb62ec7d843fd |
| SHA512 | 0d1424ccdf0d53faf3f4e13d534e12f22388648aa4c23edbc503801e3c96b7f73c7999b760b5bef4b5e9dd923dffe21a21889b1ce836dd428420bf0f4f5327ff |
memory/1456-1540-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1456-1539-0x0000000001090000-0x0000000001478000-memory.dmp
memory/1792-1558-0x00000000027F0000-0x0000000002800000-memory.dmp
memory/1792-1560-0x0000000005700000-0x0000000005C45000-memory.dmp
memory/1092-1614-0x0000000003F20000-0x0000000004465000-memory.dmp
memory/900-1615-0x0000000002960000-0x0000000002EA5000-memory.dmp
memory/1792-1616-0x0000000000390000-0x0000000000778000-memory.dmp
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\opera_package
| MD5 | 6b7771354e081eb94cdbf7627799da4f |
| SHA1 | 199341a750443cc6e9b2b2fa1e657d0dd327711f |
| SHA256 | 494d1247e61eebf703a6eb19c14bde88edd2f85515fefa4f0465f43873e69aab |
| SHA512 | 33e781a102ba3f5c3b1895540bc9c43b78bf4f19af4b91ae0c765594f39d6569d1bad207b33f808426d8ebdcb00c419b7bb76bb050bae0bb843f96dd84355800 |
memory/1456-1623-0x0000000001090000-0x0000000001478000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\jre-windows.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
\Users\Admin\AppData\Local\Temp\jre-windows.exe
| MD5 | 7542ec421a2f6e90751e8b64c22e0542 |
| SHA1 | d207d221a28ede5c2c8415f82c555989aa7068ba |
| SHA256 | 188ca8ecc44de1b7f602e883c3054dc392792c3631bf362b1bc4f3e1dba323e6 |
| SHA512 | 8987bf8aa1b401815fa9850e56954db6015bdd06ce78b65ba435724582ffa615dee4e1452fa237c53257dca8ee97b469d01c27757a5f070ce6f807a4f81094bc |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\additional_file0.tmp
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe
| MD5 | dfcfc788d67437530a50177164db42b0 |
| SHA1 | 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f |
| SHA256 | a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1 |
| SHA512 | dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 5777b711677fd0ff99cbd234c26f9808 |
| SHA1 | 44502a761685cebc57a3dbb9d8e1deb119614ede |
| SHA256 | 2353cbb89bb5c4594792f51a4e146effc75fc74cbb045f066242a173b5429c2d |
| SHA512 | ceb1a06d20c80e3e0474298daffb3650ad116c6ac89458d0d95d36071d97c43d38325709ccc133e89aaaa89a0d75d3e6987445e0f10ac5ab5b3990a3ee1c9860 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | 5777b711677fd0ff99cbd234c26f9808 |
| SHA1 | 44502a761685cebc57a3dbb9d8e1deb119614ede |
| SHA256 | 2353cbb89bb5c4594792f51a4e146effc75fc74cbb045f066242a173b5429c2d |
| SHA512 | ceb1a06d20c80e3e0474298daffb3650ad116c6ac89458d0d95d36071d97c43d38325709ccc133e89aaaa89a0d75d3e6987445e0f10ac5ab5b3990a3ee1c9860 |
\Users\Admin\AppData\Local\Temp\jds7183378.tmp\jre-windows.exe
| MD5 | dfcfc788d67437530a50177164db42b0 |
| SHA1 | 2d9ed0dc5671a358186dcf83abb74bfe39c40e9f |
| SHA256 | a90318bae7d99da633d9cac8ce322120d087e7b6f5eec0d1d0d7f9413fdd4dc1 |
| SHA512 | dbdfd02528c9f0e506232e8640a8602fade0d05f4139368187300ea2d537e41d2d167655ded30d938bd445a21c776a3c3721f8db4d3f03e3c06807a84cf232e3 |
C:\Users\Admin\AppData\Local\Temp\jusched.log
| MD5 | b21525eae10dec4ad4945551fb903535 |
| SHA1 | 12f237e078acf7027bf4e380b824472ebb772004 |
| SHA256 | 3319b9d016d28677a635e5ac078d5d21a32d614416f1c7ea7da7429c32c54cf9 |
| SHA512 | 76a3c4d88789ae6d11350c93af1161d624c2483746161abbc720651d0e930086345aa12907e117aace8ec177c002d86fcf786c7468fe095715a487465d6a53d0 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\_sfx.exe
| MD5 | b386cdcb413405daa8219af8e4cbd318 |
| SHA1 | ce275ff8514fef0629c915a6ee7b5ac481b9043d |
| SHA256 | 408ebcce07eb76963651b97f84255b67e5f0e7ff6869e9c0e5bab0082eafe66e |
| SHA512 | 91f6bf600e022a2a80c6b0a7b84fd5549804111447f66c4a30e768a589efc0702d02634a9ba23ce18c42701e42b440af0aa3396cc317fa733c2f90223b6db626 |
C:\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
\Users\Admin\AppData\Local\Temp\.opera\Opera Installer Temp\opera_package_202303191911461\assistant\assistant_installer.exe
| MD5 | 2f3d9e21e232b9bfea064d3b2264db06 |
| SHA1 | bafddc657d8d1bb531683b29b0342cc065ee51d2 |
| SHA256 | 25528c314aed2b5391ca1d08c736a3807142aab21ae99d5970f2a862c8258d5d |
| SHA512 | 94e81aa3015b7e112bf772b52b2dd6092f5634746e201171b34b2493a62b08fbbf53a6d6c60c904c424c06e802aae6810c6dd88cf7a882846bc0a4793c3b32e5 |
memory/1456-1845-0x0000000010000000-0x0000000010051000-memory.dmp
C:\Windows\Installer\MSI13E4.tmp
| MD5 | 62cfeb86f117ad91b8bb52f1dda6f473 |
| SHA1 | c753b488938b3e08f7f47df209359c7b78764448 |
| SHA256 | f06cba20bd40e9d841add1877cf8d3b406f0acfa4800b80ae041ed3cc374eb7e |
| SHA512 | c1b0e76cee4e2c3ca604dcc8f5665e72e70008acc824e20d89404f139d7e7e789e99dff131dafd76409f6ea0a813aa136f96089fbdadcf90d6485b1807762e4e |
C:\Windows\Installer\6de61c.msi
| MD5 | 1794aaa17d114a315a95473c9780fc8b |
| SHA1 | 7f250c022b916b88e22254985e7552bc3ac8db04 |
| SHA256 | 7682233d155e6d19f30cf61b185a02055be0dbcacd2c9accf90a99de21547eb4 |
| SHA512 | fb9defdf73786528e82ffc7e1ccfa03cfb687365ec740e9620993da785414306f03a7e1fa523192a9d690a882b012d1e426afd1757639f3ef5f1e612c01e6516 |
memory/2572-2009-0x0000000000400000-0x0000000000417000-memory.dmp
memory/2572-2012-0x0000000000230000-0x0000000000247000-memory.dmp
memory/2572-2013-0x0000000000230000-0x0000000000247000-memory.dmp
memory/2572-2029-0x0000000000400000-0x0000000000417000-memory.dmp
C:\Program Files\Java\jre1.8.0_351\bin\unpack200.exe
| MD5 | 691f68efcd902bfdfb60b556a3e11c2c |
| SHA1 | c279fa09293185bddfd73d1170b6a73bd266cf07 |
| SHA256 | 471d70ebf91bdc762dcacbea9f6ca883f97921938e83269fef911dbf83598a70 |
| SHA512 | a4816ae0654f41bd130d56e44839d9f29ab48bd2f99c3d6db38ce3358ac46c1cef09da09184c6291dd378018a49f9e56173c35d780d3eaefcce459592c75de3f |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url
| MD5 | 3b1c6b5701ef2829986a6bdc3f6fbf94 |
| SHA1 | 1a2fe685aba9430625cba281d1a8f7ba9d392af0 |
| SHA256 | 6a2cdce88637830202e1031bc8c11f083103a6bbb8c1ce16fb805671a46633c8 |
| SHA512 | f3391d790bb6acb1c25b82253b19c334e7cd73648e9821b7050fefbd5b0bc4b48a0cedd97e425a83c788f9b798337d33dee2e989771604c4f886da46d2debea0 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url
| MD5 | 7fadb9e200dbbd992058cefa41212796 |
| SHA1 | e2525d7ba66bb07bc1cd5ba93f88c54e7e2042b4 |
| SHA256 | b05abacd15117b1ffcd2a288308f50c0542214d264b852eddfa9025307ac401b |
| SHA512 | 94b7bf1f1f5cea2a74f8c326113dd25652cb14e5fa356ac83d16b6ac5a5cac26c9d2b20259f5c2cf8ebc1e022490511e2996335a5d8dd7f5b64dce429fb6dfb1 |
C:\Program Files\Java\jre1.8.0_351\bin\javacpl.exe
| MD5 | 7a9d69862a2021508931a197cd6501ec |
| SHA1 | a0f7d313a874552f4972784d15042b564e4067fc |
| SHA256 | 51ff63cbac78bd133333e98d91b02b652c88cd57cedd0052519051a17be77856 |
| SHA512 | 5c331e6deefc8256ea203d63770484f6b485d4c3832a60ecf4a540dff3cb75a76dbde37980fe1763ca487401b68126f58f8d1a4c72ee610f5144c624c4736850 |
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit\Reference Documentation.lnk
| MD5 | b5e1de7d05841796c6d96dfe5b8b338c |
| SHA1 | c7c64e5b35d0cca1a5c98a1c68e1e5d4c8b72547 |
| SHA256 | 062cb9dec2b2ce02c633fc442d1a23e910e602548a54a54c8310b0dde9ae074d |
| SHA512 | 963a89b04f34bc00fea5b8e0f9648596c428beac2db30d8b0932974b15c0eb90b7c801ba6fa1082ea9d133258f393ae27e61f27fd3b3951f5c2e4b8c6a212c2d |
C:\Program Files\Java\jre1.8.0_351\bin\javaws.exe
| MD5 | 24ccb37646e1f52ce4f47164cccf2b91 |
| SHA1 | bc265e26417026286d6ed951904305086c4f693c |
| SHA256 | adf2d659c2b2a4afff1ca58f3a742d27d767d27eabeca6a8b6ee243e9c913a39 |
| SHA512 | cb174e7a219f6ffae3715e37beb428979bc1462202729c05a25fa7b8da90e2dd6faa92c03cd9ca21567d354dce7acc1852669f4071298e953d6a286243794e32 |
C:\Program Files\Java\jre1.8.0_351\bin\dtplugin\npdeployJava1.dll
| MD5 | ff91ac355dc6b1df63795886125bccf8 |
| SHA1 | 90979fc6ea3a89031598d2146bf5cdbbb6db6b77 |
| SHA256 | 14b30467cfea0071dffc658dd31b8a25b7b4e79608933f171911c2cba6aa9a0a |
| SHA512 | 77aa8c7930730004bdb8d49a82712e1042db978102f6eca0d38317b6fd98ef03e52279130eadc7a0da1148e759db6589f7f8334d4c2eccfb2613e8f19542e197 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat
| MD5 | d33b61c2fc1dd881d02d27617d77b65e |
| SHA1 | 5a3f6949857e1787a99c912577346ff6000fedd2 |
| SHA256 | 983865fa820512337344a27d32709dbd2cbea157fe5b9ed8a7f29c8875013f59 |
| SHA512 | 8ecfa11596f65b25ac4838aaa6aacb5468488fd1345c269b19c37c265d29adcb4b42da5555c0c1518a6b720868ecd4d2acd26872d601ab92693a433fae15592c |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Local State~RF7382d7.TMP
| MD5 | 512257dd7b9639175ed65ae14329323a |
| SHA1 | 4e7ad722c157638329c7ce02d9263c1954fd4461 |
| SHA256 | b30d1223cc78bd4bcb76ef9a5c6337767d813872c2f9e86e708cdb4c99d42dda |
| SHA512 | 63924059e0502d7ffe3666cc5aea757b333b32473d53a9ed5fdb795a687986e7293ba6a5ff50fd457c42bae8024a87398cd5393caa2956625b47b473e9580d5d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\5b7569ce-86c5-470d-9ca2-f283cb4e439e.tmp
| MD5 | fe9a596a499660ed59aa2cacd2bb4287 |
| SHA1 | 48b8595b885cc91653e7274c2ba7283b000d07f0 |
| SHA256 | 43ba59e90b740f375d56288b5183a1e011bc51a228f9ba42d217f9a0268eafdd |
| SHA512 | 93c880ab0bf566d4d4e4c4eff00b2002e9d6a9e4c3bccf003336cd3ffd929447bc017386f751a25d1e57b32cd62957fe351bfb7144a3ae5c61ffe0070bc7c266 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ff002def-9e6a-45b6-b25e-14381e5504df.tmp
| MD5 | d98ebb36e86ef0a22d072c6ec5a5c1b7 |
| SHA1 | 7f993b3d0c53f60d6ae10af178b883ae61eee833 |
| SHA256 | e3ad5e8c191f2adce1bcdf1f6c498cf8e6363d105cd7681329cf7a1479017ee4 |
| SHA512 | 77b9cb2c15165f706a85062e75930104dfe15f373dd5014c6680dbdb9e730d40b048aab2f4f1a4ae3ffef9f46513107a257a5e3d48ee7fe25bd231498689a8c9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000004.dbtmp
| MD5 | 6752a1d65b201c13b62ea44016eb221f |
| SHA1 | 58ecf154d01a62233ed7fb494ace3c3d4ffce08b |
| SHA256 | 0861415cada612ea5834d56e2cf1055d3e63979b69eb71d32ae9ae394d8306cd |
| SHA512 | 9cfd838d3fb570b44fc3461623ab2296123404c6c8f576b0de0aabd9a6020840d4c9125eb679ed384170dbcaac2fa30dc7fa9ee5b77d6df7c344a0aa030e0389 |
C:\Config.Msi\6de61f.rbs
| MD5 | 1087e2084423d964b4f2c17f871b547e |
| SHA1 | 31c3660dd3ae9fe3451266151d3b47ab6e0bd542 |
| SHA256 | da12828faa0110613a417bc253cd9b102ed2fe5106fab89f18641264f0d9eb0d |
| SHA512 | 51769bd84e76d9bb460b4e61e24550d00de703f10f95dfe8b093a676c8c933378abc510ac4e4f3bfdd3cadff934434e54c0feb1483e94785a5a65d39798bb323 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF761c1a.TMP
| MD5 | 37c9e0dab01485279c7b1892d8263790 |
| SHA1 | ffe2b7128887b3aa2b5426913f99fc0186432532 |
| SHA256 | bd649b243cf8cb442c3a2fbf4d8b9c77d097cf7e60f987b2af1577b342d4a183 |
| SHA512 | 07a0a909abe6b1b830e83fadb4f3497397a33606018685176adc815645f511e8e877c8dd7afb484b7b59d961e53c36e0e9e35354bff66ad458041e9d15119150 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences~RF75ed8b.TMP
| MD5 | 792f2044c1a0af9cdee0c42a36613477 |
| SHA1 | f1e10a28cd6d38b255ce4a39b2fd2b8e8052efd8 |
| SHA256 | 3a723fdbbb6c51c0588b2a5846ba96b0a7ce35dcbfad7a261d5229fa76e64713 |
| SHA512 | 33acfb4dfa93941dd50d436f253292734c1e83e29217867bb2f33780da9b982d4ea2c3add576d27461ae9071dc2155d7d21cd519b9bf537d6ef0b5421dded21f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1
| MD5 | 72931c3d3c56e5abef22975629b77c0c |
| SHA1 | 80b011fc5344868d61c7b5560cbf48c0e5d1cdb0 |
| SHA256 | 751d998d1b123a834a3bb3f2d5f6d4c7e153ab9d0f2f149b133bffe201d24c8f |
| SHA512 | 6a7af9a610e322728da513053f59ea002ba82bb2a4e49fa17a1038429f7d4defc1a1c430e246d02733733dd27db29563cbbbad9a22a0af6f53fb208067c3db3b |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 683ddd689de3736047537ebb1f24f865 |
| SHA1 | 66365c25fa09877b724e39aa6c7c1b99563c6ac3 |
| SHA256 | 9b7749a57e12736ce771164fd4dbf1f4f83d4b23bc206f6a0a06e5a86a713703 |
| SHA512 | 298677268680fedabd80f3aa6a3c80625a6657b83c73b7d66726b0392ade5a238a8e0016abcffb73057239ac073b18341d2c6abd55ac4e2a9c70074b83bfdf3f |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_3
| MD5 | 41876349cb12d6db992f1309f22df3f0 |
| SHA1 | 5cf26b3420fc0302cd0a71e8d029739b8765be27 |
| SHA256 | e09f42c398d688dce168570291f1f92d079987deda3099a34adb9e8c0522b30c |
| SHA512 | e9a4fc1f7cb6ae2901f8e02354a92c4aaa7a53c640dcf692db42a27a5acc2a3bfb25a0de0eb08ab53983132016e7d43132ea4292e439bb636aafd53fb6ef907e |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_2
| MD5 | 0962291d6d367570bee5454721c17e11 |
| SHA1 | 59d10a893ef321a706a9255176761366115bedcb |
| SHA256 | ec1702806f4cc7c42a82fc2b38e89835fde7c64bb32060e0823c9077ca92efb7 |
| SHA512 | f555e961b69e09628eaf9c61f465871e6984cd4d31014f954bb747351dad9cea6d17c1db4bca2c1eb7f187cb5f3c0518748c339c8b43bbd1dbd94aeaa16f58ed |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\ShaderCache\data_0
| MD5 | cf89d16bb9107c631daabf0c0ee58efb |
| SHA1 | 3ae5d3a7cf1f94a56e42f9a58d90a0b9616ae74b |
| SHA256 | d6a5fe39cd672781b256e0e3102f7022635f1d4bb7cfcc90a80fffe4d0f3877e |
| SHA512 | 8cb5b059c8105eb91e74a7d5952437aaa1ada89763c5843e7b0f1b93d9ebe15ed40f287c652229291fac02d712cf7ff5ececef276ba0d7ddc35558a3ec3f77b0 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Preferences
| MD5 | 278554f0d4a3e01742d323ec22a24fb2 |
| SHA1 | faa64860ed3fed3f741f1b988ae5f8c7e4f2a9ff |
| SHA256 | da418c8eee20b4e05f6b9ef2c713ac8392ae5a1dd5ef76c42cf12d823fc8fc5e |
| SHA512 | 5866f190cd22d04d85268f62eed555f51070d6af68072ef7e2fe86e124d4085802ec7d4a4fc555455bf79d4b0368a77f4c347919622f305b3b35c960fb39c1d9 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\b6c42720-8c76-4f54-9cdc-ac32c09e0e94.tmp
| MD5 | 76d0562043ddf013efc5f47f60a7f133 |
| SHA1 | 9c63bd7267cc589d74b9a65a371c58a1f6148431 |
| SHA256 | 82f5c9f489281357d66c32e826a65158905379b7eadad74d6f63b2ae3ee39f56 |
| SHA512 | 5b1395dee60313a76d15f53c624593dbd8d460ac2bf1bad588841e24f45fe6ed406bab49da5ba54da28b04793796bd781e415fefd945a32e197e33b08bd13343 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENT~RF79ca52.TMP
| MD5 | 46295cac801e5d4857d09837238a6394 |
| SHA1 | 44e0fa1b517dbf802b18faf0785eeea6ac51594b |
| SHA256 | 0f1bad70c7bd1e0a69562853ec529355462fcd0423263a3d39d6d0d70b780443 |
| SHA512 | 8969402593f927350e2ceb4b5bc2a277f3754697c1961e3d6237da322257fbab42909e1a742e22223447f3a4805f8d8ef525432a7c3515a549e984d3eff72b23 |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State~RF7a3ad0.TMP
| MD5 | 71595708108137ecbc1e14bf0bbb68c7 |
| SHA1 | d0e29a7a824e791e90998dd6e545cfbe27982d13 |
| SHA256 | 50c8bdcc756d407619837f488874e0372371ecdadfd5847ba58c1f665dff0e02 |
| SHA512 | e1126158293ad05c050cdf4b1af591abb34413fac1af851038110e8f036c07c10ca8d8b32b8f86dd2ce444f74fc704ddab424e1b441cd3c80f197b0081765b1d |
C:\Users\Admin\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent State
| MD5 | a2acdb7fa73868f1af90d9cc2c375dbc |
| SHA1 | 9f38e9f3fca6dfe6974e7dcf6d45de0dc31ff6d2 |
| SHA256 | 32e7d9b57f4493a3901f38ffbc8dcf30a47e657ac736261f44250275acf44818 |
| SHA512 | d80d7185c6d63efc17936950482b92dc75ec96555fcbdec7d4e3de2f426147623d5c77099bde300839eee576afe167969a2abf9ff1a391edec6da58931b8782d |
Analysis: behavioral2
Detonation Overview
Submitted
2023-03-19 18:10
Reported
2023-03-19 18:13
Platform
win10v2004-20230221-en
Max time kernel
142s
Max time network
146s
Command Line
Signatures
Checks computer location settings
| Description | Indicator | Process | Target |
| Key value queried | \REGISTRY\USER\S-1-5-21-2805025096-2326403612-4231045514-1000\Control Panel\International\Geo\Nation | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe | N/A |
Executes dropped EXE
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Loads dropped DLL
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
UPX packed file
| Description | Indicator | Process | Target |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
| N/A | N/A | N/A | N/A |
Checks installed software on the system
Enumerates physical storage devices
Suspicious use of SetWindowsHookEx
| Description | Indicator | Process | Target |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
| N/A | N/A | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe | N/A |
Suspicious use of WriteProcessMemory
| Description | Indicator | Process | Target |
| PID 2160 wrote to memory of 1472 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
| PID 2160 wrote to memory of 1472 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
| PID 2160 wrote to memory of 1472 | N/A | C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe | C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe |
Processes
C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe
"C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe"
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
"C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe" __IRAOFF:1910546 "__IRAFN:C:\Users\Admin\AppData\Local\Temp\TLauncher-2.876-Installer-1.0.7-global.exe" "__IRCT:3" "__IRTSS:23645635" "__IRSID:S-1-5-21-2805025096-2326403612-4231045514-1000"
Network
| Country | Destination | Domain | Proto |
| US | 209.197.3.8:80 | tcp | |
| US | 209.197.3.8:80 | tcp | |
| US | 117.18.237.29:80 | tcp | |
| US | 117.18.237.29:80 | tcp | |
| US | 93.184.221.240:80 | tcp | |
| US | 8.8.8.8:53 | 228.249.119.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 138.32.126.40.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 28.118.140.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | dl2.tlauncher.org | udp |
| US | 104.20.235.70:443 | dl2.tlauncher.org | tcp |
| US | 8.8.8.8:53 | 70.235.20.104.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 216.74.101.95.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 196.249.167.52.in-addr.arpa | udp |
| US | 8.8.8.8:53 | 76.38.195.152.in-addr.arpa | udp |
| US | 52.168.112.66:443 | tcp | |
| US | 8.8.8.8:53 | 210.81.184.52.in-addr.arpa | udp |
| NL | 173.223.113.164:443 | tcp | |
| US | 8.8.8.8:53 | 62.13.109.52.in-addr.arpa | udp |
| US | 93.184.221.240:80 | tcp |
Files
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\irsetup.exe
| MD5 | 111dddf2f308abc2a8f7555d5f642751 |
| SHA1 | 11e6cdccbf29a71a97011b9444cf20c83ad8b57b |
| SHA256 | c65af78739ffcd7bb6673f167624522ac8172516a1d3783e5171f9eabd625be0 |
| SHA512 | 11662a0f5cd850578d2799217393f979f0dc029450f4fbf17780eae69494fb3f4de5a617d31f3fbf5b3a7179eea7bf9ded2555fb61703baeb74885d6bf0421c4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\lua5.1.dll
| MD5 | 80d93d38badecdd2b134fe4699721223 |
| SHA1 | e829e58091bae93bc64e0c6f9f0bac999cfda23d |
| SHA256 | c572a6103af1526f97e708a229a532fd02100a52b949f721052107f1f55e0c59 |
| SHA512 | 9f28073cc186b55ef64661c2e4f6fe1c112785a262b9d8e9a431703fdb1000f1d8cc0b2a3c153c822cfd48782ae945742ccb07beae4d6388d5d0b4df03103bd4 |
memory/1472-147-0x00000000000A0000-0x0000000000488000-memory.dmp
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\200.ico
| MD5 | e043a9cb014d641a56f50f9d9ac9a1b9 |
| SHA1 | 61dc6aed3d0d1f3b8afe3d161410848c565247ed |
| SHA256 | 9dd7020d04753294c8fb694ac49f406de9adad45d8cdd43fefd99fec3659e946 |
| SHA512 | 4ae5df94fd590703b7a92f19703d733559d600a3885c65f146db04e8bbf6ead9ab5a1748d99c892e6bde63dd4e1592d6f06e02e4baf5e854c8ce6ea0cce1984f |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\Wow64.lmd
| MD5 | da1d0cd400e0b6ad6415fd4d90f69666 |
| SHA1 | de9083d2902906cacf57259cf581b1466400b799 |
| SHA256 | 7a79b049bdc3b6e4d101691888360f4f993098f3e3a8beefff4ac367430b1575 |
| SHA512 | f12f64670f158c2e846e78b7b5d191158268b45ecf3c288f02bbee15ae10c4a62e67fb3481da304ba99da2c68ac44d713a44a458ef359db329b6fef3d323382a |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
C:\Users\Admin\AppData\Local\Temp\_ir_sf_temp_0\IRZip.lmd
| MD5 | 1bbf5dd0b6ca80e4c7c77495c3f33083 |
| SHA1 | e0520037e60eb641ec04d1e814394c9da0a6a862 |
| SHA256 | bc6bd19ab0977ac794e18e2c82ace3116bf0537711a352638efd2d8d847c140b |
| SHA512 | 97bc810871868217f944bc5e60ab642f161c1f082bc9e4122094f10b4e309a6d96e3dd695553a20907cb8fea5aef4802f5a2f0a852328c1a1cd85944022abaab |
memory/1472-440-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1472-441-0x0000000002D50000-0x0000000002D53000-memory.dmp
memory/1472-456-0x00000000000A0000-0x0000000000488000-memory.dmp
memory/1472-457-0x0000000010000000-0x0000000010051000-memory.dmp
memory/1472-464-0x00000000000A0000-0x0000000000488000-memory.dmp
memory/1472-481-0x0000000010000000-0x0000000010051000-memory.dmp